CN106575326A - 利用非对称加密实施一次性密码的***和方法 - Google Patents
利用非对称加密实施一次性密码的***和方法 Download PDFInfo
- Publication number
- CN106575326A CN106575326A CN201580040813.6A CN201580040813A CN106575326A CN 106575326 A CN106575326 A CN 106575326A CN 201580040813 A CN201580040813 A CN 201580040813A CN 106575326 A CN106575326 A CN 106575326A
- Authority
- CN
- China
- Prior art keywords
- inquiry
- server
- user
- conversion
- attachment means
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06018—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking one-dimensional coding
- G06K19/06028—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking one-dimensional coding using bar codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06037—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Computing Systems (AREA)
- Accounting & Taxation (AREA)
- Software Systems (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
本发明申请描述了使用非对称加密进行验证的***、装置、方法和机器可读介质。例如,根据一个实施例的方法包括:在服务器处生成质询;在所述服务器处使用公共加密密钥加密所述质询;将所述加密的质询发送到连接装置,所述连接装置通过网络与所述服务器具有第一连接;将所述加密的质询从所述连接装置提供至用户装置;使用对应于所述公共加密密钥的私有加密密钥来解密所述加密的质询以确定所述质询;转换所述质询为转换的质询,所述转换的质询具有与所述原始质询不同的格式;在所述连接装置处接收所述转换的质询,并且将所述转换的质询从所述连接装置提供给所述服务器;以及在所述服务器处证实所述转换的质询以验证所述用户。
Description
背景技术
技术领域
本发明整体涉及数据处理***的领域。更具体地讲,本发明涉及用于利用非对称加密实施一次性密码的***和方法。
相关领域说明
还已经设计了使用生物计量传感器经由网络提供安全用户验证的***。在此类***中,可经由网络发送由验证器生成的得分和/或其他验证数据,以向远程服务器验证用户。例如,专利申请No.2011/0082801(“‘801申请”)描述了一种在网络上进行用户注册和验证的框架,这种框架提供强验证(例如,防御身份窃取和网络钓鱼)、安全交易(例如,防御交易中的“浏览器中的恶意软件”和“中间人”攻击)和客户端验证令牌的登记/管理(例如,指纹读取器、面部识别装置、智能卡、可信平台模块等等)。
本申请的受让人已经开发出对‘801申请中所描述的验证框架的多种改进。这些改进中的一些在以下一组美国专利申请中描述,这些美国专利申请都被转让给本受让人:序列号13/730,761,名称为“Query System and Method to Determine AuthenticationCapabilities”(用于确定验证功能的查询***和方法);序列号13/730,776,名称为“System and Method for Efficiently Enrolling,Registering,and AuthenticatingWith Multiple Authentication Devices”(使用多个验证装置有效地进行登记、注册和验证的***和方法);序列号13/730,780,名称为“System and Method for ProcessingRandom Challenges Within an Authentication Framework”(用于在验证框架内处理随机质询的***和方法);序列号13/730,791,名称为“System and Method forImplementing Privacy Classes Within an Authentication Framework”(用于在验证框架内实施隐私类别的***和方法);序列号13/730,795,名称为“System and Method forImplementing Transaction Signaling Within an Authentication Framework”(用于在验证框架内实施交易信令的***和方法);以及序列号14/218,504,名称为“AdvancedAuthentication Techniques and Applications”(高级验证技术和应用)(下文中称为“‘504申请”)。在本文中有时将这些申请称为(“共同未决的申请”)。
简单地讲,在这些共同未决的申请描述的验证技术中,用户向客户端装置上的验证装置(或验证器)诸如生物计量装置(例如,指纹传感器)登记。当用户向生物计量装置登记时,(例如,通过轻扫手指、拍摄照片、记录语音等)捕捉生物计量参考数据。用户可随后经由网络向一个或多个服务器(例如,配备有安全交易服务的网站或其他依赖方,如共同未决的申请中所述)注册/预置验证装置;并且随后使用在注册过程中交换的数据(例如,预置到验证装置中的密钥)向那些服务器验证。一旦通过验证,用户便获许与网站或其他依赖方执行一个或多个在线交易。在共同未决的申请所描述的框架中,敏感信息(诸如指纹数据和可用于唯一地标识用户的其他数据)可本地保持在用户的验证装置上,以保护用户的隐私。
‘504申请描述了多种额外的技术,包括以下技术:设计复合验证器、智能地生成验证保证等级、使用非侵入式用户核验、将验证数据传送到新的验证装置、用客户端风险数据扩充验证数据、自适应地应用验证策略,以及创建信任圈等等。
附图说明
可结合下列附图从以下具体实施方式更好地理解本发明,其中:
图1A至图1B示出了安全验证***架构的两个不同实施例;
图2是示出可如何将密钥预置到验证装置中的交易图;
图3示出了显示远程验证的交易图;
图4示出了在依赖方验证服务器和用户装置之间配置的连接装置;
图5示出了使用非对称加密实施一次性密码的本发明的一个实施例;
图6A至图6B示出了验证服务器的一个实施例的额外细节;
图7示出了用户装置的一个实施例的额外细节;
图8示出了用于实施本文所描述的客户端和/或服务器的示例性数据处理架构;以及
图9示出了用于实施本文所描述的客户端和/或服务器的另一示例性数据处理架构。
具体实施方式
下文描述用于实施高级验证技术及相关联应用的设备、方法和机器可读介质的实施例。在整个描述中,出于解释的目的,本文陈述了许多特定细节以便透彻理解本发明。然而,本领域的技术人员将容易明白,可在没有这些特定细节中的一些的情况下实践本发明。在其他情况下,为免模糊本发明的基本原理,已熟知的结构和装置未示出或以框图形式示出。
下文论述的本发明的实施例涉及具有用户核实功能(诸如生物计量形式或PIN输入)的验证装置。这些装置在本文中有时称为“令牌”、“验证装置”或“验证器”。尽管某些实施例注重于面部识别硬件/软件(例如,用于识别用户面部并且跟踪用户的眼球运动的相机和相关联软件),但有些实施例可利用额外的生物计量装置,包括(例如)指纹传感器、声音识别硬件/软件(例如,用于识别用户声音的麦克风和相关联软件)以及光学识别能力(例如,用于扫描用户视网膜的光学扫描器和相关联软件)。用户验证功能还可包括非生物计量形式,如PIN输入。验证器可使用装置,如可信平台模块(TPM)、智能卡和安全元件,来进行密码操作与密钥存储。
在移动式生物计量的具体实施中,生物计量装置远程于依赖方。如本文所用,术语“远程”意味着生物计量传感器不是其以通信方式耦接到的计算机的安全边界的一部分(例如,生物计量传感器未嵌入到与依赖方计算机相同的物理外壳中)。举例来说,生物计量装置可经由网络(例如,因特网、无线网络链路等)或经由***输入(诸如USB端口)耦接到依赖方。在这些条件下,依赖方可能无法知道装置是否为得到依赖方授权的装置(例如,提供可接受等级的验证强度和完整性保护的装置)以及/或者黑客是否已经危及或甚至已经替换了生物计量装置。生物计量装置的置信度取决于装置的特定实施。
本文中使用的术语“本地”指的是用户正亲自在特定位置处(诸如在自动取款机(ATM)或销售点(POS)零售结账处)进行交易的事实。然而,如下文所论述,用于验证用户的验证技术可能涉及非位置组件,诸如经由网络与远程服务器和/或其他数据处理装置的通信。此外,尽管本文中描述了特定实施例(诸如ATM和零售点),但应该指出的是,可在由最终用户在其内本地发起交易的任何***的环境中实施本发明的基本原理。
本文中有时使用术语“依赖方”来不仅指尝试与之进行用户交易的实体(例如,执行用户交易的网站或在线服务),也指安全交易服务器(有时称为代表那个实体实施的,该实体可执行本文所述的基础验证技术)。安全交易服务器可由依赖方拥有并且/或者在依赖方的控制下,或者可在作为商业安排的一部分向依赖方提供安全交易服务的第三方的控制下。
本文中使用的术语“服务器”指的是在一个硬件平台上(或跨多个硬件平台)执行的软件,其经由网络从客户端接收请求,然后作为响应来执行一个或多个操作,并且将响应传输到客户端,该响应通常包括操作的结果。服务器对客户端请求做出响应,从而向客户端提供或帮助向客户端提供网络“服务”。值得注意的是,服务器不限于单个计算机(例如,用于执行服务器软件的单个硬件装置),而是实际上可散布在多个硬件平台上,有可能位于多个地理位置处。
示例性***架构和交易
图1A至图1B示出了包括用于注册/预置验证装置(有时也称为“预置”)和验证用户的客户端和服务器端组件的***架构的两个实施例。图1A所示的实施例使用基于web浏览器插件的架构来与网站通信,而图1B所示的实施例不需要web浏览器。本文所描述的各种技术,诸如向验证装置登记用户、向安全服务器注册/预置验证装置以及核验用户可在这些***架构中的任一者上实施。因此,虽然图1A所示的架构用于展示下述若干实施例的操作,但相同的基本原理可在图1B所示的***上容易地实施(例如,通过删除浏览器插件105,该浏览器插件充当用于在服务器130与客户端上的安全交易服务101之间通信的中介)。
首先转到图1A,所示实施例包括配备有一个或多个用于登记和核验最终用户的验证装置110至112(这些验证装置在本领域中有时称为验证“令牌”或“验证器”)的客户端100。如上所述,验证装置110至112可包括生物计量装置,诸如指纹传感器、声音识别硬件/软件(例如,用于识别用户声音的麦克风和相关联软件)、面部识别硬件/软件(例如,用于识别用户面部的相机和相关联软件)和光学识别功能(例如,用于扫描用户视网膜的光学扫描器和相关联软件),并且支持非生物计量形式(诸如PIN核验)。验证装置可使用可信平台模块(TPM)、智能卡或安全元件用于加密操作以及密钥存储。
验证装置110至112通过由安全交易服务101暴露的接口102(例如,应用程序编程接口或API)以通信方式耦接到客户端。安全交易服务101是用于经由网络与一个或多个安全交易服务器132至133通信以及用于与在web浏览器104的环境内执行的安全交易插件105介接的安全应用程序。如图所示,接口102还可提供对客户端100上的安全存储装置120的安全访问,该安全存储装置存储与每个验证装置110至112相关的信息,诸如装置识别代码、用户识别代码、受验证装置保护的用户登记数据(例如,所扫描的指纹或其他生物计量数据),以及用于执行本文所述安全验证技术的由验证装置包封的密钥。例如,如下文详细论述,唯一密钥可被存储到每个验证装置中并且在经由网络(诸如因特网)与服务器130通信时使用。
如下文论述,安全交易插件105支持某些类型的网络交易,诸如与网站131或其他服务器的HTTP或HTTPS交易。在一个实施例中,响应于由安全企业或Web目的地130内的网络服务器131(下文中有时简称为“服务器130”)***到网页HTML代码中的特定HTML标签来启动安全交易插件。响应于检测到此类标签,安全交易插件105可将交易转发到安全交易服务101以进行处理。另外,对于某些类型的事务(例如,诸如安全密钥交换),安全交易服务101可开启与当地交易服务器132(即,与网站位于同一地点)或异地交易服务器133的直接通信信道。
安全交易服务器132至133耦接到安全交易数据库120,安全交易数据库120用于存储用户数据、验证装置数据、密钥以及支持下文所述的安全验证交易所需要的其他安全信息。然而,应当指出的是,本发明的基本原理不需要分离图1A所示的安全企业或web目的地130内的逻辑组件。例如,网站131和安全交易服务器132至133可在单个物理服务器或分开的多个物理服务器内实施。此外,网站131和交易服务器132至133可在用于执行下文所述的功能的一个或多个服务器上所执行的集成软件模块内实施。
如上所述,本发明的基本原理不限于图1A所示的基于浏览器的架构。图1B示出了另选的具体实施,其中独立应用程序154利用由安全交易服务101提供的功能来经由网络验证用户。在一个实施例中,应用程序154被设计为建立与一个或多个网络服务151的通信会话,这些网络服务依赖于安全交易服务器132至133来执行下文详细描述的用户/客户端验证技术。
在图1A和图1B所示的任一个实施例中,安全交易服务器132至133可生成密钥,这些密钥接着被安全地传输到安全交易服务101并存储到安全存储装置120内的验证装置中。另外,安全交易服务器132至133管理服务器端上的安全交易数据库120。
与远程预置验证装置和利用依赖方验证相关联的某些基本原理将参考图2至图5来描述,随后使用安全通信协议来建立信任的本发明的实施例的详细描述。
图2示出了用于在客户端(诸如,图1A至图B中的客户端100上的装置110至112)预置验证装置的一系列交易。“预置”有时也被称为“注册”。为了简单起见,安全交易服务101和接口102被组合在一起作为验证客户端201,包括安全交易服务器132至133的安全企业或Web目的地130被表示为依赖方202。
在预置验证器(例如,指纹验证器、语音验证器等)期间,在验证客户端201和依赖方202之间共享与验证器相关联的密钥。回顾图1A至图1B,密钥存储在客户端100的安全存储装置120和由安全交易服务器132至133使用的安全交易数据库120内。在一个实施例中,密钥是由安全交易服务器132至133中的一个生成的对称密钥。然而,在下文论述的另一个实施例中,使用了不对称密钥。在该实施例中,可以由安全交易服务器132至133生成公共/私有密钥对。公共密钥然后可由安全交易服务器132至133存储,并且相关私有密钥可存储在客户端上的安全存储装置120中。在一个另选的实施例中,密钥可在客户端100上生成(例如,由验证装置或验证装置接口而不是安全交易服务器132至133生成)。本发明的基本原理不限于任何特定类型的密钥或生成密钥的方式。
在一个实施例中采用一种安全密钥预置协议以通过安全通信信道与客户端共享密钥。密钥预置协议的一个示例是动态对称密钥预置协议(DSKPP)(例如,参见请求注释(RFC)6063)。然而,本发明的基本原理不限于任何特定密钥预置协议。在一个特定实施例中,客户端生成公共/私有密钥对并向服务器发送公共密钥,可以利用证明密钥证明它们。
转到图2所示的具体细节,要启动注册流程,依赖方202生成随机生成的质询(例如,密码随机数),验证客户端201必须在装置注册期间呈现此质询。该随机质询可在有限时间段内有效。作为响应,验证客户端201发起与依赖方202的带外安全连接(例如,带外交易),并使用密钥预置协议(例如,上文提到的DSKPP协议)与依赖方202通信。为了发起安全连接,验证客户端201可以向依赖方202返回随机质询(可能带有在随机质询上生成的签名)。此外,验证客户端201可以传输用户的身份(例如,用户ID或其他代码)和要预置注册的验证装置的身份(例如,利用唯一地标识被预置验证装置类型的验证证明ID(AAID))。
该依赖方利用用户名或ID代码(例如,在用户账户数据库中)定位用户,(例如,使用签名或简单地比较随机质询与发送过的质询)证实随机质询,证实验证装置的验证代码(如果发送了验证代码(例如,AAID)),并在安全交易数据库(例如,图1A至图1B中的数据库120)中为用户和验证装置创建新条目。在一个实施例中,依赖方维护其接受验证的验证装置的数据库。它可以利用AAID(或其他验证装置代码)查询此数据库以确定正在预置的验证装置是否可接受进行验证。如果是,那么它将继续进行注册过程。
