公开(公告)号：US20160337361A1

公开(公告)日：2016-11-17

申请号：US15154861

申请日：2016-05-13

申请人： T-Central, Inc.

发明人： David W. Kravitz ,  Donald Houston Graham, III ,  Josselyn L. Boudett ,  Russell S. Dietz

IPC分类号： H04L29/06 ,  H04L9/30 ,  H04L9/32 ,  H04L9/00 ,  H04L9/08

CPC分类号： H04L9/3263 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/08 ,  H04L63/10 ,  H04L63/20

摘要： A security system for authenticating users and protecting content that provides an application program interface (API) with a Cloud Platform integration (Platform) to extend the security capabilities of Public Key Infrastructure and Privilege Management Infrastructure systems to authenticated external users and protected content.

摘要翻译： 用于验证用户和保护内容的安全系统，该内容提供具有云平台集成（Platform）的应用程序接口（API），以将公钥基础设施和特权管理基础架构系统的安全功能扩展到已验证的外部用户和受保护的内容。

公开(公告)号：US20160294553A1

公开(公告)日：2016-10-06

申请号：US15036032

申请日：2014-08-25

申请人： MITSUBISHI ELECTRIC CORPORATION

发明人： Mitsuhiro HATTORI ,  Nori MATSUDA ,  Takashi KOMIYA ,  Yasuhiro KOWATA ,  Tsuyoshi HAMADA

IPC分类号： H04L9/08 ,  H04L9/00 ,  H04L9/30 ,  H04L9/32 ,  H04L29/06 ,  H04L9/14

CPC分类号： H04L9/0863 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L9/3226 ,  H04L9/3263 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/083

摘要： A user terminal includes a common key storage part which stores a common key to a terminal-side storage unit. A PKG takes as input the common key, encrypts information using the common key inputted, and transmits the information encrypted, as encrypted information to a server. The server includes an encrypted information storage part which stores the encrypted information received from the PKG, to a server-side storage unit. The server includes an information transmitting part which transmits, upon reception of an information delivery request from the user terminal, the encrypted information stored in the server-side storage unit, to the user terminal. The user terminal includes a decrypting part which decrypts the encrypted information received, using the common key stored in the terminal-side storage unit, thereby acquiring information.

摘要翻译： 用户终端包括将共用密钥存储到终端侧存储单元的公用密钥存储部。 PKG采用公共密钥作为输入，使用输入的公共密钥加密信息，并将加密的信息作为加密信息发送到服务器。 服务器包括将从PKG接收的加密信息存储到服务器侧存储单元的加密信息存储部。 服务器包括：信息发送部，其在从用户终端接收到信息交付请求时，将存储在服务器侧存储单元中的加密信息发送到用户终端。 用户终端包括使用存储在终端侧存储单元中的公共密钥对接收到的加密信息进行解密从而获取信息的解密部分。

公开(公告)号：US09462473B2

公开(公告)日：2016-10-04

申请号：US14992694

申请日：2016-01-11

申请人： CITIGROUP GLOBAL MARKETS, INC.

发明人： Hilary Ward ,  Gary E. Greenwald ,  Francis A. Shanahan

IPC分类号： H04L29/06 ,  H04W12/06 ,  G06F21/33 ,  H04L9/00 ,  H04L9/32 ,  H04B1/3827

CPC分类号： H04W12/06 ,  G06F21/335 ,  H04B1/3827 ,  H04L9/006 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0442 ,  H04L2463/102

摘要： The invention relates to systems and methods for secure, remote, wireless submission of financial transactions. Authentication and authorization functionality are provided through use of proof of possession tests, a token service that provides a user device with a token that includes user entitlement data, and high assurance digital certificates.

摘要翻译： 本发明涉及用于安全，远程，无线地提交金融交易的系统和方法。 通过使用拥有测试证明来提供认证和授权功能，令牌服务为用户设备提供包含用户授权数据的令牌和高保证数字证书。

公开(公告)号：US09455979B2

公开(公告)日：2016-09-27

申请号：US14448697

申请日：2014-07-31

申请人： NOK NOK LABS, INC.

