公开(公告)号：WO2016109626A1

公开(公告)日：2016-07-07

申请号：PCT/US2015/068000

申请日：2015-12-30

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONALL GMBH

Inventor： COULIER, Frank

IPC: H04L9/32

CPC classification number: H04W12/04 ,  H04B5/0056 ,  H04L9/14 ,  H04L9/32 ,  H04L63/0823 ,  H04L2209/24 ,  H04W12/06

Abstract: Methods, apparatus and systems are described for identifying potentially counterfeited products or goods.

Abstract translation: 描述了用于识别潜在假冒产品或商品的方法，装置和系统。

公开(公告)号：WO2014022778A1

公开(公告)日：2014-02-06

申请号：PCT/US2013/053433

申请日：2013-08-02

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONAL GMBH

Inventor： FORT, Nicolas ,  COULIER, Frank ,  TEIXERON, Guillaume

IPC: H04L29/06 ,  G06F21/35 ,  G06F21/43 ,  H04L9/32

CPC classification number: G06F21/34 ,  G06F21/36 ,  G06F21/606 ,  G09C5/00 ,  H04L9/3215 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0869 ,  H04L63/18 ,  H04W12/06

Abstract: Methods, apparatus, and systems for securing application interactions are disclosed. Application interactions may be secured by, at a user authentication device, capturing a signal emitted by an access device encoded with an authentication initiating message including an application identifier, decoding the signal and obtaining the authentication initiating message, retrieving the application identifier, presenting a human interpretable representation of the application identity to the user, obtaining user approval to generate a response message available to a verification server, generating a dynamic security value using a cryptographic algorithm that is cryptographically linked to the application identity, and generating a response message including the generated dynamic security value; making the response message available to a verification server; and, at the verification server, receiving the response message, verifying the response message including verifying the validity of the dynamic security value, and communicating the result of the verification of the response message to the application.

Abstract translation: 公开了用于确保应用交互的方法，装置和系统。 应用交互可以通过在用户认证设备捕获被编码有包括应用标识符的认证发起消息，解码信号和获得认证发起消息的接入设备发射的信号，检索应用标识符，呈现人 向用户解释应用程序标识的表示，获得用户批准以生成可用于验证服务器的响应消息，使用密码学上与应用标识相关联的密码算法生成动态安全性值，以及生成包括所生成的响应消息的响应消息 动态安全价值; 使得响应消息可用于验证服务器; 并且在所述验证服务器处接收所述响应消息，验证所述响应消息，包括验证所述动态安全性值的有效性，以及将所述响应消息的验证结果传送给所述应用。

公开(公告)号：WO2016109767A1

公开(公告)日：2016-07-07

申请号：PCT/US2015/068225

申请日：2015-12-31

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONAL GMBH

Inventor： COULIER, Frank

IPC: G06F21/36 ,  G06Q20/32 ,  G06K7/14 ,  G06K19/06

CPC classification number: G06K19/0614 ,  G06F21/36 ,  G06K7/1417 ,  G06K7/1443 ,  G06Q20/3274

Abstract: Methods, apparatus and systems for transferring transaction data using color images are provided.

Abstract translation: 提供了使用彩色图像传送交易数据的方法，装置和系统。

公开(公告)号：WO2014106031A1

公开(公告)日：2014-07-03

申请号：PCT/US2013/077961

申请日：2013-12-27

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONAL GMBH

Inventor： MARIËN, Dirk ,  COULIER, Frank ,  HOORNAERT, Frank ,  MENNES, Frederik

IPC: H04L9/32

CPC classification number: H04L9/3234 ,  H04L9/3228

Abstract: Authentication devices and methods for generating dynamic credentials are disclosed. The authentication devices include a communication interface for communicating with a security device such as a smart card. A dynamic credential such as a one-time password (OTP) or a message authentication code (MAC) may be generated by receiving from a server an encrypted initialization seed encrypted with an asymmetric encryption algorithm using a public key of a public/private key pair, submitting the encrypted initialization seed to a security device, decrypting at the security device the encrypted initialization seed with a private key of the public/private key pair, returning the decrypted initialization seed to the authentication device, deriving at the authentication device a secret credential generation key from the decrypted initialization seed, and generating the dynamic credential by combining a dynamic variable with the secret credential generation key using a symmetric cryptographic dynamic credential generation algorithm.

Abstract translation: 公开了用于生成动态凭证的认证设备和方法。 认证装置包括用于与智能卡等安全装置进行通信的通信接口。 可以通过使用公共/私人密钥对的公开密钥从服务器接收用非对称加密算法加密的加密的初始化种子来生成诸如一次性密码（OTP）或消息认证码（MAC）的动态凭证 将所述加密的初始化种子提交到安全设备，在所述安全设备处使用所述公钥/私钥对的私钥对所述加密的初始化种子进行解密，将所述解密的初始化种子返回到所述认证装置，在所述认证装置处导出秘密凭证 并且通过使用对称密码动态凭证生成算法将动态变量与秘密证书生成密钥相结合来生成动态凭证。

公开(公告)号：WO2016190903A2

公开(公告)日：2016-12-01

申请号：PCT/US2015/067784

申请日：2015-12-29

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONAL GMBH

Inventor： CLAES, Mathias ,  COULIER, Frank

IPC: G06F21/30

CPC classification number: H04L9/3213 ,  G06F21/31 ,  G06F21/45 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3247 ,  H04L63/0435 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/123

Abstract: Methods, apparatus, and systems for personalizing a software token using a dynamic credential (such as a one-time password or electronic signature) generated by a hardware token are disclosed.

