公开(公告)号：US12126613B2

公开(公告)日：2024-10-22

申请号：US17478512

申请日：2021-09-17

Applicant: Nok Nok Labs, Inc.

Inventor： Rolf Lindemann

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/0442 ,  H04L63/0876 ,  H04L63/20

Abstract: A system, apparatus, method, and machine-readable medium are described for personalizing and pre-registering an authenticator. For example, one embodiment of a method comprising: confirming an identity of a user by a first relying party using a first identity verification technique responsive to the user performing a first transaction with the first relying party; generating or collecting initial user verification reference data (IUVRD) upon verifying the identity of the user through the first identity verification technique; requesting personalization of an authenticator; storing the IUVRD into the authenticator; generating, by the authenticator, Fast Identity Online (FIDO) credentials including a private and public key pair; storing the FIDO credentials in a secure storage of the authenticator; providing the public key to the first relying party; securely providing the authenticator to the user; and implementing a second identity verification technique by comparing the stored IUVRD to data collected from the user.

公开(公告)号：US10769635B2

公开(公告)日：2020-09-08

申请号：US15229233

申请日：2016-08-05

Applicant: NOK NOK LABS, INC.

Inventor： Rolf Lindemann

IPC: G06F21/31 ,  G06F21/32 ,  H04L29/06 ,  G06Q20/40 ,  G06K9/00 ,  G06Q20/32 ,  G10L15/25 ,  G10L17/04 ,  G10L17/06 ,  G10L17/00 ,  G10L17/24

Abstract: A system, apparatus, method, and machine readable medium are described for performing eye tracking during authentication. For example, one embodiment of a method comprises: receiving a request to authenticate a user; presenting one or more screen layouts to the user; capturing a sequence of images which include the user's eyes as the one or more screen layouts are displayed; and (a) performing eye movement detection across the sequence of images to identify a correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented and/or (b) measuring the eye's pupil size to identify a correlation between the effective light intensity of the screen and its effect on the user's eye pupil size; capturing audio of the user's voice; and performing voice recognition techniques to determine a correlation between the captured audio of the user's voice and one or more voice prints.

公开(公告)号：US20190222424A1

公开(公告)日：2019-07-18

申请号：US16244705

申请日：2019-01-10

Applicant: NOK NOK LABS, INC.

Inventor： Rolf Lindemann

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3252 ,  H04L9/0637 ,  H04L9/0861 ,  H04L9/3218 ,  H04L63/0861

Abstract: A system, apparatus, method, and machine readable medium are described for binding verifiable claims. For example, one embodiment of a system comprises: a client device; an authenticator of the client device to securely store authentication data including one or more verifiable claims received from one or more claim providers, each verifiable claim having attributes associated therewith; and claim/attribute processing logic to generate a first verifiable claim binding for a first verifiable claim issued by the claim provider; wherein the authenticator is to transmit a first signature assertion to a first relying party to authenticate with the first relying party, the first signature assertion including an attribute extension containing data associated with the first verifiable claim binding.

公开(公告)号：US20190164156A1

公开(公告)日：2019-05-30

申请号：US15822531

申请日：2017-11-27

Applicant: NOK NOK LABS, INC.

Inventor： Rolf Lindemann

IPC: G06Q20/38 ,  H04L9/32 ,  H04L9/08 ,  H04L9/06 ,  G06Q20/06 ,  G06Q20/40

Abstract: A system, apparatus, method, and machine readable medium are described for secure authentication. For example, one embodiment of a system comprises: an authenticator on a client device to securely store one or more private keys, at least one of the private keys usable to authenticate a block of a blockchain; and an attestation module of the authenticator or coupled to the authenticator, the attestation module to generate a signature using the block and the private key, the signature usable to attest to the authenticity of the block by a device having a public key corresponding to the private key.

公开(公告)号：US10237070B2

公开(公告)日：2019-03-19

申请号：US15396454

申请日：2016-12-31

Applicant: NOK NOK LABS, INC.

