专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07206936B2 Revocation and updating of tokens in a public key infrastructure system 有权
标题翻译：撤销和更新公钥基础设施系统中的令牌
公开(公告)号：US07206936B2
公开(公告)日：2007-04-17
申请号：US10027944
申请日：2001-12-19
申请人： Kenneth W. Aull , Thomas C. Kerr , William E. Freeman , Mark A. Bellmore
发明人： Kenneth W. Aull , Thomas C. Kerr , William E. Freeman , Mark A. Bellmore
IPC分类号： H04L9/30 , H04L29/02
CPC分类号： G07F7/1008 , G06Q20/341 , G06Q20/3576 , G06Q20/40975 , H04L9/006 , H04L9/0897 , H04L9/3234 , H04L9/3268
摘要： A method and computer program to revoke and update a token (130) having several encryption, signature and role certificates/private keys contained in the token (130). The certificates/private keys in the token 130 are transmitted wrapped by a public key and may only be activated by a private key contained in the token (130). The activation of any certificate/private key requires the entry of a passphrase by a user (132). Further, all certificates/private keys contained in a token (130) are stored in an authoritative database 104. In the event that a token (130) is lost then all certificates/private keys associated with the token (130) are revoked. Further, when new certificates/private keys are issued to a user (132) these certificates/private keys are encrypted using the token's (130) public key and downloaded to the token (130).
摘要翻译：一种方法和计算机程序，用于撤销和更新具有包含在令牌（130）中的几个加密，签名和角色证书/私钥的令牌（130）。令牌130中的证书/私钥被公开密钥传送，并且只能被包含在令牌（130）中的私钥激活。任何证书/私钥的激活都需要用户输入密码（132）。此外，包含在令牌（130）中的所有证书/私钥存储在权威数据库104中。在令牌（130）丢失的情况下，与令牌（130）相关联的所有证书/私钥被撤销。此外，当向用户（132）发出新的证书/私钥时，这些证书/私钥使用令牌的（130）公钥加密并被下载到令牌（130）。

2. 发明授权

US07047409B1 Automated tracking of certificate pedigree 有权
标题翻译：自动跟踪证书谱系
公开(公告)号：US07047409B1
公开(公告)日：2006-05-16
申请号：US09690279
申请日：2000-10-16
申请人： Kenneth W. Aull , Vincent J. McCullough
发明人： Kenneth W. Aull , Vincent J. McCullough
IPC分类号： H04L9/32
CPC分类号： H04L63/0815 , G06F21/33 , G06F21/6209 , G06F21/6218 , G06F21/6236 , G06F2221/2113 , H04L9/006 , H04L9/3226 , H04L9/3247 , H04L9/3263 , H04L63/0442 , H04L63/0823
摘要： A method of automatically tracking a certificate pedigree is provided, in which a new user is provided with a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust bearing a relationship to a category of hardware of which the provided piece of hardware is a member. An automated registration arrangement is provided which can be accessed only by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein. When the new user accesses the automated registration arrangement using the provided piece of hardware, the automated registration arrangement provides the new user with an individual signature certificate having a level of trust commensurate with that of the pedigree certificate. The automated registration arrangement flags the new user's individual signature certificate with the level of trust of the pedigree certificate in an appropriate storage area, including the certificate itself.
摘要翻译：提供了一种自动跟踪证书谱系的方法，其中向新用户提供包含存储在其中的预定血统证书的硬件，所述预定血统证书具有与其硬件类别有关系的信任级别所提供的硬件是成员。提供了一种自动登记装置，其只能由具有包含其中存储有特定信任级别的预定血统证书的硬件的用户访问。当新用户使用所提供的硬件访问自动注册安排时，自动注册安排向新用户提供具有与血统证书相当的信任级别的个人签名证书。自动注册安排将新用户的个人签名证书与合格证书的信任级别标记在适当的存储区域中，包括证书本身。

