-
公开(公告)号:US20080270791A1
公开(公告)日:2008-10-30
申请号:US11769855
申请日:2007-06-28
申请人: Magnus Nystrom , William M. Duane , James Townsend
发明人: Magnus Nystrom , William M. Duane , James Townsend
IPC分类号: H04L9/32
CPC分类号: H04L9/3228 , H04L9/0863 , H04L9/0891 , H04L9/3213 , H04L63/0807 , H04L2209/80
摘要: Techniques are disclosed for performing operations in an authentication token or other cryptographic device in a system comprising an authentication server. In one aspect, a code generated by the authentication server is received in the cryptographic device. The code may have associated therewith information specifying at least one operation to be performed by the cryptographic device. The cryptographic device authenticates the code, and responsive to authentication of the code, performs the specified operation. If the code is not authenticated, the operation is not performed. The code may be determined as a function of a one-time password generated by the authentication server. The function may also take as an input an identifier of the operation to be performed.
摘要翻译: 公开了用于在包括认证服务器的系统中的认证令牌或其他密码设备中执行操作的技术。 在一个方面,认证服务器生成的代码在密码设备中被接收。 代码可以与其相关联地指定要由密码设备执行的至少一个操作的信息。 加密设备认证代码,并响应代码的认证,执行指定的操作。 如果代码未通过验证,则不执行操作。 代码可以被确定为由认证服务器生成的一次性密码的函数。 该功能还可以作为要执行的操作的标识符作为输入。
-
公开(公告)号:US09071439B2
公开(公告)日:2015-06-30
申请号:US11769855
申请日:2007-06-28
申请人: Magnus Nyström , William M. Duane , James Townsend
发明人: Magnus Nyström , William M. Duane , James Townsend
CPC分类号: H04L9/3228 , H04L9/0863 , H04L9/0891 , H04L9/3213 , H04L63/0807 , H04L2209/80
摘要: Techniques are disclosed for performing operations in an authentication token or other cryptographic device in a system comprising an authentication server. In one aspect, a code generated by the authentication server is received in the cryptographic device. The code may have associated therewith information specifying at least one operation to be performed by the cryptographic device. The cryptographic device authenticates the code, and responsive to authentication of the code, performs the specified operation. If the code is not authenticated, the operation is not performed. The code may be determined as a function of a one-time password generated by the authentication server. The function may also take as an input an identifier of the operation to be performed.
摘要翻译: 公开了用于在包括认证服务器的系统中的认证令牌或其他密码设备中执行操作的技术。 在一个方面,认证服务器生成的代码在密码设备中被接收。 代码可以与其相关联地指定要由密码设备执行的至少一个操作的信息。 加密设备认证代码,并响应代码的认证,执行指定的操作。 如果代码未通过验证,则不执行操作。 代码可以被确定为由认证服务器生成的一次性密码的函数。 该功能还可以作为要执行的操作的标识符作为输入。
-
3.发明授权公开(公告)号:US08925058B1
公开(公告)日:2014-12-30
申请号:US13434257
申请日:2012-03-29
申请人: Yedidya Dotan , William M. Duane , John Linn , Roy Hodgman , Derek Lin
发明人: Yedidya Dotan , William M. Duane , John Linn , Roy Hodgman , Derek Lin
CPC分类号: H04L63/0861 , G06F21/31 , G06F21/32
摘要: A technique of authenticating a person involves obtaining, during a current authentication session to authenticate the person, a first authentication factor from the person and a second authentication factor from the person, at least one of the first and second authentication factors being a biometric input. The technique further involves performing an authentication operation which cross references the first authentication factor with the second authentication factor. The technique further involves outputting, as a result of the authentication operation, an authentication result signal indicating whether the authentication operation has determined the person in the current authentication session likely to be legitimate or an imposter. Such authentication, which cross references authentication factors to leverage off of their interdependency, provides stronger authentication than conventional naïve authentication.
摘要翻译: 认证人的技术涉及在当前身份认证会话期间从人员获得第一认证因子和从人员获得第二认证因素,所述第一和第二认证因素中的至少一个是生物特征输入。 该技术还涉及执行认证操作,该认证操作以第二认证因素交叉引用第一认证因素。 该技术还包括作为认证操作的结果,输出一个认证结果信号,该认证结果信号指示认证操作是否已经确定当前认证会话中的人可能是合法的或冒牌者。 这种认证交叉引用认证因素以利用其相互依赖性,提供比传统初始认证更强大的认证。
-
公开(公告)号:US08756666B1
公开(公告)日:2014-06-17
申请号:US12241166
申请日:2008-09-30
申请人: Eric A. Silva , William M. Duane
发明人: Eric A. Silva , William M. Duane
IPC分类号: G06F21/00
CPC分类号: G06F21/34
摘要: Authentication codes associated with an entity are generated. A stored secret associated with an entity is retrieved. At a first point in time, a first dynamic value associated with a first time interval is determined. A first authentication code based on the first dynamic value is determined. At a second point in time, a second dynamic value associated with a second time interval is determined. A second authentication code based on the second dynamic value is determined. The first and second authentication codes are derived from the stored secret and the amount of time between the first and second points in time is different from the length of the first time interval.