在一个实施例中,依赖方202为被预置的每个验证装置生成验证密钥。它向安全数据库写入密钥,并利用密钥预置协议向验证客户端201发回密钥。一旦完成,验证装置与依赖方202便在使用对称密钥的情况下共享相同密钥,或者在使用不对称密钥的情况下共享不同密钥。例如,如果使用不对称密钥,那么依赖方202可以存储公共密钥并向验证客户端201提供私有密钥。在从依赖方202接收私有密钥时,验证客户端201向验证装置中预置密钥(在与验证装置相关联的安全存储装置之内存储密钥)。然后它可以在验证用户期间使用该密钥(如下所述)。在一个另选的实施例中,密钥由验证客户端201生成并使用密钥预置协议向依赖方202提供密钥。在任一种情况下,一旦完成预置,验证客户端201和依赖方202均具有密钥,且验证客户端201通知依赖方已完成。
图3示出了用于向预置的验证装置验证用户的一系列交易。一旦完成装置注册(如图2中所述),依赖方201将接受由客户端上的本地验证装置生成的验证响应(有时称为“令牌”)作为有效的验证响应。
转向图3中所示的具体细节,响应于用户发起与依赖方202的需要验证的交易(例如,发起从依赖方网站进行支付,访问私有用户账户数据等),依赖方202生成包括随机质询(例如,密码随机数)的验证请求。在一个实施例中,随机质询具有与其关联的时间限制(例如,它在指定的一段时间内是有效的)。依赖方还可以标识要由验证客户端201用于验证的验证器。如上所述,依赖方可以预置客户端上可用的每个验证装置并为每个预置的验证器存储公共密钥。因此,它可以使用验证器的公共密钥或可以使用验证器ID(例如,AAID)来标识要使用的验证器。或者,它可以为客户端提供验证选项的列表,用户可以从该列表进行选择。
响应于接收到验证请求,可以为用户呈现请求验证的图形用户界面(GUI)(例如,形式为验证应用/应用的网页或GUI)。用户然后进行验证(例如,在指纹读取器上轻扫手指等)。作为响应,验证客户端201生成验证响应,该验证响应包含随机质询上的签名,带有与验证器相关联的私有密钥。它还可以包括其他相关数据,例如,验证响应中的用户ID代码。
在接收验证响应时,依赖方可以证实随机质询上的签名(例如,使用与验证器相关联的公共密钥)并确认用户的身份。一旦完成验证,用户便获许进入与依赖方的安全交易,如图所示。
可以使用安全通信协议,例如传输层安全(TLS)或安全套接字层(SSL)在依赖方201和验证客户端202之间建立用于图2至图3所示的任何或所有交易的安全连接。
利用非对称加密实施一次性密码的***和方法
下文所述的本发明的实施例包括用于利用非对称加密实施一次性密码(OTP)的技术。OTP方案通常基于对称密钥加密,其中客户端实体和服务器实体共享单个对称密钥,并且使用相同的密钥获得该OTP。相比之下,本发明所公开的实施例基于非对称密钥,其允许实施更安全的服务器而不需要存储秘密。
目前广泛使用的一次性密码(OTP)方案有三种类型:(1)基于时间的OTP(TOTP);(2)基于计数器的OTP;(3)基于质询/响应的OTP。当前的解决方案针对所有这些类型的OTP使用基于对称密钥的方案。在该方案中,使用相同的对称密钥提前预置OTP装置和服务器。作为验证事件的响应,该OTP装置基于(1)时间,(2)内置计数器或(3)服务器提供的质询来生成特殊的加密响应,并将该响应提供给服务器以进行核验。然后,服务器使用相同的对称密钥来获得相同的加密值,并将其与OTP装置提供的加密值进行比较。如果这些加密值匹配,则认为验证成功。
一个特定的案例涉及“离线”验证,其适用于OTP装置不与服务器直接连接的场景。在OTP装置生成加密响应后,将响应截断为6位数字,然后显示给用户。用户将该6位数字输入客户端装置,客户端装置将此数字发送至服务器。然后,服务器使用相同的截断算法来获得相同的数字。获得数字之后,其将所获得的数字与OTP装置生成的数字进行比较。然而,由于服务器存储着密钥,因此它是黑客的攻击目标。维护服务器中的密钥通常需要在数据中心使用昂贵的硬件安全模块(HSM)。
本发明的一个实施例实施基于非对称加密的OTP方案。非对称加密的优点是服务器将存储公共密钥而不是私有密钥(如对称密钥)。这消除了保护服务器中密钥的机密属性的负担,并允许更容易、更安全的部署。
图4提供了根据本发明的一个实施例的***架构的概述。在本实施例中,用户装置401是存储私有密钥并生成验证断言的实体,并且连接装置410是与依赖方验证服务器402和用户装置401都具有连接的实体。例如,在一个实施例中,用户装置401可以是移动装置诸如iPhoneTM或AndroidTM,并且连接装置410可以是台式计算机、销售点(PoS)终端、自动取款机(ATM),或与依赖方验证服务器402具有连接的任何其他装置。
在一个实施例中,验证服务器402存储与由用户装置401存储的私有密钥相对应的公共密钥。可使用上面相对于图2所讨论的密钥预置技术(例如,使用DSKPP或其他密钥预置协议)在用户装置401和验证服务器402上预置密钥。
在一个实施例中,与用户装置401的连接是单向的;也就是说,用户装置401可从连接装置410读取消息,但不能发送消息。例如,连接装置410可显示二维(QR)码、条形码或其他光学代码,以向用户装置401传递信息(例如,下面讨论的加密的质询)。用户装置401可使用已知技术(例如,用相机或扫描仪装置捕获光学代码)来读取和解译光学代码。
在一个替代实施例中,用户装置401和连接装置410之间的连接是使用局域通信技术诸如近场通信(NFC)、蓝牙(例如,低功耗蓝牙(BTLE))或无线USB实施的双向连接。
在一个实施例中,依赖方验证服务器402是核验由用户装置401生成的加密断言的实体。然而,用户装置401不需要与验证服务器402具有直接连接。本发明的实施例包括两个阶段:预置和验证。在预置阶段中,向用户装置401和验证服务器402预置加密密钥(例如,使用如图2所示的密钥预置技术)。然而,与现有的OTP方案不同,在预置期间,验证服务器402被提供有公共密钥,并且用户装置401被提供有私有密钥。
假设用户装置401已经被提供有私有密钥,并且验证服务器402被提供有对应的公共密钥,本发明的一个实施例根据图5所示的交易图操作。
在501处,依赖方验证服务器402生成随机质询(C),并且使用与存储在用户装置401上的私有密钥相对应的公共密钥对其进行加密:EC=加密(公共密钥,C),其中C是随机质询,EC是加密的质询。验证服务器402将C存储在其存储器中,并且将EC发送到如图所示的将EC传送到用户装置401的连接装置410。
在502处,用户装置401利用其私有密钥解密EC,并获得随机询问:C=解密(私有密钥,EC)。用户装置401然后将C转换为简化值,诸如缩短版本的C(“ShortC”)。在一个实施例中,这通过将C截断成N位数字(例如,其中N=6)来实现:ShortC=截断(C)。然而,在仍符合本发明的基本原理的情况下,可实施各种其他技术以将C转换成ShortC。例如,在一个实施例中,可从C中选择来自某些指定位位置的位,并将其组合以形成ShortC。
在503处(例如,在用户装置401的显示器上)向用户400呈现ShortC之后,用户400在连接装置410上输入ShortC,该连接装置在验证响应消息中将其发送回验证服务器402。用户装置401还可以请求用户在该阶段执行验证(例如使用用户装置401上的验证器,诸如指纹读取器)。
在504处,在接收到包含ShortC的验证响应消息时,验证服务器从存储器读取C,并且使用与用户装置401相同的算法截断C。例如:ShortC_Server=截断(C)(如果截断用于生成ShortC)。然后,验证服务器402将从用户装置401接收的ShortC与ShortC_Server进行比较。如果它们匹配,则该用户验证成功。如果不匹配,则验证失败。
图6A中示出了验证服务器402的一个实施例。如图所示,与用户装置上的私有密钥相关联的公共密钥605可被存储在安全存储器604中,并且由加密模块603使用以加密随机质询(C)606。如所指出的那样,随机数发生器601可用于生成C 606,所述C然后可被存储在安全存储器604中(并且随后在接收到验证响应时被检索)。如上所述,随后将加密的随机质询(EC)发送到连接装置。
图6B示出了验证服务器402的一个实施例中,用于证实用户610发送的包括ShortC的验证响应的组件。在一个实施例中,转换逻辑608从存储器604读取C,并且使用与用户装置401所使用的算法相同的算法截断C以生成ShortC:ShortC_Server=截断(C)。比较器逻辑615然后将接收自用户的ShortC 610与ShortC_Server进行比较。如果它们匹配,则该用户验证成功。如果不匹配,则验证失败。
图7示出了根据本发明的一个实施例的在用户装置401上采用的逻辑。解密模块703使用存储在安全存储器704中的私有密钥705对由验证服务器402发送的加密的质询(EC)600进行解密。如上所述,私有密钥705对应于用于执行加密的公共密钥605。然后,转换模块706转换解密的随机质询C,从而得到呈现给用户的ShortC 710。如上所述,虽然在一个实施例中使用截断,但是本发明的基本原理不限于任何特定类型的二进制或数字转换。
虽然上面阐述了若干个具体细节,但是在仍然符合本发明的基本原理的情况下,可采用各种不同的加密实施、转换技术和随机质询。例如,非对称算法可以是一种公共密钥加密算法,诸如RSA、椭圆曲线加密法(ECC)或使用非对称密钥实施加密的其他算法。在一个实施例中,使用密钥长度为128或256位的高级加密标准(AES)。另外,连接装置410可经由QR码、NFC、蓝牙、WiFi或任何其他通信技术将EC传送到用户装置401。
在一个实施例中,验证服务器402并非如上所述明确存储C,而是通过并入机制(诸如时间戳、换行以及类似的技术)将其与EC一起发送至客户端装置401用于进一步验证。例如:
C'=E(服务器换行密钥,C|时间戳)并且EC=E(公共密钥,C)
此外,上述依赖方(即,具有用于实施本发明实施例的验证服务器的实体)可以是包括在线服务提供商、在线零售服务或企业服务器的任何实体。
在一个实施例中,在连接装置410上运行并与验证服务器402通信的软件可在Web浏览器或专有应用程序(例如,专门设计用于与依赖方及其验证服务器通信的应用程序)中实施。另外,在用户装置上运行的软件(参见例如图7),从连接装置读取EC 600并显示ShortC可在Web浏览器或专有应用程序中实施。此外,在一个实施例中,驻留在用户装置401上用于安全保护私有密钥705并获得ShortC而不向其他组件泄露私有密钥的逻辑,在硬件中实施或者作为固件在加密硬件(诸如智能卡)上实施。
示例性数据处理装置
图8是示出可在本发明的一些实施例中使用的示例性客户端和服务器的框图。应当理解,尽管图8示出计算机***的各种组件,但其并非意图表示互连组件的任何特定架构或方式,因为此类细节与本发明并不密切相关。应当理解,具有更少组件或更多组件的其他计算机***也可与本发明一起使用。
如图8所示,计算机***800,其为一种形式的数据处理***,包括总线850,该总线与处理***820、电源825、存储器830和非易失性存储器840(例如,硬盘驱动器、快闪存储器、相变存储器(PCM)等)耦接。总线850可通过如本领域中熟知的各种桥接器、控制器和/或适配器来彼此连接。处理***820可从存储器830和/或非易失性存储器840检索指令,并执行这些指令以执行如上所述的操作。总线850将以上组件互连在一起,并且还将那些组件互连到可选底座860、显示控制器与显示装置870、输入/输出装置880(例如,NIC(网络接口卡)、光标控件(例如,鼠标、触摸屏、触摸板等)、键盘等)和可选无线收发器890(例如,蓝牙、WiFi、红外等)。
图9是示出可在本发明的一些实施例中使用的示例性数据处理***的框图。例如,数据处理***900可为手持式计算机、个人数字助理(PDA)、移动电话、便携式游戏***、便携式媒体播放器、平板计算机或手持式计算装置(其可包括移动电话、媒体播放器和/或游戏***)。又如,数据处理***900可为网络计算机或在另一个装置内的嵌入式处理装置。
根据本发明的一个实施例,数据处理***900的示例性架构可用于上文所述的移动装置。数据处理***900包括处理***920,其可包括一个或多个微处理器和/或集成电路上的***。处理***920与存储器910、电源925(其包括一个或多个电池)、音频输入/输出940、显示控制器与显示装置960、可选输入/输出950、输入装置970和无线收发器930耦接。应当理解,在本发明的某些实施例中,图9中未示出的其他组件也可为数据处理***900的一部分,并且在本发明的某些实施例中,可使用比图9所示更少的组件。另外,应当理解,图9中未示出的一个或多个总线可用于使如本领域中熟知的各种组件互连。
存储器910可存储数据和/或程序以供数据处理***900执行。音频输入/输出940可包括麦克风和/或扬声器以(例如)播放音乐,以及/或者通过扬声器和麦克风提供电话功能。显示控制器与显示装置960可包括图形用户界面(GUI)。无线(例如,RF)收发器930(例如,WiFi收发器、红外收发器、蓝牙收发器、无线蜂窝电话收发器等)可用于与其他数据处理***通信。所述一个或多个输入装置970允许用户向***提供输入。这些输入装置可为小键盘、键盘、触控面板、多点触控面板等。可选的其他输入/输出950可为底座的连接器。
本发明的实施例可包括如上文陈述的各种步骤。这些步骤可体现为致使通用处理器或专用处理器执行某些步骤的机器可执行指令。或者,这些步骤可由包含用于执行这些步骤的硬连线逻辑的特定硬件组件执行,或由编程的计算机组件和定制硬件组件的任何组合执行。
本发明的元件还可被提供为用于存储机器可执行程序代码的机器可读介质。机器可读介质可包括但不限于软盘、光盘、CD-ROM和磁光盘、ROM、RAM、EPROM、EEPROM、磁卡或光卡、或者适合于存储电子程序代码的其他类型的介质/机器可读介质。
在整个前述描述中,出于解释的目的,陈述了许多特定细节以便透彻理解本发明。然而,本领域的技术人员将容易明白,可在没有这些特定细节中的一些的情况下实践本发明。例如,本领域的技术人员将容易明白,本文所述的功能模块和方法可被实施为软件、硬件或其任何组合。此外,虽然本文在移动计算环境的情形内描述本发明的一些实施例,但本发明的基本原理不限于移动计算具体实施。在一些实施例中,可使用几乎任何类型的客户端或对等数据处理装置,包括(例如)台式计算机或工作站计算机。因此,应依据所附权利要求书确定本发明的范围和精神。
本发明的实施例可包括如上文陈述的各种步骤。这些步骤可体现为致使通用处理器或专用处理器执行某些步骤的机器可执行指令。或者,这些步骤可由包含用于执行这些步骤的硬连线逻辑的特定硬件组件执行,或由编程的计算机组件和定制硬件组件的任何组合执行。
Claims (25)
1.一种方法,包括:
在服务器处生成质询;
在所述服务器处使用公共加密密钥加密所述质询;
将所述加密的质询发送到连接装置,所述连接装置通过网络与所述服务器具有第一连接;
将所述加密的质询从所述连接装置提供至用户装置;
使用对应于所述公共加密密钥的私有加密密钥来解密所述加密的质询以确定所述质询;
转换所述质询为转换的质询,所述转换的质询具有与所述原始质询不同的格式;
在所述连接装置处接收所述转换的质询,并且将所述转换的质询从所述连接装置提供给所述服务器;以及
在所述服务器处证实所述转换的质询以验证所述用户。
2.根据权利要求1所述的方法,其中所述质询包括由所述服务器上的随机数发生器生成的随机质询。
3.根据权利要求2所述的方法,其中转换所述质询包括截断所述质询的一部分,并且使用所截断的部分或截断后的剩余部分用于所述转换的质询。
4.根据权利要求3所述的方法,其中所述质询被截断以生成6位转换的质询。
5.根据权利要求1所述的方法,其中在所述连接装置处接收所述转换的质询包括:经由耦接到所述连接装置的用户输入装置来接收所述转换的质询的手动用户输入。
6.根据权利要求5所述的方法,其中所述连接装置包括联网的计算机***、销售点(PoS)终端或自动取款机(ATM)。
7.根据权利要求6所述的方法,其中所述用户装置包括移动智能电话装置。
8.根据权利要求7所述的方法,其中将所述加密的质询从所述连接装置提供至用户装置包括在所述连接装置的显示器上显示光学代码,并且由所述用户装置读取所述光学代码。
9.根据权利要求8所述的方法,其中所述光学代码包括二维(QR)码或条形码。
10.根据权利要求7所述的方法,其中将所述加密的质询从所述连接装置提供至用户装置包括在所述用户装置和所述连接装置之间建立局域无线通信信道。
11.根据权利要求10所述的方法,其中所述局域无线信道包括蓝牙信道、近场通信(NFC)信道、WiFi信道或无线USB信道。
12.根据权利要求3所述的方法,其中证实所述转换的质询包括截断所述服务器上的所述质询的相同部分,并将在所述服务器上截断的所述转换的质询与由所述连接装置提供的所述转换的质询进行比较。
13.一种***,包括:
生成质询的服务器,所述服务器使用公共加密密钥来加密所述质询;
所述服务器将所述加密的质询发送到通过网络与所述服务器具有第一连接的连接装置;
所述连接装置将所述加密的质询提供给用户装置;
所述用户装置使用对应于所述公共加密密钥的私有加密密钥来解密所述加密的质询以确定所述质询;
所述用户装置转换所述质询为转换的质询,所述转换的质询具有与所述原始质询不同的格式;
所述连接装置接收所述转换的质询并将所述转换的质询从所述连接装置提供给所述服务器;以及
所述服务器证实所述转换的质询以验证所述用户。
14.根据权利要求13所述的***,其中所述质询包括由所述服务器上的随机数发生器生成的随机质询。
