-
1.发明授权公开(公告)号:US08146141B1
公开(公告)日:2012-03-27
申请号:US11014127
申请日:2004-12-16
申请人: Michael Grandcolas , Marc Guzman , Thomas Yee , Dilip Parekh , Yongqiang Chen
发明人: Michael Grandcolas , Marc Guzman , Thomas Yee , Dilip Parekh , Yongqiang Chen
IPC分类号: G06F7/04
CPC分类号: H04L9/3226 , H04L9/0825 , H04L63/045 , H04L63/0853 , H04L2209/56
摘要: A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which during a log on process, an encryption applet and the public key of a public/private key pair of a banking application server, the private key for which is known by a hardware security module (HSM) of the banking application, are downloaded by a user's browser. The applet contains code for generating a DES key and performing DES and PKI encryption. A user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of the application server by the applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.
摘要翻译: 一种用于安全地登录到银行系统认证服务器的方法和系统,使得用户证书在与登录过程中的系统的交互期间不会出现在清楚中,其中在登录过程中,加密小程序和公钥/私钥对的公钥 的银行应用服务器,其私钥由银行应用的硬件安全模块(HSM)知道,由用户的浏览器下载。 该小程序包含用于生成DES密钥和执行DES和PKI加密的代码。 用户的凭证被DES加密,并且DES密钥在被发送到应用服务器之前由小应用程序使用应用服务器的公钥进行PKI加密。 在应用服务器的HSM内,HSM在认证服务器已知的新DES密钥下对证书进行解密和重新加密,将重新加密的证书转发给认证服务器,并使用认证已知的新DES密钥进行解密 服务器,并由验证服务器验证。
-
2.发明申请公开(公告)号:US20120072714A1
公开(公告)日:2012-03-22
申请号:US13296347
申请日:2011-11-15
申请人: Michael Grandcolas , Marc Guzman , Thomas Yee , Dilip Parekh , Yonggiang Chen
发明人: Michael Grandcolas , Marc Guzman , Thomas Yee , Dilip Parekh , Yonggiang Chen
IPC分类号: H04L9/32
CPC分类号: H04L9/3226 , H04L9/0825 , H04L63/045 , H04L63/0853 , H04L2209/56
摘要: A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which a user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of an application server by an encryption applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.
摘要翻译: 一种用于安全地登录到银行系统认证服务器的方法和系统,使得用户凭证在与用户凭证被DES加密的系统交互期间不会出现清楚,并且DES密钥是用公钥的PKI加密的 应用服务器由加密小程序发送到应用服务器之前。 在应用服务器的HSM内,HSM在认证服务器已知的新DES密钥下解密并重新加密证书,将重新加密的证书转发给认证服务器,并用认证已知的新DES密钥进行解密 服务器,并由验证服务器验证。
-
3.发明授权公开(公告)号:US08302172B2
公开(公告)日:2012-10-30
申请号:US13296347
申请日:2011-11-15
申请人: Michael Grandcolas , Marc Guzman , Thomas Yee , Dilip Parekh , Yonggiang Chen
发明人: Michael Grandcolas , Marc Guzman , Thomas Yee , Dilip Parekh , Yonggiang Chen
IPC分类号: G06F7/04
CPC分类号: H04L9/3226 , H04L9/0825 , H04L63/045 , H04L63/0853 , H04L2209/56
摘要: A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which a user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of an application server by an encryption applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.
摘要翻译: 一种用于安全地登录到银行系统认证服务器的方法和系统,使得用户凭证在与用户凭证被DES加密的系统交互期间不会出现清楚,并且DES密钥是用公钥的PKI加密的 应用服务器由加密小程序发送到应用服务器之前。 在应用服务器的HSM内,HSM在认证服务器已知的新DES密钥下解密并重新加密证书,将重新加密的证书转发给认证服务器,并用认证已知的新DES密钥进行解密 服务器,并由验证服务器验证。
-
4.发明申请Methods and systems for implementing on-line financial institution services via a single platform 审中-公开通过单一平台实施在线金融机构服务的方法和系统公开(公告)号:US20060195816A1
公开(公告)日:2006-08-31
申请号:US11242565
申请日:2005-10-03
申请人: Michael Grandcolas , John Riblett , Ted Krawiec , Albert Cohen , Sam Shahdousti , Naresh Vyas , Mike Mast , Simon Khilkevich , Gene Stolarov , Irina Koryakovtseva , Grigor Markarian , Jeremy Dimond , Avinash Kharul , Amit Chitnis , Ravin Vernekar , Dilip Parekh , Mark Bitter , Farah Khalili , Teresa Petach , Chris Kowalski , Rajashree Karwa
发明人: Michael Grandcolas , John Riblett , Ted Krawiec , Albert Cohen , Sam Shahdousti , Naresh Vyas , Mike Mast , Simon Khilkevich , Gene Stolarov , Irina Koryakovtseva , Grigor Markarian , Jeremy Dimond , Avinash Kharul , Amit Chitnis , Ravin Vernekar , Dilip Parekh , Mark Bitter , Farah Khalili , Teresa Petach , Chris Kowalski , Rajashree Karwa
IPC分类号: G06F9/44
CPC分类号: G06Q40/02
摘要: A method and system for implementing on-line financial institution services via a single physical and logical platform deploys global online banking applications in an environment in which the applications are built from a single source base and adapted to various business rules and languages associated with different regions, countries and businesses. Separate web apps are created for each individual business according to contextual attributes, and application servers running the context dependent web apps provide the interface between customers and banking functionality. The platform relies in part on reuse of appropriate components to achieve integration, as well as sharing of core services. As a result of the independent nature of business specific components, each business may require different versions of application software and may update or implement new components without affecting existing business components.