3. 发明授权

US07805614B2 Secure local or remote biometric(s) identity and privilege (BIOTOKEN) 有权
标题翻译：安全的本地或远程生物识别和特权（BIOTOKEN）
公开(公告)号：US07805614B2
公开(公告)日：2010-09-28
申请号：US11094452
申请日：2005-03-31
申请人： Kenneth W. Aull , William Gravell , James B. Rekas
发明人： Kenneth W. Aull , William Gravell , James B. Rekas
IPC分类号： G06F7/04 , G06F21/00 , H04L29/06 , H04L9/32 , H04L9/00 , H04L9/08 , H04K1/00
CPC分类号： G06F21/34 , G06F21/32 , H04L9/3231 , H04L9/3263 , H04L2209/80
摘要： A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.
摘要翻译：提供了使用生物识别技术进行安全身份识别处理的方法。从BIOTOKEN收到一个公钥和一个唯一的序列号。生成随机数。随机数和唯一的序列号被发送到BIOTOKEN。将从BIOTOKEN接收到的序列号与唯一序列号进行比较，如果存在匹配，则由BIOTOKEN发送的加密对称密钥将使用公钥解密。使用解密的对称密钥对与用户相关联的加密的随机数和加密的生物特征数据进行解密。将解密的随机数与发送的随机数进行比较，如果存在匹配，则生物特征数据被验证，解密的生物特征数据被验证，并且接收的序列号和公钥被发送到认证机构。与BIOTOKEN相关联的认证证书由认证机构颁发。

4. 发明授权

US07069440B2 Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system 有权
标题翻译：使用现有的强认证PKI系统从外部PKI系统获取单点登录证书的技术
公开(公告)号：US07069440B2
公开(公告)日：2006-06-27
申请号：US09822958
申请日：2001-03-30
申请人： Kenneth W. Aull
发明人： Kenneth W. Aull
IPC分类号： H04L9/00
CPC分类号： H04L63/0815 , G06F21/33 , G06F21/604 , G06F21/6209 , G06F21/6218 , G06F21/6236 , G06F2221/2113 , G06F2221/2119 , H04L9/006 , H04L9/3234 , H04L9/3247 , H04L9/3268 , H04L63/0442 , H04L63/0823 , H04L63/083 , Y10S707/99952
摘要： A method and computer program in which a user (132) may have a digital certificate created using a strong authentication technique. Once the user has the digital certificate he may then request the generation of a “single sign-on” certificate that will allow the user (132) access to a foreign computer networks. This is accomplished by the user (132) contacting a registration web server (124) and requesting the generation of “single sign-on” for the foreign computer network. Thereafter, the registration web server (124) may take a public key generated based on the digital certificate and request the creation of a “single sign-on” by simply creating a public key from the digital certificate.
摘要翻译：一种方法和计算机程序，其中用户（132）可以具有使用强认证技术创建的数字证书。一旦用户具有数字证书，他可以请求生成将允许用户（132）访问外部计算机网络的“单一登录”证书。这是由用户（132）与注册网络服务器（124）联系并请求为外部计算机网络生成“单点登录”来完成的。此后，注册网络服务器（124）可以采用基于数字证书生成的公钥，并通过简单地从数字证书创建公钥来请求创建“单点登录”。

5. 发明授权

US07028180B1 System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature 有权
标题翻译：在加密中使用角色证书的系统和方法以及密封，数字印记和签名
公开(公告)号：US07028180B1
公开(公告)日：2006-04-11
申请号：US09690544
申请日：2000-10-16
申请人： Kenneth W. Aull , Vincent J. McCullough , James I. Northrup
发明人： Kenneth W. Aull , Vincent J. McCullough , James I. Northrup
IPC分类号： H04L9/00
CPC分类号： G06F21/602 , G06F21/335 , G06F21/604 , G06F21/6209 , G06F21/6218 , G06F2221/2141 , G06F2221/2149 , H04L9/3247 , H04L9/3268 , H04L63/065 , H04L63/0823 , H04L63/104 , H04L2209/56
摘要： A method and computer program in which a user (132) may access the registration web server for the purpose of creating and utilizing a role certificate. This role certificate has policies associated with it and may be utilized for both encryption and as a digital signature. Individuals in a group share the same role certificate and can sign on behalf of the group. Further, individuals may decrypt messages sent to the group or any member of the group which have been encrypted using the role certificate. This method and computer program utilizes a directory (108) to maintain a list of all role certificates, their respective role administrators and all members of the organization that may utilize them. A key recovery authority (114) is utilized to recover expired role certificates. A certificate authority (110) is utilized to create and delete these role certificates. Further, a registration authority (112) is utilized to add and remove a previously created role.
摘要翻译：一种方法和计算机程序，其中用户（132）可以访问注册web服务器以创建和利用角色证书。此角色证书具有与之相关联的策略，可用于加密和数字签名。组中的个人拥有相同的角色证书，并可以代表该组签名。此外，个人可以解密使用角色证书发送到组或已经被加密的组的任何成员的消息。该方法和计算机程序使用目录（108）来维护所有角色证书的列表，其各自的角色管理员以及可以利用它们的组织的所有成员。利用密钥恢复权限（114）来恢复到期的角色证书。使用证书颁发机构（110）创建和删除这些角色证书。此外，使用注册机构（112）来添加和删除先前创建的角色。

