中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

7 records (took 0.009 seconds)

    SECURE PIN ENTRY USING PERSONAL COMPUTER
    1.
    发明申请
    SECURE PIN ENTRY USING PERSONAL COMPUTER 审中-公开
    使用个人计算机的安全PIN输入

    公开(公告)号:WO2005109360A1

    公开(公告)日:2005-11-17

    申请号:PCT/IB2004/050628

    申请日:2004-05-10

    Applicant: GIRGIS, Hani ISKANDER, Nader

    Inventor: GIRGIS, Hani ISKANDER, Nader

    IPC: G07F19/00

    CPC classification number: G07F7/1016 G06F2221/2105 G06F2221/2113 G06Q20/12 G06Q20/346 G07F7/1008 G07F7/1025

    Abstract: It is a process that allows a user to make secure PIN-based transactions using his personal computer. The steps are: a) Preparing transaction data b) Storing it in non-volatile memory, c) Restarting or hibernating the computer, d) Booting into a secure, un-networked, environment from a bootable media or device; this bootable media or device must be sufficiently difficult to counterfeit and sufficiently difficult to tamper with the data stored in it and optionally difficult to copy, e) Securely launching the secure PIN entry software, f) Loading transaction data from the non-volatile memory, g) Presenting the transaction data to the user and optionally allowing the user to modify and/or complete it, h) Secure PIN entry resulting in an encrypted PIN block and/ or enabling the use and/or the generation of the appropriate keys for creating message au­thentication code(s) and/or cryptogram(s) and/or digital signature(s) according to the transaction security standards; The user can also enter a password to enable secure access to password encrypted secret keys, private keys and confidential data; The user can also enter secure in­formation to update his records in the server side system, like a user choosable CVV2/CVC2 or new 3D Secure password , i) Storing the secured transaction request in non-volatile memory, j) Restarting the computer back to normal operation, k) Loading the secured transaction request from non-volatile memory, 1) Sending the transaction for authorization, m) Receiving the response, n) Presenting the response to the user and optionally storing it. The process radically protects the user from any malicious software that might affect the security of PIN entry; it dra­matically reduces the user responsibilities to physical security considerations only, like those in ATM transactions. The user should use a personal computer that he is knows that it does not contain malicious hardware; this could easily be his own notebook or PC at home. He should still quickly check that there is no external hardware key logger attached to the computer. The process enables non-repudiation in e-commerce transactions. The process is also an ideal solution for securing the use of smartcards on personal computers. The ability for the user to specify the CVV2/CVC2 that will be used in the next Internet e­commerce transaction is invaluable because it allows for extermely secure e-commerce without requiring any change in the merchant system, acquirer bank system and the card transactions network, like VISA and MasterCard. In the case where the personal computer by default boots into a system that fulfills the security requirements mentioned, like an MIDP2.0 Java mobile phone for example, then the personal computer, which is the mobile phone, is already secure, hence a stripped down version of the process is the only thing needed. A Java mobile phone is secure because it either allows the application to run in the sand-box model or the application must be digitally signed to execute with the requested privileges; this prevents any malicious software from having the privilege to make any critical action.

    Abstract translation: 这是一个允许用户使用他的个人计算机进行安全的基于PIN的交易的过程。 步骤是:a)准备事务数据b)将其存储在非易失性存储器中,c)重新启动或休眠计算机,d)从可引导介质或设备引导到安全的,未联网的环境; 该可引导介质或设备必须足够难以伪造并且很难篡改存储在其中的数据并且可选地难以复制; e)安全地启动安全PIN条目软件,f)从非易失性存储器加载事务数据, g)将交易数据呈现给用户并且可选地允许用户修改和/或完成交易数据; h)安全PIN输入导致加密的PIN块和/或使得能够使用和/或生成适当的键来创建 消息认证码和/或密码和/或数字签名; 用户还可以输入密码,以便安全地访问密码加密的秘密密钥,私钥和机密数据; 用户还可以输入安全信息来更新服务器端系统中的记录,如用户可选择的CVV2 / CVC2或新的3D安全密码,i)将安全事务请求存储在非易失性存储器中,j)将计算机重新启动回 正常操作,k)从非易失性存储器加载安全事务请求,1)发送事务进行授权,m)接收响应,n)向用户呈现响应并可选择存储它。 该过程极大地保护用户免受可能影响PIN输入安全性的任何恶意软件; 它大大降低了用户对物理安全考虑的责任,如ATM交易中的那些。 用户应该使用个人电脑,他知道它不包含恶意硬件; 这可能很容易成为他自己的笔记本电脑或家用电脑。 他还应该快速检查电脑是否连接有外部硬件键盘记录器。 该过程使电子商务交易中不可否认。 该过程也是确保在个人计算机上使用智能卡的理想解决方案。 用户指定将在下一个互联网电子商务交易中使用的CVV2 / CVC2的能力是非常宝贵的,因为它允许外部安全的电子商务,而不需要任何商家系统,收单银行系统和卡交易网络的变化, 像VISA和万事达卡。 在默认情况下,个人计算机将引导到满足所提及的安全要求的系统,例如MIDP2.0 Java手机,则作为移动电话的个人计算机已经安全,因此被剥离 版本的过程是唯一需要的。 Java手机是安全的,因为它允许应用程序在沙盒模型中运行,或者应用程序必须以数字签名才能执行所请求的权限; 这样可以防止任何恶意软件有权进行任何关键的操作。

