专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08413221B2 Methods and apparatus for delegated authentication 有权
标题翻译：委托认证的方法和设备
公开(公告)号：US08413221B2
公开(公告)日：2013-04-02
申请号：US11930738
申请日：2007-10-31
申请人： Burton S. Kaliski, Jr. , Magnus Nyström
发明人： Burton S. Kaliski, Jr. , Magnus Nyström
IPC分类号： H04L9/32
CPC分类号： H04L63/0815 , H04L63/0838
摘要： An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user. The authentication-delegating service may be graded to provide different types of delegated authentication information based on respective levels of trust that may be associated with relying parties.
摘要翻译：在认证服务器或其他处理设备中实现的认证委托服务被配置为从依赖方接收与特定用户相关联的委托认证信息的请求，以确定与依赖方相关联的信任级别，并且提供如果依赖方具有足够的信任级别，则委托认证信息到依赖方，以便允许依赖方根据委托认证信息认证用户。委托的认证信息具有基于这样的信息可以当前认证用户的属性。委派的认证信息可以包括例如从特定用户的一次性密码或其他认证凭证导出的至少一个值。认证委托服务可以被分级以根据可能与依赖方相关联的相应信任级别来提供不同类型的委托认证信息。

12. 发明授权

US07849323B2 Password presentation for multimedia devices 有权
标题翻译：多媒体设备密码显示
公开(公告)号：US07849323B2
公开(公告)日：2010-12-07
申请号：US11556506
申请日：2006-11-03
申请人： John Field , Burton S. Kaliski, Jr. , Magnus Nyström , James Townsend
发明人： John Field , Burton S. Kaliski, Jr. , Magnus Nyström , James Townsend
IPC分类号： G06F21/00
CPC分类号： H04L63/083
摘要： A multimedia device or other type of processing device comprises a memory, a processor coupled to the memory, and playback circuitry coupled to the processor. In one aspect, the processor is operative to control the storage in the memory of at least one multimedia file containing a one-time password or other type of password, where the password is generated externally to the processing device, and to control the playback of the multimedia file via the playback circuitry to make the password apparent to or otherwise accessible to an associated user or other entity. The multimedia file may comprise, for example, an audio file, with the password being presented to the user in an audible form upon playback of the audio file. As another example, the multimedia file may comprise a video file, with the password being presented to the user in a visible form upon playback of the video file.
摘要翻译：多媒体设备或其他类型的处理设备包括存储器，耦合到存储器的处理器以及耦合到处理器的重放电路。在一个方面，处理器可操作以控制存储器中的至少一个多媒体文件的存储，所述至少一个多媒体文件包含一次性密码或其他类型的密码，其中密码在处理设备外部产生，并且控制播放所述多媒体文件经由所述重放电路使得所述密码对相关联的用户或其他实体显而易见或以其他方式可访问。多媒体文件可以包括例如音频文件，其中在回放音频文件时以可听形式向用户呈现密码。作为另一示例，多媒体文件可以包括视频文件，其中在回放视频文件时以可见形式向用户呈现密码。

13. 发明授权

US07502467B2 System and method for authentication seed distribution 有权
标题翻译：种子分配认证系统和方法
公开(公告)号：US07502467B2
公开(公告)日：2009-03-10
申请号：US11265510
申请日：2005-11-02
申请人： John G. Brainard , Burton S. Kaliski, Jr. , Magnus Nyström , Ronald L. Rivest
发明人： John G. Brainard , Burton S. Kaliski, Jr. , Magnus Nyström , Ronald L. Rivest
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/08 , G06F21/31 , G06F21/33 , H04L9/0844 , H04L9/0869 , H04L9/3234 , H04L63/0428
摘要： In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.
摘要翻译：在根据本发明的用户认证系统和方法的一个实施例中，设备与服务器共享被称为主种子的秘密。设备和服务器都使用密钥导出函数从主种子中导出一个或多个称为验证者种子的秘密。服务器与一个或多个验证者共享一个验证者种子。设备或使用该设备的实体可以使用适当的验证者种子与验证者之一进行身份验证。以这种方式，设备和验证者可以共享秘密，该验证者的验证者种子，而没有知道主种子的验证者或任何其他验证者种子。因此，设备只需要存储一个主播种子，可以访问正确导出适当种子所需的信息，并具有种子推导能力。验证者不能损害主粒子，因为验证者无法访问主粒子。

