公开(公告)号：US10567385B2

公开(公告)日：2020-02-18

申请号：US15934640

申请日：2018-03-23

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L9/32 ,  H04L29/06

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a client device, such as a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client device is associated with the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

公开(公告)号：US20180167222A1

公开(公告)日：2018-06-14

申请号：US15882066

申请日：2018-01-29

Applicant: SecureAuth Corporation

Inventor： Garret Florian Grajek ,  Jeffrey Chiwai Lo ,  Mark V. Lambiase

IPC: H04L9/32 ,  H04L9/30 ,  H04L29/06 ,  H04L9/14

CPC classification number: H04L9/3268 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297 ,  H04L63/06 ,  H04L63/0823 ,  H04L2209/56 ,  H04L2209/805

Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.

公开(公告)号：US08812838B2

公开(公告)日：2014-08-19

申请号：US13919337

申请日：2013-06-17

Applicant: SecureAuth Corporation

Inventor： Garret Florian Grajek ,  Stephen Moore ,  Mark V. Lambiase ,  Craig J. Lund

IPC: G06F21/00 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0823 ,  H04L9/3263 ,  H04L9/3268 ,  H04L63/12 ,  H04L63/123 ,  H04L2209/56 ,  H04L2209/80

Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term.

Abstract translation: 通过包括将数值分配给证书期限的过程建立数字证书的有效持续时间。 分配给每个证书条款的数值代表有效的持续时间。 该方法继续通过识别一个证书项，其可以包括请求用户选择证书项。 该方法可以包括将所请求的证书项发送到服务器。 所要求的证书字段通过证书请求发送。 服务器被配置为将与请求的证书项相关联的数值转换为持续时间计数器值。 该方法还可以包括从服务器接收的证书服务器，证书请求包括持续时间计数器值。 该方法可以将签名的证书请求发送到能够用所请求的证书项生成数字证书的客户端设备。

公开(公告)号：US08700901B2

公开(公告)日：2014-04-15

申请号：US13692841

申请日：2012-12-03

Applicant: SecureAuth Corporation

Inventor： Craig Lund ,  Garret F. Grajek ,  Stephen Moore ,  Mark V. Lambiase

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L9/3273 ,  H04L9/0643 ,  H04L9/3239 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/166

Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.

Abstract translation: 根据本发明的一个方面提供一种用于相互认证身份和服务器的方法和系统。 该方法从服务器发送令牌开始。 此后，该方法继续建立安全数据传输链路。 在建立安全数据传输链路期间发送服务器证书。 该方法继续向服务器发送响应分组，由此在接收到该响应分组时被验证。 该系统包括启动安全数据传输链路并发送响应分组的认证模块，以及发送令牌并验证响应分组的服务器认证模块。

公开(公告)号：US11223614B2

公开(公告)日：2022-01-11

申请号：US16537328

申请日：2019-08-09

Applicant: SecureAuth Corporation

Inventor： Mark V. Lambiase ,  Garret Florian Grajek ,  Jeffrey Chiwai Lo ,  Tommy Ching Hsiang Wu

IPC: H04L29/06 ,  G06F21/33 ,  G06F21/41 ,  H04L9/32

Abstract: The authentication of a client to multiple server resources with a single sign-on procedure using multiple factors is disclosed. One contemplated embodiment is a method in which a login session is initiated with the authentication system of a primary one of the multiple server resources. A first set of login credentials is transmitted thereto, and validated. A token is stored on the client indicating that the initial authentication was successful, which is then used to transition to a secondary one of the multiple resources. A second set of login credentials is also transmitted, and access to the secondary one of the multiple resources is granted on the basis of a validated token and second set of login credentials.

公开(公告)号：US20160308682A1

公开(公告)日：2016-10-20

申请号：US15074615

申请日：2016-03-18

Applicant: SecureAuth Corporation

Inventor： Craig J. Lund ,  Garret F. Grajek ,  Stephen Moore ,  Mark V. Lambiase

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/06

CPC classification number: H04L9/3273 ,  H04L9/0643 ,  H04L9/3239 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/166

Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.

公开(公告)号：US20140344567A1

公开(公告)日：2014-11-20

申请号：US14256270

申请日：2014-04-18

Applicant: SecureAuth Corporation

Inventor： Garret Florian Grajek ,  Jeffrey Chiwai Lo ,  Mark V. Lambiase

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3268 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297 ,  H04L63/06 ,  H04L63/0823 ,  H04L2209/56 ,  H04L2209/805

Abstract: Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.

Abstract translation: 公开了管理数字证书的方法，包括发行，验证和撤销。 各种实施例涉及使用与特定客户端标识对应的条目来查询目录服务，并具有包括证书颁发限制和证书有效时间值的属性。 有效时间值可调，可以根据其中包含的有效性标识符中列出的时间间隔有选择地撤销证书。

公开(公告)号：US20130333013A1

公开(公告)日：2013-12-12

申请号：US13964615

申请日：2013-08-12

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L9/3215 ,  H04L9/3228 ,  H04L63/08 ,  H04L63/0853 ,  H04L67/42

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

Abstract translation: 公开了向用户提供安全令牌对象。 安全令牌对象用于通过移动设备访问计算资源。 可以从移动设备接收安全令牌对象供应请求。 作为响应，可以发送认证请求。 基于用户提供的一组接收到的身份证件，用户对用户身份进行身份验证。 启动从安全令牌对象中提取唯一令牌标识符，并在没有用户干预的情况下完成。 从客户端计算机系统接收到的唯一令牌标识符与数据存储中的用户身份相关联。 通过提供安全令牌对象，用户可以访问计算资源。

公开(公告)号：US20180295136A1

公开(公告)日：2018-10-11

申请号：US15934640

申请日：2018-03-23

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L9/3215 ,  H04L9/3228 ,  H04L63/08 ,  H04L63/0853 ,  H04L67/42

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

公开(公告)号：US20170078292A1

公开(公告)日：2017-03-16

申请号：US15140074

申请日：2016-04-27

Applicant: SecureAuth Corporation

Inventor： Allen Yu Quach ,  Jeffrey Chiwai Lo ,  Garret Florian Grajek ,  Mark V. Lambiase

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L9/3215 ,  H04L9/3228 ,  H04L63/08 ,  H04L63/0853 ,  H04L67/42

Abstract: The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a mobile device. A security token object provisioning request may be received from the mobile device. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.

Abstract translation: 公开了向用户提供安全令牌对象。 安全令牌对象用于通过移动设备访问计算资源。 可以从移动设备接收安全令牌对象供应请求。 作为响应，可以发送认证请求。 基于用户提供的一组接收到的身份证件，用户对用户身份进行身份验证。 启动从安全令牌对象中提取唯一令牌标识符，并在没有用户干预的情况下完成。 从客户端计算机系统接收到的唯一令牌标识符与数据存储中的用户身份相关联。 通过提供安全令牌对象，用户可以访问计算资源。