公开(公告)号：US11438173B2

公开(公告)日：2022-09-06

申请号：US16915221

申请日：2020-06-29

申请人： Entrust, Inc.

发明人： Timothy Edward Moses

IPC分类号： H04L29/06 ,  G06F21/00 ,  H04L9/32 ,  H04L9/40 ,  H04L9/06 ,  H04L9/14 ,  H04L9/30 ,  H04L9/00

摘要： A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

公开(公告)号：US11411943B2

公开(公告)日：2022-08-09

申请号：US16705442

申请日：2019-12-06

申请人： Entrust, Inc.

发明人： Michael Mallinson ,  Ian Reilly ,  Rathnavalli Jayaprakash ,  Martin Dale Lyness ,  Tim Gerlach

IPC分类号： H04L29/06 ,  H04L9/40 ,  H04L9/32 ,  H04W12/06 ,  H04W4/80

摘要： Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

公开(公告)号：US10728043B2

公开(公告)日：2020-07-28

申请号：US15215047

申请日：2016-07-20

申请人： Entrust, Inc.

发明人： Timothy Edward Moses

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  H04L9/16 ,  H04L9/30

摘要： In one example, an apparatus such as an authorization server and method for secure communication between constrained devices issues cryptographic communication rights among a plurality of constrained devices. Each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function. The method includes receiving a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request, and includes providing a response including an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices. A software update server then updates the cryptographic code modules in the sub-set of the plurality of constrained devices.

公开(公告)号：US09954860B2

公开(公告)日：2018-04-24

申请号：US14208193

申请日：2014-03-13

申请人： Entrust, Inc.

发明人： Christopher D. Wood ,  Michael Holtstrom ,  Roland Thomas Lockhart ,  Murray McCulligh ,  Serge Jean Maurice Mister ,  Greg Wetmore

IPC分类号： H04L29/06 ,  G06Q20/42 ,  G06Q20/40

CPC分类号： H04L63/0884 ,  G06Q20/4014 ,  G06Q20/4016 ,  G06Q20/425 ,  H04L63/08 ,  H04L63/105 ,  H04L63/14

摘要： In one example, a proxy server acts as a gateway to a website and modifies the traffic between a web browser on a user device and the website server, as necessary to request protection by providing step-up authentication and/or transaction verification. The proxy server blocks transactions when protection is required but has not occurred (either because the authentication was not proper or due to the detection of another problem). Associated methods and systems are also provided.

公开(公告)号：US09876793B2

公开(公告)日：2018-01-23

申请号：US15063010

申请日：2016-03-07

申请人： Entrust, Inc.

发明人： Chris Voice ,  Marc Smith ,  Murray McCulligh ,  Robert Zuccherato

IPC分类号： H04L9/32 ,  G06F21/00 ,  G06F7/04 ,  H04K1/00 ,  H04L9/28 ,  H04L29/06 ,  G06F21/31 ,  H04L9/00

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F2221/2103 ,  H04L9/00 ,  H04L9/3226 ,  H04L9/3273 ,  H04L63/0245 ,  H04L63/08 ,  H04L63/083 ,  H04L63/104 ,  H04L2209/56 ,  H04L2209/80

摘要： A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of one-time challenge-reply sets based on an on-line communication with a sender unit. In one example, each of the one-time challenge-reply sets includes at least a one-time challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored one-time challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit. The one-time challenge-reply sets may be associated with an article.

公开(公告)号：US09767627B2

公开(公告)日：2017-09-19

申请号：US14795072

申请日：2015-07-09

申请人： Entrust, Inc.

发明人： Jason Aurele Soroko

IPC分类号： G07C9/00 ,  G07C5/08 ,  G07C5/00 ,  B60R25/20

CPC分类号： G07C9/00007 ,  B60R25/2018 ,  G07C5/008 ,  G07C5/0808 ,  G07C9/00309 ,  G07C2009/00769 ,  G07C2205/02

摘要： Apparatus, systems and methods are disclosed that utilize a vehicle user's input to provide logical context of legitimate vehicle usage through a remote access device to defend the vehicle from theft. As such, an additional level of security is employed and may be used in addition to other security and theft prevention technologies of the vehicle. In one example, a legitimate automobile operator signals the context of the vehicle's state to a hardware security module in the vehicle. The states include, for example, to disallow all diagnostic system access or to allow diagnostic access for servicing.

公开(公告)号：US08612757B2

公开(公告)日：2013-12-17

申请号：US10748523

申请日：2003-12-30

申请人： Michael Chiviendacz ,  Edward Pillman

发明人： Michael Chiviendacz ,  Edward Pillman

IPC分类号： H04L9/32

CPC分类号： B42D25/351 ,  B42D25/00 ,  B42D25/305 ,  B42D2035/36 ,  B44F1/10 ,  G06F21/34 ,  G06F2221/2103 ,  G06K19/041 ,  G06Q20/4014 ,  G07C9/00007 ,  G07F7/0846 ,  G07F7/086 ,  G07F7/1091 ,  G07F17/42 ,  H04N1/00127 ,  H04N2201/3235 ,  H04N2201/3246 ,  H04N2201/3276

摘要： An apparatus and method for securely providing identification information generates one or more obscured identifiers for a recipient, such as one or more identifiers that are generated based on data unique to a recipient or other information as may be appropriate. In one embodiment, the method and apparatus generates a translucent identification member, such as a plastic card, sheet, film or other suitable member that has a translucent area that includes one or more obscured identifiers. When the translucent identification member is overlayed on a screen displaying a visual filtering pattern, one of one or more obscured identifiers is visually revealed for use during the particular transaction. The revealed identifier is entered into a recipient device and sent to an authenticator to be verified as an appropriate identifier for the transaction.