15.根据权利要求14所述的***,其中转换所述质询包括截断所述质询的一部分,并且使用所截断的部分或截断后的剩余部分用于所述转换的质询。
16.根据权利要求15所述的***,其中所述质询被截断以生成6位转换的质询。
17.根据权利要求13所述的***,其中在所述连接装置处接收所述转换的质询包括:经由耦接到所述连接装置的用户输入装置来接收所述转换的质询的手动用户输入。
18.根据权利要求17所述的***,其中所述连接装置包括联网的计算机***、销售点(PoS)终端或自动取款机(ATM)。
19.根据权利要求18所述的***,其中所述用户装置包括移动智能电话装置。
20.根据权利要求19所述的***,其中将所述加密的质询从所述连接装置提供至用户装置包括在所述连接装置的显示器上显示光学代码,并且由所述用户装置读取所述光学代码。
21.根据权利要求20所述的***,其中所述光学代码包括二维(QR)码或条形码。
22.根据权利要求19所述的***,其中将所述加密的质询从所述连接装置提供至用户装置包括在所述用户装置和所述连接装置之间建立局域无线通信信道。
23.根据权利要求22所述的***,其中所述局域无线信道包括蓝牙信道、近场通信(NFC)信道、WiFi信道或无线USB信道。
24.根据权利要求15所述的***,其中证实所述转换的质询包括截断所述服务器上的所述质询的相同部分,并将在所述服务器上截断的所述转换的质询与由所述连接装置提供的转换的质询进行比较。
25.一种其上存储有程序代码的机器可读介质,所述程序代码当被机器执行时,使得所述机器执行以下操作:
在服务器处生成质询;
在所述服务器处使用公共加密密钥加密所述质询;
将所述加密的质询发送到连接装置,所述连接装置通过网络与所述服务器具有第一连接;
将所述加密的质询从所述连接装置提供至用户装置;
使用对应于所述公共加密密钥的私有加密密钥来解密所述加密的质询以确定所述质询;
转换所述质询为转换的质询,所述转换的质询具有与所述原始质询不同的格式;
在所述连接装置处接收所述转换的质询,并且将所述转换的质询从所述连接装置提供给所述服务器;以及
在所述服务器处证实所述转换的质询以验证所述用户。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/448,747 | 2014-07-31 | ||
US14/448,747 US9749131B2 (en) | 2014-07-31 | 2014-07-31 | System and method for implementing a one-time-password using asymmetric cryptography |
PCT/US2015/042870 WO2016019127A1 (en) | 2014-07-31 | 2015-07-30 | System and method for implementing a one-time-password using asymmetric cryptography |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106575326A true CN106575326A (zh) | 2017-04-19 |
CN106575326B CN106575326B (zh) | 2021-03-02 |
Family
ID=55218311
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201580040813.6A Active CN106575326B (zh) | 2014-07-31 | 2015-07-30 | 利用非对称加密实施一次性密码的***和方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US9749131B2 (zh) |
EP (1) | EP3175380B1 (zh) |
JP (1) | JP6803326B2 (zh) |
KR (1) | KR102408761B1 (zh) |
CN (1) | CN106575326B (zh) |
WO (1) | WO2016019127A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881153A (zh) * | 2017-05-10 | 2018-11-23 | 周宏建 | 用于登入的认证方法 |
CN113711560A (zh) * | 2019-03-29 | 2021-11-26 | 诺克诺克实验公司 | 用于有效质询-响应验证的***和方法 |
US20220109569A1 (en) * | 2020-10-02 | 2022-04-07 | Nvidia Corporation | Token-based zero-touch enrollment for provisioning edge computing applications |
US12041039B2 (en) | 2019-02-28 | 2024-07-16 | Nok Nok Labs, Inc. | System and method for endorsing a new authenticator |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10034171B2 (en) | 2015-10-14 | 2018-07-24 | Sony Interactive Entertainment America Llc | Secure device pairing |
US10009179B2 (en) * | 2015-11-30 | 2018-06-26 | Microsoft Technology Licensing, Llc | Trusted platform module (TPM) protected device |
US10778435B1 (en) * | 2015-12-30 | 2020-09-15 | Jpmorgan Chase Bank, N.A. | Systems and methods for enhanced mobile device authentication |
CN107370711B (zh) | 2016-05-11 | 2021-05-11 | 创新先进技术有限公司 | 一种验证身份的方法和***、智能穿戴设备 |
US11025436B2 (en) * | 2017-03-01 | 2021-06-01 | Banco Bilbao Vizcaya Argentaria, S.A. | Self-authenticating digital identity |
ES2797253T3 (es) | 2017-07-25 | 2020-12-01 | Telefonica Digital Espana Slu | Un método y un sistema para encriptar comunicaciones inalámbricas que incluyen autenticación |
DK3439190T3 (da) * | 2017-07-31 | 2022-07-04 | Innovalor B V | Forbedret nfc-chiplæser |
FR3070516B1 (fr) * | 2017-08-22 | 2019-09-13 | Evidian | Procede d'authentification d'un utilisateur aupres d'un serveur d'authentification |
KR102030617B1 (ko) * | 2017-12-05 | 2019-10-10 | 주식회사 코스콤 | 일회성 패스워드를 생성하고 검증하는 방법과 그 장치 |
WO2019212236A1 (ko) * | 2018-04-30 | 2019-11-07 | 주식회사 원키 | 차량 개폐 및 시동을 제어하는 스마트 키 시스템에서 비대칭키 방식을 기초로 암호화된 초음파를 사용한 단계적 사용자 인증 방법 및 장치 |
KR102125133B1 (ko) * | 2018-08-08 | 2020-06-19 | 충북대학교 산학협력단 | 메시지 인증 장치 및 방법 |
CN109377679A (zh) * | 2018-09-03 | 2019-02-22 | 深圳壹账通智能科技有限公司 | 取款方法及终端设备 |
US10542036B1 (en) | 2018-10-02 | 2020-01-21 | Capital One Services, Llc | Systems and methods for signaling an attack on contactless cards |
US11368446B2 (en) * | 2018-10-02 | 2022-06-21 | International Business Machines Corporation | Trusted account revocation in federated identity management |
US10693633B2 (en) | 2018-11-19 | 2020-06-23 | Cypress Semiconductor Corporation | Timestamp based onboarding process for wireless devices |
US11374922B2 (en) | 2018-12-03 | 2022-06-28 | At&T Intellectual Property I, L.P. | Generation of a persona key |
US11303450B2 (en) * | 2018-12-19 | 2022-04-12 | Visa International Service Association | Techniques for securely performing offline authentication |
WO2020197779A1 (en) * | 2019-03-22 | 2020-10-01 | Zev Industries | System and method for the measurement of impact kinetics |
EP3720165A1 (en) * | 2019-03-30 | 2020-10-07 | Illotros GmbH | Method for proving at least one of identity and entitlement |
US20210073359A1 (en) * | 2019-09-10 | 2021-03-11 | Michael Boodaei | Secure one-time password (otp) authentication |
CN110650057B (zh) * | 2019-09-29 | 2022-03-11 | 武汉迈威通信股份有限公司 | 一种通过便携移动终端配置设备的方法及*** |
US11792184B2 (en) | 2019-12-05 | 2023-10-17 | Microsoft Technology Licensing, Llc | Autopilot re-enrollment of managed devices |
CN112367192B (zh) * | 2020-10-22 | 2022-03-25 | 新华三信息安全技术有限公司 | 虚拟组网自动组建的方法、装置及*** |
US11722317B2 (en) * | 2020-12-22 | 2023-08-08 | Blackberry Limited | System and method for obtaining a signed certificate |
US11790098B2 (en) | 2021-08-05 | 2023-10-17 | Bank Of America Corporation | Digital document repository access control using encoded graphical codes |
US11880479B2 (en) | 2021-08-05 | 2024-01-23 | Bank Of America Corporation | Access control for updating documents in a digital document repository |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070278291A1 (en) * | 2005-12-22 | 2007-12-06 | Rans Jean-Paul E | Methods and Systems for Two-Factor Authentication Using Contactless Chip Cards or Devices and Mobile Devices or Dedicated Personal Readers |
CN101410847A (zh) * | 2006-06-30 | 2009-04-15 | 国际商业机器公司 | 在移动设备处的消息处理 |
US20090138727A1 (en) * | 2007-11-28 | 2009-05-28 | Hitachi Global Storage Technologies Netherlands B.V. | Challenge And Response Access Control Providing Data Security In Data Storage Devices |
US20110219427A1 (en) * | 2010-03-04 | 2011-09-08 | RSSBus, Inc. | Smart Device User Authentication |
CN102763114A (zh) * | 2010-02-16 | 2012-10-31 | 诺基亚公司 | 用于使用pcr重用和现有基础架构提供证明的方法和装置 |
US20130326213A1 (en) * | 2012-06-04 | 2013-12-05 | Private Giant | Method and system for automatic generation of context-aware cover message |
CN103460738A (zh) * | 2011-03-23 | 2013-12-18 | 交互数字专利控股公司 | 用于使网络通信安全的***和方法 |
US20140189350A1 (en) * | 2012-12-28 | 2014-07-03 | Davit Baghdasaryan | System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices |
Family Cites Families (265)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
US5764789A (en) | 1994-11-28 | 1998-06-09 | Smarttouch, Llc | Tokenless biometric ATM access system |
US6088450A (en) | 1996-04-17 | 2000-07-11 | Intel Corporation | Authentication system based on periodic challenge/response protocol |
US6377691B1 (en) | 1996-12-09 | 2002-04-23 | Microsoft Corporation | Challenge-response authentication and key exchange for a connectionless security protocol |
US6378072B1 (en) | 1998-02-03 | 2002-04-23 | Compaq Computer Corporation | Cryptographic system |
US6618806B1 (en) | 1998-04-01 | 2003-09-09 | Saflink Corporation | System and method for authenticating users in a computer network |
US6178511B1 (en) | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
JP2000092046A (ja) | 1998-09-11 | 2000-03-31 | Mitsubishi Electric Corp | 遠隔認証システム |
