公开(公告)号：WO2021228293A1

公开(公告)日：2021-11-18

申请号：PCT/CZ2021/050052

申请日：2021-05-13

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor

IPC: H04L29/06 ,  H04L29/08

Abstract: The present invention provides a software system which comprises an embedded browser (1), an authenticator (3) and a data channel module (4), wherein the authenticator (3) is adapted to authenticate a user, to authenticate a data channel (41) and to bind the user authentication with the authenticated channel (41), and the authenticator (3) is further adapted to communicate with the user via a graphical user interface of the embedded browser (1) using graphical and control primitives (2) of the authenticator (3) and/or using a stand-alone graphical user interface (5) of the authenticator, and wherein the data channel module (4) is adapted to communicate with service provider servers via a secure protocol, to communicate with the embedded browser (1) and to communicate with the authenticator (3). The invention further provides a method of authentication using this system, which increases security and user comfort when accessing services and data requiring authentication.

公开(公告)号：WO2021027982A1

公开(公告)日：2021-02-18

申请号：PCT/CZ2020/050053

申请日：2020-08-08

Applicant: ADUCID S.R.O.

Inventor： RIHAK, Miroslav ,  NEUMANN, Libor

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/64

Abstract: The present invention provides a system and method for electronic signature creation and management. The system contains - an electronic signature managing authority having means for authentication of users, means for generating electronic signature creation data and issuing certificates, means for creating time stamps, and a database of electronic signatures and time stamps, wherein the means for generating electronic signature creation data and issuing certificates are configured to generate single-use electronic signature creation data and certificate and to delete the electronic signature creation data after signing one document or message, and wherein the means for creating time stamps are configured to generate a time stamp immediately after the signing of one document or message and before deletion of the electronic signature creation data used to sign the document or message, and optionally to create a new time stamp before the expiry of validity of any time stamp in the database, - an identity verification authority having means for authentication of users, means for identity proofing of users, and - an archive provider has a database for storing the signed documents or messages.

公开(公告)号：WO2018113803A1

公开(公告)日：2018-06-28

申请号：PCT/CZ2017/050062

申请日：2017-12-20

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor ,  RIHAK, Miroslav

IPC: G06K9/00 ,  G06K9/18 ,  G06K9/22

CPC classification number: G06K9/00255 ,  G06K9/00604 ,  G06K9/18 ,  G06K9/228

Abstract: The present invention provides a method of authenticating a user and/or a mobile device by means of an authentication image and a mobile authentication device provided with a display and at least two cameras located on mutually opposite sides of the mobile device, the authentication image being scanned by a first camera of the mobile device, located opposite the mobile device display, and simultaneously scanning the biometric authentication factor from the user's head and/or body by a second camera of the mobile device, located on the mobile device display side; the data thus obtained are then evaluated and, if the evaluation result is positive, the user and/or the mobile device are authenticated.

公开(公告)号：WO2017005230A1

公开(公告)日：2017-01-12

申请号：PCT/CZ2016/050022

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor ,  KLIMA, Vlastimil

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L9/321 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/0861 ,  H04W12/06

Abstract: The submitted invention offers a method of authenticating the communication of an authentication device and at least one authentication server using a local factor with creation of secret information shared by the authentication device and the authentication server; the reference information is derived from the secret information shared by the authentication device and the authentication server, where the manner of derivation is the same on the authentication device and on the authentication server; furthermore, the authentication device creates transformed reference information by means of cryptographic transformation from the reference information, where the local factor chosen and entered by the user or obtained from a medium or from the surrounding environment is used as an input in this cryptographic transformation, and where only the transformed reference information is stored on the authentication device and only the reference information is stored on the authentication server.

Abstract translation: 所提交的发明提供了一种验证认证装置和至少一个使用本地因素的认证服务器的通信的方法，用于创建认证装置和认证服务器共享的秘密信息; 参考信息是从身份验证设备和认证服务器共享的秘密信息中导出的，认证方式和认证服务器的认证方式相同; 此外，认证装置通过来自参考信息的加密变换来创建变换的参考信息，其中由用户选择和输入的或从媒体或从周围环境获得的本地因子被用作该加密变换中的输入，以及 其中只有转换的参考信息存储在认证设备上，并且只有参考信息被存储在认证服务器上。

公开(公告)号：WO2017005233A1

公开(公告)日：2017-01-12

申请号：PCT/CZ2016/050025

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor ,  KLIMA, Vlastimil

IPC: H04L29/06

CPC classification number: H04L63/045 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/083 ,  H04L63/0838 ,  H04L2463/082

