Patent Grant
12041039
This invention relates generally to the field of data processing systems. More particularly, the invention relates to a system and method for endorsing a new authenticator.
While the system shown in
Systems have been designed for providing secure user authentication over a network using biometric sensors. In such systems, the score generated by the application, and/or other authentication data, may be sent over a network to authenticate the user with a remote server. For example, Patent Application No. 2011/0082801 (“'801 Application”) describes a framework for user registration and authentication on a network which provides strong authentication (e.g., protection against identity theft and phishing), secure transactions (e.g., protection against “malware in the browser” and “man in the middle” attacks for transactions), and enrollment/management of client authentication tokens (e.g., fingerprint readers, facial recognition devices, smartcards, trusted platform modules, etc.).
The assignee of the present application has developed a variety of improvements to the authentication framework described in the '801 application. Some of these improvements are described in the following set of U.S. Patent Applications (“Co-pending Applications”), all filed Dec. 29, 1012, which are assigned to the present assignee and incorporated herein by reference: Ser. No. 13/730,761, Query System and Method to Determine Authentication Capabilities; Ser. No. 13/730,776, System and Method for Efficiently Enrolling, Registering, and Authenticating With Multiple Authentication Devices; Ser. No. 13/730,780, System and Method for Processing Random Challenges Within an Authentication Framework; Ser. No. 13/730,791, System and Method for Implementing Privacy Classes Within an Authentication Framework; Ser. No. 13/730,795, System and Method for Implementing Transaction Signaling Within an Authentication Framework.
Briefly, the Co-Pending Applications describe authentication techniques in which a user enrolls with authentication devices (or Authenticators) such as biometric devices (e.g., fingerprint sensors) on a client device. When a user enrolls with a biometric device, biometric reference data is captured (e.g., by swiping a finger, snapping a picture, recording a voice, etc.). The user may subsequently register the authentication devices with one or more servers over a network (e.g., Websites or other relying parties equipped with secure transaction services as described in the Co-Pending Applications); and subsequently authenticate with those servers using data exchanged during the registration process (e.g., cryptographic keys provisioned into the authentication devices). Once authenticated, the user is permitted to perform one or more online transactions with a Website or other relying party. In the framework described in the Co-Pending Applications, sensitive information such as fingerprint data and other data which can be used to uniquely identify the user, may be retained locally on the user's authentication device to protect a user's privacy.
A better understanding of the present invention can be obtained from the following detailed description in conjunction with the following drawings, in which:
Described below are embodiments of an apparatus, method, and machine-readable medium for authorizing a new authenticator. Throughout the description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. In other instances, well-known structures and devices are not shown or are shown in a block diagram form to avoid obscuring the underlying principles of the present invention.
The embodiments of the invention discussed below involve authentication devices with user verification capabilities such as biometric modalities or PIN entry. These devices are sometimes referred to herein as “tokens,” “authentication devices,” or “authenticators.” While certain embodiments focus on facial recognition hardware/software (e.g., a camera and associated software for recognizing a user's face and tracking a user's eye movement), some embodiments may utilize additional biometric devices including, for example, fingerprint sensors, voice recognition hardware/software (e.g., a microphone and associated software for recognizing a user's voice), and optical recognition capabilities (e.g., an optical scanner and associated software for scanning the retina of a user). The user verification capabilities may also include non-biometric modalities, like PIN entry. The authenticators might use devices like trusted platform modules (TPMs), smartcards and secure elements for cryptographic operations and key storage.
In a mobile biometric implementation, the biometric device may be remote from the relying party. As used herein, the term “remote” means that the biometric sensor is not part of the security boundary of the computer it is communicatively coupled to (e.g., it is not embedded into the same physical enclosure as the relying party computer). By way of example, the biometric device may be coupled to the relying party via a network (e.g., the Internet, a wireless network link, etc.) or via a peripheral input such as a USB port. Under these conditions, there may be no way for the relying party to know if the device is one which is authorized by the relying party (e.g., one which provides an acceptable level of authentication strength and integrity protection) and/or whether a hacker has compromised or even replaced the biometric device. Confidence in the biometric device depends on the particular implementation of the device.
The term “relying party” is sometimes used herein to refer, not merely to the entity with which a user transaction is attempted (e.g., a Website or online service performing user transactions), but also to the secure transaction servers implemented on behalf of that entity which may performed the underlying authentication techniques described herein. The secure transaction servers may be owned and/or under the control of the relying party or may be under the control of a third party offering secure transaction services to the relying party as part of a business arrangement.
The term “server” is used herein to refer to software executed on a hardware platform (or across multiple hardware platforms) that receives requests over a network from a client, responsively performs one or more operations, and transmits a response to the client, typically including the results of the operations. The server responds to client requests to provide, or help to provide, a network “service” to the clients. Significantly, a server is not limited to a single computer (e.g., a single hardware device for executing the server software) and may, in fact, be spread across multiple hardware platforms, potentially at multiple geographical locations.
In some instances, it may be useful to allow a new authenticator to be enabled using registered authenticators on existing client devices. For example, if the user purchases a new device with a new set of authenticators, it would be beneficial to provide the user with a way to automatically register all of the new authenticators using the existing authenticators.
The embodiments of the invention described below allow a user to authorize the authenticator(s) on a new client device using an existing/old, trusted client device that is registered with one or more relying parties. In particular, these embodiments may be used to enable new authenticators on new or existing client devices and keep the registrations in sync between multiple client devices.
In one embodiment, once the connection is established between the client with Aold 202 and the client with Anew 200, a secure protocol is implemented (described in detail below) to transfer and integrate the registration data from the old/existing client 202 to the new client 200. For example, in one embodiment, the old client 202 sends registration data to the new client 200 which then generates a new set of key pairs (e.g., one for each relying party) and sends the public keys back to the old client 202 along with an indication of the types of authenticators on the new client 200. The client with Aold then generates a signed authorization object (e.g., using the public keys, authenticator identification data, and user account data) which it sends to each respective relying party 250.
As illustrated in
As illustrated the new client 200 and the old client 202 both include secure storage 325 and 326, respectively, for storing the registration data for each relying party (e.g., public/private key pairs used during authentication). In addition, the relying party 250 includes a secure transaction database 325 for securely storing registration data for each of the client devices 200-202 (e.g., user account data, authenticator identification data, public keys provided by for each authenticator, etc.).
In one embodiment, the user initiates the authenticator authorization application 390 on the new client device 200 and the authenticator authorization application 390 on the old client device 202 to establish the initial secure connection. The authenticator authorization applications 390-391 may be mobile device apps or applications specifically designed to perform the authorization operations described herein. In another embodiment, the authenticator authorization applications may be browser plugins executed in response to the user indicating that he/she wishes to perform authorization (e.g., via a web page with embedded Javascript or other applet or executable program code). Moreover, the authenticator authorization applications 390-391 may be software modules within a larger application such as an authentication application designed to manage authentications with relying parties. It should be noted, however, that the underlying principles of the invention are not limited to any particular implementation of the authenticator authorization applications 390-391.
In one embodiment, to approve the authorization operations on the old device 202, the user is verified by the authentication engine 311 on the old device (e.g., providing biometric input to a user authentication device 322-323). Similarly, in one embodiment, the user may be verified by the authentication engine 310 on the new client device 200. These two verification steps may provide authorization for the authenticator authorization applications 390-391 to perform the authorization process.
