CN109313681B - 具有审计功能的虚拟智能卡 - Google Patents

具有审计功能的虚拟智能卡 Download PDF

Info

Publication number
CN109313681B
CN109313681B CN201780034781.8A CN201780034781A CN109313681B CN 109313681 B CN109313681 B CN 109313681B CN 201780034781 A CN201780034781 A CN 201780034781A CN 109313681 B CN109313681 B CN 109313681B
Authority
CN
China
Prior art keywords
vss
user
smart card
private key
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201780034781.8A
Other languages
English (en)
Chinese (zh)
Other versions
CN109313681A (zh
Inventor
戴维·劳埃德
安得鲁·因尼斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Citrix Systems Inc
Original Assignee
Citrix Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citrix Systems Inc filed Critical Citrix Systems Inc
Publication of CN109313681A publication Critical patent/CN109313681A/zh
Application granted granted Critical
Publication of CN109313681B publication Critical patent/CN109313681B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
CN201780034781.8A 2016-06-29 2017-04-14 具有审计功能的虚拟智能卡 Expired - Fee Related CN109313681B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/196,702 US9973498B2 (en) 2016-06-29 2016-06-29 Virtual smart cards with audit capability
US15/196,702 2016-06-29
PCT/US2017/027620 WO2018004784A1 (en) 2016-06-29 2017-04-14 Virtual smart cards with audit capability

Publications (2)

Publication Number Publication Date
CN109313681A CN109313681A (zh) 2019-02-05
CN109313681B true CN109313681B (zh) 2022-03-18

Family

ID=59227814

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201780034781.8A Expired - Fee Related CN109313681B (zh) 2016-06-29 2017-04-14 具有审计功能的虚拟智能卡

Country Status (5)

Country Link
US (1) US9973498B2 (https=)
EP (1) EP3455769B1 (https=)
JP (1) JP6792647B2 (https=)
CN (1) CN109313681B (https=)
WO (1) WO2018004784A1 (https=)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3573001A1 (en) * 2018-05-24 2019-11-27 Gemalto Sa Method and system for implementing a virtual smart card service
CN111143850B (zh) * 2019-11-22 2022-03-04 航天恒星科技有限公司 一种卫星数据分布式虚拟化存储的安全防护系统和方法
US11100379B1 (en) * 2020-04-03 2021-08-24 Sentrycard Technologies, Inc. Multi-purpose smart card with user trusted bond
US12495055B2 (en) * 2023-02-27 2025-12-09 Dell Products L.P. Non-anonymized privacy preserving global and local anomaly detection in distributed systems

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7085931B1 (en) * 1999-09-03 2006-08-01 Secure Computing Corporation Virtual smart card system and method
CN1836251A (zh) * 2003-06-19 2006-09-20 高通股份有限公司 用于多功能认证设备的装置和方法
CN1989731A (zh) * 2004-07-23 2007-06-27 数码安信有限公司 使用一次性私钥执行数字签名的系统和方法

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000221881A (ja) * 1999-02-01 2000-08-11 Nec Corp 電子署名端末装置、電子署名管理装置および電子署名システム
WO2001093212A2 (en) 2000-05-30 2001-12-06 Pointsec Mobile Technologies, Inc. Apparatus and methods for using a virtual smart card
US20020031230A1 (en) * 2000-08-15 2002-03-14 Sweet William B. Method and apparatus for a web-based application service model for security management
US7210037B2 (en) * 2000-12-15 2007-04-24 Oracle International Corp. Method and apparatus for delegating digital signatures to a signature server
US20020184507A1 (en) * 2001-05-31 2002-12-05 Proact Technologies Corp. Centralized single sign-on method and system for a client-server environment
US7299292B2 (en) * 2002-03-29 2007-11-20 Widevine Technologies, Inc. Process and streaming server for encrypting a data stream to a virtual smart card client system
US20090037729A1 (en) * 2007-08-03 2009-02-05 Lawrence Smith Authentication factors with public-key infrastructure
CN101420299B (zh) * 2008-11-28 2010-09-01 北京飞天诚信科技有限公司 提高智能密钥设备稳定性的方法和智能密钥设备
AU2011261152B2 (en) 2010-06-02 2015-06-18 Idondemand, Inc. Method and system for providing continued access to authentication and encryption services
JP2013192125A (ja) * 2012-03-15 2013-09-26 Hitachi Ltd 電子署名システム、電子署名や追記の方法
CN103366111B (zh) * 2013-07-10 2016-02-24 公安部第三研究所 移动设备上基于二维码实现智能卡扩展认证控制的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7085931B1 (en) * 1999-09-03 2006-08-01 Secure Computing Corporation Virtual smart card system and method
CN1836251A (zh) * 2003-06-19 2006-09-20 高通股份有限公司 用于多功能认证设备的装置和方法
CN1989731A (zh) * 2004-07-23 2007-06-27 数码安信有限公司 使用一次性私钥执行数字签名的系统和方法

Also Published As

Publication number Publication date
JP2019525519A (ja) 2019-09-05
WO2018004784A1 (en) 2018-01-04
EP3455769A1 (en) 2019-03-20
US9973498B2 (en) 2018-05-15
US20180007039A1 (en) 2018-01-04
EP3455769B1 (en) 2020-05-27
JP6792647B2 (ja) 2020-11-25
CN109313681A (zh) 2019-02-05

Similar Documents

Publication Publication Date Title
US10922401B2 (en) Delegated authorization with multi-factor authentication
EP3207661B1 (en) Identity infrastructure as a service
EP3582470B1 (en) Step-up authentication for single sign-on
US20210044976A1 (en) Secure mobile initiated authentications to web-services
EP2689372B1 (en) User to user delegation service in a federated identity management environment
US12265644B1 (en) Device management and security through a distributed ledger system
US8997196B2 (en) Flexible end-point compliance and strong authentication for distributed hybrid enterprises
US11196749B2 (en) System and method for controlling a multi-tenant service-oriented architecture
US20180115551A1 (en) Proxy system for securely provisioning computing resources in cloud computing environment
EP3685287B1 (en) Extensible framework for authentication
CN113316783A (zh) 使用活动目录和一次性口令令牌组合的双因素身份认证
US20150135275A1 (en) Authorization server system, control method therefor, and storage medium
US20200322151A1 (en) Apparatus and methods for secure access to remote content
US20210037004A1 (en) Signing in to multiple accounts with a single gesture
US20150180849A1 (en) Mobile token
US11824856B1 (en) Chaining of authorizations
US12407667B2 (en) Location aware trusted cloud resource provisioning
CN109313681B (zh) 具有审计功能的虚拟智能卡
US20250330323A1 (en) Techniques for binding tokens to a device and collecting device posture signals
US20250184320A1 (en) Consortium-based infrastructure and platform for user authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220318