公开(公告)号：WO2006119184A3

公开(公告)日：2006-11-09

申请号：PCT/US2006/016622

申请日：2006-05-02

申请人： TRICIPHER, INC.

发明人： GANESAN, Ravi ,  SANDHU, Ravinderpal, Singh ,  COTTRELL, Andrew, Paul ,  SCHOPPERT, Brett, Jason ,  BELLARE, Mihir

IPC分类号： H04L29/00

摘要： To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D, E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and . completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time- password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.

公开(公告)号：WO2006078560A2

公开(公告)日：2006-07-27

申请号：PCT/US2006/001261

申请日：2006-01-13

申请人： TRICIPHER, INC.

发明人： SANDHU, Ravinderpal, Singh ,  SCHOPPERT, Brett, Jason ,  GANESAN, Ravi ,  BELLARE, Mihir ,  DESA, Colin, Joseph

IPC分类号： H04L9/00

CPC分类号： H04L63/0442 ,  H04L9/0872 ,  H04L9/3218 ,  H04L9/3226 ,  H04L63/08 ,  H04L63/083

摘要： Techniques for generating a portion of a split private key are provided. A first symmetric key and a second symmetric key different than the first symmetric key are generated at a first location. The generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key are transmitted. Then, at a second network location, the symmetric keys are again generated. The encrypted first factor is received at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location. The received encrypted first factor is then decrypted with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.

摘要翻译： 提供了用于产生分割私钥的一部分的技术。 在第一位置处生成与第一对称密钥不同的第一对称密钥和第二对称密钥。 发送生成的第二对称密钥和用于生成用所生成的第一对称密钥加密的私钥部分的多个因素中的第一个对象密钥。 然后，在第二网络位置，再次产生对称密钥。 基于在第二网络位置处生成的第二对称密钥，在用户认证之后的第二网络位置处接收加密的第一因子。 然后，利用在第二网络位置处生成的第一对称密钥对接收到的加密第一因子进行解密，解密的第一因子可用于生成非对称密钥对的分离私钥的部分。

公开(公告)号：WO2006078556A2

公开(公告)日：2006-07-27

申请号：PCT/US2006/001257

申请日：2006-01-13

申请人： TRICIPHER, INC.

发明人： SANDHU, Ravinderpal, Singh ,  SCHOPPERT, Brett, Jason ,  GANESAN, Ravi ,  BELLARE, Mihir ,  DESA, Colin, Joseph

IPC分类号： H04K1/00

CPC分类号： H04L9/3226 ,  H04L9/0863 ,  H04L9/3218

摘要： Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

摘要翻译： 提供了认证技术。 接收用第一类型分离私钥的私有部分变换的第一认证请求。 基于用第一类型的分离私钥转换的第一请求，第一用户被认证用于第一级网络访问。 还接收用第二类型私钥的专用部分变换的第二认证请求。 基于利用第二类型的分离私钥转换的第二请求，第二用户被认证用于第二级网络访问。

公开(公告)号：WO2006130615A3

公开(公告)日：2007-12-21

申请号：PCT/US2006020988

申请日：2006-05-31

申请人： TRICIPHER INC

发明人： GANESAN RAVI ,  SANDHU RAVINDERPAL SINGH ,  COTTRELL ANDREW PAUL ,  AUSTIN KYLE

CPC分类号： H04L9/3226 ,  H04L9/0822 ,  H04L9/0825

摘要： A user network station transmits a cookie including a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. A authenticating entity network station recovers the augmenting factor from the transformed augmenting factor with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier included in the received cookie. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, and the recovered augmenting factor, to thereby authenticate the user.

摘要翻译： 用户网络站发送包含用第一非对称密钥或对称密钥的一个密钥转换的用户标识符和扩充因子的cookie。 认证实体网络站利用第一非对称密钥或对称密钥的另一个密钥从变换的扩充因子中恢复扩充因子，并发送与包含在接收到的cookie中的用户标识符相对应的定制登录页面。 用户网络站发送响应于所发送的定制登录页面的因素。 认证实体网站基于所发送的因子生成第一密钥部分，并且基于与用户相关联的第二非对称密钥的一个密钥的第二密钥部分和所述第二密钥部分的另一个密钥来验证生成的第一密钥部分 第二非对称密钥和恢复的扩充因子，从而认证用户。

