公开(公告)号：US20050246535A1

公开(公告)日：2005-11-03

申请号：US11066406

申请日：2005-02-25

申请人： Neil Adams ,  Michael Brown ,  Herbert Little

发明人： Neil Adams ,  Michael Brown ,  Herbert Little

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L12/00 ,  H04L12/24 ,  H04L12/26 ,  H04L12/58 ,  H04L29/00 ,  H04L29/06 ,  H04M1/725 ,  H04Q7/20

CPC分类号： H04L51/14 ,  H04L43/00 ,  H04L63/105 ,  H04M1/72552

摘要： Systems and methods for displaying messages to a user, the messages having different levels of security, are provided herein. One method of displaying to a user messages having different levels of security includes receiving a message over a network includes examining an attribute of the message to determine a security-related level associated with the message. A visual indication for display to a device user is generated by the device. Such visual indication is indicative of the determined security-related level, and is configured to be visible during scrolling through a majority of the message text.

摘要翻译： 本文提供了向用户显示消息的系统和方法，具有不同级别的安全性的消息。 向用户显示具有不同安全级别的消息的一种方法包括通过网络接收消息包括检查消息的属性以确定与消息相关联的安全相关级别。 用于显示给设备用户的视觉指示由设备生成。 这种视觉指示表示确定的安全相关级别，并且被配置为在滚动通过大多数消息文本期间可见。

公开(公告)号：US20050138390A1

公开(公告)日：2005-06-23

申请号：US10819278

申请日：2004-04-07

申请人： Neil Adams ,  David Tapuska ,  Michael Brown ,  Herbert Little

发明人： Neil Adams ,  David Tapuska ,  Michael Brown ,  Herbert Little

IPC分类号： G06F1/16 ,  G06F21/34 ,  H04K1/00

CPC分类号： G06F1/1656 ,  G06F1/1626 ,  G06F1/1632 ,  G06F21/34

摘要： Systems and methods are provided for facilitating access to an electronic device. Password information is stored on the electronic device, and on a portable authenticator. When a user attempts to access the electronic device, the user is prompted to enter a password at the electronic device. The portable authenticator determines the validity of the entered password. The electronic device receives the results of the validity determination from the portable authenticator, and provides access to the electronic device based on the received validity determination.

摘要翻译： 提供了系统和方法以便于访问电子设备。 密码信息存储在电子设备和便携式认证器上。 当用户尝试访问电子设备时，提示用户在电子设备处输入密码。 便携式验证器确定输入密码的有效性。 电子设备从便携式认证器接收有效性确定的结果，并且基于所接收的有效性确定提供对电子设备的访问。

公开(公告)号：US20080005561A1

公开(公告)日：2008-01-03

申请号：US11750789

申请日：2007-05-18

申请人： Michael Brown ,  Neil Adams ,  Steven Fyke ,  Herbert Little

发明人： Michael Brown ,  Neil Adams ,  Steven Fyke ,  Herbert Little

IPC分类号： H04L9/00

CPC分类号： H04W12/02 ,  G06F21/305 ,  G06F21/6218 ,  G06F21/88 ,  G06F2221/2143 ,  H04L9/00 ,  H04L63/102 ,  H04L2209/80 ,  H04W8/02 ,  H04W8/245 ,  H04W12/08 ,  H04W12/12

摘要： A mobile communications device, server, and method for providing security on a mobile communications device are described. In accordance with one example embodiment, the mobile communications device comprises: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect policy messages received by the mobile communications device, wherein the security module is further operable to perform a security action if a first policy message to enforce a first data protection policy is received and a subsequent policy message to enforce a second data protection policy is not received within a predetermined duration from the time at which the first policy message is received; and wherein the security action comprises erasing or encrypting at least some of the data on the storage element.

摘要翻译： 描述了用于在移动通信设备上提供安全性的移动通信设备，服务器和方法。 根据一个示例实施例，移动通信设备包括：处理器; 连接到处理器的通信子系统可操作以与无线网络和处理器交换信号; 连接到所述处理器并具有存储在其上的多个应用模块和数据的存储元件，所述数据至少包括与所述应用模块相关联的用户应用数据和包括用于建立与所述无线网络的通信的数据的服务数据; 以及可操作以检测由移动通信设备接收的策略消息的安全模块，其中如果接收到用于强制执行第一数据保护策略的第一策略消息以及后续的策略消息来执行安全模块，则安全模块还可操作以执行安全动作 在从接收到第一策略消息的时间起的预定持续时间内没有接收到第二数据保护策略; 并且其中所述安全动作包括擦除或加密所述存储元件上的所述数据中的至少一些。

公开(公告)号：US20070298767A1

公开(公告)日：2007-12-27

申请号：US11750594

申请日：2007-05-18

申请人： Michael Brown ,  Neil Adams ,  Steven Fyke ,  Herbert Little

发明人： Michael Brown ,  Neil Adams ,  Steven Fyke ,  Herbert Little

IPC分类号： H04M1/66

CPC分类号： H04W12/02 ,  G06F21/305 ,  G06F21/6218 ,  G06F21/88 ,  G06F2221/2143 ,  H04L9/00 ,  H04L63/102 ,  H04L2209/80 ,  H04W8/02 ,  H04W8/245 ,  H04W12/08 ,  H04W12/12