As mentioned, at the start of the authorization process, the authenticator authorization applications 390-391 establish a secure connection (e.g., using Bluetooth, WiFi, etc.). In one embodiment, the authenticator authorization application 390 on the new client device 200 receives a set of registration data for each relying party with which the old client device 202 is registered. The registration data may include usernames and a unique code associated with the user's account on each relying party. This unique code associating the user with each relying party is sometimes referred to herein as an “AppID.” In some embodiments, where a relying party offers multiple online services, a user may have multiple AppIDs with a single relying party (one for each service offered by the relying party).
In one embodiment, the authenticator authorization application 390 on the new client 200 then generates a new public/private key pair for each relying party (e.g., one for each Username+AppID pair). The authenticator authorization application 390 on the new client 200 sends the authenticator authorization application 391 on the old client 202 the key pair (or just the public key) along with an authenticator ID identifying each new authenticator type (e.g., an Authenticator Attestation ID or “AAID”). The user may then be prompted to confirm the authorization of the new authenticator(s).
In one embodiment, the authenticator authorization application 391 generates a signed authorization object comprising a signature over the tuple of the AAID, the public key and the AppID for each relying party. In one embodiment, the signature is generated using the current authentication key associated with the relying party (e.g., a private key associated with the old authenticator for the relying party). The authenticator authorization application 391 then authenticates to each of the relying parties (e.g., via the old authentication engine 311 and one or more old authenticators 322-323) and includes the signed authorization object as an extension to one of the authentication messages.
Upon receiving the signed authentication message, the secure transaction service 304 may then verify the signature (e.g., using the public key corresponding to the private key used to generate the signature). Once verified, it may identify the user's account with the AppID and store the new AAID and the new public key for the new authenticator(s) within the secure transaction database 325. The user may subsequently authenticate using the new authenticators 320-321 without re-registering with each relying party 250.
Although illustrated in
One embodiment of a method for authorizing a new authenticator is illustrated in
At 401, the user triggers the authorization of one or more new authenticators (Anew) and establishes a secure communication channel with the old authenticator(s) (Aold). As mentioned, the secure communication channel may be established via a direct connection (e.g., via NFC, Bluetooth, etc.) or over a network (e.g., via an Ethernet or WiFi connection).
At 402, the new authenticator receives a username and user/relying party ID code for each relying party.
At 403, the new authenticator generates a public/private key pair for each username/AppID pair (e.g., for each unique relying party account).
At 404, the old authenticator receives the key pairs and an authenticator attestation ID code identifying the type of each new authenticator (e.g., an AAID). The user may then be asked to confirm the authorization operation.
At 405, the old authenticator generates a signed authorization object comprising a signature over the tuple of the AAID, the public key and the AppID for each relying party. As mentioned, the signature may be generated using the current authentication key associated with the relying party (e.g., a private key associated with the old authenticator for the relying party).
At 406, the old authenticator authenticates to each relying party and includes the signed authorization object as an extension to the authentication message. Once this operation is successfully completed, the user may then authenticate with each relying party using the new device and/or new authenticators.
In one embodiment, each relying party R1-Rn can choose whether or not to accept the new authenticator 501. For example, if the AAID indicates an authenticator type which is not sufficiently reliable or accurate, then the relying party may choose to deny the new registration. Thus, each relying party may maintain an authenticator database (i.e., Metadata) containing data for all known authenticators (e.g., identified by AAID). It may then query the database in response to receiving the authorization object from the old authenticator, determine the characteristics of the new authenticator, and determine whether those characteristics are acceptable.
In one embodiment of the invention, an authenticator can specify a more generic “confirmation” method, where the authenticators may be indirectly controlled by the same entity, but still belong to different users. For example, in
It should be noted that the term “relying party” is used herein to refer, not merely to the entity with which a user transaction is attempted (e.g., a Website or online service performing user transactions), but also to the secure transaction servers implemented on behalf of that entity which may perform the underlying authentication techniques described herein. The secure transaction servers may be owned and/or under the control of the relying party or may be under the control of a third party offering secure transaction services to the relying party as part of a business arrangement. These distinctions are indicated in
In particular,
Turning to
While the secure storage 720 is illustrated outside of the secure perimeter of the authentication device(s) 710-712, in one embodiment, each authentication device 710-712 may have its own integrated secure storage. Additionally, each authentication device 710-712 may cryptographically protect the biometric reference data records (e.g., wrapping them using a symmetric key to make the storage 720 secure).
The authentication devices 710-712 are communicatively coupled to the client through an interface 702 (e.g., an application programming interface or API) exposed by a secure transaction service 701. The secure transaction service 701 is a secure application for communicating with one or more secure transaction servers 732 over a network and for interfacing with a secure transaction plugin 705 executed within the context of a web browser 704. As illustrated, the Interface 702 may also provide secure access to a secure storage device 720 on the client 700 which stores information related to each of the authentication devices 710-712 such as a device identification code, user identification code, user enrollment data (e.g., scanned fingerprint or other biometric data), and keys used to perform the secure authentication techniques described herein. For example, as discussed in detail below, a unique key may be stored into each of the authentication devices during registration and used when communicating to servers 730 over a network such as the Internet.
Once the user has enrolled with an authentication device on the client 700, the secure transaction service 701 may register the authentication device with the secure transaction servers 732-733 over the network (e.g., using the registration techniques described herein) and subsequently authenticate with those servers using data exchanged during the registration process (e.g., encryption keys provisioned into the biometric devices). The authentication process may include any of the authentication techniques described herein (e.g., generating an assurance level on the client 700 based on explicit or non-intrusive authentication techniques and transmitting the results to the secure transaction servers 732-733).
As discussed below, certain types of network transactions are supported by the secure transaction plugin 705 such as HTTP or HTTPS transactions with websites 731 or other servers. In one embodiment, the secure transaction plugin is initiated in response to specific HTML tags inserted into the HTML code of a web page by the web server 731 within the secure enterprise or Web destination 730 (sometimes simply referred to below as “server 730”). In response to detecting such a tag, the secure transaction plugin 705 may forward transactions to the secure transaction service 701 for processing. In addition, for certain types of transactions (e.g., such as secure key exchange) the secure transaction service 701 may open a direct communication channel with the on-premises transaction server 732 (i.e., co-located with the website) or with an off-premises transaction server 733.
The secure transaction servers 732-733 are coupled to a secure transaction database 740 for storing user data, authentication device data, keys and other secure information needed to support the secure authentication transactions described below. It should be noted, however, that the underlying principles of the invention do not require the separation of logical components within the secure enterprise or web destination 730 shown in
As mentioned above, the underlying principles of the invention are not limited to a browser-based architecture shown in
In either of the embodiments shown in
Even after many years of IT innovations, passwords are still the most widely used authentication method. However, neither users nor service providers handle passwords appropriately, making this form of authentication inherently insecure. On the other hand, more than 1 billion Trusted Platform Modules (TPMs) and more than 150 million secure elements have been shipped; microphones and cameras are integrated in most smart phones and fingerprint sensors and Trusted Execution Environments (TEEs) are on the rise. There are better ways for authentication than passwords or One-Time-Passwords (OTPs).
In 2007, the average user had 25 accounts, used 6.5 passwords and performed logins 8 times a day. Today, things are much worse. An analysis of 6 million accounts showed that 10,000 common passwords would have access to 30% of the accounts (Burnett, 2011). Even when looking at passwords for banking accounts, it can be found that 73% of users shared their online banking password with at least one non-financial site (Trusteer, Inc., 2010), which means that when the non-banking site gets hacked, the banking account is threatened.
Several proposals to replace passwords have been made, including silos of authentication, heterogeneous authentication, and trustworthy client environments.
