公开(公告)号：US11716321B2

公开(公告)日：2023-08-01

申请号：US17339844

申请日：2021-06-04

Applicant: InBay Technologies Inc.

Inventor： Nicolas Johannes Sebastian Bettenburg ,  Randy Kuang

IPC: H04L29/06 ,  H04L9/40 ,  G06K7/14 ,  G06F16/955 ,  G06F21/34 ,  G06F21/36 ,  G06F21/42 ,  G06F21/57 ,  H04W12/77

CPC classification number: H04L63/083 ,  G06F16/9554 ,  G06F21/34 ,  G06F21/36 ,  G06F21/42 ,  G06F21/57 ,  G06K7/1417 ,  H04L63/0428 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0869 ,  G06F2221/2115 ,  G06F2221/2117 ,  G06F2221/2141 ,  H04L63/0281 ,  H04L63/105 ,  H04W12/77

Abstract: A communication network employing a method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.

公开(公告)号：US09485254B2

公开(公告)日：2016-11-01

申请号：US14636154

申请日：2015-03-02

Applicant: INBAY TECHNOLOGIES INC.

Inventor： Randy Kuang ,  Stanislus Kisito Xavier ,  David Michael Mann ,  Robert Frank Steklasa ,  Stephen George Wilson ,  He Zhu ,  Nicolas Johannes Sebastian Bettenburg

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06F21/44

CPC classification number: H04L63/0884 ,  G06F21/44 ,  H04L9/0861 ,  H04L9/3226 ,  H04L63/062 ,  H04L63/0853 ,  H04L63/0869 ,  H04L63/0876 ,  H04L63/105

Abstract: Methods for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location are provided. A security device is registered by installing private security software on the security device that generates an asymmetrical encryption key pair including an encryption key and a decryption key. The encryption key is stored only on the security device and the decryption key is stored only on a remote server. Embodiments of the present invention provide increased security by not storing the encryption key on the remote server so that attackers stealing data from the server cannot pretend to a user having the registered security device. A corresponding system for authenticating a security device is also provided.

Abstract translation: 提供了用于在本地网络位置认证安全设备以从本地网络位置到远程网络位置提供安全访问的方法。 通过在安全设备上安装私有安全软件来注册安全设备，该安全设备生成包括加密密钥和解密密钥的非对称加密密钥对。 加密密钥仅存储在安全设备上，解密密钥仅存储在远程服务器上。 本发明的实施例通过不将加密密钥存储在远程服务器上来提供更高的安全性，使得从服务器窃取数据的攻击者不能假装具有注册的安全设备的用户。 还提供了用于认证安全设备的相应系统。

公开(公告)号：USD752629S1

公开(公告)日：2016-03-29

申请号：US29489134

申请日：2014-04-26

Applicant: INBAY TECHNOLOGIES INC.

Designer： Mingxuan He ,  Xiaoxi Pang ,  Randy Kuang ,  Robert Frank Steklasa ,  Stanislus Kisito Xavier

公开(公告)号：US09137224B2

公开(公告)日：2015-09-15

申请号：US14231545

申请日：2014-03-31

Applicant: INBAY TECHNOLOGIES INC.

Inventor： Randy Kuang ,  Stanislus Kisito Xavier ,  Robert Frank Steklasa ,  Stephen George Wilson ,  He Zhu

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/168 ,  H04L2463/062

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract translation: 描述了用于提供对远程计算服务的访问的系统，方法和装置。 该方法包括认证用户和客户端设备; 建立与服务器计算机的连接，包括：在服务器计算机上执行检测连接的服务器程序; 所述服务器程序在所述服务器计算机上创建阻塞进程以阻止所述用户访问所述连接上的服务，授权使用在所述客户端设备上执行的客户端程序和所述服务器程序，所述用户在所述服务器计算机上使用所述服务 包括：终止阻塞进程，用户使用该服务; 并且用户关闭到服务器计算机的连接。 本发明的实施例提供对计算服务的安全远程访问。

公开(公告)号：US08739252B2

公开(公告)日：2014-05-27

申请号：US13765049

申请日：2013-02-12

Applicant: Inbay Technologies Inc.

Inventor： Randy Kuang ,  Stanislus Kisito Xavier ,  Robert Frank Steklasa ,  Stephen George Wilson ,  He Zhu

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/168 ,  H04L2463/062

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract translation: 描述了用于提供对远程计算服务的访问的系统，方法和装置。 该方法包括认证用户和客户端设备; 建立与服务器计算机的连接，包括：在服务器计算机上执行检测连接的服务器程序; 所述服务器程序在所述服务器计算机上创建阻塞进程以阻止所述用户访问所述连接上的服务，授权使用在所述客户端设备上执行的客户端程序和所述服务器程序，所述用户在所述服务器计算机上使用所述服务 包括：终止阻塞进程，用户使用该服务; 并且用户关闭到服务器计算机的连接。 本发明的实施例提供对计算服务的安全远程访问。

公开(公告)号：US08468582B2

公开(公告)日：2013-06-18

申请号：US13035830

申请日：2011-02-25

Applicant: Randy Kuang ,  Stanislus Kisito Xavier ,  David Michael Mann

Inventor： Randy Kuang ,  Stanislus Kisito Xavier ,  David Michael Mann

IPC: G06F21/00

CPC classification number: H04L63/08 ,  G06F21/34 ,  G06F21/41 ,  G06F21/577 ,  G06F2221/2103 ,  G06F2221/2115 ,  H04L63/0281 ,  H04L63/0853 ,  H04L63/0869 ,  H04L63/105

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

公开(公告)号：US10313328B2

公开(公告)日：2019-06-04

申请号：US15676872

申请日：2017-08-14

Applicant: INBAY TECHNOLOGIES INC.