14. 发明授权

US06174386B1 NaOH evaporator comprising at least one component formed by a high strength stainless steel 有权
标题翻译： NaOH蒸发器包括由高强度不锈钢形成的至少一个部件
公开(公告)号：US06174386B1
公开(公告)日：2001-01-16
申请号：US09249048
申请日：1999-02-12
申请人： Anna Delblanc-Bauer , Pasi Kangas , Magnus Nyström
发明人： Anna Delblanc-Bauer , Pasi Kangas , Magnus Nyström
IPC分类号： C22C3844
CPC分类号： B23K35/3086 , C22C38/40 , C22C38/44 , C22C38/58
摘要： The invention relates to the use of a ferritic-austenitic stainless steel alloy as construction material for components in the process industry, which components can be foreseen to come into direct contact with caustic soda.
摘要翻译：本发明涉及铁素体 - 奥氏体不锈钢合金作为加工工业中组分的结构材料的用途，该组分可预见与苛性钠直接接触。

15. 发明授权

US09203620B1 System, method and apparatus for secure use of cryptographic credentials in mobile devices 有权
标题翻译：用于在移动设备中安全使用加密凭证的系统，方法和装置
公开(公告)号：US09203620B1
公开(公告)日：2015-12-01
申请号：US12360872
申请日：2009-01-28
申请人： Magnus Nyström
发明人： Magnus Nyström
IPC分类号： G06F7/04 , G06F17/30 , H04L9/08 , H04L9/32
CPC分类号： H04L9/0894 , G06F21/34 , G06F21/44 , H04L9/0877 , H04L9/0897 , H04L9/32 , H04L9/3228 , H04L9/3234 , H04L2209/42 , H04L2209/80
摘要： A mobile telephone or other type of mobile communication device is configured to store a cryptographic credential within a secure hardware environment of the device. A script is provisioned for execution in the mobile communication device, the script comprising program code that executes at least in part within the secure hardware environment and is configured to utilize the cryptographic credential stored within the secure hardware environment. Prior to permitting the script to access the cryptographic credential, the secure hardware environment verifies an endorsement of the script. The endorsement may be provided by an issuer of the cryptographic credential. The cryptographic credential stored in the secure hardware environment may comprise a long-term credential and the script may be configured to generate a plurality of short-lived credentials based on the long-term credential. More particularly, the script may implement an OTP algorithm so as to provide a software authentication token within the mobile communication device.
摘要翻译：移动电话或其他类型的移动通信设备被配置为在设备的安全硬件环境内存储加密证书。脚本被配置用于在移动通信设备中执行，该脚本包括至少部分地在安全硬件环境内执行的程序代码，并且被配置为利用存储在安全硬件环境内的加密证书。在允许脚本访问加密凭据之前，安全硬件环境验证脚本的认可。该签注可以由密码凭证的发行者提供。存储在安全硬件环境中的加密证书可以包括长期凭证，并且脚本可以被配置为基于长期凭证生成多个短命令凭证。更具体地，脚本可以实现OTP算法，以便在移动通信设备内提供软件认证令牌。