Silos of Authentication: Current alternative technologies require their respective proprietary server technology. The current authentication architecture therefore consists of silos comprising the authentication method, the related client implementation and the related server technology.
Innovative authentication methods proposed by the research community are not widely deployed, as in addition to the client implementation the complete server software needs to be implemented and deployed. Instead of having a competition for better user verification methods, authentication companies are faced with a battle for the best server technology.
Heterogeneous Authentication: Users may authenticate using standalone PCs, tablets or smart phones. The employer may control some devices while others may be controlled by the user (David A. Willis, Gartner, 2013). Increased adoption of mobile devices and the BYOD trend lead to an increasingly heterogeneous authentication landscape. The one authentication method satisfying all needs seems to be out of reach.
Trustworthy Client Environment: Client side malware may capture and disclose passwords or OTPs. It may alter transactions to be confirmed after being displayed or it can misuse authenticated communication channels to perform unintended actions. Authentication—even with user name and password—needs at least one trustworthy component at the client side.
Today the alternatives to password or OTP-based authentication do not scale. This is primarily due to sub-optimal combinations of authentication building blocks. To address this limitation, one embodiment of the invention identifies canonical building blocks which can be implemented in various different ways and still lead to a well-known and functional authentication system—suitable for integration within existing platform functionality.
The recent large-scale attacks on passwords were all focused on the server side. Such attacks are independent from the effort and from the security measures users take. In the attack classification illustrated in
In one embodiment of the invention, instead of storing hashed passwords having relatively low entropy, asymmetric public keys may be stored on the server and the related private key may be stored in the device. Computing the private key from a given public key is very resource consuming as it requires factoring (RSA) or solving the discrete logarithm problem (DSA/ECDSA). The private key at least should be protected against malware attacks. In one embodiment, this is accomplished using Trusted Execution Environments (TEEs) or Secure Elements (SEs) on the client device.
Given that most client devices are always online, instead of extracting the private key, malware may simply attempt to misuse it. In order to protect against such attacks, (a) the access to use the key should be limited to eligible apps and (b) some kind of user interaction which cannot be emulated by malware is required. TrustedUI (GlobalPlatform, 2013) can be used to implement such kind of user interaction. Note that Secure Elements typically do not have a user interface and hence do not provide this kind of protection.
When implementing the protection measures as described above, the authentication is secure. However, attackers may then focus on attacking the App which controls the authenticated session. Existing PC infection rates (APWG, 2014) demonstrate the feasibility of these types of attacks. When having an Authenticator with higher protection than current Mobile Apps, this Authenticator can be used for displaying and retrieving a user's confirmation for a particular transaction. In such a case, infected Apps could lead to (a) malicious transactions being displayed which would be rejected by the user or (b) signed transactions which would be modified after signing, which would be detected by the server. This is the second use-case for the TrustedUI implementation.
In one embodiment, Secure Elements are used to protect against physical key extraction. The underlying chip hardware for SE typically implements state-of-the-art protection measures against physical attacks. (Dr. Sergei Skorobogatov, University of Cambridge, 2011). In addition, in one embodiment, TrustedUI or other dedicated user verification hardware such as Fingerprint sensors may be used to meet the need for physical user interaction.
If an attacker gains physical access to a device, the attacker could try to misuse the key instead of extracting it. In order to protect against such attacks, an effective user verification method is used which has a low false acceptance rate, good anti-spoofing methods and anti-hammering mechanisms (i.e., to effectively limit the number of potential brute-force attempts).
Given that scalable attacks are predominant, one embodiment focuses on counter-measures for physical attacks after implementing the counter-measures for the scalable attacks.
Having good protection for attestation on the client side is beneficial, but in reality the remote party (i.e., the server side) is also interested in understanding the security being used. Consequently, one embodiment of the invention “attests” the client-side security properties to the remote server. In order to be effective, these attestation techniques need to be at least as strong as the client side protection.
For practical solutions, the privacy of attestation is also important. Methods like direct anonymous attestation (DAA) are a good choice. Unfortunately, the original DAA method was too slow when implemented on standard hardware. The improved pairing-based DAA scheme is much faster. It has been adopted by TCG for TPMv2 (Liqun Chen, HP Laboratories and Jiangtao Li, Intel Corporation, 2013).
A typical signature consist of a to-be-signed object controlled by the App and a signature computed using the private key. So to the verifier, any data in the to-be-signed object is only as trustworthy as the App controlling the contents of the to-be-signed object.
As illustrated in
The illustrated implementation is more secure than existing systems because exclusive control of the key 905 is granted to the Authenticator 902 (instead of being granted to the app 901). In one embodiment, the to-be-signed object, exclusively controlled by the Authenticator 902 has a “slot” reserved for data controlled by the App 901 (identified as “App Data” in
In one embodiment, a set of canonical building blocks are defined that can be used to assemble an authentication system such as shown in
Not all building blocks need to be present. Authentication systems can be built even using only building block #1. The other building blocks can be added as needed. The overall security and usability characteristic depends on the specific implementations of the building blocks used.
The remote party has access to metadata 1004 which it uses to verify the attestation object. The authenticator may be implemented as a physically separate entity (e.g. crypto SD-card, USB crypto token, etc.), but could also be physically embedded into the client-side platform (e.g. in an embedded secure element, TPM, TEE).
The authenticator 1001 may optionally have the capability of verifying a user. However, the underlying principles of the invention are not limited to any specific user verification method. However, the remote party can learn the user verification method by looking into the attestation object and the metadata 1004.
The embodiments of the invention do not rely on any specific wire-protocol or protocol message encoding. The only requirement is that the assertions generated by the authenticator 1001 such as the attestation object and the attested signature object need to be “understood” by the remote party 1003. The concrete wire format may depend on the specific platform.
This section is intended to give a first impression on how these canonical building blocks could be used.
In current authentication frameworks such as the FIDO UAF specification, the client is quite “heavy”. With the approaches described herein, the client can easily be split into two parts: (1) an application software development kit (AppSDK) performing all of the protocol related tasks (which are too specific to be implemented in a platform) and (2) a platform functionality that implements the security related tasks such as binding a key to a set of software applications. With this approach, a client such as the FIDO client being a separate entity disappears.
The following is an example of a FIDO UAF being implemented on an Android platform extended to support these canonical building blocks.
AttestationType: No need to set it explicitly. All Android Apps will know that they can only use the Android-Attestation method (e.g. through a FIDO AppSDK).
AAID: A unique identifier for each class of authenticator (e.g., an “authenticator attestation ID” as described above). Essentially the AAID is reduced to some Android KeyStore Implementation using a user verification method specified when creating the key. The Key Store will lookup the AAID based on the user verification method (and the static knowledge about its own KeyStore crypto implementation).
Username: One embodiment allows the mobile app (through the AppSDK) set the KeyAlias to the concatenation of the keyID and the username if present.
AppID: Is addressed using the appID binding (if supported).
In summary, one embodiment of the invention includes a system for authenticating a client-side authenticator to a remote party, that includes:
Additionally, the authenticator might be known to restrict the use of the authentication private key to perform cryptographic signature operations on well-defined to-be-signed objects only. This well-define to-be-signed object contains data fields controlled by the authenticator and one or more data fields which are clearly marked to contain arbitrary data (not controlled by the authenticator). The authenticator might indicate such objects by starting them with a magic number MN followed by the well-defined data structure. This signature operation is called “attested signing” herein. This magic number MN can be chosen freely, but it needs to be fixed and well known. One example on how to set this magic number is “ATTESTED_SIGNATURE”.
