-
1.发明授权Apparatus and method for over-the-air (OTA) provisioning of authentication and key agreement (AKA) credentials between two access systems 有权用于空中(OTA)提供两个接入系统之间的认证和密钥协商(AKA)凭证的设备和方法公开(公告)号:US08589689B2
公开(公告)日:2013-11-19
申请号:US12777048
申请日:2010-05-10
摘要: A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.
摘要翻译: 一种用于经由第一接入系统在接入设备处空出配置认证证书的方法和装置,其中所述认证证书用于缺少空中供应过程的第二接入系统。 例如,第二接入系统可以是使用AKA认证方法的3GPP系统。 第一接入系统可以是CDMA,使用OTASP或IOTA过程。 配置认证证书可以包括提供3GPP AKA认证根密钥(K),AKA认证相关参数,要在3GPP认证中使用的AKA认证算法或认证算法定制参数中的任何一个。
-
2.发明申请Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems 有权双向访问系统中的空中认证和密钥协商(AKA)证书的空中(OTA)设备和方法公开(公告)号:US20110119492A1
公开(公告)日:2011-05-19
申请号:US12777048
申请日:2010-05-10
摘要: A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters.
摘要翻译: 一种用于经由第一接入系统在接入设备处空出配置认证证书的方法和装置,其中所述认证证书用于缺少空中供应过程的第二接入系统。 例如,第二接入系统可以是使用AKA认证方法的3GPP系统。 第一接入系统可以是CDMA,使用OTASP或IOTA过程。 配置认证证书可以包括提供3GPP AKA认证根密钥(K),AKA认证相关参数,要在3GPP认证中使用的AKA认证算法或认证算法定制参数中的任何一个。
-
公开(公告)号:US07715822B2
公开(公告)日:2010-05-11
申请号:US11346704
申请日:2006-02-03
IPC分类号: H04M1/66
CPC分类号: H04L63/0869 , H04L63/0853 , H04W12/06
摘要: A mutual authentication method is provided for securely agreeing application-security keys with mobile terminals supporting legacy Subscriber Identity Modules (e.g., GSM SIM and CDMA2000 R-UIM, which do not support 3G AKA mechanisms). A challenge-response key exchange is implemented between a bootstrapping server function (BSF) and mobile terminal (MT). The BSF generates an authentication challenge and sends it to the MT under a server-authenticated public key mechanism. The MT receives the challenge and determines whether it originates from the BSF based on a bootstrapping server certificate. The MT formulates a response to the authentication challenge based on keys derived from the authentication challenge and a pre-shared secret key. The BSF receives the authentication response and verifies whether it originates from the MT. Once verified, the BSF and MT independently calculate an application security key that the BSF sends to a requesting network application function to establish secure communications with the MT.
摘要翻译: 提供了相互认证方法,用于与支持传统用户识别模块(例如,不支持3G AKA机制的GSM SIM和CDMA2000 R-UIM)的移动终端安全地同意应用安全密钥。 在引导服务器功能(BSF)和移动终端(MT)之间实现质询 - 响应密钥交换。 BSF生成认证挑战,并通过服务器认证的公钥机制将其发送给MT。 MT接收到挑战,并根据引导服务器证书确定它是从BSF发起的。 MT基于从认证挑战导出的密钥和预共享密钥来形成对认证挑战的响应。 BSF接收认证响应,并验证其是否来自MT。 一旦验证,BSF和MT独立地计算BSF发送到请求网络应用功能的应用安全密钥,以建立与MT的安全通信。
-
公开(公告)号:US09734495B2
公开(公告)日:2017-08-15
申请号:US12789722
申请日:2010-05-28
CPC分类号: G06Q20/32 , G06Q20/20 , G06Q20/204 , G06Q20/425
摘要: Mobile commerce authentication and authorization systems enable currently existing point-of-sale devices that are neither structurally nor systemically altered to conduct financial transactions with a customer using an access terminal across a wireless communications system. The point-of-sale devices receive an input from a payment instrument replacement, which identifies the transaction to the point-of-sale device as a transaction including an access terminal. Authentication of the user of the access terminal is achieved at least by application of position and/or location determinable features of the access terminal, the position and/or location of a point-of-sale device of a vendor or merchant where the customer seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A payment matching server may assist in processing the location data and the payment sum amount across communications network.
