会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
下载
著录项
PDF全文
热词
    • 1. 发明申请
      US20110113245A1 ONE TIME PIN GENERATION 有权
    • ONE TIME PIN GENERATION
    • 一次性生成
    • US20110113245A1
    • 2011-05-12
    • US12943200
    • 2010-11-10
    • Rammohan Varadarajan
    • Rammohan Varadarajan
    • H04L9/32G06F21/00
    • G06Q20/32G06F21/34G06Q20/18G06Q20/227G06Q20/3552G06Q20/385G07F7/1075G07F7/122H04L9/0863H04L9/3228H04L2209/56
    • A method and system is provided for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for any transaction requiring a user PIN input, including ATM and debit card transactions, secure access and online transactions.
    • 提供了一种方法和系统,用于生成被配置为用作来自用户设备的用户帐户的个人识别号码(PIN)的一次性密码(OTP)。 可以使用OTP生成器生成OTP,其可以包括用户账户特定的OTP密钥的算法。 OTP密钥可以通过使用PIN或由用户设备定义的唯一机器标识符的加密,混淆或加密伪装进行伪装。 从用户设备获取OTP可能需要输入数据元素,其可以是PIN,字符串,图像,生物特征参数,诸如机器有效速度校准(MESC)的用户设备标识符或其他数据 。 OTP可用于需要用户PIN输入的任何交易,包括ATM和借记卡交易,安全访问和在线交易。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 3. 发明申请
      US20100217825A1 SYSTEM AND METHOD FOR IDENTIFYING A MASKED IP ADDRESS 有权
    • SYSTEM AND METHOD FOR IDENTIFYING A MASKED IP ADDRESS
    • 用于识别被屏蔽的IP地址的系统和方法
    • US20100217825A1
    • 2010-08-26
    • US12643198
    • 2009-12-21
    • Rajendra A. Gopalakrishna
    • Rajendra A. Gopalakrishna
    • G06F15/16
    • H04L67/02H04L69/16
    • A system identifies a real Internet Protocol (IP) address of a computer device having a browser and software for masking the real IP address. The system includes a server in communication with the device through an Anonymous Proxy Server (APS), an algorithm, and a website with embedded dynamic web content from the server. The algorithm identifies the real IP address, and executes the dynamic web content on the browser to open a direct network connection between the server and device. The network connection identifies the real IP address. A method for identifying the real IP address includes embedding dynamic web content within the website, executing the content within the browser when the device accesses the website via a first network connection, thereby opening a second network connection between the server and device. The real IP address is identified over the second network connection, and a security action may be executed.
    • 系统识别具有用于屏蔽真实IP地址的浏览器和软件的计算机设备的真实互联网协议(IP)地址。 该系统包括通过匿名代理服务器(APS),算法和具有来自服务器的嵌入式动态web内容的网站与设备通信的服务器。 该算法识别真实的IP地址,并在浏览器上执行动态Web内容,以打开服务器和设备之间的直接网络连接。 网络连接识别真实的IP地址。 用于识别真实IP地址的方法包括在网站内嵌入动态网页内容,当设备经由第一网络连接访问网站时,在浏览器内执行内容,从而在服务器和设备之间打开第二网络连接。 通过第二网络连接识别真实的IP地址,并且可以执行安全动作。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 4. 发明申请
      US20090165109A1 CONTROLLED AND CLIENT-SIDE AUTHENTICATION MODULE 有权
    • CONTROLLED AND CLIENT-SIDE AUTHENTICATION MODULE
    • 控制和客户端认证模块
    • US20090165109A1
    • 2009-06-25
    • US12272205
    • 2008-11-17
    • Geoffrey Hird
    • Geoffrey Hird
    • H04L9/32G06F21/00
    • G06F21/33H04L9/0631H04L9/3226H04L9/3263H04L2209/60
