公开(公告)号：US07861286B2

公开(公告)日：2010-12-28

申请号：US11705064

申请日：2007-02-12

Applicant: David M'Raihi ,  Joseph Adler ,  Siddharth Bajaj ,  Nicolas Popp ,  Kerry E. Loftus ,  Bruce Ong ,  Alin M. Mutu ,  Jeffrey Burstein ,  Yueqin Lin

Inventor： David M'Raihi ,  Joseph Adler ,  Siddharth Bajaj ,  Nicolas Popp ,  Kerry E. Loftus ,  Bruce Ong ,  Alin M. Mutu ,  Jeffrey Burstein ,  Yueqin Lin

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  G06F21/00

CPC classification number: G06F21/316 ,  G06F21/33 ,  G06F21/34 ,  G06F21/552 ,  G06F2221/2103 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/14 ,  H04L63/1416 ,  H04L2209/56

Abstract: A system and method for providing identity protection services. According to an embodiment, a validation server receives over a network a response from a credential associated with a user, the credential response provided by the user in order to authenticate the user to one of a plurality of sites on the network that accepts the credential as a factor for authentication, the validation server verifies the credential response on behalf of the one network site, a fraud detection server receives over the network information in connection with a transaction associated with the user at the one network site, and the fraud detection server evaluates the transaction information for suspicious activity based at least in part on information provided to the fraud detection server in connection with one or more transactions at one or more sites on the network other than the one network site.

Abstract translation: 一种用于提供身份保护服务的系统和方法。 根据实施例，验证服务器通过网络接收来自与用户相关联的凭证的响应，由用户提供的证书响应，以便将用户认证为网络上接受该证书的多个站点中的一个 验证服务器代表一个网站验证凭证响应，欺诈检测服务器通过网络信息接收与一个网站上与用户相关联的事务，并且欺诈检测服务器评估 至少部分地基于与除了一个网络站点之外的网络上的一个或多个站点处的一个或多个事务相关联地提供给所述欺诈检测服务器的信息的可疑活动的交易信息。

公开(公告)号：US07347366B2

公开(公告)日：2008-03-25

申请号：US11376678

申请日：2006-03-14

Applicant: David M'Raihi

Inventor： David M'Raihi

IPC: G06K5/00

CPC classification number: G06Q20/3823 ,  G06Q20/341 ,  G06Q20/3674 ,  G06Q20/40 ,  G06Q20/40975 ,  G07F7/1008

Abstract: A method and apparatus to provide authentication. The method comprising sending a challenge to a user to be authenticated, the challenge including a reference on a card issued to the user and receiving a user-supplied value purported by the user to be associated with the reference on the card issued to the user. The method further comprising accessing a secret key associated with the card issued to the user and generating a password using a function F of the secret key and the reference. The method further comprising mapping the function F to a value in an alphabet and authenticating the user by comparing the value in the alphabet to the user-supplied value.

Abstract translation: 一种提供认证的方法和装置。 所述方法包括向要被认证的用户发送挑战，所述挑战包括在发给用户的卡上的参考，并且接收由用户声称与用户发布的卡上的参考相关联的用户提供的值。 该方法还包括访问与发给用户的卡相关联的秘密密钥，并使用密钥和引用的函数F生成密码。 该方法还包括将功能F映射到字母表中的值，并通过将字母表中的值与用户提供的值进行比较来认证用户。

公开(公告)号：US09264234B2

公开(公告)日：2016-02-16

申请号：US13357454

申请日：2012-01-24

Applicant: Augustin J. Farrugia ,  David M'Raihi ,  Mathieu Ciet ,  Thomas Icart

Inventor： Augustin J. Farrugia ,  David M'Raihi ,  Mathieu Ciet ,  Thomas Icart

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06

CPC classification number: H04L9/3247 ,  H04L9/06 ,  H04L2209/16

Abstract: In the field of computer and data security, the identifier (ID) of a computing device is protected by providing a secure signature used to verify the ID. The signature is computed from the ID using a “White Box” cryptographic process and a hash function. This provides a signature that is computationally easy to verify but difficult or impossible to generate by a hacker (unauthorized user). This method of first creating the signature and later verifying the identifier using the signature and the associated computing apparatus are thereby useful for protection against hacking of such identifiers of computing devices.

Abstract translation: 在计算机和数据安全领域，通过提供用于验证ID的安全签名来保护计算设备的标识符（ID）。 使用“白盒”加密过程和散列函数从ID计算签名。 这提供了计算上容易验证但由黑客（未经授权的用户）产生困难或不可能的签名。 因此，首先创建签名并随后使用签名和相关联的计算装置验证标识符的这种方法因此有助于防止这些计算设备的这种标识符的黑客入侵。

公开(公告)号：US20140301551A1

公开(公告)日：2014-10-09

申请号：US13446024

申请日：2012-04-13

Applicant: Joseph A. Adler ,  David M'Raihi

Inventor： Joseph A. Adler ,  David M'Raihi

IPC: H04K1/00 ,  G06K7/01

CPC classification number: H04L9/3271 ,  G06F7/725 ,  H04L9/0841 ,  H04L9/3066 ,  H04L2209/805

Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.

公开(公告)号：US20130010957A1

公开(公告)日：2013-01-10

申请号：US13543295

申请日：2012-07-06

Applicant: Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

Inventor： Meng-Day Yu ,  Srinivas Devadas ,  David M'Raihi ,  Eric Duprat

IPC: H04L9/00

CPC classification number: H04L9/3278 ,  H04L9/0844 ,  H04L9/0866

Abstract: An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.

