Method and system for detection of clone authenticator
    2.
    发明授权
    Method and system for detection of clone authenticator 有权
    检测克隆鉴别器的方法和系统

    公开(公告)号:US08601588B1

    公开(公告)日:2013-12-03

    申请号:US13173726

    申请日:2011-06-30

    IPC分类号: G06F11/00

    摘要: A method includes engaging in authentication operations each involving apparent use of a legitimate authenticator. Values of one or more authenticator variables are received and stored, where the authenticator variable(s) normally change in a known authenticator-specific way during the authentication operations, such as being calculated from a monotonically increasing dynamic variable. A risk analysis function is applied to the stored values to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use. The risk analysis function includes detection of an abnormal change of the authenticator variable(s), such as use of non-monotonic dynamic variable values. The risk indicator signal is output to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful authentication operation involving apparent use of the legitimate authenticator.

    摘要翻译: 一种方法包括参与认证操作,每个认证操作包括明确使用合法认证器。 接收和存储一个或多个验证器变量的值,其中验证器变量在认证操作期间通常以已知的认证器特定方式改变,诸如从单调递增的动态变量计算。 对存储的值应用风险分析功能,以生成指示克隆认证器正在使用的风险级别的风险指示符信号。 风险分析功能包括检测认证者变量的异常变化,例如使用非单调动态变量值。 该风险指示信号被输出到一个接入控制器,该接入控制器基于风险指示信号所指示的风险水平来选择性地禁止涉及明确使用合法验证器的另外成功的认证操作。

    Techniques for message-passing using shared memory of an RF tag
    3.
    发明授权
    Techniques for message-passing using shared memory of an RF tag 有权
    使用RF标签的共享存储器进行消息传递的技术

    公开(公告)号:US08458483B1

    公开(公告)日:2013-06-04

    申请号:US12495447

    申请日:2009-06-30

    IPC分类号: G06F21/00 G06F12/14

    摘要: A technique of message-passing using shared memory of an RF tag involves storing a message in the shared memory while a security processor of the RF tag is in a sleep mode, the security processor being constructed and arranged to access the shared memory when the security processor is in a wakened mode. The technique further involves transitioning the security processor from the sleep mode to the wakened mode, and processing the message from the shared memory using the security processor after the security processor has transitioned from the sleep mode to the wakened mode. If the security processor is awakened only as needed (rather than remain in the wakened mode), lifetime of a battery which powers the security processor can be maximized.

    摘要翻译: 使用RF标签的共享存储器的消息传递的技术涉及在RF标签的安全处理器处于睡眠模式的同时将消息存储在共享存储器中,所述安全处理器被构造和布置成在安全性时访问共享存储器 处理器处于唤醒模式。 该技术还包括将安全处理器从睡眠模式转换到唤醒模式,以及在安全处理器从睡眠模式转换到唤醒模式之后,使用安全处理器处理来自共享存储器的消息。 如果仅根据需要唤醒安全处理器(而不是保持在唤醒模式),则可以最大化为安全处理器供电的电池的寿命。

    Detecting and preventing replay in authentication systems
    4.
    发明申请
    Detecting and preventing replay in authentication systems 有权
    检测和防止认证系统中的重放

    公开(公告)号:US20070256123A1

    公开(公告)日:2007-11-01

    申请号:US11607836

    申请日:2006-12-01

    IPC分类号: H04L9/32

    CPC分类号: H04L63/0838 H04L63/1441

    摘要: A system for detecting and preventing replay attacks includes a plurality of interconnected authentication servers, and one or more tokens for generating a one-time passcode and providing the one-time passcode to one of the authentication servers for authentication. The system includes an adjudicator function associated with each authentication server. The adjudicator evaluates a high water mark value associated with a token seeking authentication, allows authentication to proceed for the token if the high water mark evaluation indicates that the one-time passcode was not used in a previous authentication, and prevents authentication if the high water mark evaluation indicates that the one-time passcode was used in a previous authentication. The token is associated with a home authentication server that maintains a current high water mark of the token. The home authentication server validates the current high water mark on behalf of the adjudicator function evaluating the token for authentication.

    摘要翻译: 用于检测和防止重放攻击的系统包括多个互连的认证服务器,以及用于生成一次性密码并将一次性密码提供给认证服务器之一用于认证的一个或多个令牌。 该系统包括与每个认证服务器相关联的裁判员功能。 审判员评估与令牌寻求认证相关联的高水位值,如果高水位评估指示在先前认证中未使用一次性密码,则允许认证进行令牌,并且如果高水位则防止认证 标记评估表示在以前的认证中使用一次性密码。 令牌与维护令牌当前高水位的家庭认证服务器相关联。 家庭认证服务器代表评估用于认证的令牌的裁判员功能验证当前的高水位标记。

    Distributing token records
    5.
    发明授权

    公开(公告)号:US09860059B1

    公开(公告)日:2018-01-02

    申请号:US13336056

    申请日:2011-12-23

    摘要: A method and system for use in distributing token records is disclosed. At least one token record comprises a unique seed associated with a one-time password (OTP) token. An encryption key and a corresponding decryption key are generated for assisting selective encryption and decryption of a token record associated with a OTP token. The encryption key and the decryption key being unique to an end user of the token record. The token record is encrypted with the assistance of the encryption key. One of the decryption key and the encrypted token record is provided to the end user of the token record. The other of the decryption key and the encrypted token record is provided to the end user in response to secure receipt of the one of the decryption key and the encrypted token record by the end user. The encrypted token record can be decrypted with the assistance of the decryption key.

