公开(公告)号：US10581618B2

公开(公告)日：2020-03-03

申请号：US14795081

申请日：2015-07-09

申请人： Entrust, Inc.

发明人： Timothy Edward Moses

IPC分类号： H04L29/06 ,  H04L9/32

摘要： In one example, an enrollment device, such as a smart phone with an enrollment application executing thereon, obtains in situ enrollment information from at least one or more target device of a plurality of target devices in a network. The enrollment device provides the in situ enrollment information that is obtained from the at least one target device, to a security management device, such as a public key certificate generator (e.g., a certification authority) for the network, to facilitate target device configuration certificate generation for the at least one target device. The security management device uses the in situ enrollment information and other device specific information as well as operational information that is desired for a device, and issues a configuration certificate for the at least one target device. A system and methods are also set forth.

公开(公告)号：US10165440B2

公开(公告)日：2018-12-25

申请号：US13836431

申请日：2013-03-15

申请人： Entrust, Inc.

发明人： Clayton Douglas Smith ,  Lindsay Martin Kent

IPC分类号： H04L9/32 ,  H04W12/06 ,  H04L29/06

摘要： A method and apparatus provides for user authentication. In an example, the method and apparatus includes receiving a selected signal strength for smart card emulation authentication. The method and apparatus also includes receiving a signal from a portable wireless device radio transceiver. The method also includes measuring the signal strength of the signal. The method and apparatus also includes, if the signal is at or above the selected signal strength, transmitting one or more signals to the portable radio device radio transceiver requesting user authentication, and if the signal is not at or above a selected signal strength, refusing a request to authenticate by the portable radio device radio transceiver. The method and apparatus also includes receiving one or more authentication response signals from the portable radio device in response to the request for user authentication, the one or more response signals including at least authentication information unique to a user.

公开(公告)号：US10009378B2

公开(公告)日：2018-06-26

申请号：US14942645

申请日：2015-11-16

申请人： Entrust, Inc.

发明人： Michael Chiviendacz ,  Steve Neville ,  Chris Voice ,  Michael Morgan

IPC分类号： G06F21/45 ,  H04L29/06 ,  G06F21/36 ,  G06Q10/10 ,  G06Q20/34 ,  G06Q20/40 ,  G07F7/10 ,  H04L9/32 ,  G06F21/40

CPC分类号： H04L63/20 ,  G06F21/36 ,  G06F21/40 ,  G06F21/45 ,  G06F2221/2103 ,  G06F2221/2111 ,  G06F2221/2129 ,  G06Q10/107 ,  G06Q20/341 ,  G06Q20/4014 ,  G06Q20/40145 ,  G07F7/1008 ,  G07F7/1083 ,  H04L9/3271 ,  H04L2209/56 ,  H04L2209/80

摘要： A method and apparatus provides first or second factor authentication by providing selectability of a plurality of second factor authentication policies associated with a second factor authentication article. The first or second factor authentication article includes authentication information, such as a plurality of data elements in different cells or locations on the authentication article, which can be located by using corresponding location information. The method and apparatus provides second factor authentication based on the first or second factor authentication article by enforcing at least one of the plurality of selected authentication policies.

公开(公告)号：US20140373093A1

公开(公告)日：2014-12-18

申请号：US14208193

申请日：2014-03-13

申请人： Entrust, Inc.

发明人： Christopher D. Wood ,  Michael Holtstrom ,  Roland Thomas Lockhart ,  Murray McCulligh ,  Serge Jean Maurice Mister ,  Greg Wetmore

IPC分类号： H04L29/06 ,  G06Q20/40

CPC分类号： H04L63/0884 ,  G06Q20/4014 ,  G06Q20/4016 ,  G06Q20/425 ,  H04L63/08 ,  H04L63/105 ,  H04L63/14

摘要： In one example, a proxy server acts as a gateway to a website and modifies the traffic between a web browser on a user device and the website server, as necessary to request protection by providing step-up authentication and/or transaction verification. The proxy server blocks transactions when protection is required but has not occurred (either because the authentication was not proper or due to the detection of another problem). Associated methods and systems are also provided.

摘要翻译： 在一个示例中，代理服务器充当网站的网关，并且根据需要修改用户设备上的网络浏览器和网站服务器之间的流量，以通过提供升压认证和/或交易验证来请求保护。 代理服务器在需要保护但尚未发生（由于认证不正确或由于检测到另一个问题）时阻止事务）。 还提供了相关的方法和系统。

公开(公告)号：US20130183936A1

公开(公告)日：2013-07-18

申请号：US13742748

申请日：2013-01-16

申请人： Clayton Douglas Smtih ,  Lindsay Martin Kent

发明人： Clayton Douglas Smtih ,  Lindsay Martin Kent

IPC分类号： H04W12/06

CPC分类号： H04W12/06 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0823 ,  H04L63/0853 ,  H04L2209/80 ,  H04W12/00503

摘要： A method and apparatus provides for user authentication. In an example, the method and apparatus includes receiving a selected signal strength for smart card emulation authentication. The method and apparatus also includes receiving a signal from a portable wireless device radio transceiver. The method also includes measuring the signal strength of the signal. The method and apparatus also includes, if the signal is at or above the selected signal strength, transmitting one or more signals to the portable radio device radio transceiver requesting user authentication, and if the signal is not at or above a selected signal strength, refusing a request to authenticate by the portable radio device radio transceiver. The method and apparatus also includes receiving one or more authentication response signals from the portable radio device in response to the request for user authentication, the one or more response signals including at least authentication information unique to a user.

