DK2997708T3 - Selv-autentifikationsindretning og -fremgangsmåde - Google Patents
Selv-autentifikationsindretning og -fremgangsmåde Download PDFInfo
- Publication number
- DK2997708T3 DK2997708T3 DK14727968.1T DK14727968T DK2997708T3 DK 2997708 T3 DK2997708 T3 DK 2997708T3 DK 14727968 T DK14727968 T DK 14727968T DK 2997708 T3 DK2997708 T3 DK 2997708T3
- Authority
- DK
- Denmark
- Prior art keywords
- self
- authentication
- token
- key
- authentication device
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Monitoring And Testing Of Exchanges (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Claims (15)
- PAT E NT K RAV1. Selv-autentifikationsindretning (14) til brugeren eller indehaveren af en elektronisk sikkerhedsindretning (12), hvor selv-autentifikationsindretningen (14) er adskilt fra sikkerhedsindretningen (12) og er indrettet til at være forbundet med en databehandlingsenhed (300, 400, 500, 600) via et første kommunikationslink til selv-autentifikationsbehandling, og hvor selv-auten-tifikationsindretningen (14) er indrettet til at kunne genetablere et bruger-password lagret i sikkerhedsindretningen (12) ved vellykket selv-auten-tifikation uden at kræve brugerinput af et godkendelsespassword.
- 2. Selv-autentifikationsindretning (14) ifølge krav 1, hvor selv-autentifikations-behandlingen omfatter matching af en første nøgle og/eller en første unik identifikator lagret i selv-autentifikationsindretningen (14) med en anden nøgle og/eller en anden unik identifikator lagret i sikkerhedsindretningen (12).
- 3. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 2, hvor selv-autentifikationsindretningen (14) er indrettet til at generere en tredje nøgle og/eller en tredje unik identifikator til konfigurering af en anden sikkerhedsindretning (15) som forbundet med selv-autentifikationsindret-ningen (14).
- 4. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 3, hvor selv-autentifikationsindretningen (14) endvidere er indrettet til at være forbundet med en værtscomputer (300, 400, 500, 600) via et andet kommunikationslink til læsning af data lagret for eksempel på en virtuel sikret disk på værtscomputeren (300, 400, 500, 600).
- 5. Selv-autentifikationsindretning (14) ifølge krav 4, hvor selv-autentifikations-indretningen (14) endvidere er indrettet til at være forbundet med værts computeren (300, 400, 500, 600) via det andet kommunikationslink til læsning af data lagret for eksempel på den virtuelle sikrede disk på værtscomputeren (300, 400, 500, 600) uden at kræve et password.
- 6. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 5, hvor selv-autentifikationsindretningen (14) er indrettet til at dekryptere data lagret for eksempel på en virtuel sikret disk på en værtscomputer (300, 400, 500, 600) ved at generere en fjerde nøgle og at kryptere dataene ved anvendelse af den fjerde nøgle.
- 7. Selv-autentifikationsindretning (14) ifølge ethvert af kravene 1 til 6, hvor sikkerhedsindretningen (12) er en datakrypteringstoken.
- 8. Selv-autentifikationsfremgangsmåde til brugeren eller indehaveren af en elektronisk sikkerhedsindretning (12), hvor fremgangsmåden omfatter at forbinde en selv-autentifikationsindretning (14), der er adskilt fra sikkerhedsindretningen (12), med en databehandlingsenhed (300, 400, 500, 600) via et første kommunikationslink til selv-autentifikationsbehandling, og at genetablere et brugerpassword lagret i sikkerhedsindretningen (12) ved vellykket selv-autentifikation af forbindelsen mellem selv-autentifikations-indretningen (14) og sikkerhedsindretningen (12) uden at kræve brugerinput af et godkendelsespassword.
- 9. Fremgangsmåde ifølge krav 8, hvor selv-autentifikationsbehandlingen omfatter at autentificere en forbindelse mellem sikkerhedsindretningen (12) og selv-autentifikationsindretningen (14).
- 10. Fremgangsmåde ifølge krav 9, hvor selv-autentifikationsbehandlingen omfatter at matche en første nøgle og/eller en første unik identifikator lagret i selv-autentifikationsindretningen (14) med en anden nøgle og/eller en anden unik identifikator lagret i sikkerhedsindretningen (12).
- 11. Fremgangsmåde ifølge ethvert af kravene 8 til 10, hvor selv-auten-tifikationsbehandlingen omfatter at opnå en tredje nøgle og/eller en tredje unik identifikator fra selv-autentifikationsindretningen (14) til konfigurering af en ikke-forbundet sikkerhedsindretning (15) som forbundet med selv-auten-tifikationsindretningen (14).
- 12. Fremgangsmåde ifølge ethvert af kravene 8 til 11, der endvidere omfatter at forbinde selv-autentifikationsindretningen (14) med en værtscomputer (300, 400, 500, 600) via et tredje kommunikationslink til læsning af data lagret for eksempel på en virtuel sikret disk på værtscomputeren (300, 400, 500, 600).