6. 发明授权

US06941455B2 System and method for cross directory authentication in a public key infrastructure 有权
标题翻译：公共密钥基础设施中的跨目录身份验证的系统和方法
公开(公告)号：US06941455B2
公开(公告)日：2005-09-06
申请号：US09823477
申请日：2001-03-30
申请人： Kenneth W. Aull
发明人： Kenneth W. Aull
IPC分类号： G06F12/14 , G06F21/00 , G06F21/24 , H04L9/32 , H04L29/06 , H04L9/00
CPC分类号： H04L63/0823 , G06F21/33 , G06F21/604 , G06F21/6209 , G06F21/6218 , G06F21/6236 , G06F2221/2113 , G06F2221/2119 , H04L9/006 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/0227 , H04L63/0272 , H04L63/0442 , H04L63/083 , H04L63/12
摘要： System and method for cross directory authentication in a Public Key Infrastructure. A first directory is configured to query a second directory when receiving queries regarding signature certificates from a second enterprise PKI. The first directory is part of a first enterprise PKI, and the second directory is part of the second enterprise PKI. Access to a first enterprise PKI server is attempted by a user. The user presents a signature certificate from the second enterprise PKI to the server for authentication. A query is sent to the first directory from the server to determine if the user is allowed access to the server. A query is sent to the second directory from the first directory to determine if the user is a member of the second enterprise PKI. The server approves access to the server if the user is a member of the second enterprise PKI.
摘要翻译：公共密钥基础设施中的跨目录身份验证的系统和方法。当从第二企业PKI接收关于签名证书的查询时，第一目录被配置为查询第二目录。第一个目录是第一个企业PKI的一部分，第二个目录是第二个企业PKI的一部分。用户尝试访问第一个企业PKI服务器。用户将第二个企业PKI的签名证书提交给服务器进行认证。从服务器将查询发送到第一个目录，以确定用户是否被允许访问服务器。查询从第一个目录发送到第二个目录，以确定用户是否是第二个企业PKI的成员。如果用户是第二个企业PKI的成员，则服务器批准访问服务器。

7. 发明授权

US06898710B1 System and method for secure legacy enclaves in a public key infrastructure 有权
标题翻译：公共密钥基础设施中的安全传统飞地的系统和方法
公开(公告)号：US06898710B1
公开(公告)日：2005-05-24
申请号：US09730044
申请日：2000-12-05
申请人： Kenneth W. Aull
发明人： Kenneth W. Aull
IPC分类号： G06F12/14 , G06F21/00 , G06F21/20 , G06F21/24 , H04L9/32 , H04L29/06 , G06F1/24
CPC分类号： H04L9/3247 , G06F21/33 , H04L9/006 , H04L9/3263 , H04L63/0272 , H04L63/0442 , H04L63/0815 , H04L63/0823
摘要： System and method for secure legacy enclaves in a Public Key Infrastructure that includes one or more legacy servers, client platforms, directories, and a Virtual Private Network extranet gateway. The servers contain one or more legacy applications and are connected to a first network. The client plafforms are connected to a second network and contain legacy software employable by users to access the legacy applications. The directories are connected to the second network and contain information on user authorization to access the servers. The gateway is connected between the servers and the second network. The gateway requests a signature certificate of each user attempting access to a legacy application; queries the directory to confirm the user is allowed access to the server after authenticating the user; and establishes a connection between the legacy software and the legacy application if the user is allowed access to the server.
摘要翻译：包括一个或多个旧服务器，客户端平台，目录和虚拟专用网络外网网关的公钥基础设施中的安全传统包围的系统和方法。服务器包含一个或多个旧应用程序，并连接到第一个网络。客户端平板电脑连接到第二个网络，并包含用户可以访问传统应用程序的旧版软件。这些目录连接到第二个网络，并包含用户访问服务器的权限信息。网关连接在服务器和第二个网络之间。网关请求尝试访问传统应用程序的每个用户的签名证书; 查询目录以确认用户在认证用户后被允许访问服务器; 并且如果用户被允许访问服务器，则在遗留软件和遗留应用之间建立连接。

