公开(公告)号：EP3205046A4

公开(公告)日：2018-07-18

申请号：EP15848645

申请日：2015-09-22

申请人： MICRON TECHNOLOGY INC

发明人： DOVER LANCE

IPC分类号： H04L9/08 ,  G06F21/57 ,  H04L9/00 ,  H04L9/06 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/0428 ,  G06F21/575 ,  H04L9/006 ,  H04L9/0625 ,  H04L9/0631 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/0844 ,  H04L9/321 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/061 ,  H04L63/0876

摘要： Systems and methods used to securely communicate a shared key to devices. One embodiment describes a method to securely communicate a shared key to a first device and a second device that includes receiving, using the first device, a shared key and unique identifier pairing associated with the first device from a key generator; receiving, using a trusted third party, the shared key and unique identifier pairing from the key generator; generating, using the first device, a signature using the unique identifier and the shared key; transmitting, using the first device, the signature and the unique identifier to the trusted third party; verifying, using the trusted third party, the unique identifier based on the signature; determining, using the trusted third party, the shared key when the unique identifier is verified; and transmitting, using the trusted third party, the shared key to the second device to enable the first device and the second device to communicate securely by encoding and decoding communicated data using the shared key.

公开(公告)号：EP3342136A1

公开(公告)日：2018-07-04

申请号：EP16757797.2

申请日：2016-08-17

申请人： PCMS Holdings, Inc.

发明人： EVESTI, Antti V.P. ,  OLLI, Pia E. ,  SAVOLAINEN, Pekka P.

IPC分类号： H04L29/08 ,  H04W4/00 ,  H04L29/06 ,  H04W12/08

CPC分类号： H04L63/0876 ,  H04L63/10 ,  H04L67/12 ,  H04W4/70 ,  H04W8/24 ,  H04W12/08 ,  H04W48/16 ,  H04W60/005 ,  H04W88/06

摘要： Methods, apparatus, and systems for automatically determining the access rights to be granted to a telecommunication device to the assets in a first network as a function of the access rights previously granted to that same device in another network.

公开(公告)号：EP3207451A4

公开(公告)日：2018-07-04

申请号：EP15849954

申请日：2015-10-19

申请人： AVERON US INC

发明人： BROWN WENDELL

IPC分类号： H04L29/06 ,  G06F7/04 ,  G06F21/31 ,  H04L9/32

CPC分类号： H04L63/0861 ,  G06F17/30867 ,  G06F17/30914 ,  G06F21/316 ,  H04L9/3239 ,  H04L63/0876

摘要： In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server. In some embodiments, a digital fingerprint verification service verifies the set of digital fingerprints by determining whether they match any of a stored set of digital fingerprints representing a group of previously verified users.

公开(公告)号：EP3337126A1

公开(公告)日：2018-06-20

申请号：EP17206798.5

申请日：2017-12-12

申请人： NXP B.V.

发明人： WALRANT, Thierry G.C.

IPC分类号： H04L29/06 ,  H04L12/40

CPC分类号： H04L9/0891 ,  H04L9/0833 ,  H04L9/0861 ,  H04L9/30 ,  H04L9/321 ,  H04L9/3213 ,  H04L9/3247 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/101 ,  H04L63/12 ,  H04L63/126 ,  H04L2012/40215 ,  H04W12/06 ,  H04W12/12

摘要： A method and system of legitimacy verification a node in a distributed network is provided. The distributed network comprises a plurality of nodes connected to a shared medium of the distributed network. Each of the plurality of nodes is provisioned with an identity certificate comprising a public key, a private key associated with the public key and an identification sequence. The identification sequence is unique to the system comprising the distributed network. A second node of the plurality of nodes generates a node authenticity related information for authenticating at a first node of the plurality of nodes. The node authenticity related information comprises a signature generated using the private key of the second node from a sequence, which comprises the identification sequence. The second node transmits the node authenticity related information together with the identity certificate provisioned at the second node to the first node. The first node is enabled to perform an authentication verification using the signature and the public key included in the identity certificate comprised in the receive request and the identification sequence, with which the first node is provisioned

公开(公告)号：EP3337119A1

公开(公告)日：2018-06-20

申请号：EP16203906.9

申请日：2016-12-13

申请人： NXP B.V.