US7047416B2 (en) | 1998-11-09 | 2006-05-16 | First Data Corporation | Account-based digital signature (ABDS) system |
US7505941B2 (en) * | 1999-08-31 | 2009-03-17 | American Express Travel Related Services Company, Inc. | Methods and apparatus for conducting electronic transactions using biometrics |
US6842896B1 (en) | 1999-09-03 | 2005-01-11 | Rainbow Technologies, Inc. | System and method for selecting a server in a multiple server license management system |
US7085931B1 (en) | 1999-09-03 | 2006-08-01 | Secure Computing Corporation | Virtual smart card system and method |
US7260724B1 (en) | 1999-09-20 | 2007-08-21 | Security First Corporation | Context sensitive dynamic authentication in a cryptographic system |
US7444368B1 (en) | 2000-02-29 | 2008-10-28 | Microsoft Corporation | Methods and systems for selecting methodology for authenticating computer systems on a per computer system or per user basis |
US7698565B1 (en) | 2000-03-30 | 2010-04-13 | Digitalpersona, Inc. | Crypto-proxy server and method of using the same |
US7263506B2 (en) | 2000-04-06 | 2007-08-28 | Fair Isaac Corporation | Identification and management of fraudulent credit/debit card purchases at merchant ecommerce sites |
US7487112B2 (en) | 2000-06-29 | 2009-02-03 | Barnes Jr Melvin L | System, method, and computer program product for providing location based services and mobile e-commerce |
AU2001286415A1 (en) | 2000-08-04 | 2002-02-18 | First Data Corporation | Linking public key of device to information during manufacture |
US7689832B2 (en) | 2000-09-11 | 2010-03-30 | Sentrycom Ltd. | Biometric-based system and method for enabling authentication of electronic messages sent over a network |
US20020040344A1 (en) | 2000-10-04 | 2002-04-04 | Preiser Randall F. | Check guarantee, verification, processing, credit reports and collection system and method awarding purchase points for usage of checks |
US7356704B2 (en) | 2000-12-07 | 2008-04-08 | International Business Machines Corporation | Aggregated authenticated identity apparatus for and method therefor |
FI115098B (fi) | 2000-12-27 | 2005-02-28 | Nokia Corp | Todentaminen dataviestinnässä |
US7941669B2 (en) | 2001-01-03 | 2011-05-10 | American Express Travel Related Services Company, Inc. | Method and apparatus for enabling a user to select an authentication method |
US20020112170A1 (en) | 2001-01-03 | 2002-08-15 | Foley James M. | Method and apparatus for using one financial instrument to authenticate a user for accessing a second financial instrument |
AU2002259229A1 (en) | 2001-05-18 | 2002-12-03 | Imprivata, Inc. | Authentication with variable biometric templates |
SG124290A1 (en) | 2001-07-23 | 2006-08-30 | Ntt Docomo Inc | Electronic payment method, system, and devices |
AU2002343424A1 (en) | 2001-09-28 | 2003-04-14 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
JP2003132160A (ja) | 2001-10-23 | 2003-05-09 | Nec Corp | 個人情報管理システムと個人情報管理装置、及び個人情報管理プログラム |
JP4145118B2 (ja) * | 2001-11-26 | 2008-09-03 | 松下電器産業株式会社 | アプリケーション認証システム |
US20030115142A1 (en) | 2001-12-12 | 2003-06-19 | Intel Corporation | Identity authentication portfolio system |
KR100954640B1 (ko) | 2002-02-05 | 2010-04-27 | 파나소닉 주식회사 | 개인인증방법 및 개인인증장치 |
JP2003318894A (ja) * | 2002-02-21 | 2003-11-07 | Matsushita Electric Ind Co Ltd | チャレンジ−レスポンス方式による機器間の認証処理方法 |
GB0210692D0 (en) | 2002-05-10 | 2002-06-19 | Assendon Ltd | Smart card token for remote authentication |
US20030226036A1 (en) | 2002-05-30 | 2003-12-04 | International Business Machines Corporation | Method and apparatus for single sign-on authentication |
US7322043B2 (en) | 2002-06-20 | 2008-01-22 | Hewlett-Packard Development Company, L.P. | Allowing an electronic device accessing a service to be authenticated |
US20160072787A1 (en) * | 2002-08-19 | 2016-03-10 | Igor V. Balabine | Method for creating secure subnetworks on a general purpose network |
DE60307583T2 (de) | 2002-11-20 | 2007-10-04 | Stmicroelectronics S.A. | Auswertung der Schärfe eines Bildes der Iris eines Auges |
US7353533B2 (en) | 2002-12-18 | 2008-04-01 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
DE10318639A1 (de) * | 2003-04-24 | 2004-11-11 | Robert Bosch Gmbh | Brennstoffeinspritzventil |
JP4374904B2 (ja) | 2003-05-21 | 2009-12-02 | 株式会社日立製作所 | 本人認証システム |
JP2005025337A (ja) | 2003-06-30 | 2005-01-27 | Sony Corp | 機器登録システム、機器登録サーバ、機器登録方法、機器登録プログラム、記憶媒体、及び端末機器 |
US7716469B2 (en) | 2003-07-25 | 2010-05-11 | Oracle America, Inc. | Method and system for providing a circle of trust on a network |
JP4778899B2 (ja) | 2003-09-12 | 2011-09-21 | イーエムシー コーポレイション | リスクベース認証のためのシステムおよび方法 |
US20050080716A1 (en) | 2003-09-25 | 2005-04-14 | Boris Belyi | Data validation systems and methods for use in financial transactions |
US9130921B2 (en) | 2003-09-30 | 2015-09-08 | Ca, Inc. | System and method for bridging identities in a service oriented architectureprofiling |
US7415138B2 (en) | 2003-11-25 | 2008-08-19 | Ultra-Scan Corporation | Biometric authorization method and system |
US20050125295A1 (en) | 2003-12-09 | 2005-06-09 | Tidwell Lisa C. | Systems and methods for obtaining payor information at a point of sale |
US7263717B1 (en) | 2003-12-17 | 2007-08-28 | Sprint Communications Company L.P. | Integrated security framework and privacy database scheme |
US9191215B2 (en) | 2003-12-30 | 2015-11-17 | Entrust, Inc. | Method and apparatus for providing authentication using policy-controlled authentication articles and techniques |
JP4257250B2 (ja) | 2004-03-30 | 2009-04-22 | 富士通株式会社 | 生体情報照合装置並びに生体特徴情報絞込み装置,生体特徴情報絞込みプログラムおよび同プログラムを記録したコンピュータ読取可能な記録媒体 |
US8762283B2 (en) | 2004-05-03 | 2014-06-24 | Visa International Service Association | Multiple party benefit from an online authentication service |
US20050278253A1 (en) | 2004-06-15 | 2005-12-15 | Microsoft Corporation | Verifying human interaction to a computer entity by way of a trusted component on a computing device or the like |
AU2005266945A1 (en) | 2004-07-23 | 2006-02-02 | Citrix Systems, Inc. | A method and systems for securing remote access to private networks |
US7194763B2 (en) | 2004-08-02 | 2007-03-20 | Cisco Technology, Inc. | Method and apparatus for determining authentication capabilities |
US7925729B2 (en) | 2004-12-07 | 2011-04-12 | Cisco Technology, Inc. | Network management |
US7298873B2 (en) | 2004-11-16 | 2007-11-20 | Imageware Systems, Inc. | Multimodal biometric platform |
EP1825413A2 (en) | 2004-12-16 | 2007-08-29 | Mark Dwight Bedworth | User validation using images |
WO2006068998A1 (en) | 2004-12-20 | 2006-06-29 | Rsa Security Inc. | Consumer internet authentication service |
US7844816B2 (en) | 2005-06-08 | 2010-11-30 | International Business Machines Corporation | Relying party trust anchor based public key technology framework |
US8079079B2 (en) | 2005-06-29 | 2011-12-13 | Microsoft Corporation | Multimodal authentication |
US20070077915A1 (en) | 2005-09-30 | 2007-04-05 | Black Greg R | Method and apparatus for module authentication |
AU2006303992A1 (en) | 2005-10-11 | 2007-04-26 | Citrix Systems, Inc. | Systems and methods for facilitating distributed authentication |
US8407146B2 (en) | 2005-10-28 | 2013-03-26 | Microsoft Corporation | Secure storage |
US7623659B2 (en) | 2005-11-04 | 2009-11-24 | Cisco Technology, Inc. | Biometric non-repudiation network security systems and methods |
US8458465B1 (en) | 2005-11-16 | 2013-06-04 | AT&T Intellectual Property II, L. P. | Biometric authentication |
JP4736744B2 (ja) * | 2005-11-24 | 2011-07-27 | 株式会社日立製作所 | 処理装置、補助情報生成装置、端末装置、認証装置及び生体認証システム |
