Patents Assigned to Secsign Technologies Inc.
  • Patent number: 8739260
    Abstract: Described systems and methods allow secure and relatively convenient authentication of a secure login session. When a user initiates a login session on a secure site using a client computer system (e.g. laptop, tablet, smartphone), matching login session identifiers (Ticket IDs) are displayed on the client computer system and a mobile communication device uniquely associated with the user (e.g. the user's smartphone). Upon verifying that the two Ticket IDs match, the user accepts the Ticket ID displayed on the mobile communication device, which causes the login session by the client computer system to proceed. Identity verification proceeds largely in the background, through communications between an authentication server, service provider server, and mobile communication device, and involves minimal user input. Techniques are disclosed for reducing the incidence of inadvertent acceptance of incorrect Ticket IDs by users, and reducing system vulnerability to attacks.
    Type: Grant
    Filed: February 10, 2012
    Date of Patent: May 27, 2014
    Assignee: SecSign Technologies Inc.
    Inventor: Andre Damm-Goossens
  • Patent number: 8719952
    Abstract: The public key of an RSA (asymmetric) software key pair is maintained confidentially on an authentication server, while the corresponding private key is maintained in encrypted, unstructured form on a mobile communication device (e.g. smartphone). The mobile device cannot verify locally whether a decrypted private key is correct, and a brute force, dictionary, or other attack that yields the correct private key among many decrypted keys does not allow determining which private key is correct without access to the authentication server. A relatively-long (128+ bit, e.g. 512-bit) public key exponent is used to make brute-force local verification of the private key impractical. The unstructured private key can secure other resources such as RSA keys used for digital signing. The enhanced security provided for the private key adds computational and logistical cost, but is of particular use if the mobile device controls access to external resources such as secure websites.
    Type: Grant
    Filed: March 26, 2012
    Date of Patent: May 6, 2014
    Assignee: Secsign Technologies Inc.
    Inventor: Andre Damm-Goossens