专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120174198A1 Shared Registration Multi-Factor Authentication Tokens 有权
标题翻译：共享注册多因素认证令牌
公开(公告)号：US20120174198A1
公开(公告)日：2012-07-05
申请号：US12982800
申请日：2010-12-30
申请人： James Gould , David Smith , Mingliang Pei
发明人： James Gould , David Smith , Mingliang Pei
IPC分类号： G06F21/00
CPC分类号： H04L63/0807 , G06F21/32 , G06F21/335 , H04L63/0815
摘要： A system and method for more efficiently establishing a chain of trust from a registrant to a registry. A registrant credential is associated with a Shared Registration command and is sent by a registrar to a registry. Upon successful validation, a token is generated and bound to a registrant identifier. The token is included along with the registrant identifier in subsequent discrete Shared Registration commands submitted to the registry on behalf of the registrant. The registrant thus needs to submit its credential only once for changes that require several discrete commands. Also, it is more efficient for the Shared Registration System to validate a token for a set of commands than to validate different registrant credential for each discrete command.
摘要翻译：一种用于更有效地建立从注册人到注册管理机构的信任链的系统和方法。注册人凭证与共享注册命令相关联，并由注册服务商发送到注册表。成功验证后，生成令牌并绑定到注册人标识符。该标记与注册人标识符一起包括在随后的离散共享注册命令中，代表注册人提交给注册管理机构。因此，注册人只需要为需要多个离散命令的更改提交一次凭据。此外，共享注册系统对于一组命令验证令牌比对每个离散命令验证不同注册人凭证更有效。

2. 发明授权

US08584224B1 Ticket based strong authentication with web service 有权
标题翻译：基于门票的强大的身份验证与Web服务
公开(公告)号：US08584224B1
公开(公告)日：2013-11-12
申请号：US13085786
申请日：2011-04-13
申请人： Mingliang Pei , Jeff Burstein , Liyu Yi , Rosarin Jolly Antonyraj , Rong Cao
发明人： Mingliang Pei , Jeff Burstein , Liyu Yi , Rosarin Jolly Antonyraj , Rong Cao
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： H04L9/3213 , H04L9/3247 , H04L63/0823
摘要： A system for authenticating a user to a relying party. A user sends an access request to a relying party web application. In response, the application sends a page with JavaScript that detects a plug-in at the user and detects the relying party domain. The plug-in uses its device certificate or other pre-established credentials to sign a challenge along with other site and user information including the site domain, the authentication service URL and user identifier, and send it, along with the data including the domain and the user identifier, to an authentication service. The service authenticates the information and sends back to the plug-in a short ticket that can be passed on to the relying party, which can validate it using the Radius protocol and an authentication service call, thereby authenticating the user.
摘要翻译：用于将用户认证给依赖方的系统。用户向依赖方Web应用发送访问请求。作为响应，应用程序发送一个JavaScript页面，该页面检测用户的插件并检测依赖方域。插件使用其设备证书或其他预先建立的凭据与其他站点和用户信息（包括站点域，认证服务URL和用户标识符）一起签署挑战，并将其发送，以及包括域和用户标识符，到认证服务。服务对信息进行认证，并向插件发回可以传递给依赖方的短票，这可以使用Radius协议和认证服务呼叫进行验证，从而对用户进行认证。