摘要翻译: 生成与实体相关联的认证码。 检索与实体相关联的存储秘密。 在第一时间点,确定与第一时间间隔相关联的第一动态值。 确定基于第一动态值的第一认证码。 在第二时间点,确定与第二时间间隔相关联的第二动态值。 确定基于第二动态值的第二认证码。 从所存储的秘密导出第一和第二认证码,并且第一和第二时间点之间的时间量与第一时间间隔的长度不同。
-
公开(公告)号:US08560837B1
公开(公告)日:2013-10-15
申请号:US12826935
申请日:2010-06-30
申请人: William M. Duane
发明人: William M. Duane
CPC分类号: H04L29/06 , H04L9/12 , H04L9/3226 , H04L9/3234 , H04L9/3297 , H04L63/0853 , H04L2463/121
摘要: A method, system, and program product for use in estimating clock offset in a security environment, the security environment comprising a token generator comprising a token generator clock and an Authenticator comprising an Authenticator clock, the method comprising recording a plurality of delta values; wherein each value of the plurality of delta values corresponds to a difference between the token generator clock and the Authenticator clock, wherein the token generator clock and the Authenticator clock are not communicatively coupled, and fitting the plurality of delta values to a function.
摘要翻译: 一种用于估计安全环境中的时钟偏移的方法,系统和程序产品,所述安全环境包括包括令牌发生器时钟的令牌发生器和包括认证器时钟的认证器,所述方法包括:记录多个增量值; 其中所述多个Δ值的每个值对应于所述令牌生成器时钟和所述认证器时钟之间的差异,其中所述令牌生成器时钟和所述认证器时钟不被通信耦合,并且将所述多个增量值拟合到功能。
-
6.发明授权Controlling access to a computerized resource based on authentication using pulse data 有权基于使用脉冲数据的认证来控制对计算机资源的访问公开(公告)号:US08902045B1
公开(公告)日:2014-12-02
申请号:US13336573
申请日:2011-12-23
申请人: John Linn , William M. Duane , Yedidya Dotan , Roy Hodgman
发明人: John Linn , William M. Duane , Yedidya Dotan , Roy Hodgman
IPC分类号: G08B21/00
CPC分类号: G06F21/32 , A61B5/0077 , A61B5/024 , A61B5/0452 , A61B5/117 , A61B5/7264 , G06K9/00288 , G06K9/00617 , G06K9/00892 , G06K2009/00322 , G06K2009/00939 , H04L63/0861 , H04W12/06
摘要: A technique performs an authentication operation using pulse and facial data from a user. The technique involves obtaining current pulse data from a user, and performing a comparison between the current pulse data from the user and expected pulse data for the user. The technique further involves generating an authentication result based on the comparison between the current pulse data and the expected pulse data. The authentication result may control user access to a computerized resource. Since such a technique uses pulse data, a perpetrator cannot simply submit a static image of a subject's face to circumvent the authentication process. In some arrangements, the technique involves obtaining videos of human faces and deriving cardiac pulse rates from the videos. For such arrangements, a standard webcam can be used to capture the videos. Moreover, such techniques are capable of factoring in circadian rhythms and/or aging adjustments to detect and thwart video replay attacks.
摘要翻译: 一种技术使用来自用户的脉冲和面部数据进行认证操作。 该技术涉及从用户获取当前脉冲数据,并且执行来自用户的当前脉冲数据与用户的预期脉冲数据之间的比较。 该技术还涉及基于当前脉冲数据与预期脉冲数据之间的比较产生认证结果。 认证结果可以控制用户对计算机资源的访问。 由于这种技术使用脉冲数据,所以犯罪者不能简单地提交被摄体脸部的静态图像以绕过认证过程。 在某些安排中,该技术涉及从视频获得人脸视频和导出心脏脉搏率。 对于这样的安排,可以使用标准网络摄像头来捕获视频。 此外,这些技术能够考虑昼夜节奏和/或老化调整以检测和阻止视频重播攻击。
-
公开(公告)号:US08683563B1
公开(公告)日:2014-03-25
申请号:US13435616
申请日:2012-03-30
申请人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
IPC分类号: G06F7/04
CPC分类号: H04L9/00 , G06F21/43 , G06F21/554 , G06F21/56 , H04L63/1433 , H04W12/06 , H04W12/12
摘要: An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.