    • A computerized method of accessing a secure resource using an application associated with a user's computing device is provided. The application is programmed, in part, to monitor user browsing activity and wherein the application has associated therewith one or more predefined Uniform Resource Locaters (URLs) to trusted sites, each having an associated trusted root certificate and security key. The method includes the application detecting a user attempt to log into a secure resource, the application scanning in-process browser processes to identify a browser process that is in a login state, the application associating the browser process in a login state with one of the trusted sites, the application initiating a new browser session with the trusted site using the associated predefined URL, the application obtaining a login password from the user, the application supplying to the trusted site the associated security key and login password, and the user's computer displaying subsequent browsing activity.
    • 提供了使用与用户计算设备相关联的应用访问安全资源的计算机化方法。 应用程序部分地被编程以监视用户浏览活动,并且其中应用已经将一个或多个预定义的统一资源定位器(URL)与受信任站点相关联,每个具有关联的可信根证书和安全密钥。 该方法包括检测用户尝试登录到安全资源的应用程序,应用程序扫描进程内浏览器进程以识别处于登录状态的浏览器进程,该应用将登录状态中的浏览器进程与 所述应用程序使用所述相关联的预定义URL发起与所述可信站点的新的浏览器会话,所述应用程序从所述用户获取登录密码,所述应用程序向所述信任站点提供相关联的安全密钥和登录密码,以及所述用户的计算机显示 后续浏览活动。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 5. 发明授权
      US06956950B2 Computer readable medium having a private key encryption program 有权
    • Computer readable medium having a private key encryption program
    • 具有私钥加密程序的计算机可读介质
    • US06956950B2
    • 2005-10-18
    • US09750511
    • 2000-12-27
    • Balas Natarajan Kausik
    • Balas Natarajan Kausik
    • G09C1/00H04L9/08H04L9/30H04L9/32H04L9/00
    • G07F7/1008G06F21/6245G06F2221/2127G06Q20/02G06Q20/3829G07F7/1025H04L9/0894H04L9/3226H04L9/3247H04L9/3268H04L63/08H04L2209/08H04L2209/20H04L2209/56
    • A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased. Thus, the wallet can be forgiving of typographic or transposition errors, yet a hacker trying large numbers of PINs will eventually guess a pseudo-valid (but still incorrect) PIN and recover a candidate private key whose fraudulent use will be detected. The wallet may be used with associated key generation, certification, and verification technologies. Such technologies may include pseudo-public keys embedded in pseudo-public certificates, i.e., public keys that are not generally known and which are contained in certificates that are verifiable only by entities so authorized by the certifying authority.
    • 数字钱包存储加密伪装的访问控制数据,例如在用户PIN下加密的私钥。 输入正确的PIN码将正确解密存储的密钥。 某些伪有效PIN的输入也将解密所存储的密钥,但是不合适地导致候选密钥与正确的密钥无法区分。 这种伪有效的PIN在PIN的空间上薄薄地扩展,使得用户在输入正确的PIN时不太可能通过印刷错误实现伪有效的PIN。 在缺少伪有效PIN的现有钱包技术中,只有正确的PIN产生解密密钥; 因此,黑客可以通过输入所有可能的PIN来找到正确的PIN,直到产生密钥。 本发明的多个候选密钥防止黑客知道他何时找到正确的密钥。 此外,黑客检测可以离线移动到接受用候选键签名的消息的设备中,和/或可以增加锁定阈值。 因此,钱包可以宽恕印刷或转置错误,但是黑客尝试大量的PIN码最终会猜到一个伪有效的(但仍然是错误的)PIN码,并且恢复将会检测到欺骗性使用的候选私钥。 钱包可以与相关的密钥生成,认证和验证技术一起使用。 这样的技术可以包括嵌入伪公共证书中的伪公钥,即公知密钥,这些公开密钥通常不是已知的,并且包含在只能由认证机构授权的实体可验证的证书中。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Espacenet 法律信息 同族专利 专利引用
