利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

10 条记录 (耗时 0.017 秒)

    Using a portable security token to facilitate cross-certification between ceritification authorities
    3.
    发明申请
    Using a portable security token to facilitate cross-certification between ceritification authorities 有权
    使用便携式安全令牌来促进化学当局之间的交叉认证

    公开(公告)号:US20060085633A1

    公开(公告)日:2006-04-20

    申请号:US10966749

    申请日:2004-10-14

    申请人: Dirk Balfanz Glenn Durfee Diana Smetters

    发明人: Dirk Balfanz Glenn Durfee Diana Smetters

    IPC分类号: H04L9/00

    CPC分类号: G07F7/1008 G06Q20/02 G06Q20/341 G06Q20/3829 G06Q20/40975 G07F7/1016 H04L9/007 H04L9/3234 H04L9/3268

    摘要: One embodiment of the present invention provides a system that uses a portable security token (PST) to facilitate cross-certification between a first certification authority (CA) and a second CA, wherein the first CA and associated subscriber devices constitute a first public-key infrastructure (PKI) domain, and wherein the second CA and associated subscriber devices constitute a second PKI domain. During operation, the system uses the PST to transfer certification information between the first CA and the second CA, wherein the PST communicates with the first CA and the second CA through a location-limited communication channel. Next, the system uses the certification information to issue a cross-certificate to the first CA. Note that the cross-certificate is signed by the second CA. Finally, the system propagates the cross-certificate from the first CA to the associated subscriber devices in the first PKI domain, thereby allowing the associated subscriber devices in the first PKI domain to authenticate themselves to the devices in the second PKI domain.

    摘要翻译: 本发明的一个实施例提供了一种使用便携式安全令牌(PST)来促进第一认证机构(CA)和第二CA之间的交叉认证的系统,其中第一CA和相关联的订户设备构成第一公钥 基础设施(PKI)域,并且其中所述第二CA和相关联的订户设备构成第二PKI域。 在操作期间,系统使用PST在第一CA和第二CA之间传送认证信息,其中PST通过位置限制通信信道与第一CA和第二CA通信。 接下来,系统使用认证信息向第一CA发布交叉证书。 请注意,交叉证书由第二个CA签署。 最后,系统将交叉证书从第一CA传播到第一PKI域中的相关联的订户设备,从而允许第一PKI域中的相关联的订户设备向第二PKI域中的设备认证自身。

    Using a portable security token to facilitate public key certification for devices in a network
    4.
    发明申请
    Using a portable security token to facilitate public key certification for devices in a network 有权
    使用便携式安全令牌来促进网络中设备的公钥认证

    公开(公告)号:US20050287985A1

    公开(公告)日:2005-12-29

    申请号:US10877477

    申请日:2004-06-24

    申请人: Dirk Balfanz Glenn Durfee Diana Smetters

    发明人: Dirk Balfanz Glenn Durfee Diana Smetters

    IPC分类号: G06F21/00 H04M1/66

    CPC分类号: G06F21/33 G06F21/35 G06F2221/2111 G06F2221/2115 G06F2221/2129

    摘要: One embodiment of the present invention provides a system that uses a portable security token to facilitate public key certification for a target device in a network. During system operation, the portable security token is located in close physical proximity to the target device to allow the portable security token to communicate with the target device through a location-limited communication channel. During this communication, the portable security token receives an authenticator for the target device, and forms a ticket by digitally signing the authenticator with a key previously agreed upon by the portable security token and a certification authority (CA). Next, the portable security token sends the ticket to the target device, whereby the target device can subsequently present the ticket to the CA to prove that the target device is authorized to receive a credential from the CA.

    摘要翻译: 本发明的一个实施例提供了一种使用便携式安全令牌来促进网络中的目标设备的公钥认证的系统。 在系统操作期间,便携式安全令牌位于与目标设备紧密物理接近处,以允许便携式安全令牌通过位置限制通信信道与目标设备进行通信。 在该通信期间,便携式安全令牌接收用于目标设备的认证器,并通过使用便携式安全令牌和认证机构(CA)先前约定的密钥对认证器进行数字签名来形成机票。 接下来,便携式安全令牌将票据发送到目标设备,由此目标设备可以随后向CA呈现票据,以证明目标设备被授权从CA接收证书。

