公开(公告)号：US20140097936A1

公开(公告)日：2014-04-10

申请号：US14102681

申请日：2013-12-11

申请人： ActivIdentity, Inc.

发明人： Yves Louis Gabriel Audebert ,  Eric F. Le Saint ,  Jason Hart ,  Dominique Louis Joseph Fedronic

IPC分类号： G07C9/00

CPC分类号： G07C9/00111 ,  G07C9/00071 ,  G07C2009/00769

摘要： A portable authentication system includes a security module, that may be a smart card, SIM (Subscriber Identity Module), USB controller with a secure chip, or similar module capable of storing one or more credentials, and an interface module such as a digital badge holder that is able to communicate with the security module, for instance by providing a smart card communication interface. The portable authentication system may be either a single integrated system or a dual system where the security module can be removed or disconnected from the interface system.

摘要翻译： 便携式认证系统包括安全模块，其可以是智能卡，SIM（用户识别模块），具有安全芯片的USB控制器或能够存储一个或多个凭证的类似模块，以及诸如数字徽章 能够与安全模块通信，例如通过提供智能卡通信接口。 便携式认证系统可以是单个集成系统或双重系统，其中可以从接口系统移除或断开安全模块。

公开(公告)号：US20140068267A1

公开(公告)日：2014-03-06

申请号：US14074082

申请日：2013-11-07

申请人： ACTIVIDENTITY, INC.

发明人： Eric F. LE SAINT ,  Wu WEN

IPC分类号： H04L9/08

摘要： An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.

摘要翻译： 一种用于在主机计算机系统和功能连接的加密模块之间安全地交换信息的匿名安全消息传递方法和系统。 本发明包括主机安全管理器应用程序处理与安装在密码模块内部的安全执行程序的通信。 在主计算机系统和加密模块之间建立类SSL通信路径。 初始会话密钥由主机生成，并使用与密码模块相关联的PKI密钥对进行安全交换。 安全通信路径允许显示关键安全参数（CSP），而无需CSP的清晰文本公开，并且进一步允许使用所生成的会话密钥作为创建会话密钥的会话的CSP的临时替代。

公开(公告)号：US20070195998A1

公开(公告)日：2007-08-23

申请号：US11391473

申请日：2006-03-29

申请人： Eric Le Saint ,  Dominique Fedronic ,  John Boyer ,  Hong Liu

发明人： Eric Le Saint ,  Dominique Fedronic ,  John Boyer ,  Hong Liu

IPC分类号： G06K9/00

CPC分类号： G06F21/34 ,  G06F21/32 ,  G06F2221/2153 ,  G07C9/00039 ,  G07C9/00087

摘要： A system is used for authorizing access to a Personal Security Device. This system comprises a Personal Security Device 75 and another device 105 which is in functional communication with said Personal Security Device. Said Personal Security Device comprises identification information retrieval data and a biometric authentication application 200 which transfers said identification information retrieval data to said other device 105 in response to an identified match between biometric data sent by said other device and a predetermined biometric reference. Said other device 105 comprises a security executive application 230 for retrieving an Identification Information with at least said identification information retrieval data, thus generating a retrieved Identification Information, and transferring said retrieved Identification Information to said Personal Security Device 75. Said Personal Security Device comprises a security executive application 215 for authorizing access in response to an identified match between said transferred retrieved Identification Information and a predetermined Identification Information stored in said Personal Security Device.

摘要翻译： 系统用于授权访问个人安全设备。 该系统包括个人安全设备75和与所述个人安全设备功能性通信的另一设备105。 所述个人安全设备包括识别信息检索数据和生物测定认证应用程序200，其响应于由所述另一设备发送的生物测定数据与预定生物测定参考之间的所识别的匹配将所述识别信息检索数据传送到所述另一设备105。 所述另一设备105包括用于使用至少所述识别信息检索数据检索识别信息的安全执行应用程序230，从而生成检索到的标识信息，并将所检索的标识信息传送到所述个人安全设备75。 所述个人安全设备包括安全执行应用215，用于响应于所述传送的所检索的识别信息与存储在所述个人安全设备中的预定标识信息之间的所识别的匹配来授权访问。