3. 发明授权

US08606234B2 Methods and apparatus for provisioning devices with secrets 有权
标题翻译：用于为设备提供秘密的方法和设备
公开(公告)号：US08606234B2
公开(公告)日：2013-12-10
申请号：US12651255
申请日：2009-12-31
申请人： Mingliang Pei , Yuequin Lin , Bruce Ong , Jeff Burstein , Ananta K. Vadlamani
发明人： Mingliang Pei , Yuequin Lin , Bruce Ong , Jeff Burstein , Ananta K. Vadlamani
IPC分类号： H04M1/66 , H04M1/68 , H04M3/16
CPC分类号： H04L63/18 , G06F21/42 , G06F2221/2129 , H04L9/3228 , H04L63/083 , H04L67/02 , H04L2209/80 , H04W4/00
摘要： A method for provisioning a mobile device with a secret to be used as a basis for generating One-Time passwords includes receiving a first request using a first communications method. The first request includes a mobile device identifier. The method also includes sending a credential message using a second communications method. The credential message includes an authentication credential. The method also includes receiving a second request using a third communications method different from the second communications method. The second request includes information based upon the authentication credential sent by the provisioning service. The method also includes sending the secret if the authentication credential in the credential message corresponds to the information based upon the authentication credential in the second request.
摘要翻译：用于提供具有用于生成一次性密码的基础的秘密的移动设备的方法包括使用第一通信方法来接收第一请求。第一请求包括移动设备标识符。该方法还包括使用第二通信方法发送凭证消息。凭证消息包括认证证书。该方法还包括使用与第二通信方法不同的第三通信方法来接收第二请求。第二请求包括基于由供应服务发送的认证凭证的信息。该方法还包括：如果证书消息中的认证凭证对应于基于第二请求中的认证证书的信息，则发送秘密。

4. 发明授权

US08397281B2 Service assisted secret provisioning 有权
标题翻译：服务协助秘密配置
公开(公告)号：US08397281B2
公开(公告)日：2013-03-12
申请号：US12650158
申请日：2009-12-30
申请人： Mingliang Pei , Slawek Ligier
发明人： Mingliang Pei , Slawek Ligier
IPC分类号： G06F7/04 , G06F15/16 , H04L29/06 , G06F17/30
CPC分类号： G06F21/34 , G06F21/42
摘要： A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.
摘要翻译：用于提供被提供给第一设备到第二设备的秘密的方法包括使用秘密在第一设备处生成一次性密码并获得秘密的标识符。该方法还包括向第二设备提供一次性密码和标识符，并将一次性密码和标识符发送到远程供应服务。该方法还包括验证一次性密码对应于秘密，并向第二设备发送用于解密加密秘密的加密秘密和解密密钥。可以使用不同的通信方式来发送加密的秘密和解密密钥。该方法还包括使用解密密钥解密加密的秘密以提供秘密，并将秘密存储在第二设备。

5. 发明授权

US09191381B1 Strong authentication via a federated identity protocol 有权
标题翻译：通过联合身份协议进行强身份验证
公开(公告)号：US09191381B1
公开(公告)日：2015-11-17
申请号：US13218301
申请日：2011-08-25
申请人： Nicolas Popp , Alan Dundas , Siddharth Bajaj , Mingliang Pei , Liyu Yi , John Smith
发明人： Nicolas Popp , Alan Dundas , Siddharth Bajaj , Mingliang Pei , Liyu Yi , John Smith
IPC分类号： G06F21/31 , H04L29/06
CPC分类号： H04L63/0823 , G06F21/34 , G06F21/41 , H04L63/08 , H04L63/0815 , H04L63/0853 , H04L2463/082
摘要： A computing system of an authentication service provider receives a federated identity protocol request triggered by a relying party to validate a user. The federated identity protocol request includes a user identifier of an authenticated identity. The computing system searches mapping data stored in a data store that is coupled to the computing system to identify a type of virtual token associated with the user identifier and authenticates the user by requesting the identified type of virtual token from a user device and verifying a virtual token received from the user device using the mapping data. The computing system sends second-factor authentication results to the relying party via the federated identity protocol.
摘要翻译：认证服务提供商的计算系统接收由依赖方触发的联合身份协议请求来验证用户。联合身份协议请求包括认证身份的用户标识符。计算系统搜索存储在耦合到计算系统的数据存储器中的映射数据，以识别与用户标识符相关联的虚拟令牌的类型，并通过从用户设备请求识别的类型的虚拟令牌并验证虚拟使用映射数据从用户设备接收的令牌。计算系统通过联合身份协议向依赖方发送第二方认证结果。