公开(公告)号：WO2006078561A3

公开(公告)日：2007-11-15

申请号：PCT/US2006001262

申请日：2006-01-13

申请人： TRICIPHER INC

发明人： SANDHU RAVINDERPAL SINGH ,  SCHOPPERT BRETT JASON ,  GANESAN RAVI ,  BELLARE MIHIR ,  DESA JOSEPH COLIN

IPC分类号： H04L9/00

CPC分类号： H04L9/3247 ,  H04L9/0847 ,  H04L2209/60

摘要： Techniques for generating a multi-factor asymmetric key pair having a public key and split private key with multiple private portions, at least one of the multiple portions being a multiple factor private key portion, are provided. First and second asymmetric key pairs are generated, each having a private key and a public key. A text string and the first private key are cryptographically combined to make a first private key portion of the split private key. This first private key portion is a multiple factor private key portion. A second private key portion of the split private key is generated based upon the generated first private key portion and the second private key.

摘要翻译： 提供了具有公开密钥和具有多个私有部分的分割私钥的多因素非对称密钥对的技术，所述多个部分中的至少一个是多因素私钥部分。 生成第一和第二非对称密钥对，每个具有私钥和公钥。 文本字符串和第一私钥被加密地组合以形成分割私钥的第一私钥部分。 该第一私钥部分是多因素私钥部分。 基于生成的第一私钥部分和第二私钥来生成分割私钥的第二私钥部分。

公开(公告)号：WO2006119184A2

公开(公告)日：2006-11-09

申请号：PCT/US2006016622

申请日：2006-05-02

申请人： TRICIPHER INC

发明人： GANESAN RAVI ,  SANDHU RAVINDERPAL SINGH ,  COTTRELL ANDREW PAUL ,  SCHOPPERT BRETT JASON ,  BELLARE MIHIR

IPC分类号： G06F7/04

CPC分类号： H04L63/1441 ,  H04L9/3228 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/0428 ,  H04L63/0838 ,  H04L63/14 ,  H04L63/1466 ,  H04L2209/76 ,  H04L2209/80 ,  H04L2463/062

摘要： To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D, E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and . completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time- password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.

摘要翻译： 为了基于一次密码对具有私钥/公钥对（D，E）的相关联的非对称密钥的用户进行认证，用户部分地使用私钥D的第一部分D1对对称会话密钥 认证实体通过网络接收部分签名的对称会话密钥。 用第二私钥部分D2完成签名以恢复对称会话密钥。 用户还使用对称会话密钥加密一次性密码。 认证实体还经由网络接收加密的一次性密码，并使用恢复的对称会话密钥对接收到的加密一次性密码进行解密，以认证用户。

公开(公告)号：WO2006078561A2

公开(公告)日：2006-07-27

申请号：PCT/US2006/001262

申请日：2006-01-13

申请人： TRICIPHER, INC.

发明人： SANDHU, Ravinderpal, Singh ,  SCHOPPERT, Brett, Jason ,  GANESAN, Ravi ,  BELLARE, Mihir ,  DESA, Joseph, Colin

IPC分类号： H04L9/00

CPC分类号： H04L9/3247 ,  H04L9/0847 ,  H04L2209/60

摘要： Techniques for generating a multi-factor asymmetric key pair having a public key and split private key with multiple private portions, at least one of the multiple portions being a multiple factor private key portion, are provided. First and second asymmetric key pairs are generated, each having a private key and a public key. A text string and the first private key are cryptographically combined to make a first private key portion of the split private key. This first private key portion is a multiple factor private key portion. A second private key portion of the split private key is generated based upon the generated first private key portion and the second private key.

摘要翻译： 提供了具有公开密钥和具有多个私有部分的分割私钥的多因素非对称密钥对的技术，所述多个部分中的至少一个是多因素私钥部分。 生成第一和第二非对称密钥对，每个具有私钥和公钥。 文本字符串和第一私钥被加密地组合以形成分割私钥的第一私钥部分。 该第一私钥部分是多因素私钥部分。 基于生成的第一私钥部分和第二私钥来生成分割私钥的第二私钥部分。

公开(公告)号：WO2007095240A3

公开(公告)日：2008-05-02

申请号：PCT/US2007003820

申请日：2007-02-12

申请人： TRICIPHER INC ,  SANDHU RAVI SINGH ,  GANESAN RAVI ,  COTTRELL ANDREW PAUL ,  RENSHAW TIMOTHY SCOTT ,  SCHOPPERT BRETT JASON ,  AUSTIN KYLE