摘要： A mobile communications device, method and computer program product for providing security on a mobile communications device are described. In accordance with one example embodiment, the mobile communications device comprises: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect a locked state of the mobile communications device and initiate a lockout data protection timer for a predetermined duration upon detection of the locked state; and wherein the security module is operable to, after the lockout data protection timer has been initiated, detect if a password shared by the user and the mobile communications device is entered through a user input device within the predetermined duration of the lockout data protection timer; wherein the security module is operable to terminate the lockout data protection timer if entry of the password is detected within the predetermined duration; and wherein the security module is operable to perform a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password is not detected within the predetermined duration.

摘要翻译： 描述了用于在移动通信设备上提供安全性的移动通信设备，方法和计算机程序产品。 根据一个示例实施例，移动通信设备包括：处理器; 连接到处理器的通信子系统可操作以与无线网络和处理器交换信号; 连接到所述处理器并具有存储在其上的多个应用模块和数据的存储元件，所述数据至少包括与所述应用模块相关联的用户应用数据和包括用于建立与所述无线网络的通信的数据的服务数据; 以及安全模块，其可操作以检测所述移动通信设备的锁定状态，并且在检测到所述锁定状态时在预定持续时间内启动锁定数据保护定时器; 并且其中所述安全模块可操作以在所述锁定数据保护定时器已被启动之后，在所述锁定数据保护定时器的所述预定持续时间内检测用户和所述移动通信设备共享的密码是否通过用户输入设备进入; 其中所述安全模块可操作以在所述预定持续时间内检测到所述密码的输入时终止所述锁定数据保护定时器; 并且其中所述安全模块可操作以执行安全动作，包括擦除或加密所述存储元件上的所述数据中的至少一些，如果在所述预定持续时间内没有检测到所述口令的输入。

公开(公告)号：US20070028118A1

公开(公告)日：2007-02-01

申请号：US11196340

申请日：2005-08-04

申请人： Michael Brown ,  Neil Adams ,  Herbert Little

发明人： Michael Brown ,  Neil Adams ,  Herbert Little

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/4012 ,  G06Q20/40975 ,  G07F7/1025

摘要： A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

摘要翻译： 提供了一种使用智能卡安全授权用户或用户设备的智能卡，系统和方法。 智能卡被配置为在初始化或请求验证时向用户输入设备提供公共密钥，使得在经由智能卡读卡器传输到智能卡之前，由用户输入的PIN或密码被加密。 智能卡然后解密PIN或密码以授权用户。 优选地，智能卡被配置为向用户输入设备提供公开密钥和随机数，该用户输入设备然后在发送到智能卡之前加密随机数和用户输入的PIN或密码的级联或其他组合。 因此，智能卡读卡器从未收到PIN或密码的副本，允许智能卡与不可信的智能卡读卡器一起使用。

公开(公告)号：US20060036848A1

公开(公告)日：2006-02-16

申请号：US10913693

申请日：2004-08-09

申请人： Michael Brown ,  Neil Adams ,  David Tapuska ,  Herbert Little

发明人： Michael Brown ,  Neil Adams ,  David Tapuska ,  Herbert Little

IPC分类号： H04L9/00

CPC分类号： H04L9/3263 ,  H04L61/1523 ,  H04L63/0823 ,  H04L2209/80 ,  H04W12/04 ,  Y10S707/99933

摘要： A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one embodiment, a certificate synchronization application is programmed to perform certificate searches by querying one or more certificate servers for all of the certificates on those certificate servers. If all of the certificates on a certificate server cannot be successfully retrieved using a single search query, due to a search quota on the certificate server being exceeded for example, the search is re-performed through multiple queries, each corresponding to a narrower subsearch. The invention enables users to large amounts of certificates to be automatically searched for and retrieved from certificate servers, thereby minimizing the need for users to manually search for individual certificates.

摘要翻译： 用于搜索和检索证书的系统和方法，其可以用于编码消息的处理。 在一个实施例中，证书同步应用程序被编程为通过向一个或多个证书服务器查询那些证书服务器上的所有证书来执行证书搜索。 如果证书服务器上的所有证书都无法使用单个搜索查询成功检索，因为例如超过了证书服务器上的搜索配额，则通过多个查询重新执行搜索，每个查询对应于较窄的子搜索。 本发明使用户能够从证书服务器自动搜索和检索大量的证书，从而最小化用户手动搜索单个证书的需要。

公开(公告)号：US20070038820A1

公开(公告)日：2007-02-15

申请号：US11202786

申请日：2005-08-11

申请人： Michael Brown ,  Herbert Little ,  Michael Brown

发明人： Michael Brown ,  Herbert Little ,  Michael Brown

IPC分类号： G06F13/28

CPC分类号： G06F21/79 ,  G06F12/0802 ,  G06F12/1408

摘要： Increasing security for a hand-held data processing device with communication functionality where such a device includes an access-ordered memory cache relating to communications carried out by the device. The hand-held data processing device has a locked state that is entered by the device receiving or initiating a trigger. On occurrence of the trigger to enter the locked state the memory cache is reordered so as to disrupt the access-ordering of the cache to obscure device traffic information and thus increase the security of the device in the locked state.