    • 7. 发明申请
      US20020126850A1 Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys 有权
    • Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
    • 用于加密密钥存储的方法和装置,其中密钥服务器通过拥有和安全分发所存储的密钥进行认证
    • US20020126850A1
    • 2002-09-12
    • US10093881
    • 2002-03-08
    • Arcot Systems, Inc.
    • Robert AllenRobert A. JerdonekJohn WangTom Wu
    • H04L009/00
    • H04L9/083H04L9/0825H04L9/0897H04L9/3228
    • A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.
    • 密钥管理系统包括存储在由安全地存储在密钥服务器上的控制密钥保护的第一系统上的安全数据。 安全数据是针对诸如未授权使用,修改或访问之类的攻击而进行的,其中访问安全数据的授权通过访问密钥对的访问私钥的知识来确定。 当授权用户访问安全数据时,第一系统生成对密钥服务器的请求,该密钥服务器用访问私钥签名,其中该请求是用于解密控制密钥,并且该请求包括一个 密钥对由第一个系统生成的请求。 第一系统可以使用一次性私钥从响应中解密解密控制密钥。 然后,第一系统可以利用解密控制密钥在传输中保持固定来解密安全数据。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 8. 发明申请
      US20010008012A1 Computer-readable medium having a private key encryption program 有权
    • Computer-readable medium having a private key encryption program
    • 具有私钥加密程序的计算机可读介质
    • US20010008012A1
    • 2001-07-12
    • US09750511
    • 2000-12-27
    • Arcot Systems, Inc.
    • Balas Natarajan Kausik
    • H04L009/32G06K019/073
    • G07F7/1008G06F21/6245G06F2221/2127G06Q20/02G06Q20/3829G07F7/1025H04L9/0894H04L9/3226H04L9/3247H04L9/3268H04L63/08H04L2209/08H04L2209/20H04L2209/56
    • A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased. Thus, the wallet can be forgiving of typographic or transposition errors, yet a hacker trying large numbers of PINs will eventually guess a pseudo-valid (but still incorrect) PIN and recover a candidate private key whose fraudulent use will be detected. The wallet may be used with associated key generation, certification, and verification technologies. Such technologies may include pseudo-public keys embedded in pseudo-public certificates, i.e., public keys that are not generally known and which are contained in certificates that are verifiable only by entities so authorized by the certifying authority.
    • 数字钱包存储加密伪装的访问控制数据,例如在用户PIN下加密的私钥。 输入正确的PIN码将正确解密存储的密钥。 某些伪有效PIN的输入也将解密所存储的密钥,但是不合适地导致候选密钥与正确的密钥无法区分。 这种伪有效的PIN在PIN的空间上薄薄地扩展,使得用户在输入正确的PIN时不太可能通过印刷错误实现伪有效的PIN。 在缺少伪有效PIN的现有钱包技术中,只有正确的PIN产生解密密钥; 因此,黑客可以通过输入所有可能的PIN来找到正确的PIN,直到产生密钥。 本发明的多个候选密钥防止黑客知道他何时找到正确的密钥。 此外,黑客检测可以离线移动到接受用候选键签名的消息的设备中,和/或可以增加锁定阈值。 因此,钱包可以宽恕印刷或转置错误,但是黑客尝试大量的PIN码最终会猜到一个伪有效的(但仍然是错误的)PIN码,并且恢复将会检测到欺骗性使用的候选私钥。 钱包可以与相关的密钥生成,认证和验证技术一起使用。 这样的技术可以包括嵌入伪公共证书中的伪公钥,即公知密钥,这些公开密钥通常不是已知的,并且包含在只能由认证机构授权的实体可验证的证书中。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 9. 发明申请
      US20110208964A1 METHOD AND APPARATUS FOR APPLYING A PARTIAL PASSWORD IN A MULTI-FACTOR AUTHENTICATION SCHEME 有权
    • METHOD AND APPARATUS FOR APPLYING A PARTIAL PASSWORD IN A MULTI-FACTOR AUTHENTICATION SCHEME
    • 在多因素认证方案中应用部分密码的方法和装置
    • US20110208964A1
    • 2011-08-25
    • US13010826
    • 2011-01-21
    • VenkataBabji Sama
    • VenkataBabji Sama
    • H04L9/32
    • H04L63/083G06F21/31G06F2221/2103H04L9/3226H04L9/3271