摘要翻译： 用于安全地提供识别信息的装置和方法为接收者产生一个或多个隐蔽的标识符，例如基于接收者唯一的数据或可能适当的其他信息生成的一个或多个标识符。 在一个实施例中，该方法和装置产生半透明识别构件，例如具有包括一个或多个模糊标识符的半透明区域的塑料卡，片，薄膜或其它合适的构件。 当半透明识别构件覆盖在显示视觉过滤图案的屏幕上时，一个或多个隐蔽标识符中的一个被视觉显露以在特定交易期间使用。 所揭示的标识符被输入到接收者设备中，并发送给认证者以被验证为交易的适当标识符。

公开(公告)号：US20110213711A1

公开(公告)日：2011-09-01

申请号：US12715199

申请日：2010-03-01

申请人： Eric R. Skinner ,  Steve Robert Neville ,  Michael Andrew Moir

发明人： Eric R. Skinner ,  Steve Robert Neville ,  Michael Andrew Moir

IPC分类号： G06F21/00 ,  H04W4/24 ,  H04W12/04

CPC分类号： H04W12/06 ,  G06F21/43 ,  G06F21/6263 ,  G06Q20/3829 ,  G06Q20/425 ,  H04L63/0428 ,  H04L63/08

摘要： A system and method provides electronic transaction verification using multiple different units. A first unit initiates an electronic transaction in response to user authentication affirmation by, for example, a server (such as a web server). After the user has been authenticated, another unit, such as a mobile device, receives a transaction confirmation request for the electronic transaction that is ongoing via the first unit. In addition, the second unit also receives from, for example, the server, transaction information based on the electronic transaction. The second device through a user interface and without requiring a user to enter transaction information, provides the received transaction information from the server for evaluation by a user of the second unit. The second unit requests from the user, in response to the transaction confirmation request, confirmation of the transaction. The second unit generates a transaction confirmation code based on the received transaction information if the transaction is confirmed by the user of the second unit and sends it to the server for verification by the server.

摘要翻译： 系统和方法提供使用多个不同单元的电子交易验证。 响应于例如服务器（例如web服务器）的用户认证确认，第一单元启动电子交易。 在用户被认证之后，诸如移动设备的另一单元通过第一单元接收正在进行的电子交易的交易确认请求。 此外，第二单元还从例如服务器接收基于电子交易的交易信息。 第二设备通过用户界面而不需要用户输入交易信息，从服务器提供接收到的交易信息，供第二单元的用户评估。 第二单元响应于交易确认请求来请求用户确认交易。 如果交易由第二单元的用户确认并且将其发送到服务器进行验证，则第二单元基于接收的交易信息生成交易确认码。

公开(公告)号：US07693285B2

公开(公告)日：2010-04-06

申请号：US10092277

申请日：2002-03-06

申请人： Ian Curry

发明人： Ian Curry

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L9/083 ,  H04L9/0825 ,  H04L63/0464

摘要： A method and apparatus, such as a secure distribution server, receives encrypted information from a sender, wherein the encrypted information is for transmission to a plurality of intended recipients. In addition to the encrypted information, the method includes receiving an encrypted secret key that is encrypted using a public key associated with the secure distribution server. The method and apparatus decrypts the encrypted secret key to produce a decrypted secret key. The method and apparatus then encrypts the decrypted secret key with the corresponding public key of at least one (or each of a plurality of) intended recipient(s) to produce at least one (or plurality of) recipient-specific secure secret keys. The method and apparatus then forwards the received encrypted information sent by the sender and also sends at least one recipient-specific secure secret key to a corresponding intended recipient.

摘要翻译： 诸如安全分发服务器的方法和装置从发送方接收加密信息，其中加密信息用于传输到多个预期接收者。 除了加密信息之外，该方法包括接收使用与该安全分发服务器相关联的公开密钥加密的加密秘密密钥。 该方法和装置解密加密的秘密密钥以产生解密的秘密密钥。 该方法和装置然后用至少一个（或多个）预期接收者的相应公钥加密解密的秘密密钥，以产生至少一个（或多个）接收者特定的安全秘密密钥。 该方法和装置然后转发由发送者发送的接收到的加密信息，并且还向相应的预期接收者发送至少一个接收者特定的安全密钥。

公开(公告)号：US07594107B1

公开(公告)日：2009-09-22

申请号：US09466650

申请日：1999-12-20

申请人： Robert Everett Parkhill

发明人： Robert Everett Parkhill

IPC分类号： H04L29/06 ,  G06F9/44

CPC分类号： H04L63/0823 ,  G06F8/65

摘要： A method and system for updating data, such as web certificates, software applications, or other data, detects a need to update data based on a communication between a first processing entity, such as a computer with a web browser, and another processing entity, such as a web server. The web server detects the need to update data and automatically redirects communication from the first processing entity and the second processing entity, so that the first processing entity communicates with a third processing entity. The third processing entity provides updated data, such as a new version of a web browser or other software application, and also provides update complete data indicating that the software, web browser or other data has been updated. The update complete data is provided for the second processing entity so that the second processing entity will suitably perform the process requested by the first processing entity.

摘要翻译： 用于更新诸如web证书，软件应用程序或其他数据的数据的方法和系统基于诸如具有web浏览器的计算机的第一处理实体和另一处理实体之间的通信来检测需要更新数据， 例如web服务器。 Web服务器检测需要更新数据并自动地重定向来自第一处理实体和第二处理实体的通信，使得第一处理实体与第三处理实体进行通信。 第三处理实体提供更新的数据，例如网络浏览器或其他软件应用的新版本，并且还提供指示软件，web浏览器或其他数据已更新的更新完整数据。 为第二处理实体提供更新完成数据，使得第二处理实体将适当地执行第一处理实体请求的处理。