-
公开(公告)号:US08566916B1
公开(公告)日:2013-10-22
申请号:US13663535
申请日:2012-10-30
申请人: Daniel Bailey Vernon , John G Brainard , William M Duane , Michael J O'Malley , Robert S Philpott
发明人: Daniel Bailey Vernon , John G Brainard , William M Duane , Michael J O'Malley , Robert S Philpott
CPC分类号: H04L63/0838 , H04L9/003 , H04L9/3228 , H04L9/3234 , H04L63/0435 , H04L63/0823
摘要: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.
-
公开(公告)号:US08059814B1
公开(公告)日:2011-11-15
申请号:US11864001
申请日:2007-09-28
申请人: William M. Duane
发明人: William M. Duane
CPC分类号: H04L9/0869 , H04L9/3213 , H04L9/3234 , H04L2209/34 , H04L2209/38
摘要: A technique carries out seed (or key) derivation within an electronic apparatus (e.g., a hand holdable electronic apparatus such as a token, an authentication server, etc.). The technique involves acquiring a stored representation of a derived seed, the stored representation of the derived seed resulting from an earlier-performed cryptographic operation based on a higher-level seed. The technique further involves (i) performing a current cryptographic operation based on a stored representation of the higher-level seed, the current cryptographic operation resulting in a current representation of the derived seed, and (ii) providing a corruption detection signal indicating whether the current representation of the derived seed matches the stored representation of the derived seed.
摘要翻译: 一种技术在电子设备(例如,诸如令牌的可手持电子设备,认证服务器等)内执行种子(或密钥)导出。 该技术涉及获取所派生的种子的存储表示,所导出的种子的存储的表示形式是由基于较高级种子的较早执行的加密操作产生的。 该技术还包括:(i)基于所存储的较高级种子的表示来执行当前密码操作,当前密码操作导致所导出的种子的当前表示,以及(ii)提供损坏检测信号, 派生种子的当前表示与派生种子的存储表示相匹配。
-
公开(公告)号:US07979707B2
公开(公告)日:2011-07-12
申请号:US10549542
申请日:2004-07-09
申请人: Peter Röstin , Magnus Nyström , William M. Duane
发明人: Peter Röstin , Magnus Nyström , William M. Duane
CPC分类号: H04L9/3234 , H04L9/06 , H04L9/0869 , H04L9/3242 , H04L9/3271 , H04L63/061 , H04L63/0823 , H04L63/0853 , H04L2209/20 , H04L2209/56 , H04L2209/80
摘要: Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at least the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string and the second string.
摘要翻译: 利用由种子生成客户端(110c)和种子生成服务器(110s)进行的种子生成协议,用于安全地生成用于执行一个或多个密码操作的种子的技术。 种子生成服务器(110s)向种子生成客户端(110c)提供第一串。 种子生成客户机(110c)生成第二串,利用密钥(216)对第二串进行加密,并将加密的第二串发送到种子生成服务器(110s)。 种子生成客户端(110c)根据至少第一串和第二串的函数生成种子。 种子生成服务器(110s)解密加密的第二串(222),并且独立地生成作为至少第一串和第二串的函数的种子。
-
公开(公告)号:US20090006858A1
公开(公告)日:2009-01-01
申请号:US11824434
申请日:2007-06-29
申请人: William M. Duane , Eric A. Silva , Marco Ciaffi
发明人: William M. Duane , Eric A. Silva , Marco Ciaffi
IPC分类号: H04L9/00
CPC分类号: H04L9/3234 , G06F21/34 , H04L9/0869 , H04L9/321
摘要: A method is used for secure seed provisioning. Data is derived from inherent randomness in an authentication device. Based on the data, the authentication device is provisioned with a seed.
摘要翻译: 一种方法用于安全种子供应。 数据源自认证设备中的固有随机性。 基于该数据,认证装置被提供种子。
-
公开(公告)号:US20080320555A1
公开(公告)日:2008-12-25
申请号:US11766301
申请日:2007-06-21
申请人: Marco Ciaffi , Joseph Pirrotta , William M. Duane
发明人: Marco Ciaffi , Joseph Pirrotta , William M. Duane
IPC分类号: G06F7/04
CPC分类号: G06F21/34
摘要: An authentication device comprises a processor having a reset input, a trigger source coupled to the reset input of the processor, and interface circuitry for outputting codes generated by the processor. The trigger source may comprise, for example, a trigger button having an associated switch that when actuated supplies a reset to the reset input. The processor is configured to analyze a given reset applied to the reset input to determine if the reset is an inadvertent reset or a reset generated by the trigger source. The processor generates a code responsive to the reset if the reset is determined to be a reset generated by the trigger source. The code may be supplied to a host device which communicates the code to an authentication server for authentication.
