公开(公告)号：US08776199B2

公开(公告)日：2014-07-08

申请号：US12686495

申请日：2010-01-13

申请人： Ismail Cem Paya ,  Trevin Chow ,  Christopher N. Peterson

发明人： Ismail Cem Paya ,  Trevin Chow ,  Christopher N. Peterson

IPC分类号： H04L9/32 ,  H04L9/00 ,  H04L29/06

CPC分类号： H04L63/1483 ,  H04L9/0844 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0869 ,  H04L2209/60 ,  H04N21/2265 ,  H04N21/25816 ,  H04N21/25875

摘要： Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.

摘要翻译： 保护用户免受Web欺骗，用户在通过网页提交敏感信息（例如登录名和密码）之前确认网页的真实性。 该网页向用户提供表示用户和服务器之间的共享密钥的可识别信息。 用户在通过网页披露任何敏感信息之前，确认共享秘密的正确性，以确保网页的合法性。

公开(公告)号：US08621592B2

公开(公告)日：2013-12-31

申请号：US13533470

申请日：2012-06-26

申请人： Josh D. Benaloh ,  Ismail Cem Paya

发明人： Josh D. Benaloh ,  Ismail Cem Paya

IPC分类号： H04L29/06

CPC分类号： H04L9/3236 ,  H04L9/3213 ,  H04L9/3226 ,  H04L63/0807

摘要： An authentication ticket is validated to ensure authenticated communications between a client and an online service provider. In an embodiment an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.

摘要翻译： 验证凭证被验证，以确保客户端和在线服务提供商之间的经过身份验证的通信。 在一个实施例中，从与客户端相关联的用户代理接收认证请求，并且认证请求包括一组标识信息和一组认证信息。 此外，确定该组识别信息和一组认证信息与用户相关联，并且创建包括用户标识和认证的认证券，向在线服务提供商指示用户被认证以访问一个 或更多的在线服务。 此外，验证令牌被嵌入到认证券中，该认证券提供增强的验证，即由在线服务提供商提供的访问被认证。

公开(公告)号：US08560861B1

公开(公告)日：2013-10-15

申请号：US12209855

申请日：2008-09-12

申请人： Baskaran Dharmarajan ,  Ismail Cem Paya ,  Ashvin J Mathew

发明人： Baskaran Dharmarajan ,  Ismail Cem Paya ,  Ashvin J Mathew

IPC分类号： H04K1/00

CPC分类号： H04L63/0807 ,  H04L63/166

摘要： A permission level associated with an associate's web access is identified. A relationship ticket is obtained from an authentication server and a request is generated to set the identified permission level. The request and the relationship ticket are sent to a Web server and a success code is received from the Web server if the requested permission level is established.

摘要翻译： 识别与联系人的Web访问相关联的权限级别。 从认证服务器获得关系证，并且生成请求以设置所识别的许可级别。 请求和关系票据发送到Web服务器，如果请求的权限级别建立，则从Web服务器接收到成功代码。

公开(公告)号：US20130226791A1

公开(公告)日：2013-08-29

申请号：US13408794

申请日：2012-02-29

申请人： Michael William Springer ,  Ismail Cem PAYA ,  Malgorzata Monika LISOWIEC ,  Aneto Pablo OKONKWO ,  Patrick Pui Wah LEUNG ,  Fan JIANG

发明人： Michael William Springer ,  Ismail Cem PAYA ,  Malgorzata Monika LISOWIEC ,  Aneto Pablo OKONKWO ,  Patrick Pui Wah LEUNG ,  Fan JIANG

IPC分类号： G06Q20/34 ,  H04B5/00

CPC分类号： G06Q40/12 ,  G06Q20/3278 ,  G06Q20/343 ,  G06Q20/353 ,  G06Q20/367 ,  G06Q20/3823 ,  G06Q20/4018 ,  H04B5/0056

摘要： Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.