In addition, in one embodiment, the client side authenticator has the ability to verify a user using an arbitrary user verification method and in which the properties of this user verification method are static (i.e. they do not change over time for any authenticator) and described in the Metadata. The user verification method may be arbitrarily complex and even consist of multiple biometric and non-biometric modalities (e.g., PIN or fingerprint, speaker recognition in combination with PIN/ Fingerprint, facial recognition, etc.).
Moreover, in one embodiment of the system, (a) the key may only be used for attested signing and (b) the authenticator has the ability to verify a user using a user verification method in which the properties of the user verification method are described in the data fields controlled by authenticator (e.g., in the attested signature). Note the user verification method might be arbitrarily complex and even consist of multiple biometric and non-biometric modalities (e.g., PIN or fingerprint, speaker recognition in combination with PIN/ Fingerprint, facial recognition, etc.).
In one embodiment, access to the private authentication key 905 is limited to a specified set of applications. In addition, the set may be restricted to applications considered equivalent by the platform (e.g. operating system). As an example, access to the authentication key could be restricted by the operating system to the applications signed using the same package signing key as the application which triggered the key generation. Moreover, the set of applications may include applications considered equivalent by the application developer through a list of application facets which are considered equivalent.
In yet another embodiment, the authenticator 902 supports securely displaying a transaction text and asking the user for confirming (or rejecting) this particular transaction. The transaction text may be cryptographically bound to the attested signature (i.e. a cryptographic hash of the transaction text will be included in one of the fields controlled by the authenticator).
One embodiment of the invention implements the security related tasks of the FIDO UAF/U2F stack (which do not belong to the authenticator) on a platform (e.g. the OS or the web browser) and leaves the implementation of the other protocol handling tasks to the app and thus removes the need to implement specific protocols in the platform (i.e., removing the need of having a FIDO Client).
Today, any user may enroll to a new FIDO authenticator or device having a key store that is being shipped/purchased, including both the legitimate owner and a potential attacker. In general, FIDO authenticators and devices having a key store are bound to a user (i.e., the user enrolls to the authenticator/device) once the user first receives physical access to the device. This is in contrast to smartcards (e.g. EMV banking cards and SIM cards) which are personalized for a user before delivery. This personalization typically includes a user specific personal identification number (PIN).
Sometimes the user has already been identified/vetted before a FIDO authenticator (or device having a key store) is shipped. It would be desirable to leverage the identity vetting performed at a shop (or some other place) and to bind the authenticator to a user before the authenticator actually reaches the user. The embodiments of the invention provide techniques to address this desire.
In one embodiment, it is assumed that some trusted identification system already has access to (a) the user verification reference data (e.g. biometric templates, or a PIN), or (b) to some data from which the user verification reference data can be derived, or (c) to some data which is tied to the user through some other system. For example a copy of the user's facial image taken from a photo-ID card verified in some branch office, or a photo of the user's fingerprint taken from a governmental identification database or through a SIM card tied to the authenticator and bound to the account owner by the mobile network operator (MNO). Approach (a) works for “what-you-know” factors; approach (b) for “what-you-are” factors; and approach (c) works for “what-you-have” factors, as described below.
One embodiment includes some form of secure communication channel to the authenticator allowing a single and initial injection of user verification reference data into the authenticator (i.e., in a state in which there is no other user verification reference data being enrolled by someone). The secure communication channel could be a Trusted Service Manager (TSM) securely talking to a SIM-card based authenticator, or the TSM securely talking to the Trusted Execution Environment (TEE)-based authenticator, or it could be implemented by some secret or private key used by the authenticator for decrypting such data. In any case, one embodiment of the authenticator may include a pre-processing engine, which converts the initial reference data to the form required by the authenticator. Note that this pre-processing may also be done by the trusted system.
Subsequently, at 1101, the user verification data is securely provided to the user 1112. For example, the identification code may be mailed to the user in a tamper resistant or tamper evident (e.g. sealed) envelope. Alternatively, the relying party 1114 may provide the identification code to the user 1114 at the store where the user purchases the device. At 1102, the IUVRD is provided over a secure communication channel from the relying party 1114 to the authenticator 1110 (e.g., at the store and/or encrypted using a key or key pair known by the relying party 1114 and authenticator 1110). In one embodiment, the communication may be encrypted to the authenticator model/instance to prevent misuse. At 1103 the authenticator user UA 1111 is prompted to enter the verification data when registering the authenticator 1110 for the first time with a relying party 1115. In one embodiment, the authenticator 1110 comprises a FIDO authenticator and the relying party 1115 comprises a FIDO server. If the user 1111 enters the correct verification code, then the authenticator 1110 may include this as proof of the identity of the user 1111 in the transactions with the relying party 1115 (e.g., when registering the authenticator 1110 with the relying party). In addition, in one embodiment, the relying party 1115 may perform a lookup in the identity database to confirm the identity of the authenticator 1110 and/or authenticator user UA 1111.
One embodiment of the described authenticator 1110 supports a new IUVRD, a one-time-UVRD, and/or a one-time Identity-Binding-Handle (OT-IBH) extension for FIDO registration. This extension includes the encrypted user verification data (or data from which the user verification data can be derived or the hashed or encrypted identity binding handle).
In case of the IUVRD extension, if no user is enrolled already, the authenticator 1110 will use this data as the initial user verification reference data (IUVRD) and treat the user being enrolled with this data. In one embodiment, the authenticator 1110 proceeds as specified in the FIDO specifications (e.g., verifying the user, generating the Uauth key pair specific to the AppID/relying party ID, generating the registration assertion and signing it with the attestation key). Additionally, one embodiment of the authenticator 1110 includes an extension containing a success indicator in the signed registration assertion to indicate that the data has indeed been used by the authenticator (and the relying party 1115 can assume the related user being enrolled to that authenticator). This result indicator could be a simple Boolean value (i.e. extension processed or not) or it could be a cryptographic hash value of the extension passed to the authenticator 1110. The latter is relevant if the extension includes a value encrypted to the authenticator 1110 but not authenticated by the originator (e.g. asymmetric encryption of a PIN). If some user is already enrolled to the authenticator 1110, the authenticator will not process the IUVRD extension and consequently also not include it in the response assertion.
In case of the One-Time-UVRD extension used in one embodiment, the user verification reference data included in the extension is applicable to exactly the registration operation it belongs to. In the case of the OT-IBH extension, the extension includes the nonce and potentially an additional identifier followed by the hash of the handle H concatenated with some nonce and potentially some additional Identifier ID. Stated more formally: OT-IBH=(Nonce, ID, Hash(H|Nonce|ID)).
The embodiment illustrated in
In this example, relying party 1114 may be a mobile network operator which has already vetted the account owner and issued them a SIM (or personalized an embedded SIM; in general, a “what-you-have” token). The MNO also receives (through the mobile network) a device identifier (e.g., an International Mobile Equipment Identity, IMEI) and authenticates the SIM (and hence the International Mobile Subscriber Identity IMSI tied to it). As a result, the MNO already has a good understanding of the account owner tied to a specific mobile device. If the authenticator is bound to such a mobile device, this existing identity binding may be leveraged for the registration of the authenticator 1110.
The FIDO specifications carefully avoid exposing any global correlation handle through the authenticator 1110. So instead of just letting the authenticator add the IMEI or the IMSI as an extension to the registration assertion or the signature assertion, one embodiment of the invention uses a different approach.