    Systems and methods for authenticating communications in a network medium
    6.
    发明申请
    Systems and methods for authenticating communications in a network medium 审中-公开
    用于在网络介质中认证通信的系统和方法

    公开(公告)号:US20050100166A1

    公开(公告)日:2005-05-12

    申请号:US10703437

    申请日:2003-11-10

    申请人: Diana Smetters Kenneth Conley Bryan Pendleton Glenn Durfee Steve Cousins Dirk Balfanz Hadar Shemtov

    发明人: Diana Smetters Kenneth Conley Bryan Pendleton Glenn Durfee Steve Cousins Dirk Balfanz Hadar Shemtov

    IPC分类号: G09C1/00 B23C5/10 H04L9/32 H04L29/06 H04L9/00 G06F11/30

    CPC分类号: H04L63/08 H04L63/0492 H04L63/065 H04L63/12

    摘要: A location-limited channel is implemented using physical exchanges of physical tokens. The physical tokens are implemented using writeable or re-writeable storage media. Location-limited channels, when used to implement pre-authentication protocols, provide demonstrative identification and authenticity. A group originator loads pre-authentication information and a network location from a communication device onto the location-limited physical token channel. The location-limited physical token channel is passed to another participant, who copies the originator's pre-authentication information and location onto that participant's communication device. That participant then adds that participant's own pre-authentication information and network location onto the location-limited physical token channel. This is repeated until the last participant passes the location-limited physical token channel back to the group originator. The originator thus has pre-authentication information and network locations for all other participants. The originator establishes secure communications with each participant based on the originator' and that participant's shared information.

    摘要翻译: 使用物理令牌的物理交换来实现位置限制信道。 物理令牌使用可写或可重写的存储介质实现。 位置限制通道用于实现预认证协议时,提供说明性识别和真实性。 组发起者将来自通信设备的预认证信息和网络位置加载到位置限制的物理令牌信道上。 位置限制物理令牌信道被传递给另一个参与者,他们将发起者的预认证信息和位置复制到该参与者的通信设备上。 然后,该参与者将该参与者自己的预认证信息和网络位置添加到位置有限的物理令牌信道上。 这是重复的,直到最后一个参与者将位置限制的物理令牌通道返回到组发起者。 因此,发起者具有所有其他参与者的预认证信息和网络位置。 发起人根据发起人和参与者的共享信息建立与每个参与者的安全通信。

    PERSONAL DOMAIN CONTROLLER
    7.
    发明申请
    PERSONAL DOMAIN CONTROLLER 有权
    个人域控制器

    公开(公告)号:US20070266164A1

    公开(公告)日:2007-11-15

    申请号:US11383144

    申请日:2006-05-12

    申请人: Dirk Balfanz Diana Smetters Glenn Durfee Trevor Smith

    发明人: Dirk Balfanz Diana Smetters Glenn Durfee Trevor Smith

    IPC分类号: G06F15/16

    CPC分类号: H04L63/101 H04L12/2803 H04L12/2818 H04L63/0823

    摘要: A method of accessing a data resource identifies the data resource, the data resource accessible through a first device and associated with a resource locator, the first device configured to provide access to the data resource responsive to possession of a whitelisted credential. The method includes receiving a second-device credential from a second device by a personal domain controller, the personal domain controller and the first device within a first trusted relationship and provides, by the personal domain controller, the second-device credential to the first device for whitelisting subject to the first trusted relationship. The method uses, by the second device, the second-device credential to access the data resource responsive to the resource locator.

    摘要翻译: 访问数据资源的方法标识数据资源,数据资源可通过第一设备访问并与资源定位符相关联,第一设备被配置为响应于拥有白名单凭证提供对数据资源的访问。 该方法包括由个人域控制器,个人域控制器和第一信任关系中的第一设备从第二设备接收第二设备凭证,并且由个人域控制器将第二设备凭证提供给第一设备 将白名单列入第一个信任关系。 该方法由第二设备使用第二设备凭证来响应于资源定位器来访问数据资源。

    System and method for establishing temporary and permanent credentials for secure online commerce
    8.
    发明申请
    System and method for establishing temporary and permanent credentials for secure online commerce 有权
    建立用于安全在线商务的临时和永久证书的系统和方法