Inventor： Nicolas Johannes Sebastian Bettenburg ,  Randy Kuang

IPC: G06F21/34 ,  H04L29/06 ,  G06K7/14 ,  G06F16/955 ,  G06F21/36 ,  G06F21/42 ,  G06F21/57

Abstract: Method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.

公开(公告)号：US09736149B2

公开(公告)日：2017-08-15

申请号：US15168850

申请日：2016-05-31

Applicant: INBAY TECHNOLOGIES INC.

Inventor： Nicolas Johannes Sebastian Bettenburg ,  Randy Kuang

IPC: H04L29/06 ,  G06K7/14 ,  G06F17/30 ,  G06F21/34 ,  G06F21/36 ,  G06F21/42

CPC classification number: H04L63/083 ,  G06F17/30879 ,  G06F21/34 ,  G06F21/36 ,  G06F21/42 ,  G06F21/57 ,  G06F2221/2115 ,  G06F2221/2117 ,  G06F2221/2141 ,  G06K7/1417 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0869 ,  H04L63/105

Abstract: Methods and systems for authenticating a security device for establishing trusted email communication. The security device is authenticated by installing private security software on the security device. In order to authorize an email transaction, a transaction authorization is performed using the security device by display a QR (Quick Response) code from an authorization server on a user terminal and scanning the QR code into the security device. After scanning the QR code, an OTA (One-Time-Authorization) code is sent from the security device to the authorization server for verifying the transaction. Embodiments of the present invention provide trusted email communication. A corresponding system for authenticating a security device and preforming trusted email communication is also provided.

公开(公告)号：US09166975B2

公开(公告)日：2015-10-20

申请号：US14309369

申请日：2014-06-19

Applicant: INBAY TECHNOLOGIES INC.

Inventor： Randy Kuang ,  Stanislus Kisito Xavier ,  Robert Frank Steklasa ,  Stephen George Wilson ,  He Zhu

IPC: H04L29/06

CPC classification number: H04L63/0838 ,  H04L63/06 ,  H04L63/0853 ,  H04L63/168 ,  H04L2463/062

Abstract: System and method for providing access to remote computing services in an application server are described, where the authentication and authorization processes are separated, excluding service access privileges from the authenticating process and transferring the privileges to the authorization process. A client device and a user are authenticated, and upon successful authentication, the authorization process is performed, including establishing an authorization connection between the client device and the server computer; at the server computer, detecting and verifying the authorization connection; and upon successful verification, allowing access of the client device to the service on the server computer. In one embodiment, upon detecting the authorization connection, a blocking process is created to block access to the service; and, upon successful verification of the authorization connection, the blocking process on the server computer is terminated, prior to the allowing the access of the client device to the service on the server computer.

Abstract translation: 描述了在应用服务器中提供对远程计算服务的访问的系统和方法，其中认证和授权过程被分离，从认证过程中排除服务访问特权并将权限传送到授权过程。 客户端设备和用户进行认证，成功认证后，执行授权过程，包括在客户端设备和服务器计算机之间建立授权连接; 在服务器计算机上检测和验证授权连接; 并且在成功验证之后，允许客户端设备访问服务器计算机上的服务。 在一个实施例中，当检测到授权连接时，创建阻塞进程以阻止对服务的访问; 并且在成功验证授权连接之后，在允许客户端设备访问服务器计算机上的服务之前，终止在服务器计算机上的阻塞过程。

公开(公告)号：US20140237555A1

公开(公告)日：2014-08-21

申请号：US14231545

申请日：2014-03-31

Applicant: INBAY TECHNOLOGIES INC.

Inventor： Randy KUANG ,  Stanislus Kisito XAVIER ,  Robert Frank STEKLASA ,  Stephen George WILSON ,  He ZHU

IPC: H04L29/06

CPC classification number: H04L63/06 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/168 ,  H04L2463/062

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract translation: 描述了用于提供对远程计算服务的访问的系统，方法和装置。 该方法包括认证用户和客户端设备; 建立与服务器计算机的连接，包括：在服务器计算机上执行检测连接的服务器程序; 所述服务器程序在所述服务器计算机上创建阻塞进程以阻止所述用户访问所述连接上的服务，授权使用在所述客户端设备上执行的客户端程序和所述服务器程序，所述用户在所述服务器计算机上使用所述服务 包括：终止阻塞进程，用户使用该服务; 并且用户关闭到服务器计算机的连接。 本发明的实施例提供对计算服务的安全远程访问。