公开(公告)号：US09160732B2

公开(公告)日：2015-10-13

申请号：US14068586

申请日：2013-10-31

Applicant: SecureKey Technologies Inc.

Inventor： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Patrick Hans Engel ,  Rene McIver ,  Greg Wolfond ,  Andre Boysen

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  G06F21/00

CPC classification number: H04L63/08 ,  G06F21/00 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/0853 ,  H04L2209/56 ,  H04L2209/80

Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.

Abstract translation: 描述了通过网络在网络客户端和计算机服务器之间建立通信信道的方法。 网络客户端可以被配置为通过网络与计算机服务器通信并与令牌管理器进行通信。 令牌管理器可以配置有与令牌管理器相关联的父数字证书。 令牌管理器或网络客户端从父数字证书生成凭证，并将凭证发送到计算机服务器。 证书可能与计算机服务器相关联。 网络客户端可以根据由计算机服务器确定证书的有效性的结果与计算机服务器建立通信信道。

公开(公告)号：WO2011123940A1

公开(公告)日：2011-10-13

申请号：PCT/CA2011/000371

申请日：2011-04-08

Applicant: SECUREKEY TECHNOLOGIES INC. ,  BOYSEN, Andre Michel ,  RONDA, Troy Jacob ,  ROBERGE, Pierre Antoine ,  ENGEL, Patrick Hans ,  WOLFOND, Gregory Howard

Inventor： BOYSEN, Andre Michel ,  RONDA, Troy Jacob ,  ROBERGE, Pierre Antoine ,  ENGEL, Patrick Hans ,  WOLFOND, Gregory Howard

IPC: H04L9/32 ,  H04L12/16 ,  G06Q20/00

CPC classification number: G06Q20/04 ,  G06Q20/38215 ,  G06Q20/425 ,  H04L9/3215 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/0807 ,  H04L63/0853 ,  H04L63/18 ,  H04L2209/56 ,  H04L2463/102

Abstract: A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server.

Abstract translation: 向计算机服务器认证的方法涉及经由第一通信信道向计算机服务器发送认证令牌的第一认证客户端，以及经由与第一通信信道不同的第二通信信道从计算机服务器接收有效载荷的第二认证客户端 根据计算机服务器确定认证令牌的真实性的结果。

公开(公告)号：US10237259B2

公开(公告)日：2019-03-19

申请号：US15445367

申请日：2017-02-28

Applicant: SecureKey Technologies Inc.

Inventor： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Dmitry Barinov ,  Michael Varley ,  David Alexander Stark ,  Gregory Howard Wolfond ,  Aleksandar Likic ,  Michael John Page

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

公开(公告)号：US09779224B2

公开(公告)日：2017-10-03

申请号：US14269593

申请日：2014-05-05

Applicant: SecureKey Technologies Inc.

Inventor： Ilyea Erlikhman ,  Dmitry Barinov

IPC: G06F21/00 ,  G06F21/31 ,  H04L9/32 ,  H04L29/06 ,  G06F21/44 ,  H04L9/08 ,  H04W12/06

CPC classification number: G06F21/31 ,  G06F21/44 ,  H04L9/08 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/0863 ,  H04L9/32 ,  H04L9/3271 ,  H04L63/061 ,  H04L63/0853 ,  H04L63/0876 ,  H04L63/0884 ,  H04W12/06

Abstract: Methods, systems and apparatus for performing client-server authentication using a device authentication and optional user authentication approach. In a device authentication stage, the client is unlocked to provide access to a cryptographic key used for authentication. In a user authentication stage, the user provides a personal data credential used to generate an additional cryptographic key.

公开(公告)号：US10735397B2

公开(公告)日：2020-08-04

申请号：US16253600

申请日：2019-01-22

Applicant: SecureKey Technologies Inc.

Inventor： Troy Jacob Ronda ,  Pierre Antoine Roberge ,  Dmitry Barinov ,  Michael Varley ,  David Alexander Stark ,  Gregory Howard Wolfond ,  Aleksandar Likic ,  Michael John Page

IPC: H04L21/00 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F11/30

Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.

公开(公告)号：US20140207682A1

公开(公告)日：2014-07-24

申请号：US14220488

申请日：2014-03-20

Applicant: SecureKey Technologies Inc.

