-
公开(公告)号:US20170171185A1
公开(公告)日:2017-06-15
申请号:US14966061
申请日:2015-12-11
CPC分类号: H04L63/083 , G06F21/31 , G06F21/335 , G06F21/44 , G06F21/604 , H04L9/085 , H04L9/0863 , H04W12/06
摘要: Authentication of a device through a constructed authentication token. Components of an authentication key are distributed across at least a device and a server, diminishing a likelihood that an individual account is compromised by an attack.
-
公开(公告)号:US09608993B1
公开(公告)日:2017-03-28
申请号:US15012356
申请日:2016-02-01
IPC分类号: H04L29/06
CPC分类号: H04L63/0807 , H04L63/108 , H04W12/06
摘要: Aspects relate to a computer implemented anonymous credential method for credential abuse prevention and efficient revocation. The method includes acquiring a credential from an issuer at a user, registering the user and credential with an oblivious monitor, generating a user presentation token at the user using the credential, requesting presentation with the oblivious monitor by the user, wherein the user presentation token is transmitted to the oblivious monitor, verifying the user presentation token, wherein presentation is aborted if verification fails, transmitting, from the oblivious monitor, an oblivious monitor presentation token portion to the user in response to the verification passing, transmitting a combined presentation token to a verifier, wherein the combined presentation token includes the user presentation token and the oblivious monitor presentation token portion, and verifying the combined presentation token at the verifier.
-
公开(公告)号:US09596086B2
公开(公告)日:2017-03-14
申请号:US14745086
申请日:2015-06-19
发明人: Jan L. Camenisch , Anja Lehmann , Gregory Neven
CPC分类号: H04L9/3226 , G06F21/40 , H04L9/085 , H04L63/08 , H04L63/0823 , H04L63/083 , H04L63/0876
摘要: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.
摘要翻译: 密码认证系统包括访问控制服务器,其被配置为根据与用户ID相关联的用户密码的认证来控制用户计算机对资源的访问。 该系统还包括多个认证服务器,存储相应的秘密值。 对于每个用户ID,访问控制服务器存储通过使用依赖于秘密值的预定算法加密与该ID相关联的用户密码而产生的第一密文。 响应于接收到用户ID和输入密码,访问控制服务器与多个认证服务器进行通信以实现密码认证,要求使用秘密值,其中通过使用所述密码加密输入密码来产生第二密文 预定算法。 访问控制服务器比较第一和第二密文以确定输入密码是否等于用户密码以允许访问资源。
-
公开(公告)号:US20170033934A1
公开(公告)日:2017-02-02
申请号:US14811882
申请日:2015-07-29
IPC分类号: H04L9/32
CPC分类号: H04L9/3263 , G06F21/125 , G06F21/602 , H04L9/3268 , H04L2209/16 , H04L2209/42
摘要: The invention relates to an obfuscated program logic of machine executable instructions and a hardcoded cryptographic signing key. The obfuscated program logic further comprising a hardcoded first attribute value wherein execution of the machine executable instructions by the processor causes the obfuscated program logic to receive a request and in response to receiving the request evaluate whether the request is related to the hardcoded first attribute value. In case the request is related to the hardcoded first attribute value, then computing with the hardcoded first attribute value a response to the request and computing with the cryptographic signing key a signature, wherein the signature certifies the request for which the response was computed and certifies the authenticity of the response. Then generating and returning a presentation token comprising the response and the signature, and providing the presentation token to a receiver computer system.
摘要翻译: 本发明涉及机器可执行指令的混淆程序逻辑和硬编码密码签名密钥。 混淆程序逻辑还包括硬编码的第一属性值,其中由处理器执行机器可执行指令使得混淆的程序逻辑接收请求,并且响应于接收到请求,评估该请求是否与硬编码的第一属性值相关。 在请求与硬编码的第一属性值相关的情况下,然后使用硬编码的第一属性值计算对请求的响应并且利用加密签名密钥计算签名,其中签名证明响应被计算的请求并证明 回复的真实性。 然后生成并返回包括响应和签名的呈现令牌,并将呈现令牌提供给接收机计算机系统。
-
公开(公告)号:US20160316365A1
公开(公告)日:2016-10-27
申请号:US14692441
申请日:2015-04-21
CPC分类号: H04W12/06 , G06F2221/2111 , G06F2221/2151 , H04L63/083 , H04L63/0876
摘要: In an approach for authenticating a user computer, connectable to a mobile network, a computer retrieves an attribute credential, the attribute credential certifying a set of user attributes and a device identifier for identifying the user computer to the mobile network. The computer requests a location credential, the location credential certifying a device identifier and location data indicating a current location of the user computer determined by the mobile network. Additionally, the computer produces an authentication token comprising the attribute credential, the location credential, the location data, and a proof for proving that the device identifier in the attribute credential equals the device identifier in the location credential. Furthermore, the computer sends the authentication token for authentication.
