公开(公告)号：US09160732B2

公开(公告)日：2015-10-13

申请号：US14068586

申请日：2013-10-31

申请人： SecureKey Technologies Inc.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Patrick Hans Engel ,  Rene McIver ,  Greg Wolfond ,  Andre Boysen

IPC分类号： G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  G06F21/00

CPC分类号： H04L63/08 ,  G06F21/00 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/0853 ,  H04L2209/56 ,  H04L2209/80

摘要： A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.

摘要翻译： 描述了通过网络在网络客户端和计算机服务器之间建立通信信道的方法。 网络客户端可以被配置为通过网络与计算机服务器通信并与令牌管理器进行通信。 令牌管理器可以配置有与令牌管理器相关联的父数字证书。 令牌管理器或网络客户端从父数字证书生成凭证，并将凭证发送到计算机服务器。 证书可能与计算机服务器相关联。 网络客户端可以根据由计算机服务器确定证书的有效性的结果与计算机服务器建立通信信道。

公开(公告)号：US10735397B2

公开(公告)日：2020-08-04

申请号：US16253600

申请日：2019-01-22

申请人： SecureKey Technologies Inc.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Dmitry Barinov ,  Michael Varley ,  David Alexander Stark ,  Gregory Howard Wolfond ,  Aleksandar Likic ,  Michael John Page

IPC分类号： H04L21/00 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F11/30

摘要： Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

公开(公告)号：US10547643B2

公开(公告)日：2020-01-28

申请号：US15443400

申请日：2017-02-27

申请人： SecureKey Technologies Inc.

发明人： Michael Varley ,  Troy Jacob Ronda ,  Dmitry Barinov ,  Gregory Howard Wolfond ,  Pierre Antoine Roberge

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04L9/08

摘要： Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.

公开(公告)号：US10237259B2

公开(公告)日：2019-03-19

申请号：US15445367

申请日：2017-02-28

申请人： SecureKey Technologies Inc.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Dmitry Barinov ,  Michael Varley ,  David Alexander Stark ,  Gregory Howard Wolfond ,  Aleksandar Likic ,  Michael John Page

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04L9/08

摘要： Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

公开(公告)号：US20190158481A1

公开(公告)日：2019-05-23

申请号：US16253600

申请日：2019-01-22

申请人： SecureKey Technologies Inc.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Dmitry Barinov ,  Michael Varley ,  David Alexander Stark ,  Gregory Howard Wolfond ,  Aleksandar Likic ,  Michael John Page

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/32

摘要： Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

公开(公告)号：US09860245B2

公开(公告)日：2018-01-02

申请号：US14753177

申请日：2015-06-29

申请人： SecureKey Technologies Inc.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Patrick Hans Engel ,  Rene McIver ,  Gregory Howard Wolfond ,  Andre Michael Boysen

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0853 ,  H04L9/3213 ,  H04L9/3215 ,  H04L9/3228 ,  H04L9/3268 ,  H04L63/08 ,  H04L2209/56 ,  H04L2463/102

摘要： A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.

公开(公告)号：US20150304319A1

公开(公告)日：2015-10-22

申请号：US14753177

申请日：2015-06-29

申请人： SecureKey Technologies Inc.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Patrick Hans Engel ,  Rene Mclve ,  Gregory Howard Wolfond ,  Andre Michael Boysen

IPC分类号： H04L29/06

CPC分类号： H04L63/0853 ,  H04L9/3213 ,  H04L9/3215 ,  H04L9/3228 ,  H04L9/3268 ,  H04L63/08 ,  H04L2209/56 ,  H04L2463/102

摘要： A method of authenticating a network client to a relying party computer via a computer server comprises the computer server receiving a transaction code from a token manager via a first communications channel. The network client is configured to communicate with a token manager which is configured to communicate with a hardware token interfaced therewith. The network client is also configured to communicate with the relying party computer and the computer server. The computer server also receives a transaction pointer from the relying party computer via a second communications channel that is distinct from the first communications channel. Preferably, the transaction pointer is unpredictable by the computer server. The computer server transmits an authorization signal to the relying party computer in accordance with a correlation between the transaction code and the transaction pointer. The authorization signal facilitates authentication of the network client to the relying party computer.

摘要翻译： 经由计算机服务器向依赖方计算机认证网络客户端的方法包括计算机服务器经由第一通信信道从令牌管理器接收事务代码。 网络客户端被配置为与被配置为与与其接口的硬件令牌通信的令牌管理器进行通信。 网络客户端还被配置为与依赖方计算机和计算机服务器进行通信。 计算机服务器还经由与第一通信信道不同的第二通信信道从依赖方计算机接收事务指针。 优选地，计算机服务器不可预测事务指针。 计算机服务器根据事务代码和事务指针之间的相关性向依赖方计算机发送授权信号。 授权信号有助于认证网络客户端到依赖方计算机。

公开(公告)号：US20140059348A1

公开(公告)日：2014-02-27

申请号：US14068586

申请日：2013-10-31

申请人： SECUREKEY TECHNOLOGIES INC.

发明人： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Patrick Hans Engel ,  Rene McIver ,  Greg Wolfond ,  Andre Boysen

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/08 ,  G06F21/00 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/0853 ,  H04L2209/56 ,  H04L2209/80

摘要： A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.

摘要翻译： 描述了通过网络在网络客户端和计算机服务器之间建立通信信道的方法。 网络客户端可以被配置为通过网络与计算机服务器通信并与令牌管理器进行通信。 令牌管理器可以配置有与令牌管理器相关联的父数字证书。 令牌管理器或网络客户端从父数字证书生成凭证，并将凭证发送到计算机服务器。 证书可能与计算机服务器相关联。 网络客户端可以根据由计算机服务器确定证书的有效性的结果与计算机服务器建立通信信道。