公开(公告)号：US20050036615A1

公开(公告)日：2005-02-17

申请号：US10631989

申请日：2003-07-31

申请人： Bjorn Jakobsson ,  Burton Kaliski

发明人： Bjorn Jakobsson ,  Burton Kaliski

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： H04L9/3234 ,  H04L9/3247 ,  H04L2209/30 ,  H04L2209/38 ,  H04L2209/80

摘要： Techniques are disclosed for partitioning of cryptographic functionality, such as authentication code verification or generation ability, so as to permit delegation of at least one of a number of distinct portions of the cryptographic functionality from a delegating device to at least one recipient device. The cryptographic functionality is characterizable as a graph comprising a plurality of nodes, and a given set of the nodes is associated with a corresponding one of the distinct portions of the cryptographic functionality. Information representative of one or more of the nodes is transmitted from the delegating device to the recipient device such that the recipient device is thereby configurable for authorized execution of a corresponding one of the distinct portions of the cryptographic functionality. Advantageously, the invention provides a particularly efficient mechanism for the provision of cryptographic functionality in accordance with a subscription model.

摘要翻译： 公开了用于对加密功能进行分区的技术，例如验证码验证或生成能力，以便允许将密码功能的多个不同部分中的至少一个从授权设备委派给至少一个接收者设备。 加密功能可以被表征为包括多个节点的图，并且给定的一组节点与密码功能的不同部分中的对应的一个相关联。 代表一个或多个节点的信息从委托设备发送到接收者设备，使得接收者设备由此被配置成用于对密码功能的不同部分中对应的一个的授权执行。 有利地，本发明提供了一种用于根据订阅模型提供密码功能的特别有效的机制。

公开(公告)号：US20060256961A1

公开(公告)日：2006-11-16

申请号：US11265510

申请日：2005-11-02

申请人： John Brainard ,  Burton Kaliski ,  Magnus Nystrom ,  Ronald Rivest

发明人： John Brainard ,  Burton Kaliski ,  Magnus Nystrom ,  Ronald Rivest

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  G06F21/31 ,  G06F21/33 ,  H04L9/0844 ,  H04L9/0869 ,  H04L9/3234 ,  H04L63/0428

摘要： In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.

公开(公告)号：US20080009345A1

公开(公告)日：2008-01-10

申请号：US11774857

申请日：2007-07-09

申请人： Daniel Bailey ,  Burton Kaliski ,  Ari Juels ,  Ronald Rivest

发明人： Daniel Bailey ,  Burton Kaliski ,  Ari Juels ,  Ronald Rivest

IPC分类号： G06F17/00

CPC分类号： G07F17/3251 ,  G07F17/32

摘要： Techniques for providing authentication functionality in a gaming system are disclosed. In one aspect, a gaming system is configured such that, at a given point during a current session of a game in progress that involves at least one user previously granted access by the system to participate in the current session, information available from an authentication token associated with the user is obtained prior to allowing the user to take a particular action in the game. A determination is made as to whether or not the user will be allowed to take the particular action in the game, based on the obtained information. The obtained information may comprise, for example, at least a portion of a one-time password generated by a hardware or software authentication token.

摘要翻译： 公开了一种用于在游戏系统中提供认证功能的技术。 在一个方面，游戏系统被配置为使得在正在进行的游戏的当前会话期间的给定点处涉及至少一个用户先前被系统授权参与当前会话的访问，来自认证令牌的信息 在允许用户在游戏中采取特定动作之前获得与用户相关联。 根据所获得的信息确定用户是否将被允许在游戏中采取特定动作。 获得的信息可以包括例如由硬件或软件认证令牌生成的一次性密码的至少一部分。

公开(公告)号：US20070186105A1

公开(公告)日：2007-08-09

申请号：US11671264

申请日：2007-02-05

申请人： Daniel Bailey ,  John Brainard ,  Ari Juels ,  Burton Kaliski

发明人： Daniel Bailey ,  John Brainard ,  Ari Juels ,  Burton Kaliski

IPC分类号： H04L9/00

CPC分类号： H04L9/0861 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/0838 ,  H04L2209/805 ,  H04W12/06

摘要： A first processing device, which may be, for example, a wireless authentication token or an RFID tag, transmits information in a wireless network in a manner that emulates standard communications of an access point of the wireless network, although the first processing device is not configured to operate as an actual access point of the wireless network. A second processing device, which may be, for example, a computer or other station of the wireless network, receives the transmitted information and is able to determine therefrom that the information originates from an emulated access point rather than an actual access point. The second processing device responds to this condition by utilizing the transmitted information in a manner distinct from its utilization of similar information received from the actual access point of the wireless network.

