OUT-OF-BAND AUTHENTICATION BASED ON SECURE CHANNEL TO TRUSTED EXECUTION ENVIRONMENT ON CLIENT DEVICE

    公开(公告)号:US20200067922A1

    公开(公告)日:2020-02-27

    申请号:US16270255

    申请日:2019-02-07

    申请人: HYPR Corp.

    IPC分类号: H04L29/06 G06F21/45 H04L9/08

    摘要: Provided is a process that affords out-of-band authentication based on a secure channel to a trusted execution environment on a client device. The authentication process includes one or more authentication steps in addition to verifying any credentials provided by a client device. A notification may be transmitted by a server to a device other than the client device attempting to access the asset. That device may be a mobile device with a trusted execution environment storing user credential information, and the server may store representations of those credentials. The mobile device collects user input credentials and transmits representations for matching the previously stored representations and signed data for verification by the server that received data originated from the mobile device. The access attempt by the client is granted based in part on the result of authenticating the data received from the mobile device in a response to the notification.

    Out-of-band authentication to access web-service with indication of physical access to client device

    公开(公告)号:US12081545B2

    公开(公告)日:2024-09-03

    申请号:US18191399

    申请日:2023-03-28

    申请人: HYPR Corp.

    摘要: Provided is a process that affords out-of-band authentication for confirmation of physical access or when a device utilized for out-of-band authentication lacks connectivity to a network. An asymmetric cryptographic key-pair is established, a first device obtaining a key operable to decrypt data. A remote server obtaining a key operable to encrypt data and associating that key with an identifier of an identity or account associated with a user. An access attempt from the second device is received in association with the identifier of the identity associated with the user. A notification including data encrypted by the encryption key is generated by the remote server and transmitted to the second device. The first device obtains the notification data from the second device and decrypts the data to determine a notification response which is returned to the remote server for verification to permit or deny the access attempt of the second device.

    Device enrollment identity verification

    公开(公告)号:US12041059B1

    公开(公告)日:2024-07-16

    申请号:US18220694

    申请日:2023-07-11

    申请人: HYPR Corp.

    IPC分类号: H04L9/40 H04L9/32 H04W12/06

    摘要: Provided are systems, processes, and methods for identity management, such as the verification of an identity of a user of device for securely onboarding a device remotely and other use cases. A user may access a webpage or obtain a native application on their device with which the user engages to prove their identity to an identity verifier delegated to attest to the identity of the user. A communication session is established between the user and the identity verifier via their respective devices. If the identity verifier attests to the asserted identity of the user, the device of the user may be issued a deep link, code, or other for the establishment or exchange of credential information with an identity management system. Embodiments of such systems may also be used for other instances of identity or device verification.

    FEDERATED IDENTITY MANAGEMENT WITH DECENTRALIZED COMPUTING PLATFORMS

    公开(公告)号:US20230239284A1

    公开(公告)日:2023-07-27

    申请号:US17992900

    申请日:2022-11-22

    申请人: HYPR Corp.

    摘要: Provided is a process that establishes user identities within a decentralized data store, like a blockchain. A user's mobile device may establish credential values within a trusted execution environment of the mobile device. Representations of those credentials may be generated on the mobile device and transmitted for storage in association with an identity of the user established on the blockchain. Similarly, one or more key-pairs may be generated or otherwise used by the mobile device for signatures and signature verification. Private keys may remain resident on the device (or known and input by the user) while corresponding public keys may be stored in associated with the user identity on the blockchain. A private key is used to sign representations of credentials and other values as a proof of knowledge of the private key and credential values for authentication of the user to the user identity on the blockchain.

    Secure mobile initiated authentications to web-services

    公开(公告)号:US11659392B2

    公开(公告)日:2023-05-23

    申请号:US17158898

    申请日:2021-01-26

    申请人: HYPR Corp.

