公开(公告)号：US09736145B1

公开(公告)日：2017-08-15

申请号：US14815699

申请日：2015-07-31

Applicant: SecureAuth Corporation

Inventor： Chris Hayes ,  Garret Florian Grajek ,  Jeffrey Chiwai Lo ,  Allen Yu Quach ,  Firas Shbeeb

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  G06F21/41

CPC classification number: H04L63/0823 ,  G06F21/33 ,  G06F21/41 ,  H04L9/321 ,  H04L9/3228 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0846

Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.

公开(公告)号：US20130333013A1

公开(公告)日：2013-12-12

申请号：US13964615

申请日：2013-08-12

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L9/3215 ,  H04L9/3228 ,  H04L63/08 ,  H04L63/0853 ,  H04L67/42

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

Abstract translation: 公开了向用户提供安全令牌对象。 安全令牌对象用于通过移动设备访问计算资源。 可以从移动设备接收安全令牌对象供应请求。 作为响应，可以发送认证请求。 基于用户提供的一组接收到的身份证件，用户对用户身份进行身份验证。 启动从安全令牌对象中提取唯一令牌标识符，并在没有用户干预的情况下完成。 从客户端计算机系统接收到的唯一令牌标识符与数据存储中的用户身份相关联。 通过提供安全令牌对象，用户可以访问计算资源。

公开(公告)号：US10567385B2

公开(公告)日：2020-02-18

申请号：US15934640

申请日：2018-03-23

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L9/32 ,  H04L29/06

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a client device, such as a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client device is associated with the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

公开(公告)号：US20180091499A1

公开(公告)日：2018-03-29

申请号：US15676689

申请日：2017-08-14

Applicant: SecureAuth Corporation

Inventor： Chris Hayes ,  Garret Florian Grajek ,  Jeffrey Chiwai Lo ,  Allen Yu Quach ,  Firas Shbeeb

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  G06F21/41

CPC classification number: H04L63/0823 ,  G06F21/33 ,  G06F21/41 ,  H04L9/321 ,  H04L9/3228 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0846

Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.

公开(公告)号：US09660974B2

公开(公告)日：2017-05-23

申请号：US14621821

申请日：2015-02-13

Applicant: SecureAuth Corporation

Inventor： Garret Florian Grajek ,  Chihwei Liu ,  Allen Yu Quach ,  Jeffrey Chiwai Lo

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  G06F21/64 ,  H04L63/0807 ,  H04L63/0838 ,  H04L63/0876 ,  H04L67/02 ,  H04L67/10 ,  H04L67/125 ,  H04L67/2814 ,  H04L2463/082

Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.

公开(公告)号：US20180295136A1

公开(公告)日：2018-10-11

申请号：US15934640

申请日：2018-03-23

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L9/3215 ,  H04L9/3228 ,  H04L63/08 ,  H04L63/0853 ,  H04L67/42

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

公开(公告)号：US09992189B2

公开(公告)日：2018-06-05

申请号：US15676689

申请日：2017-08-14

Applicant: SecureAuth Corporation

Inventor： Chris Hayes ,  Garret Florian Grajek ,  Jeffrey Chiwai Lo ,  Allen Yu Quach ,  Firas Shbeeb

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  G06F21/41

CPC classification number: H04L63/0823 ,  G06F21/33 ,  G06F21/41 ,  H04L9/321 ,  H04L9/3228 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0846

Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.

公开(公告)号：US09781097B2

公开(公告)日：2017-10-03

申请号：US14621826

申请日：2015-02-13

Applicant: SecureAuth Corporation

Inventor： Garret Florian Grajek ,  Chihwei Liu ,  Allen Yu Quach ,  Jeffrey Chiwai Lo

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0815 ,  G06F21/64 ,  H04L63/0807 ,  H04L63/0838 ,  H04L63/0876 ,  H04L67/02 ,  H04L67/10 ,  H04L67/125 ,  H04L67/2814 ,  H04L2463/082

Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.

公开(公告)号：US20170078292A1

公开(公告)日：2017-03-16

申请号：US15140074

申请日：2016-04-27

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L9/3215 ,  H04L9/3228 ,  H04L63/08 ,  H04L63/0853 ,  H04L67/42

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

Abstract translation: 公开了向用户提供安全令牌对象。 安全令牌对象用于通过移动设备访问计算资源。 可以从移动设备接收安全令牌对象供应请求。 作为响应，可以发送认证请求。 基于用户提供的一组接收到的身份证件，用户对用户身份进行身份验证。 启动从安全令牌对象中提取唯一令牌标识符，并在没有用户干预的情况下完成。 从客户端计算机系统接收到的唯一令牌标识符与数据存储中的用户身份相关联。 通过提供安全令牌对象，用户可以访问计算资源。

公开(公告)号：US20200099677A1

公开(公告)日：2020-03-26

申请号：US16556998

申请日：2019-08-30

Applicant: SecureAuth Corporation

Inventor： Garret Florian Grajek ,  Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Shu Jen Tung

IPC: H04L29/06 ,  H04W12/06

Abstract: A security object creation and validation system provides an additional factor of authentication. An authentication system as described herein provides secure two-factor authentication, such as for IT resources in an organization. The authentication system can perform generation of a security object (such as an X.509 object, Java object, persistent browser token, or other digital certificate); registration of the generated security object or of an existing security object (such as a near field communication identifier, smart card identifier, OATH token, etc.); validation of the security object as part of an authentication process; and assertion of the identity of the security object to native network resources (such as web resources, network resources, cloud resources, mobile applications, and the like) that may accept the security object. The authentication system may provide user interfaces to allow users and administrators to manage registered device inventory and revoke security objects.