In the OT-IBH approach, the existence of some handle H is assumed which is tied to the user (e.g., through an IMSI or IMEI or both). Such handle H being cryptographically authenticated or encrypted may even be supported (e.g. H=MAC(IMEI|IMSI) or H=Enc(key,IMEI|IMSI)). This handle H is owned by the Mobile Network Operator issuing the SIM.
As this handle H doesn't depend on any specific relying party (RP) H may be considered a global correlation handle. For privacy reasons such global correlation handles should not be known by multiple relying parties. In order to achieve this, one embodiment derives a relying party specific handle from it: Hd=Hash(H|Nonce|IDrp), where IDrp is a relying party identifier and where the nonce and the IDrp are provided by the owner of H. The nonce is some random value and IDrp is some identifier tied to the relying party wanting to leverage the identity binding performed by the MNO.
The derived handle Hd could be issued by the MNO to some RP using a backend service to which the RP would provide some user identifying information IDu (e.g. the MSISDN) which the user could have provided directly or which the RP App could have retrieved through some existing native API on the device.
The embodiment described above is more secure compared to using H as bearer token as the authenticator cryptographically binds H to an assertion generated by a specific authenticator. This protects against man in the middle (MITM) attacks and hence allows the lifetime of H to be extended.
This embodiment is also more privacy preserving as the authenticator 1410 will not reveal H; it will just allow an app 1412 to verify H if the app receives access to H through other means such as a contractual relationship to the entity issuing H (e.g., the MNO) or via some API available to the app 1412 on the mobile device 1411 (to which the user grants access permission).
The following exemplary use cases may be implemented. It should be noted, however, that the underlying principles of the invention are not limited to these specific use cases.
In some branch office/shop a user may be vetted by an identification system using for example an electronic ID card reader, fingerprint scanner, or camera. The identification system verifies the authenticity of the ID card (if ID cards are being used) and then converts the captured data (captured from the user directly or captured from some trusted credential such as a government-issued ID card) into the format required by the authenticator.
The identification system encrypts the IUVRD data (as described above) and stores it along with the customer order for the authenticator. The order details are sent to a fulfillment center and the authenticator is shipped to the customer.
Once the customer uses the authenticator for the first time, it will automatically trigger the registration of this authenticator to the server providing the order number (or a similar identifier) allowing the server to understand the prospective user. The server will then add the appropriate IUVRD extension to the FIDO registration request and the authenticator will process the registration request as specified above.
If the user is at home and orders the authenticator online, the user may provide a scan of his/her photo ID card as proof of identity. The identification system at the server side verifies the integrity of the scan and extracts the IUVRD from it. Proceed as in use Case 1, with the identification system verifying authenticity.
Similar to Use Case 2 but using a PIN and a PIN-based authenticator (e.g. based on the SIM) or an authenticator supporting a PIN and some other user verification method(s).
Sometimes the device and/or an entity tied to a device (e.g., something the user has such as a SIM card) are already bound to a user (e.g. mobile phone account owner). This binding may already be represented by some generic handle H (e.g., some bearer token, and/or a global correlation handle like the user's phone number or the device IMEI and potentially even encrypted or hashed like MAC(phone #+IMEI) or HMAC(MSN+IMEI), for example, which is owned by one specific relying party (e.g., the MNO). Instead of revealing such handle H to some relying party directly via the authenticator one embodiment allows the relying party to ask the authenticator in a privacy-friendly way whether the authenticator is somehow tied to this handle H. See section OT-IBH for details.
Because at least one embodiment described above works only once for an unused authenticator (unless a reset to factory defaults is performed), it only allows the authenticator vendor (not necessarily the manufacturer) to effectively use it at the beginning. In one common implementation this will be a mobile network operator selling authenticators bound to smartphones. The “One-Time-UVRD” embodiment allows the use of this approach by the authenticator manufacturer at any time and the “Select-UVM” embodiment allows the use of this approach by any RP or potentially limited to specific ones.
Multiple cryptographic implementation options are possible. In one embodiment, a symmetric encryption key for the IUVRD/One-Time-UVRD/OT-IBH is shared between the authenticator and the identification system. In this case the IUVRD/One-Time-UVRD/OT-IBH would be protected by authenticated encryption. Alternatively, an asymmetric encryption/decryption key may be used inside the authenticator combined with an asymmetric public key as trust anchor. The IUVRD/One-Time-UVRD/OT-IBH may be signed by the identification system and then encrypted using the public encryption/decryption key. In both cases it may be assumed that the key is authenticator specific in order to prevent replay attacks to other authenticators.
The privacy impact is minimal when the RP is enabled to perform identity binding for its own Uauth key. The IUVRD extension allows the first RP to perform an identity binding to the authenticator if it owns cryptographic material specific to the authenticator.
The One-Time-UVRD extension allows any RP to do an identity binding to the authenticator if it owns cryptographic material specific to the authenticator.
The OT-IBH implementation allows any RP which is provided with access to the handle H through some other existing means (e.g., some native API already available to the App or through some backend-API to the RP “owning” handle H) to cryptographically verify whether the authenticator is indeed bound to it.
In one embodiment, one or more of the following privacy policies are followed. At no time are private Uauth keys exposed outside the authenticator boundary. At no time are user verification reference data enrolled by the user to the authenticator revealed by the authenticator. At no time does the authenticator reveal the number or names of relying parties it is registered to. At no time does the authenticator reveal any global correlation handle. At no time is it possible for any RP to modify user verification reference data for existing keys.
It is possible for the RP to query the authenticator to determine whether it is tied to some user (specified by the extension). However, the user is involved in such a query (through user verification) and—depending on the authenticator model—might also learn the name of the related RP.
Current FIDO specifications (UAF, U2F and FIDO2/Web Authentication) expect authentication keys (e.g., Uauth keys) to be dedicated to an individual authenticator instance. Users can register multiple authenticators to each account/relying party. If a user loses any (but the last registered) authenticator, they can simply authenticate with one of the remaining authenticators and then register a new/replacement authenticator.
In reality there are two pain points for users. First, if a user loses a last registered authenticator, then the relying parties need to push the user through an account recovery procedure. Account recovery is a painful process, potentially even involving out of band checks. Account recovery is sometimes also a risky process and less secure/trustworthy than FIDO authentication.
In addition to registering the new authenticator, a user also must deregister the lost/stolen authenticator at each relying party individually and register a new authenticator at each relying party. The process of registering a new authenticator or deregistering an old authenticator can be painful as users often have multiple accounts.
The embodiments of the invention described herein address the above issues using a client-side biometric solution.
One approach is to keep each Uauth key dedicated to one authenticator and to propose a standardized registration/deregistration API for relying partys for automatically adding/removing authenticators (as described above with respect to certain embodiments). However, standardizing web APIs across relying parties is challenging and requires time. As such, success is not guaranteed.
One embodiment of the invention extends the implementations described above to share keys across multiple authenticators.
Registering additional authenticators requires one manual operation per relying party. This manual operation might even include multiple steps (e.g. open app, click on register additional authenticator, perform user verification). This is the traditional FIDO model which is known in the art.
In one embodiment of the invention, the user uses different authenticator instances of the same model (e.g., identified by the AAID/AAGUID). According to the FIDO specification, such authenticator would have similar security characteristics—no authenticator provides lower security than claimed in the Metadata Statement. So, for example, the class of authenticators could claim Trusted Execution Environment (TEE) security and some implementations may actually even use a secure element for key protection. More specifically, one authenticator may be bound to a smartphone using TEE for key protection, matcher protection and transaction confirmation display and may use a fingerprint as the user verification method. Another authenticator sharing that AAID might be implemented as a smart card with integrated fingerprint sensor and eInk transaction confirmation display and using a secure element for key and matcher protection.