摘要翻译: 认证装置包括具有复位输入的处理器,耦合到处理器的复位输入的触发源,以及用于输出由处理器产生的代码的接口电路。 触发源可以包括例如具有关联开关的触发按钮,当被致动时,触发源将复位提供给复位输入。 处理器被配置为分析施加到复位输入的给定复位以确定复位是否是无意的复位或由触发源产生的复位。 如果复位被确定为由触发源产生的复位,则处理器产生响应于复位的代码。 该代码可以被提供给将代码传送给认证服务器进行认证的主机设备。
-
公开(公告)号:US07461250B1
公开(公告)日:2008-12-02
申请号:US09359205
申请日:1999-07-22
申请人: William M. Duane , Peter Röstin
发明人: William M. Duane , Peter Röstin
CPC分类号: H04L9/3263
摘要: In an embodiment of a system and method according to the present invention, a chain of one or more certificates certifying a principal's public key is exchanged for a single substitute certificate. The substitute certificate is used as a replacement for the certificate chain. The substitute certificate is useful for authentication of the principal. In one embodiment, an authentication server exchanges the certificates. The substitute certificate is signed by the authentication server and used for authentication and communication with principals that have knowledge of and trust the authentication server. In one embodiment the substitute certificate also includes the principal's access information.
摘要翻译: 在根据本发明的系统和方法的一个实施例中,证明认证委托人的公钥的一个或多个证书的链被交换为单个替代证书。 替代证书用作证书链的替代品。 替代证书对于委托人的身份验证很有用。 在一个实施例中,认证服务器交换证书。 替代证书由认证服务器签名,用于与认证服务器知道并信任的主体进行认证和通信。 在一个实施例中,替代证书还包括委托人的访问信息。
-
7.发明授权公开(公告)号:US08925058B1
公开(公告)日:2014-12-30
申请号:US13434257
申请日:2012-03-29
申请人: Yedidya Dotan , William M. Duane , John Linn , Roy Hodgman , Derek Lin
发明人: Yedidya Dotan , William M. Duane , John Linn , Roy Hodgman , Derek Lin
CPC分类号: H04L63/0861 , G06F21/31 , G06F21/32
摘要: A technique of authenticating a person involves obtaining, during a current authentication session to authenticate the person, a first authentication factor from the person and a second authentication factor from the person, at least one of the first and second authentication factors being a biometric input. The technique further involves performing an authentication operation which cross references the first authentication factor with the second authentication factor. The technique further involves outputting, as a result of the authentication operation, an authentication result signal indicating whether the authentication operation has determined the person in the current authentication session likely to be legitimate or an imposter. Such authentication, which cross references authentication factors to leverage off of their interdependency, provides stronger authentication than conventional naïve authentication.
摘要翻译: 认证人的技术涉及在当前身份认证会话期间从人员获得第一认证因子和从人员获得第二认证因素,所述第一和第二认证因素中的至少一个是生物特征输入。 该技术还涉及执行认证操作,该认证操作以第二认证因素交叉引用第一认证因素。 该技术还包括作为认证操作的结果,输出一个认证结果信号,该认证结果信号指示认证操作是否已经确定当前认证会话中的人可能是合法的或冒牌者。 这种认证交叉引用认证因素以利用其相互依赖性,提供比传统初始认证更强大的认证。
-
公开(公告)号:US08756666B1
公开(公告)日:2014-06-17
申请号:US12241166
申请日:2008-09-30
申请人: Eric A. Silva , William M. Duane
发明人: Eric A. Silva , William M. Duane
IPC分类号: G06F21/00
CPC分类号: G06F21/34
摘要: Authentication codes associated with an entity are generated. A stored secret associated with an entity is retrieved. At a first point in time, a first dynamic value associated with a first time interval is determined. A first authentication code based on the first dynamic value is determined. At a second point in time, a second dynamic value associated with a second time interval is determined. A second authentication code based on the second dynamic value is determined. The first and second authentication codes are derived from the stored secret and the amount of time between the first and second points in time is different from the length of the first time interval.