- 13. Fremgangsmåde ifølge krav 12, hvor læsningen af data lagret for eksempel på den virtuelle sikrede disk på værtscomputeren (300, 400, 500, 600) er uden at kræve et password.
- 14. Fremgangsmåde ifølge ethvert af kravene 8 til 13, der endvidere omfatter: at dekryptere data lagret for eksempel på en virtuel sikret disk på en værtscomputer (300, 400, 500, 600); at kryptere de dekrypterede data ved anvendelse af en ny nøgle; og at lagre den nye nøgle i sikkerhedsindretningen (12) og en matchende autentifikationsnøgle i selv-autentifikationsindretningen (14).
- 15. Fremgangsmåde ifølge ethvert af kravene 8 til 14, hvor sikkerhedsindretningen (12) er en datakrypteringstoken.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG2013038278A SG2013038278A (en) | 2013-05-16 | 2013-05-16 | Authentication device and method |
PCT/SG2014/000215 WO2014185865A1 (en) | 2013-05-16 | 2014-05-16 | Self-authentication device and method |
Publications (1)
Publication Number | Publication Date |
---|---|
DK2997708T3 true DK2997708T3 (da) | 2018-06-14 |
Family
ID=54193651
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DK14727968.1T DK2997708T3 (da) | 2013-05-16 | 2014-05-16 | Selv-autentifikationsindretning og -fremgangsmåde |
Country Status (18)
Country | Link |
---|---|
US (1) | US9684783B2 (da) |
EP (1) | EP2997708B1 (da) |
JP (1) | JP6476167B2 (da) |
KR (1) | KR20160008572A (da) |
CN (1) | CN105247833B (da) |
AU (1) | AU2014266011B2 (da) |
CY (1) | CY1120321T1 (da) |
DK (1) | DK2997708T3 (da) |
ES (1) | ES2674224T3 (da) |
HK (1) | HK1216568A1 (da) |
MY (1) | MY173613A (da) |
NO (1) | NO2997708T3 (da) |
PH (1) | PH12015502592A1 (da) |
PL (1) | PL2997708T3 (da) |
PT (1) | PT2997708T (da) |
SG (2) | SG2013038278A (da) |
TR (1) | TR201807814T4 (da) |
WO (1) | WO2014185865A1 (da) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10931456B2 (en) * | 2014-06-26 | 2021-02-23 | Comcast Cable Communications, Llc | Secure router authentication |
US9706401B2 (en) * | 2014-11-25 | 2017-07-11 | Microsoft Technology Licensing, Llc | User-authentication-based approval of a first device via communication with a second device |
CN105991612A (zh) * | 2015-03-03 | 2016-10-05 | 阿里巴巴集团控股有限公司 | 用户身份认证方法和装置 |
JP2016224684A (ja) * | 2015-05-29 | 2016-12-28 | キヤノン株式会社 | サーバーシステム、サーバーシステムの制御方法、およびプログラム |
SG10201605978RA (en) | 2016-07-20 | 2018-02-27 | Fast And Safe Tech Private Limited | Personal security device and method |
CN108737099B (zh) * | 2017-04-20 | 2021-04-30 | 青岛博文广成信息安全技术有限公司 | 虎符密钥认证技术方法 |
DE102017209961B4 (de) | 2017-06-13 | 2022-05-25 | Volkswagen Aktiengesellschaft | Verfahren und Vorrichtung zum Authentisieren eines Nutzers an einem Fahrzeug |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1922632B1 (en) * | 2005-08-11 | 2014-05-07 | SanDisk IL Ltd. | Extended one-time password method and apparatus |
EP1955236A4 (en) * | 2005-11-29 | 2010-06-09 | Athena Smartcard Solutions Kk | DEVICE, SYSTEM AND METHOD FOR CARRYING OUT ADMINISTRATIVE OPERATION ON A SAFETY TOKEN |
US20070150736A1 (en) * | 2005-12-22 | 2007-06-28 | Cukier Johnas I | Token-enabled authentication for securing mobile devices |
EP1870828A1 (en) * | 2006-06-22 | 2007-12-26 | Research In Motion Limited | Two-Factor Content Protection |
CN101553829B (zh) * | 2006-12-06 | 2012-01-11 | 皇家飞利浦电子股份有限公司 | 控制往来rfid设备的数据访问 |
JP2008217549A (ja) * | 2007-03-06 | 2008-09-18 | Matsushita Electric Ind Co Ltd | パスワードリセット装置およびパスワードリセット方法 |
US10614462B2 (en) * | 2007-09-26 | 2020-04-07 | Clevx, Llc | Security aspects of a self-authenticating credit card |
US10181055B2 (en) * | 2007-09-27 | 2019-01-15 | Clevx, Llc | Data security system with encryption |
CN100589390C (zh) * | 2007-12-21 | 2010-02-10 | 北京飞天诚信科技有限公司 | 一种认证方法和认证系统 |
-
2013
