公开(公告)号：WO2016190903A3

公开(公告)日：2017-01-19

申请号：PCT/US2015067784

申请日：2015-12-29

Applicant: VASCO DATA SECURITY INC ,  VASCO DATA SECURITY INT GMBH

Inventor： CLAES MATHIAS ,  COULIER FRANK

IPC: H04L29/06

CPC classification number: H04L9/3213 ,  G06F21/31 ,  G06F21/45 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3247 ,  H04L63/0435 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/123

Abstract: Methods, apparatus, and systems for personalizing a software token using a dynamic credential (such as a one-time password or electronic signature) generated by a hardware token are disclosed.

Abstract translation: 公开了使用由硬件令牌生成的动态凭证（例如一次性密码或电子签名）来个性化软件令牌的方法，装置和系统。

公开(公告)号：WO2009025905A3

公开(公告)日：2009-04-02

申请号：PCT/US2008065216

申请日：2008-05-30

Applicant: VASCO DATA SECURITY INC ,  VASCO DATA SECURITY INTERNAT G ,  COULIER FRANK ,  HOORNAERT FRANK

Inventor： COULIER FRANK ,  HOORNAERT FRANK

IPC: H04L9/00

CPC classification number: G06F21/34 ,  G06F21/31 ,  G06F21/33 ,  G06F2221/2103 ,  G06Q20/3823 ,  G06Q20/388 ,  H04L9/006 ,  H04L9/3228 ,  H04L9/3242 ,  H04L9/3271 ,  H04L63/067 ,  H04L2209/56

Abstract: The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKl private keys such as PKI- enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader.

Abstract translation: 本发明提供了一种方法，装置，计算机可读介质和信号，其允许使用包含PKI私钥（例如启用PKI的智能卡或USB棒）的设备来认证用户和签署交易。 验证用户的真实性和/或消息。 此外，操作（认证和/或签名）发生而不需要应用程序与包含私钥的设备进行某种直接或间接的数字连接。 换句话说，数字连接将允许应用程序将数据提交到卡上进行卡的私钥签名，并且允许从卡中检索整个结果签名。 此外，不需要启用包含私钥（例如PKI智能卡或USB棒）的启用PKI的设备来支持对称密码操作，也可以使用可读取的一些秘密或机密数据元素进行个性化操作 由合适的读者。

公开(公告)号：WO02091662A8

公开(公告)日：2003-08-14

申请号：PCT/US0213521

申请日：2002-04-30

Applicant: VASCO DATA SECURITY INC

Inventor： COULIER FRANK

IPC: H04L29/06 ,  H04L9/00

CPC classification number: H04L63/0435 ,  H04L63/0869 ,  H04L63/166

Abstract: The invention describes a method (200) and system for verifying the link between a public key and a server's identity as claimed in the server's certificate without relying on the trustworthiness of the root certificate of the server's certificate chain. The system establishes a secure socket layer type connection (201) between a client and a server, wherein the server transmits information including the server's public key to the client while establishing the connection. Next, a first information is sent from the client to the server (202). The client and the server create an identical authentication key using a shared secret known to the server and the client (203 and 204). Next, the server transmits a first encrypted message to the client (206), wherein the first encrypted message includes the server's public key encrypted with the authentication key. Then, the client decrypts the first encrypted message and verifies the correctness (207) of that message including comparing the public key included in the decrypted first encrypted message to the public key transmitted during the set-up of the secure socket layer type connection to authenticate the client and to establish the trustworthiness of the server's public key and thereby the entire SSL connection. The client then transmits a second encrypted message to the server (209), wherein the second encrypted message is the first information encrypted with the authentication key. Finally, the server then decrypts the second encrypted message and verifies the correctness of the decrypted second encrypted message to authenticate the client (210).

Abstract translation: 本发明描述了一种方法（200）和系统，用于在不依赖于服务器证书链的根证书的可信度的情况下验证服务器证书所要求的公开密钥和服务器身份之间的链接。 该系统在客户机和服务器之间建立安全套接字层类型连接（201），其中服务器在建立连接的同时向客户端发送包括服务器公钥的信息。 接下来，从客户端向服务器（202）发送第一信息。 客户机和服务器使用服务器和客户机（203和204）已知的共享秘密创建相同的认证密钥。 接下来，服务器向客户机（206）发送第一加密消息，其中第一加密消息包括用认证密钥加密的服务器的公钥。 然后，客户端解密第一加密消息并验证该消息的正确性（207），包括将解密的第一加密消息中包括的公开密钥与在安全套接字层类型连接的建立期间发送的公开密钥进行认证 客户端并建立服务器公钥的可信赖性，从而建立整个SSL连接。 客户机然后向服务器（209）发送第二加密消息，其中第二加密消息是用认证密钥加密的第一信息。 最后，服务器然后解密第二加密消息，并验证解密的第二加密消息的正确性以认证客户端（210）。