-
1.发明授权Trusted and unsupervised digital certificate generation using a security token 有权使用安全令牌进行信任和无人监督的数字证书生成公开(公告)号:US09331990B2
公开(公告)日:2016-05-03
申请号:US10740889
申请日:2003-12-22
申请人: Eric F. Le Saint
发明人: Eric F. Le Saint
CPC分类号: H04L9/0861 , G06F2221/2103 , G06F2221/2115 , G06F2221/2153 , G06Q20/38215 , H04L9/006 , H04L9/0825 , H04L9/14 , H04L9/30 , H04L9/321 , H04L9/3226 , H04L9/3234 , H04L9/3242 , H04L9/3247 , H04L9/3263 , H04L9/3268 , H04L9/3271 , H04L63/062 , H04L63/0807 , H04L63/0823 , H04L63/0853 , H04L63/12 , H04L2209/56 , H04L2209/80
摘要: A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.
摘要翻译: 在产生数字证书之前,用于确保PKI密钥对的方法,系统和计算机程序产品可操作地安装在安全令牌的安全域内。 PKI密钥对的公共密钥组件被并入到数字证书中,该证书返回到安全令牌以进行存储。 本文中包括的安排包括使用关键的安全参数来确保与发行实体(例如注册机构)的信任链。 此外,该安排在数字证书生成期间不需要安全员或系统管理员监督,因为关键的安全参数提供了足够的信任级别,以确保与指定的安全令牌而不是流氓应用程序一起执行数字证书生成。 最后,独立的发明实施例允许实现替代的通信和验证安排。
-
公开(公告)号:US20120321084A1
公开(公告)日:2012-12-20
申请号:US13525849
申请日:2012-06-18
申请人: Eric F. LE SAINT , Robert S. Dulude
发明人: Eric F. LE SAINT , Robert S. Dulude
IPC分类号: H04L9/00
CPC分类号: H04L9/3268 , H04L9/0816 , H04L9/0891 , H04L9/3066 , H04L9/3234 , H04L9/3247 , H04L63/0853 , H04L2209/24 , H04L2209/72
摘要: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.
摘要翻译: 提供至少一个相关凭证的撤销状态包括提供至少最初独立于相关联的证书的主证书,将所述至少一个相关联的证书绑定到主凭证,以及如果所述至少一个相关联的凭证被撤销, 主要凭证被撤销。 提供至少一个相关凭证的撤销状态还可以包括:如果主证书不被撤销,则认为至少一个相关联的证书不被撤销。 绑定可以独立于凭证的内容,并且可以独立于任何凭证是否验证任何其他凭据。 可以在集成电路卡(ICC)上提供至少一个相关联的凭证。 ICC可能是手机或智能卡的一部分。
-
公开(公告)号:US20120144193A1
公开(公告)日:2012-06-07
申请号:US12803968
申请日:2010-07-09
IPC分类号: H04L9/30
CPC分类号: H04L9/3234 , H04L9/0825
摘要: A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.
-
公开(公告)号:USH2270H1
公开(公告)日:2012-06-05
申请号:US12803968
申请日:2010-07-09
IPC分类号: H04L9/30
摘要: A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.
-
公开(公告)号:US20100088509A1
公开(公告)日:2010-04-08
申请号:US12495778
申请日:2009-06-30
CPC分类号: G06F21/32 , G07C9/00158
摘要: This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users. Signals generated by the stateful server are used by the security token to allow or deny access to a resource or function. In both embodiments of the invention, the heuristics remain with the security token.
