公开(公告)号：US09923886B2

公开(公告)日：2018-03-20

申请号：US15052134

申请日：2016-02-24

申请人： Intel Corporation

发明人： Vinay Phegade ,  Conor Cahill ,  Sanjay Bakshi

IPC分类号： H04L29/06 ,  G06Q20/38 ,  G06Q20/40 ,  G06F21/42 ,  G06F3/0481 ,  G06F21/84 ,  G06F21/33 ,  H04L29/08

CPC分类号： H04L63/0823 ,  G06F3/0481 ,  G06F21/33 ,  G06F21/42 ,  G06F21/84 ,  G06Q20/382 ,  G06Q20/401 ,  H04L63/08 ,  H04L63/083 ,  H04L63/126 ,  H04L67/14

摘要： In one embodiment a controller comprises logic configured to define, for display on a region of a display device coupled to the controller, a dialog box, lock the dialog box such that input/output operations conducted in the dialog box are visible to the secure controller and are not visible to an untrusted execution complex communicatively coupled to the secure controller, receive one or more authentication credentials based on a user input to the dialog box, and use the one or more authentication credentials to establish a secure communication session with a remote service. Other embodiments may be described.

公开(公告)号：US20170366556A1

公开(公告)日：2017-12-21

申请号：US15639443

申请日：2017-06-30

申请人： StrikeForce Technologies, Inc.

发明人： Ram PEMMARAJU

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F21/42 ,  G06F21/32

CPC分类号： H04L63/102 ,  G06F21/32 ,  G06F21/42 ,  H04L9/3215 ,  H04L9/3231 ,  H04L63/08 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/18

摘要： A multichannel security system is disclosed, which system is for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker has a peripheral device operative within an authentication channel to communicate with the security system. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker. A biometric analyzer—a voice or fingerprint recognition device—operates upon instructions from the authentication program to analyze the monitored parameter of the individual. In the security computer, a comparator matches the biometric sample with stored data, and, upon obtaining a match, provides authentication. The security computer instructs the host computer to grant access and communicates the same to the access-seeker, whereupon access is initiated over the access channel.

公开(公告)号：US09804686B2

公开(公告)日：2017-10-31

申请号：US13926648

申请日：2013-06-25

申请人： Microsoft Technology Licensing, LLC

发明人： Hyorim Park

IPC分类号： G06F3/02 ,  G09G5/00 ,  G06F3/0488 ,  G06F21/42 ,  G06F21/82 ,  G06F21/31 ,  G02B27/01

CPC分类号： G06F3/0227 ,  G02B2027/0178 ,  G06F3/04886 ,  G06F21/31 ,  G06F21/42 ,  G06F21/82 ,  G06F2221/032

摘要： A Head Mount Display (HMD) and a method for controlling the HMD are disclosed. The method includes detecting an external device in an image captured by the HMD, recognizing at least one component from a first User Interface (UI) of the external device, the at least one component including a keypad or a window for outputting data corresponding to an input signal to the keypad, generating a second UI including the recognized at least one component, displaying the second UI in the HMD, wherein the at least one component of the first UI being displayed on the external device is overlaid with the displayed second UI using the image from which the external device is detected, and displaying data corresponding to an input signal currently received at the external device on the second UI in the HMD.

公开(公告)号：US09762555B2

公开(公告)日：2017-09-12

申请号：US14808332

申请日：2015-07-24

申请人： Huawei Technologies Co., Ltd.

发明人： Zhichao Hua ,  Yubin Xia ,  Haibo Chen

IPC分类号： H04L29/06 ,  G06F21/33 ,  G06F21/42 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L63/0435 ,  G06F21/335 ,  G06F21/42 ,  G06F2221/2113 ,  H04L9/0844 ,  H04L9/3265 ,  H04L63/0471 ,  H04L63/0485 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/168 ,  H04L2463/062

摘要： A data processing method and apparatus, where the method includes acquiring a first network data packet that is sent by a target application that runs in an untrusted execution domain, where the first network data packet includes a first identifier; acquiring, in a trusted execution domain, first data corresponding to the first identifier; generating, in the trusted execution domain, a second network data packet according to the first data and the first network data packet; performing, in the trusted execution domain, encryption on the second network data packet by using a first session key to acquire an encrypted second network data packet; and sending the encrypted second network data packet to the target server. The data processing method and apparatus in the embodiments of the present invention can effectively prevent an attacker from stealing data.