6. 发明授权

US08799646B1 Methods and systems for authenticating devices 有权
标题翻译：验证设备的方法和系统
公开(公告)号：US08799646B1
公开(公告)日：2014-08-05
申请号：US13336435
申请日：2011-12-23
申请人： Mingliang Pei
发明人： Mingliang Pei
IPC分类号： H04L29/06
CPC分类号： H04L63/062 , H04L63/0428 , H04L63/06 , H04L63/08 , H04L63/0807 , H04L63/0876
摘要： A computer-implemented method for authenticating devices may include (1) identifying a request from a device for a credentialing service to issue a credential to the device, the request including an application identifier encrypted with a first encryption key, the first encryption key having been derived by the device based on a token provisioned to the device by a vendor of the device, (2) transmitting the request to the credentialing service, (3) receiving, from the credentialing service, the credential encrypted using a second encryption key, the second encryption key having been derived by the device based on the token, and (4) providing the encrypted credential to the device. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于认证设备的计算机实现的方法可以包括（1）识别来自设备的用于凭证服务以向该设备发布凭证的请求，该请求包括用第一加密密钥加密的应用标识符，第一加密密钥已被（2）向认证服务发送请求，（3）从认证服务接收使用第二加密密钥加密的凭证，所述证书服务提供给所述设备，第二加密密钥已经由设备基于令牌导出，以及（4）将加密凭证提供给设备。还公开了各种其它方法，系统和计算机可读介质。

7. 发明申请

US20110162053A1 SERVICE ASSISTED SECRET PROVISIONING 有权
标题翻译：服务协助秘密提供
公开(公告)号：US20110162053A1
公开(公告)日：2011-06-30
申请号：US12650158
申请日：2009-12-30
申请人： Mingliang Pei , Slawek Ligier
发明人： Mingliang Pei , Slawek Ligier
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： G06F21/34 , G06F21/42
摘要： A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.
摘要翻译：用于提供被提供给第一设备到第二设备的秘密的方法包括使用秘密在第一设备处生成一次性密码并获得秘密的标识符。该方法还包括向第二设备提供一次性密码和标识符，并将一次性密码和标识符发送到远程供应服务。该方法还包括验证一次性密码对应于秘密，并向第二设备发送用于解密加密秘密的加密秘密和解密密钥。可以使用不同的通信方式来发送加密的秘密和解密密钥。该方法还包括使用解密密钥解密加密的秘密以提供秘密，并将秘密存储在第二设备。

8. 发明申请

US20110161289A1 Data Replication Across Enterprise Boundaries 有权
标题翻译：跨企业边界的数据复制
公开(公告)号：US20110161289A1
公开(公告)日：2011-06-30
申请号：US12649829
申请日：2009-12-30
申请人： Mingliang Pei , Oanh Hoang , Ruiping Sun , John Huang
发明人： Mingliang Pei , Oanh Hoang , Ruiping Sun , John Huang
IPC分类号： G06F17/30 , G06F21/00
CPC分类号： G06F17/30581
摘要： Systems and methods for synchronizing verification data in a distributed database including client and server databases. The server database may exchange verification data regarding one-time passwords to multiple client databases. An update to the server database may be initiated based on information stored in the client database by pushing updated verification information from the client database to the server database via an SSL tunnel. An update to the client database may be initiated based on information stored in the server database by pulling updated verification data from the server database to the client database via an SSL tunnel. The client database and the server database may include a two-dimensional data field including the verification data and an associated key identifier, and a site ID. The site ID may include a unique identifier to identify the respective database in which it is included. The data field may include a sequence number assigned to each row of data that increases every time the row of information is updated. The client database and the server database may also include a replication tracking table including a record of the last known update to a remote database. Data fields that require updating may be determined based on the site ID and a comparison of the sequence numbers from the replication tracking table and the server's database.
摘要翻译：用于在包括客户端和服务器数据库的分布式数据库中同步验证数据的系统和方法。服务器数据库可以将关于一次性密码的验证数据交换到多个客户数据库。可以基于通过SSL隧道将更新的验证信息从客户端数据库推送到服务器数据库，基于存储在客户端数据库中的信息来启动对服务器数据库的更新。可以基于存储在服务器数据库中的信息，通过经由SSL隧道将更新的验证数据从服务器数据库拉到客户端数据库来启动对客户端数据库的更新。客户端数据库和服务器数据库可以包括包括验证数据和相关联的密钥标识符的二维数据字段以及站点ID。站点ID可以包括用于标识其中包括其的相应数据库的唯一标识符。数据字段可以包括分配给每次更新信息行时每增加一行数据的序列号。客户端数据库和服务器数据库还可以包括复制跟踪表，其包括对远程数据库的最后已知更新的记录。需要更新的数据字段可以基于站点ID和来自复制跟踪表和服务器数据库的序列号的比较来确定。

