Patents Assigned to TriCipher, Inc.
-
Patent number: 7840993Abstract: To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.Type: GrantFiled: May 2, 2006Date of Patent: November 23, 2010Assignee: TriCipher, Inc.Inventors: Ravi Ganesan, Ravinderpal Singh Sandhu, Andrew Paul Cottrell, Brett Jason Schoppert, Mihir Bellare
-
Patent number: 7734912Abstract: A user network station transmits a cookie including a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. A authenticating entity network station recovers the augmenting factor from the transformed augmenting factor with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier included in the received cookie. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, and the recovered augmenting factor, to thereby authenticate the user.Type: GrantFiled: May 31, 2006Date of Patent: June 8, 2010Assignee: TriCipher, Inc.Inventors: Ravi Ganesan, Ravinderpal Singh Sandhu, Andrew Paul Cottrell, Kyle Austin
-
Patent number: 7734045Abstract: A processor generates an asymmetric crypto-key, such as an RSA crypto-key, which is associated with the user and includes a private key and a public key. It computes a first key portion based on a stored random number generation function, which has one or more constants such as a salt and/or iteration count, and a first value of a constant, and a second key portion based on the computed first key portion and one of the private key and the public key. It additionally computes another first key portion based on the stored random number generation function and a second value of that constant, and another second key portion based on the computed other first key portion and the one key. The computed first and second key portions and the computed other first and second key portions form first and second splits of the one key of the asymmetric crypto-key.Type: GrantFiled: May 5, 2006Date of Patent: June 8, 2010Assignee: Tricipher, Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph Desa
-
Patent number: 7734911Abstract: A user network station transmits a cookie that includes a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. An authenticating entity network station recovers the augmenting factor from the transformed augmenting factor included in the transmitted cookie, with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor and the recovered augmenting factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, to thereby authenticate the user.Type: GrantFiled: May 31, 2006Date of Patent: June 8, 2010Assignee: Tricipher, Inc.Inventors: Ravi Ganesan, Ravinderpal Singh Sandhu, Andrew Paul Cottrell, Kyle Austin
-
Patent number: 7630493Abstract: Techniques for generating a private portion of a split private key of an asymmetric key pair are provided. Multiple factors upon which the private portion of the split private key is based are received. Each of these multiple factors is under control of a user associated with the asymmetric key pair. Multiple cryptographic operations are then performed using the received multiple factors to generate the private portion.Type: GrantFiled: February 14, 2005Date of Patent: December 8, 2009Assignee: TriCipher, Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph deSa
-
Patent number: 7599493Abstract: Techniques for providing different levels of access based upon a same authentication factor are provided. A first message is received that is transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key. The user is authenticated for a first level of network access based upon the received first message being transformed with the first portion. A second message is received that is transformed with a second portion of the split private key, the second portion based upon the password only and not combinable with the first portion to complete the split private key. The user is authenticated for a second level of network access different that the first level based upon the received second message being transformed with the second portion.Type: GrantFiled: February 14, 2005Date of Patent: October 6, 2009Assignee: TriCipher Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph deSa
-
Patent number: 7596697Abstract: Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.Type: GrantFiled: February 14, 2005Date of Patent: September 29, 2009Assignee: TriCipher, Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph deSa
-
Patent number: 7571471Abstract: A first network station encrypts a first message with a first key portion from a first split of a private or public key of a user's asymmetric crypto-key and transmits it during a network session. The second network station decrypts the transmitted encrypted first message with a second key portion from the first split of the one key of the asymmetric crypto-key to initially authenticate the user for access, during the session, to store information. The first network station also encrypts a second message with another first key portion from a second split of that one key, and subsequently transmits it during the same network session. The second network station decrypts the subsequently transmitted encrypted second message with another second key portion from the second split of that same one key to subsequently authenticate the user for access, during the same session, to other stored_information.Type: GrantFiled: May 5, 2006Date of Patent: August 4, 2009Assignee: TriCipher, Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph Desa