公开(公告)号：US09548978B2

公开(公告)日：2017-01-17

申请号：US14721996

申请日：2015-05-26

申请人： INBAY TECHNOLOGIES INC.

发明人： Randy Kuang ,  Stanislus Kisito Xavier ,  David Michael Mann ,  He Zhu ,  Yiwen Wang ,  Yuebin Ding

IPC分类号： H04L29/06 ,  G06F21/34 ,  G06F21/42

CPC分类号： H04L63/083 ,  G06F21/34 ,  G06F21/42 ,  G06F2221/2101 ,  G06F2221/2115 ,  H04L63/0281 ,  H04L63/0853 ,  H04L63/0869 ,  H04L63/105 ,  H04L2463/102

摘要： Methods and systems for authenticating a security device for providing a secure access and transaction authorization to a remote network location are provided. The security device is authenticated by installing private security software on the security device. A Two-Channel authorization method includes a transaction notification/authorization channel and a transaction channel. A Three-Channel authorization method includes a transaction notification channel, a transaction authorization channel, and the transaction channel. Embodiments of the present invention provide increased security and privacy. A corresponding system for authenticating a security device and preforming secure private transactions is also provided.

摘要翻译： 提供了用于认证用于向远程网络位置提供安全访问和交易授权的安全设备的方法和系统。 安全设备通过在安全设备上安装专用安全软件进行身份验证。 双通道授权方法包括事务通知/授权通道和事务通道。 三通道授权方法包括交易通知通道，交易授权通道和交易通道。 本发明的实施例提供了增加的安全性和隐私。 还提供了用于验证安全设备并执行安全私人交易的相应系统。

公开(公告)号：US09544147B2

公开(公告)日：2017-01-10

申请号：US12470656

申请日：2009-05-22

申请人： Yordan I. Rouskov ,  Wei-Qiang Michael Guo ,  Orville Charles McDonald ,  Ramu Movva ,  Kyle Stapley Young ,  Kok Wai Chan

发明人： Yordan I. Rouskov ,  Wei-Qiang Michael Guo ,  Orville Charles McDonald ,  Ramu Movva ,  Kyle Stapley Young ,  Kok Wai Chan

IPC分类号： G06F21/00 ,  H04L9/32 ,  G06F21/42 ,  H04W12/06

CPC分类号： H04L9/3234 ,  G06F21/42 ,  H04L9/3228 ,  H04L9/3271 ,  H04L63/105 ,  H04L63/205 ,  H04L2209/80 ,  H04L2463/082 ,  H04W12/06

摘要： Authentication is widely used to protect consumer data and computing services, such as email, document storage, and online banking. Current authentication models, such as those employed by online identity providers, may have limited options and configurations for authentication schemes. Accordingly, as provided herein, a model based authentication scheme may be configured based upon a policy and/or an authentication mechanism list. The policy may define the target resource, a user, a group the user belongs to, devices used to connect to the target resource, a service owning the target resource, etc. The authentication mechanism list may comprise predefined authentication mechanisms and/or user plug-in authentication mechanisms (e.g., user created authentication mechanism). Once the authentication scheme is configured, it may be enforced upon authentication requests from a user. Feedback may be provided to the user based upon patterns of usage of the target resource.

