公开(公告)号：US11985118B2

公开(公告)日：2024-05-14

申请号：US17613630

申请日：2021-05-13

Applicant: ADUCID S.R.O.

Inventor： Libor Neumann

IPC: H04L9/40

CPC classification number: H04L63/0823 ,  H04L63/166

Abstract: A software system that has an embedded browser, an authenticator and a data channel module where the authenticator is adapted to authenticate a user, to authenticate a data channel and to bind the user authentication with the authenticated channel is disclosed. The authenticator is further adapted to communicate with the user via a graphical user interface of the embedded browser using graphical and control primitives of the authenticator and/or using a stand-alone graphical user interface of the authenticator, and the data channel module is adapted to communicate with service provider servers via a secure protocol, to communicate with the embedded browser and to communicate with the authenticator. A method of authentication using this system increases security and user comfort when accessing services and data requiring authentication is also disclosed.

公开(公告)号：US11374920B2

公开(公告)日：2022-06-28

申请号：US16968030

申请日：2019-02-19

Applicant: ADUCID S.R.O.

Inventor： Libor Neumann

IPC: H04L67/1095 ,  H04L67/306 ,  H04L9/40

Abstract: An authentication system for use with personal electronic identity gadgets of at least one user of services in that the personal electronic identity gadgets are configured to authenticate to a main service provider and are configured to trigger synchronization of data storages of service providers. The system has a data storage of an authentication system server component of at least one main service provider. The data storage is synchronizable with data storage(s) of server component(s) of at least one other service provider, either directly or via personal electronic identity gadgets, and the authentication system server component of the at least one main service provider is configured for mapping personal electronic identity gadgets to the account of the user of services. The system offers an authentication method that allows to recover from emergencies and/or increase the user comfort and/or increase security.

公开(公告)号：US10686777B2

公开(公告)日：2020-06-16

申请号：US15737698

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： Libor Neumann

IPC: G06F21/10 ,  H04L29/06 ,  H04L9/32 ,  H04W12/06 ,  G06F21/31 ,  G06F21/32

Abstract: A method of establishing protected electronic communication, secure transfer and processing of information among three or more subjects in which, at first, a first secure authenticated channel is created using an authentication system between a first subject and a second subject, and this channel is used by the first subject, in co-operation with the second subject, to create an authentication object stored on the second subject and provided with authentication object methods, whereas the first subject configures methods of authentication object by assigning to each method of the authentication object a rights control information for at least one other subject and optionally also a rights control information for the first subject to use at least one method of the authentication object, and then the first secure authenticated channel is closed.

公开(公告)号：US20160119317A1

公开(公告)日：2016-04-28

申请号：US14893058

申请日：2014-05-21

Applicant: ADUCID S.R.O.

Inventor： Libor Neumann

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/083 ,  H04L9/3247 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/18 ,  H04L2463/061

Abstract: The invention solves the way of authentication of secured data channel between two sides (A, B) when there is at first established a non-authenticated protected data channel (1), with ending (3) of the data channel (1) on the first side (A) and ending (4) of the data channel (1) on the other side (B) and with target application (7) on the first side (A) and target application (8) on the other side (B), while the endings (3) and (4) have a non-authenticated shared secret (5), consequently, on both sides (A, B) of the data channel (1) there are calculated the data derived from non-authenticated shared secret (5), then the data derived from the non-authenticated shared secret (5) are passed via external communication means out of the data channel (1) to two sides (11, 12) of the external authentication system (2), which consequently performs authentication of communicating sides (A, B) including authentication of the data channel (1).

Abstract translation: 本发明解决了当首先建立未认证的受保护数据信道（1）时，双方（A，B）之间的安全数据信道的认证方式，其中数据信道（1）的结束（3）在 另一侧（B）上的数据通道（1）的第一侧（A）和结束（4）以及另一侧（B）上的第一侧（A）和目标应用（8）上的目标应用（7） ），而结尾（3）和（4）具有未认证的共享秘密（5），因此在数据信道（1）的两侧（A，B）上，计算从未认证的 共享秘密（5），则从非认证共享秘密（5）导出的数据经由外部通信装置从数据信道（1）传递到外部认证系统（2）的两侧（11,12） ，从而对包括数据信道（1）的认证的通信侧（A，B）进行认证。

公开(公告)号：US20220255921A1

公开(公告)日：2022-08-11

申请号：US17613630

申请日：2021-05-13

Applicant: ADUCID S.R.O.

Inventor： Libor NEUMANN

IPC: H04L9/40

Abstract: A software system that has an embedded browser, an authenticator and a data channel module where the authenticator is adapted to authenticate a user, to authenticate a data channel and to bind the user authentication with the authenticated channel is disclosed. The authenticator is further adapted to communicate with the user via a graphical user interface of the embedded browser using graphical and control primitives of the authenticator and/or using a stand-alone graphical user interface of the authenticator, and the data channel module is adapted to communicate with service provider servers via a secure protocol, to communicate with the embedded browser and to communicate with the authenticator. A method of authentication using this system increases security and user comfort when accessing services and data requiring authentication is also disclosed.