Additionally these authenticators may allow the user to:
In one embodiment, the authenticator supports FIDO functions (e.g., it has a FIDO attestation key and supports the generation of FIDO Uauth keys). It should be noted, however, that the underlying principles of the invention are not limited to a FIDO implementation.
Using the above approach, new authenticators may be readily added to the group with a single operation. The join process can be performed independently from the Cloud service. However, one drawback is that if the user loses his last registered authenticator, a full account recovery needs to be performed, which is burdensome on the user.
One embodiment of the invention is similar to the approach described above with one difference being that the symmetric wrapping key (WK) may be derived from a password provided by the user. In particular, step (d) above is supplemented with the ability to overwrite the current WK with a WK derived from a password (e.g., via a dedicated API function). In one embodiment, the password is always entered on the authenticator's secure display.
In addition, in one embodiment, step (h) above is modified as indicated by the bolded portions of the following paragraph. In particular, the key synchronization logic 1520 will return the concatenation of the server provided Nonce, the Group-ID 1502, the WKEK 1503, and the hash of the internal persistent memory first signed by the attestation key 1506 and then encrypted by the CSEK 1501 (sync pull request). This function is triggered by an external module (e.g. ASM, authenticator configuration App). Once received by the cloud service, it decrypts the block, verifies the attestation signature and compares the state hash with the hash received along with the latest data block. This method (in combination with encryption to WKEK) allows the cloud service to restrict access to the wrapped memory block to authenticators having the correct model (e.g., protecting against brute force attacks on the password by other authenticators/attackers). If it differs it returns the sync pull response, i.e., the latest wrapped data block encrypted by WKEK 1503, otherwise it returns “no change” code.
Aside from the differences highlighted above, the remaining operations from (a-j) are performed as previously described.
With the approach described above, it is easy to add a new authenticator to the group with a single operation. If the user loses the last authenticator, he can recover the by providing his password. Brute force attacks on the password are prevented by encrypting the wrapped memory block using the respective authenticated WKEK. However, one drawback is that the Cloud service provider still has access to the wrapped memory block and hence could brute force the password.
In one embodiment, to address the above limitation, the wrapped data and the CSEK 1501 private key is protected by a special authentication module 1540 used by the Cloud service 1550. This authentication module is a unique kind of authenticator with the following features:
As a consequence, this Cloud authenticator module 1540 can be joined to the group like any other authenticator can.
One embodiment of the invention is similar to the previous approach but with additional techniques for enrolling with a Cloud service and using a cloud-based join-authenticator. These new techniques are highlighted in bold. In this embodiment, each authenticator:
With this approach, adding a new authenticator to the group with a single operation is realitvely easy. If the user loses his last authenticator, he can recover the by providing his password. Brute force attacks on the password are prevented by encrypting the wrapped memory block using the respective authenticated WKEK. The cloud service provider would have to break the cloud-based join-authenticator in order to brute force the password. As a consequence the cloud-based join-authenticator should use secure element based security. Its security is reflected by the attestation statement.
Unfortunately, the user cannot revoke individual authenticator members of his/her recovery group.
This approach supplements the previous approach as follows. Each authenticator (except the cloud-based join-authenticator), will delete its persistent private key storage (WK, WKEK, Uauth keys, etc.), except the attestation private key after a configurable time period, unless the authenticator persistent storage is re-synchronized to the cloud storage. As a consequence, the authenticator needs a reliable internal clock/ticker.
The user has the ability to remove individual authenticators from the group via the cloud storage. If an authenticator has been removed, it cannot be synchronized any longer.
This approach supplements the previous approach as follows (with key features highlighted in bold). The authenticator supports another API function to retrieve a sync-pull-request (given a Nonce value retrieved from the cloud service) from an authenticator. The authenticator will return the sync pull response, i.e., the concatenation of the server provided Nonce, the Group-ID 1502, WKEK 1503 and the hash of the internal persistent memory first signed by the attestation key and then encrypted by the CSEK 1501 (sync pull request). This function is triggered by an external module (e.g. ASM, authenticator configuration App). Once received by the cloud service 1550, it decrypts the block, verifies the attestation signature and compares the state hash with the hash received along with the latest data block. It returns the sync pull response, i.e. the latest wrapped data block encrypted by WKEK 1503. In one implementation, the cloud service 1550 increments a mismatch counter if the hash doesn't match. Very high counter values indicate increased risk.
In one embodiment, the authenticator supports an API function to process the sync-pull-response. The authenticator decrypts the block using its private WKEK and then unwraps the data using the symmetric wrapping key WK. It both operations are successful, the authenticator updates its internal persistent storage accordingly and resets its internal need-cloud-sync ticker.
With this approach it is easy to add new authenticator to the group with a single operation. If the user loses his last authenticator, he can recover the by providing his password. Brute force attacks on the password are prevented by encrypting the wrapped memory block using the respective authenticated WKEK.
The cloud service provider would have to break the cloud-based join-authenticator in order to brute force the password. As a consequence, the cloud-based join-authenticator should use secure element based security. Its security is reflected by the attestation statement.
In addition, in this particular embodiment, the user can “revoke” individual authenticator members of his recovery group by removing them from the group.
Instead of using a Cloud service, one embodiment of the invention uses a dedicated chip card (ICC), illustrated in
Depending on the settings, the secure storage interface 1610 may remember the authenticator model (AAID, AAGUID) or a model with similar security characteristics (e.g. keys+matcher TEE protected, etc.) and will only restore the data to an identical model or model with comparable security characteristics.
In one embodiment, the authenticator Aj will only backup keys to a DMC 1601 with acceptable security characteristics, e.g., having a model configured in the authenticator. The DMC 1601 will only restore keys into authenticators with acceptable security characteristics, e.g., having the same model as the original authenticator. The security mechanisms may be implemented using authenticator/DMC attestation.
In one embodiment, a second authenticator may act as a DMC (e.g. via NFC+BLE). For example, in
In one embodiment, the DMC is like a traditional (external) authenticator. Consequently, the DMC and each authenticator supporting it may perform the same key synchronization techniques described above for joining and managing a join block or trust block.
For example, in one embodiment, an authenticator can be “enrolled” to the DMC. This may be accomplished with a FIDO registration in which the user takes one authenticator and registers it to the DMC. The user additionally provides an identifier (e.g. his email address) to identify his partition in the DMC (only required if the DMC supports multiple partitions). Moreover, the DMC may create a “partition” for the registered authenticator (if it supports multiple partitions, otherwise it uses its only pre-configured partition). This partition is identified by the related Uauth public key. Each “partition” has its own set of persistent data (including key material).
An authenticator can also be “enrolled” to an existing partition of the DMC (recovery join). The user enters his identifier (e.g. email address) for an existing partition and registers one authenticator to the DMC. Note that this authenticator is not approved yet. The only action the user can trigger is a join process using this authenticator as Aj (and the DMC is a join-authenticator as Ag). This process will only succeed if the AAID of this authenticator is identical to the AAID of the Authenticator originally creating this partition.
In addition, one embodiment, there is an API function that can ask an authenticator to join an existing authenticator group. This function is also supported by the DMC join-authenticator. The user first asks the DMC join-authenticator to join the group (initialized by the authenticator first “enrolled” to the cloud service. In this case, the DMC join-authenticator plays the role of Aj and the user's initial authenticator the role of Ag. Ag authenticates to the DMC and calls Aj.join API function. The DMC passes the AAID of Ag to Aj while calling the API function. Aj responds with the join block (see above). Ag performs step h below and sends the join-response block to Aj. Aj then stores the Group-ID and WK in the related “partition”.