摘要翻译： 可以是例如无线认证令牌或RFID标签的第一处理设备以模拟无线网络的接入点的标准通信的方式在无线网络中发送信息，尽管第一处理设备不是 被配置为作为无线网络的实际接入点进行操作。 可以是例如无线网络的计算机或其他站的第二处理设备接收所发送的信息，并且能够从其确定信息源自仿真接入点而不是实际接入点。 第二处理装置以与从无线网络的实际接入点接收到的类似信息不同的方式利用所发送的信息来响应该条件。

公开(公告)号：US20070113294A1

公开(公告)日：2007-05-17

申请号：US11556506

申请日：2006-11-03

申请人： John Field ,  Burton Kaliski ,  Magnus Nystrom ,  James Townsend

发明人： John Field ,  Burton Kaliski ,  Magnus Nystrom ,  James Townsend

IPC分类号： H04L9/32

CPC分类号： H04L63/083

摘要： A multimedia device or other type of processing device comprises a memory, a processor coupled to the memory, and playback circuitry coupled to the processor. In one aspect, the processor is operative to control the storage in the memory of at least one multimedia file containing a one-time password or other type of password, where the password is generated externally to the processing device, and to control the playback of the multimedia file via the playback circuitry to make the password apparent to or otherwise accessible to an associated user or other entity. The multimedia file may comprise, for example, an audio file, with the password being presented to the user in an audible form upon playback of the audio file. As another example, the multimedia file may comprise a video file, with the password being presented to the user in a visible form upon playback of the video file.

摘要翻译： 多媒体设备或其他类型的处理设备包括存储器，耦合到存储器的处理器以及耦合到处理器的回放电路。 在一个方面，处理器可操作以控制存储器中的至少一个多媒体文件的存储，所述至少一个多媒体文件包含一次性密码或其他类型的密码，其中密码在处理设备外部产生，并且控制播放 所述多媒体文件经由所述重放电路使得所述密码对相关联的用户或其他实体显而易见或以其他方式可访问。 多媒体文件可以包括例如音频文件，其中在回放音频文件时以可听形式向用户呈现密码。 作为另一示例，多媒体文件可以包括视频文件，其中在回放视频文件时以可见形式向用户呈现密码。

公开(公告)号：US20080065892A1

公开(公告)日：2008-03-13

申请号：US11939232

申请日：2007-11-13

申请人： Daniel Bailey ,  John Brainard ,  Ari Juels ,  Burton Kaliski

发明人： Daniel Bailey ,  John Brainard ,  Ari Juels ,  Burton Kaliski

IPC分类号： H04L9/32 ,  H04L9/28 ,  H04L9/30

CPC分类号： H04L9/0861 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/0838 ,  H04L2209/805 ,  H04W12/06

摘要： In one aspect, a first processing device, which may be an authentication token, establishes a shared key through a pairing protocol carried out between the first processing device and a second processing device. The pairing protocol also involves communication between the second processing device and an authentication server. As part of the pairing protocol, the first processing device sends identifying information to the second processing device, and the second processing device utilizes the identifying information to obtain the shared key from the authentication server. The first processing device encrypts authentication information utilizing the shared key, and transmits the encrypted authentication information from the first processing device to the second processing device. The second processing device utilizes the shared key to decrypt the encrypted authentication information.

摘要翻译： 一方面，可以是认证令牌的第一处理设备通过在第一处理设备和第二处理设备之间执行的配对协议来建立共享密钥。 配对协议还涉及第二处理设备和认证服务器之间的通信。 作为配对协议的一部分，第一处理设备向第二处理设备发送识别信息，并且第二处理设备利用识别信息从认证服务器获得共享密钥。 第一处理装置利用共享密钥加密认证信息，并将加密的认证信息从第一处理装置发送到第二处理装置。 第二处理装置利用共享密钥对加密的认证信息进行解密。

公开(公告)号：US20070061566A1

公开(公告)日：2007-03-15

申请号：US11530655

申请日：2006-09-11

申请人： Daniel Bailey ,  John Brainard ,  Burton Kaliski ,  Michael Szydlo

发明人： Daniel Bailey ,  John Brainard ,  Burton Kaliski ,  Michael Szydlo

IPC分类号： H04L9/00

CPC分类号： H04L9/0866 ,  H04L9/0897 ,  H04L9/3213 ,  H04L9/3228 ,  H04L2209/80

摘要： In a system comprising a transient storage device (TSD) or other type of peripheral configured for communication with a host device, a first one-time password or other type of code is generated in the peripheral and transmitted to the host device. The first code is presented by the host device to an authentication server for authentication. The host device receives a second one-time password or other type of code from the authentication server and transmits it to the peripheral for authentication.

摘要翻译： 在包括被配置为与主机设备进行通信的瞬时存储设备（TSD）或其他类型的外围设备的系统中，在外围设备中生成第一个一次性密码或其他类型的代码，并发送给主机设备。 第一个代码由主机设备提供给认证服务器进行认证。 主机设备从认证服务器接收第二个一次性密码或其他类型的代码，并将其发送到外围设备进行认证。

公开(公告)号：US20060041759A1

公开(公告)日：2006-02-23

申请号：US11172378

申请日：2005-06-30

申请人： Burton Kaliski ,  Magnus Nystrom

发明人： Burton Kaliski ,  Magnus Nystrom

IPC分类号： H04K1/00

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F21/445 ,  H04L63/083

摘要： A method of protecting a password being used to establish interaction between a user and an application includes detecting a request for the password from the application by receiving a notification from the user indicating the request. The method further includes combining the password with information identifying the application, so as to produce a protected password, and authenticating to the application using the protected password. The method may also include a mutual authentication capability between user and the application.

摘要翻译： 保护用于建立用户和应用之间的交互的密码的方法包括通过从用户接收指示该请求的通知来检测来自应用的密码请求。 该方法还包括将密码与识别应用的信息相结合，以产生受保护的密码，并使用受保护的密码对应用进行认证。 该方法还可以包括用户和应用之间的相互认证能力。