-
11.发明授权System and method of performing electronic transactions with encrypted data transmission 有权使用加密数据传输执行电子交易的系统和方法公开(公告)号:US08601256B2
公开(公告)日:2013-12-03
申请号:US12402772
申请日:2009-03-12
申请人: Michael Baentsch , Reto Hermann , Thorsten Kramp , Thomas D. Weigold , Peter Buhler , Thomas Eirich , Tamas Visegrady
发明人: Michael Baentsch , Reto Hermann , Thorsten Kramp , Thomas D. Weigold , Peter Buhler , Thomas Eirich , Tamas Visegrady
IPC分类号: H04L29/06
CPC分类号: H04L63/0869 , G06Q20/08 , G06Q20/42 , H04L63/0471 , H04L63/0823 , H04L63/0853 , H04L63/166 , H04L67/42 , H04L2463/102
摘要: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.
摘要翻译: 在服务器计算机和客户端计算机之间执行电子交易的系统和方法。 该方法通过网络实现具有加密数据传输和服务器与硬件设备之间的相互认证的通信协议,执行加密服务器响应的解密,将解密的服务器响应从硬件设备转发到客户端计算机,显示解密的服务器 在客户端显示器上的响应,接收从客户端计算机发送到服务器的请求,通过硬件设备解析客户端对预定义交易信息的请求,对客户端请求进行加密和转发,检测到显示预定义的事务信息,转发和加密 如果接收到用户确认,则将包含预定义交易信息的客户端请求发送到服务器,如果没有接收到用户确认,则取消该交易。
-
公开(公告)号:US20120233465A1
公开(公告)日:2012-09-13
申请号:US13474184
申请日:2012-05-17
IPC分类号: H04L9/32
CPC分类号: H04L9/0827 , H04L9/088 , H04L63/0435 , H04L63/062 , H04L63/18 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.
摘要翻译: 本发明涉及一种从凭证发行者向证书用户分发一组凭证的方法。 证书用户被提供有用户设备。 第一通道和第二通道被提供用于用户设备和凭证发行者之间的通信。 共享密钥通过第二信道在用户设备和证书颁发者之间分配。 生成具有预定的与均匀分布的最大偏差水平的凭证集合的二进制表示。 该凭证集的二进制表示通过共享密钥进行加密。 加密的证书集合经由第一信道从证书颁发者分发到用户设备。 加密的凭证集合由用户设备通过共享密钥解密。
-
公开(公告)号:US08214642B2
公开(公告)日:2012-07-03
申请号:US12062888
申请日:2008-04-04
IPC分类号: H04L9/32
CPC分类号: H04L9/0827 , H04L9/088 , H04L63/0435 , H04L63/062 , H04L63/18 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.
摘要翻译: 本发明涉及一种从凭证发行者向证书用户分发一组凭证的方法。 证书用户被提供有用户设备。 第一通道和第二通道被提供用于用户设备和凭证发行者之间的通信。 共享密钥通过第二信道在用户设备和证书颁发者之间分配。 生成具有预定的与均匀分布的最大偏差水平的凭证集合的二进制表示。 该凭证集的二进制表示通过共享密钥进行加密。 加密的证书集合经由第一信道从证书颁发者分发到用户设备。 加密的凭证集合由用户设备通过共享密钥解密。
-
公开(公告)号:US07543159B2
公开(公告)日:2009-06-02
申请号:US10495345
申请日:2002-11-05
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Marcus Oestreicher , Thomas D. Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Marcus Oestreicher , Thomas D. Weigold
IPC分类号: G06F12/14
CPC分类号: H04L63/04 , G06F21/76 , H04L9/003 , H04L9/0625 , H04L2209/12
摘要: Provides a data processing system comprising a processor and encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. The second persistent memory stores a cryptographic key for decrypting the encrypted information, generating therefrom unencrypted information that is usable by the processor for executing an operation. The cryptographic key may be used for encrypting the unencrypted information, generating the encrypted information. Also provided is a method of processing such a data-processing system with an operating system, comprising writing unencrypted information into the first persistent memory, encrypting the unencrypted information under use of the first cryptographic key, creating therefrom encrypted information in the first persistent memory, and setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system.
摘要翻译: 提供包括处理器和加密信息的数据处理系统,其中第一持久存储器的信息泄漏级别高于第二持久存储器。 第二持久存储器存储用于对加密信息进行解密的加密密钥,从而生成由处理器可用于执行操作的未加密信息。 加密密钥可以用于加密未加密的信息,生成加密的信息。 还提供了一种处理具有操作系统的这种数据处理系统的方法,包括将未加密的信息写入到第一持久存储器中,对使用第一加密密钥的未加密信息进行加密,从而在第一永久存储器中创建加密信息, 并且将数据处理系统设置为由操作系统控制对第一永久存储器的写入的状态。
-
公开(公告)号:US20080226076A1
公开(公告)日:2008-09-18
申请号:US12125247
申请日:2008-05-22
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Thorsten Kramp , Marcus Oestreicher , Michael Osborne , Thomas D. Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Thorsten Kramp , Marcus Oestreicher , Michael Osborne , Thomas D. Weigold
CPC分类号: H04L63/061 , H04L29/06 , H04L63/062
摘要: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key and an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.