Abstract: The invention provides a method of securing authentication in electronic communication between at least one user authentication means and at least one server authentication means, wherein primary authentication is performed in the first step, and during the primary authentication a secondary authentication secret is created and shared between the user authentication means and the server authentication means and is valid only for the given authentication transaction, and said secondary authentication secret is subsequently used as an input for a cryptographic transformation performed by the user authentication means separately on each authentication vector element while creating the first authentication vector product, wherein authentication vector (AV) is an ordered set of authentication vector elements (AVE)(i)), wherein the first authentication vector product is transferred from the user authentication means to the server authentication means and is evaluated by the server authentication means using the secondary authentication secret.

Abstract translation: 本发明提供一种在至少一个用户认证装置和至少一个服务器认证装置之间的电子通信中确保认证的方法，其中在第一步骤中执行初次认证，并且在主认证期间，在第二认证机制之间创建和共享辅助认证秘密 用户认证装置和服务器认证装置，并且仅对于给定的认证交易有效，并且所述辅助认证秘密随后被用作用户认证装置在每个认证向量元素上单独执行的加密变换的输入，同时创建第一 认证向量产品，其中认证向量（AV）是认证向量元素（AVE）（i）的有序集合），其中第一认证向量积从用户认证装置传送到服务器认证装置，并由服务器 authentica 意味着使用二级认证机密。

公开(公告)号：WO2017005232A1

公开(公告)日：2017-01-12

申请号：PCT/CZ2016/050024

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/10 ,  G06F21/31 ,  G06F21/32 ,  H04W12/06

CPC classification number: H04L63/0807 ,  G06F21/10 ,  G06F21/31 ,  G06F21/32 ,  H04L9/3215 ,  H04L9/3231 ,  H04L63/0823 ,  H04L63/18 ,  H04W12/06

Abstract: The present invention provides a method of establishing protected electronic communication, secure transfer and processing of information among three or more subjects in which, at first, a first secure authenticated channel is created using an authentication system between a first subject and a second subject, and this channel is used by the first subject, in co-operation with the second subject, to create an authentication object stored on the second subject and provided with authentication object methods, whereas the first subject configures methods of authentication object by assigning to each method of the authentication object a rights control information for at least one other subject and optionally also a rights control information for the first subject to use at least one method of the authentication object, and then the first secure authenticated channel is closed.

Abstract translation: 本发明提供了一种在三个或更多个主体之间建立受保护的电子通信，安全传送和处理信息的方法，其中首先使用第一对象和第二对象之间的认证系统来创建第一安全认证信道，以及 第一被摄体与第二被摄体合作使用该频道来创建存储在第二被摄体上并具有认证对象方法的认证对象，而第一主体通过分配认证对象的方法来配置认证对象的方法 所述认证对象是用于至少一个其他对象的权限控制信息，并且可选地还包括使用所述认证对象的至少一种方法的所述第一对象的权限控制信息，然后关闭所述第一安全认证信道。

公开(公告)号：WO2017005231A1

公开(公告)日：2017-01-12

申请号：PCT/CZ2016/050023

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor

IPC: H04L29/06 ,  H04W12/06 ,  H04L9/32

CPC classification number: H04L9/321 ,  G06F21/44 ,  H04L9/12 ,  H04L9/3215 ,  H04L9/3231 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0892 ,  H04L2463/082 ,  H04W12/06

Abstract: The invention provides a method for mapping at least two authentication devices (101, 102, 103) to a user account using an authentication server (201, 202), where each authentication device (101, 102, 103) connects to the authentication server (201, 202) using a secured communication channel (12); their mapping to the user account is recorded on the authentication server (201, 202), and, when a transfer of data (11) between the authentication devices (101, 102, 103) mapped to the user account occurs, the data is passed over from the first authentication device (101, 102, 103) to the authentication server (201, 202) using a secured communication channel and from the authentication server (201, 202) to another authentication device (101, 102, 103) mapped to the account of said user using a secured communication channel (12), where the aforesaid secured communication channel (12) is created by the second authentication device (101, 102, 103). This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

