公开(公告)号：US20150349966A1

公开(公告)日：2015-12-03

申请号：US14654918

申请日：2013-12-17

Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor： Theo DIMITRAKOS ,  Michael TURNER ,  Yair DIAZ-TELLEZ

IPC: H04L9/32 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04L9/3228 ,  H04L9/3271 ,  H04L63/0838 ,  H04L63/0876 ,  H04W12/00522 ,  H04W12/06

Abstract: An authentication process controls access from a client terminal 2 to a remote server 3 via an unsecure network, by transmitting a challenge 63 from the server to the client in the form of a matrix barcode into which is embedded a sequence of images embedded in it selected (step 61) from a predetermined set of images stored on the server. The user responds to the challenge (e.g by sorting the images into groups, or order, according to a rule which is a shared secret (step 64) and generates a response in the form of a code (step 67) generated dynamically by convolving the user response 64 with a random PIN string (65) extracted from the matrix barcode, and data intrinsic to the user terminal, using a predetermined dynamically generated encryption algorithm for transmission to the server (step 68) for verification (69).

Abstract translation: 身份验证过程通过将不正确的网络从客户终端2到远程服务器3的访问通过以矩阵条形式的形式从服务器向客户端发送挑战63，嵌入到嵌入在其中的图像序列 （步骤61）从存储在服务器上的预定图像集合。 用户响应挑战（例如，根据作为共享秘密的规则将图像排序成组或排序）（步骤64），并以通过卷积生成的动态生成的代码（步骤67）的形式生成响应 使用从矩阵条形码提取的随机PIN字符串（65）的用​​户响应64以及用户终端固有的数据，使用预定的动态生成的加密算法传送到服务器（步骤68）进行验证（69）。

公开(公告)号：US20150358356A1

公开(公告)日：2015-12-10

申请号：US14758663

申请日：2013-12-31

Applicant: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

Inventor： Yair DIAZ-TELLEZ ,  Fadi EL-MOUSSA ,  Theo DIMITRAKOS ,  Abdullahi ARABO

IPC: H04L29/06 ,  G06F21/62 ,  H04W12/08 ,  G06F9/445

CPC classification number: H04L63/20 ,  G06F21/6218 ,  G06F21/629 ,  H04L63/107 ,  H04W12/08 ,  H04W88/02

Abstract: A processing device (10) includes a policy evaluation module (131) for evaluating policies associated with an item of data or an application and a dynamic context determination module (133) for determining contextual information associated with the current context of operation of the device and for providing the thus determined contextual information to the policy evaluation module. The device (10) further includes a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131), wherein the device is operable to cause the policy evaluation module to evaluate a policy associated with an item of data or an application whenever the associated item of data or application is invoked and, additionally, whilst the associated item of data or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.

Abstract translation: 处理设备（10）包括用于评估与数据项或应用相关联的策略的策略评估模块（131）和动态上下文确定模块（133），用于确定与所述设备的当前操作上下文相关联的上下文信息，以及 用于将如此确定的上下文信息提供给策略评估模块。 所述设备（10）还包括用于执行由所述策略评估模块（131）指定的评估的策略执行模块（135），其中所述设备可操作以使所述策略评估模块评估与数据项相关联的策略， 无论何时调用相关联的数据或应用程序的项目，并且另外在数据或应用程序的相关项目在设备上是活动的并且策略评估模块接收到所确定的上下文信息的改变的通知。