8. 发明授权

US07747852B2 Chain of trust processing 有权
标题翻译：信托链处理
公开(公告)号：US07747852B2
公开(公告)日：2010-06-29
申请号：US11752957
申请日：2007-05-24
申请人： Kenneth W. Aull
发明人： Kenneth W. Aull
IPC分类号： H04L9/00
CPC分类号： H04L9/00
摘要： A technique for automatically obtaining a second certificate for a user using a first certificate includes accessing a server platform using a user's server and the first certificate of the user to create a connection that authenticates both the user's server identity via a server certificate of the user server and the user's identity via the user's first certificate. A secure data channel is then created between the server platform and the user platform. A request for the second certificate is forwarded by the user from the user server to the server platform and the sever platform then generates the second certificate. The first certificate may be a signature certificate and the second certificate may be an encryption certificate.
摘要翻译：用于使用第一证书为用户自动获得第二证书的技术包括使用用户的服务器访问服务器平台和用户的第一证书来创建通过用户服务器的服务器证书来认证用户的服务器身份的连接和用户的身份通过用户的第一个证书。然后在服务器平台和用户平台之间创建安全数据通道。第二证书的请求由用户从用户服务器转发到服务器平台，然后服务器平台生成第二证书。第一证书可以是签名证书，第二证书可以是加密证书。

9. 发明申请

US20090287935A1 COMMON ACCESS CARD HETEROGENEOUS (CACHET) SYSTEM AND METHOD 有权
标题翻译：公共访问卡异构（CACHET）系统和方法
公开(公告)号：US20090287935A1
公开(公告)日：2009-11-19
申请号：US12309636
申请日：2006-07-25
申请人： Kenneth W. Aull , Erik J. Bowman , James B. Rekas
发明人： Kenneth W. Aull , Erik J. Bowman , James B. Rekas
IPC分类号： H04K1/00
CPC分类号： H04L9/3263 , H04L9/3271 , H04L2209/60
摘要： What is disclosed is a system and method that allows a secondary certificate authority to rely on one or more existing primary certificate authorities to establish identity of a user and provide identity certificates. The secondary certificate authority applies business rules to those identity certificates to establish a community of privilege, and then issues and maintains new privilege certificates without issuing new private keys or smart cards. The new privilege certificates bind the original identity, the sponsor, i.e., the primary certificate authority, and the privilege. The new privilege certificates can be used on a Public Key Infrastructures (PKI) transaction basis, for example, to grant access to unclassified and Multi-Level Secure (MLS) resources without further reference to the existing primary certificate authorities.
摘要翻译：所披露的是允许次级证书颁发机构依赖一个或多个现有主证书机构建立用户身份并提供身份证书的系统和方法。次级证书颁发机构将业务规则应用于这些身份证书以建立特权团体，然后发出并维护新的特权证书，而不会发出新的私钥或智能卡。新的特权证书绑定原始身份，赞助商，即主证书颁发机构和权限。新的特权证书可以在公钥基础设施（PKI）交易的基础上使用，例如，授权对未分类和多级安全（MLS）资源的访问，而无需进一步参考现有的主证书颁发机构。

10. 发明授权

US07532122B2 Systems and methods for verifying the identities of RFID tags 有权
标题翻译：用于验证RFID标签身份的系统和方法
公开(公告)号：US07532122B2
公开(公告)日：2009-05-12
申请号：US11520324
申请日：2006-09-13
申请人： Kenneth W. Aull , Kenneth I. Talbot , David B. Hindin
发明人： Kenneth W. Aull , Kenneth I. Talbot , David B. Hindin
IPC分类号： G08B13/14
CPC分类号： G06K7/0008 , H04B5/0031 , H04B5/0062 , H04B5/02
摘要： Systems and methods for verifying the identities of RFID tags are provided. An RFID reader is configured to transmit an interrogation sequence to an RFID tag and recover digital information stored on the tag from an RFID response signal. A verification module is configured to extract a plurality of characteristics of the RFID response signal associated with Technically Uncontrollable RFID Features (TURF) of the RFID tag, and verify the identity of the RFID tag according to these characteristics.
摘要翻译：提供了用于验证RFID标签身份的系统和方法。 RFID读取器被配置为将询问序列发送到RFID标签，并且从RFID响应信号恢复存储在标签上的数字信息。验证模块被配置为提取与RFID标签的技术性不可控RFID特征（TURF）相关联的RFID响应信号的多个特征，并根据这些特征验证RFID标签的身份。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式