    HOST SECURITY MODULE USING A COLLECTION OF SMARTCARDS
    3.
    发明申请
    HOST SECURITY MODULE USING A COLLECTION OF SMARTCARDS 审中-公开
    使用SMARTCARDS收集的主机安全模块

    公开(公告)号:WO2007010333A1

    公开(公告)日:2007-01-25

    申请号:PCT/IB2005/052438

    申请日:2005-07-20

    Applicant: GIRGIS, Hani ISKANDER, Nader

    Inventor: GIRGIS, Hani ISKANDER, Nader

    IPC: G06F1/00 G06F15/16

    CPC classification number: G06F21/77 G06F21/602

    Abstract: A full-fledged practical Host Security Module, HSM, using a collection of smartcards. It is a new way for making an HSM at a very small fraction of the cost of making a traditional HSM for the same throughput-performance and without trade-offs. From the hardware prespective, it is made of a collection of smartcards and a communication handler that can communicate with these smartcards, this communication handler can be even be a process that runs on the host computer itself that will use the HSM. From the software prespective it is made of a security module software that resides on each of the smartcards in the collection and a communication handler software that would reside on the computer that manages the smartcards collection from the communications point of view. This invention eliminates the need for the very expensive physically secure enclosures of the HSMs and gives many other benefits described in detail in the disclosure. It is a full-fledged practical HSM in the sense that it does not miss any of the capabilities of traditional HSMs, like secure printing of secrets and keys, secure interaction with the security officers, interaction with other critical devices, interaction with the host computer...etc. The invention also describes the method for managing such a possibly very large collection of tiny security devices through maintaining secure signed list of ID's of these security devices. All the security officers must agree in order to add or remove a "security module" from the list. This prevents fraudulent smartcards from being added to the collection. Also, if one or more smartcards were stolen from the collection, anti-theft techniques ensure that they will not be usable and in all cases the local master keys are never brought out in clear from any of the smartcards in the collection.

    Abstract translation: 一个成熟的实用主机安全模块,HSM,使用智能卡集合。 使HSM成为传统HSM的成本的一小部分,是以同样的吞吐量性能和无需权衡的方式。 从硬件的角度来说,它是由智能卡和通信处理器的集合组成,可以与这些智能卡进行通信,这个通信处理程序甚至可以是在使用HSM的主计算机本身上运行的进程。 从软件的角度来看,它由驻留在集合中的每个智能卡上的安全模块软件和从通信的角度来管理智能卡集合的计算机上的通信处理程序软件组成。 本发明消除了对HSM的非常昂贵的物理安全机箱的需要,并且给出了在本公开中详细描述的许多其它优点。 这是一个完整的实用HSM,意思是它不会错过传统HSM的任何功能,例如安全打印秘密和密钥,与安全人员的安全交互,与其他关键设备的交互,与主机的交互 ...等等。 本发明还描述了通过维护这些安全设备的ID的安全签名的列表来管理这种可能非常大的小型安全设备的集合的方法。 所有安全人员必须同意,才能从列表中添加或删除“安全模块”。 这可以防止将欺诈性智能卡添加到集合中。 此外,如果一个或多个智能卡从集合中被盗,防盗技术确保它们不可用,并且在所有情况下,本地主密钥从集合中的任何智能卡都不会被清除。

    SECURE TRANSACTIONS USING A PERSONAL COMPUTER
    4.
    发明申请
    SECURE TRANSACTIONS USING A PERSONAL COMPUTER 审中-公开
    使用个人计算机的安全交易

