专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08650405B1 Authentication using dynamic, client information based PIN 有权
标题翻译：使用动态，基于客户端信息的PIN验证
公开(公告)号：US08650405B1
公开(公告)日：2014-02-11
申请号：US13173607
申请日：2011-06-30
申请人： Yedidya Dotan , Lawrence N. Friedman , Oleg Freylafert , Robert S. Philpott , Daniel Schiappa
发明人： Yedidya Dotan , Lawrence N. Friedman , Oleg Freylafert , Robert S. Philpott , Daniel Schiappa
IPC分类号： G06F21/00
CPC分类号： G06F21/31
摘要： An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The user-specific authentication information is processed to form a PIN, and authentication of the user proceeds based on the PIN and any other authentication factors provided. Since the disclosed techniques compute PINs automatically based on information exchanged between a client machine and a server, the user is relieved of any burden associated with registering and remembering a PIN.
摘要翻译：改进的基于PIN的认证技术用于向服务器认证客户端机器的用户，基于用户特定的认证信息（例如加密的cookie信息）自动生成用户的个人识别号码（PIN）。服务器向客户机提供用户特定的认证信息。当用户提交认证请求时，收集用户特定的身份验证信息并将其上传到服务器。处理用户特定认证信息以形成PIN，并且用户的认证基于PIN和提供的任何其他认证因素而进行。由于所公开的技术基于在客户机和服务器之间交换的信息自动计算PIN，所以用户免除与注册和记住PIN相关联的任何负担。

2. 发明授权

US09178880B1 Gateway mediated mobile device authentication 有权
标题翻译：网关介入移动设备认证
公开(公告)号：US09178880B1
公开(公告)日：2015-11-03
申请号：US13539392
申请日：2012-06-30
申请人： Yedidya Dotan , John G. Linn , Christopher Corde , Philip A. Darringer , Robert S. Philpott
发明人： Yedidya Dotan , John G. Linn , Christopher Corde , Philip A. Darringer , Robert S. Philpott
IPC分类号： H04W12/08 , H04L29/06 , H04W12/06
CPC分类号： H04W12/06 , H04L63/0838 , H04L63/0876 , H04L63/0884 , H04W12/08
摘要： A method is used in authenticating a mobile device user. An authentication invocation from a mobile device for access to computer resource is activated. Device unique identifiers and device forensic information are collected. The device unique identifiers and the device unique identifiers are forwarded to a gateway. An OTP is resolved into a unique device identifier using an authentication server. The device identifier is adaptively authenticated using multiple authentication factors.
摘要翻译：一种方法用于认证移动设备用户。来自用于访问计算机资源的移动设备的认证调用被激活。收集设备唯一标识符和设备取证信息。设备唯一标识符和设备唯一标识符转发到网关。使用认证服务器将OTP解析为唯一的设备标识符。使用多个认证因素自适应地认证设备标识符。

3. 发明授权

US08752145B1 Biometric authentication with smart mobile device 有权
标题翻译：智能移动设备的生物识别认证
公开(公告)号：US08752145B1
公开(公告)日：2014-06-10
申请号：US13341160
申请日：2011-12-30
申请人： Yedidya Dotan , Sorin Faibish , Samuel Adams , Yael Villa , Robert S. Philpott
发明人： Yedidya Dotan , Sorin Faibish , Samuel Adams , Yael Villa , Robert S. Philpott
IPC分类号： G06F21/00 , G06F7/04
CPC分类号： H04L63/0861 , G06F21/32 , G06F2221/2115 , H04W12/06
摘要： An improved authentication technique employs a user's mobile device to obtain a picture of the user from which facial geometry is extracted and applied as part of an authentication operation of the user to the remote network. In some examples, a server stores facial geometry for different users along with associated PINs. By matching facial geometry of the user with facial geometry on the server, the user's PIN can be obtained, without the user ever having to register or remember the PIN.
摘要翻译：改进的认证技术采用用户的移动设备来获取用户的图片，从该用户的图片提取和应用面部几何被作为远程网络的用户的认证操作的一部分。在一些示例中，服务器存储不同用户的面部几何以及关联的PIN。通过将用户的面部几何与服务器上的面部几何相匹配，可以获得用户的PIN，而无需用户注册或记住PIN。

4. 发明授权

US08627424B1 Device bound OTP generation 有权
标题翻译：设备绑定OTP生成
公开(公告)号：US08627424B1
公开(公告)日：2014-01-07
申请号：US12827045
申请日：2010-06-30
申请人： Michael J. O'Malley , Robert S. Philpott
发明人： Michael J. O'Malley , Robert S. Philpott
IPC分类号： G06F15/16 , H04L29/06 , H04L12/28
CPC分类号： H04L63/0838 , G06F21/335 , G06F21/71 , G06F21/73 , H04L63/0853 , H04L63/0876
摘要： A method, system, and computer product for use in generating one time passcodes (OTPs) in security environment, the security environment comprising an OTP generator and an OTP validator, the method comprising generating, at the OTP generator, an OTP according to a function, wherein the function includes as an input a device id, validating the OTP at the OTP validator, whereby the validation comprises generating, at the OTP validator, a second OTP according to the function, and determining whether the OTP is valid based on a comparison of the OTP with the second OTP generated at the OTP validator.
摘要翻译：一种用于在安全环境中生成一次性密码（OTP）的方法，系统和计算机产品，所述安全环境包括OTP生成器和OTP验证器，所述方法包括根据功能在OTP生成器生成OTP 其中，所述功能包括作为输入的设备ID，在所述OTP验证器处验证所述OTP，由此所述验证包括在所述OTP验证器处根据所述功能生成第二OTP，并且基于比较来确定所述OTP是否有效的OTP与OTP验证器生成的第二个OTP。

