-
1.发明授权System and method for in- and out-of-band multi-factor server-to-user authentication 有权带内和带外多因素服务器到用户认证的系统和方法公开(公告)号:US08627088B2
公开(公告)日:2014-01-07
申请号:US12703685
申请日:2010-02-10
申请人: Len L. Mizrah
发明人: Len L. Mizrah
IPC分类号: H04K1/00
CPC分类号: H04L9/3215 , H04L9/3228 , H04L9/3234 , H04L9/3273 , H04L63/0869 , H04L63/18 , H04L2209/608 , H04L2463/082
摘要: A method to authenticate a server to a client is provided, including in-band and out-of-band techniques. At least a first shared secret identifies a server path, including a plurality of pre-defined locations on a frame of reference (e.g. a grid). An authentication session is initiated upon receiving a client identifier at the server-side resources. A current session instance of the grid is presented to the client, populated with characters. The process includes sharing between the client and the server a challenge identifying a random subset of the plurality of predefined locations in the server path, and a response including characters that match the characters in the locations on the server path identified by the challenge. As a result, client is capable of verifying that the server has access to the first shared secret. Then a protocol is executed to authenticate the client to the server.
摘要翻译: 提供了向客户端认证服务器的方法,包括带内和带外技术。 至少第一共享秘密识别服务器路径,包括参考帧(例如网格)上的多个预定义位置。 在服务器端资源接收到客户端标识符时,启动认证会话。 网格的当前会话实例被呈现给客户端,填充有字符。 该过程包括在客户机和服务器之间共享识别服务器路径中的多个预定义位置的随机子集的挑战,以及包括与由挑战所标识的服务器路径上的位置中的字符匹配的字符的响应。 因此,客户端能够验证服务器是否可以访问第一个共享密钥。 然后执行一个协议来验证客户端到服务器。
-
2.发明授权Key generation method for communication session encryption and authentication system 有权通信会话加密和认证系统的密钥生成方法公开(公告)号:US07581100B2
公开(公告)日:2009-08-25
申请号:US10653503
申请日:2003-09-02
申请人: Len L. Mizrah
发明人: Len L. Mizrah
IPC分类号: H04L9/32
CPC分类号: H04L63/061 , H04L9/0844 , H04L9/3273 , H04L63/08 , H04L63/0869
摘要: An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server provides ephemeral encryption keys in response to a request during a Session Random Key (SRK) initiation interval. SRK is provided for all sessions initiated in the SRK initiation interval. A set of ephemeral intermediate Data Random Keys (DRK) is associated with each request. A message carrying the SRK is sent to the requestor. A response from the requester includes a shared parameter encrypted using the SRK verifying receipt of the SRK. After verifying receipt of the SRK at the requester, at least one message is sent by the server carrying an encrypted version of one of said set of ephemeral intermediate DRK to be accepted as an encryption key for the session.
摘要翻译: 不允许共享秘密通过不信任的通信介质的交互式互认认证协议将加密密钥管理系统集成到认证协议中。 服务器在会话随机密钥(SRK)启动间隔期间响应于请求提供临时加密密钥。 为SRK启动间隔中启动的所有会话提供SRK。 一组短暂的中间数据随机密钥(DRK)与每个请求相关联。 携带SRK的消息被发送到请求者。 来自请求者的响应包括使用SRK验证SRK的接收来加密的共享参数。 在验证在请求者之后接收到SRK的情况下,服务器发送至少一个消息,该消息携带所述一组临时中间DRK之一的加密版本,以被接受为会话的加密密钥。
-
3.发明申请MULTI-TIER TRANSACTION PROCESSING METHOD AND PAYMENT SYSTEM IN M- AND E- COMMERCE 审中-公开多层交易处理方法和付款系统在M-和E-商业公开(公告)号:US20110035294A1
公开(公告)日:2011-02-10
申请号:US12535546
申请日:2009-08-04
申请人: LEN L. MIZRAH
发明人: LEN L. MIZRAH
CPC分类号: G06Q20/405 , G06F21/33 , G06F21/645 , G06Q20/322 , G06Q20/385 , G06Q20/389 , G06Q30/06 , G06Q30/0615 , G06Q40/12 , G06Q50/188
摘要: A server executes a protocol that automates transactions involving a customer and a merchant agreeing to trade money in the customer's account for goods or services available from the merchant. The protocol protects personal identifying information of the customer from disclosure to the merchant, and protects all parties from repudiation of the specific transaction. The protocol defines a pre-authenticated form of the specific transaction; obtains authorization from the customer and the merchant to commit on their behalf to the pre-authenticated transaction; and obtains authorization from the bank to commit resources for settlement with the merchant. After obtaining authorizations, a transaction clearance code is generated completing a record of the pre-authenticated transaction for non-repudiation, for proof of a right to receive settlement from the third party and for proof of a right to receive the goods or services from the merchant.
