公开(公告)号：US09727720B2

公开(公告)日：2017-08-08

申请号：US13690996

申请日：2012-11-30

Applicant: Certicom Corp.

Inventor： Robert John Lambert

IPC: G06F21/44 ,  H04L9/32

CPC classification number: G06F21/44 ,  G06F2221/2103 ,  H04L9/3236 ,  H04L9/3271 ,  H04L9/3273

Abstract: Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.

公开(公告)号：US09692591B2

公开(公告)日：2017-06-27

申请号：US14714401

申请日：2015-05-18

Applicant: Certicom Corp.

Inventor： Marinus Struik

IPC: G06F21/00 ,  H04L9/06 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L9/0618 ,  H04L9/00 ,  H04L63/0428 ,  H04L63/08 ,  H04L2209/24

Abstract: A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used.

公开(公告)号：US09621545B2

公开(公告)日：2017-04-11

申请号：US14799392

申请日：2015-07-14

Applicant: Certicom Corp.

Inventor： Matthew John Campagna ,  Daniel Richard L. Brown ,  Gregory Marc Zaverucha

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/08 ,  H04L9/30

CPC classification number: H04L63/0823 ,  H04L9/0847 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/08 ,  H04L63/126 ,  H04L63/166 ,  H04L63/18 ,  H04L67/14

Abstract: A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation.

公开(公告)号：US20170063535A1

公开(公告)日：2017-03-02

申请号：US14691372

申请日：2015-04-20

Applicant: Certicom Corp.

Inventor： Daniel Richard L. Brown

IPC: H04L9/06 ,  H04L9/30

CPC classification number: H04L9/0662 ,  G09C5/00 ,  H04L9/0869 ,  H04L9/3006 ,  H04L9/3066 ,  H04L63/0442 ,  H04L63/126

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, a solution to a puzzle is obtained. A pseudorandom generator is seeded based on the solution. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated. The parameter is generated from the output from the pseudorandom generator.

Abstract translation: 描述用于生成加密功能参数的方法，系统和计算机程序。 在一些示例中，获得难题的解决方案。 基于该解决方案接种伪随机发生器。 在伪随机发生器接种之后，获得来自伪随机发生器的输出。 生成加密功能的参数。 该参数是从伪随机发生器的输出生成的。

公开(公告)号：US20170013022A1

公开(公告)日：2017-01-12

申请号：US15272927

申请日：2016-09-22

Applicant: BlackBerry Limited ,  Certicom Corp.

Inventor： Michael Eoin BUCKLEY ,  Michael Charles HOLLATZ ,  Robert John LAMBERT ,  Nevine Maurice Nassif EBEID

IPC: H04L29/06 ,  H04L9/30 ,  H04L9/32 ,  H04M3/22 ,  H04W12/04 ,  H04W12/06 ,  H04W12/02 ,  H04L29/12 ,  H04L9/08 ,  H04L9/14

CPC classification number: H04L63/306 ,  H04L9/0847 ,  H04L9/14 ,  H04L9/3073 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3297 ,  H04L61/6054 ,  H04L63/0435 ,  H04L63/06 ,  H04L63/0876 ,  H04L2209/80 ,  H04M3/2281 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract translation: 提出了一种用于安全通信的方法，所述方法包括使用私钥，随机数，以及标识符和密钥分量中的至少一个生成签名; 以及发送所述签名，所述随机数，安全参数以及所述标识符和所述密钥组件中的至少一个，其中所述安全参数将用户身份与公钥相关联，所述公钥与所述私钥相关联。

公开(公告)号：US20160344742A1

公开(公告)日：2016-11-24

申请号：US15215187

申请日：2016-07-20

Applicant: Certicom Corp.

Inventor： Marinus STRUIK

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L9/00 ,  H04L9/088 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/123 ,  H04L63/162 ,  H04L63/164 ,  H04W12/02

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract translation: 一种在安全通信系统中进行通信的方法包括以下步骤：在发送器处组装消息，然后确定安全级别，并且包括消息头部中的安全级别的指示。 然后将该消息发送给收件人。

公开(公告)号：US09369290B2

公开(公告)日：2016-06-14

申请号：US13691101

申请日：2012-11-30

Applicant: Certicom Corp.

Inventor： Robert John Lambert

IPC: H04L9/32 ,  H04L9/28

CPC classification number: H04L9/3271 ,  H04L9/28 ,  H04L9/3236 ,  H04L2209/04 ,  H04W12/06

Abstract: Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.

