公开(公告)号：US08479011B2

公开(公告)日：2013-07-02

申请号：US12607047

申请日：2009-10-27

申请人： Asad Mahboob Ali ,  Bart John Bombay ,  Ashish Malpani

发明人： Asad Mahboob Ali ,  Bart John Bombay ,  Ashish Malpani

IPC分类号： G06F21/00

CPC分类号： G06F21/34 ,  G06F21/78

摘要： A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.

摘要翻译： 一种方法和系统，用于使用第二外围设备上的用户的认证向连接到主计算机的第一外围设备提供用户认证，从而允许用户通过单个认证访问两个设备。 第二外围设备上的安全功能用于创建授权短语。 对第一外围设备的后续访问需要第二外围设备重新创建相同的授权短语，从而证明正在使用相同的第二外围设备来访问第一外围设备，并且用户被成功地认证到第二外围设备。 公开了其它系统和方法。

公开(公告)号：US08527757B2

公开(公告)日：2013-09-03

申请号：US12666276

申请日：2008-06-23

申请人： HongQian Karen Lu ,  Asad Mahboob Ali ,  Kapil Sachdeva

发明人： HongQian Karen Lu ,  Asad Mahboob Ali ,  Kapil Sachdeva

IPC分类号： H04L29/06

CPC分类号： H04L63/0853 ,  G06F21/6263 ,  H04L63/1441 ,  H04L63/18

摘要： The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser.The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.

摘要翻译： 本发明涉及包括用于连接到计算机的连接装置的便携式认证令牌，用于与在计算机上运行的浏览器进行通信的浏览器通信装置以及用于将令牌的用户认证到服务器的用户认证装置。 当用户从计算机的浏览器连接到服务器时，通过浏览器通信装置触发用户认证装置。 用户认证装置设置为通过浏览器与服务器通信来认证用户。 令牌包括带外令牌通信装置，设置为通过在令牌和服务器之间建立通信信道来验证用户认证，通信信道绕过浏览器。 本发明还涉及一种认证方法以及一种系统，该系统包括令牌，计算机和服务器，用户使用令牌进行认证。

公开(公告)号：US07926096B2

公开(公告)日：2011-04-12

申请号：US11216363

申请日：2005-08-31

申请人： Asad Mahboob Ali ,  Bertrand du Castel ,  Apostol Vassilev ,  Sylvain Prevost ,  Kapil Sachdeva

发明人： Asad Mahboob Ali ,  Bertrand du Castel ,  Apostol Vassilev ,  Sylvain Prevost ,  Kapil Sachdeva

IPC分类号： H04L29/06

CPC分类号： G06F1/14 ,  H04J3/0638 ,  H04L9/3234 ,  H04L9/3271 ,  H04L9/3297 ,  H04L63/0846 ,  H04L63/166 ,  H04L2209/56

摘要： A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.

摘要翻译： 一种用于操作不能独立地维护本地时钟的设备的系统和方法，以执行需要可靠时间参考的基于时间的事务策略。 设备建立到一个或多个网络连接的时间源的安全通信信道，并且使用安全通信信道查询关于当前时间的网络连接的时间源中的每一个。 设备从网络连接的时间源接收当前时间，并使用接收到的当前时间来估计当前日历时间，并计算与估计的当前日历时间相关联的可靠性指标。 该设备使用估计的当前日历时间和可靠性指数来执行基于时间的交易策略。

公开(公告)号：US20100235637A1

公开(公告)日：2010-09-16

申请号：US12666276

申请日：2008-06-23

申请人： H.Karen Lu ,  Asad Mahboob Ali ,  Kapil Sachdeva

发明人： H.Karen Lu ,  Asad Mahboob Ali ,  Kapil Sachdeva

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/0853 ,  G06F21/6263 ,  H04L63/1441 ,  H04L63/18

摘要： The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser.The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.