摘要翻译: 服务器执行一个协议,自动化涉及客户和商家的交易,同意在客户的帐户中交易货物或服务,从商家可用。 该协议保护客户的个人识别信息免于向商家披露,并且保护所有各方免于具体交易的抵赖。 该协议定义了特定事务的预认证形式; 获得客户和商户授权代表他们进行预认证的交易; 并获得银行授权,提供与商户结算的资源。 在获得授权之后,产生交易清关代码,完成预认证交易的记录以进行不可抵赖,以证明有权从第三方接收结算,以及证明从第三方收到货物或服务的权利 商人。
-
4.发明授权Authentication method of random partial digitized path recognition with a challenge built into the path 有权随机部分数字化路径识别的验证方法,具有内置于路径中的挑战公开(公告)号:US07849321B2
公开(公告)日:2010-12-07
申请号:US11466697
申请日:2006-08-23
申请人: Len L. Mizrah
发明人: Len L. Mizrah
IPC分类号: G06F21/00
摘要: An interactive method for authentication is based on two shared secrets, including a first shared secret in the form of an ordered path on the frame of reference, and a second shared secret in the form of locations on the frame of reference at which characters identifying a subset of the ordered path are to be displayed. An instance of the frame of reference comprises a set of characters which is arranged in a random or other irregular pattern. Authentication requires that a user enter the characters in the displayed instance of the frame of reference found in the locations in the random subset of the ordered path by indicating characters either in these locations, or any other locations having the same characters. Thus, a secret challenge identifying the random partial subset is embedded within the displayed instance of the graphical representation of the frame of reference.
摘要翻译: 用于认证的交互方法基于两个共享秘密,包括在参考帧上以有序路径的形式的第一共享秘密,以及在参考帧上的位置形式的第二共享秘密,其中字符识别 要显示有序路径的子集。 参考框架的实例包括以随机或其他不规则图案排列的一组字符。 认证要求用户通过在这些位置或具有相同字符的任何其他位置指示字符来输入在有序路径的随机子集中的位置中找到的参考帧的显示实例中的字符。 因此,识别随机部分子集的秘密挑战被嵌入在参考帧的图形表示的所显示的实例内。
-
公开(公告)号:US07506161B2
公开(公告)日:2009-03-17
申请号:US10653506
申请日:2003-09-02
申请人: Len L. Mizrah
发明人: Len L. Mizrah
IPC分类号: H04L9/00
CPC分类号: H04L9/0844 , H04L9/3273
摘要: An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol, so that key management becomes an essential part of the authentication protocol itself. The system provides a secure distribution of a secret session random key used in symmetric cryptography. Successful exchange of this encryption key allows for secure transit of the protocol data over communication lines in encrypted form, permitting explicit mutual authentication of the connected parties. The post-authentication stage of the communication session can use secure encryption for the data exchange, since each party has already obtained the secret session random key.