Inventor： Rolf Lindemann

IPC: G06F21/32 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  G06F3/06

Abstract: A system, apparatus, method, and machine readable medium are described for sharing authentication data. For example, one embodiment of a method comprises: generating and storing a persistent group identification code (Group-ID) for a group of authenticators sharing a common set of authorization (Uauth) keys, an initial Group-ID to be generated on a first use of a first authenticator and/or following a factory reset of the first authenticator generating and storing an individual asymmetric wrapping key encryption key (WKEK) on a first use of the first authenticator and/or following each factory reset of the first authenticator; generating and storing a symmetric wrapping key (WK), the wrapping key to be generated on a first use of the first authenticator and/or following each factory reset of the first authenticator; generating a join-block using an authenticator identification code for the first authenticator and the WKEK, the join-block usable to join an existing authenticator group, the join block to be sent to a second authenticator; verifying the join-block at the second authenticator and generating a join response block responsive to user approval, the join response block generated by encrypting the WK and Group-ID using the WKEK, the join response block to be transmitted to the first authenticator; and decrypting the join response block and storing the WK and Group-ID.

公开(公告)号：US20160241403A1

公开(公告)日：2016-08-18

申请号：US14448641

申请日：2014-07-31

Applicant: NOK NOK LABS, INC.

Inventor： Rolf Lindemann

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3247 ,  G06F21/32 ,  G06F21/34 ,  G06F21/40 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0861

Abstract: A system, apparatus, method, and machine readable medium are described for authenticating a client to a device. For example, one embodiment of a method comprises: registering an authenticator of a client with a relying party, the registration allowing a user of the client to remotely authenticate the user to the relying party over a network; generating a first authentication structure using at least a first authentication key associated with the authenticator and a signature generated with a first verification key; caching the first authentication structure on the client; providing a second verification key corresponding to the first verification key to a transaction device; performing an authentication transaction between the client and the transaction device in which the client generates a second authentication structure using a second authentication key associated with the first authentication key, the transaction device uses the second verification key to validate the signature on the first authentication structure and uses the first authentication key to validate the second authentication structure.

Abstract translation: 描述了用于将客户端验证到设备的系统，装置，方法和机器可读介质。 例如，一种方法的一个实施例包括：向依赖方注册客户端的认证者，所述注册允许客户端的用户通过网络将远端用户认证给依赖方; 使用至少与所述认证器相关联的第一认证密钥和使用第一验证密钥生成的签名来生成第一认证结构; 缓存客户端上的第一个认证结构; 向交易设备提供与所述第一验证密钥对应的第二验证密钥; 在客户机和交易设备之间执行认证交易，其中客户端使用与第一认证密钥相关联的第二认证密钥生成第二认证结构，交易设备使用第二验证密钥来验证第一认证结构上的签名， 使用第一认证密钥来验证第二认证结构。

公开(公告)号：US09396320B2

公开(公告)日：2016-07-19

申请号：US14145439

申请日：2013-12-31

Applicant: NOK NOK LABS, INC.

Inventor： Rolf Lindemann

IPC: H04L29/06 ,  G06F21/32 ,  G06Q20/40 ,  G06Q20/42 ,  H04L9/32 ,  H04L9/08 ,  G06F21/57 ,  G07F19/00 ,  G06Q20/20 ,  G06Q20/32 ,  H04W12/06

CPC classification number: G06F21/32 ,  G06F21/577 ,  G06F2221/2115 ,  G06Q20/204 ,  G06Q20/3224 ,  G06Q20/3274 ,  G06Q20/3278 ,  G06Q20/4012 ,  G06Q20/40145 ,  G06Q20/42 ,  G06Q20/425 ,  G07F19/20 ,  H04L9/0819 ,  H04L9/0822 ,  H04L9/0841 ,  H04L9/3231 ,  H04L9/3247 ,  H04L9/3297 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/20 ,  H04L2209/805 ,  H04L2463/102 ,  H04W12/06

