DK2997708T3 - Selv-autentifikationsindretning og -fremgangsmåde - Google Patents

Selv-autentifikationsindretning og -fremgangsmåde Download PDF

Info

Publication number
DK2997708T3
DK2997708T3 DK14727968.1T DK14727968T DK2997708T3 DK 2997708 T3 DK2997708 T3 DK 2997708T3 DK 14727968 T DK14727968 T DK 14727968T DK 2997708 T3 DK2997708 T3 DK 2997708T3
Authority
DK
Denmark
Prior art keywords
self
authentication
token
key
authentication device
Prior art date
Application number
DK14727968.1T
Other languages
English (en)
Inventor
Hsiang Ke Desmond Hsu
Original Assignee
Fast And Safe Tech Private Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fast And Safe Tech Private Limited filed Critical Fast And Safe Tech Private Limited
Application granted granted Critical
Publication of DK2997708T3 publication Critical patent/DK2997708T3/da

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Monitoring And Testing Of Exchanges (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Claims (15)

  1. PAT E NT K RAV
    1. Selv-autentifikationsindretning (14) til brugeren eller indehaveren af en elektronisk sikkerhedsindretning (12), hvor selv-autentifikationsindretningen (14) er adskilt fra sikkerhedsindretningen (12) og er indrettet til at være forbundet med en databehandlingsenhed (300, 400, 500, 600) via et første kommunikationslink til selv-autentifikationsbehandling, og hvor selv-auten-tifikationsindretningen (14) er indrettet til at kunne genetablere et bruger-password lagret i sikkerhedsindretningen (12) ved vellykket selv-auten-tifikation uden at kræve brugerinput af et godkendelsespassword.
  2. 2. Selv-autentifikationsindretning (14) ifølge krav 1, hvor selv-autentifikations-behandlingen omfatter matching af en første nøgle og/eller en første unik identifikator lagret i selv-autentifikationsindretningen (14) med en anden nøgle og/eller en anden unik identifikator lagret i sikkerhedsindretningen (12).
  3. 3. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 2, hvor selv-autentifikationsindretningen (14) er indrettet til at generere en tredje nøgle og/eller en tredje unik identifikator til konfigurering af en anden sikkerhedsindretning (15) som forbundet med selv-autentifikationsindret-ningen (14).
  4. 4. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 3, hvor selv-autentifikationsindretningen (14) endvidere er indrettet til at være forbundet med en værtscomputer (300, 400, 500, 600) via et andet kommunikationslink til læsning af data lagret for eksempel på en virtuel sikret disk på værtscomputeren (300, 400, 500, 600).
  5. 5. Selv-autentifikationsindretning (14) ifølge krav 4, hvor selv-autentifikations-indretningen (14) endvidere er indrettet til at være forbundet med værts computeren (300, 400, 500, 600) via det andet kommunikationslink til læsning af data lagret for eksempel på den virtuelle sikrede disk på værtscomputeren (300, 400, 500, 600) uden at kræve et password.
  6. 6. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 5, hvor selv-autentifikationsindretningen (14) er indrettet til at dekryptere data lagret for eksempel på en virtuel sikret disk på en værtscomputer (300, 400, 500, 600) ved at generere en fjerde nøgle og at kryptere dataene ved anvendelse af den fjerde nøgle.
  7. 7. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 6, hvor sikkerhedsindretningen (12) er en datakrypteringstoken.
  8. 8. Selv-autentifikationsfremgangsmåde til brugeren eller indehaveren af en elektronisk sikkerhedsindretning (12), hvor fremgangsmåden omfatter at forbinde en selv-autentifikationsindretning (14), der er adskilt fra sikkerhedsindretningen (12), med en databehandlingsenhed (300, 400, 500, 600) via et første kommunikationslink til selv-autentifikationsbehandling, og at genetablere et brugerpassword lagret i sikkerhedsindretningen (12) ved vellykket selv-autentifikation af forbindelsen mellem selv-autentifikations-indretningen (14) og sikkerhedsindretningen (12) uden at kræve brugerinput af et godkendelsespassword.
  9. 9. Fremgangsmåde ifølge krav 8, hvor selv-autentifikationsbehandlingen omfatter at autentificere en forbindelse mellem sikkerhedsindretningen (12) og selv-autentifikationsindretningen (14).
  10. 10. Fremgangsmåde ifølge krav 9, hvor selv-autentifikationsbehandlingen omfatter at matche en første nøgle og/eller en første unik identifikator lagret i selv-autentifikationsindretningen (14) med en anden nøgle og/eller en anden unik identifikator lagret i sikkerhedsindretningen (12).
  11. 11. Fremgangsmåde ifølge ethvert af kravene 8 til 10, hvor selv-auten-tifikationsbehandlingen omfatter at opnå en tredje nøgle og/eller en tredje unik identifikator fra selv-autentifikationsindretningen (14) til konfigurering af en ikke-forbundet sikkerhedsindretning (15) som forbundet med selv-auten-tifikationsindretningen (14).
  12. 12. Fremgangsmåde ifølge ethvert af kravene 8 til 11, der endvidere omfatter at forbinde selv-autentifikationsindretningen (14) med en værtscomputer (300, 400, 500, 600) via et tredje kommunikationslink til læsning af data lagret for eksempel på en virtuel sikret disk på værtscomputeren (300, 400, 500, 600).
  13. 13. Fremgangsmåde ifølge krav 12, hvor læsningen af data lagret for eksempel på den virtuelle sikrede disk på værtscomputeren (300, 400, 500, 600) er uden at kræve et password.
  14. 14. Fremgangsmåde ifølge ethvert af kravene 8 til 13, der endvidere omfatter: at dekryptere data lagret for eksempel på en virtuel sikret disk på en værtscomputer (300, 400, 500, 600); at kryptere de dekrypterede data ved anvendelse af en ny nøgle; og at lagre den nye nøgle i sikkerhedsindretningen (12) og en matchende autentifikationsnøgle i selv-autentifikationsindretningen (14).
  15. 15. Fremgangsmåde ifølge ethvert af kravene 8 til 14, hvor sikkerhedsindretningen (12) er en datakrypteringstoken.
DK14727968.1T 2013-05-16 2014-05-16 Selv-autentifikationsindretning og -fremgangsmåde DK2997708T3 (da)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG2013038278A SG2013038278A (en) 2013-05-16 2013-05-16 Authentication device and method
PCT/SG2014/000215 WO2014185865A1 (en) 2013-05-16 2014-05-16 Self-authentication device and method