摘要翻译： 通过将随机生成的卡片验证码编码到智能卡上来防止脱机事务期间的欺诈。 在每次交易期间，将验证码发送到非接触式设备，其中与帐号交叉参考以确保卡的存在。 此外，每个交易记录由驻留在非接触式设备上的访问密钥签名，并由驻留在远程系统上的签名密钥进行认证。 当非接触式设备创建存款请求时，可以将资金存入卡上，使用访问密钥对该请求进行签名并将其发送到远程系统，该远程系统又处理该请求并用签名密钥来证明该请求。 无接触设备创建提款记录并使用访问密钥对其进行签名时，可以撤销资金。 当记录稍后传送时，远程系统使用签名密钥验证签名并验证记录。

公开(公告)号：US08352749B2

公开(公告)日：2013-01-08

申请号：US13235375

申请日：2011-09-17

申请人： Rob von Behren ,  Jonathan Wall ,  Ismail Cem Paya

发明人： Rob von Behren ,  Jonathan Wall ,  Ismail Cem Paya

IPC分类号： H04L29/06

CPC分类号： G06Q20/3552 ,  G06Q20/3278 ,  G06Q20/35765 ,  G06Q20/3823 ,  G07F7/1008 ,  G07F7/1016

摘要： Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.

摘要翻译： 本文公开了系统，方法，计算机程序和设备，用于在非接触式智能卡设备的安全元件内部署本地可信服务管理器。 安全元件是结合到非接触式智能卡设备中的非接触式智能卡的组件。 使用非对称加密算法来生成公私密钥对。 私钥存储在安全元件中，并且可由可信服务管理器（TSM）软件应用程序或安全元件中的控制软件应用程序访问。 访问公共密钥的非TSM计算机加密然后将加密的应用数据或软件应用程序发送到安全元件，其中TSM软件应用程序解密并将软件应用程序安装到安全元件以用于交易目的。

公开(公告)号：US20120079585A1

公开(公告)日：2012-03-29

申请号：US13312573

申请日：2011-12-06

申请人： Kok Wai Chan ,  Colin Chow ,  Trevin M. Chow ,  Lin Huang ,  Ryan Hurst ,  Naresh Jain ,  Wei Jiang ,  Yordan I. Rouskov ,  Pui-Yin Winfred Wong ,  Ismail Cem Paya ,  Ryan Hurst

发明人： Kok Wai Chan ,  Colin Chow ,  Trevin M. Chow ,  Lin Huang ,  Ryan Hurst ,  Naresh Jain ,  Wei Jiang ,  Yordan I. Rouskov ,  Pui-Yin Winfred Wong ,  Ismail Cem Paya ,  Ryan Hurst

IPC分类号： G06F7/04 ,  G06F15/16

CPC分类号： H04L63/0823 ,  H04L9/3234 ,  H04L9/3265 ,  H04L63/0884 ,  H04L63/166 ,  H04L2209/56 ,  H04L2209/76 ,  H04L2209/80

摘要： Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.

摘要翻译： 本文描述了代理认证和间接证书链接的实施例。 在实现中，通过代理服务发生客户端的身份验证。 代理服务在客户端和服务器之间进行通信，代表客户端缓存安全令牌。 在实现中，使用包含多个已知证书的签名数据包来确定呈现给客户端以建立信任的证书的可信赖性。 在不使用客户端设备上安装的根证书的情况下验证所呈现的证书。

公开(公告)号：US07653944B2

公开(公告)日：2010-01-26

申请号：US11046996

申请日：2005-01-31

申请人： Kumar H. Chellapilla ,  Patrice Y. Simard ,  Shannon A. Kallin ,  Erren Dusan Lester ,  Ismail Cem Paya

发明人： Kumar H. Chellapilla ,  Patrice Y. Simard ,  Shannon A. Kallin ,  Erren Dusan Lester ,  Ismail Cem Paya

IPC分类号： G06F7/04 ,  G06F17/30 ,  H04N7/16

CPC分类号： G06T3/00 ,  G06F21/31 ,  G06F21/55 ,  G06Q10/107 ,  G06Q30/02

摘要： The subject invention provides a unique system and method that facilitates creating HIP challenges (HIPs) that can be readily segmented and solved by human users but that are too difficult for non-human users. More specifically, the system and method utilize a variety of unique alteration techniques that are segmentation-based. For example, the system and method employ thicker arcs or occlusions that do not intersect characters already placed in the HIP. The thickness of the arc can be measured or determined by the thickness of the characters in the HIP. In addition to increasing the thickness, the arcs can be lengthened because longer arcs tend to resemble pieces of characters and may be harder to erode. Usability maps can be generated and used to selectively place clutter or occlusions and to selectively warp characters or the character sequence to facilitate human recognition of the characters.

