OPERATION OF A CERTIFICATE AUTHORITY ON A DISTRIBUTED LEDGER

    公开(公告)号:US20170338967A1

    公开(公告)日:2017-11-23

    申请号:US15599249

    申请日:2017-05-18

    摘要: An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. When the certificate authority issues a certificate, the node issues a ledger transaction with an instruction to store a validation hash of the certificate in the issuance store, and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores. An on-ledger verifier validates a certificate by verifying that its serial number is not in the revocation store while its validation hash is in the verifier's replica of the issuance store.

    MULTIFACTOR PRIVACY-ENHANCED REMOTE IDENTIFICATION USING A RICH CREDENTIAL

    公开(公告)号:US20200153824A1

    公开(公告)日:2020-05-14

    申请号:US16734316

    申请日:2020-01-04

    IPC分类号: H04L29/06 H04L9/32

    摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.

    Multifactor privacy-enhanced remote identification using a rich credential

    公开(公告)号:US10567377B2

    公开(公告)日:2020-02-18

    申请号:US15468100

    申请日:2017-03-23

    IPC分类号: H04L29/06 H04L9/32

    摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.

    PROTECTING PASSWORDS AND BIOMETRICS AGAINST BACK-END SECURITY BREACHES
    4.
    发明申请
    PROTECTING PASSWORDS AND BIOMETRICS AGAINST BACK-END SECURITY BREACHES 有权
    保护传统和生物多样性反对后端安全的侵害

    公开(公告)号:US20160269393A1

    公开(公告)日:2016-09-15

    申请号:US15136834

    申请日:2016-04-22

    IPC分类号: H04L29/06

    摘要: A method and system are provided for authenticating a user to an application back-end using a key pair and one or more bearer tokens such as a password, a biometric code, or a biometric key, while protecting the bearer tokens against back-end security breaches. In one embodiment, an application front-end authenticates the user by sending the bearer tokens and a public key to the application back-end, and demonstrating knowledge of a private key. The application back-end compares an authentication-phase tag derived from a joint hash of the public key and the bearer tokens against a registration-phase tag stored in a device record within a back-end database. The public key is not stored in the database, thereby depriving an adversary who breaches back-end security of information needed to test guesses of the bearer tokens.

    摘要翻译: 提供了一种方法和系统,用于使用密钥对和一个或多个承载令牌(例如密码,生物特征码或生物特征密钥)将用户认证到应用后端,同时保护承载令牌免受后端安全性 违规 在一个实施例中,应用程序前端通过向应用程序后端发送承载令牌和公钥来验证用户,以及演示私钥的知识。 应用程序后端将公钥的联合哈希和承载令牌之间的认证相位标签与存储在后端数据库中的设备记录中的注册阶段标签进行比较。 公共密钥不存储在数据库中,从而剥夺了一个对手破坏了持续令牌猜测所需的信息的后端安全性。

    Cryptographic authentication techniques for mobile devices
    5.
    发明授权
    Cryptographic authentication techniques for mobile devices 有权
    移动设备的加密认证技术

    公开(公告)号:US09185111B2

    公开(公告)日:2015-11-10

    申请号:US13954973

    申请日:2013-07-30

    IPC分类号: H04L29/06

    摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.

    摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱重新生成包含来自PIN和原始凭证的密钥对的证书,并且密码地认证到后端子系统中的验证者黑盒; 那么验证者黑箱将认证令牌发送给证明者黑匣子作为加密认证的可验证确认,证明者黑箱将认证令牌发送到计算设备中的应用前端,应用前端发送 后端子系统中应用程序后端的身份验证令牌,应用程序后端验证身份验证令牌。

    ENCAPSULATING THE COMPLEXITY OF CRYPTOGRAPHIC AUTHENTICATION IN BLACK-BOXES
    6.
    发明申请
    ENCAPSULATING THE COMPLEXITY OF CRYPTOGRAPHIC AUTHENTICATION IN BLACK-BOXES 审中-公开
    掩盖黑匣子中的纹理验证的复杂性

    公开(公告)号:US20140006781A1

    公开(公告)日:2014-01-02

    申请号:US13925824

    申请日:2013-06-24

    IPC分类号: H04L29/06

    摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device authenticates cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential. The verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication. The prover black-box sends the authentication token to an application front-end in the computing device. The application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.

    摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱通过证明拥有密码证书来密码地认证到后端子系统中的验证者黑箱。 验证者黑箱将认证令牌发送到证明者黑匣子,作为加密认证的可验证确认。 证明者黑箱将认证令牌发送到计算设备中的应用程序前端。 应用程序前端将认证令牌发送到后端子系统中的应用程序后端,应用程序后端会验证身份验证令牌。

    Operation of a certificate authority on a distributed ledger

    公开(公告)号:US10764067B2

    公开(公告)日:2020-09-01

    申请号:US15599249

    申请日:2017-05-18

    摘要: An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. When the certificate authority issues a certificate, the node issues a ledger transaction with an instruction to store a validation hash of the certificate in the issuance store, and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores. An on-ledger verifier validates a certificate by verifying that its serial number is not in the revocation store while its validation hash is in the verifier's replica of the issuance store.

    MULTIFACTOR PRIVACY-ENHANCED REMOTE IDENTIFICATION USING A RICH CREDENTIAL

    公开(公告)号:US20170339138A1

    公开(公告)日:2017-11-23

    申请号:US15468100

    申请日:2017-03-23

    IPC分类号: H04L29/06 H04L9/32

    摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.

    Facilitating browsing of result sets
    9.
    发明授权
    Facilitating browsing of result sets 有权
    便于浏览结果集

    公开(公告)号:US09069854B2

    公开(公告)日:2015-06-30

    申请号:US12581851

    申请日:2009-10-19

    IPC分类号: G06F3/048 G06F17/30 G06Q30/02

    摘要: A method of facilitating the browsing of a plurality of result sets by a user. The method includes displaying a plurality of queries on a computer display, each query having a corresponding result set, the plurality of queries thereby constituting a set of displayed queries, and displaying the result set of a selected displayed query in response to the user selecting the query from the set of displayed queries via a user interface procedure, while continuing to display the set of displayed queries so the user can subsequently select other queries from the set of displayed queries to thereby interleave browsing the result sets of the queries in the set of displayed queries.

    摘要翻译: 一种便于用户浏览多个结果集的方法。 该方法包括在计算机显示器上显示多个查询,每个查询具有相应的结果集,所述多个查询从而构成一组显示的查询,并响应于用户选择显示的查询显示所选择的显示查询的结果集 通过用户界面过程从显示的查询集中进行查询,同时继续显示所显示的查询集合,使得用户随后可以从所显示的查询集合中选择其他查询,从而将浏览查询的结果集进行交织 显示查询。

    PROTECTING CREDENTIALS AGAINST PHYSICAL CAPTURE OF A COMPUTING DEVICE
    10.
    发明申请
    PROTECTING CREDENTIALS AGAINST PHYSICAL CAPTURE OF A COMPUTING DEVICE 审中-公开
    保护计算机器人物理能力的证据

    公开(公告)号:US20150113283A1

    公开(公告)日:2015-04-23

    申请号:US14588413

    申请日:2015-01-01

    IPC分类号: G06F21/31 H04L9/32

    摘要: A method of activating credentials that are stored encrypted while inactive. In one embodiment a decryption key is retrieved from a key storage service after the device authenticates to the service by sending a passcode and/or a biometric key, a public key and a signature computed with a private key, the service verifying the signature and comparing a hash of the public key and the passcode and/or biometric key to a reference hash.

    摘要翻译: 激活在非活动状态下加密的凭据的方法。 在一个实施例中,在设备通过发送密码和/或生物特征密钥,公开密钥和使用私钥计算的签名来验证签名并比较之后,从密钥存储服务中检索解密密钥 公钥的密钥和密码和/或生物测定密钥的哈希值作为引用散列。