    公开(公告)号:WO2006120365A1

    公开(公告)日:2006-11-16

    申请号:PCT/GB2005/001770

    申请日:2005-05-10

    Applicant: GIRGIS, Hani ISKANDER, Nader

    Inventor: GIRGIS, Hani ISKANDER, Nader

    IPC: G06F1/00 H04L29/06

    CPC classification number: G07F7/1016 G06F2221/2105 G06F2221/2113 G06Q20/12 G06Q20/346 G07F7/1008 G07F7/1025

    Abstract: A transaction terminal and a process which allows a user to make secure transactions, such as PIN-based transactions, using his personal computer. The steps are: (a) Preparing transaction data (b) Storing it in non-volatile memory, (c) Restarting or hibernating the computer, (d) booting into a secure, un-networked, environment from a bootable media or device; this bootable media or device must be sufficiently difficult to counterfeit and sufficiently difficult to tamper with the data stored in it and optionally difficult to copy, (e) Securely launching the secure PIN entry software, (f) Loading transaction data from the non-volatile memory, (g) Presenting the transaction data to the user and optionally allowing the user to modify and/or complete it, (h) Secure PIN entry resulting in an encrypted PIN block and/or enabling the user and/or the generation of the appropriate keys for creating message authentication codes(s) and/or cryptogram(s) and/or digital signature(s) according to the transaction security standards; The user can also enter a password to enable secure access to password encrypted secret keys, private keys and confidential data; The user can also enter secure information to update his records in the server side system, like a user choosable CVV2/CVC2 or new 3D Secure password, (i) Storing the secured transaction request in non-volatile memory, (j) Restarting the computer back to normal operation, (k) Loading the secured transaction request from non-volatile memory, (i) Sending the transaction for authorisation, (m) Receiving the response, (n) Presenting the response to the user and optionally storing it. The process radically protects the user from any malicious software that might affect the security of PIN entry; it dramatically reduces the user responsibilities to physical security considerations only, like those in ATM transactions. The user should use a personal computer that he knows that it does not contain malicious hardware; this could easily be his own notebook or PC at home.

    Abstract translation: 交易终端和允许用户使用其个人计算机进行诸如基于PIN的交易的安全交易的处理。 步骤是:(a)准备交易数据(b)将其存储在非易失性存储器中,(c)重新启动或休眠计算机,(d)从可引导介质或设备引导到安全的,未联网的环境中; 这种可引导介质或设备必须足够难以伪造并且很难篡改存储在其中的数据,并且可选地难以复制,(e)安全地启动安全PIN条目软件,(f)从非易失性装载事务数据 存储器,(g)将交易数据呈现给用户并且可选地允许用户修改和/或完成交易数据;(h)安全PIN输入导致加密的PIN块和/或使用户能够和/或生成 根据交易安全标准来创建消息认证码和/或密码和/或数字签名的适当密钥; 用户还可以输入密码,以便安全地访问密码加密的秘密密钥,私钥和机密数据; 用户还可以输入安全信息来更新服务器端系统中的记录,如用户选择的CVV2 / CVC2或新的3D安全密码,(i)将安全事务请求存储在非易失性存储器中,(j)重新启动计算机 (k)从非易失性存储器加载安全的交易请求,(i)发送交易以进行授权,(m)接收响应,(n)向用户呈现响应并可选择存储它。 该过程极大地保护用户免受可能影响PIN输入安全性的任何恶意软件; 它大大降低了用户对物理安全考虑的责任,如ATM交易中的那些。 用户应该使用个人电脑,他知道它不包含恶意硬件; 这可能很容易成为他自己的笔记本电脑或家用电脑。

    VERIFYING PRESENTED DATA THROUGH STREAMLINED REVIEWING
    6.
    发明申请
    VERIFYING PRESENTED DATA THROUGH STREAMLINED REVIEWING 审中-公开
    通过流水线审查验证提供的数据

    公开(公告)号:WO2008015491A1

    公开(公告)日:2008-02-07

    申请号:PCT/IB2006/052598

    申请日:2006-07-31

    Applicant: GIRGIS, Hani

    Inventor: GIRGIS, Hani

    IPC: G07F7/00

    CPC classification number: G07F7/08 G07F7/0833

    Abstract: Given a trusted computer (such as a micro-processor based smartcard) but with limited I/O capabilities and an un-trusted terminal (such as a PC) with rich user oriented I/O capabilities. It is desired to realize a transaction making environment made of the un-trusted terminal and the trusted computer such that the resulting transaction making environment would benefit from the rich I/O capabilities of the un-trusted terminal, yet the environment would be considered secure and trusted. The current invention can be viewed as an improvement to the known cryptographic devices such as smartcards or smart tokens. In a preferred embodiment the smart token would have an embedded optical sensor and a small LCD display enabling the user to verify whether what is displayed on the un-trusted terminal was tampered or not.