摘要翻译: 不允许共享秘密通过不信任通信介质的交互式互认认证协议将加密密钥管理系统集成到认证协议中,使得密钥管理成为认证协议本身的重要部分。 该系统提供在对称密码学中使用的秘密会话随机密钥的安全分发。 该加密密钥的成功交换允许协议数据通过通信线路以加密的形式进行安全传输,允许连接方的显式相互认证。 通信会话的后验证阶段可以使用安全加密来进行数据交换,因为每一方已经获得了秘密会话随机密钥。
-
公开(公告)号:US07379916B1
公开(公告)日:2008-05-27
申请号:US09706370
申请日:2000-11-03
申请人: Len L. Mizrah
发明人: Len L. Mizrah
CPC分类号: G06Q40/02 , G06Q20/04 , G06Q20/10 , G06Q20/108 , G06Q20/3823 , G06Q20/40 , G06Q20/425 , G06Q40/00 , G06Q40/025
摘要: A clocked authentication, authorization and accounting (CAAA) system and method offers private and secure credit/debit card online and offline financial transactions (FT) including an embedded privacy and security layer (EPSL) architecture. EPSL includes an authentication stage prior to the authorization stage that is automated and enabled through a back office, and enhanced by associating the authentication stage with projected timing, security and accounting parameters. It enables legal financial account holders to perform buy/sell or withdraw/deposit transactions without disclosing private personal information to the transaction counterparts, while preserving highly elevated and enhanced security and fraud protection as compared with conventional methods. The CAAA method enables efficient mass user EPSL implementation at back offices utilizing high frequency synchronized global clocking of EPSL logic blocks.
摘要翻译: 计时认证,授权和会计(CAAA)系统和方法提供私人和安全的信用卡/借记卡在线和离线金融交易(FT),包括嵌入式隐私和安全层(EPSL)架构。 EPSL包括在授权阶段之前的认证阶段,其通过后台自动化和启用,并且通过将认证阶段与预计的时间安排和安全性和会计参数相关联来增强。 它使得法定财务账户持有人可以在不向交易对手披露私人个人信息的情况下执行买/卖或提取/存款交易,同时保持与传统方法相比高度提升和增强的安全性和欺诈保护。 CAAA方法可以利用EPSL逻辑块的高频同步全局时钟在后台实现高效的大量用户EPSL。
-
7.发明授权Key conversion method for communication session encryption and authentication system 有权通信会话加密和认证系统的密钥转换方法公开(公告)号:US07299356B2
公开(公告)日:2007-11-20
申请号:US10653500
申请日:2003-09-02
申请人: Len L. Mizrah
发明人: Len L. Mizrah
IPC分类号: H04L9/00
CPC分类号: H04L63/061 , H04L9/0822 , H04L9/0844 , H04L63/08 , H04L63/0869
摘要: An interactive mutual authentication protocol, which does not allow shared secrets to pass through untrusted communication media, integrates an encryption key management system into the authentication protocol. The server encrypts a particular data random key by first veiling the particular data random key using a first conversion array seeded by a shared secret, and then encrypting the veiled particular data random key. The client decrypts and unveils the particular data random key using the shared secret, and returns a similarly veiled version of the particular data random key using a second conversion array seeded by a shared secret. Access to the shared secret indicates authenticity of the stations. The procedure may be repeated for a second shared secret for strong authentication, without allowing shared secrets to pass via untrusted media.
摘要翻译: 不允许共享秘密通过不信任通信介质的交互式互认认证协议将加密密钥管理系统集成到认证协议中。 服务器通过首先使用由共享密钥接收的第一转换阵列来掩蔽特定数据随机密钥来加密特定数据随机密钥,然后加密掩蔽的特定数据随机密钥。 客户端使用共享秘密解密并发布特定数据随机密钥,并使用由共享密钥种子的第二转换阵列返回特定数据随机密钥的类似遮蔽版本。 访问共享密钥表示站点的真实性。 可以针对第二共享秘密重复该过程以进行强认证,而不允许共享秘密通过不受信任的媒体。
-
8.发明授权公开(公告)号:US09215072B1
公开(公告)日:2015-12-15
申请号:US13658815
申请日:2012-10-23
申请人: Edward M. Barton , Len L. Mizrah
发明人: Edward M. Barton , Len L. Mizrah
CPC分类号: H04L9/3226 , G06F21/36 , H04L9/085 , H04L9/3271 , H04L63/083
摘要: A party can authenticate itself by interacting with multiple servers without revealing the shared secret to any of the involved parties. The stored shared secret is strengthened and broken into shares and saved on the servers. The shared secret is safe against offline brute force attack unless all servers where the shares are stored are compromised. The compromise of any single server, or multiple servers—but less than the maximum number—will not allow the attacker to do a brute force analysis on the shared secret. This back end security enhancement is suitable for probabilistic front end authentication algorithms.
