Patent application number | Description | Published |
20090222658 | ROAMING UTILIZING AN ASYMMETRIC KEY PAIR - Techniques for generating a portion of a split private key are provided. A first symmetric key and a second symmetric key different than the first symmetric key are generated at a first location. The generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key are transmitted. Then, at a second network location, the symmetric keys are again generated. The encrypted first factor is received at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location. The received encrypted first factor is then decrypted with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair. | 09-03-2009 |
20090254745 | EFFICIENT SECURITY FOR MASHUPS - The present invention provides a method that facilitates secure cross domain mashups in an efficient fashion. The invention allows a first entity, the Masher, to establish at a second entity, the User, a secure mashup by obtaining information from, or taking actions at, a third entity, the Mashee, by using a novel twist to the SSL protocol. The invention is further extended to secure a hub and widget architecture, which allows one Masher to establish at a User, communication with several Mashees. Mutual authentication of all entities, key distribution for authentication, privacy and code verification and dynamic authorization based on the certificate information are provided by the invention. | 10-08-2009 |
20100005297 | MASHSSL: A NOVEL MULTI PARTY AUTHENTICATION AND KEY EXCHANGE MECHANISM BASED ON SSL - The present invention provides a method that allows three parties to mutually authenticate each other and share an encrypted channel. The invention is based on a novel twist to the widely used two party transport level SSL protocol. One party, typically a user at a browser, acts as a man in the middle between the other two parties, typically two web servers with regular SSL credentials. The two web servers establish a standard mutually authenticated SSL connection via the user's browser, using a novel variation of the SSL handshake that guarantees that a legitimate user is in the middle. | 01-07-2010 |
20100202609 | SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS - Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion. | 08-12-2010 |
20110047372 | MASHAUTH: USING MASHSSL FOR EFFICIENT DELEGATED AUTHENTICATION - The present invention provides a method that allows the MashSSL protocol to be used to provide a secure and efficient way for delegated authentication. The invention allows services which already have an SSL infrastructure to reuse that infrastructure for delegated authentication, and to do so in a fashion where the cryptographic overhead is amortized across multiple users, and which provides the user with greater control of what information is shared on their behalf. | 02-24-2011 |
20110047381 | SAFEMASHUPS CLOUD TRUST BROKER - The present invention provides a new method for policy enforcement in a virtualized or cloud environment. We break down the environment into layers, which are further sub-divided into security units. Each security unit has a security profile based on its own security properties and those of the layers below. The security profile also reflects the floor, ceiling and wall security properties. Each security unit has an agent which is used to establish communications with other security units. Such communication is mediated by a cloud trust broker which determines if the communication is permitted based on access control list or else retrieves the security profiles and applies pre-defined rules. If the communications are allowed the cloud trust broker runs a mutual authentication and key distribution protocol that results in the two security units obtaining a session key which they can then use for further communications which can proceed directly. | 02-24-2011 |
20110099379 | AUGMENTED SINGLE FACTOR SPLIT KEY ASYMMETRIC CRYPTOGRAPHY-KEY GENERATION AND DISTRIBUTOR - A system for authenticating a user of a communication network is disclosed. The system includes a user station associated with the user and an authenticating station communicatively coupled to the user station via the communication network. The authenticating station is configured to authenticate the user. The authenticating station is further configured to perform an operation, which includes receiving a first value, from a user station associated with the user, via the communication network. The first value represents a first user credential. A first key portion is generated based on the first value and a second value that is unknown to the user. The first key portion, along with a second key portion, is used for authenticating credentials of the user for a predefined period of time or for authenticating user credentials for a predefined number of times. The second key portion is generated based on the first key portion. A cookie that includes the second value or a value derived from the second value is generated and transmitted to the user station and then the second value is destroyed. | 04-28-2011 |
20110107407 | NEW METHOD FOR SECURE SITE AND USER AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the'web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user. | 05-05-2011 |
20110179472 | METHOD FOR SECURE USER AND SITE AUTHENTICATION - The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window. The user copies this one time password into their browser which sends it to the web site, which can re-compute the one time password to authenticate the user. | 07-21-2011 |
20110185405 | METHOD FOR SECURE USER AND TRANSACTION AUTHENTICATION AND RISK MANAGEMENT - To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret. | 07-28-2011 |
20130167213 | METHOD AND SYSTEM FOR VERIFYING USER INSTRUCTIONS - A method for verifying instructions communicated from a user to a relying entity is described. A trusted entity receives a request from the relying entity to verify instructions received from the user wherein the request includes verification information corresponding to the instructions communicated to the relying entity from the user. The trusted entity sends a request to the user to provide verification information corresponding to the instructions. The trusted entity receives the verification information from the user and compares it to the verification information received from the relying entity. The trusted entity then verifies the instructions based on the comparing. | 06-27-2013 |