摘要翻译: 本发明提供生物特征样本的渐进式处理以便于授权用户的验证。 初始处理由安全令牌执行。 由于存储空间和处理能力的限制,可能会发生过多的错误拒绝。 为了克服这个缺陷,生物特征样本被路由到无状态服务器,其具有显着更大的处理能力和数据增强能力。 无状态服务器接收,处理并将生物特征样本返回到安全令牌,以便使用增强型生物特征样本进行验证。 在本发明的第二实施例中,安全令牌的第二个故障是验证增强型生物特征样本将增强或原始生物特征样本发送到状态服务器。 状态服务器再次处理生物特征样本,并执行生物特征数据库的一对多搜索。 生物特征数据库包含与所有授权用户相关联的注册生物识别模板的主集。 由状态服务器生成的信号由安全令牌用于允许或拒绝对资源或功能的访问。 在本发明的两个实施例中,启发式保持与安全令牌。
-
6.发明授权公开(公告)号:US08942429B2
公开(公告)日:2015-01-27
申请号:US13065992
申请日:2011-04-04
申请人: Eric F. Le Saint , Wu Wen , Laurence Hamid
发明人: Eric F. Le Saint , Wu Wen , Laurence Hamid
CPC分类号: G06K9/6293 , G06K9/00013 , G06K9/00885 , G06K9/00979
摘要: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate. A user may input one or more biometric samples, where a portion of the biometric samples are inputted in a predetermined sequence, selecting from among a plurality of available processing units, a set of processing units which will generate intermediate results from the processing of the biometric samples, processing at least a portion of the biometric samples by the selected set of processing units to provide intermediate results, verifying the predetermined sequence, and arbitrating the intermediate results to generate a final result which at least meets a predetermined security policy. Various embodiments provide for a security token to perform at least a portion of the processing or the arbitration function.
摘要翻译: 一种用于改善生物识别系统中的误差识别的方法,系统和计算机程序产品。 误差判别被设定为预定的安全策略。 多个生物特征样本由计算机系统与安全令牌一起提供和认证。 替代实施例允许以预定顺序输入多个生物特征样本。 预定输入序列被保持为可用于进一步降低认证交易错误率的认证秘密。 用户可以输入一个或多个生物测定样本,其中以预定顺序输入生物特征样本的一部分,从多个可用处理单元中选择一组处理单元,其将从生物测定的处理中产生中间结果 采样,通过所选择的一组处理单元处理至少一部分生物特征样本,以提供中间结果,验证预定序列,以及仲裁中间结果以产生至少满足预定安全策略的最终结果。 各种实施例提供安全令牌以执行处理或仲裁功能的至少一部分。
-
公开(公告)号:US20120239924A1
公开(公告)日:2012-09-20
申请号:US13424990
申请日:2012-03-20
IPC分类号: H04L9/28
CPC分类号: G06F21/32 , G07C9/00158
摘要: This invention provides for progressive processing of biometric samples to facilitate user verification. A security token performs initial processing. Due to storage and processing limitations, false rejections may occur. To overcome this, the biometric sample is routed to a stateless server with greater processing power and data enhancement capabilities. The stateless server processes and returns an enhanced biometric sample to the security token for another attempt at verification. In another embodiment, the security token may have a second failure when verifying the enhanced biometric sample. It can then send the enhanced or raw biometric sample to a stateful server. The stateful server processes the biometric sample and performs a one to many search of a biometric database having a master set of enrolled authorized user biometric templates. The security token uses signals from the stateful server to grant or deny access. In both embodiments, heuristics remain with the security token.
摘要翻译: 本发明提供生物特征样本的逐步处理以便于用户验证。 安全令牌执行初始处理。 由于存储和处理限制,可能会发生错误的拒绝。 为了克服这一点,生物特征样本被路由到具有更大处理能力和数据增强功能的无状态服务器。 无状态服务器处理并将增强的生物特征样本返回到安全令牌,以进行另一次验证尝试。 在另一个实施例中,当验证增强的生物特征样本时,安全令牌可能具有第二失败。 然后可以将增强或原始生物特征样本发送到状态服务器。 有状态服务器处理生物特征样本,并对具有登记的授权用户生物特征模板的主集合的生物特征数据库进行一对多搜索。 安全令牌使用来自状态服务器的信号来授予或拒绝访问。 在两个实施例中,启发式保持与安全令牌。
-
公开(公告)号:US08209753B2
公开(公告)日:2012-06-26
申请号:US10740920
申请日:2003-12-22
IPC分类号: G06F21/00
CPC分类号: H04L63/0421 , G06Q20/3674 , H04L9/0838 , H04L9/3234 , H04L9/3271 , H04L63/0442 , H04L63/045 , H04L63/0853 , H04L63/0861 , H04L2209/42 , H04L2209/80 , H04W12/06
摘要: An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.