摘要翻译: 派对可以通过与多个服务器交互而对其进行身份验证,而不向任何相关方泄露共享的秘密。 存储的共享密钥被加强并分成共享并保存在服务器上。 除非存储共享的所有服务器都受到破坏,否则共享的秘密可以安全地防止脱机暴力攻击。 任何单个服务器或多个服务器(但小于最大数量)的妥协将不允许攻击者对共享密钥进行强力分析。 这种后端安全性增强适用于概率前端认证算法。
-
9.发明授权System and method for mutually authenticated cryptographic key exchange using matrices 有权使用矩阵进行相互认证的加密密钥交换的系统和方法公开(公告)号:US08656484B2
公开(公告)日:2014-02-18
申请号:US12980024
申请日:2010-12-28
申请人: Edward M. Barton , Len L. Mizrah
发明人: Edward M. Barton , Len L. Mizrah
CPC分类号: H04L9/0844
摘要: Two parties can establish a cryptographic key using a matrix based key exchange protocol, for secure communications without any prior distribution of secret keys or other secret data, and without revealing said key to any third party who may have access to all of the transmissions between them. The two parties use a shared secret to produce a common matrix M. The common matrix M, is multiplied by a random matrix K on the sending side, and a different random matrix N on the receiving side. The matrix product KM is sent from the sending side to the receiving side, and the matrix product MN is sent from the receiving side to the sending side. Both sides produce the common matrix product KMN, and use it for producing a symmetric key for encrypted communications, after mutually authenticating one another over an insecure network.
摘要翻译: 双方可以使用基于矩阵的密钥交换协议来建立加密密钥,用于安全通信,而无需事先分发秘密密钥或其他秘密数据,并且不向可能访问其间的所有传输的任何第三方泄露所述密钥 。 双方使用共享密钥来产生公共矩阵M.公共矩阵M乘以发送侧的随机矩阵K和接收侧的不同随机矩阵N. 矩阵产品KM从发送侧发送到接收侧,矩阵产品MN从接收侧发送到发送侧。 双方产生公共矩阵产品KMN,并通过不安全的网络相互认证,用于生成用于加密通信的对称密钥。
-
10.发明授权Two-channel challenge-response authentication method in random partial shared secret recognition system 有权随机部分共享秘密识别系统中的双向质询 - 响应认证方法公开(公告)号:US08006300B2
公开(公告)日:2011-08-23
申请号:US11552500
申请日:2006-10-24
申请人: Len L. Mizrah
发明人: Len L. Mizrah
IPC分类号: G06F21/00
CPC分类号: G06F21/36 , G06F21/42 , G06F2221/2103 , H04L9/3215 , H04L9/3271 , H04L63/08 , H04L63/18 , H04L2209/60 , H04L2209/80
摘要: Random partial shared secret recognition is combined with using more than one communication channel between server-side resources and two logical or physical client-side data processing machines. After a first security tier, a first communication channel is opened to a first data processing machine on the client side. The session proceeds by delivering an authentication challenge, identifying a random subset of an authentication credential, to a second data processing machine on the client side using a second communication channel. Next, the user enters an authentication response in the first data processing machine, based on a random subset of the authentication credential. The authentication response is returned to the server side on the first communication channel for matching. The authentication credential can be a one-session-only credential delivered to the user for one session, or a static credential used many times.
摘要翻译: 随机部分共享秘密识别与服务器端资源和两个逻辑或物理客户端数据处理机之间的多个通信信道相结合。 在第一安全层之后,向客户端的第一数据处理机打开第一通信信道。 会话通过使用第二通信信道向客户端侧的第二数据处理机器递送认证挑战(识别认证凭证的随机子集)。 接下来,用户基于认证凭证的随机子集在第一数据处理机器中输入认证响应。 认证响应返回到第一通信信道上的服务器侧进行匹配。 身份验证凭证可以是一次会话传递给用户的一会话凭据,也可以是多次使用静态凭据。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.019 秒)