    • A method includes receiving, via a server, a User ID and Password from a client device, and generating a Secret PIN (SPIN). Values for a Partial Password and an encrypted version of the SPIN (ESPIN) are determined. The method includes challenging a user of the client device with a challenge that prompts the user to enter the Partial Password and an ESPIN. An Additional Factor, e.g., a One-Time Password from a Shared Secret, is locked using the SPIN. The Partial Password and challenge unlock the Additional Factor. The method includes authenticating the identity using the unlocked Additional Factor. A system includes a server in communication with a client device, and a non-transitory memory device on which is recorded process instructions for authenticating the identity of a user of the client device. The server executes the instructions to thereby authenticate the identity of the user using the unlocked Additional Factor.
    • 一种方法包括经由服务器从客户端设备接收用户ID和密码,以及生成秘密密码(SPIN)。 确定部分密码和加密版本的SPIN(ESPIN)的值。 该方法包括用提示用户输入部分密码和ESPIN的挑战来挑战客户端设备的用户。 使用SPIN来锁定附加因素,例如来自共享秘密的一次性密码。 部分密码和挑战解锁附加因素。 该方法包括使用未锁定的附加因子来验证身份。 系统包括与客户端设备进行通信的服务器以及在其上记录有用于认证客户端设备的用户的身份的处理指令的非暂时性存储设备。 服务器执行指令,从而使用未锁定的附加因子来验证用户的身份。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 10. 发明申请
      US20110184867A1 SYSTEM AND METHOD FOR GENERATING A DYNAMIC CARD VALUE 有权
    • SYSTEM AND METHOD FOR GENERATING A DYNAMIC CARD VALUE
    • 用于产生动态卡值的系统和方法
    • US20110184867A1
    • 2011-07-28
    • US13013038
    • 2011-01-25
    • Rammohan Varadarajan
    • Rammohan Varadarajan
    • G06Q20/00G06Q40/00G06K5/00
    • G06Q20/3433G06Q20/04G06Q20/32G06Q20/385G06Q20/40G06Q20/4018
    • A method and system is provided for generating a dynamic card value (DCV) from a mobile user device for use in a transaction between a user cardholder and a transaction provider. The DCV may be configured for use as a card verification value (CVV), also known as a card security code (CSC), a primary account number (PAN), or a portion of a PAN. The DCV may be generated using a DCV generator which may include an algorithm and a DCV generation key. The DCV generation key may be camouflaged. Obtaining a DCV from the user device may require inputting a PIN, a device identifier, a challenge or transaction information. The DCV may be used for any transaction requiring the input of a user identification number and a verification value, including, credit card transactions, debit card transactions, online or telephonic transactions.
    • 提供了一种用于从移动用户设备生成用于用户持卡人和交易提供商之间的交易中的动态卡值(DCV)的方法和系统。 DCV可以被配置为用作卡验证值(CVV),也称为卡安全码(CSC),主帐号(PAN)或PAN的一部分。 DCV可以使用可以包括算法和DCV生成密钥的DCV生成器来生成。 DCV生成密钥可能被伪装。 从用户设备获取DCV可能需要输入PIN,设备标识符,挑战或交易信息。 DCV可用于需要输入用户识别码和验证值的任何交易,包括信用卡交易,借记卡交易,在线或电话交易。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
每页展示10个专利
每页展示10个专利
每页展示20个专利
每页展示50个专利
每页展示100个专利

IPRDB

最新中国发明专利 最新美国发明专利 技术领域 专利库 专利分类库 国际专利分类库

热门服务

会员版试用 API 数据接口 找代理 知嘟嘟专利交易 排行榜 大学排行榜 专利百科

关于我们

平台介绍 战略合作 网站地图

友情链接

知嘟嘟专利交易 国家知识产权局 中国商标网

联系方式


©2019-2023 上海吉码数字技术有限公司 版权所有,并保留所有权利 沪ICP备20016256号-6 沪公网安备31011702005475号