- 2013-05-16 SG SG2013038278A patent/SG2013038278A/en unknown
-
2014
- 2014-05-16 ES ES14727968.1T patent/ES2674224T3/es active Active
- 2014-05-16 CN CN201480028237.9A patent/CN105247833B/zh active Active
- 2014-05-16 AU AU2014266011A patent/AU2014266011B2/en active Active
- 2014-05-16 MY MYPI2015704065A patent/MY173613A/en unknown
- 2014-05-16 WO PCT/SG2014/000215 patent/WO2014185865A1/en active Application Filing
- 2014-05-16 JP JP2016513904A patent/JP6476167B2/ja active Active
- 2014-05-16 DK DK14727968.1T patent/DK2997708T3/da active
- 2014-05-16 US US14/891,538 patent/US9684783B2/en active Active
- 2014-05-16 EP EP14727968.1A patent/EP2997708B1/en active Active
- 2014-05-16 KR KR1020157033934A patent/KR20160008572A/ko not_active Application Discontinuation
- 2014-05-16 PL PL14727968T patent/PL2997708T3/pl unknown
- 2014-05-16 SG SG11201509123SA patent/SG11201509123SA/en unknown
- 2014-05-16 NO NO14727968A patent/NO2997708T3/no unknown
- 2014-05-16 PT PT147279681T patent/PT2997708T/pt unknown
- 2014-05-16 TR TR2018/07814T patent/TR201807814T4/tr unknown
-
2015
- 2015-11-16 PH PH12015502592A patent/PH12015502592A1/en unknown
-
2016
- 2016-04-20 HK HK16104560.4A patent/HK1216568A1/zh unknown
-
2018
- 2018-06-08 CY CY20181100602T patent/CY1120321T1/el unknown
Also Published As
Publication number | Publication date |
---|---|
JP2016519544A (ja) | 2016-06-30 |
AU2014266011A1 (en) | 2015-11-26 |
JP6476167B2 (ja) | 2019-02-27 |
AU2014266011B2 (en) | 2018-02-01 |
PL2997708T3 (pl) | 2018-08-31 |
CN105247833A (zh) | 2016-01-13 |
WO2014185865A1 (en) | 2014-11-20 |
HK1216568A1 (zh) | 2016-11-18 |
NO2997708T3 (da) | 2018-08-18 |
US9684783B2 (en) | 2017-06-20 |
EP2997708B1 (en) | 2018-03-21 |
PT2997708T (pt) | 2018-06-25 |
TR201807814T4 (tr) | 2018-06-21 |
KR20160008572A (ko) | 2016-01-22 |
CN105247833B (zh) | 2019-03-01 |
EP2997708A1 (en) | 2016-03-23 |
ES2674224T3 (es) | 2018-06-28 |
MY173613A (en) | 2020-02-11 |
US20160103991A1 (en) | 2016-04-14 |
SG11201509123SA (en) | 2015-12-30 |
PH12015502592B1 (en) | 2016-02-29 |
CY1120321T1 (el) | 2019-07-10 |
SG2013038278A (en) | 2014-12-30 |
PH12015502592A1 (en) | 2016-02-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DK2997708T3 (da) | Selv-autentifikationsindretning og -fremgangsmåde | |
CN107077574B (zh) | 用于客户端设备的信任服务 | |
RU2620998C2 (ru) | Способ снятия блокировки полномочий администрирования и устройство аутентификации | |
TWI684890B (zh) | 使用憑證導出之加密密鑰改良韌體服務安全性的計算裝置之系統及方法 | |
US8751827B1 (en) | Apparatus for controlling embedded security on a storage platform | |
ES2819449T3 (es) | Cripto servicios en remoto que utilizan TPM de servidor | |
US20080181406A1 (en) | System and Method of Storage Device Data Encryption and Data Access Via a Hardware Key | |
US9529733B1 (en) | Systems and methods for securely accessing encrypted data stores | |
JP6669929B2 (ja) | シングルサインオンアプリケーション用の暗号化鍵を管理するためのシステム及び方法 | |
US9559737B2 (en) | Telecommunications chip card | |
WO2009137371A2 (en) | Enterprise device recovery | |
KR102013983B1 (ko) | 애플리케이션 무결성 인증 방법 및 인증 서버 | |
US20170026385A1 (en) | Method and system for proximity-based access control | |
WO2011148224A1 (en) | Method and system of secure computing environment having auditable control of data movement | |
US7412603B2 (en) | Methods and systems for enabling secure storage of sensitive data | |
US11520859B2 (en) | Display of protected content using trusted execution environment | |
KR20070059891A (ko) | 어플리케이션 인증 보안 시스템 및 그 인증 보안 방법 | |
US20180121670A1 (en) | Encryption management for storage devices | |
EP2755364A1 (en) | Authentication systems | |
CN107862209B (zh) | 一种文件加解密方法、移动终端和具有存储功能的装置 | |
WO2018017019A1 (en) | Personal security device and method | |
KR101386606B1 (ko) | 백업용 스토리지 제어 방법 | |
Franklin et al. | CA-in-a-Box |