摘要翻译： 认证广泛用于保护消费者数据和计算服务，如电子邮件，文档存储和网络银行。 当前的身份验证模型，例如在线身份提供者使用的身份验证模型，可能具有有限的认证方案选项和配置。 因此，如本文所提供的，基于模型的认证方案可以基于策略和/或认证机制列表来配置。 策略可以定义目标资源，用户，用户所属的组，用于连接到目标资源的设备，拥有目标资源的服务等。认证机制列表可以包括预定义的认证机制和/或用户插件 - 认证机制（例如，用户创建的认证机制）。 一旦认证方案被配置，它可以在来自用户的认证请求时被执行。 可以基于目标资源的使用模式向用户提供反馈。

公开(公告)号：US20160127348A1

公开(公告)日：2016-05-05

申请号：US14894504

申请日：2014-05-29

申请人： Barclays Bank PLC

发明人： Steven Bradley ,  Conall O'Brien ,  Jeremy Goldstone ,  Andrew Crichton ,  James Philip Sellwood

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04W12/06 ,  G06F21/42

CPC分类号： H04L63/083 ,  G06F21/42 ,  H04L9/3213 ,  H04L9/3226 ,  H04L63/067 ,  H04L63/0807 ,  H04L63/0838 ,  H04L2463/061 ,  H04W4/50 ,  H04W12/06

摘要： Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.

摘要翻译： 提供了使用服务器系统安全注册新应用程序。 系统已经注册了一个旧的应用程序。 新应用程序和系统之间的第一个链接建立了第一个密钥，并且首先检查数据从系统传递到新的应用程序并传递给旧的应用程序。 旧应用程序和系统之间的第二个链接基于对旧应用程序的凭据的输入建立第二个键; 第一个检查数据从旧应用程序传送到系统。 加密的第二检查数据通过第二链路从系统传送到旧应用，并使用第三密钥由旧应用进一步加密。 这产生双重加密的检查数据，该数据被传递到新的应用程序，并使用第一个密钥和第四个密钥进行解密，第一个密钥和第四个密钥是基于第一个检查数据生成的新的应用程序，以及向新的应用程序输入凭据。

公开(公告)号：US09330511B2

公开(公告)日：2016-05-03

申请号：US14262217

申请日：2014-04-25

申请人： CYLON GLOBAL TECHNOLOGY INC.

发明人： Glenn Webber ,  Eamonn Courtney ,  Jacqueline Cole-Courtney

IPC分类号： G05B19/00 ,  G05B23/00 ,  G06F7/00 ,  G06F21/00 ,  G06K9/00 ,  G07C9/00 ,  G06F21/32 ,  G06F21/42 ,  G06K7/10 ,  H04L9/08 ,  H04W12/04

CPC分类号： G07C9/00087 ,  G06F21/10 ,  G06F21/32 ,  G06F21/34 ,  G06F21/42 ,  G06F21/83 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2117 ,  G06K7/10297 ,  G06K9/00087 ,  G06K9/00926 ,  G06Q20/32 ,  G06Q20/40145 ,  G07C9/00039 ,  G07C9/00111 ,  G07C2209/02 ,  H04L9/0816 ,  H04L9/0866 ,  H04L9/3231 ,  H04L63/083 ,  H04L63/0861 ,  H04W4/12 ,  H04W12/04 ,  H04W12/06

摘要： An identity verification device comprises a cellular telecommunications modem and a fingerprint scanner coupled to the modem, the verification device being configured for storing first fingerprint data in an enrollment process and being operable, in response to the modem receiving a verification command via a cellular telecommunications network, to perform a verification process in which the fingerprint scanner scans a fingerprint to obtain second fingerprint data, the first and second fingerprint data are compared with each other, and in the event of a match between the first and second fingerprint data, the modem transmits a response signal to a predetermined destination via the telecommunications network. The device may be used in a networked telecommunications system in which the electronic transactions may be initiated by smart cards and other devices.

摘要翻译： 身份验证装置包括蜂窝电信调制解调器和耦合到调制解调器的指纹扫描仪，所述验证装置被配置为在登记过程中存储第一指纹数据，并且可响应于调制解调器经由蜂窝电信网络接收验证命令而可操作 为了执行其中指纹扫描器扫描指纹以获得第二指纹数据的验证过程，将第一和第二指纹数据彼此进行比较，并且在第一和第二指纹数据之间匹配的情况下，调制解调器发送 经由电信网络到达预定目的地的响应信号。 该设备可以用在网络电信系统中，其中电子交易可以由智能卡和其他设备启动。

公开(公告)号：US09313179B1

公开(公告)日：2016-04-12

申请号：US14808587

申请日：2015-07-24

申请人： GOOGLE INC.