摘要翻译: 用于通过无线连接实现的匿名安全消息传递方法,系统和计算机程序产品。 本发明允许在具有安全令牌的计算机系统和具有可操作耦合的安全令牌的智能远程设备之间通过无线连接安全地交换信息。 本发明在安全令牌和启用安全令牌的计算机系统之间建立匿名的安全消息通道,其允许智能远程设备模拟本地连接的安全令牌外设,而不需要物理连接。 并入专用无线通信信道,以防止与安全令牌建立多个并发的无线连接,并可能危及在并发的无线连接上发送的信息的安全性。
-
公开(公告)号:US08141141B2
公开(公告)日:2012-03-20
申请号:US12495778
申请日:2009-06-30
IPC分类号: G06F21/00
CPC分类号: G06F21/32 , G07C9/00158
摘要: This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users. Signals generated by the stateful server are used by the security token to allow or deny access to a resource or function. In both embodiments of the invention, the heuristics remain with the security token.
摘要翻译: 本发明提供生物特征样本的渐进式处理以便于授权用户的验证。 初始处理由安全令牌执行。 由于存储空间和处理能力的限制,可能会发生过多的错误拒绝。 为了克服这个缺陷,生物特征样本被路由到无状态服务器,其具有显着更大的处理能力和数据增强能力。 无状态服务器接收,处理并将生物特征样本返回到安全令牌,以便使用增强型生物特征样本进行验证。 在本发明的第二实施例中,安全令牌的第二个故障是验证增强型生物特征样本将增强或原始生物特征样本发送到状态服务器。 状态服务器再次处理生物特征样本,并执行生物特征数据库的一对多搜索。 生物特征数据库包含与所有授权用户相关联的注册生物识别模板的主集。 由状态服务器生成的信号由安全令牌用于允许或拒绝对资源或功能的访问。 在本发明的两个实施例中,启发式保持与安全令牌。
-
10.发明申请公开(公告)号:US20110205020A1
公开(公告)日:2011-08-25
申请号:US13065992
申请日:2011-04-04
申请人: Eric F. Le Saint , Wu Wen , Laurence Hamid
发明人: Eric F. Le Saint , Wu Wen , Laurence Hamid
IPC分类号: G06F7/04
CPC分类号: G06K9/6293 , G06K9/00013 , G06K9/00885 , G06K9/00979
摘要: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate. A user may input one or more biometric samples, where a portion of the biometric samples are inputted in a predetermined sequence, selecting from among a plurality of available processing units, a set of processing units which will generate intermediate results from the processing of the biometric samples, processing at least a portion of the biometric samples by the selected set of processing units to provide intermediate results, verifying the predetermined sequence, and arbitrating the intermediate results to generate a final result which at least meets a predetermined security policy. Various embodiments provide for a security token to perform at least a portion of the processing or the arbitration function.
摘要翻译: 一种用于改善生物识别系统中的误差识别的方法,系统和计算机程序产品。 误差判别被设定为预定的安全策略。 多个生物特征样本由计算机系统与安全令牌一起提供和认证。 替代实施例允许以预定顺序输入多个生物特征样本。 预定输入序列被保持为可用于进一步降低认证交易错误率的认证秘密。 用户可以输入一个或多个生物测定样本,其中以预定顺序输入生物特征样本的一部分,从多个可用处理单元中选择一组处理单元,其将从生物测定的处理中产生中间结果 采样,通过所选择的一组处理单元处理至少一部分生物特征样本,以提供中间结果,验证预定序列,以及仲裁中间结果以产生至少满足预定安全策略的最终结果。 各种实施例提供安全令牌以执行处理或仲裁功能的至少一部分。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.017 秒)