公开(公告)号：US08626947B2

公开(公告)日：2014-01-07

申请号：US13216727

申请日：2011-08-24

申请人： Yves Louis Gabriel Audebert ,  Olivier Clemot

发明人： Yves Louis Gabriel Audebert ,  Olivier Clemot

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L67/32 ,  H04L12/4633 ,  H04L51/00 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/20 ,  H04L67/02 ,  H04L67/025 ,  H04L69/08 ,  H04L69/32

摘要： Managing a Personal Security Device (PSD) includes retrieving proprietary information from a remote storage location using a first Remote Computer System, providing at least one Client as a host to the PSD and establishing a communications pipe over a first network between the PSD and the Remote Computer System. The communications pipe communicates with the PSD through the Client. Managing a PSD also includes transmitting the proprietary information from the Remote Computer System to the PSD by sending a PSD-formatted message through the communications pipe, where the proprietary information provided in the PSD-formatted message and passing through the Client is at least partially inaccessible by the Client, processing the PSD-formatted messages at the PSD to extract the proprietary information and storing the proprietary information in the PSD.

摘要翻译： 管理个人安全设备（PSD）包括使用第一远程计算机系统从远程存储位置检索专有信息，至少提供一个客户端作为PSD的主机，并在PSD和远端之间的第一网络上建立通信管道 电脑系统。 通信管道通过客户端与PSD进行通信。 管理PSD还包括通过通过通信管道发送PSD格式的消息从远程计算机系统发送专有信息到PSD，其中PSD格式化的消息中提供的专有信息和通过客户机的信息至少部分地不可访问 由客户处理在PSD处理PSD格式的消息以提取专有信息并将专有信息存储在PSD中。

公开(公告)号：USH2270H1

公开(公告)日：2012-06-05

申请号：US12803968

申请日：2010-07-09

申请人： Eric F. Le Saint ,  Dominique Louis Joseph Fedronic

发明人： Eric F. Le Saint ,  Dominique Louis Joseph Fedronic

IPC分类号： H04L9/30

摘要： A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.

公开(公告)号：US20060230437A1

公开(公告)日：2006-10-12

申请号：US11397710

申请日：2006-04-05

申请人： John Alexander Boyer ,  Eric Le Saint

发明人： John Alexander Boyer ,  Eric Le Saint

IPC分类号： H04L9/32

CPC分类号： G06F21/31 ,  G06F21/6245 ,  G06F2221/2147 ,  H04L9/0836 ,  H04L9/321 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/104

摘要： A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.

摘要翻译： 利用一个或多个间接密码级别的安全和透明的数字凭证共享安排来从授权共享证书的那些实体中模糊共享实体的凭证。 提供了一种安全策略表，其允许共享实体选择性地授权或撤销多个实体之间的数字凭证共享。 本发明的各种实施例提供了从诸如智能卡的安全令牌的数字凭证的安全存储和检索。 安全共享布置可以根据需要在分级或非分层实施例中实现。

公开(公告)号：US08782427B2

公开(公告)日：2014-07-15

申请号：US13424990

申请日：2012-03-20

申请人： Dominique Louis Joseph Fedronic ,  Eric F. Le Saint

发明人： Dominique Louis Joseph Fedronic ,  Eric F. Le Saint

IPC分类号： G06F21/00

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： This invention provides for progressive processing of biometric samples to facilitate user verification. A security token performs initial processing. Due to storage and processing limitations, false rejections may occur. To overcome this, the biometric sample is routed to a stateless server with greater processing power and data enhancement capabilities. The stateless server processes and returns an enhanced biometric sample to the security token for another attempt at verification. In another embodiment, the security token may have a second failure when verifying the enhanced biometric sample. It can then send the enhanced or raw biometric sample to a stateful server. The stateful server processes the biometric sample and performs a one to many search of a biometric database having a master set of enrolled authorized user biometric templates. The security token uses signals from the stateful server to grant or deny access. In both embodiments, heuristics remain with the security token.