发明人： SANDHU RAVI SINGH ,  GANESAN RAVI ,  COTTRELL ANDREW PAUL ,  RENSHAW TIMOTHY SCOTT ,  SCHOPPERT BRETT JASON ,  AUSTIN KYLE

IPC分类号： H04L9/32

CPC分类号： H04L9/0825 ,  G06F21/31 ,  G06F2221/2115 ,  H04L9/321 ,  H04L9/3228 ,  H04L9/3271 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/14 ,  H04L63/1466 ,  H04L2209/043 ,  H04L2209/80

摘要： To authenticate a user of a communications network, credentials from the user are centrally receiving. An authentication sequence is retrieved from a plurality of retrievable authentication sequences, and the retrieved authentication sequence is performed to authenticate the user based on the received credentials.

摘要翻译： 要认证通信网络的用户，来自用户的凭证将集中接收。 从多个可检索认证序列中检索认证序列，并且根据所接收到的证书，执行检索的认证序列以认证用户。

公开(公告)号：WO2006078555A3

公开(公告)日：2007-08-02

申请号：PCT/US2006001256

申请日：2006-01-13

申请人： TRICIPHER INC

发明人： SANDHU RAVINDERPAL SINGH ,  SCHOPPERT BRETT JASON ,  GANESAN RAVI ,  BELLARE MIHIR ,  DESA COLIN JOSEPH

IPC分类号： H04L9/00

CPC分类号： H04L9/0872 ,  H04L9/3218 ,  H04L9/3226

摘要： Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion.

摘要翻译： 提供了用于保护具有公开密钥的非对称密钥和具有多个私有部分的分离私钥的技术。 存储多个因素中的第一个。 所有因素都处于用户的控制之下，所有这些因素都需要生成分割私钥的第一私人部分。 第一个私有部分未存储在持久状态。 除了用户之外的实体的控制下，分割私钥的第二私人部分也被存储。 第一私人部分和第二私人部分可组合以形成完整的私人部分。

公开(公告)号：WO2006078572A2

公开(公告)日：2006-07-27

申请号：PCT/US2006/001357

申请日：2006-01-17

申请人： TRICIPHER, INC.

发明人： SANDHU, Ravinderpal, Singh ,  SCHOPPERT, Brett, Jason ,  GANESAN, Ravi ,  BELLARE, Mihir ,  DESA, Colin, Joseph

IPC分类号： H04L9/00

CPC分类号： H04L9/085 ,  H04L9/302 ,  H04L9/3218 ,  H04L2209/80

摘要： A system for securing information, includes a processor and storage device. The storage device stores information encrypted with one of a first private rolling key and a first public rolling key of an a first asymmetric rolling crypto-key, along with the one first rolling key. The processor has the logic to direct transmission, via a network, of proof of knowledge of the stored one first rolling key to authenticate a user, and of a request for the other of the first private rolling key and the first public rolling key. The processor receives the other first rolling key via the network, responsive to the directed transmission. The processor then decrypts the stored encrypted information with the received other first rolling key, and generates a second asymmetric rolling crypto-key having a second private rolling key and a second public rolling key. The processor encrypts the information with one of the second private rolling key and the second public rolling key. The processor also directs transmission of the other of the second private rolling key and the second public rolling key via the network. The storage device stores the information encrypted with the one second rolling key and the one second rolling key itself.

摘要翻译： 一种用于保护信息的系统，包括处理器和存储设备。 存储装置与第一滚动键一起存储用第一非对称滚动加密密钥的第一专用滚动键和第一公开滚动键加密的信息。 处理器具有通过网络直接传送存储的一个第一滚动密钥的认证证明以验证用户的逻辑以及对第一私人滚动密钥和第一公共滚动密钥中的另一个的请求的逻辑。 响应于定向传输，处理器经由网络接收另一第一滚动键。 然后处理器用接收到的其他第一滚动密钥对存储的加密信息进行解密，并且生成具有第二专用滚动键和第二公共滚动键的第二非对称滚动加密密钥。 处理器使用第二专用滚动键和第二公共滚动键之一来加密信息。 处理器还通过网络指导第二私人滚动键和第二公共滚动键中的另一个的传输。 存储装置存储利用一个第二滚动键和一个第二滚动键本身加密的信息。