-
公开(公告)号:US20170338967A1
公开(公告)日:2017-11-23
申请号:US15599249
申请日:2017-05-18
摘要: An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. When the certificate authority issues a certificate, the node issues a ledger transaction with an instruction to store a validation hash of the certificate in the issuance store, and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores. An on-ledger verifier validates a certificate by verifying that its serial number is not in the revocation store while its validation hash is in the verifier's replica of the issuance store.
-
公开(公告)号:US20200153824A1
公开(公告)日:2020-05-14
申请号:US16734316
申请日:2020-01-04
摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.
-
公开(公告)号:US10567377B2
公开(公告)日:2020-02-18
申请号:US15468100
申请日:2017-03-23
摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.
-
4.发明申请公开(公告)号:US20160269393A1
公开(公告)日:2016-09-15
申请号:US15136834
申请日:2016-04-22
IPC分类号: H04L29/06
CPC分类号: H04L63/083 , G06F21/32 , G06F21/33 , G06F21/41 , G06F21/45 , H04L9/0866 , H04L9/3213 , H04L9/3226 , H04L9/3236 , H04L9/3247 , H04L63/045 , H04L63/0807 , H04L63/0861
摘要: A method and system are provided for authenticating a user to an application back-end using a key pair and one or more bearer tokens such as a password, a biometric code, or a biometric key, while protecting the bearer tokens against back-end security breaches. In one embodiment, an application front-end authenticates the user by sending the bearer tokens and a public key to the application back-end, and demonstrating knowledge of a private key. The application back-end compares an authentication-phase tag derived from a joint hash of the public key and the bearer tokens against a registration-phase tag stored in a device record within a back-end database. The public key is not stored in the database, thereby depriving an adversary who breaches back-end security of information needed to test guesses of the bearer tokens.
摘要翻译: 提供了一种方法和系统,用于使用密钥对和一个或多个承载令牌(例如密码,生物特征码或生物特征密钥)将用户认证到应用后端,同时保护承载令牌免受后端安全性 违规 在一个实施例中,应用程序前端通过向应用程序后端发送承载令牌和公钥来验证用户,以及演示私钥的知识。 应用程序后端将公钥的联合哈希和承载令牌之间的认证相位标签与存储在后端数据库中的设备记录中的注册阶段标签进行比较。 公共密钥不存储在数据库中,从而剥夺了一个对手破坏了持续令牌猜测所需的信息的后端安全性。
-
公开(公告)号:US09185111B2
公开(公告)日:2015-11-10
申请号:US13954973
申请日:2013-07-30
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0869 , H04L2463/082
摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱重新生成包含来自PIN和原始凭证的密钥对的证书,并且密码地认证到后端子系统中的验证者黑盒; 那么验证者黑箱将认证令牌发送给证明者黑匣子作为加密认证的可验证确认,证明者黑箱将认证令牌发送到计算设备中的应用前端,应用前端发送 后端子系统中应用程序后端的身份验证令牌,应用程序后端验证身份验证令牌。
-
6.发明申请公开(公告)号:US20140006781A1
公开(公告)日:2014-01-02
申请号:US13925824
申请日:2013-06-24
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0869 , H04L2463/082
摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device authenticates cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential. The verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication. The prover black-box sends the authentication token to an application front-end in the computing device. The application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱通过证明拥有密码证书来密码地认证到后端子系统中的验证者黑箱。 验证者黑箱将认证令牌发送到证明者黑匣子,作为加密认证的可验证确认。 证明者黑箱将认证令牌发送到计算设备中的应用程序前端。 应用程序前端将认证令牌发送到后端子系统中的应用程序后端,应用程序后端会验证身份验证令牌。
-
公开(公告)号:US10825025B2
公开(公告)日:2020-11-03
申请号:US16533771
申请日:2019-08-06
摘要: A method is provided for cryptographically authenticating a cardholder in an online transaction by sending an authentication request to the issuing bank that is intercepted by a service worker and handled within the cardholder's computing device. The service worker signs a description of the transaction with a private key or forwards the request to a bank app that authenticates the cardholder biometrically in addition to signing the transaction.
-
公开(公告)号:US09887989B2
公开(公告)日:2018-02-06
申请号:US15136834
申请日:2016-04-22
CPC分类号: H04L63/083 , G06F21/32 , G06F21/33 , G06F21/41 , G06F21/45 , H04L9/0866 , H04L9/3213 , H04L9/3226 , H04L9/3236 , H04L9/3247 , H04L63/045 , H04L63/0807 , H04L63/0861
摘要: A method and system are provided for authenticating a user to an application back-end using a key pair and one or more bearer tokens such as a password, a biometric code, or a biometric key, while protecting the bearer tokens against back-end security breaches. In one embodiment, an application front-end authenticates the user by sending the bearer tokens and a public key to the application back-end, and demonstrating knowledge of a private key. The application back-end compares an authentication-phase tag derived from a joint hash of the public key and the bearer tokens against a registration-phase tag stored in a device record within a back-end database. The public key is not stored in the database, thereby depriving an adversary who breaches back-end security of information needed to test guesses of the bearer tokens.
-
公开(公告)号:US20140032906A1
公开(公告)日:2014-01-30
申请号:US13954973
申请日:2013-07-30
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0869 , H04L2463/082
摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱重新生成包含来自PIN和原始凭证的密钥对的证书,并且密码地认证到后端子系统中的验证者黑盒; 那么验证者黑箱将认证令牌发送给证明者黑匣子作为加密认证的可验证确认,证明者黑箱将认证令牌发送到计算设备中的应用前端,应用前端发送 后端子系统中应用程序后端的身份验证令牌,应用程序后端验证身份验证令牌。
-
公开(公告)号:US20100100836A1
公开(公告)日:2010-04-22
申请号:US12581851
申请日:2009-10-19
IPC分类号: G06F3/048
CPC分类号: G06F17/30864 , G06F17/30675 , G06Q30/0256
摘要: A method of facilitating the browsing of a plurality of result sets by a user. The method includes displaying a plurality of queries on a computer display, each query having a corresponding result set, the plurality of queries thereby constituting a set of displayed queries, and displaying the result set of a selected displayed query in response to the user selecting the query from the set of displayed queries via a user interface procedure, while continuing to display the set of displayed queries so the user can subsequently select other queries from the set of displayed queries to thereby interleave browsing the result sets of the queries in the set of displayed queries.
摘要翻译: 一种便于用户浏览多个结果集的方法。 该方法包括在计算机显示器上显示多个查询,每个查询具有相应的结果集,所述多个查询从而构成一组显示的查询,并响应于用户选择显示的查询显示所选择的显示查询的结果集 通过用户界面过程从显示的查询集中进行查询,同时继续显示所显示的查询集合,使得用户随后可以从所显示的查询集合中选择其他查询,从而将浏览查询的结果集进行交织 显示查询。
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.018 秒)