Abstract translation: 加密安全性的方法使用与硬凭证相反的模糊凭证来消除可能遭受物理攻击的设备上的加密算法重复性。 通过消除在算法（例如门或软件）级别执行的重复性，设备固有地缺乏与某些类别的侧信道，故障注入，定时和相关攻击相关联的基本设置假设之一，从而有助于保护系统免受 这种攻击同时保留了系统的加密安全性。

公开(公告)号：US20120096535A1

公开(公告)日：2012-04-19

申请号：US13284359

申请日：2011-12-06

Applicant: Nicolas POPP ,  David M'RAIHI ,  Loren HART

Inventor： Nicolas POPP ,  David M'RAIHI ,  Loren HART

IPC: G06F7/04

CPC classification number: H04L9/3228 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/20

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s.

Abstract translation: 令牌通过基于密钥K和计数器值C生成HMAC-SHA-1值来计算一次密码，截断所生成的HMAC-SHA-1值模10Digit，其中Digit是一次数位数 密码。 一次性密码可以由使用K计算其自己的密码版本及其自己的计数器值C'的验证服务器进行验证。 如果存在初始不匹配，则验证服务器补偿预览窗口中计数器C和C'之间的同步缺失，其大小可以由参数s设置。

公开(公告)号：US08087074B2

公开(公告)日：2011-12-27

申请号：US11665027

申请日：2005-10-17

Applicant: Nicolas Popp ,  David M'Raihi ,  Loren Hart

Inventor： Nicolas Popp ,  David M'Raihi ,  Loren Hart

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  G06F21/00

CPC classification number: H04L9/3228 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/20

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s.

Abstract translation: 令牌通过基于密钥K和计数器值C生成HMAC-SHA-1值来计算一次密码，截断产生的HMAC-SHA-1值模10 ^数字，其中，数字是数字的数量 一次密码 一次性密码可以由使用K计算其自己的密码版本及其自己的计数器值C'的验证服务器进行验证。 如果存在初始不匹配，则验证服务器补偿预览窗口中计数器C和C'之间的同步缺失，其大小可以由参数s设置。

公开(公告)号：US20100037046A1

公开(公告)日：2010-02-11

申请号：US12186651

申请日：2008-08-06

Applicant: Barry Ferg ,  Gary Krall ,  David M'Raihi ,  Nicolas Popp

Inventor： Barry Ferg ,  Gary Krall ,  David M'Raihi ,  Nicolas Popp

IPC: H04L9/32

CPC classification number: H04L63/08 ,  H04L9/321 ,  H04L9/3271

Abstract: A centralized credential management system. Website credentials are stored at a vault storing at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract translation: 集中的凭证管理系统。 网站凭据存储在存储在保管库中的保管库中。 网站凭据基于文件库不可用的密钥进行加密，并用于向第三方网站认证用户。 通过客户端，用户对文件库进行身份验证，并检索加密的网站凭据和参数以及将证书正确注入网站验证表单的代码。 网站凭据在客户端解密，并使用参数和代码注入认证表单。

公开(公告)号：US20090313687A1

公开(公告)日：2009-12-17

申请号：US11665027

申请日：2005-10-17

Applicant: Nicolas Popp ,  David M'Raihi ,  Loren Hart

Inventor： Nicolas Popp ,  David M'Raihi ,  Loren Hart

IPC: H04L9/32

CPC classification number: H04L9/3228 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/20

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10̂Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s.

Abstract translation: 令牌通过基于密钥K和计数器值C生成HMAC-SHA-1值来计算一次密码，截断所生成的HMAC-SHA-1值模10Digit，其中Digit是一次数位数 密码。 一次性密码可以由使用K计算其自己的密码版本及其自己的计数器值C'的验证服务器进行验证。 如果存在初始不匹配，则验证服务器补偿预览窗口中计数器C和C'之间的同步缺失，其大小可以由参数s设置。

公开(公告)号：US20070220595A1

公开(公告)日：2007-09-20

申请号：US11705064

申请日：2007-02-12

Applicant: David M'raihi ,  Joseph Adler ,  Siddharth Bajaj ,  Nicolas Popp ,  Kerry Loftus ,  Bruce Ong ,  Alin Mutu ,  Jeffrey Burstein ,  Yueqin Lin

Inventor： David M'raihi ,  Joseph Adler ,  Siddharth Bajaj ,  Nicolas Popp ,  Kerry Loftus ,  Bruce Ong ,  Alin Mutu ,  Jeffrey Burstein ,  Yueqin Lin

IPC: H04L9/32

CPC classification number: G06F21/316 ,  G06F21/33 ,  G06F21/34 ,  G06F21/552 ,  G06F2221/2103 ,  H04L9/3271 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/14 ,  H04L63/1416 ,  H04L2209/56

Abstract: A system and method for providing identity protection services. According to an embodiment, a validation server receives over a network a response from a credential associated with a user, the credential response provided by the user in order to authenticate the user to one of a plurality of sites on the network that accepts the credential as a factor for authentication, the validation server verifies the credential response on behalf of the one network site, a fraud detection server receives over the network information in connection with a transaction associated with the user at the one network site, and the fraud detection server evaluates the transaction information for suspicious activity based at least in part on information provided to the fraud detection server in connection with one or more transactions at one or more sites on the network other than the one network site.

Abstract translation: 一种用于提供身份保护服务的系统和方法。 根据实施例，验证服务器通过网络接收来自与用户相关联的凭证的响应，由用户提供的证书响应，以便将用户认证为网络上接受该证书的多个站点中的一个 验证服务器代表一个网站验证凭证响应，欺诈检测服务器通过网络信息接收与一个网站上与用户相关联的事务，并且欺诈检测服务器评估 至少部分地基于与除了一个网络站点之外的网络上的一个或多个站点处的一个或多个事务相关联地提供给所述欺诈检测服务器的信息的可疑活动的交易信息。