9. 发明授权

US09286369B2 Data replication across enterprise boundaries 有权
标题翻译：跨企业边界的数据复制
公开(公告)号：US09286369B2
公开(公告)日：2016-03-15
申请号：US12649829
申请日：2009-12-30
申请人： Mingliang Pei , Oanh Hoang , Ruiping Sun , John Huang
发明人： Mingliang Pei , Oanh Hoang , Ruiping Sun , John Huang
IPC分类号： G06F17/30
CPC分类号： G06F17/30581
摘要： Systems and methods for synchronizing verification data in a distributed database including client and server databases. The server database may exchange verification data regarding one-time passwords to multiple client databases. An update to the server database may be initiated based on information stored in the client database by pushing updated verification information from the client database to the server database via an SSL tunnel. An update to the client database may be initiated based on information stored in the server database by pulling updated verification data from the server database to the client database via an SSL tunnel. The client database and the server database may include a two-dimensional data field including the verification data and an associated key identifier, and a site ID. The site ID may include a unique identifier to identify the respective database in which it is included. The data field may include a sequence number assigned to each row of data that increases every time the row of information is updated. The client database and the server database may also include a replication tracking table including a record of the last known update to a remote database. Data fields that require updating may be determined based on the site ID and a comparison of the sequence numbers from the replication tracking table and the server's database.
摘要翻译：用于在包括客户端和服务器数据库的分布式数据库中同步验证数据的系统和方法。服务器数据库可以将关于一次性密码的验证数据交换到多个客户数据库。可以基于通过SSL隧道将更新的验证信息从客户端数据库推送到服务器数据库，基于存储在客户端数据库中的信息来启动对服务器数据库的更新。可以基于存储在服务器数据库中的信息，通过经由SSL隧道将更新的验证数据从服务器数据库拉到客户端数据库来启动对客户端数据库的更新。客户端数据库和服务器数据库可以包括包括验证数据和相关联的密钥标识符的二维数据字段以及站点ID。站点ID可以包括用于标识其中包括其的相应数据库的唯一标识符。数据字段可以包括分配给每次更新信息行时每增加一行数据的序列号。客户端数据库和服务器数据库还可以包括复制跟踪表，其包括对远程数据库的最后已知更新的记录。需要更新的数据字段可以基于站点ID和来自复制跟踪表和服务器数据库的序列号的比较来确定。

10. 发明授权

US08769655B2 Shared registration multi-factor authentication tokens 有权
标题翻译：共享注册多因素认证令牌
公开(公告)号：US08769655B2
公开(公告)日：2014-07-01
申请号：US12982800
申请日：2010-12-30
申请人： James Gould , David Smith , Mingliang Pei
发明人： James Gould , David Smith , Mingliang Pei
IPC分类号： H04L9/32 , H04L29/06
CPC分类号： H04L63/0807 , G06F21/32 , G06F21/335 , H04L63/0815
摘要： A system and method for more efficiently establishing a chain of trust from a registrant to a registry. A registrant credential is associated with a Shared Registration command and is sent by a registrar to a registry. Upon successful validation, a token is generated and bound to a registrant identifier. The token is included along with the registrant identifier in subsequent discrete Shared Registration commands submitted to the registry on behalf of the registrant. The registrant thus needs to submit its credential only once for changes that require several discrete commands. Also, it is more efficient for the Shared Registration System to validate a token for a set of commands than to validate different registrant credential for each discrete command.
摘要翻译：一种用于更有效地建立从注册人到注册管理机构的信任链的系统和方法。注册人凭证与共享注册命令相关联，并由注册服务商发送到注册表。成功验证后，生成令牌并绑定到注册人标识符。该标记与注册人标识符一起包括在随后的离散共享注册命令中，代表注册人提交给注册管理机构。因此，注册人只需要为需要多个离散命令的更改提交一次凭据。此外，共享注册系统对于一组命令验证令牌比对每个离散命令验证不同注册人凭证更有效。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式