-
5.发明授权Prevention of cross site request forgery attacks by conditional use cookies 有权通过有条件的使用cookies防止跨站点请求伪造攻击公开(公告)号:US09118619B2
公开(公告)日:2015-08-25
申请号:US13451443
申请日:2012-04-19
CPC分类号: H04L67/02 , H04L63/1433 , H04L63/1466 , H04L63/1483 , H04L63/168
摘要: To inhibit cross-site forgery attacks, different types/classes of cookies are used. A first cookie and a second cookie are generated by a web server and provided to a client browser during a web session. The first cookie defines a first set of use conditions for when the first cookie is to be used within the web session. The second cookie defines a second set of use conditions for when the second cookie is to be used within the web session. The client browser determines which (if any) of the first cookie or second cookie to send to the web server based on the use conditions defined within each cookie and the operation(s) sought by the client browser. The web server may grant different or the same privileges to operation(s) being sought by the client browser depending on whether the first or second cookie is sent by the client browser.
摘要翻译: 为了防止跨站点的伪造攻击,使用不同类型/类别的cookie。 第一个cookie和第二个cookie由Web服务器生成,并在Web会话期间提供给客户端浏览器。 第一个cookie定义了在Web会话中何时使用第一个cookie的第一组使用条件。 第二个cookie定义了在Web会话中使用第二个cookie时的第二组使用条件。 客户端浏览器根据每个cookie中定义的使用条件和客户端浏览器寻求的操作,确定要发送到Web服务器的第一个cookie或第二个cookie的哪个(如果有的话)。 网络服务器可以根据客户端浏览器是否发送第一或第二cookie来为客户端浏览器寻求的操作授予不同的或相同的权限。
-
公开(公告)号:US20130013433A1
公开(公告)日:2013-01-10
申请号:US13614667
申请日:2012-09-13
CPC分类号: G06Q20/40 , G06Q20/02 , G06Q20/04 , G06Q20/20 , G06Q20/202 , G06Q20/204 , G06Q20/206 , G06Q20/32 , G06Q20/3224 , G06Q20/325 , G06Q20/3278 , G06Q20/425 , G06Q30/00 , G06Q30/0601
摘要: The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device. A transaction matching subsystem located in a wireless customer server hub may assist in processing the location data and the payment sum across the wireless communications network.
摘要翻译: 移动商务认证和授权系统允许当前存在的移动无线通信工具的用户通过使用位置数据的无线通信系统进行金融交易,包括购买,以授权和认证用户和交易。 移动无线通信仪器的位置和供应商销售点设备的位置与支付金额相匹配。 移动无线通信仪器用户的认证至少通过应用移动无线通信仪器的位置和/或位置可确定特征,供应商或商家的销售点设备的位置和/或位置来实现, 仪器用户寻求购买商品或服务,以及在销售点设备上输入的支付金额。 位于无线客户服务器集线器中的事务匹配子系统可以协助在无线通信网络处理位置数据和支付金额。
-
7.发明申请公开(公告)号:US20090282243A1
公开(公告)日:2009-11-12
申请号:US12118593
申请日:2008-05-09
申请人: Gregory Gordon Rose , Alexander Gantman , Miriam Wiggers De Vries , Michael Paddon , Philip Michael Hawkes
发明人: Gregory Gordon Rose , Alexander Gantman , Miriam Wiggers De Vries , Michael Paddon , Philip Michael Hawkes
CPC分类号: H04L63/0435 , H04L63/06 , H04L63/0853
摘要: A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications.