摘要翻译： 提高具有通信功能的手持式数据处理设备的安全性，其中这样的设备包括与由设备执行的通信相关的访问有序的存储器高速缓存。 手持式数据处理装置具有被接收或发起触发的装置输入的锁定状态。 在发生触发器进入锁定状态时，存储器高速缓存被重新排序，以便中断高速缓存的访问排序以模糊设备交通信息，从而增加处于锁定状态的设备的安全性。

公开(公告)号：US20060094442A1

公开(公告)日：2006-05-04

申请号：US10976303

申请日：2004-10-29

申请人： Michael Kirkup ,  Michael Brown ,  Herbert Little ,  Ian Robertson ,  Michael Brown

发明人： Michael Kirkup ,  Michael Brown ,  Herbert Little ,  Ian Robertson ,  Michael Brown

IPC分类号： H04Q7/20

CPC分类号： H04W88/02

摘要： A mobile wireless communication device also has at least one wired communication port. Enhanced security is achieved by permitting the device to automatically disable one or more wireless ports when connected to a wired port. Specific combinations/permutations of such automatic control may be effected by use of an IT Policy also resident on the device.

公开(公告)号：US20050251680A1

公开(公告)日：2005-11-10

申请号：US11118236

申请日：2005-04-29

申请人： Michael Brown ,  Herbert Little ,  David MacFarlane ,  Michael Brown ,  Dinah Davis

发明人： Michael Brown ,  Herbert Little ,  David MacFarlane ,  Michael Brown ,  Dinah Davis

IPC分类号： H04L9/00 ,  H04L9/30 ,  H04L29/06

CPC分类号： H04L9/08 ,  H04L9/002 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/3066 ,  H04L9/3215 ,  H04L9/3226 ,  H04L63/061 ,  H04L63/083 ,  H04L63/18 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

摘要： A method for secure bidirectional communication between two systems is described. A first key pair and a second key pair are generated, the latter including a second public key that is generated based upon a shared secret. First and second public keys are sent to a second system, and third and fourth public keys are received from the second system. The fourth public key is generated based upon the shared secret. A master key for encrypting messages is calculated based upon a first private key, a second private key, the third public key and the fourth public key. For re-keying, a new second key pair having a new second public key and a new second private key is generated, and a new fourth public key is received. A new master key is calculated using elliptic curve calculations using the new second private key and the new fourth public key.

摘要翻译： 描述了两个系统之间的安全双向通信的方法。 产生第一密钥对和第二密钥对，后者包括基于共享秘密生成的第二公钥。 第一和第二公钥被发送到第二系统，并且从第二系统接收第三和第四公钥。 第四个公钥是基于共享的秘密生成的。 基于第一私钥，第二私钥，第三公钥和第四公钥来计算用于加密消息的主密钥。 为了重新键入，生成具有新的第二公钥和新的第二私钥的新的第二密钥对，并接收新的第四公钥。 使用新的第二私钥和新的第四公钥，使用椭圆曲线计算来计算新的主密钥。

公开(公告)号：US20050250473A1

公开(公告)日：2005-11-10

申请号：US10996369

申请日：2004-11-26

申请人： Michael Brown ,  Michael Brown ,  Michael Kirkup ,  Herbert Little

发明人： Michael Brown ,  Michael Brown ,  Michael Kirkup ,  Herbert Little

IPC分类号： G06F12/14 ,  G06F13/14 ,  H04L9/00 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L9/3271 ,  H04L9/3226 ,  H04L9/3236 ,  H04L63/083 ,  H04L2209/80

摘要： A challenge response scheme includes the authentication of a requesting device by an authenticating device. The authenticating device generates a challenge that is issued to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user of the requesting device, and the combination of the hash of the password and the challenge is further hashed in order to generate a requesting encryption key that is used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If a hash of the user-supplied password matches the stored hash of the authenticating device password, then the requesting device has been authenticated and the authenticating device is in possession of the password.

摘要翻译： 挑战响应方案包括认证设备对请求设备的认证。 认证设备产生发出到请求设备的质询。 请求设备将挑战与由请求设备的用户提供的密码的散列相结合，并进一步散列密码散列和质询的组合，以便生成用于加密的请求加密密钥 用户提供的密码。 加密的用户提供的密码作为对发布的挑战的响应被发送到认证设备。 认证设备通过生成质询的组合和存储的认证设备密码的哈希的散列来生成认证加密密钥。 认证加密密钥用于解密响应，以便检索用户提供的密码。 如果用户提供的密码的散列与存储的认证设备密码的哈希匹配，则请求设备已被认证，认证设备拥有密码。