公开(公告)号：US08214888B2

公开(公告)日：2012-07-03

申请号：US12138979

申请日：2008-06-13

申请人： Frederik Noe ,  Frank Hoornaert ,  Dirk Marien ,  Nicolas Fort

发明人： Frederik Noe ,  Frank Hoornaert ,  Dirk Marien ,  Nicolas Fort

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： G06F21/34

摘要： The present patent application discloses a USB token that advantageously mimics a human interface device such as a keyboard in interacting with a host computer, thus removing the need for pre-installation of a dedicated device driver. This is accomplished by requiring the host computer to direct the input of the attached human interface devices of the keyboard type, including the USB token, exclusively to the program interacting with the USB token, by using cryptographic algorithms based on a shared secret, which require less data to be transferred than PKI-based algorithms, and by employing an efficient encoding scheme that minimizes the time needed to exchange information with the USB token, and minimizes the probability of generating ambiguity with input that might legitimately be generated by other attached human interface devices. By using only symmetric encryption and the low-speed USB protocol, a single low-performance processor may be used, which results in a more cost-effective solution than PKI USB tokens emulating the combination of smart cards and smart card readers or USB tokens presenting themselves to the host computer as mass storage devices. The overall security is increased by adding a second authentication factor consisting of a static password entered by the user, and by limiting the number of valid token response that can be generated or retrieved in a usage session.

摘要翻译： 本专利申请公开了一种USB令牌，其有利地模拟诸如键盘的人机接口设备与主机交互，从而消除了对专用设备驱动程序的预安装的需要。 这是通过要求主计算机通过使用基于共享秘密的密码算法将包括USB令牌在内的键盘类型的附接的人机接口设备的输入专用于与USB令牌交互的程序来实现的，这需要 要比基于PKI的算法更少的数据传输，并且通过采用最小化与USB令牌交换信息所需的时间的有效的编码方案，并且最小化由其他附加的人机接口合法产生的输入产生歧义的概率 设备。 通过仅使用对称加密和低速USB协议，可以使用单个低性能处理器，这导致比PKI USB令牌更具成本效益的解决方案，仿真智能卡和智能卡读卡器或USB令牌的组合 自己以主机为大容量存储设备。 通过添加由用户输入的静态密码组成的第二认证因素，以及通过限制可以在使用会话中生成或检索的有效令牌响应的数量来增加总体安全性。

公开(公告)号：US20100122333A1

公开(公告)日：2010-05-13

申请号：US12270486

申请日：2008-11-13

申请人： Frederik Noe

发明人： Frederik Noe

IPC分类号： H04L9/32

CPC分类号： H04L63/105 ,  G06F21/41 ,  H04L9/3213 ,  H04L63/0815

摘要： The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate.

摘要翻译： 本发明涉及通过计算机网络的服务的用户认证领域，更具体地涉及联合认证或单点登录的范例。 已知技术包括将不同的信任级别与不同的认证机制相关联，其中相应的信任级别提供对不同信息资源的访问，特别是提供用更强形式的认证来保护更多敏感资源的可能性。 本发明提供一种允许信任级别降低的机制，而不用系统上的单一登录重新认证，直到不再足以获得对期望资源的访问的级别。 只有这样，用户才需要重新认证。

公开(公告)号：US20090193511A1

公开(公告)日：2009-07-30

申请号：US12138979

申请日：2008-06-13

申请人： Frederik Noe ,  Frank Hoornaert ,  Dirk Marien ,  Nicolas Fort

发明人： Frederik Noe ,  Frank Hoornaert ,  Dirk Marien ,  Nicolas Fort

IPC分类号： G06F21/00

CPC分类号： G06F21/34

摘要： The present patent application discloses a USB token that advantageously mimics a human interface device such as a keyboard in interacting with a host computer, thus removing the need for pre-installation of a dedicated device driver. This is accomplished by requiring the host computer to direct the input of the attached human interface devices of the keyboard type, including the USB token, exclusively to the program interacting with the USB token, by using cryptographic algorithms based on a shared secret, which require less data to be transferred than PKI-based algorithms, and by employing an efficient encoding scheme that minimizes the time needed to exchange information with the USB token, and minimizes the probability of generating ambiguity with input that might legitimately be generated by other attached human interface devices. By using only symmetric encryption and the low-speed USB protocol, a single low-performance processor may be used, which results in a more cost-effective solution than PKI USB tokens emulating the combination of smart cards and smart card readers or USB tokens presenting themselves to the host computer as mass storage devices. The overall security is increased by adding a second authentication factor consisting of a static password entered by the user, and by limiting the number of valid token response that can be generated or retrieved in a usage session.

摘要翻译： 本专利申请公开了一种USB令牌，其有利地模拟诸如键盘的人机接口设备与主机交互，从而消除了对专用设备驱动程序的预安装的需要。 这是通过要求主计算机通过使用基于共享秘密的密码算法将包括USB令牌在内的键盘类型的附接的人机接口设备的输入专用于与USB令牌交互的程序来实现的，这需要 要比基于PKI的算法更少的数据传输，并且通过采用最小化与USB令牌交换信息所需的时间的有效的编码方案，并且最小化由其他附加的人机接口合法产生的输入产生歧义的概率 设备。 通过仅使用对称加密和低速USB协议，可以使用单个低性能处理器，这导致比PKI USB令牌更具成本效益的解决方案，仿真智能卡和智能卡读卡器或USB令牌的组合 自己以主机为大容量存储设备。 通过添加由用户输入的静态密码组成的第二认证因素，以及通过限制可以在使用会话中生成或检索的有效令牌响应的数量来增加总体安全性。