    公开(公告)号:US20070130617A1

    公开(公告)日:2007-06-07

    申请号:US11293402

    申请日:2005-12-02

    申请人: Glenn Durfee Dirk Balfanz Diana Smetters

    发明人: Glenn Durfee Dirk Balfanz Diana Smetters

    IPC分类号: H04L9/32

    CPC分类号: G06F21/34 G06F21/33 G06Q20/12 G06Q30/0603 H04L9/321 H04L9/3234 H04L9/3265 H04L9/3268 H04L63/0823 H04L63/0853 H04L2209/56

    摘要: One embodiment of the present invention provides a system for establishing temporary and permanent credentials for secure remote data access. The system includes a temporary smart card configured to provide a temporary credential for a first device, thereby providing the first device with temporary secure access to a remote data source when the temporary smart card is used with the first device. Additionally, the system includes an enrollment smart card configured to provide a permanent credential for a second device, thereby providing the second device with permanent secure access to the remote data source without presence of the enrollment smart card or the temporary smart card.

    摘要翻译: 本发明的一个实施例提供了一种用于建立用于安全远程数据访问的临时和永久凭证的系统。 该系统包括被配置为为第一设备提供临时证书的临时智能卡,从而当临时智能卡与第一设备一起使用时,向第一设备提供对远程数据源的临时安全访问。 此外,该系统包括被配置为为第二设备提供永久凭证的注册智能卡,从而在不存在注册智能卡或临时智能卡的情况下向第二设备提供对远程数据源的永久安全访问。

    System and method for establishing secondary channels
    9.
    发明申请
    System and method for establishing secondary channels 有权
    建立二级渠道的制度和方法

    公开(公告)号:US20070019806A1

    公开(公告)日:2007-01-25

    申请号:US11528904

    申请日:2006-09-28

    申请人: Kenneth Conley Dirk Balfanz Bryan Pendleton Diana Smetters Glenn Durfee

    发明人: Kenneth Conley Dirk Balfanz Bryan Pendleton Diana Smetters Glenn Durfee

    IPC分类号: H04K1/10

    CPC分类号: H04L63/061 H04L63/18

    摘要: A method for establishing a secondary communication channel between at least two computing devices over a network medium through use of a primary channel connects a first computing device with a first telephonic unit and a second computing device with a second telephonic unit. If the two telephonic units are in communication with each other over a primary channel, and communication channels are established between the computing devices and their respective telephonic units, then the first computing device transmits its location information to the second computing device over the primary channel. A connection is then established between the second computing device and the first computing device over a secondary communication channel.

    摘要翻译: 通过使用主信道在网络介质上在至少两个计算设备之间建立辅助通信信道的方法将第一计算设备与第一电话单元和第二计算设备与第二电话单元相连接。 如果两个电话单元在主信道上彼此通信,并且在计算设备和它们各自的电话单元之间建立通信信道,则第一计算设备通过主信道将其位置信息发送到第二计算设备。 然后通过辅助通信信道在第二计算设备和第一计算设备之间建立连接。

    Hardware-supported secure network boot
    10.
    发明申请
    Hardware-supported secure network boot 审中-公开
    硬件支持的安全网络引导

    公开(公告)号:US20060129797A1

    公开(公告)日:2006-06-15

    申请号:US11012513

    申请日:2004-12-15

    申请人: Glenn Durfee Dirk Balfanz Diana Kathryn Smetters Paul Joseph Stewart

    发明人: Glenn Durfee Dirk Balfanz Diana Kathryn Smetters Paul Joseph Stewart

    IPC分类号: G06F9/24

    CPC分类号: G06F21/575

    摘要: Systems and methods for establishing an authenticated and encrypted network connection in a boot protocol, and specifying the boot image to be loaded by a client, are disclosed. A hardware token or other portable medium, such as a USB drive or device, CD, mini-CD, or floppy diskette, is used to store authentication and/or identification information for a server. A client uses the information on the token to authenticate the network server upon initial connection to the network and request a boot image. Furthermore, the client and server may use the authentication information from the token to establish secure communications and mutually authenticate each other.

    摘要翻译: 公开了用于在引导协议中建立经认证和加密的网络连接以及指定由客户机加载的引导映像的系统和方法。 使用诸如USB驱动器或设备,CD,mini-CD或软盘的硬件令牌或其他便携式介质来存储用于服务器的认证和/或识别信息。 客户端使用令牌上的信息在初始连接到网络并验证启动映像时对网络服务器进行身份验证。 此外,客户端和服务器可以使用来自令牌的认证信息来建立安全通信并相互认证。