摘要翻译: 通过单一物理和逻辑平台实现在线金融机构服务的方法和系统在一个环境中部署全球网络银行应用程序,其中应用程序是从单个来源基础构建的,并适应各种与不同区域相关联的业务规则和语言 ,国家和企业。 根据上下文属性为每个单独的业务创建单独的Web应用程序,运行上下文相关Web应用程序的应用程序服务器提供客户和银行功能之间的接口。 该平台部分依赖于适当组件的重用以实现集成,以及核心服务的共享。 由于业务特定组件的独立性,每个业务可能需要不同版本的应用软件,并且可能会更新或实现新组件,而不会影响现有的业务组件。
-
公开(公告)号:US20070250808A1
公开(公告)日:2007-10-25
申请号:US11812945
申请日:2007-06-22
申请人: James Zeanah , Charles Abbott , Nik Boyd , Albert Cohen , James Cook , Michael Grandcolas , Sikun Lan , Bonnie Lindsley , Grigor Markarian , Leslie Moss
发明人: James Zeanah , Charles Abbott , Nik Boyd , Albert Cohen , James Cook , Michael Grandcolas , Sikun Lan , Bonnie Lindsley , Grigor Markarian , Leslie Moss
IPC分类号: G06F9/44
CPC分类号: G06Q20/30 , G06Q20/32 , G06Q20/322 , G06Q20/3227 , G06Q20/3552 , G06Q40/00 , G07F19/206
摘要: A financial institution can provide financial services to a plurality of remote devices, such as personal computers, personal data assistants, screen phones, automatic teller machines, external service providers, and internally to staff terminals and individual branches. By separating the components of the system into independent components, the system and method can be developed and tested on a component level rather than the entire system level, thereby reducing the development and maintenance cycle time. The system and method operate in sessions and can employ a dialog component for gathering information from a customer, a rule broker component for providing answers to the various legal and regulatory rules in a particular country, a language man component for selecting appropriate language, a transaction executor component for performing transactions, and a presentation manager component for formatting outputs to the customer.
摘要翻译: 金融机构可以向个人计算机,个人数据助理,屏幕电话,自动取款机,外部服务提供商等多个远程设备提供金融服务,并且向内部向员工终端和各个分支机构提供金融服务。 通过将系统的组件分离成独立的组件,可以在组件级别而不是整个系统级别上开发和测试系统和方法,从而减少开发和维护周期时间。 该系统和方法在会话中进行操作,并且可以使用用于从客户收集信息的对话组件,用于提供特定国家的各种法律和规则规则的答案的规则代理组件,用于选择适当语言的语言人组件,交易 执行交易的执行者组件,以及用于将输出格式化给客户的演示管理器组件。
-
公开(公告)号:US20050135345A1
公开(公告)日:2005-06-23
申请号:US11043088
申请日:2005-01-27
申请人: Alan Young , Peter Tompkins , Michael Grandcolas
发明人: Alan Young , Peter Tompkins , Michael Grandcolas
IPC分类号: G06Q20/00 , G06Q30/00 , G07F7/08 , G07F7/10 , H04L29/06 , H04L29/08 , H04M3/493 , H04M7/12 , H04L12/66
CPC分类号: H04L63/0281 , G06Q20/04 , G06Q20/12 , G06Q20/16 , G06Q20/32 , G06Q20/327 , G06Q20/341 , G06Q20/363 , G06Q30/06 , G07F7/0866 , G07F7/0886 , G07F7/1008 , H04L29/06 , H04L67/16 , H04L67/26 , H04L67/28 , H04L67/2823 , H04L67/2842 , H04L67/42 , H04L69/08 , H04L69/329 , H04M3/493 , H04M7/0012 , H04M7/12
摘要: The present invention allows a customer to use any of a number of a plurality of devices to access data and make transactions using an institution's computers and databases from many different locations throughout the world. As an example, a banking customer may use either a telephone, a palm computer or a television to determine his checking account balance while vacationing in a foreign country. The present invention operates by connecting the customer to the desired computer and database using universal protocol so that location becomes irrelevant. Another feature of the present invention is the efficient use of different networks with varying transmission speeds.