公开(公告)号：US20130080780A1

公开(公告)日：2013-03-28

申请号：US13685248

申请日：2012-11-26

申请人： Entrust, Inc.

发明人： Serge Mister ,  Steve Neville ,  Robert J. Zuccherato ,  Christopher Voice ,  Michael Morgan

IPC分类号： H04L9/32

CPC分类号： H04L9/3271 ,  G06F21/36 ,  G06F2221/2103 ,  G06F2221/2129 ,  G06Q10/107 ,  G06Q20/341 ,  G06Q20/4014 ,  G06Q20/40145 ,  G07F7/1008 ,  G07F7/1083 ,  H04L9/3228 ,  H04L2209/56 ,  H04L2209/80

摘要： A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements.

摘要翻译： 方法，装置和/或系统产生用户认证的挑战，具有来自存储的挑战数据元素池的挑战数据元素。 所述挑战基于与存储的挑战数据元素池中的至少一些挑战数据元素相关联的规则数据和存储的使用数据。 生成的挑战被发送用于用户对发送者的认证。 方法，装置和/或系统还生成来自存储的挑战数据元素池的数据元素的发送者认证和对应的位置信息。 数据元素的选择基于与所存储的数据元素池中的至少一些数据元素相关联的规则数据和存储的使用数据。

公开(公告)号：US11496322B2

公开(公告)日：2022-11-08

申请号：US16157735

申请日：2018-10-11

申请人： Entrust, Inc.

发明人： Thomas P. Chmara ,  Lucas J. Koops ,  Jon Ferguson

IPC分类号： H04L29/06 ,  G06F21/64 ,  G06F21/10 ,  H04L9/32 ,  H04L9/08 ,  H04L9/40 ,  G06F9/455 ,  H04L9/00 ,  G06F21/12

摘要： One or more computing devices employs a method that includes requesting a transient credential (e.g., a one-time PKI certificate) as a first identity credential for an application component instance based on a unique identifier associated with the application component instance. The method includes requesting a dynamically-created second identity credential for the application component instance of the application using a request signed (e.g., using the public key of the first identity PKI certificate) based on the transient credential. The method includes receiving the dynamically-created second identity credential and using the dynamically-created second identity credential in a cryptographic function by the application component instance; and managing the replacement of this credential in environments without persistent archival storage accessible by the device/application.

公开(公告)号：US20220294646A1

公开(公告)日：2022-09-15

申请号：US17831699

申请日：2022-06-03

申请人： ENTRUST, INC.

发明人： THOMAS P. CHMARA ,  LUCAS J. KOOPS ,  JON FERGUSON

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L9/40 ,  G06F9/455 ,  H04L9/00

摘要： One or more computing devices employs a method that includes requesting a transient credential (e.g., a one-time PKI certificate) as a first identity credential for an application component instance based on a unique identifier associated with the application component instance. The method includes requesting a dynamically-created second identity credential for the application component instance of the application using a request signed (e.g., using the public key of the first identity PKI certificate) based on the transient credential. The method includes receiving the dynamically-created second identity credential and using the dynamically-created second identity credential in a cryptographic function by the application component instance; and managing the replacement of this credential in environments without persistent archival storage accessible by the device/application.

公开(公告)号：US20210392002A1

公开(公告)日：2021-12-16

申请号：US17344463

申请日：2021-06-10

申请人： Entrust, Inc.

发明人： JOHN Robert GRAY ,  Michael OUNSWORTH ,  SERGE Jean Maurice MISTER

IPC分类号： H04L9/32 ,  H04L9/06

摘要： Methods and systems for cross-certification to bind together two cryptographic systems are disclosed. One method includes receiving, from a first certificate authority at a second certificate authority, a cross certificate request, the cross certificate request including an attribute unique to the first certificate authority. The method also includes calculating a signature at the second certificate authority based at least in part on the attribute, and calculating a hash value based on a combination of the signature calculated at the second certificate authority and a key associated with the second certificate authority. The method includes generating a cross certificate and embedding the hash value as a certificate extension within the cross certificate.

公开(公告)号：US20210306149A1

公开(公告)日：2021-09-30

申请号：US17218880

申请日：2021-03-31

申请人： Entrust, Inc.

发明人： Jordi Íñigo Griera

IPC分类号： H04L9/08 ,  H04L9/32

摘要： A proxy hardware security module (HSM) is disclosed, useable with an existing HSM for expansion of key storage for the HSM. The proxy HSM receives a signing request that is targeted to the HSM, and retrieves a wrapped version of a signing key from a storage location separate from the HSM. The proxy HSM provides the wrapped signing key to the HSM, and provides the signing request to the HSM. Upon receipt of a response to the signing request indicating successful execution of a signing operation by the HSM, the proxy HSM transmits a key destroying request to the HSM, and a confirmation message to the device from which the signing request was received. Upon completion of the signing request, the HSM does not retain the signing key.