As illustrated in
According to one embodiment of the invention, the exemplary architecture of the data processing system 1800 may be used for the mobile devices described above. The data processing system 1800 includes the processing system 1820, which may include one or more microprocessors and/or a system on an integrated circuit. The processing system 1820 is coupled with a memory 1810, a power supply 1825 (which includes one or more batteries) an audio input/output 1840, a display controller and display device 1860, optional input/output 1850, input device(s) 1870, and wireless transceiver(s) 1830. It will be appreciated that additional components, not shown in
The memory 1810 may store data and/or programs for execution by the data processing system 1800. The audio input/output 1840 may include a microphone and/or a speaker to, for example, play music and/or provide telephony functionality through the speaker and microphone. The display controller and display device 1860 may include a graphical user interface (GUI). The wireless (e.g., RF) transceivers 1830 (e.g., a WiFi transceiver, an infrared transceiver, a Bluetooth transceiver, a wireless cellular telephony transceiver, etc.) may be used to communicate with other data processing systems. The one or more input devices 1870 allow a user to provide input to the system. These input devices may be a keypad, keyboard, touch panel, multi touch panel, etc. The optional other input/output 1850 may be a connector for a dock.
In some scenarios, especially those involving electronic payments, apps of multiple merchants need to authenticate payment credentials from a user. Today simple bearer tokens like Primary Account Numbers (PANs) or tokenized PANs are used for that purpose. This approach provides very limited security as such information could be phished and used by malicious actors.
Alternatively, a step-up authentication scheme is sometimes used (e.g., Three-Domain Secure or 3DS). Such schemes essentially implement a “decoupled” model which require the issuer to trigger step-up authentication through an out-of-band channel. Today one-time passwords via SMS are primarily used for this step-up authentication, leading to a high cart abandonment rate (e.g., 15% by one estimate).
Modern authentication concepts like FIDO provide substantially more security and are supported by 3DS v2 for user-to-merchant authentication. Unfortunately, FIDO authentication is designed in a way that the authentication credential is specific to the app and hence leads to the need for a separate authenticator registration step required per merchant which adds undesirable friction.
One embodiment of the invention uses a highly secure authentication technology such as FIDO but allows the seamless endorsement of merchant specific authentication credential related to the payment card or account instead of one related to the merchant. Privacy is not an issue in such a scenario as the payment provider by definition will learn that the specific merchant receives a payment from the user. Thus, this embodiment avoids the need for per-app authenticator registration—while still allowing the authenticator to be implemented in the merchant App through an embedded AppSDK.
The embodiments of the invention described herein can optionally leverage the techniques described in U.S. Pat. No. 10,091,195 ('195 patent), issued on Oct. 2, 2018 and U.S. Pat. No. 9,413,533 ('533 patent), issued on September 2016.
One embodiment of this authenticator-centric implementation extends FIDO authenticators with various new functionalities including secure (initial) sharing of user verification reference data between authenticators tied to the same platform. In addition, one embodiment allows synchronization of user verification reference data between authenticators tied to the same platform.
One embodiment will be described with respect to the architecture shown in
The Apps used in these embodiments may belong to different merchants, but still support the same payment scheme. In order to reduce friction for the user, the Apps want authentication credentials of that user that are seamlessly endorsed to the payment scheme when authenticating to the scheme backend 1940.
In one embodiment, the user initially installs the old App 1901 which checks whether other Apps supporting the same “Scheme” and having a registered authenticator are already installed. If not, then in one embodiment, the user enters his user identifier (e.g. username, or email address, or PAN that might even be tokenized) and also enters a bearer token such as a password or a one-time passcode (e.g. received through SMS). The user is then authenticated by the backend service 1940 which issues a session token to the App 1901.
In one embodiment, the App 1901 triggers registration of its authenticator instance 1911 (e.g., through the AppSDK). This operation may include asking the user for user verification reference data (e.g. a PIN) and generating the authentication key (FIDO credentials).
Referring now to
This endorsement request 1926 may include the public authentication key(s) and the attestation object generated by the new App's 1902's authenticator instance 1912. The endorsement request may include a public encryption key for the initial user verification reference data to be used for accessing the private authentication key.
In one embodiment, the old App's 1901's authenticator instance 1911, upon receipt of the request from the synchronization processor 1921, verifies the source of the request (e.g., using Caller Identification data associated with the request) against a trusted FacetID list. This list may have been retrieved from the backend server 1940 by old App 1911 or it may have been provided by the new App 1902 as a signed object with some version indication in order to protect against attacks replaying outdated FacetID list versions.
If the endorsement request is positively verified, the old App's 1901's authenticator instance 1911 generates an endorsement response 1927. This response 1927 may be a session token retrieved from the “Scheme” backend service 1940 or it could be a signed endorsement object created by the authenticator 1911 without having access to any backend server, but including the public authentication key and potentially parts of the or the entire attestation object as described above. See also
In one embodiment, the endorsement response 1927 is returned to the synchronization processor 1922 of the calling new App 1902 which passes the endorsement response 1927 to the authenticator instance 1912. The authenticator instance 1912 retrieves the user verification reference data included in the response 1927, decrypts it using the key store 1925 and updates its own status to require this new user verification reference data before using the private authentication key.
Once a network connection to the backend service 1940 is available, the synchronization processor 1922 of the new App 1902 transmits the endorsement response 1927 to the backend service 1940 and retrieves an authenticated session either directly or after proving its possession of the private key related to one or more of the authentication keys generated by the authenticator instance 1912 as described above.
The following series of operations, described with respect to
Each of the other Apps 1901, 1903 include synchronization processors 1921, 1923, respectively, which transmit synchronization responses 2127A-B with messages indicating interest in receiving the update. These responses 2127A-B may include an encryption key for the user verification reference data to be updated and may also include the latest version of the Signed FacetID list known to the other App 1901, 1903.
The App's authenticator instance 1912 verifies the source of that message (e.g., using Caller Identification) against a trusted FacetID list. This list may have been freshly retrieved from the server by the App 1902 or it may have been provided by one of the other Apps 1901, 1903 as a signed object with some version indication in order to protect against attacks replaying outdated FacetID list versions.
At 2128A-B, the synchronization processor 1922 provides the updated user verification reference data to the other synchronization processors 1921, 1923, making the reference data available to the other authenticator instances 1911, 1913. In one embodiment, this updated user verification reference data might be encrypted using the public encryption key received in the synchronization response(s) 2127A-B.
One embodiment uses an ASM-centric approach based on a FIDO authenticator supporting client-PIN as described in Client to Authenticator Protocol (CTAP) Implementation Draft, Feb. 27, 2018 (see, e.g., https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#authenticatorClientPIN). This may include, for example, a PIN entered into the ASM (or the platform) and send to the authenticator through an API. This embodiment uses an ASM embedded in the App to collect the PIN and to share it with other eligible Apps installed on the same device.
The ASM-centric approach may be implemented using the same or similar techniques as those described above. The difference is that it is not the authenticator remembering and sharing the PIN, but the ASM. As a consequence, any FIDO authenticator supporting the client-PIN can be used as long as it is possible to implement an ASM interfacing to the client-PIN specific API.
Embodiments of the invention may include various steps as set forth above. The steps may be embodied in machine-executable instructions which cause a general-purpose or special-purpose processor to perform certain steps. Alternatively, these steps may be performed by specific hardware components that contain hardwired logic for performing the steps, or by any combination of programmed computer components and custom hardware components.