Abstract translation: 本发明提供了一种用于使用认证服务器（201,202）将至少两个认证设备（101,102,103）映射到用户帐户的方法，其中每个认证设备（101,102,103）连接到认证服务器 201,202）使用安全通信信道（12）; 它们到用户账户的映射被记录在认证服务器（201,202）上，并且当映射到用户帐户的认证设备（101,102,103）之间的数据（11）的传送发生时，数据被传递 使用安全通信信道从第一认证装置（101,102,103）到认证服务器（201,202），从认证服务器（201,202）到另一认证装置（101,102,103）映射到 所述用户使用安全通信信道（12）的帐户，其中所述安全通信信道（12）由第二认证设备（101,102,103）创建。 该过程允许对多个认证设备使用单个个人本地认证因素，并且增加具有认证服务器的设备的认证的安全性。

公开(公告)号：WO2023011675A1

公开(公告)日：2023-02-09

申请号：PCT/CZ2022/050071

申请日：2022-08-03

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor

IPC: H04L9/40 ,  H04L9/32 ,  H04L67/02 ,  G06F21/33

Abstract: The invention provides a system and method for controlling access of a user to service providers and/or to target applications, in particular web or mobile applications. The system contains a client part and a server part, wherein the client part contains an authenticator (3), an embedded browser (1) and a data channel module (4), wherein the authenticator (3) is configured to authenticate the user (8); and wherein the authenticator (3) is also configured to communicate with the user via a graphical user interface of the embedded browser (1) using graphical and control primitives (2) of the authenticator and/or using a stand-alone graphical user interface of the authenticator; wherein the data channel module (4) is configured to communicate with service provider (60) servers via http/https protocol, to communicate with the embedded browser (1) and to communicate with the authenticator (3); wherein the client part further contains programs memory (5), variables memory (6) and a control module (7) configured to control the execution of programs stored in the programs memory (5); and wherein the server part contains at least one authentication server (73) of a browser control manager (70).

公开(公告)号：WO2019158137A1

公开(公告)日：2019-08-22

申请号：PCT/CZ2019/050005

申请日：2019-02-19

Applicant: ADUCID S.R.O.

Inventor： NEUMANN, Libor

IPC: H04L29/06 ,  H04W12/00 ,  H04L29/08 ,  H04W8/18

Abstract: The invention provides an authentication system for use with personal electronic identity gadgets of at least one user of services, wherein the said personal electronic identity gadgets are configured to authenticate to a main service provider (for all personal electronic identity gadgets of this service user) and are configured to trigger synchronization of data storages of service providers; wherein the said system is characterized in that it comprises - a data storage of an authentication system server component of at least one main service provider, wherein the said data storage is synchronizable with data storage(s) of server component(s) of at least one other service provider, either directly or via personal electronic identity gadgets, and wherein the said authentication system server component of the at least one main service provider is configured for mapping personal electronic identity gadgets to the account of the user of services; - a data storage of an authentication system server component of at least one other service provider that is synchronizable with the data storage of the authentication system server component of the at least one main service provider, either directly or via personal electronic identity gadget; wherein: - the data storage of the authentication system server component of each service provider contains, for each personal electronic identity gadget registered to this provider for the said user of services, a record with data for authenticating this personal electronic identity gadget, - the data storage of the authentication system server component of the main service provider contains identifiers assigned to personal electronic identity gadgets and/or to users, wherein for each personal electronic identity gadget of a user and/or for each user, a separate identifier is assigned for each service provider for whom at least one personal electronic identity gadget of the user is assigned to the user account; - the data storage of the authentication system server component of the main service provider contains a map of personal electronic identity gadgets for each user account, in the said map the records for all personal electronic identity gadgets of the said user in the said data storage are mapped to the said user account, furthermore the map contains the identifiers assigned to the personal electronic identity gadgets of the said user for all service providers and/or the identifiers assigned to the said user for all service providers; - the data storage of the authentication system server component of other service provider contains at least the identifiers assigned to personal electronic identity gadgets and/or to users of this other service provider; - the data storage of the authentication system server component of other service provider contains a map of personal electronic identity gadgets for each user account, wherein in the said map, the records for all personal electronic identity gadgets of the said user in this data storage are mapped to the said user account, furthermore the map contains the identifiers assigned to the personal electronic identity gadgets of the said user for at least this other service provider and/or the identifier assigned to the said user for at least this other service provider; - the data storages and/or the authentication system server components are configured so that the identifiers assigned to the personal electronic identity gadgets assigned to the account of one user and/or identifiers assigned to one user are synchronizable by transmitting synchronization information between the data storages of the authentication system server components and/or between the authentication system server components, directly or via personal electronic identity gadgets. Furthermore the invention offers an authentication method using this system, and preferred embodiments that allow to recover from emergencies and/or increase the user comfort and/or increase the security.