5. 发明授权

US08601588B1 Method and system for detection of clone authenticator 有权
标题翻译：检测克隆鉴别器的方法和系统
公开(公告)号：US08601588B1
公开(公告)日：2013-12-03
申请号：US13173726
申请日：2011-06-30
申请人： Robert Black , William Duane , Robert S. Philpott
发明人： Robert Black , William Duane , Robert S. Philpott
IPC分类号： G06F11/00
CPC分类号： G06F21/577 , G06F11/008 , G06F21/34 , G06F21/44 , G06F21/55 , G06Q40/02 , G06Q2220/00 , H04L63/1433 , H04L63/1441
摘要： A method includes engaging in authentication operations each involving apparent use of a legitimate authenticator. Values of one or more authenticator variables are received and stored, where the authenticator variable(s) normally change in a known authenticator-specific way during the authentication operations, such as being calculated from a monotonically increasing dynamic variable. A risk analysis function is applied to the stored values to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use. The risk analysis function includes detection of an abnormal change of the authenticator variable(s), such as use of non-monotonic dynamic variable values. The risk indicator signal is output to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful authentication operation involving apparent use of the legitimate authenticator.
摘要翻译：一种方法包括参与认证操作，每个认证操作包括明确使用合法认证器。接收和存储一个或多个验证器变量的值，其中验证器变量在认证操作期间通常以已知的认证器特定方式改变，诸如从单调递增的动态变量计算。对存储的值应用风险分析功能，以生成指示克隆认证器正在使用的风险级别的风险指示符信号。风险分析功能包括检测认证者变量的异常变化，例如使用非单调动态变量值。该风险指示信号被输出到一个接入控制器，该接入控制器基于风险指示信号所指示的风险水平来选择性地禁止涉及明确使用合法验证器的另外成功的认证操作。

6. 发明授权

US09860059B1 Distributing token records 有权
公开(公告)号：US09860059B1
公开(公告)日：2018-01-02
申请号：US13336056
申请日：2011-12-23
申请人： Christopher Duane , Robert S. Philpott , William Duane , Gareth Richards
发明人： Christopher Duane , Robert S. Philpott , William Duane , Gareth Richards
IPC分类号： H04L9/32 , H04L9/00 , H04L9/08 , H04L29/06
CPC分类号： H04L9/0869 , H04L9/0866 , H04L63/045 , H04L63/0838
摘要： A method and system for use in distributing token records is disclosed. At least one token record comprises a unique seed associated with a one-time password (OTP) token. An encryption key and a corresponding decryption key are generated for assisting selective encryption and decryption of a token record associated with a OTP token. The encryption key and the decryption key being unique to an end user of the token record. The token record is encrypted with the assistance of the encryption key. One of the decryption key and the encrypted token record is provided to the end user of the token record. The other of the decryption key and the encrypted token record is provided to the end user in response to secure receipt of the one of the decryption key and the encrypted token record by the end user. The encrypted token record can be decrypted with the assistance of the decryption key.

7. 发明授权

US08433914B1 Multi-channel transaction signing 有权
标题翻译：多渠道交易签名
公开(公告)号：US08433914B1
公开(公告)日：2013-04-30
申请号：US12820829
申请日：2010-06-22
申请人： Robert S. Philpott , Yong Qiao , Michael J. O'Malley , Daniel V. Bailey
发明人： Robert S. Philpott , Yong Qiao , Michael J. O'Malley , Daniel V. Bailey
IPC分类号： H04L9/32
CPC分类号： H04L9/3247 , H04L9/3215
摘要： A transaction system combats malware and phishing-based MitM attacks on transaction processing systems by using digital signatures to integrity-protect the user-verified transaction data. With this system, a user submits a transaction from a client device (e.g., desktop web browser) over a communications channel to a server device, such as a transaction server. Before accepting the transaction, the transaction server securely delivers all relevant transaction data to a second device (e.g., the signing device), such as a smart phone, in the possession of the user. The signing device has its own distinct communication channel with the server device. The user verifies the data and the signing device creates a digital signature value for the transaction. The user submits the signature to the transaction server to confirm the transaction with the transaction server.
摘要翻译：交易系统通过使用数字签名对用户验证的交易数据进行完整性保护来抵抗事件处理系统上的恶意软件和基于网路钓鱼的MitM攻击。利用该系统，用户通过通信信道从客户端设备（例如桌面网络浏览器）提交交易到例如交易服务器的服务器设备。在接受交易之前，交易服务器将所有相关的交易数据安全地传递给用户拥有的第二设备（例如，签名设备），例如智能电话。签名设备与服务器设备有独立的通信通道。用户验证数据，签名设备为交易创建数字签名值。用户将签名提交给事务服务器以确认与事务服务器的事务。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式