Publications (1)

Publication Number Publication Date
DK2997708T3 true DK2997708T3 (da) 2018-06-14

Family

ID=54193651

Family Applications (1)

Application Number Title Priority Date Filing Date
DK14727968.1T DK2997708T3 (da) 2013-05-16 2014-05-16 Selv-autentifikationsindretning og -fremgangsmåde

Country Status (18)

Country Link
US (1) US9684783B2 (da)
EP (1) EP2997708B1 (da)
JP (1) JP6476167B2 (da)
KR (1) KR20160008572A (da)
CN (1) CN105247833B (da)
AU (1) AU2014266011B2 (da)
CY (1) CY1120321T1 (da)
DK (1) DK2997708T3 (da)
ES (1) ES2674224T3 (da)
HK (1) HK1216568A1 (da)
MY (1) MY173613A (da)
NO (1) NO2997708T3 (da)
PH (1) PH12015502592A1 (da)
PL (1) PL2997708T3 (da)
PT (1) PT2997708T (da)
SG (2) SG2013038278A (da)
TR (1) TR201807814T4 (da)
WO (1) WO2014185865A1 (da)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10931456B2 (en) * 2014-06-26 2021-02-23 Comcast Cable Communications, Llc Secure router authentication
US9706401B2 (en) * 2014-11-25 2017-07-11 Microsoft Technology Licensing, Llc User-authentication-based approval of a first device via communication with a second device
CN105991612A (zh) * 2015-03-03 2016-10-05 阿里巴巴集团控股有限公司 用户身份认证方法和装置
JP2016224684A (ja) * 2015-05-29 2016-12-28 キヤノン株式会社 サーバーシステム、サーバーシステムの制御方法、およびプログラム
SG10201605978RA (en) 2016-07-20 2018-02-27 Fast And Safe Tech Private Limited Personal security device and method
CN108737099B (zh) * 2017-04-20 2021-04-30 青岛博文广成信息安全技术有限公司 虎符密钥认证技术方法
DE102017209961B4 (de) 2017-06-13 2022-05-25 Volkswagen Aktiengesellschaft Verfahren und Vorrichtung zum Authentisieren eines Nutzers an einem Fahrzeug