Inventor： Greg Wolfond ,  Troy Ronda ,  Andre Boysen ,  Michael Varley ,  Abhishek Das

IPC: G06Q20/32

Abstract: Systems and methods for performing mobile commerce transactions using mobile devices. A transaction initiation request is received at a transaction server from a merchant device. The transaction server generates a transaction identifier, which is transmitted to the merchant device. The merchant device communicates the transaction identifier to a customer device. The customer device transmits the transaction identifier to the transaction server and authorizes the transaction with the transaction server.

Abstract translation: 使用移动设备执行移动商务交易的系统和方法。 在商务设备的交易服务器处接收交易发起请求。 交易服务器生成交易标识符，该交易标识符被发送到商家设备。 商家设备将交易标识符传达给客户设备。 客户设备将交易标识符传送到交易服务器，并授权与交易服务器进行交易。

公开(公告)号：US20210192521A1

公开(公告)日：2021-06-24

申请号：US17190901

申请日：2021-03-03

Applicant: SecureKey Technologies Inc.

Inventor： Dmitry Barinov ,  Michael Varley ,  Gregory Howard Wolfond ,  Salavat Nabiev

IPC: G06Q20/40 ,  G06Q20/38

Abstract: Various embodiments are described herein for methods, devices and systems that can be used to authenticate a user identity attribute associated with a user during a transaction with a merchant. In one example embodiment, the method comprises receiving, at a payment processor, a unique identifier corresponding to a payment instrument provided by the user at a merchant terminal where the payment instrument is pre-linked to one or more user identity attributes, transmitting the unique identifier to an issuer network for payment verification, generating a transaction approval indicator and transmitting the unique identifier and an identity verification request from the payment processor to the third party server if payment verification is successful, receiving the one or more user identity attributes associated with the unique identifier from a third party server, and subsequently transmitting the one or more user identity attributes and the transaction approval indicator to the merchant terminal.

公开(公告)号：US10547643B2

公开(公告)日：2020-01-28

申请号：US15443400

申请日：2017-02-27

Applicant: SecureKey Technologies Inc.

Inventor： Michael Varley ,  Troy Jacob Ronda ,  Dmitry Barinov ,  Gregory Howard Wolfond ,  Pierre Antoine Roberge

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.

公开(公告)号：GB2502492A

公开(公告)日：2013-11-27

申请号：GB201316108

申请日：2012-03-05

Applicant: SECUREKEY TECHNOLOGIES INC

Inventor： BOYSEN ANDRE ,  ENGEL PATRICK HANS ,  RONDA TROY JACOB ,  ROBERGE PIERRE ANTOINE ,  WOLFOND GREGORY HOWARD

IPC: H04L9/32

Abstract: A method of ad-hoc network communications comprises a computer server transmitting a communications session request to a primary logical communications device of a logical ad-hoc communications network. The logical ad-hoc communications network comprises the primary logical communications device and at least one secondary logical communications device that is registered to the primary logical communications device. The communications session request requests a communications session with one of the at least one secondary logical communications devices. Upon receipt of the communications session request, the primary logical communications device transmits to the one secondary logical communications device a session initiate message requesting the one secondary logical communications device initiate the communications session with the computer server. The one secondary logical communications device replies to the computer server with a communications session reply initiating the communications session and identifying the one secondary logical communications device to the computer server.

公开(公告)号：CA2838763A1

公开(公告)日：2012-12-13

申请号：CA2838763

申请日：2012-05-29

Applicant: SECUREKEY TECHNOLOGIES INC

Inventor： CAT MURAT ,  BOYSEN ANDRE MICHEL ,  KHAYMOV MIKHAEL ,  RONDA TROY JACOB ,  SMITH MALCOLM RONALD ,  VADERA KSHITIZ ,  REZAYEE AFSHIN

IPC: H04L9/32 ,  G06F21/00

Abstract: Methods and systems are provided for performing and verifying transactions involving authentication with a secure credential, such as a smart card, in an untrusted or semi-trusted environment. An application module, operating in an untrusted or semi-trusted environment can be denied access to sensitive data. The application module can determine a preliminary command to be sent to the credential and transmit the preliminary command to a broker module. The broker module, operating in a trusted environment, can supply sensitive data and transmit the command to the credential. Subsequently, the broker module can extract sensitive data from a response before it is transmitted to the application module. A verification server can audit the transaction to verify that it was carried out properly.