发明人： WALRANT, Thierry G.C.

IPC分类号： H04L29/06

CPC分类号： H04L9/0891 ,  H04L9/0833 ,  H04L9/0861 ,  H04L9/30 ,  H04L9/321 ,  H04L9/3213 ,  H04L9/3247 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/101 ,  H04L63/12 ,  H04L63/126 ,  H04L2012/40215 ,  H04W12/06 ,  H04W12/12

摘要： A network node and a method of updating and distributing secret keys in a distributed network is suggested. The network comprises a plurality of nodes connected to a shared medium of the distributed network. Each node of the plurality of nodes is member of at least one group of a plurality of groups. Each group is associated with a secret group key. Each node of the plurality of nodes stores only the one or more secret group keys, of which it is member. A first node of the plurality of nodes generates an authenticated update key request. The authenticated update key request comprises an indication of a membership, of which the first node is member. The first node broadcasts the authenticated update key request on the shared medium of the distributed network. Each remaining nodes of the plurality of nodes receives the authenticated key update. Each remaining nodes perform an authentication verification based on the authenticated key update request. Each remaining nodes match the respective memberships with the indication of a membership of the first node comprised in the authenticated key update request. At each remaining nodes: in case of at least a partial matching of memberships, an authenticated update key request response is generated, which comprises an indication of the membership of the respective remaining node. At each remaining nodes: in case of a partial matching of memberships or a mismatch of the memberships, an authenticated update key request is generated and broadcast on the shared medium of the distributed network. The authenticated update key request comprises an indication of a membership, of which the respective remaining node is member.

公开(公告)号：EP3335144A1

公开(公告)日：2018-06-20

申请号：EP16791490.2

申请日：2016-10-20

申请人： Google LLC

发明人： SHAO, Haidong ,  LIAO, Hongshu ,  GU, Jiexing ,  FEDOR, Jason ,  MALENFANT, Aaron ,  LIU, Ying ,  LIU, Wei

IPC分类号： G06F21/44 ,  G06F21/36 ,  G06F21/40 ,  H04L29/06 ,  H04L9/32 ,  G06F17/30

CPC分类号： G06F21/36 ,  G06F21/40 ,  G06F21/44 ,  G06F2221/2103 ,  G06F2221/2133 ,  G09C5/00 ,  H04L9/3228 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/168

摘要： Systems and methods for screening unauthorized devices are provided. More particularly, a challenge that includes a first set of data can be generated. The challenge can require a browser of a requesting device to perform a browser task with respect to the first set of data to generate a second set of data. The challenge can be provided to the requesting device and a response to the challenge can be received. The response can include the second set of data generated by the browser of the requesting device through performance of the browser task. It can be determined whether the browser of the requesting device is an authorized browser based, at least in part, on the second set of data. Whether or not the requesting device is authorized to access a resource can be based, at least in part, on whether the browser is an authorized browser.

公开(公告)号：EP3334088A1

公开(公告)日：2018-06-13

申请号：EP17194333.5

申请日：2014-03-26

申请人： HUAWEI TECHNOLOGIES CO., LTD.

发明人： ZHAI, Zhengde

IPC分类号： H04L9/32 ,  G06F21/36 ,  G06F21/31 ,  H04L29/06

CPC分类号： G06F21/6218 ,  G06F21/36 ,  G06F2221/032 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/0876

摘要： The present invention relates to the field of terminal technologies and provides a user authentication method and terminal, where the method includes: acquiring an authentication interaction object and an interference interaction object after an authentication request is received, where the authentication interaction object is a real interaction object stored in a terminal, the interference interaction object is a virtual interaction object constructed by the terminal, and the interference interaction object has a similar feature with the authentication interaction object, so as to cause interference to a user when the user is selecting the authentication interaction object; displaying the authentication interaction object and the interference interaction object in an authentication interface for the user to select from; receiving a selection result and determining whether the selection result is the authentication interaction object; and determining, when the selection result is the authentication interaction object, that authentication succeeds. By using the present invention, both an anti-attack capability of a terminal and user experience can be improved.