CA2631763A1 (en) | 2005-12-01 | 2007-06-07 | Firestar Software, Inc. | System and method for exchanging information among exchange applications |
US20080005562A1 (en) | 2005-12-13 | 2008-01-03 | Microsoft Corporation | Public key infrastructure certificate entrustment |
CN1992596A (zh) | 2005-12-27 | 2007-07-04 | 国际商业机器公司 | 用户验证设备和用户验证方法 |
US7941835B2 (en) | 2006-01-13 | 2011-05-10 | Authenticor Identity Protection Services, Inc. | Multi-mode credential authorization |
WO2007092715A2 (en) | 2006-02-06 | 2007-08-16 | Solidus Networks, Inc. | Method and system for providing online authentication utilizing biometric data |
US9112705B2 (en) | 2006-02-15 | 2015-08-18 | Nec Corporation | ID system and program, and ID method |
US20100107222A1 (en) | 2006-03-02 | 2010-04-29 | Avery Glasser | Method and apparatus for implementing secure and adaptive proxies |
JP4693171B2 (ja) * | 2006-03-17 | 2011-06-01 | 株式会社日立ソリューションズ | 認証システム |
US7818264B2 (en) | 2006-06-19 | 2010-10-19 | Visa U.S.A. Inc. | Track data encryption |
JP4929803B2 (ja) | 2006-04-10 | 2012-05-09 | 富士通株式会社 | 認証方法、認証装置、および、認証プログラム |
JP4616335B2 (ja) | 2006-04-21 | 2011-01-19 | 三菱電機株式会社 | 認証サーバ装置及び端末装置及び認証システム及び認証方法 |
US9002018B2 (en) | 2006-05-09 | 2015-04-07 | Sync Up Technologies Corporation | Encryption key exchange system and method |
US8259647B2 (en) | 2006-06-12 | 2012-09-04 | Samsung Electronics Co., Ltd. | System and method for wireless communication of uncompressed video having a link control and bandwidth reservation scheme for control/management message exchanges and asynchronous traffic |
US7512567B2 (en) | 2006-06-29 | 2009-03-31 | Yt Acquisition Corporation | Method and system for providing biometric authentication at a point-of-sale via a mobile device |
CN101106452B (zh) | 2006-07-12 | 2010-12-08 | 华为技术有限公司 | 移动ip密钥的产生及分发方法和*** |
US20080025234A1 (en) | 2006-07-26 | 2008-01-31 | Qi Zhu | System and method of managing a computer network using hierarchical layer information |
US7966489B2 (en) | 2006-08-01 | 2011-06-21 | Cisco Technology, Inc. | Method and apparatus for selecting an appropriate authentication method on a client |
US8689287B2 (en) | 2006-08-17 | 2014-04-01 | Northrop Grumman Systems Corporation | Federated credentialing system and method |
US8555072B2 (en) | 2006-08-31 | 2013-10-08 | International Business Machines Corporation | Attestation of computing platforms |
US8239677B2 (en) | 2006-10-10 | 2012-08-07 | Equifax Inc. | Verification and authentication systems and methods |
US9135444B2 (en) | 2006-10-19 | 2015-09-15 | Novell, Inc. | Trusted platform module (TPM) assisted data center management |
US7986786B2 (en) | 2006-11-30 | 2011-07-26 | Hewlett-Packard Development Company, L.P. | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor |
US9055107B2 (en) | 2006-12-01 | 2015-06-09 | Microsoft Technology Licensing, Llc | Authentication delegation based on re-verification of cryptographic evidence |
EP1933522B1 (en) | 2006-12-11 | 2013-10-23 | Sap Ag | Method and system for authentication |
JP2008176407A (ja) | 2007-01-16 | 2008-07-31 | Toshiba Corp | 生体認証システム、装置及びプログラム |
JP2008181295A (ja) | 2007-01-24 | 2008-08-07 | Sony Corp | 認証システム、情報処理装置および方法、プログラム、並びに記録媒体 |
GB0703759D0 (en) | 2007-02-27 | 2007-04-04 | Skype Ltd | A Communication system |
US8302196B2 (en) | 2007-03-20 | 2012-10-30 | Microsoft Corporation | Combining assessment models and client targeting to identify network security vulnerabilities |
US8413221B2 (en) | 2007-03-23 | 2013-04-02 | Emc Corporation | Methods and apparatus for delegated authentication |
US20080271150A1 (en) | 2007-04-30 | 2008-10-30 | Paul Boerger | Security based on network environment |
US8627409B2 (en) | 2007-05-15 | 2014-01-07 | Oracle International Corporation | Framework for automated dissemination of security metadata for distributed trust establishment |
US8359045B1 (en) | 2007-05-31 | 2013-01-22 | United Services Automobile Association (Usaa) | Method and system for wireless device communication |
US7627522B2 (en) | 2007-06-04 | 2009-12-01 | Visa U.S.A. Inc. | System, apparatus and methods for comparing fraud parameters for application during prepaid card enrollment and transactions |
US9003488B2 (en) | 2007-06-06 | 2015-04-07 | Datavalet Technologies | System and method for remote device recognition at public hotspots |
US7913086B2 (en) | 2007-06-20 | 2011-03-22 | Nokia Corporation | Method for remote message attestation in a communication system |
US8782801B2 (en) | 2007-08-15 | 2014-07-15 | Samsung Electronics Co., Ltd. | Securing stored content for trusted hosts and safe computing environments |
US20090089870A1 (en) | 2007-09-28 | 2009-04-02 | Mark Frederick Wahl | System and method for validating interactions in an identity metasystem |
FR2922396B1 (fr) | 2007-10-12 | 2009-12-25 | Compagnie Ind Et Financiere Dingenierie Ingenico | Procede d'authentification biometrique, programme d'ordinateur, serveur d'authentification, terminal et objet portatif correspondants |
US20090204964A1 (en) | 2007-10-12 | 2009-08-13 | Foley Peter F | Distributed trusted virtualization platform |
WO2009070430A2 (en) | 2007-11-08 | 2009-06-04 | Suridx, Inc. | Apparatus and methods for providing scalable, dynamic, individualized credential services using mobile telephones |
US8347374B2 (en) | 2007-11-15 | 2013-01-01 | Red Hat, Inc. | Adding client authentication to networked communications |
US8978117B2 (en) | 2007-11-19 | 2015-03-10 | Avaya Inc. | Authentication frequency and challenge type based on environmental and physiological properties |
TWI350486B (en) | 2007-11-26 | 2011-10-11 | Ind Tech Res Inst | Biometrics method and apparatus and biometric data encryption method thereof |
US9575558B2 (en) | 2007-12-05 | 2017-02-21 | Hewlett-Packard Development Company, L.P. | System and method for electronically assisting a customer at a product retail location |
US8650616B2 (en) | 2007-12-18 | 2014-02-11 | Oracle International Corporation | User definable policy for graduated authentication based on the partial orderings of principals |
US8220032B2 (en) | 2008-01-29 | 2012-07-10 | International Business Machines Corporation | Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith |
US8635662B2 (en) | 2008-01-31 | 2014-01-21 | Intuit Inc. | Dynamic trust model for authenticating a user |
US8175276B2 (en) | 2008-02-04 | 2012-05-08 | Freescale Semiconductor, Inc. | Encryption apparatus with diverse key retention schemes |
US8639630B2 (en) | 2008-02-15 | 2014-01-28 | Ddn Ip Holdings Limited | Distribution of digital content |
US8353016B1 (en) | 2008-02-29 | 2013-01-08 | Adobe Systems Incorporated | Secure portable store for security skins and authentication information |
US8555078B2 (en) | 2008-02-29 | 2013-10-08 | Adobe Systems Incorporated | Relying party specifiable format for assertion provider token |
US8302167B2 (en) | 2008-03-11 | 2012-10-30 | Vasco Data Security, Inc. | Strong authentication token generating one-time passwords and signatures upon server credential verification |
US20090327131A1 (en) | 2008-04-29 | 2009-12-31 | American Express Travel Related Services Company, Inc. | Dynamic account authentication using a mobile device |
US8793757B2 (en) | 2008-05-27 | 2014-07-29 | Open Invention Network, Llc | User-directed privacy control in a user-centric identity management system |
US8355337B2 (en) | 2009-01-28 | 2013-01-15 | Headwater Partners I Llc | Network based service profile management with user preference, adaptive policy, network neutrality, and user privacy |