发明人： William J. Blanke

IPC分类号： H04L29/06 ,  H04L9/00

CPC分类号： H04L63/0823 ,  G06F21/33 ,  G06F21/42 ,  G06F21/44 ,  H04L9/006 ,  H04L9/3263 ,  H04L63/0861 ,  H04L63/166 ,  H04W12/04 ,  H04W12/06

摘要： A system, apparatus, method, and machine readable medium are described for establishing trust using secure communication protocols. For example, one embodiment of a method comprises: generating a first authentication-related communication at an authentication server on behalf of a relying party the first authentication-related communication being directed to a client device having one or more authenticators; signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI); establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure; transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel; establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure; transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel; providing the first authentication-related communication from the relying party app to the authentication client; and the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key.

摘要翻译： 描述了用于使用安全通信协议建立信任的系统，装置，方法和机器可读介质。 例如，方法的一个实施例包括：代表依赖方在认证服务器处生成第一认证相关通信，所述第一认证相关通信被定向到具有一个或多个认证器的客户端设备; 使用来自分散式公钥基础设施（PKI）的自签名证书的第一密钥签署第一认证相关通信; 使用可靠的安全通信基础设施在客户端设备上与依赖方应用建立第一安全通信信道; 通过所述第一安全通信信道向所述依赖方应用发送具有所述签名的所述第一认证相关通信; 使用可靠的安全通信基础设施在所述客户端设备上与认证客户端建立第二安全通信信道; 通过第二通信信道将自签名证书的第二密钥从分散PKI发送到认证客户端; 提供从依赖方应用到认证客户端的第一认证相关通信; 以及使用第二密钥验证通过与第一密钥的第一认证相关通信生成的签名的认证客户端。

公开(公告)号：US09449187B2

公开(公告)日：2016-09-20

申请号：US14456777

申请日：2014-08-11

申请人： Robert G. Caffary, Jr.

发明人： Robert G. Caffary, Jr.

IPC分类号： G06F21/62 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L63/08 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/6218 ,  G06F2221/2143 ,  H04L9/006 ,  H04L9/14 ,  H04L9/30 ,  H04L63/06 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/102 ,  H04L63/20 ,  H04L67/306 ,  H04L2209/56

摘要： The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset.

摘要翻译： 本文档中描述的技术可以以包括在处理设备处接收关于与设备网络相关联的一个或多个资产的信息的计算机实现的方法来实现。 所述方法还包括为所述资产中的至少一个生成至少基于所接收的关于所述对应资产的信息的一部分的安全令牌。 可以将安全令牌配置为识别为资产定义的归属网络，并且在检测到涉及资产的未经授权的活动的发生时限制对相应资产的访问。 该方法还包括在存储设备中存储关于安全令牌的信息和将安全令牌链接到相应的资产的信息，以及启动安全令牌与对应资产的集成。

公开(公告)号：US20160261574A1

公开(公告)日：2016-09-08

申请号：US15152250

申请日：2016-05-11

申请人： Certicom Corp.

发明人： Scott Alexander Vanstone ,  Marinus Struik

IPC分类号： H04L29/06

CPC分类号： H04L63/065 ,  H04L9/00 ,  H04L9/006 ,  H04L9/08 ,  H04L9/0833 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/0471 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/104 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

摘要： A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device's membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.

公开(公告)号：US20160248760A1

公开(公告)日：2016-08-25

申请号：US15002225

申请日：2016-01-20

申请人： T-Central, Inc.

发明人： David W. Kravitz ,  Donald Houston Graham, III ,  Josselyn L. Boudett ,  Russell S. Dietz

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L63/061 ,  H04L9/006 ,  H04L9/0825 ,  H04L9/0894 ,  H04L9/3247 ,  H04L63/0435 ,  H04L63/08 ,  H04L67/10 ,  H04L67/125 ,  H04L67/20

摘要： A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored.

公开(公告)号：US20160242028A1

公开(公告)日：2016-08-18

申请号：US15139470

申请日：2016-04-27

申请人： KT CORPORATION

发明人： Young-Bin CHO ,  Sung-Chul KIM ,  Jin-Hyoung LEE ,  Youn-Pil JEUNG

IPC分类号： H04W12/02 ,  H04L29/08 ,  H04L9/00 ,  H04L29/06

CPC分类号： H04W12/02 ,  H04L9/006 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/045 ,  H04L67/02 ,  H04W4/70

摘要： The disclosure is related to a machine to machine (M2M) device and a security management method thereof. The M2M device includes an identification circuit. The identification circuit may be configured to encrypt data collected from a sensor with a device identification (ID) of the M2M device and at least one subscriber ID of the identification circuit and to generate a data packet in a predetermined communication standard format by including the encrypted data in a payload of the data packet.