摘要翻译: 用于评估其上运行软令牌的设备的安全状态的改进技术从运行软令牌的设备收集设备姿态信息,并且发起设备姿态信息传输到服务器以用于评估设备是否已经被 遭受恶意活动。 设备姿态信息可以涉及设备的软件状态,硬件状态和/或环境上下文。 在一些示例中,设备姿态信息被直接发送到服务器。 在其他示例中,设备姿态信息通过嵌入在显示给用户的密码中的辅助位发送到服务器,用户可以作为认证请求的一部分读取和传送到服务器。 服务器可以在多个区域中应用设备姿态信息,包括例如认证管理,风险评估和/或安全分析。
-
公开(公告)号:US08312519B1
公开(公告)日:2012-11-13
申请号:US12895130
申请日:2010-09-30
申请人: Daniel V Bailey , John G. Brainard , William M. Duane , Michael J. O'Malley , Robert S. Phipott
发明人: Daniel V Bailey , John G. Brainard , William M. Duane , Michael J. O'Malley , Robert S. Phipott
CPC分类号: H04L63/0838 , H04L9/003 , H04L9/3228 , H04L9/3234 , H04L63/0435 , H04L63/0823
摘要: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.
摘要翻译: 一种用于在安全环境中敏捷生成一次密码(OTP)的方法,系统和装置,所述安全环境具有包括令牌生成器算法和验证器的令牌生成器,所述方法包括根据令牌生成器根据 方差技术; 其中所述方差技术从一组方差技术中选择,在验证器处接收所述OTP,在所述验证器处确定所述令牌生成器用于生成所述OTP的方差技术,以及基于所述OTP确定是否验证所述OTP 和方差技术。
-
9.发明授权公开(公告)号:US07562221B2
公开(公告)日:2009-07-14
申请号:US11530998
申请日:2006-09-12
IPC分类号: H04L9/32
CPC分类号: G06Q20/3674 , G06F21/41 , H04L9/3213 , H04L9/3228 , H04L63/0807 , H04L63/0815 , H04L63/0838
摘要: A single sign-on technique allows multiple accesses to one or more applications or other resources using a proof-of-authentication module operating in conjunction with a standard authentication component. The application or other resource issues an authentication information request to the standard authentication component responsive to an access request from the user. The application or other resource receives, responsive to the authentication information request, a proof-of-authentication value from the standard authentication component, and authenticates the user based on the proof-of-authentication value. The standard authentication component interacts with the proof-of-authentication module to obtain the proof-of-authentication value. The proof-of-authentication module is configured to generate multiple proof-of-authentication values for authentication of respective access requests of the user.
摘要翻译: 单一登录技术允许使用与标准认证组件一起运行的认证证明模块对一个或多个应用程序或其他资源进行多次访问。 响应于来自用户的访问请求,应用或其他资源向标准认证组件发出认证信息请求。 应用程序或其他资源响应于认证信息请求接收来自标准认证组件的认证证明值,并且基于认证证明值对用户进行认证。 标准认证组件与认证证明模块交互以获得认证证明值。 身份验证模块被配置为生成用于认证用户的各个访问请求的多个认证证明值。
-
10.发明授权Performing an authentication operation during user access to a computerized resource 有权在用户访问计算机资源期间执行认证操作公开(公告)号:US09119539B1
公开(公告)日:2015-09-01
申请号:US13432732
申请日:2012-03-28
CPC分类号: A61B5/02438 , G06F21/32 , H04L63/0861 , H04L67/04 , H04L67/14 , H04W12/06
摘要: A method, electronic apparatus and computer program product for performing authentication operation is disclosed. An authentication request is received from user of computerized resource. The request comprises user identifier identifying user. The authenticity of user is verified based on user identifier. An access session is established in which user can access resource in response to successfully verifying user. An electronic input signal is received from electronic input device during session. The device is configured to take a biometric measurement from the user. Biometric data is derived from signal. A comparison is performed between biometric data and expected biometric data. An authentication result is generated based on comparison between biometric data and expected biometric data, wherein result can be used for further authentication of user during session.
摘要翻译: 公开了一种执行认证操作的方法,电子设备和计算机程序产品。 从计算机化资源的用户接收到认证请求。 该请求包括用户识别用户标识符。 基于用户标识验证用户的真实性。 建立访问会话,用户可以在其中访问资源以响应成功验证用户。 在会话期间从电子输入设备接收电子输入信号。 该设备被配置为从用户进行生物测量。 生物特征数据来源于信号。 在生物特征数据和预期生物特征数据之间进行比较。 基于生物特征数据和预期生物特征数据之间的比较来生成认证结果,其中结果可以用于会话期间用户的进一步验证。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.028 秒)