    Abstract translation: 给定可信计算机(例如基于微处理器的智能卡),但具有有限的I / O能力和具有丰富的面向用户的I / O能力的不可信终端(例如PC)。 期望实现由不受信任的终端和可信计算机构成的事务处理环境,使得所得到的事务处理环境将受益于不可信终端的丰富的I / O能力,但是环境将被认为是安全的 并信任。 本发明可被视为已知的密码设备(例如智能卡或智能令牌)的改进。 在优选实施例中,智能令牌将具有嵌入式光学传感器和小型LCD显示器,使得用户能够验证在不可信任的终端上显示的内容是否被篡改。

    THE DEVICE SCREEN AS A SINGLE LIGHT SOURCE
    7.
    发明申请
    THE DEVICE SCREEN AS A SINGLE LIGHT SOURCE 审中-公开
    设备屏幕作为单光源

    公开(公告)号:WO2007080458A1

    公开(公告)日:2007-07-19

    申请号:PCT/IB2006/050080

    申请日:2006-01-10

    Applicant: GIRGIS, Hani

    Inventor: GIRGIS, Hani

    IPC: G06F21/20 G06K7/10 G06K17/00

    CPC classification number: G06K19/0723 G06F21/36 G06K19/0728 G06K2019/06225

    Abstract: Problem: great need for a reliable, secure, fast and very easy-to-use smart authentication token technology that does not require expensive hardware to be distributed to users. Solution: Most mobile phones and PDA's today, even the very low-cost ones, have illuminating color screens and are able to display animations with greatly very fast frame rates such as 80 frame/second! Even the very old-fashion low-cost, but color, mobile phones are able to display animations at a frame rate of at least 35 frames per second. The current invention enables the use of such devices for easy secure authentication such as access to buildings, train tickets, e-payments, logon to a computer…etc. All of this without any change in the hardware of the user's mobile device. The mobile device after preparing the information to be transmitted which can include secure one-time-passcodes, would encode this information and treat the screen of the user's mobile device as a single strong color-light source to optically transmit the encoded data as colorful flashing light and repeat this flashing sequence continuously at the maximum speed of the device and its screen. The user simply taps any part of his mobile device's screen on the reader's "eye opening" for less than a second in order to get authenticated! The reader is usually a very low-cost device that essentially has color-sensing capability. Compared to the readers of other smart authentication token technologies, like NFC, it is very low-cost and can be easily integrated in existing systems. Additionally, the system reliability and good qualities are preserved in-spite of the great discrepancies and variations among the users' color mobile devices as described in the invention description. The figure is a side-view showing (1) a user's device, (2) its screen, (3) the tiny low-cost reader, (4) the eye opening of the reader, (5) the terminal to which the reader is attached.

    Abstract translation: 问题:非常需要可靠,安全,快速和易于使用的智能身份验证令牌技术,无需昂贵的硬件分发给用户。 解决方案:今天大多数手机和PDA,即使是非常低成本的手机和PDA,都有照明的彩色屏幕,并能够以非常快的帧速率显示动画,如80帧/秒! 即使是老式时尚的低成本,但是彩色手机能够以每秒至少35帧的帧速率显示动画。 本发明使得能够使用这样的设备来容易地进行安全认证,例如访问建筑物,火车票,电子支付,登录到计算机等。所有这些都不会在用户的移动设备的硬件上发生任何改变。 移动设备在准备可以包括安全的一次性密码的要发送的信息之后,将对该信息进行编码,并将用户的移动设备的屏幕视为单个强色光源,以将多个编码的数据光学传输为多彩闪烁 并以设备及其屏幕的最大速度连续重复此闪烁序列。 用户只需轻轻一点点轻拍他的移动设备屏幕的任何部分,读者的“眼睛开放”不到一秒钟才能获得认证! 阅读器通常是一种非常低成本的设备,其基本上具有颜色感测能力。 与其他智能认证令牌技术(如NFC)的读者相比,它的成本非常低廉,可以轻松集成到现有系统中。 另外,尽管在本发明描述中描述的用户的彩色移动设备之间存在很大的差异和差异,但仍保留了系统的可靠性和良好的品质。 该图是侧视图,显示(1)用户设备,(2)其屏幕,(3)微型低成本读取器,(4)读取器的开眼,(5)读取器的终端 被附上。

Patent Agency Ranking