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1922632B1 (en) * 2005-08-11 2014-05-07 SanDisk IL Ltd. Extended one-time password method and apparatus
EP1955236A4 (en) * 2005-11-29 2010-06-09 Athena Smartcard Solutions Kk DEVICE, SYSTEM AND METHOD FOR CARRYING OUT ADMINISTRATIVE OPERATION ON A SAFETY TOKEN
US20070150736A1 (en) * 2005-12-22 2007-06-28 Cukier Johnas I Token-enabled authentication for securing mobile devices
EP1870828A1 (en) * 2006-06-22 2007-12-26 Research In Motion Limited Two-Factor Content Protection
CN101553829B (zh) * 2006-12-06 2012-01-11 皇家飞利浦电子股份有限公司 控制往来rfid设备的数据访问
JP2008217549A (ja) * 2007-03-06 2008-09-18 Matsushita Electric Ind Co Ltd パスワードリセット装置およびパスワードリセット方法
US10614462B2 (en) * 2007-09-26 2020-04-07 Clevx, Llc Security aspects of a self-authenticating credit card
US10181055B2 (en) * 2007-09-27 2019-01-15 Clevx, Llc Data security system with encryption
CN100589390C (zh) * 2007-12-21 2010-02-10 北京飞天诚信科技有限公司 一种认证方法和认证系统

Also Published As

Publication number Publication date
JP2016519544A (ja) 2016-06-30
AU2014266011A1 (en) 2015-11-26
JP6476167B2 (ja) 2019-02-27
AU2014266011B2 (en) 2018-02-01
PL2997708T3 (pl) 2018-08-31
CN105247833A (zh) 2016-01-13
WO2014185865A1 (en) 2014-11-20
HK1216568A1 (zh) 2016-11-18
NO2997708T3 (da) 2018-08-18
US9684783B2 (en) 2017-06-20
EP2997708B1 (en) 2018-03-21
PT2997708T (pt) 2018-06-25
TR201807814T4 (tr) 2018-06-21
KR20160008572A (ko) 2016-01-22
CN105247833B (zh) 2019-03-01
EP2997708A1 (en) 2016-03-23
ES2674224T3 (es) 2018-06-28
MY173613A (en) 2020-02-11
US20160103991A1 (en) 2016-04-14
SG11201509123SA (en) 2015-12-30
PH12015502592B1 (en) 2016-02-29
CY1120321T1 (el) 2019-07-10
SG2013038278A (en) 2014-12-30
PH12015502592A1 (en) 2016-02-29

Similar Documents

Publication Publication Date Title
DK2997708T3 (da) Selv-autentifikationsindretning og -fremgangsmåde
CN107077574B (zh) 用于客户端设备的信任服务
RU2620998C2 (ru) Способ снятия блокировки полномочий администрирования и устройство аутентификации
TWI684890B (zh) 使用憑證導出之加密密鑰改良韌體服務安全性的計算裝置之系統及方法
US8751827B1 (en) Apparatus for controlling embedded security on a storage platform
ES2819449T3 (es) Cripto servicios en remoto que utilizan TPM de servidor
US20080181406A1 (en) System and Method of Storage Device Data Encryption and Data Access Via a Hardware Key
US9529733B1 (en) Systems and methods for securely accessing encrypted data stores
JP6669929B2 (ja) シングルサインオンアプリケーション用の暗号化鍵を管理するためのシステム及び方法
US9559737B2 (en) Telecommunications chip card
WO2009137371A2 (en) Enterprise device recovery
KR102013983B1 (ko) 애플리케이션 무결성 인증 방법 및 인증 서버
US20170026385A1 (en) Method and system for proximity-based access control
WO2011148224A1 (en) Method and system of secure computing environment having auditable control of data movement
US7412603B2 (en) Methods and systems for enabling secure storage of sensitive data
US11520859B2 (en) Display of protected content using trusted execution environment
KR20070059891A (ko) 어플리케이션 인증 보안 시스템 및 그 인증 보안 방법
US20180121670A1 (en) Encryption management for storage devices
EP2755364A1 (en) Authentication systems
CN107862209B (zh) 一种文件加解密方法、移动终端和具有存储功能的装置
WO2018017019A1 (en) Personal security device and method
KR101386606B1 (ko) 백업용 스토리지 제어 방법
Franklin et al. CA-in-a-Box