摘要翻译: 生成与实体相关联的认证码。 检索与实体相关联的存储秘密。 在第一时间点,确定与第一时间间隔相关联的第一动态值。 确定基于第一动态值的第一认证码。 在第二时间点,确定与第二时间间隔相关联的第二动态值。 确定基于第二动态值的第二认证码。 从所存储的秘密导出第一和第二认证码,并且第一和第二时间点之间的时间量与第一时间间隔的长度不同。
-
公开(公告)号:US08560837B1
公开(公告)日:2013-10-15
申请号:US12826935
申请日:2010-06-30
申请人: William M. Duane
发明人: William M. Duane
CPC分类号: H04L29/06 , H04L9/12 , H04L9/3226 , H04L9/3234 , H04L9/3297 , H04L63/0853 , H04L2463/121
摘要: A method, system, and program product for use in estimating clock offset in a security environment, the security environment comprising a token generator comprising a token generator clock and an Authenticator comprising an Authenticator clock, the method comprising recording a plurality of delta values; wherein each value of the plurality of delta values corresponds to a difference between the token generator clock and the Authenticator clock, wherein the token generator clock and the Authenticator clock are not communicatively coupled, and fitting the plurality of delta values to a function.
摘要翻译: 一种用于估计安全环境中的时钟偏移的方法,系统和程序产品,所述安全环境包括包括令牌发生器时钟的令牌发生器和包括认证器时钟的认证器,所述方法包括:记录多个增量值; 其中所述多个Δ值的每个值对应于所述令牌生成器时钟和所述认证器时钟之间的差异,其中所述令牌生成器时钟和所述认证器时钟不被通信耦合,并且将所述多个增量值拟合到功能。
-
10.发明授权Controlling access to a computerized resource based on authentication using pulse data 有权基于使用脉冲数据的认证来控制对计算机资源的访问公开(公告)号:US08902045B1
公开(公告)日:2014-12-02
申请号:US13336573
申请日:2011-12-23
申请人: John Linn , William M. Duane , Yedidya Dotan , Roy Hodgman
发明人: John Linn , William M. Duane , Yedidya Dotan , Roy Hodgman
IPC分类号: G08B21/00
CPC分类号: G06F21/32 , A61B5/0077 , A61B5/024 , A61B5/0452 , A61B5/117 , A61B5/7264 , G06K9/00288 , G06K9/00617 , G06K9/00892 , G06K2009/00322 , G06K2009/00939 , H04L63/0861 , H04W12/06
摘要: A technique performs an authentication operation using pulse and facial data from a user. The technique involves obtaining current pulse data from a user, and performing a comparison between the current pulse data from the user and expected pulse data for the user. The technique further involves generating an authentication result based on the comparison between the current pulse data and the expected pulse data. The authentication result may control user access to a computerized resource. Since such a technique uses pulse data, a perpetrator cannot simply submit a static image of a subject's face to circumvent the authentication process. In some arrangements, the technique involves obtaining videos of human faces and deriving cardiac pulse rates from the videos. For such arrangements, a standard webcam can be used to capture the videos. Moreover, such techniques are capable of factoring in circadian rhythms and/or aging adjustments to detect and thwart video replay attacks.
摘要翻译: 一种技术使用来自用户的脉冲和面部数据进行认证操作。 该技术涉及从用户获取当前脉冲数据,并且执行来自用户的当前脉冲数据与用户的预期脉冲数据之间的比较。 该技术还涉及基于当前脉冲数据与预期脉冲数据之间的比较产生认证结果。 认证结果可以控制用户对计算机资源的访问。 由于这种技术使用脉冲数据,所以犯罪者不能简单地提交被摄体脸部的静态图像以绕过认证过程。 在某些安排中,该技术涉及从视频获得人脸视频和导出心脏脉搏率。 对于这样的安排,可以使用标准网络摄像头来捕获视频。 此外,这些技术能够考虑昼夜节奏和/或老化调整以检测和阻止视频重播攻击。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.017 秒)