Abstract: A system, apparatus, method, and machine readable medium are described for non-intrusive privacy-preserving authentication. For example, one embodiment of a method comprises: entering into a legitimate user state on a client device for a time period following an explicit authentication by an end user; recording reference data related to user behavior while in the legitimate user state; measuring user behavior when outside of the legitimate user state and arriving at an authentication assurance level based on a distance between the measured user behavior and the recorded reference data; in response to an authentication request within the legitimate user state, providing an authentication assurance level at or above a defined threshold, the authentication assurance level being sufficient to authenticate the user to a relying party; and in response to an authentication request while outside of the legitimate user state, providing the authentication assurance level based on a distance between the measured user behavior and the recorded reference data.

Abstract translation: 描述了用于非侵入式隐私保护认证的系统，装置，方法和机器可读介质。 例如，一种方法的一个实施例包括：在终端用户的显式验证之后的一段时间内，在客户端设备上进入合法的用户状态; 在合法用户状态下记录与用户行为相关的参考数据; 在合法用户状态之外测量用户行为，并基于所测量的用户行为与所记录的参考数据之间的距离到达认证保证级别; 响应于合法用户状态下的认证请求，提供等于或高于定义的阈值的认证保证级别，认证保证级别足以将用户认证给依赖方; 并且响应于在合法用户状态之外的认证请求，基于所测量的用户行为与记录的参考数据之间的距离来提供认证保证级别。

公开(公告)号：US12126647B2

公开(公告)日：2024-10-22

申请号：US16719599

申请日：2019-12-18

Applicant: Nok Nok Labs, Inc.

Inventor： Rolf Lindemann ,  Matthew Lourie

IPC: H04L9/40 ,  G06F21/44 ,  G06N5/04 ,  G06N20/00 ,  H04L9/32

CPC classification number: H04L63/1466 ,  G06F21/44 ,  G06N5/04 ,  G06N20/00 ,  H04L9/321 ,  H04L9/3236 ,  H04L9/3247 ,  G06F2221/2119

Abstract: A system, apparatus, method, and machine-readable medium are described for defending against malicious code injection. For example, one embodiment of an apparatus comprises: a processor to execute an application to access a web page on the Internet in response to user input, the web page having one or more resource descriptors and/or code descriptors associated therewith; an authenticator engine to validate the web page based, at least in part, on the resource descriptors and/or code descriptors, by connecting to a trusted entity; and wherein the trusted entity is configured to generate a signature on a cryptographic assertion that includes one or more resource descriptor objects associated with the one or more resource descriptors and/or one or more code descriptor objects associated with the one or more code descriptors.

公开(公告)号：US20230091318A1

公开(公告)日：2023-03-23

申请号：US17478512

申请日：2021-09-17

Applicant: Nok Nok Labs, Inc.

Inventor： Rolf Lindemann

IPC: H04L29/06

Abstract: A system, apparatus, method, and machine-readable medium are described for personalizing and pre-registering an authenticator. For example, one embodiment of a method comprising: confirming an identity of a user by a first relying party using a first identity verification technique responsive to the user performing a first transaction with the first relying party; generating or collecting initial user verification reference data (IUVRD) upon verifying the identity of the user through the first identity verification technique; requesting personalization of an authenticator; storing the IUVRD into the authenticator; generating, by the authenticator, Fast Identity Online (FIDO) credentials including a private and public key pair; storing the FIDO credentials in a secure storage of the authenticator; providing the public key to the first relying party; securely providing the authenticator to the user; and implementing a second identity verification technique by comparing the stored IUVRD to data collected from the user.

公开(公告)号：US10798087B2

公开(公告)日：2020-10-06

申请号：US15881522

申请日：2018-01-26

Applicant: Nok Nok Labs, Inc.

Inventor： Rolf Lindemann ,  Davit Baghdasaryan

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/32

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.