摘要翻译: 提供了一个基于拼图的协议,允许令牌和验证者在安全对称密钥之间达成令牌和验证者之间的认证。 令牌存储密钥和一个或多个拼图生成算法。 验证者独立地获得与令牌相关联的多个谜题,伪随机地选择至少一个谜题,并解决它以获得拼图秘密和谜题标识符。 验证者基于拼图秘密生成验证码。 验证者将拼图标识符和验证者密钥的编码版本发送到令牌。 令牌使用其拼图生成算法和拼图标识符重新生成拼图秘密。 令牌向验证者发送编码的响应,指示它知道验证者密钥。 令牌和验证者可以使用验证者密钥作为后续认证的对称密钥。
-
8.发明申请INITIAL SEED MANAGEMENT FOR PSEUDORANDOM NUMBER GENERATOR 审中-公开PSEUDORANDOM NUMBER GENERATOR的初步种子管理公开(公告)号:US20080263117A1
公开(公告)日:2008-10-23
申请号:US11738972
申请日:2007-04-23
IPC分类号: G06F7/58 , G06F15/177
CPC分类号: G06F7/582 , G06F7/588 , H04L9/0869
摘要: A secure seeding and reseeding scheme is provided for pseudorandom number generators by using a pre-stored initialization seed. This scheme initializes a pseudorandom number generator into an unknown state even when entropy collection is unavailable. A primary seed file and a shadow seed file are maintained with initialization seed information in a secure file system. If the primary seed file is corrupted, the pseudorandom number generator is seeded with the content of the shadow seed file. Additionally, a trusted timer or clock may be mixed with the pre-stored initialization seed to add entropy even when the pre-stored seed information has been compromised.
摘要翻译: 通过使用预先存储的初始化种子为伪随机数发生器提供安全的种子和再种植方案。 即使熵收集不可用,该方案将伪随机数发生器初始化为未知状态。 在安全文件系统中,使用初始化种子信息维护主种子文件和影子种子文件。 如果主种子文件被破坏,则伪随机数生成器被种子与影子种子文件的内容。 此外,即使预先存储的种子信息已被破坏,可信任的定时器或时钟可以与预先存储的初始化种子混合以添加熵。
-
9.发明授权Apparatus and method for virtual pairing using an existing wireless connection key 有权使用现有无线连接密钥进行虚拟配对的装置和方法公开(公告)号:US09015487B2
公开(公告)日:2015-04-21
申请号:US12415911
申请日:2009-03-31
CPC分类号: H04L63/061 , H04L9/0827 , H04L9/0841 , H04L9/0861 , H04L63/162 , H04L2209/80 , H04L2463/061 , H04W12/04
摘要: Disclosed is a method for virtual pairing of a first peer device with a second peer device. In the method, a nonce is generated at the first peer device for use in virtually pairing the first and second peer devices to establish a first-type wireless connection. The nonce is forwarded from the first peer device to the second peer device over an already established second-type wireless connection between the first and second peer devices. At least one new key is generated from the nonce and a shared key for the already established second-type wireless connection. The first peer device is virtually paired with the second peer device using the at least one new key to establish the first-type wireless connection between the first and second peer devices.
摘要翻译: 公开了一种用于将第一对等设备与第二对等设备进行虚拟配对的方法。 在该方法中,在第一对等设备处生成随机数,用于虚拟地配对第一和第二对等设备以建立第一类型的无线连接。 通过已经建立的第一和第二对等设备之间的第二类无线连接,该随机数从第一对等设备转发到第二对等设备。 至少一个新密钥是从该随机数生成的,另一个是已经建立的第二类无线连接的共享密钥。 第一对等设备使用至少一个新密钥与第二对等设备实际配对,以在第一和第二对等设备之间建立第一类型的无线连接。
-
公开(公告)号:US08837724B2
公开(公告)日:2014-09-16
申请号:US11844855
申请日:2007-08-24
摘要: Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices.
摘要翻译: 设备认证是基于人类同步他或她的手指的动作的能力。 因此,用于两个无线设备的配对过程可能涉及基于每个无线设备上的输入设备的启动的相对定时的同步测试。 在一些方面,同步测试涉及确定是否在限定的时间间隔内发生两个不同无线设备上的用户输入设备的启动。 在一些方面,同步测试涉及比较由两个无线设备上的用户输入设备的多次致动所限定的时间间隔。
-
-
-
-
-
-
-
-
-
搜索结果
53 条记录 (耗时 0.038 秒)