摘要翻译： 本发明涉及包括用于连接到计算机的连接装置的便携式认证令牌，用于与在计算机上运行的浏览器进行通信的浏览器通信装置以及用于将令牌的用户认证到服务器的用户认证装置。 当用户从计算机的浏览器连接到服务器时，通过浏览器通信装置触发用户认证装置。 用户认证装置设置为通过浏览器与服务器通信来认证用户。 令牌包括带外令牌通信装置，设置为通过在令牌和服务器之间建立通信信道来验证用户认证，通信信道绕过浏览器。 本发明还涉及一种认证方法以及一种系统，该系统包括令牌，计算机和服务器，用户使用令牌进行认证。

公开(公告)号：US20110083017A1

公开(公告)日：2011-04-07

申请号：US12607047

申请日：2009-10-27

申请人： Asad MAHBOOB ALI ,  Bart John Bombay ,  Ashish Malpani

发明人： Asad MAHBOOB ALI ,  Bart John Bombay ,  Ashish Malpani

IPC分类号： G06F21/00

CPC分类号： G06F21/34 ,  G06F21/78

摘要： A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.

摘要翻译： 一种方法和系统，用于使用第二外围设备上的用户的认证向连接到主计算机的第一外围设备提供用户认证，从而允许用户通过单个认证访问两个设备。 第二外围设备上的安全功能用于创建授权短语。 对第一外围设备的后续访问需要第二外围设备重新创建相同的授权短语，从而证明正在使用相同的第二外围设备来访问第一外围设备，并且用户被成功地认证到第二外围设备。 公开了其它系统和方法。

公开(公告)号：US07509487B2

公开(公告)日：2009-03-24

申请号：US10848738

申请日：2004-05-19

申请人： HongQian Karen Lu ,  Michael Andrew Montgomery ,  Asad Mahboob Ali

发明人： HongQian Karen Lu ,  Michael Andrew Montgomery ,  Asad Mahboob Ali

IPC分类号： G06F21/00

CPC分类号： H04L63/0853 ,  G06F21/34 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/08 ,  H04L63/166

摘要： Secure communication between a resource-constrained device and remote network nodes over a network with the resource-constrained acting as a network node. The remote network nodes communicate with the resource-constrained device using un-modified network clients and servers. Executing on the resource-constrained device, a communications module implements one or more link layer communication protocols, operable to communicate with a host computer, operable to communicate with remote network nodes and operable to implement network security protocols thereby setting a security boundary inside the resource-constrained device.

摘要翻译： 资源受限设备和远程网络节点之间通过资源受限充当网络节点的网络之间的安全通信。 远程网络节点使用未修改的网络客户端和服务器与资源受限的设备进行通信。 在资源受限设备上执行的通信模块实现一个或多个链路层通信协议，可操作以与主机通信，可操作以与远程网络节点进行通信，并可操作以实现网络安全协议，从而在资源中设置安全边界 约束设备。

公开(公告)号：US07392534B2

公开(公告)日：2008-06-24

申请号：US10750430

申请日：2003-12-31

申请人： HongQian Karen Lu ,  Asad Mahboob Ali

发明人： HongQian Karen Lu ,  Asad Mahboob Ali

IPC分类号： H04L9/32

CPC分类号： G06Q20/3823 ,  G06F21/42 ,  G06F21/6263 ,  G06F2221/2153 ,  G06Q20/341 ,  G06Q20/346 ,  G06Q20/382 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/18 ,  H04L2463/102

摘要： A system and method for effecting secure transactions over a computer network in a manner designed to foil identity theft perpetrated from an untrusted computer. A connection from a client computer to the network wherein the client computer provides a user interface for a user, a connection from a server computer to the network, and a connection from a portable secure computing device to the network provides for secure transmission of private confidential user information from the user to a server. The private information is transmitted directly from the secure computing device to the server over the secure connection without possibility of capture on the computer with which the user is interacting.

摘要翻译： 一种用于通过计算机网络实现安全交易的系统和方法，其设计方式旨在消除从不受信任的计算机进行的身份盗用。 从客户端计算机到网络的连接，其中客户端计算机为用户提供用户界面，从服务器计算机到网络的连接以及从便携式安全计算设备到网络的连接提供了私人机密的安全传输 用户信息从用户到服务器。 通过安全连接将私人信息直接从安全计算设备传输到服务器，而无需在用户正在进行交互的计算机上进行捕获。