-
公开(公告)号:US20160065370A1
公开(公告)日:2016-03-03
申请号:US14841589
申请日:2015-08-31
申请人: Eric Le Saint , James Gordon , Roopesh Joshi
发明人: Eric Le Saint , James Gordon , Roopesh Joshi
CPC分类号: H04L9/321 , H04L9/0841 , H04L9/0861 , H04L9/0891 , H04L9/14 , H04L63/061
摘要: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. In some embodiments, a secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. For example, the user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can also derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key. The cryptogram key can be used to generate a cryptogram for conducting secure communications.
摘要翻译: 本发明的实施例引入了用于由用户设备安全地生成密码以及由服务器计算机验证密码的有效方法。 在一些实施例中,可以进行安全通信,由此用户设备提供密码,而不需要用户设备持久存储用于生成密码的加密密钥或其他敏感数据。 例如,用户设备和服务器计算机可以相互验证并建立共享秘密。 使用共享密钥,服务器计算机可以导出会话密钥,并将使用会话密钥加密的密钥导出参数发送给用户设备。 用户设备还可以使用共享密钥导出会话密钥,解密加密的密钥导出参数,并存储密钥导出参数。 密钥派生参数和共享秘密可用于生成单用密码密钥。 密码密钥可用于生成用于进行安全通信的密码。
-
公开(公告)号:US20180026787A1
公开(公告)日:2018-01-25
申请号:US15723001
申请日:2017-10-02
申请人: Eric Le Saint , James Gordon , Roopesh Joshi
发明人: Eric Le Saint , James Gordon , Roopesh Joshi
CPC分类号: H04L9/321 , H04L9/0841 , H04L9/0861 , H04L9/0891 , H04L9/14 , H04L63/061
摘要: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.
-
公开(公告)号:US20160241402A1
公开(公告)日:2016-08-18
申请号:US15046341
申请日:2016-02-17
申请人: James Gordon , Roopesh Joshi , David Horton
发明人: James Gordon , Roopesh Joshi , David Horton
CPC分类号: H04L9/3228 , H04L9/321 , H04L9/3231 , H04L9/3234 , H04L9/3297 , H04L63/0861 , H04L2209/56 , H04L2209/80 , H04L2463/121 , H04W12/06
摘要: An authentication method is disclosed. To authenticate a user, a mobile device may request identification and verification from the user. Upon receiving a positive identification and verification response from the user, the mobile device may generate a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, a service provider application ID associated with the service provider application, and a service provider device ID. The mobile device may transmit the generated cryptogram, the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID, to a service provider computer associated with the service provider application. The service provider computer may decrypt the cryptogram and compare the decrypted data elements to the received data elements to validate and authenticate the user.
摘要翻译: 公开了一种认证方法。 为了对用户进行认证,移动设备可以请求用户的标识和验证。 在从用户接收到肯定的识别和验证响应时,移动设备可以使用与用户相关联的用户标识(ID),时间戳,与移动设备相关联的设备ID,与该移动设备相关联的服务提供商应用ID来生成密码 服务提供商应用程序和服务提供商设备ID。 移动设备可以将生成的密码,用户ID,时间戳,设备ID,服务提供商应用ID和服务提供商设备ID发送到与服务提供商应用相关联的服务提供商计算机。 服务提供商计算机可以对密码进行解密,并将解密的数据元素与接收的数据元素进行比较,以验证和验证用户。
-
公开(公告)号:US20160092871A1
公开(公告)日:2016-03-31
申请号:US14869781
申请日:2015-09-29
申请人: James Gordon , Roopesh Joshi , David Horton , Johan Van Tilburg
发明人: James Gordon , Roopesh Joshi , David Horton , Johan Van Tilburg
CPC分类号: H04W4/06 , G06Q20/20 , G06Q20/3221 , G06Q20/36 , H04L63/0414 , H04L63/061 , H04W12/02 , H04W12/04 , H04W12/12
摘要: Techniques for obfuscating and deploying digital assets (e.g., mobile applications) are provided to mitigate the risk of unauthorized disclosure. An asset can be received that is to be deployed to a plurality of mobile devices, each of the mobile devices associated with a corresponding account having account attributes. A deployment group of one or more mobile devices for deploying the asset can be identified based on a set of one or more obfuscation parameters, comprising account attributes shared among the one or more mobile devices within the deployment group. A customized obfuscation scheme to be applied to the asset can be determined based at least in part on the set of obfuscation parameters. The customized obfuscation scheme can be applied to the asset to generate an obfuscated asset. The obfuscated asset can be transmitted and/or updated over a network to the one or more mobile devices within the deployment group.
摘要翻译: 提供了用于混淆和部署数字资产(例如移动应用程序)的技术,以减轻未经授权的披露的风险。 可以接收要部署到多个移动设备的资产,每个移动设备与具有帐户属性的对应帐户相关联。 可以基于一组一个或多个混淆参数来识别用于部署资产的一个或多个移动设备的部署组,所述一个或多个混淆参数包括部署组内的一个或多个移动设备之间共享的帐户属性。 可以至少部分地基于一组混淆参数来确定要应用于资产的定制混淆方案。 定制的混淆方案可以应用于资产以产生混淆资产。 混淆的资产可以通过网络发送和/或更新到部署组内的一个或多个移动设备。
-
-
-
搜索结果
4 条记录 (耗时 0.016 秒)