US20090307140A1 (en) | 2008-06-06 | 2009-12-10 | Upendra Mardikar | Mobile device over-the-air (ota) registration and point-of-sale (pos) payment |
JP5258422B2 (ja) * | 2008-07-01 | 2013-08-07 | Kddi株式会社 | 相互認証システム、相互認証方法およびプログラム |
CA2730175A1 (en) | 2008-07-09 | 2010-01-14 | Xtreme Mobility Inc. | Secure wireless deposit system and method |
US8250627B2 (en) | 2008-07-28 | 2012-08-21 | International Business Machines Corporation | Transaction authorization |
US20100029300A1 (en) | 2008-07-30 | 2010-02-04 | Arima Communications Corp. | Method for inquiring real-time travel-related information using a mobile communication device |
US20100042848A1 (en) | 2008-08-13 | 2010-02-18 | Plantronics, Inc. | Personalized I/O Device as Trusted Data Source |
US20130125222A1 (en) | 2008-08-19 | 2013-05-16 | James D. Pravetz | System and Method for Vetting Service Providers Within a Secure User Interface |
US8666904B2 (en) | 2008-08-20 | 2014-03-04 | Adobe Systems Incorporated | System and method for trusted embedded user interface for secure payments |
US8880036B2 (en) | 2008-09-08 | 2014-11-04 | Qualcomm Incorporated | Retrieving data wirelessly from a mobile device |
US20100083000A1 (en) | 2008-09-16 | 2010-04-01 | Validity Sensors, Inc. | Fingerprint Sensor Device and System with Verification Token and Methods of Using |
US7933836B2 (en) | 2008-09-30 | 2011-04-26 | Avaya Inc. | Proxy-based, transaction authorization system |
US8494482B2 (en) | 2008-10-24 | 2013-07-23 | Centurylink Intellectual Property Llc | Telecommunications system and method for monitoring the body temperature of a user |
EP2359526B1 (en) | 2008-11-04 | 2017-08-02 | SecureKey Technologies Inc. | System and methods for online authentication |
BRPI0921124A2 (pt) | 2008-11-06 | 2016-09-13 | Visa Int Service Ass | sistema para autenticar um consumidor, método implementado por computador, meio legível por computador, e, computador servidor. |
US8245030B2 (en) | 2008-12-19 | 2012-08-14 | Nai-Yu Pai | Method for authenticating online transactions using a browser |
US20100169650A1 (en) | 2008-12-31 | 2010-07-01 | Brickell Ernest F | Storage minimization technique for direct anonymous attestation keys |
US8961619B2 (en) | 2009-01-06 | 2015-02-24 | Qualcomm Incorporated | Location-based system permissions and adjustments at an electronic device |
US20100186072A1 (en) | 2009-01-21 | 2010-07-22 | Akshay Kumar | Distributed secure telework |
US8284043B2 (en) | 2009-01-23 | 2012-10-09 | Honeywell International Inc. | Method of formulating response to expired timer for data link message |
US8590021B2 (en) | 2009-01-23 | 2013-11-19 | Microsoft Corporation | Passive security enforcement |
EP2485453B1 (en) | 2009-02-19 | 2016-04-20 | SecureKey Technologies Inc. | Method for online authentication |
US9015789B2 (en) | 2009-03-17 | 2015-04-21 | Sophos Limited | Computer security lock down methods |
US8539241B2 (en) * | 2009-03-25 | 2013-09-17 | Pacid Technologies, Llc | Method and system for securing communication |
US8291468B1 (en) | 2009-03-30 | 2012-10-16 | Juniper Networks, Inc. | Translating authorization information within computer networks |
US9105027B2 (en) | 2009-05-15 | 2015-08-11 | Visa International Service Association | Verification of portable consumer device for secure services |
US20100325684A1 (en) | 2009-06-17 | 2010-12-23 | Microsoft Corporation | Role-based security for messaging administration and management |
KR20100137655A (ko) | 2009-06-23 | 2010-12-31 | 삼성전자주식회사 | 전자 프로그램 가이드를 표시하는 방법 및 이를 위한 장치 |
US8452960B2 (en) | 2009-06-23 | 2013-05-28 | Netauthority, Inc. | System and method for content delivery |
WO2011017099A2 (en) | 2009-07-27 | 2011-02-10 | Suridx, Inc. | Secure communication using asymmetric cryptography and light-weight certificates |
US7865937B1 (en) | 2009-08-05 | 2011-01-04 | Daon Holdings Limited | Methods and systems for authenticating users |
US8756661B2 (en) | 2009-08-24 | 2014-06-17 | Ufp Identity, Inc. | Dynamic user authentication for access to online services |
US8429404B2 (en) | 2009-09-30 | 2013-04-23 | Intel Corporation | Method and system for secure communications on a managed network |
IL201351A0 (en) | 2009-10-01 | 2010-05-31 | Michael Feldbau | Device and method for electronic signature via proxy |
US20110083018A1 (en) | 2009-10-06 | 2011-04-07 | Validity Sensors, Inc. | Secure User Authentication |
US8719905B2 (en) | 2010-04-26 | 2014-05-06 | Authentify Inc. | Secure and efficient login and transaction authentication using IPhones™ and other smart mobile communication devices |
US8769784B2 (en) | 2009-11-02 | 2014-07-08 | Authentify, Inc. | Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones |
US8713325B2 (en) | 2011-04-19 | 2014-04-29 | Authentify Inc. | Key management using quasi out of band authentication architecture |
US8621460B2 (en) | 2009-11-02 | 2013-12-31 | International Business Machines Corporation | Endpoint-hosted hypervisor management |
KR20110048974A (ko) | 2009-11-04 | 2011-05-12 | 삼성전자주식회사 | 무선통신 시스템에서 마스터 세션 키를 갱신하기 위한 장치 및 방법 |
US8949978B1 (en) | 2010-01-06 | 2015-02-03 | Trend Micro Inc. | Efficient web threat protection |
KR101434769B1 (ko) | 2010-01-22 | 2014-08-27 | 인터디지탈 패튼 홀딩스, 인크 | 신뢰적인 연합 아이덴티티 관리 및 데이터 액세스 인가를 위한 방법 및 장치 |
US9070146B2 (en) | 2010-02-04 | 2015-06-30 | Playspan Inc. | Method and system for authenticating online transactions |
WO2011094869A1 (en) | 2010-02-05 | 2011-08-11 | Lipso Systèmes Inc. | Secure authentication system and method |
EP2545676B1 (en) | 2010-03-08 | 2018-12-05 | Gemalto SA | System and method for using a portable security device to cryptographically sign a document in response to signature requests from a relying party to a digital signature service |
US8930713B2 (en) | 2010-03-10 | 2015-01-06 | Dell Products L.P. | System and method for general purpose encryption of data |
JP2011199458A (ja) | 2010-03-18 | 2011-10-06 | Brother Industries Ltd | 無線通信システム |
CN102196407B (zh) | 2010-03-18 | 2015-09-16 | 中兴通讯股份有限公司 | 锚定鉴权器重定位方法及*** |
US8826030B2 (en) | 2010-03-22 | 2014-09-02 | Daon Holdings Limited | Methods and systems for authenticating users |
US9171306B1 (en) | 2010-03-29 | 2015-10-27 | Bank Of America Corporation | Risk-based transaction authentication |
WO2011123692A2 (en) | 2010-03-31 | 2011-10-06 | Orsini Rick L | Systems and methods for securing data in motion |
US9356916B2 (en) | 2010-04-30 | 2016-05-31 | T-Central, Inc. | System and method to use a cloud-based platform supported by an API to authenticate remote users and to provide PKI- and PMI-based distributed locking of content and distributed unlocking of protected content |
US8926335B2 (en) | 2010-05-12 | 2015-01-06 | Verificient Technologies, Inc. | System and method for remote test administration and monitoring |
US8973125B2 (en) | 2010-05-28 | 2015-03-03 | Alcatel Lucent | Application layer authentication in packet networks |
US20110314549A1 (en) | 2010-06-16 | 2011-12-22 | Fujitsu Limited | Method and apparatus for periodic context-aware authentication |
US8832461B2 (en) | 2010-06-25 | 2014-09-09 | Microsoft Corporation | Trusted sensors |
CN102959558B (zh) | 2010-07-08 | 2018-12-14 | 惠普发展公司,有限责任合伙企业 | 用于文档策略实施的***和方法 |
US8412158B2 (en) | 2010-08-17 | 2013-04-02 | Qualcomm Incorporated | Mobile device having increased security that is less obtrusive |
EP2424185B1 (en) | 2010-08-23 | 2014-10-22 | 3M Innovative Properties Co. | Method and device for challenge-response authentication |