摘要翻译： 本公开涉及机器对机器（M2M）设备及其安全管理方法。 M2M设备包括识别电路。 识别电路可以被配置为利用M2M设备的设备标识（ID）和识别电路的至少一个订户ID来加密从传感器收集的数据，并且通过包括加密的通信标准来生成预定通信标准格式的数据分组 数据包的有效载荷中的数据。

公开(公告)号：US20160234020A1

公开(公告)日：2016-08-11

申请号：US15130146

申请日：2016-04-15

申请人： M2M and loT Technologies, LLC

发明人： John A. Nix

IPC分类号： H04L9/30 ,  H04L9/08

CPC分类号： H04L9/0861 ,  G06F21/35 ,  G06F2221/2105 ,  G06F2221/2107 ,  G06F2221/2115 ,  H04J11/00 ,  H04L9/006 ,  H04L9/0816 ,  H04L9/0841 ,  H04L9/085 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3066 ,  H04L9/32 ,  H04L9/321 ,  H04L9/3239 ,  H04L9/3247 ,  H04L9/3249 ,  H04L9/3263 ,  H04L12/2854 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/045 ,  H04L63/0464 ,  H04L63/061 ,  H04L63/0807 ,  H04L63/123 ,  H04L63/166 ,  H04L67/04 ,  H04L2209/24 ,  H04L2209/72 ,  H04L2209/805 ,  H04W4/70 ,  H04W8/082 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W40/005 ,  H04W52/0216 ,  H04W52/0235 ,  H04W52/0277 ,  H04W76/27 ,  H04W80/04 ,  H04W84/12 ,  H04W88/12 ,  H05K999/99 ,  Y02D70/00 ,  Y02D70/1222 ,  Y02D70/1224 ,  Y02D70/1242 ,  Y02D70/1244 ,  Y02D70/1262 ,  Y02D70/1264 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/162 ,  Y02D70/164 ,  Y02D70/166 ,  Y02D70/21 ,  Y02D70/24

摘要： A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

摘要翻译： 具有嵌入式通用集成电路卡（eUICC）的模块可以包括接收的eUICC配置文件和一组加密算法。 所接收的eUICC简档可以包括用于与无线网络进行认证的初始共享密钥。 该模块可以接收密钥K网络令牌，并向无线网络发送密钥K模块令牌。 该模块可以使用密钥K网络令牌，派生模块私钥和密钥导出功能来导出支持与无线网络通信的秘密共享网络密钥K. 无线网络可以使用接收到的密钥K模块令牌，网络专用密钥和密钥导出功能，以便导出由该模块导出的相同的秘密共享网络密钥K. 模块和无线网络随后可以使用相互导出的密钥K来使用传统的无线网络标准进行通信。

公开(公告)号：US20160182221A1

公开(公告)日：2016-06-23

申请号：US14903695

申请日：2014-08-18

申请人： Alcatel Lucent

发明人： Tommaso CUCINOTTA ,  Stephane BETGE-BREZETZ

IPC分类号： H04L9/00 ,  H04L9/14 ,  H04L29/06

CPC分类号： H04L9/006 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/0815 ,  H04L63/0853 ,  H04L63/10

摘要： A method for controlling the exchange of private data, associated with a client device, between an application in execution on or for the device and a serving node in a data network, comprising transmitting a request to the serving node from the application for access to a service requiring use of the private data, receiving challenge data at the application from the serving node, requesting authorisation for the use of the private data using a secure user interface of the client device to a trusted information manager on the basis of the challenge data, transmitting an obfuscated version of the private data for use with the service from the trusted information manager to the application on the basis of the authorisation.

摘要翻译： 一种用于控制与客户端设备相关联的私有数据与在设备上执行的应用程序或设备上的应用程序与数据网络中的服务节点的交换的方法，包括从应用程序向服务节点发送请求以访问 需要使用私有数据的服务，从服务节点在应用程序处接收挑战数据，使用客户端设备的安全用户界面根据挑战数据向受信任信息管理器请求使用专用数据的授权， 在所述授权的基础上，向所述可信信息管理器向所述应用传送与所述服务一起使用的私有数据的混淆版本。