公开(公告)号：US20170310681A1

公开(公告)日：2017-10-26

申请号：US15595542

申请日：2017-05-15

Applicant: Certicom Corp.

Inventor： Marinus Struik

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/1441 ,  H04L63/20

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

公开(公告)号：US09678896B2

公开(公告)日：2017-06-13

申请号：US14922962

申请日：2015-10-26

Applicant: Certicom Corp.

Inventor： Daniel Francis O'Loughlin ,  Keelan Smith ,  Jay Scott Fuller ,  William Lundy Lattin ,  Marinus Struik ,  Yuri Poeluev ,  Matthew John Campagna ,  Thomas Rudolf Stiemerling ,  Wei Cheng Joseph Ku

IPC: G06F21/00 ,  G06F12/14 ,  G06F21/57 ,  G06F21/72 ,  G06F21/73 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  G06F21/12 ,  G06F21/76 ,  G06F21/60 ,  G06F21/80

CPC classification number: G06F12/1408 ,  G06F21/123 ,  G06F21/57 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/76 ,  G06F21/80 ,  G06F2212/1052 ,  G06F2221/2101 ,  H04L9/0877 ,  H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/24

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

公开(公告)号：US20170118014A1

公开(公告)日：2017-04-27

申请号：US14935238

申请日：2015-11-06

Applicant: BlackBerry Limited ,  Certicom Corp.

Inventor： Roger Paul Bowman ,  Catalin Visinescu ,  Ming Chee Tsang ,  Daniel Richard L. Brown ,  Ravi Singh ,  Thomas Stiemerling

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/0825 ,  G06F21/33 ,  G06F21/53 ,  G06F21/57 ,  H04L9/30 ,  H04L9/3268 ,  H04L63/0823 ,  H04L63/0876 ,  H04L2209/80 ,  H04W12/00 ,  H04W12/06

Abstract: Systems, methods, and software can be used to provide security assurance information. In some aspects, a certificate request for a client process on a mobile device is received. A security assurance character for the client process is determined. Whether to grant the certificate request is determined based on the determined security assurance character. In response to determining to grant the certificate request, a certificate is generated.

公开(公告)号：US09594896B2

公开(公告)日：2017-03-14

申请号：US13723429

申请日：2012-12-21

Applicant: Certicom Corp.

Inventor： Anthony Rosati

IPC: G06F12/14 ,  G06F21/44 ,  G06F21/35 ,  G07C9/00 ,  H04W4/00 ,  H04W12/06 ,  H04L29/06

CPC classification number: G06F21/44 ,  G06F21/35 ,  G07C9/00174 ,  G07C9/00309 ,  G07C2009/0042 ,  G07C2209/14 ,  H04L63/0492 ,  H04L2463/082 ,  H04W4/80 ,  H04W12/06

Abstract: There is provided a method and apparatus for communications using short range communications such as Near Field Communications (NFC). A mobile device comprising an NFC subsystem provides a dynamic credential for use to login to a network requiring two factor authentication. A terminal used for logging in to the network is associated with an NFC reader, and bringing the NFC device in proximity to the NFC reader provides the terminal with the dynamic credential required for two factor authentication.

Abstract translation: 提供了一种使用短距离通信的通信方法和装置，例如近场通信（NFC）。 包括NFC子系统的移动设备提供用于登录到需要双因素认证的网络的动态凭证。 用于登录网络的终端与NFC读取器相关联，并且使NFC设备接近NFC读取器为终端提供双因素认证所需的动态凭证。

公开(公告)号：US20160261574A1

公开(公告)日：2016-09-08

申请号：US15152250

申请日：2016-05-11

Applicant: Certicom Corp.

Inventor： Scott Alexander Vanstone ,  Marinus Struik

IPC: H04L29/06

CPC classification number: H04L63/065 ,  H04L9/00 ,  H04L9/006 ,  H04L9/08 ,  H04L9/0833 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/0471 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/104 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

Abstract: A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device's membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.

公开(公告)号：US20160087789A1

公开(公告)日：2016-03-24

申请号：US14714401

申请日：2015-05-18

Applicant: Certicom Corp.

Inventor： Marinus Struik

IPC: H04L9/06 ,  H04L29/06

CPC classification number: H04L9/0618 ,  H04L9/00 ,  H04L63/0428 ,  H04L63/08 ,  H04L2209/24

Abstract: A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used.

Abstract translation: 一种用于将数据格式化以传输给另一方的方法，包括在数据中包含指示不存在用于发送者的认证的数据的标志的步骤。 还包括认证标签长度以允许使用可变长度标签。

公开(公告)号：US20160044496A1

公开(公告)日：2016-02-11

申请号：US14921299

申请日：2015-10-23

Applicant: BlackBerry Limited ,  Certicom Corp.