US8590014B1 (en) | 2010-09-13 | 2013-11-19 | Zynga Inc. | Network application security utilizing network-provided identities |
US9183683B2 (en) | 2010-09-28 | 2015-11-10 | Sony Computer Entertainment Inc. | Method and system for access to secure resources |
US20120084562A1 (en) | 2010-10-04 | 2012-04-05 | Ralph Rabert Farina | Methods and systems for updating a secure boot device using cryptographically secured communications across unsecured networks |
US8566915B2 (en) | 2010-10-22 | 2013-10-22 | Microsoft Corporation | Mixed-mode authentication |
US8904472B2 (en) | 2010-11-12 | 2014-12-02 | Riaz Ahmed SHAIKH | Validation of consistency and completeness of access control policy sets |
BR112013012964A2 (pt) | 2010-11-24 | 2016-08-23 | Telefonica Sa | método para autorizar o acesso a conteúdo protegido |
US8555355B2 (en) | 2010-12-07 | 2013-10-08 | Verizon Patent And Licensing Inc. | Mobile pin pad |
US8955035B2 (en) | 2010-12-16 | 2015-02-10 | Microsoft Corporation | Anonymous principals for policy languages |
US8549145B2 (en) | 2011-02-08 | 2013-10-01 | Aventura Hq, Inc. | Pre-access location-based rule initiation in a virtual computing environment |
US8595507B2 (en) | 2011-02-16 | 2013-11-26 | Novell, Inc. | Client-based authentication |
US20130144785A1 (en) | 2011-03-29 | 2013-06-06 | Igor Karpenko | Social network payment authentication apparatuses, methods and systems |
US8810368B2 (en) | 2011-03-29 | 2014-08-19 | Nokia Corporation | Method and apparatus for providing biometric authentication using distributed computations |
US9092605B2 (en) | 2011-04-11 | 2015-07-28 | NSS Lab Works LLC | Ongoing authentication and access control with network access device |
US8584224B1 (en) | 2011-04-13 | 2013-11-12 | Symantec Corporation | Ticket based strong authentication with web service |
US9600679B2 (en) | 2011-04-29 | 2017-03-21 | Micro Focus Software Inc. | Techniques for resource operation based on usage, sharing, and recommendations with modular authentication |
US9646261B2 (en) | 2011-05-10 | 2017-05-09 | Nymi Inc. | Enabling continuous or instantaneous identity recognition of a large group of people based on physiological biometric signals obtained from members of a small group of people |
US8839395B2 (en) | 2011-05-13 | 2014-09-16 | Cch Incorporated | Single sign-on between applications |
US8561152B2 (en) | 2011-05-17 | 2013-10-15 | Microsoft Corporation | Target-based access check independent of access request |
US9118667B2 (en) | 2011-06-03 | 2015-08-25 | Blackberry Limited | System and method for accessing private networks |
US8843649B2 (en) | 2011-06-07 | 2014-09-23 | Microsoft Corporation | Establishment of a pairing relationship between two or more communication devices |
US20120313746A1 (en) | 2011-06-10 | 2012-12-13 | Aliphcom | Device control using sensory input |
US8800056B2 (en) | 2011-08-12 | 2014-08-05 | Palo Alto Research Center Incorporated | Guided implicit authentication |
US8713314B2 (en) | 2011-08-30 | 2014-04-29 | Comcast Cable Communications, Llc | Reoccuring keying system |
US8590018B2 (en) | 2011-09-08 | 2013-11-19 | International Business Machines Corporation | Transaction authentication management system with multiple authentication levels |
US8838982B2 (en) | 2011-09-21 | 2014-09-16 | Visa International Service Association | Systems and methods to secure user identification |
US20130133054A1 (en) | 2011-09-24 | 2013-05-23 | Marc E. Davis | Relationship Based Trust Verification Schema |
US9621404B2 (en) | 2011-09-24 | 2017-04-11 | Elwha Llc | Behavioral fingerprinting with social networking |
US9965614B2 (en) | 2011-09-29 | 2018-05-08 | Oracle International Corporation | Mobile application, resource management advice |
US20130090939A1 (en) | 2011-10-11 | 2013-04-11 | Robert N. Robinson | Sytem and method for preventing healthcare fraud |
US9043480B2 (en) | 2011-10-11 | 2015-05-26 | Citrix Systems, Inc. | Policy-based application management |
US9021565B2 (en) | 2011-10-13 | 2015-04-28 | At&T Intellectual Property I, L.P. | Authentication techniques utilizing a computing device |
WO2013059464A1 (en) | 2011-10-18 | 2013-04-25 | Google Inc. | Context-dependent authentication |
WO2013058781A1 (en) | 2011-10-18 | 2013-04-25 | Intel Corporation | Methods, systems and apparatus to facilitate client-based authentication |
CA2851691C (en) | 2011-10-31 | 2016-11-29 | Money And Data Protection Lizenz Gmbh & Co. Kg | Authentication method |
RU154072U1 (ru) | 2011-11-14 | 2015-08-10 | Васко Дэйта Секьюрити Интернэшнл Гмбх | Средство чтения смарт-карты с безопасной функцией журналирования |
US8607319B2 (en) | 2011-11-22 | 2013-12-10 | Daon Holdings Limited | Methods and systems for determining biometric data for use in authentication transactions |
WO2013082190A1 (en) | 2011-11-28 | 2013-06-06 | Visa International Service Association | Transaction security graduated seasoning and risk shifting apparatuses, methods and systems |
US8863297B2 (en) | 2012-01-06 | 2014-10-14 | Mobile Iron, Inc. | Secure virtual file management system |
US8958599B1 (en) | 2012-01-06 | 2015-02-17 | Google Inc. | Input method and system based on ambient glints |
EP3697110A1 (en) | 2012-01-08 | 2020-08-19 | ImagiStar LLC | Portable item containers which identify missing and/or extra container contents |
BR112014019937A8 (pt) | 2012-02-14 | 2017-07-11 | Apple Inc | Método e aparelho para distribuição em grande escala de clientes de acesso eletrônico |
WO2013123548A2 (en) | 2012-02-20 | 2013-08-29 | Lock Box Pty Ltd. | Cryptographic method and system |
US20130239173A1 (en) | 2012-03-12 | 2013-09-12 | Stephen T. Dispensa | Computer program and method for administering secure transactions using secondary authentication |
CN104205722B (zh) | 2012-03-28 | 2018-05-01 | 英特尔公司 | 基于设备验证的有条件的有限服务授权 |
US8990948B2 (en) | 2012-05-01 | 2015-03-24 | Taasera, Inc. | Systems and methods for orchestrating runtime operational integrity |
US9130837B2 (en) | 2012-05-22 | 2015-09-08 | Cisco Technology, Inc. | System and method for enabling unconfigured devices to join an autonomic network in a secure manner |
US20140007215A1 (en) | 2012-06-15 | 2014-01-02 | Lockheed Martin Corporation | Mobile applications platform |
US20130346176A1 (en) | 2012-06-20 | 2013-12-26 | Zachery Alolabi | System and method for payment incentivizing |
US20140013422A1 (en) | 2012-07-03 | 2014-01-09 | Scott Janus | Continuous Multi-factor Authentication |
TW201417598A (zh) | 2012-07-13 | 2014-05-01 | Interdigital Patent Holdings | 安全性關聯特性 |
US10771448B2 (en) | 2012-08-10 | 2020-09-08 | Cryptography Research, Inc. | Secure feature and key management in integrated circuits |
US9088891B2 (en) | 2012-08-13 | 2015-07-21 | Wells Fargo Bank, N.A. | Wireless multi-factor authentication with captive portals |
US9867043B2 (en) | 2012-08-28 | 2018-01-09 | Visa International Service Association | Secure device service enrollment |
US8955067B2 (en) | 2012-09-12 | 2015-02-10 | Capital One, Na | System and method for providing controlled application programming interface security |
US9215249B2 (en) | 2012-09-29 | 2015-12-15 | Intel Corporation | Systems and methods for distributed trust computing and key management |
US9172544B2 (en) | 2012-10-05 | 2015-10-27 | General Electric Company | Systems and methods for authentication between networked devices |
US20140250523A1 (en) | 2012-10-11 | 2014-09-04 | Carnegie Mellon University | Continuous Authentication, and Methods, Systems, and Software Therefor |