公开(公告)号：EP3333750A1

公开(公告)日：2018-06-13

申请号：EP16202333.7

申请日：2016-12-06

申请人： Safenet Canada Inc.

发明人： LADEIRA, Leonardo ,  DUNN, Christopher

IPC分类号： G06F21/60 ,  G06F21/72 ,  H04L29/06

CPC分类号： H04L9/3263 ,  G06F21/335 ,  G06F21/725 ,  G06F2221/2115 ,  G06F2221/2151 ,  H04L9/3297 ,  H04L63/0815 ,  H04L63/0823 ,  H04L63/0876 ,  H04L2463/121

摘要： The present invention relates to a method to create, by a service provider (ADM), a trusted pool of security devices (SDi) adapted to perform cryptographic operations in a secure service, comprising the steps of:
for a service provider (ADM), setting up a secure service by allocating a first device (SD1) in the service, setting (S2) the first security device's clock to a reliable time source (UTS), creating (S5) an internal secure-service-object (SSO) defining at least a service clock-instance (SCI) and service-specific cryptographic keys and certificates used to protect communication between a resource owner's security application (App) and a security device (SD) part of the secure service, said secure-service-object (SSO) being maintained by the security device (SD1) internally preventing any service provider from arbitrarily changing it,
when additional security devices (SDi) are required, for the service provider (ADM), adding additional service devices (SDi) to the service through ensuring the two security devices' clocks (Ti) are synchronized by setting (S10) the target service device's clock to an accurate time value (UTS) and defining, in the secure-service-object (SSO), a max-delta-time (MDT) and a max-daily-correction (MDC) per day values limiting the drift between two devices of the pool.

公开(公告)号：EP3329707A1

公开(公告)日：2018-06-06

申请号：EP16748465.8

申请日：2016-08-01

申请人： Interdigital Patent Holdings, Inc.

发明人： REZNIK, Alexander ,  SHAH, Yogendra C.

IPC分类号： H04W12/08 ,  H04W12/06

CPC分类号： H04L63/0876 ,  H04L9/3213 ,  H04W8/18 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08

摘要： Approaches may be used for enabling coordinated identity management between an operator-managed mobile edge platform (MEP) and an external network. A token may be generated in the MEP that may associate a mobile network identity and an external network identity. The token may be negotiated on a per-session basis or on a per-wireless transmit/receive unit (WTRU) identity (WTRU-ID) basis. In an example method performed by a WTRU camped on a small cell network covered by the MEP, an enterprise bring your own device (BYOD) client (EBC) application may establish a secure link with an enterprise BYOD agent (EBA) application running on the MEP using an initial connection procedure. The EBC application may initiate an application-level authentication procedure with an enhanced evolved packet core (EPC) network. The EBC application may generate and provide a token to the EBA application via the established secure link.

公开(公告)号：EP1453271B1

公开(公告)日：2018-05-30

申请号：EP03075617.5

申请日：2003-02-28

申请人： Telefonaktiebolaget LM Ericsson (publ)

发明人： Skog, Robert ,  Stark, Peter

IPC分类号： H04L29/06 ,  G06F1/00 ,  G06F21/31

CPC分类号： H04L63/12 ,  G06F21/31 ,  G06F2221/2129 ,  H04L63/08 ,  H04L63/0876

摘要： In a communication system (1), a header comprising information, preferably being related with a device-type associated commitment, is additionally provided with a signature for that information. The signature guarantees the authenticity of the header information. The signature is tamper-resistantly created in a first device (20), preferably based on at least tamper-resistant device-type specific information of the first device (20). The header information and the signature are communicated to a content provider (10), where the signature is verified before accepting the device-type associated commitment to be valid. Such signatures can preferably be used in systems using HTTP or SMTP.