摘要翻译： 本发明提供了一种独特的系统和方法，其有助于创建可以容易地由人类用户分割和解决的HIP挑战（HIP），但是对于非人类用户来说太难了。 更具体地说，该系统和方法利用了基于分段的各种独特的改变技术。 例如，系统和方法采用较大的弧或闭合不与HIP中已经放置的字符相交。 电弧的厚度可以通过HIP中字符的厚度来测量或确定。 除了增加厚度之外，弧可以延长，因为较长的弧往往类似于一些字符，并且可能难以侵蚀。 可用性图可以被生成并用于选择性地放置杂乱或闭塞，并且选择性地扭曲字符或字符序列以促进人类对字符的识别。

公开(公告)号：US08898088B2

公开(公告)日：2014-11-25

申请号：US13408794

申请日：2012-02-29

申请人： Michael William Springer ,  Ismail Cem Paya ,  Malgorzata Monika Lisowiec ,  Aneto Pablo Okonkwo ,  Patrick Pui Wah Leung ,  Fan Jiang

发明人： Michael William Springer ,  Ismail Cem Paya ,  Malgorzata Monika Lisowiec ,  Aneto Pablo Okonkwo ,  Patrick Pui Wah Leung ,  Fan Jiang

IPC分类号： G06Q20/00 ,  G06Q20/34

CPC分类号： G06Q40/12 ,  G06Q20/3278 ,  G06Q20/343 ,  G06Q20/353 ,  G06Q20/367 ,  G06Q20/3823 ,  G06Q20/4018 ,  H04B5/0056

摘要： Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.

摘要翻译： 通过将随机生成的卡片验证码编码到智能卡上来防止脱机事务期间的欺诈。 在每次交易期间，将验证码发送到非接触式设备，其中与帐号交叉参考以确保卡的存在。 此外，每个交易记录由驻留在非接触式设备上的访问密钥签名，并由驻留在远程系统上的签名密钥进行认证。 当非接触式设备创建存款请求时，可以将资金存入卡上，使用访问密钥对该请求进行签名并将其发送到远程系统，该远程系统又处理该请求并用签名密钥来证明该请求。 无接触设备创建提款记录并使用访问密钥对其进行签名时，可以撤销资金。 当记录稍后传送时，远程系统使用签名密钥验证签名并验证记录。

公开(公告)号：US08335932B2

公开(公告)日：2012-12-18

申请号：US13244715

申请日：2011-09-26

申请人： Rob von Behren ,  Jonathan Wall ,  Ismail Cem Paya

发明人： Rob von Behren ,  Jonathan Wall ,  Ismail Cem Paya

IPC分类号： H04L29/06

CPC分类号： G06Q20/3552 ,  G06Q20/3278 ,  G06Q20/35765 ,  G06Q20/3823 ,  G07F7/1008 ,  G07F7/1016

摘要： Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.

摘要翻译： 本文公开了系统，方法，计算机程序和设备，用于在非接触式智能卡设备的安全元件内部署本地可信服务管理器。 安全元件是结合到非接触式智能卡设备中的非接触式智能卡的组件。 使用非对称加密算法来生成公私密钥对。 私钥存储在安全元件中，并且可由可信服务管理器（TSM）软件应用程序或安全元件中的控制软件应用程序访问。 访问公共密钥的非TSM计算机加密然后将加密的应用数据或软件应用程序发送到安全元件，其中TSM软件应用程序解密并将软件应用程序安装到安全元件以用于交易目的。

公开(公告)号：US08239927B2

公开(公告)日：2012-08-07

申请号：US12040357

申请日：2008-02-29

申请人： Josh D. Benaloh ,  Ismail Cem Paya

发明人： Josh D. Benaloh ,  Ismail Cem Paya

IPC分类号： H04L29/06

CPC分类号： H04L9/3236 ,  H04L9/3213 ,  H04L9/3226 ,  H04L63/0807

摘要： Computer-readable media, systems, and methods for validating an authentication ticket to ensure authenticated communications between a client and an online service provider. In embodiments an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.

摘要翻译： 用于验证认证券的计算机可读介质，系统和方法，以确保客户端和在线服务提供商之间的认证通信。 在实施例中，从与客户端相关联的用户代理接收认证请求，并且认证请求包括一组标识信息和一组认证信息。 此外，确定该组识别信息和一组认证信息与用户相关联，并且创建包括用户标识和认证的认证券，向在线服务提供商指示用户被认证以访问一个 或更多的在线服务。 此外，验证令牌被嵌入到认证券中，该认证券提供增强的验证，即由在线服务提供商提供的访问被认证。