-
公开(公告)号:USD419543S
公开(公告)日:2000-01-25
申请号:US74594
申请日:1997-08-06
-
公开(公告)号:US08543982B2
公开(公告)日:2013-09-24
申请号:US11812945
申请日:2007-06-22
申请人: James Zeanah , Charles Abbott , Nik Boyd , Albert Cohen , James Cook , Michael Grandcolas , Sikun Lan , Bonnie Lindsley , Grigor Markarian , Leslie Moss
发明人: James Zeanah , Charles Abbott , Nik Boyd , Albert Cohen , James Cook , Michael Grandcolas , Sikun Lan , Bonnie Lindsley , Grigor Markarian , Leslie Moss
CPC分类号: G06Q20/30 , G06Q20/32 , G06Q20/322 , G06Q20/3227 , G06Q20/3552 , G06Q40/00 , G07F19/206
摘要: A financial institution can provide financial services to a plurality of remote devices, such as personal computers, personal data assistants, screen phones, automatic teller machines, external service providers, and internally to staff terminals and individual branches. By separating the components of the system into independent components, the system and method can be developed and tested on a component level rather than the entire system level, thereby reducing the development and maintenance cycle time. The system and method operate in sessions and can employ a dialog component for gathering information from a customer, a rule broker component for providing answers to the various legal and regulatory rules in a particular country, a language man component for selecting appropriate language, a transaction executor component for performing transactions, and a presentation manager component for formatting outputs to the customer.
-
公开(公告)号:US08181232B2
公开(公告)日:2012-05-15
申请号:US11494224
申请日:2006-07-27
CPC分类号: G06Q20/425 , G06F21/42 , G06Q20/4014 , G06Q30/06 , G07F7/1008 , G07F7/1025 , H04L63/08 , H04L63/0838 , H04L63/18 , H04L2463/102
摘要: A computer-implemented method and system for secure user authentication in electronic commerce involves maintaining electronic information having a first aspect that is accessible over a first electronic communication channel in response to entry of a first credential known to the user and a second aspect that is accessible by the user over the first electronic communication channel in response to entry of a second credential provided to the user at a pre-registered delivery address on a second electronic communication channel. The second credential is provided to the user via the second electronic communication channel in response to entry of a pre-determined user selection during a current session of user access to the first aspect if no change has occurred in the pre-registered delivery address within a pre-determined period of time, and the user is allowed a session of access to the second aspect in response to entry of the second credential either during the current session of user access to the first aspect or during a succeeding session of user access to the first aspect.
摘要翻译: 用于电子商务中用于安全用户认证的计算机实现的方法和系统涉及维护具有第一方面的电子信息,所述第一方面可响应于对用户已知的第一证书的输入而可在第一电子通信信道上访问,以及可访问的第二方面 响应于在第二电子通信信道上以预先注册的传送地址提供给用户的第二凭证的输入,用户通过第一电子通信信道通过第一电子通信信道。 在第一方面的用户访问的当前会话期间响应于预定用户选择的输入,经由第二电子通信信道向用户提供第二凭证,如果在预先注册的递送地址内没有发生改变 预定的时间段,并且允许用户响应于第二证书的输入在第一方面的用户访问的当前会话期间或在用户访问第二方面的后续会话期间访问第二方面的会话 第一方面。
-
公开(公告)号:US20070050840A1
公开(公告)日:2007-03-01
申请号:US11494224
申请日:2006-07-27
IPC分类号: H04L9/32
CPC分类号: G06Q20/425 , G06F21/42 , G06Q20/4014 , G06Q30/06 , G07F7/1008 , G07F7/1025 , H04L63/08 , H04L63/0838 , H04L63/18 , H04L2463/102
摘要: A computer-implemented method and system for secure user authentication in electronic commerce involves maintaining electronic information having a first aspect that is accessible over a first electronic communication channel in response to entry of a first credential known to the user and a second aspect that is accessible by the user over the first electronic communication channel in response to entry of a second credential provided to the user at a pre-registered delivery address on a second electronic communication channel. The second credential is provided to the user via the second electronic communication channel in response to entry of a pre-determined user selection during a current session of user access to the first aspect if no change has occurred in the pre-registered delivery address within a pre-determined period of time, and the user is allowed a session of access to the second aspect in response to entry of the second credential either during the current session of user access to the first aspect or during a succeeding session of user access to the first aspect.
摘要翻译: 用于电子商务中用于安全用户认证的计算机实现的方法和系统涉及维护具有第一方面的电子信息,所述第一方面可响应于对用户已知的第一证书的输入而可在第一电子通信信道上访问,以及可访问的第二方面 响应于在第二电子通信信道上以预先注册的传送地址提供给用户的第二凭证的输入,用户通过第一电子通信信道通过第一电子通信信道。 在第一方面的用户访问的当前会话期间响应于预定用户选择的输入,经由第二电子通信信道向用户提供第二凭证,如果在预先注册的递送地址内没有发生改变 预定的时间段,并且允许用户响应于第二证书的输入在第一方面的用户访问的当前会话期间或在用户访问第二方面的后续会话期间访问第二方面的会话 第一方面。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.03 秒)