公开(公告)号：US10771441B2

公开(公告)日：2020-09-08

申请号：US15737684

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： Libor Neumann ,  Vlastimil Klima

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: A method of securing authentication in electronic communication between at least one user authentication mechanism and at least one server authentication mechanism, wherein primary authentication is performed in the first step, and during the primary authentication a secondary authentication secret is created and shared between the user authentication and the server authentication mechanisms and is valid only for the given authentication transaction, and the secondary authentication secret is subsequently used as an input for a cryptographic transformation performed by the user authentication mechanism separately on each authentication vector element while creating the first authentication vector product, wherein authentication vector (AV) is an ordered set of authentication vector elements (AVE)(i)), wherein the first authentication vector product is transferred from the user authentication mechanism to the server authentication mechanism and is evaluated by the server authentication mechanism using the secondary authentication secret.

公开(公告)号：US20180198614A1

公开(公告)日：2018-07-12

申请号：US15737708

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： Libor NEUMANN

IPC: H04L9/32 ,  H04L9/12 ,  H04L29/06 ,  G06F21/44

CPC classification number: H04L9/321 ,  G06F21/44 ,  H04L9/12 ,  H04L9/3215 ,  H04L9/3231 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0892 ,  H04L2463/082 ,  H04W12/00403 ,  H04W12/06 ,  H04W12/1206

Abstract: The invention provides a method for mapping at least two authentication devices to a user account using an authentication server, where each authentication device connects to the authentication server using a secured communication channel; their mapping to the user account is recorded on the authentication server, and, when a transfer of data between the authentication devices mapped to the user account occurs, the data is passed over from the first authentication device to the authentication server using a secured communication channel and from the authentication server to another authentication device mapped to the account of said user using a secured communication channel, where the aforesaid secured communication channel is created by the second authentication device. This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

公开(公告)号：US20250005120A1

公开(公告)日：2025-01-02

申请号：US18291735

申请日：2022-08-03

Applicant: ADUCID S.R.O.

Inventor： Libor NEUMANN

IPC: G06F21/31

Abstract: A system and method are described for controlling access of a user to service providers and/or to target applications, in particular web or mobile applications. The system contains a client part and a server part. The client part contains an authenticator, an embedded browser and a data channel module. The authenticator is configured to authenticate the user. The authenticator is also configured to communicate with the user via a graphical user interface of the embedded browser using graphical and control primitives of the authenticator and/or using a stand-alone graphical user interface of the authenticator. The data channel module is configured to communicate with service provider servers via http/https protocol to communicate with the embedded browser and to communicate with the authenticator. The client part further contains a program memory, a variables memory and a control module configured to control the execution of programs stored in the program memory.

公开(公告)号：US10897358B2

公开(公告)日：2021-01-19

申请号：US15737708

申请日：2016-07-06

Applicant: ADUCID S.R.O.

Inventor： Libor Neumann

IPC: H04L9/32 ,  H04W12/06 ,  H04L29/06 ,  H04W12/12 ,  G06F21/44 ,  H04L9/12 ,  H04W12/00

Abstract: The invention provides a method for mapping at least two authentication devices to a user account using an authentication server, where each authentication device connects to the authentication server using a secured communication channel; their mapping to the user account is recorded on the authentication server, and, when a transfer of data between the authentication devices mapped to the user account occurs, the data is passed over from the first authentication device to the authentication server using a secured communication channel and from the authentication server to another authentication device mapped to the account of said user using a secured communication channel, where the aforesaid secured communication channel is created by the second authentication device. This procedure allows the use of a single personal local authentication factor for multiple authentication devices and increases the security of authentication of devices with authentication servers.

公开(公告)号：US10091189B2

公开(公告)日：2018-10-02

申请号：US14893058

申请日：2014-05-21

Applicant: ADUCID s.r.o

Inventor： Libor Neumann

IPC: H04L9/32 ,  G06F17/00 ,  H04L9/00 ,  H04L29/06

Abstract: The invention solves the way of authentication of secured data channel between two sides (A, B) when there is at first established a non-authenticated protected data channel (1), with ending (3) of the data channel (1) on the first side (A) and ending (4) of the data channel (1) on the other side (B) and with target application (7) on the first side (A) and target application (8) on the other side (B), while the endings (3) and (4) have a non-authenticated shared secret (5), consequently, on both sides (A, B) of the data channel (1) there are calculated the data derived from non-authenticated shared secret (5), then the data derived from the non-authenticated shared secret (5) are passed via external communication means out of the data channel (1) to two sides (11, 12) of the external authentication system (2), which consequently performs authentication of communicating sides (A, B) including authentication of the data channel (1).