Inventor： Jean-Philippe Paul Cormier ,  David Philip Hole ,  Nicholas James Russell ,  Daniel Francis O'Loughlin

IPC: H04W8/20 ,  H04W8/18

CPC classification number: H04W8/205 ,  H04L9/3268 ,  H04L63/0823 ,  H04L2209/80 ,  H04W8/183 ,  H04W12/06 ,  H04W88/02

Abstract: Techniques for use in transferring an assignment of a secure chip of a wireless device from a current subscription manager (SM) of a current mobile network operator (MNO) to a new SM of a new MNO are described. In one illustrative example, the current SM receives a request for transferring the assignment and produces transfer permission data in response. The transfer permission data includes an identifier of the secure chip, an identifier of the current SM, and a digital signature of the current SM. The current SM then sends to the secure chip a transfer permission message which includes the transfer permission data. The transfer permission data indicates a permission for the secure chip to transfer the assignment from the current SM to the new SM. Additional techniques are performed by the secure chip, and the new SM, as described.

Abstract translation: 描述了用于将无线设备的安全芯片的分配从当前移动网络运营商（MNO）的当前订阅管理器（SM）传送到新的MNO的新SM的技术。 在一个说明性示例中，当前SM接收到传送分配的请求，并作为响应产生传送许可数据。 传输许可数据包括安全芯片的标识符，当前SM的标识符和当前SM的数字签名。 当前的SM然后向安全芯片发送包括传输许可数据的传输许可消息。 传输许可数据指示安全芯片允许从当前SM传送分配到新的SM。 附加技术由安全芯片和新SM执行，如所述。

公开(公告)号：US09246900B2

公开(公告)日：2016-01-26

申请号：US14252527

申请日：2014-04-14

Applicant: CERTICOM CORP.

Inventor： Matthew John Campagna ,  Robert John Lambert ,  James Robert Alfred

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  G06F17/30 ,  H04W12/04

CPC classification number: H04L63/08 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/0861 ,  H04L9/3066 ,  H04L9/3236 ,  H04L9/3263 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04W12/04

Abstract: A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Abstract translation: 公开了一种用于使用单个凭证请求（例如，注册公钥或ECQV证书）在具有多个可信证书机构CA实体和一个或多个订户实体A的安全数字通信系统中获得多个凭证的方法和装置 以这种方式，可以通过利用单个注册公钥或隐式证书作为向一个或多个CA实体的凭证请求来获得附加证书来将实体A提供给多个PKI网络，其中每个附加证书可以用于导出附加公共 实体A的密钥 - 私钥对。

公开(公告)号：US09183158B2

公开(公告)日：2015-11-10

申请号：US14141230

申请日：2013-12-26

Applicant: Certicom Corp.

Inventor： Daniel Francis O'Loughlin ,  Keelan Smith ,  Jay Scott Fuller ,  William Lundy Lattin ,  Marinus Struik ,  Yuri Poeluev ,  Matthew John Campagna ,  Thomas Rudolf Stiemerling ,  Weicheng Joseph Ku

IPC: H04L9/00 ,  G06F21/00 ,  G06F12/14 ,  G06F21/57 ,  G06F21/72 ,  G06F21/73 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  G06F21/12 ,  G06F21/76

CPC classification number: G06F12/1408 ,  G06F21/123 ,  G06F21/57 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/76 ,  G06F21/80 ,  G06F2212/1052 ,  G06F2221/2101 ,  H04L9/0877 ,  H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/24

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract translation: 提供资产管理系统，其中包括作为资产控制核心运行的硬件模块。 资产控制核心通常包括嵌入在目标片上系统中的小型硬件核心，其在硅芯片上建立基于硬件的信任点。 资产控制核心可以作为消费者设备的信任根源，具有使其难以篡改的特征。 资产控制核心能够为一个设备生成唯一的标识符，并通过与设备的安全通信通道参与设备的跟踪和配置。 该设备通常包括一个安全模块，它将配置数据高速缓存并分配给连接到资产控制核心的许多代理之一，例如， 在生产线上或在售后市场的程序设计会议。

公开(公告)号：US20150319164A1

公开(公告)日：2015-11-05

申请号：US14799392

申请日：2015-07-14

Applicant: Certicom Corp.

Inventor： Matthew John Campagna ,  Daniel Richard L. Brown ,  Gregory Marc Zaverucha

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0823 ,  H04L9/0847 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/08 ,  H04L63/126 ,  H04L63/166 ,  H04L63/18 ,  H04L67/14

Abstract: A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation.

Abstract translation: 提供了一种用于使客户端设备能够连接到网络的系统和方法。 该方法包括：经由与网络不同的通信信道获得授权码，与客户端设备对应的授权码; 并且在检测到客户端设备发起安全协商协议之后，在至少一个安全协商操作中使用授权码。