摘要翻译： 本发明提供生物特征样本的逐步处理以便于用户验证。 安全令牌执行初始处理。 由于存储和处理限制，可能会发生错误的拒绝。 为了克服这一点，生物特征样本被路由到具有更大处理能力和数据增强功能的无状态服务器。 无状态服务器处理并将增强的生物特征样本返回到安全令牌，以进行另一次验证尝试。 在另一个实施例中，当验证增强的生物特征样本时，安全令牌可能具有第二失败。 然后可以将增强或原始生物特征样本发送到状态服务器。 有状态服务器处理生物特征样本，并对具有登记的授权用户生物特征模板的主集合的生物特征数据库进行一对多搜索。 安全令牌使用来自状态服务器的信号来授予或拒绝访问。 在两个实施例中，启发式保持与安全令牌。

公开(公告)号：US07787661B2

公开(公告)日：2010-08-31

申请号：US11391473

申请日：2006-03-29

申请人： Eric Fernand Le Saint ,  Dominique Louis Fedronic ,  John Jules Alexander Boyer ,  Hong Liu

发明人： Eric Fernand Le Saint ,  Dominique Louis Fedronic ,  John Jules Alexander Boyer ,  Hong Liu

IPC分类号： G06K9/00 ,  G06F21/00 ,  G06F7/04 ,  H04L9/32

CPC分类号： G06F21/34 ,  G06F21/32 ,  G06F2221/2153 ,  G07C9/00039 ,  G07C9/00087

摘要： A system is used for authorizing access to a Personal Security Device. This system comprises a Personal Security Device 75 and another device 105 which is in functional communication with said Personal Security Device. Said Personal Security Device comprises identification information retrieval data and a biometric authentication application 200 which transfers said identification information retrieval data to said other device 105 in response to an identified match between biometric data sent by said other device and a predetermined biometric reference. Said other device 105 comprises a security executive application 230 for retrieving an Identification Information with at least said identification information retrieval data, thus generating a retrieved Identification Information, and transferring said retrieved Identification Information to said Personal Security Device 75. Said Personal Security Device comprises a security executive application 215 for authorizing access in response to an identified match between said transferred retrieved Identification Information and a predetermined Identification Information stored in said Personal Security Device.

摘要翻译： 系统用于授权访问个人安全设备。 该系统包括个人安全设备75和与所述个人安全设备功能性通信的另一设备105。 所述个人安全设备包括识别信息检索数据和生物测定认证应用程序200，其响应于由所述另一设备发送的生物测定数据与预定生物测定参考之间的所识别的匹配将所述识别信息检索数据传送到所述另一设备105。 所述另一设备105包括用于使用至少所述识别信息检索数据检索识别信息的安全执行应用程序230，从而生成检索到的标识信息，并将所检索的标识信息传送到所述个人安全设备75.所述个人安全设备包括 安全执行应用215，用于响应于所述传送的所检索的识别信息与存储在所述个人安全设备中的预定识别信息之间的所识别的匹配来授权访问。

公开(公告)号：US20060273176A1

公开(公告)日：2006-12-07

申请号：US11446132

申请日：2006-06-05

申请人： Yves Audebert ,  Wu Wen

发明人： Yves Audebert ,  Wu Wen

IPC分类号： G06K7/08

CPC分类号： G06K19/07336

摘要： A blocking Personal Security Device (PSD) is disclosed which is intended to protect the privacy of one or more contactless PSDs present within a common RF field generated by a contactless PSDs RF reader. The blocking PSD is programmed to exploit an anti-collision protocol used by the RF reader. The blocking PSD prevents the RF reader from accessing a contactless PSD within the common RF field by ignoring wait time commands and repeatedly responding to the RF reader's interrogations.

摘要翻译： 公开了一种阻止个人安全设备（PSD），其旨在保护存在于由非接触式PSD RF读取器产生的公共RF场内的一个或多个非接触式PSD的隐私。 阻塞PSD被编程为利用RF读取器使用的防冲突协议。 阻塞PSD通过忽略等待时间命令并重复响应RF读取器的询问来防止RF读取器访问公共RF字段内的非接触式PSD。

公开(公告)号：US08402275B2

公开(公告)日：2013-03-19

申请号：US12925664

申请日：2010-10-27

申请人： Yves Louis Gabriel Audebert ,  Olivier Clemot

发明人： Yves Louis Gabriel Audebert ,  Olivier Clemot

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F15/16

CPC分类号： H04W12/06 ,  G06F21/6218 ,  G06Q20/3672 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0428 ,  H04L63/0807 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/20 ,  H04L67/141 ,  H04L69/08 ,  H04L69/32

摘要： A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.