US8910239B2 (en) | 2012-10-15 | 2014-12-09 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
US9176838B2 (en) | 2012-10-19 | 2015-11-03 | Intel Corporation | Encrypted data inspection in a network environment |
US8584219B1 (en) | 2012-11-07 | 2013-11-12 | Fmr Llc | Risk adjusted, multifactor authentication |
US9166962B2 (en) | 2012-11-14 | 2015-10-20 | Blackberry Limited | Mobile communications device providing heuristic security authentication features and related methods |
US8935808B2 (en) | 2012-12-18 | 2015-01-13 | Bank Of America Corporation | Identity attribute exchange and validation broker |
US9219732B2 (en) | 2012-12-28 | 2015-12-22 | Nok Nok Labs, Inc. | System and method for processing random challenges within an authentication framework |
EP2939166B1 (en) * | 2012-12-28 | 2020-11-11 | Nok Nok Labs, Inc. | Query system and method to determine authentication capabilities |
US9172687B2 (en) | 2012-12-28 | 2015-10-27 | Nok Nok Labs, Inc. | Query system and method to determine authentication capabilities |
US9083689B2 (en) * | 2012-12-28 | 2015-07-14 | Nok Nok Labs, Inc. | System and method for implementing privacy classes within an authentication framework |
US20140189835A1 (en) | 2012-12-28 | 2014-07-03 | Pitney Bowes Inc. | Systems and methods for efficient authentication of users |
US9374369B2 (en) | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
US9306754B2 (en) | 2012-12-28 | 2016-04-05 | Nok Nok Labs, Inc. | System and method for implementing transaction signing within an authentication framework |
US8856541B1 (en) | 2013-01-10 | 2014-10-07 | Google Inc. | Liveness detection |
US9143506B2 (en) | 2013-02-13 | 2015-09-22 | Daniel Duncan | Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information |
JP6069039B2 (ja) | 2013-03-11 | 2017-01-25 | 日立オートモティブシステムズ株式会社 | ゲートウェイ装置及びサービス提供システム |
EP2973164B1 (en) | 2013-03-15 | 2019-01-30 | Intel Corporation | Technologies for secure storage and use of biometric authentication information |
US20140282868A1 (en) | 2013-03-15 | 2014-09-18 | Micah Sheller | Method And Apparatus To Effect Re-Authentication |
US9367676B2 (en) | 2013-03-22 | 2016-06-14 | Nok Nok Labs, Inc. | System and method for confirming location using supplemental sensor and/or location data |
US10270748B2 (en) | 2013-03-22 | 2019-04-23 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
WO2014176539A1 (en) | 2013-04-26 | 2014-10-30 | Interdigital Patent Holdings, Inc. | Multi-factor authentication to achieve required authentication assurance level |
US8646060B1 (en) | 2013-07-30 | 2014-02-04 | Mourad Ben Ayed | Method for adaptive authentication using a mobile device |
US10366391B2 (en) | 2013-08-06 | 2019-07-30 | Visa International Services Association | Variable authentication process and system |
US20150142628A1 (en) | 2013-11-20 | 2015-05-21 | Bank Of America Corporation | Detecting structured transactions |
US20150180869A1 (en) | 2013-12-23 | 2015-06-25 | Samsung Electronics Company, Ltd. | Cloud-based scalable authentication for electronic devices |
WO2015130734A1 (en) * | 2014-02-25 | 2015-09-03 | Uab Research Foundation | Two-factor authentication systems and methods |
US9652354B2 (en) | 2014-03-18 | 2017-05-16 | Microsoft Technology Licensing, Llc. | Unsupervised anomaly detection for arbitrary time series |
US9654463B2 (en) | 2014-05-20 | 2017-05-16 | Airwatch Llc | Application specific certificate management |
US9992207B2 (en) | 2014-09-23 | 2018-06-05 | Qualcomm Incorporated | Scalable authentication process selection based upon sensor inputs |
US10387882B2 (en) | 2015-07-01 | 2019-08-20 | Klarna Ab | Method for using supervised model with physical store |
-
2014
- 2014-07-31 US US14/448,747 patent/US9749131B2/en active Active
-
2015
- 2015-07-30 KR KR1020177003449A patent/KR102408761B1/ko active IP Right Grant
- 2015-07-30 WO PCT/US2015/042870 patent/WO2016019127A1/en active Application Filing
- 2015-07-30 EP EP15826660.1A patent/EP3175380B1/en active Active
- 2015-07-30 CN CN201580040813.6A patent/CN106575326B/zh active Active
- 2015-07-30 JP JP2017505072A patent/JP6803326B2/ja active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070278291A1 (en) * | 2005-12-22 | 2007-12-06 | Rans Jean-Paul E | Methods and Systems for Two-Factor Authentication Using Contactless Chip Cards or Devices and Mobile Devices or Dedicated Personal Readers |
CN101410847A (zh) * | 2006-06-30 | 2009-04-15 | 国际商业机器公司 | 在移动设备处的消息处理 |
US20090138727A1 (en) * | 2007-11-28 | 2009-05-28 | Hitachi Global Storage Technologies Netherlands B.V. | Challenge And Response Access Control Providing Data Security In Data Storage Devices |
CN102763114A (zh) * | 2010-02-16 | 2012-10-31 | 诺基亚公司 | 用于使用pcr重用和现有基础架构提供证明的方法和装置 |
US20110219427A1 (en) * | 2010-03-04 | 2011-09-08 | RSSBus, Inc. | Smart Device User Authentication |
CN103460738A (zh) * | 2011-03-23 | 2013-12-18 | 交互数字专利控股公司 | 用于使网络通信安全的***和方法 |
US20130326213A1 (en) * | 2012-06-04 | 2013-12-05 | Private Giant | Method and system for automatic generation of context-aware cover message |
US20140189350A1 (en) * | 2012-12-28 | 2014-07-03 | Davit Baghdasaryan | System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices |
Non-Patent Citations (1)
Title |
---|
GUENTHER STARNBERGER等: "QT-TAN:Secure Moblie Transaction Authentication", 《2009 INTERNATIONAL CONFERENCE ON AVAILABILITY AND SECURITY》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881153A (zh) * | 2017-05-10 | 2018-11-23 | 周宏建 | 用于登入的认证方法 |
CN108881153B (zh) * | 2017-05-10 | 2021-06-08 | 周宏建 | 用于登入的认证方法 |
US12041039B2 (en) | 2019-02-28 | 2024-07-16 | Nok Nok Labs, Inc. | System and method for endorsing a new authenticator |
CN113711560A (zh) * | 2019-03-29 | 2021-11-26 | 诺克诺克实验公司 | 用于有效质询-响应验证的***和方法 |
US20220109569A1 (en) * | 2020-10-02 | 2022-04-07 | Nvidia Corporation | Token-based zero-touch enrollment for provisioning edge computing applications |
US11563579B2 (en) * | 2020-10-02 | 2023-01-24 | Nvidia Corporation | Token-based zero-touch enrollment for provisioning edge computing applications |
Also Published As
Publication number | Publication date |
---|---|
EP3175380A4 (en) | 2017-12-20 |
CN106575326B (zh) | 2021-03-02 |
JP6803326B2 (ja) | 2020-12-23 |
EP3175380A1 (en) | 2017-06-07 |
KR20170043520A (ko) | 2017-04-21 |
KR102408761B1 (ko) | 2022-06-13 |
WO2016019127A1 (en) | 2016-02-04 |
JP2017528056A (ja) | 2017-09-21 |
EP3175380B1 (en) | 2020-09-30 |
US20170111170A1 (en) | 2017-04-20 |
US9749131B2 (en) | 2017-08-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106575326A (zh) | 利用非对称加密实施一次性密码的***和方法 | |
JP7346426B2 (ja) | 検証可能なクレームをバインドするシステム及び方法 | |
JP7308180B2 (ja) | 高度な認証技術及びその応用 | |
JP7391860B2 (ja) | トランザクション確認及び暗号通貨のためのセキュアな鍵記憶装置の拡張 | |
CN106664208B (zh) | 使用安全传输协议建立信任的***和方法 | |
ES2951585T3 (es) | Autenticación de transacciones usando un identificador de dispositivo móvil | |
EP3138265B1 (en) | Enhanced security for registration of authentication devices | |
CN106575281B (zh) | 用于实施托管的验证服务的***和方法 | |
CN106575401A (zh) | 用于使用数据分析执行验证的***和方法 | |
CN107111478A (zh) | 用于在网络架构内集成验证服务的***和方法 | |
CN106575416A (zh) | 用于向装置验证客户端的***和方法 | |
JP2009510644A (ja) | 安全な認証のための方法及び構成 | |
JP2022527798A (ja) | 効率的なチャレンジ応答認証のためのシステム及び方法 | |
KR20160008012A (ko) | 휴대단말기에서의 사용자 인증방법 | |
Kreshan | THREE-FACTOR AUTHENTICATION USING SMART PHONE |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1236636 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |