-
1.发明授权Methods and apparatus for authenticating a user multiple times during a session 有权在会话期间多次认证用户的方法和装置公开(公告)号:US08832812B1
公开(公告)日:2014-09-09
申请号:US13076869
申请日:2011-03-31
申请人: Todd Morneau , William Duane
发明人: Todd Morneau , William Duane
CPC分类号: G06F21/31 , G06F2221/2139 , H04L63/0846 , H04L63/0853 , H04L63/108
摘要: Access of a user to a protected resource during a session is controlled by issuing an authentication information request and receiving authentication information from the user responsive to the authentication information request. The user is authenticated based upon verification of the received authentication information. One or more of the issuing, receiving and authenticating steps are repeated during the session to re-authenticate the user. At least a portion of the authentication information that is used during the re-authentication is different from a corresponding portion of the authentication information that was used during the initial authentication. A secure channel is optionally established between the user and the protected resource responsive to the initial verification. The secure channel can optionally be re-established with the re-authentication using the different portion of the authentication information.
摘要翻译: 通过发出认证信息请求并响应于认证信息请求从用户接收认证信息来控制用户在会话期间对受保护资源的访问。 基于所接收的认证信息的验证来认证用户。 在会话期间重复发出,接收和认证步骤中的一个或多个以重新认证用户。 在重新认证期间使用的认证信息的至少一部分不同于在初始认证期间使用的认证信息的相应部分。 响应于初始验证,可选地在用户和受保护资源之间建立安全通道。 可以可选地使用认证信息的不同部分通过重新认证重新建立安全信道。
-
公开(公告)号:US08452989B1
公开(公告)日:2013-05-28
申请号:US12634116
申请日:2009-12-09
申请人: Todd Morneau , William Duane
发明人: Todd Morneau , William Duane
IPC分类号: G06F21/00
CPC分类号: G06F21/86 , G06F2221/2143
摘要: A technique provides security to an electronic device. The technique involves disposing a microprocessor between a printed circuit board and a circuit element to restrict physical access to the microprocessor, the microprocessor having (i) a bottom which faces the printed circuit board in a first direction and (ii) a top which faces the circuit element in a second direction which is opposite the first direction. The technique further involves delivering power to the microprocessor from a power source while the microprocessor is disposed between the printed circuit board and the circuit element, the microprocessor performing electronic operations in response to the power delivered from the power source. The technique further involves electronically altering or preventing the microprocessor from further performing the electronic operations in response to tampering activity on the circuit element. Such detection of the tampering activity may involve monitoring a covert signal for tamper evidence detection.
摘要翻译: 一种技术为电子设备提供安全性。 该技术涉及将微处理器布置在印刷电路板和电路元件之间以限制对微处理器的物理访问,微处理器具有(i)在第一方向上面向印刷电路板的底部,以及(ii)面向 电路元件在与第一方向相反的第二方向上。 该技术还包括在微处理器被布置在印刷电路板和电路元件之间时向微处理器供电,微处理器响应于从电源传递的功率执行电子操作。 该技术还涉及电子地改变或防止微处理器响应于电路元件上的篡改活动进一步执行电子操作。 这种篡改活动的检测可能涉及监视篡改证据检测的隐蔽信号。
-
公开(公告)号:US08601588B1
公开(公告)日:2013-12-03
申请号:US13173726
申请日:2011-06-30
申请人: Robert Black , William Duane , Robert S. Philpott
发明人: Robert Black , William Duane , Robert S. Philpott
IPC分类号: G06F11/00
CPC分类号: G06F21/577 , G06F11/008 , G06F21/34 , G06F21/44 , G06F21/55 , G06Q40/02 , G06Q2220/00 , H04L63/1433 , H04L63/1441
摘要: A method includes engaging in authentication operations each involving apparent use of a legitimate authenticator. Values of one or more authenticator variables are received and stored, where the authenticator variable(s) normally change in a known authenticator-specific way during the authentication operations, such as being calculated from a monotonically increasing dynamic variable. A risk analysis function is applied to the stored values to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use. The risk analysis function includes detection of an abnormal change of the authenticator variable(s), such as use of non-monotonic dynamic variable values. The risk indicator signal is output to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful authentication operation involving apparent use of the legitimate authenticator.
摘要翻译: 一种方法包括参与认证操作,每个认证操作包括明确使用合法认证器。 接收和存储一个或多个验证器变量的值,其中验证器变量在认证操作期间通常以已知的认证器特定方式改变,诸如从单调递增的动态变量计算。 对存储的值应用风险分析功能,以生成指示克隆认证器正在使用的风险级别的风险指示符信号。 风险分析功能包括检测认证者变量的异常变化,例如使用非单调动态变量值。 该风险指示信号被输出到一个接入控制器,该接入控制器基于风险指示信号所指示的风险水平来选择性地禁止涉及明确使用合法验证器的另外成功的认证操作。
-
公开(公告)号:US08458483B1
公开(公告)日:2013-06-04
申请号:US12495447
申请日:2009-06-30
申请人: Daniel Bailey , Marco Ciaffi , William Duane , Ari Juels , John O'Brien
发明人: Daniel Bailey , Marco Ciaffi , William Duane , Ari Juels , John O'Brien
CPC分类号: H04B5/0037 , G06F1/3287 , G06F21/35 , G06F21/74 , G06F21/81 , G06F2221/2105 , H04B5/0056 , H04L63/0838 , H04W4/80 , H04W12/06 , H04W52/0229 , Y02D10/171 , Y02D70/166 , Y02D70/42
摘要: A technique of message-passing using shared memory of an RF tag involves storing a message in the shared memory while a security processor of the RF tag is in a sleep mode, the security processor being constructed and arranged to access the shared memory when the security processor is in a wakened mode. The technique further involves transitioning the security processor from the sleep mode to the wakened mode, and processing the message from the shared memory using the security processor after the security processor has transitioned from the sleep mode to the wakened mode. If the security processor is awakened only as needed (rather than remain in the wakened mode), lifetime of a battery which powers the security processor can be maximized.
摘要翻译: 使用RF标签的共享存储器的消息传递的技术涉及在RF标签的安全处理器处于睡眠模式的同时将消息存储在共享存储器中,所述安全处理器被构造和布置成在安全性时访问共享存储器 处理器处于唤醒模式。 该技术还包括将安全处理器从睡眠模式转换到唤醒模式,以及在安全处理器从睡眠模式转换到唤醒模式之后,使用安全处理器处理来自共享存储器的消息。 如果仅根据需要唤醒安全处理器(而不是保持在唤醒模式),则可以最大化为安全处理器供电的电池的寿命。
-
公开(公告)号:US20070256123A1
公开(公告)日:2007-11-01
申请号:US11607836
申请日:2006-12-01
IPC分类号: H04L9/32
CPC分类号: H04L63/0838 , H04L63/1441
摘要: A system for detecting and preventing replay attacks includes a plurality of interconnected authentication servers, and one or more tokens for generating a one-time passcode and providing the one-time passcode to one of the authentication servers for authentication. The system includes an adjudicator function associated with each authentication server. The adjudicator evaluates a high water mark value associated with a token seeking authentication, allows authentication to proceed for the token if the high water mark evaluation indicates that the one-time passcode was not used in a previous authentication, and prevents authentication if the high water mark evaluation indicates that the one-time passcode was used in a previous authentication. The token is associated with a home authentication server that maintains a current high water mark of the token. The home authentication server validates the current high water mark on behalf of the adjudicator function evaluating the token for authentication.
摘要翻译: 用于检测和防止重放攻击的系统包括多个互连的认证服务器,以及用于生成一次性密码并将一次性密码提供给认证服务器之一用于认证的一个或多个令牌。 该系统包括与每个认证服务器相关联的裁判员功能。 审判员评估与令牌寻求认证相关联的高水位值,如果高水位评估指示在先前认证中未使用一次性密码,则允许认证进行令牌,并且如果高水位则防止认证 标记评估表示在以前的认证中使用一次性密码。 令牌与维护令牌当前高水位的家庭认证服务器相关联。 家庭认证服务器代表评估用于认证的令牌的裁判员功能验证当前的高水位标记。
-
公开(公告)号:US09860059B1
公开(公告)日:2018-01-02
申请号:US13336056
申请日:2011-12-23
CPC分类号: H04L9/0869 , H04L9/0866 , H04L63/045 , H04L63/0838
摘要: A method and system for use in distributing token records is disclosed. At least one token record comprises a unique seed associated with a one-time password (OTP) token. An encryption key and a corresponding decryption key are generated for assisting selective encryption and decryption of a token record associated with a OTP token. The encryption key and the decryption key being unique to an end user of the token record. The token record is encrypted with the assistance of the encryption key. One of the decryption key and the encrypted token record is provided to the end user of the token record. The other of the decryption key and the encrypted token record is provided to the end user in response to secure receipt of the one of the decryption key and the encrypted token record by the end user. The encrypted token record can be decrypted with the assistance of the decryption key.
-
公开(公告)号:US09454648B1
公开(公告)日:2016-09-27
申请号:US13336043
申请日:2011-12-23
CPC分类号: G06F21/10 , G06F21/34 , G06F2221/2107 , H04L9/0822 , H04L9/0866
摘要: Method and system for distributing token records in market environment is disclosed. At least one token record comprising a unique seed associated with a OTP token. Encryption key and decryption key are generated for assisting selective encryption and decryption of token record associated with OTP token. The token record is encrypted with the assistance of encryption key. One of encrypted token record and decryption key is provided into market environment. A device comprising an identifier for facilitating identification of token record associated with OTP token is provided into market environment together with the one of encrypted token record and decryption key. The identifier concealed by tamper-evident removable material such that any effort to reveal identifier will be readily apparent. The other of the encrypted token record and decryption key is provided to an entity in response to entity providing identifier.
摘要翻译: 公开了在市场环境中分配令牌记录的方法和系统。 至少一个令牌记录包括与OTP令牌相关联的唯一种子。 生成加密密钥和解密密钥,用于协助与OTP令牌相关联的令牌记录的选择性加密和解密。 令牌记录通过加密密钥进行加密。 加密令牌记录和解密密钥之一被提供到市场环境中。 包括用于便于识别与OTP令牌相关联的令牌记录的标识符的设备与加密的令牌记录和解密密钥中的一个一起提供给市场环境。 隐形可拆卸材料隐藏的标识符将使任何显示标识符的努力都将显而易见。 响应于实体提供标识符,加密令牌记录和解密密钥中的另一个被提供给实体。
-
公开(公告)号:US08370638B2
公开(公告)日:2013-02-05
申请号:US11357724
申请日:2006-02-17
申请人: William Duane , Jeffrey Hamel
发明人: William Duane , Jeffrey Hamel
CPC分类号: H04L9/0833 , G06F21/31 , G06F21/34 , G07C9/00015 , H04L9/0866 , H04L9/0869 , H04L9/0877 , H04L9/3213
摘要: A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.
摘要翻译: 一种为多个用户生成认证种子的方法,所述方法包括:基于单个母种,生成多个衍生种子,每个种子种类用于多个用户中的相应不同的一个; 以及将所述多个衍生种子分发到验证器以用于将所述多个用户中的每一个单独认证用于所述验证者,其中生成所述多个衍生种子中的每一个的数学上涉及所述主种子和识别相应用户的唯一标识符。
-
9.发明授权公开(公告)号:US07831837B1
公开(公告)日:2010-11-09
申请号:US11424427
申请日:2006-06-15
申请人: William Duane , Eric A. Silva , Jeffrey Hamel
发明人: William Duane , Eric A. Silva , Jeffrey Hamel
IPC分类号: G06F21/00
CPC分类号: G06F21/34 , G06F21/629 , G06F21/74 , G06F2221/2105 , H04L63/0838 , H04L63/0853
摘要: A method of communicating within a system that includes a device, a controller for the device, a token, and a driver which implements a predefined interface for enabling communication with and/or control of the device through the controller, the method involving: via the predefined interface, receiving instructions and/or data at the controller from the driver for controlling the device; via the predefined interface, receiving at the controller a preselected control parameter indicating that communication with the token is desired; and in response to receiving the preselected control parameter, directing communications to the token.
摘要翻译: 一种在系统内进行通信的方法,所述系统包括设备,用于所述设备的控制器,令牌和驱动器,所述驱动器实现用于通过所述控制器与所述设备进行通信和/或控制的预定界面,所述方法包括: 预定义接口,从控制器接收指令和/或数据从驱动器控制设备; 通过预定义的接口,在控制器处接收指示与令牌进行通信的预选控制参数; 并且响应于接收到预选的控制参数,将通信指向令牌。
-
公开(公告)号:US20060177056A1
公开(公告)日:2006-08-10
申请号:US10549542
申请日:2004-07-09
申请人: Peter Rostin , Magnus Nystrom , William Duane
发明人: Peter Rostin , Magnus Nystrom , William Duane
CPC分类号: H04L9/3234 , H04L9/06 , H04L9/0869 , H04L9/3242 , H04L9/3271 , H04L63/061 , H04L63/0823 , H04L63/0853 , H04L2209/20 , H04L2209/56 , H04L2209/80
摘要: Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at leas the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string an the second string.
摘要翻译: 利用由种子生成客户端(110c)和种子生成服务器(110s)执行的种子生成协议,用于安全地生成用于执行一个或多个密码操作的种子的技术。 种子生成服务器(110s)向种子生成客户端(110c)提供第一串。 种子生成客户端(110c)生成第二串,利用密钥(216)加密第二串,并将加密的第二串发送到种子生成服务器(110s)。 种子生成客户端(110c)根据第一串和第二串的函数产生种子。 种子生成服务器(110s)对加密的第二串(222)进行解密,并且独立地生成作为第二串的至少第一串的函数的种子。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.017 秒)