-
Patent number: 7565527Abstract: Techniques for generating a multi-factor asymmetric key pair having a public key and split private key with multiple private portions, at least one of the multiple portions being a multiple factor private key portion, are provided. First and second asymmetric key pairs are generated, each having a private key and a public key. A text string and the first private key are cryptographically combined to make a first private key portion of the split private key. This first private key portion is a multiple factor private key portion. A second private key portion of the split private key is generated based upon the generated first private key portion and the second private key.Type: GrantFiled: February 14, 2005Date of Patent: July 21, 2009Assignee: TriCipher, Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph deSa
-
Patent number: 7447903Abstract: A user has two asymmetric crypto-keys, the first having a first private key and the second having a second private key, both of which are split into a first private key portion corresponding to a password of the user and to a computation. However, the computation of the first private key portion of the first and the second private keys have different levels of complexity. First and second messages from the user encrypted with the first private key portion of, respectively, the first private key and the second private key, are received centrally. A second private key portion of, respectively, the first private key and the second private key is applied to the received first and the received second messages, as applicable, to authenticate the user at, respectively, a first level of authentication security and a second level of authentication security which is greater than the first level.Type: GrantFiled: June 22, 2006Date of Patent: November 4, 2008Assignee: TriCipher, Inc.Inventors: Ravi Sandhu, Colin deSa, Karuna Ganesan
-
Publication number: 20080172730Abstract: A user instruction communicated over a communications network via a first communication channel to a relying entity for action, is confirmed by having a trusted entity receive verification information corresponding to the communicated user instruction from the user over the network via a second communication channel and/or verification information corresponding to a received user instruction from the relying entity via a third communication channel. If verification information is received from only the user, it is communicated to the relying entity. If from both, the trusted entity verifies the received user instruction based on the received verification information. If from only the relying entity, it is communicated to the user.Type: ApplicationFiled: January 12, 2007Publication date: July 17, 2008Applicant: TRICIPHER, INC.Inventors: Ravinderpal Singh Sandhu, Ravi Ganesan
-
Patent number: 7386720Abstract: Techniques for user authentication based upon an asymmetric key pair having a public key and a split private key are provided. A first portion of the split private key is generated based upon multiple factors under control of the user. The factors include a password. A challenge is cryptographically combined with a first one of the multiple factors, but not the user password, to form a first message. The first message is transformed with the generated first portion to form a second message, which is then sent to an authentication entity. The sent second message is transformed to authenticate the user by proving direct verification of user control of the first factor.Type: GrantFiled: February 14, 2005Date of Patent: June 10, 2008Assignee: TriCipher, Inc.Inventors: Ravinderpal Singh Sandhu, Brett Jason Schoppert, Ravi Ganesan, Mihir Bellare, Colin Joseph Desa
-
Publication number: 20070258585Abstract: A processor generates an asymmetric crypto-key, such as an RSA crypto-key, which is associated with the user and includes a private key and a public key. It computes a first key portion based on a stored random number generation function, which has one or more constants such as a salt and/or iteration count, and a first value of a constant, and a second key portion based on the computed first key portion and one of the private key and the public key. It additionally computes another first key portion based on the stored random number generation function and a second value of that constant, and another second key portion based on the computed other first key portion and the one key. The computed first and second key portions and the computed other first and second key portions form first and second splits of the one key of the asymmetric crypto-key.Type: ApplicationFiled: May 5, 2006Publication date: November 8, 2007Applicant: TRICIPHER, INC.Inventors: Ravinderpal SANDHU, Brett Schoppert, Ravi Ganesan, Mihir Bellare, Colin DeSa
-