摘要翻译: 一种向用户设备提供一组接入码的方法,包括在用户设备中存储加密密钥和识别码,以及经由通信网络向服务器发送包含识别码的消息。 在服务器中,对应于存储在用户设备中的密钥存储加密密钥,在从用户设备接收到识别码时分配一组接入码。 基于在消息中接收到的识别码执行查找功能,以从存储中检索密钥。 使用检索到的密钥对访问代码集进行加密以产生加密集。 包含加密集的消息经由网络发送到用户设备。 在用户装置中,使用存储器中的密钥对从服务器接收到的加密集进行解密,并且存储解密的一组访问码以供用户装置的用户使用。
-
公开(公告)号:US09811646B2
公开(公告)日:2017-11-07
申请号:US13822137
申请日:2011-08-08
申请人: Michael Baentsch , Peter Buhler , Harold D Dykeman , Reto J Hermann , Frank Hoering , Michael P Kuyper-Hammond , Diego Alejandro Ortiz-Yepes , Thomas D Weigold
发明人: Michael Baentsch , Peter Buhler , Harold D Dykeman , Reto J Hermann , Frank Hoering , Michael P Kuyper-Hammond , Diego Alejandro Ortiz-Yepes , Thomas D Weigold
CPC分类号: G06F21/121 , G06F21/10 , G06F21/6218
摘要: A method, a secure device and a computer program product for securely managing files. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server via a host, the host connected to the server through a telecommunication network, upon receiving a request for using a file stored on the secure device, processing the request at the secure device according to an updated use permission associated to the file, where the updated use permission is obtained by instructing at the secure device to establish a connection between the secure device and the server via the host and updating at the device the use permission associated to the file, according to permission data sent from the server through the established connection.
-
17.发明授权Method, secure device, system and computer program product for digitally signing a document 有权用于数字签名文档的方法,安全设备,系统和计算机程序产品公开(公告)号:US08959354B2
公开(公告)日:2015-02-17
申请号:US13074280
申请日:2011-03-29
CPC分类号: G06F21/84
摘要: A method for digitally signing a document, a secure device, and a computer program product for implementing the method. The method employs a secure device which is protected against malicious software or malware and is adapted to establish a secure connection to a recipient via a host. The method includes: connecting to a terminal; accessing the contents of a document received by the secure device; instructing at the secure device to communicate the accessed contents to an output device other than the terminal such that the contents can be verified by a user; ascertaining at the secure device a command received to digitally sign the document; executing at the secure device the ascertained command; and instructing to send a digitally signed document to a recipient over a connection established via the host connected to a telecommunication network.
摘要翻译: 用于对文档进行数字签名的方法,安全装置和用于实现该方法的计算机程序产品。 该方法采用安全装置,其被防范恶意软件或恶意软件,并且适于通过主机建立到接收者的安全连接。 该方法包括:连接到终端; 访问由安全设备接收的文档的内容; 指示安全设备将所访问的内容传送到终端之外的输出设备,使得内容可以由用户验证; 在安全设备处确定接收到用于对文档进行数字签名的命令; 在安全装置处执行确定的命令; 并且指示通过经由连接到电信网络的主机建立的连接将数字签名的文档发送给接收者。
-
公开(公告)号:US08856919B2
公开(公告)日:2014-10-07
申请号:US13557468
申请日:2012-07-25
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Reto J. Hermann , Frank Hoering , Thorsten Kramp , Michael P. Kuyper-Hammond , Thomas D. Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Reto J. Hermann , Frank Hoering , Thorsten Kramp , Michael P. Kuyper-Hammond , Thomas D. Weigold
CPC分类号: H04L63/0823 , G06F21/33 , G06F21/34
摘要: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.
-
公开(公告)号:US07970821B2
公开(公告)日:2011-06-28
申请号:US12145966
申请日:2008-06-25
IPC分类号: G06F15/16
CPC分类号: G06F21/51 , G06F8/658 , G06F21/105 , G06F21/12 , G06F2221/033 , G06F2221/2107 , Y10S707/99953
摘要: The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.
摘要翻译: 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码,该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合,以生成第二签名代码片段。 为此,第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。
-
公开(公告)号:US20090248580A1
公开(公告)日:2009-10-01
申请号:US12060415
申请日:2008-04-01
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Thorsten Kramp , Thomas Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Thorsten Kramp , Thomas Weigold
CPC分类号: G06Q20/3223 , G06F21/34 , G06Q20/10 , G06Q20/3226 , G06Q20/3674 , G06Q20/382 , G06Q20/3823 , G06Q40/02 , H04L63/0853 , H04L63/18
摘要: A secure online banking transaction apparatus to communicate with a server over a non-secure connection is provided and includes a selector configured to allow for a selection of a mode of the apparatus, a processing unit coupled to the selector and including a secure communication unit, which is configured to set up a secure connection, along which a secure transaction occurs, with the server via the non-secure connection in accordance with the mode, an input unit coupled to the processing unit and configured to allow for a input of data into the apparatus, which is at least partly related to the secure transaction, and an interface coupled to the processing unit and configured to convey at least a status of the secure transaction and the contents off the inputted data.
摘要翻译: 提供了一种用于通过非安全连接与服务器进行通信的安全的网上银行交易装置,并且包括被配置为允许选择所述装置的模式的选择器,耦合到所述选择器并包括安全通信单元的处理单元, 其被配置为根据该模式经由非安全连接与服务器建立安全事务发生的安全连接,输入单元耦合到处理单元并被配置为允许数据输入 所述装置至少部分地与安全事务相关,以及耦合到所述处理单元并被配置为至少传送所述安全事务的状态和所述内容的所述输入数据的接口。
-
-
-
-
-
-
-
-
-
搜索结果
50 条记录 (耗时 0.024 秒)