    Distributing token records in a market environment
    6.
    发明授权
    Distributing token records in a market environment 有权
    在市场环境中分配令牌记录

    公开(公告)号:US09454648B1

    公开(公告)日:2016-09-27

    申请号:US13336043

    申请日:2011-12-23

    摘要: Method and system for distributing token records in market environment is disclosed. At least one token record comprising a unique seed associated with a OTP token. Encryption key and decryption key are generated for assisting selective encryption and decryption of token record associated with OTP token. The token record is encrypted with the assistance of encryption key. One of encrypted token record and decryption key is provided into market environment. A device comprising an identifier for facilitating identification of token record associated with OTP token is provided into market environment together with the one of encrypted token record and decryption key. The identifier concealed by tamper-evident removable material such that any effort to reveal identifier will be readily apparent. The other of the encrypted token record and decryption key is provided to an entity in response to entity providing identifier.

    摘要翻译: 公开了在市场环境中分配令牌记录的方法和系统。 至少一个令牌记录包括与OTP令牌相关联的唯一种子。 生成加密密钥和解密密钥,用于协助与OTP令牌相关联的令牌记录的选择性加密和解密。 令牌记录通过加密密钥进行加密。 加密令牌记录和解密密钥之一被提供到市场环境中。 包括用于便于识别与OTP令牌相关联的令牌记录的标识符的设备与加密的令牌记录和解密密钥中的一个一起提供给市场环境。 隐形可拆卸材料隐藏的标识符将使任何显示标识符的努力都将显而易见。 响应于实体提供标识符,加密令牌记录和解密密钥中的另一个被提供给实体。

    Derivative seeds
    7.
    发明授权
    Derivative seeds 有权
    衍生种子

    公开(公告)号:US08370638B2

    公开(公告)日:2013-02-05

    申请号:US11357724

    申请日:2006-02-17

    IPC分类号: H04L29/06 H04L9/32

    摘要: A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.

    摘要翻译: 一种为多个用户生成认证种子的方法,所述方法包括:基于单个母种,生成多个衍生种子,每个种子种类用于多个用户中的相应不同的一个; 以及将所述多个衍生种子分发到验证器以用于将所述多个用户中的每一个单独认证用于所述验证​​者,其中生成所述多个衍生种子中的每一个的数学上涉及所述主种子和识别相应用户的唯一标识符。

    Encoding token commands/data within data streams for standard interfaces
    8.
    发明授权
    Encoding token commands/data within data streams for standard interfaces 有权
    在标准接口的数据流内编码令牌命令/数据

    公开(公告)号:US07831837B1

    公开(公告)日:2010-11-09

    申请号:US11424427

    申请日:2006-06-15

    IPC分类号: G06F21/00

    摘要: A method of communicating within a system that includes a device, a controller for the device, a token, and a driver which implements a predefined interface for enabling communication with and/or control of the device through the controller, the method involving: via the predefined interface, receiving instructions and/or data at the controller from the driver for controlling the device; via the predefined interface, receiving at the controller a preselected control parameter indicating that communication with the token is desired; and in response to receiving the preselected control parameter, directing communications to the token.

    摘要翻译: 一种在系统内进行通信的方法,所述系统包括设备,用于所述设备的控制器,令牌和驱动器,所述驱动器实现用于通过所述控制器与所述设备进行通信和/或控制的预定界面,所述方法包括: 预定义接口,从控制器接收指令和/或数据从驱动器控制设备; 通过预定义的接口,在控制器处接收指示与令牌进行通信的预选控制参数; 并且响应于接收到预选的控制参数,将通信指向令牌。

    Secure seed generation protocol
    9.
    发明申请
    Secure seed generation protocol 有权
    安全的种子生成协议

    公开(公告)号:US20060177056A1

    公开(公告)日:2006-08-10

    申请号:US10549542

    申请日:2004-07-09

    IPC分类号: H04L9/28 H04L9/00 H04K1/00

    摘要: Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at leas the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string an the second string.

    摘要翻译: 利用由种子生成客户端(110c)和种子生成服务器(110s)执行的种子生成协议,用于安全地生成用于执行一个或多个密码操作的种子的技术。 种子生成服务器(110s)向种子生成客户端(110c)提供第一串。 种子生成客户端(110c)生成第二串,利用密钥(216)加密第二串,并将加密的第二串发送到种子生成服务器(110s)。 种子生成客户端(110c)根据第一串和第二串的函数产生种子。 种子生成服务器(110s)对加密的第二串(222)进行解密,并且独立地生成作为第二串的至少第一串的函数的种子。