Abstract translation: 公开了使用由硬件令牌生成的动态凭证（例如一次性密码或电子签名）来个性化软件令牌的方法，装置和系统。

公开(公告)号：WO2012142354A1

公开(公告)日：2012-10-18

申请号：PCT/US2012/033432

申请日：2012-04-13

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONAL GMBH ,  COULIER, Frank ,  HOORNAERT, Frank ,  MENNES, Frederik

Inventor： COULIER, Frank ,  HOORNAERT, Frank ,  MENNES, Frederik

IPC: H04L9/32 ,  G06Q20/34

CPC classification number: H04L9/3228 ,  G06F21/31 ,  G06F21/34 ,  G06Q20/3823 ,  G06Q20/388 ,  H04L9/006 ,  H04L9/3242 ,  H04L9/3263 ,  H04L9/3271 ,  H04L2209/805

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

Abstract translation: 本发明提供一种方法，装置，计算机可读介质和信号，其允许使用包含PKI私钥（例如启用PKI的智能卡或USB棒）的设备来认证用户和签署交易。 验证用户的真实性和/或消息。 此外，操作（认证和/或签名）发生而不需要应用程序与包含私钥的设备进行某种直接或间接的数字连接。 此外，不需要启用包含私钥（例如PKI智能卡或USB棒）的启用PKI的设备来支持对称密码操作，也可以使用可读取的一些秘密或机密数据元素进行个性化操作 由合适的读者。

公开(公告)号：WO2009025905A2

公开(公告)日：2009-02-26

申请号：PCT/US2008/065216

申请日：2008-05-30

Applicant: VASCO DATA SECURITY, INC. ,  VASCO DATA SECURITY INTERNATIONAL GMBH ,  COULIER, Frank ,  HOORNAERT, Frank

Inventor： COULIER, Frank ,  HOORNAERT, Frank

IPC: H04L9/00

CPC classification number: G06F21/34 ,  G06F21/31 ,  G06F21/33 ,  G06F2221/2103 ,  G06Q20/3823 ,  G06Q20/388 ,  H04L9/006 ,  H04L9/3228 ,  H04L9/3242 ,  H04L9/3271 ,  H04L63/067 ,  H04L2209/56

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKl private keys such as PKI- enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

Abstract translation: 本发明提供了一种方法，设备，计算机可读介质和信号，其允许使用包含PKI私钥的设备（例如启用PKI的智能卡或USB棒）来认证用户并对交易进行签名。 用户和/或消息的真实性得到验证。 此外，操作（认证和/或签名）不需要应用程序与包含私钥的设备进行某种直接或间接的数字连接。 换句话说，允许应用程序向卡提交数据以供卡的私钥签名并且允许从卡中检索整个签名的数字连接不是必需的。 此外，该操作不需要包含私钥的PKI设备（例如PKI智能卡或USB棒）就可以支持对称加密操作，或者通过一些可以读取的秘密或机密数据元素进行个性化 由适当的读者。

公开(公告)号：WO2002091662A1

公开(公告)日：2002-11-14

申请号：PCT/US2002/013521

申请日：2002-04-30

Applicant: VASCO DATA SECURITY, INC.

Inventor： COULIER, Frank

IPC: H04L9/00

CPC classification number: H04L63/0435 ,  H04L63/0869 ,  H04L63/166

Abstract: The invention describes a method (200) and system for verifying the link between a public key and a server's identity as claimed in the server's certificate without relying on the trustworthiness of the root certificate of the server's certificate chain. The system establishes a secure socket layer type connection (201) between a client and a server, wherein the server transmits information including the server's public key to the client while establishing the connection. Next, a first information is sent from the client to the server (202). The client and the server create an identical authentication key using a shared secret known to the server and the client (203 and 204). Next, the server transmits a first encrypted message to the client (206), wherein the first encrypted message includes the server's public key encrypted with the authentication key. Then, the client decrypts the first encrypted message and verifies the correctness (207) of that message including comparing the public key included in the decrypted first encrypted message to the public key transmitted during the set-up of the secure socket layer type connection to authenticate the client and to establish the trustworthiness of the server's public key and thereby the entire SSL connection. The client then transmits a second encrypted message to the server (209), wherein the second encrypted message is the first information encrypted with the authentication key. Finally, the server then decrypts the second encrypted message and verifies the correctness of the decrypted second encrypted message to authenticate the client (210).

Abstract translation: 本发明描述了一种方法（200）和系统，用于在不依赖于服务器证书链的根证书的可信度的情况下验证服务器证书所要求的公开密钥和服务器身份之间的链接。 该系统在客户机和服务器之间建立安全套接字层类型连接（201），其中服务器在建立连接的同时向客户端发送包括服务器公钥的信息。 接下来，从客户端向服务器（202）发送第一信息。 客户机和服务器使用服务器和客户机（203和204）已知的共享秘密创建相同的认证密钥。 接下来，服务器向客户机（206）发送第一加密消息，其中第一加密消息包括用认证密钥加密的服务器的公钥。 然后，客户端解密第一加密消息并验证该消息的正确性（207），包括将解密的第一加密消息中包括的公开密钥与在安全套接字层类型连接的建立期间发送的公开密钥进行认证 客户端并建立服务器公钥的可信赖性，从而建立整个SSL连接。 客户机然后向服务器（209）发送第二加密消息，其中第二加密消息是用认证密钥加密的第一信息。 最后，服务器然后解密第二加密消息，并验证解密的第二加密消息的正确性以认证客户端（210）。