Abstract translation: 本文公开了挑战响应认证协议，包括用于第一设备认证第二设备的系统和方法。 在一个实施例中，以下操作由第一设备执行：（a）向第二设备发送：（i）对应于由第一设备已知的预期响应值的挑战值，以及（ii）隐藏值; （b）从第二设备接收被屏蔽的响应值; （c）从预期响应值和隐藏值获得预期屏蔽响应值; 以及（d）确定预期的屏蔽响应值是否与从第二设备接收到的屏蔽的响应值相匹配。 还公开了从第二设备的角度的操作，在一些实施例中，这些操作包括使用挑战值，隐藏值和第二设备已知的秘密信息来计算被屏蔽的响应值。

公开(公告)号：US09251325B2

公开(公告)日：2016-02-02

申请号：US14083852

申请日：2013-11-19

Applicant: BLACKBERRY LIMITED ,  CERTICOM CORP.

Inventor： Robert J. Lambert ,  Robert H. Wood ,  Brian Lamb

IPC: H04L29/00 ,  G06F21/31 ,  H04L9/32 ,  H04W12/06 ,  G06F21/62

CPC classification number: G06F21/31 ,  G06F21/6209 ,  H04L9/3226 ,  H04L9/3239 ,  H04L2209/38 ,  H04W12/06

Abstract: Methods, systems, and computer programs for verifying a password are disclosed. For example, the password can be verified on a mobile device to control user access to the mobile device. In some implementations, a mobile device includes a user interface, a main processor, and a co-processor. The user interface receives a submitted password value from a user. The main processor calls the co-processor to provide a hash chain input value based on the submitted password value. The main processor evaluates a hash chain based on the hash chain input value provided by the co-processor. Evaluating the hash chain generates a submitted password verification value. The submitted password verification value is compared to a stored password verification value stored on the mobile device. Access to mobile device functionality may be permitted or denied based on a result of the comparison.

Abstract translation: 公开了用于验证密码的方法，系统和计算机程序。 例如，可以在移动设备上验证密码以控制用户对移动设备的访问。 在一些实现中，移动设备包括用户接口，主处理器和协处理器。 用户界面从用户那里接收提交的密码值。 主处理器根据提交的密码值调用协处理器提供散列链输入值。 主处理器基于由协处理器提供的散列链输入值来评估散列链。 评估散列链生成提交的密码验证值。 将提交的密码验证值与存储在移动设备上的存储密码验证值进行比较。 可以基于比较的结果来允许或拒绝对移动设备功能的访问。

公开(公告)号：US20150309921A1

公开(公告)日：2015-10-29

申请号：US14734467

申请日：2015-06-09

Applicant: Certicom Corp.

Inventor： Keelan SMITH ,  Richard Gwynn JONES ,  Chinh Khac NGUYEN ,  Thomas Rudolf STIEMERLING

IPC: G06F11/36 ,  G06F9/44 ,  G06F9/54

CPC classification number: G06F11/3688 ,  G06F8/70 ,  G06F9/54 ,  G06F21/00 ,  G06F21/57 ,  G06Q10/06 ,  G06Q50/04 ,  Y02P90/30

Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.

Abstract translation: 提供了一种资产管理系统，其包括一个或多个控制器，其作为主服务器操作，并且可以位于电子设备制造商的总部，以在任何全球位置远程控制其操作。 控制器可以通过互联网或其他网络进行远程通信，以控制一个或多个辅助或远程服务器，这里称为设备。 电器可以位于不同的制造，测试或分销现场。 控制器和设备包括执行敏感和高可靠性计算的硬件安全模块（HSM），存储诸如私钥的敏感信息，执行其他加密操作，以及在组件之间建立安全连接。 HSM用于在控制器和设备之间以及设备与嵌入在设备中的资产控制核心的安全信任点之间创建安全端点。

公开(公告)号：US20150270975A1

公开(公告)日：2015-09-24

申请号：US14220983

申请日：2014-03-20

Applicant: Certicom Corp. ,  BlackBerry Limited

Inventor： Michael Eoin BUCKLEY ,  Robert John LAMBERT ,  Nevine Maurice Nassif EBEID

IPC: H04L9/32

CPC classification number: H04L9/3252 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/126 ,  H04L63/14 ,  H04W4/12 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract translation: 提供了一种用于安全通信的方法。 该方法包括接收包括消息，计数器值，由签名者签名并且基于消息和计数器值签名的签名以及签名者的指示的通知的计算设备。 设备基于签名人的身份获取当前计数器值，检查签名并将计数器值与当前计数器值进行比较; 并且如果计数器比较和签名检查成功，则接受该消息。