Publication number: 20070258594Abstract: A first network station encrypts a first message with a first key portion from a first split of a private or public key of a user's asymmetric crypto-key and transmits it during a network session. The second network station decrypts the transmitted encrypted first message with a second key portion from the first split of the one key of the asymmetric crypto-key to initially authenticate the user for access, during the session, to store information. The first network station also encrypts a second message with another first key portion from a second split of that one key, and subsequently transmits it during the same network session. The second network station decrypts the subsequently transmitted encrypted second message with another second key portion from the second split of that same one key to subsequently authenticate the user for access, during the same session, to other stored_information.Type: ApplicationFiled: May 5, 2006Publication date: November 8, 2007Applicant: TRICIPHER, INC.Inventors: Ravinderpal Sandhu, Brett Schoppert, Ravi Ganesan, Mihir Bellare, Colin deSa
-
Publication number: 20070199053Abstract: To authenticate a user of a communications network, credentials from the user are centrally receiving. An authentication sequence is retrieved from a plurality of retrievable authentication sequences, and the retrieved authentication sequence is performed to authenticate the user based on the received credentials.Type: ApplicationFiled: February 12, 2007Publication date: August 23, 2007Applicant: TRICIPHER, INC.Inventors: Ravi Sandhu, Ravi Ganesan, Andrew Cottrell, Timothy Renshaw, Brett Schoppert, Kyle Austin
-
Publication number: 20070186095Abstract: A user network station transmits a cookie that includes a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. An authenticating entity network station recovers the augmenting factor from the transformed augmenting factor included in the transmitted cookie, with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor and the recovered augmenting factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, to thereby authenticate the user.Type: ApplicationFiled: May 31, 2006Publication date: August 9, 2007Applicant: TRICIPHER, INC.Inventors: Ravi GANESAN, Ravinderpal Sandhu, Andrew Cottrell, Kyle Austin
-
Publication number: 20070067618Abstract: A system for securing information, includes a processor and storage device. The storage device stores information encrypted with one of a first private rolling key and a first public rolling key of an a first asymmetric rolling crypto-key, along with the one first rolling key. The processor has the logic to direct transmission, via a network, of proof of knowledge of the stored one first rolling key to authenticate a user, and of a request for the other of the first private rolling key and the first public rolling key. The processor receives the other first rolling key via the network, responsive to the directed transmission. The processor then decrypts the stored encrypted information with the received other first rolling key, and generates a second asymmetric rolling crypto-key having a second private rolling key and a second public rolling key. The processor encrypts the information with one of the second private rolling key and the second public rolling key.Type: ApplicationFiled: January 17, 2006Publication date: March 22, 2007Applicant: TRICIPHER, INC.Inventors: Ravinderpal Sandhu, Brett Schoppert, Ravi Ganesan, Mihir Bellare, Colin deSa
-
Publication number: 20070055878Abstract: Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.Type: ApplicationFiled: February 14, 2005Publication date: March 8, 2007Applicant: TRICIPHER, INCInventors: Ravinderpal Sandhu, Brett Schoppert, Ravi Ganesan, Mihir Bellare, Colin deSa
-
Publication number: 20070033393Abstract: A user network station transmits a cookie including a user identifier and an augmenting factor transformed with one key of a first asymmetric crypto-key or with a symmetric crypto-key. A authenticating entity network station recovers the augmenting factor from the transformed augmenting factor with the other key of the first asymmetric crypto-key or with the symmetric crypto-key, and transmits a customized login page corresponding to the user identifier included in the received cookie. The user network station transmits a factor responsive to the transmitted customized login page. The authenticating entity network station generates a first key portion based on the transmitted factor, and validates the generated first key portion based on a second key portion of one key of a second asymmetric crypto-key associated with the user and on the other key of the second asymmetric crypto-key, and the recovered augmenting factor, to thereby authenticate the user.Type: ApplicationFiled: May 31, 2006Publication date: February 8, 2007Applicant: TRICIPHER, INC.Inventors: RAVI GANESAN, Ravinderpal SANDHU, ANDREW COTTRELL, KYLE AUSTIN
-
Publication number: 20070033642Abstract: To authenticate a user having an associated asymmetric crypto-key having a private/public key pair (D,E) based on a one-time-password, the user partially signs a symmetric session key with the first portion D1 of the private key D. The authenticating entity receives the partially signed symmetric session key via the network and completes the signature with the second private key portion D2 to recover the symmetric session key. The user also encrypts a one-time-password with the symmetric session key. The authenticating entity also receives the encrypted one-time-password via the network, and decrypts the received encrypted one-time-password with the recovered symmetric session key to authenticate the user.Type: ApplicationFiled: May 2, 2006Publication date: February 8, 2007Applicant: TRICIPHER, INC.Inventors: Ravi Ganesan, Ravinderpal Sandhu, Andrew Cottrell, Brett Schoppert, Mihir Bellare