    摘要: Provided is a process for mobile-initiated authentications to web services. Credential values of the user are established within a trusted execution environment of the mobile device and representations are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may convey access to a web-based service from a relying device. The server may pass credentials corresponding to the web-service received from the mobile device and verified to permit user access to the web-service to the relying device. The relying device presents credentials to the web-service to login, authenticate, or otherwise obtain user-level permission for the user on the relying device. The user of the mobile device may authenticate with the mobile device to the server, and may initiate the authentication process from the mobile device, without inputting credentials corresponding to the web-service on the relying device.

    Systems and methods for facilitating spending digital currency without owning digital currency

    公开(公告)号:US11354665B1

    公开(公告)日:2022-06-07

    申请号:US14538764

    申请日:2014-11-11

    申请人: HYPR Corp.

    IPC分类号: G06Q20/40 G06Q20/10 G06Q20/32

    摘要: Spending digital currency without owning digital currency may be facilitated. The user may use a software application running on the user's computing platform to scan a digital currency public address quick-response code (QR), or a near-field-communication (NFC) based public address. The user may be prompted to swipe-to-authenticate the transaction. The user may authenticate the transaction by fingerprint-swiping a biometric-enabled transitory password authentication device. The biometric-enabled transitory password authentication device may transmit an encrypted transitory password a server via the user's computing platform. Upon receiving and verifying the transaction, the server may send an amount of digital currency to the target address on behalf of the user. The server may charge the user's debit card an equivalent amount of sovereign currency.

    FEDERATED IDENTITY MANAGEMENT WITH DECENTRALIZED COMPUTING PLATFORMS

    公开(公告)号:US20210377254A1

    公开(公告)日:2021-12-02

    申请号:US17338394

    申请日:2021-06-03

    申请人: HYPR Corp.

    摘要: Provided is a process that establishes user identities within a decentralized data store, like a blockchain. A user's mobile device may establish credential values within a trusted execution environment of the mobile device. Representations of those credentials may be generated on the mobile device and transmitted for storage in association with an identity of the user established on the blockchain. Similarly, one or more key-pairs may be generated or otherwise used by the mobile device for signatures and signature verification. Private keys may remain resident on the device (or known and input by the user) while corresponding public keys may be stored in associated with the user identity on the blockchain. A private key is used to sign representations of credentials and other values as a proof of knowledge of the private key and credential values for authentication of the user to the user identity on the blockchain.

    SECURE MOBILE INITIATED AUTHENTICATIONS TO WEB-SERVICES

    公开(公告)号:US20210044976A1

    公开(公告)日:2021-02-11

    申请号:US17066280

    申请日:2020-10-08

    申请人: HYPR Corp.

    摘要: Provided is a process for mobile-initiated authentications to web services. Credential values of the user are established within a trusted execution environment of the mobile device and representations are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may convey access to a web-based service from a relying device. The server may pass credentials corresponding to the web-service received from the mobile device and verified to permit user access to the web-service to the relying device. The relying device presents credentials to the web-service to login, authenticate, or otherwise obtain user-level permission for the user on the relying device. The user of the mobile device may authenticate with the mobile device to the server, and may initiate the authentication process from the mobile device, without inputting credentials corresponding to the web-service on the relying device.

    Systems and methods for facilitating spending digital currency without owning digital currency

    公开(公告)号:US12093958B2

    公开(公告)日:2024-09-17

    申请号:US17740106

    申请日:2022-05-09

    申请人: HYPR Corp.

    IPC分类号: G06Q20/40 G06Q20/10 G06Q20/32

    摘要: Spending digital currency without owning digital currency may be facilitated. The user may use a software application running on the user's computing platform to scan a digital currency public address quick-response code (QR), or a near-field-communication (NFC) based public address. The user may be prompted to swipe-to-authenticate the transaction. The user may authenticate the transaction by fingerprint-swiping a biometric-enabled transitory password authentication device. The biometric-enabled transitory password authentication device may transmit an encrypted transitory password a server via the user's computing platform. Upon receiving and verifying the transaction, the server may send an amount of digital currency to the target address on behalf of the user. The server may charge the user's debit card an equivalent amount of sovereign currency.