摘要翻译: 在用于验证可连接到移动网络的用户计算机的方法中,计算机检索属性凭证,证明一组用户属性的属性凭证和用于将移动网络识别用户计算机的设备标识符。 计算机请求位置凭证,证明设备标识符的位置凭证和指示由移动网络确定的用户计算机的当前位置的位置数据。 此外,计算机产生包括属性凭证,位置凭证,位置数据以及用于证明属性凭证中的设备标识符等于位置凭证中的设备标识符的证明的认证令牌。 此外,计算机发送认证令牌进行认证。
-
16.发明申请公开(公告)号:US20150332064A1
公开(公告)日:2015-11-19
申请号:US14707193
申请日:2015-05-08
发明人: Jan L. Camenisch , Anja Lehmann
CPC分类号: H04L63/0421 , G06F17/30958 , G06F21/6245 , G06F21/6254 , H04L9/00 , H04L9/0866 , H04L9/0869 , H04L9/30 , H04L63/04 , H04L63/0428 , H04L2209/04 , H04L2209/42
摘要: A method for managing unlinkable database user identifiers includes distributing to a first database a first encrypted user identifier, a first database identifier, and a first database user identifier; distributing to a second database a second encrypted user identifier, a second database identifier, and a second database user identifier; receiving from the first database a third encryption and a fourth encryption, the third encryption being formed from the first encrypted user identifier, the second database identifier, and a message comprised in the fourth encryption; decrypting the third encryption thereby obtaining a decrypted value; deriving a blinded user identifier from the decrypted value; and sending the encrypted blinded user identifier and the fourth encrypted value to the second server thereby enabling the second server to compute the second database user identifier from the encrypted blinded database user identifier and the decrypted fourth encrypted value.
摘要翻译: 用于管理不可链接的数据库用户标识符的方法包括向第一数据库分发第一加密用户标识符,第一数据库标识符和第一数据库用户标识符; 向第二数据库分发第二加密用户标识符,第二数据库标识符和第二数据库用户标识符; 从第一数据库接收第三加密和第四加密,第三加密由第一加密用户标识符,第二数据库标识符和包括在第四加密中的消息形成; 解密第三加密,从而获得解密值; 从解密的值导出盲用户标识符; 以及将加密的盲用户标识符和第四加密值发送到第二服务器,从而使得第二服务器能够从加密的盲数据库用户标识符和解密的第四加密值计算第二数据库用户标识符。
-
公开(公告)号:US20140359289A1
公开(公告)日:2014-12-04
申请号:US14255396
申请日:2014-04-17
发明人: Jan L. Camenisch , Anja Lehmann , Gregory Neven
IPC分类号: H04L29/06
CPC分类号: H04L9/0861 , H04L9/0866 , H04L9/30 , H04L9/3218 , H04L9/3247 , H04L9/3263 , H04L63/0407 , H04L63/062 , H04L63/0823 , H04L2209/04 , H04L2209/42
摘要: A method for deriving a verification token from a credential may be provided. The credential may be a set of attributes certified by an issuer to a user using a public key of the issuer. The method may comprise generating the verification token out of the credential and binding the verification token to a context string, wherein the verification token may comprise at least one commitment. A commitment may be a blinded version of an attribute. The method may also comprise generating an opening key for the verification token enabling a generation of a confirmation for a validity of the attribute.
摘要翻译: 可以提供用于从凭证导出验证令牌的方法。 证书可以是由发行者使用发行者的公开密钥向用户认证的一组属性。 该方法可以包括从证书生成验证令牌并将验证令牌绑定到上下文字符串,其中验证令牌可以包括至少一个承诺。 承诺可能是属性的盲版本。 该方法还可以包括生成用于验证令牌的打开密钥,从而能够生成对该属性的有效性的确认。
-
公开(公告)号:US12056719B2
公开(公告)日:2024-08-06
申请号:US17712232
申请日:2022-04-04
IPC分类号: G06Q20/00 , G06Q30/018
CPC分类号: G06Q30/0185 , G06Q2220/00
摘要: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.
-
公开(公告)号:US11379825B2
公开(公告)日:2022-07-05
申请号:US16282510
申请日:2019-02-22
IPC分类号: G06Q20/36 , G06Q20/38 , G06F3/0482 , G06F21/33 , H04L9/40 , G06F3/04842 , H04L67/10
摘要: A method and system for enabling performance of a transaction. A first representation of a transaction policy, which depicts transaction policy options for fulfilling the transaction policy is displayed by a client computer. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.
-
公开(公告)号:US11210679B2
公开(公告)日:2021-12-28
申请号:US15859358
申请日:2017-12-30
摘要: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.
-
-
-
-
-
-
-
-
-
搜索结果
98 条记录 (耗时 0.032 秒)