16. 发明授权

US09071439B2 Method and apparatus for remote administration of cryptographic devices 有权
标题翻译：用于远程管理加密设备的方法和装置
公开(公告)号：US09071439B2
公开(公告)日：2015-06-30
申请号：US11769855
申请日：2007-06-28
申请人： Magnus Nyström , William M. Duane , James Townsend
发明人： Magnus Nyström , William M. Duane , James Townsend
IPC分类号： H04L29/00 , H04L9/32 , H04L9/08 , H04L29/06
CPC分类号： H04L9/3228 , H04L9/0863 , H04L9/0891 , H04L9/3213 , H04L63/0807 , H04L2209/80
摘要： Techniques are disclosed for performing operations in an authentication token or other cryptographic device in a system comprising an authentication server. In one aspect, a code generated by the authentication server is received in the cryptographic device. The code may have associated therewith information specifying at least one operation to be performed by the cryptographic device. The cryptographic device authenticates the code, and responsive to authentication of the code, performs the specified operation. If the code is not authenticated, the operation is not performed. The code may be determined as a function of a one-time password generated by the authentication server. The function may also take as an input an identifier of the operation to be performed.
摘要翻译：公开了用于在包括认证服务器的系统中的认证令牌或其他密码设备中执行操作的技术。在一个方面，认证服务器生成的代码在密码设备中被接收。代码可以与其相关联地指定要由密码设备执行的至少一个操作的信息。加密设备认证代码，并响应代码的认证，执行指定的操作。如果代码未通过验证，则不执行操作。代码可以被确定为由认证服务器生成的一次性密码的函数。该功能还可以作为要执行的操作的标识符作为输入。

17. 发明授权

US08782423B2 Network based management of protected data sets 有权
标题翻译：基于网络的受保护数据集管理
公开(公告)号：US08782423B2
公开(公告)日：2014-07-15
申请号：US13527439
申请日：2012-06-19
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F3/06
CPC分类号： G06F3/0622 , G06F21/57 , G06F21/602
摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
摘要翻译：包括配置为维护受保护的帐户的帐户管理模块的系统。例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

18. 发明申请

US20130339729A1 NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS 有权
标题翻译：基于网络的保护数据集管理
公开(公告)号：US20130339729A1
公开(公告)日：2013-12-19
申请号：US13527439
申请日：2012-06-19
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F21/00 , G06F1/24 , H04L29/06
CPC分类号： G06F3/0622 , G06F21/57 , G06F21/602
摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
摘要翻译：包括配置为维护受保护的帐户的帐户管理模块的系统。例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

19. 发明授权

US08612766B2 Secure credential unlock using trusted execution environments 有权
公开(公告)号：US08612766B2
公开(公告)日：2013-12-17
申请号：US13176735
申请日：2011-07-05
申请人： Stefan Thom , Robert K. Spiger , Magnus Nyström , Himanshu Soni , Marc R. Barbour , Nick Voicu , Xintong Zhou , Kirk Shoop
发明人： Stefan Thom , Robert K. Spiger , Magnus Nyström , Himanshu Soni , Marc R. Barbour , Nick Voicu , Xintong Zhou , Kirk Shoop
IPC分类号： G06F21/00
CPC分类号： G06F21/602 , G06F21/30 , G06F21/31 , G06F21/57 , G06F2221/2103 , G06F2221/2107 , G06F2221/2131 , H04L9/0822 , H04L9/0861 , H04L9/3271 , H04L2209/127
摘要： Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

20. 发明授权

US07886345B2 Password-protection module 有权
标题翻译：密码保护模块
公开(公告)号：US07886345B2
公开(公告)日：2011-02-08
申请号：US11172378
申请日：2005-06-30
申请人： Burton S. Kaliski , Magnus Nyström
发明人： Burton S. Kaliski , Magnus Nyström
IPC分类号： G06F21/00
CPC分类号： H04L63/0869 , G06F21/31 , G06F21/445 , H04L63/083
摘要： A method of protecting a password being used to establish interaction between a user and an application includes detecting a request for the password from the application by receiving a notification from the user indicating the request. The method further includes combining the password with information identifying the application, so as to produce a protected password, and authenticating to the application using the protected password. The method may also include a mutual authentication capability between user and the application.
摘要翻译：保护用于建立用户和应用之间的交互的密码的方法包括通过从用户接收指示该请求的通知来检测来自应用的密码请求。该方法还包括将密码与识别应用的信息相结合，以产生受保护的密码，并使用受保护的密码对应用进行认证。该方法还可以包括用户和应用之间的相互认证能力。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式