发明人： Marcel M. M. Yung ,  Sarvar Patel ,  Binyamin Pinkas

IPC分类号： H04L29/06 ,  G06F21/74 ,  H04L9/00 ,  G06F21/62 ,  G06F21/42

CPC分类号： H04L63/0428 ,  G06F21/6227 ,  G06F21/6245 ,  G06F21/74 ,  H04L9/008 ,  H04L9/3247 ,  H04L63/0442

摘要： Processing a query, includes, at a client, receiving a user-generated query having a plurality of recognizable terms, securing the user-generated query to generate an encrypted query, so that the plurality of recognizable terms generated by the user-generated query cannot be determined by a server, transmitting the encrypted query to the server, to perform the query on encrypted data comprising a mix of regular data and secure data previously provided by the client, wherein at least one of selection criteria of the query and identities of selected records of the query result cannot be determined by the server, and interpreting a result of the query provided by the server, and providing an output of the query to the user having the plurality of recognizable terms.

摘要翻译： 处理查询，包括在客户端接收具有多个可识别术语的用户生成的查询，保护用户生成的查询以生成加密查询，使得由用户生成的查询生成的多个可识别术语不能 由服务器确定，将加密的查询发送到服务器，以对包括常规数据和先前由客户端提供的安全数据的混合的加密数据执行查询，其中查询的选择标准和所选择的身份的至少一个 查询结果的记录不能由服务器确定，并且解释由服务器提供的查询的结果，并且向具有多个可识别术语的用户提供查询的输出。

公开(公告)号：US20160036807A1

公开(公告)日：2016-02-04

申请号：US14446007

申请日：2014-07-29

申请人： LexisNexis Risk Solutions Inc.

发明人： Bryan Knauss

IPC分类号： H04L29/06 ,  G06F21/42 ,  G06F21/32

CPC分类号： H04L63/0838 ,  G06F17/30867 ,  G06F21/31 ,  G06F21/32 ,  G06F21/42 ,  G06F2221/2103 ,  H04L63/0861

摘要： Certain implementations include systems and methods for combined one-time-passcode (OTP) and knowledge-based-authentication (KBA) identity authentication. A method is provided that includes receiving a set of identity information associated with a subject; querying one or more databases; receiving personally identifiable information; producing at least one knowledge based authentication (KBA) identity proofing question having a personally identifiable correct answer; generating a unique correct one-time pass (OTP) code for the personally identifiable correct answer; generating one or more incorrect answers with corresponding incorrect codes; outputting, the at least one KBA identity proofing question; outputting the personally identifiable correct answer with the unique correct OTP code, and the one or more incorrect answers with corresponding incorrect codes; receiving a response code; comparing the response code and the unique correct OTP code; and responsive to a match between the response code and the unique correct OTP code, outputting a first indication of authentication.

摘要翻译： 某些实现包括用于组合的一次性密码（OTP）和基于知识的认证（KBA）身份认证的系统和方法。 提供了一种方法，其包括接收与对象相关联的一组身份信息; 查询一个或多个数据库; 接收个人身份信息; 产生具有个人可识别的正确答案的至少一种基于知识的认证（KBA）身份证明问题; 为个人可识别的正确答案产生唯一正确的一次通过（OTP）代码; 用相应的错误代码产生一个或多个不正确的答案; 输出所述至少一个KBA身份打样问题; 输出具有唯一正确OTP代码的个人身份正确答案，以及一个或多个不正确答案与相应的错误代码; 接收响应码; 比较响应代码和唯一正确的OTP代码; 并且响应所述响应代码和所述唯一的正确OTP代码之间的匹配，输出认证的第一指示。