Elements of the present invention may also be provided as a machine-readable medium for storing the machine-executable program code. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnetic or optical cards, or other type of media/machine-readable medium suitable for storing electronic program code.
Throughout the foregoing description, for the purposes of explanation, numerous specific details were set forth in order to provide a thorough understanding of the invention. It will be apparent, however, to one skilled in the art that the invention may be practiced without some of these specific details. For example, it will be readily apparent to those of skill in the art that the functional modules and methods described herein may be implemented as software, hardware or any combination thereof. Moreover, although some embodiments of the invention are described herein within the context of a mobile computing environment, the underlying principles of the invention are not limited to a mobile computing implementation. Virtually any type of client or peer data processing devices may be used in some embodiments including, for example, desktop or workstation computers. Accordingly, the scope and spirit of the invention should be judged in terms of the claims which follow.
Embodiments of the invention may include various steps as set forth above. The steps may be embodied in machine-executable instructions which cause a general-purpose or special-purpose processor to perform certain steps. Alternatively, these steps may be performed by specific hardware components that contain hardwired logic for performing the steps, or by any combination of programmed computer components and custom hardware components.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5272754 | Boerbert et al. | Dec 1993 | A |
| 5280527 | Gullman et al. | Jan 1994 | A |
| 5588061 | Ganesan et al. | Dec 1996 | A |
| 5613012 | Hoffman et al. | Mar 1997 | A |
| 5764789 | Pare, Jr. et al. | Jun 1998 | A |
| 5892900 | Ginter et al. | Apr 1999 | A |
| 6035406 | Moussa et al. | Mar 2000 | A |
| 6088450 | Davis et al. | Jul 2000 | A |
| 6178511 | Cohen et al. | Jan 2001 | B1 |
| 6233685 | Smith | May 2001 | B1 |
| 6270011 | Gottfried | Aug 2001 | B1 |
| 6377691 | Swift et al. | Apr 2002 | B1 |
| 6510236 | Crane et al. | Jan 2003 | B1 |
| 6588812 | Garcia et al. | Jul 2003 | B1 |
| 6618806 | Brown et al. | Sep 2003 | B1 |
| 6751733 | Nakamura et al. | Jun 2004 | B1 |
| 6801998 | Hanna et al. | Oct 2004 | B1 |
| 6842896 | Redding et al. | Jan 2005 | B1 |
| 6938156 | Wheeler et al. | Aug 2005 | B2 |
| 7155035 | Kondo et al. | Dec 2006 | B2 |
| 7194761 | Champagne | Mar 2007 | B1 |
| 7194763 | Potter et al. | Mar 2007 | B2 |
| 7263717 | Boydstun et al. | Aug 2007 | B1 |
| 7444368 | Wong et al. | Oct 2008 | B1 |
| 7487357 | Smith et al. | Feb 2009 | B2 |
| 7512567 | Bemmel et al. | Mar 2009 | B2 |
| 7526649 | Wiseman | Apr 2009 | B2 |
| 7698565 | Bjorn et al. | Apr 2010 | B1 |
| 7747862 | Ovadia | Jun 2010 | B2 |
| 7865937 | White et al. | Jan 2011 | B1 |
| 7941669 | Foley et al. | May 2011 | B2 |
| 8006300 | Mizrah | Aug 2011 | B2 |
| 8060922 | Crichton et al. | Nov 2011 | B2 |
| 8132017 | Lewis | Mar 2012 | B1 |
| 8166531 | Suzuki | Apr 2012 | B2 |
| 8185457 | Bear et al. | May 2012 | B1 |
| 8245030 | Lin | Aug 2012 | B2 |
| 8284043 | Judd et al. | Oct 2012 | B2 |
| 8291468 | Chickering | Oct 2012 | B1 |
| 8353016 | Pravetz et al. | Jan 2013 | B1 |
| 8359045 | Hopkins, III | Jan 2013 | B1 |
| 8380637 | Levovitz | Feb 2013 | B2 |
| 8412928 | Bowness | Apr 2013 | B1 |
| 8458465 | Stern et al. | Jun 2013 | B1 |
| 8489506 | Hammad et al. | Jul 2013 | B2 |
| 8516552 | Raleigh | Aug 2013 | B2 |
| 8526607 | Liu et al. | Sep 2013 | B2 |
| 8555340 | Potter et al. | Oct 2013 | B2 |
| 8561152 | Novak et al. | Oct 2013 | B2 |
| 8584219 | Toole et al. | Nov 2013 | B1 |
| 8584224 | Pei et al. | Nov 2013 | B1 |
| 8607048 | Nogawa | Dec 2013 | B2 |
| 8646060 | Ben | Feb 2014 | B1 |
| 8713325 | Ganesan | Apr 2014 | B2 |
| 8719905 | Ganesan | May 2014 | B2 |
| 8745698 | Ashfield et al. | Jun 2014 | B1 |
| 8776180 | Kumar et al. | Jul 2014 | B2 |
| 8843997 | Hare | Sep 2014 | B1 |
| 8856541 | Chaudhury et al. | Oct 2014 | B1 |
| 8949978 | Lin et al. | Feb 2015 | B1 |
| 8958599 | Starner | Feb 2015 | B1 |
| 8978117 | Bentley et al. | Mar 2015 | B2 |
| 9015482 | Baghdasaryan et al. | Apr 2015 | B2 |
| 9032485 | Chu et al. | May 2015 | B2 |
| 9083689 | Lindemann et al. | Jul 2015 | B2 |
| 9118657 | Shetty | Aug 2015 | B1 |
| 9161209 | Ghoshal et al. | Oct 2015 | B1 |
| 9171306 | He et al. | Oct 2015 | B1 |
| 9172687 | Baghdasaryan et al. | Oct 2015 | B2 |
| 9183023 | Pires et al. | Nov 2015 | B2 |
| 9219732 | Baghdasaryan et al. | Dec 2015 | B2 |
| 9306754 | Baghdasaryan et al. | Apr 2016 | B2 |
| 9317705 | O'Hare et al. | Apr 2016 | B2 |
| 9367678 | Pal et al. | Jun 2016 | B2 |
| 9396320 | Lindemann | Jul 2016 | B2 |
| 9521548 | Fosmark et al. | Dec 2016 | B2 |
| 9547760 | Kang et al. | Jan 2017 | B2 |
| 9633322 | Burger | Apr 2017 | B1 |
| 9654469 | Yang | May 2017 | B1 |
| 9692599 | Krahn | Jun 2017 | B1 |
| 9698976 | Statica et al. | Jul 2017 | B1 |
| 9750205 | Van Dun | Sep 2017 | B2 |
| 9754100 | Hitchcock | Sep 2017 | B1 |
| 9886701 | Llora | Feb 2018 | B1 |
| 9887983 | Lindemann et al. | Feb 2018 | B2 |
| 10057243 | Kumar | Aug 2018 | B1 |
| 10091195 | Lindemann | Oct 2018 | B2 |
| 10133867 | Brandwine | Nov 2018 | B1 |
| 10631164 | Yang | Apr 2020 | B2 |
| 10762229 | Sion | Sep 2020 | B2 |
| 11190504 | Ah et al. | Nov 2021 | B1 |
| 20010034719 | Durand et al. | Oct 2001 | A1 |
| 20010037451 | Bhagavatula et al. | Nov 2001 | A1 |
| 20020010857 | Karthik | Jan 2002 | A1 |
| 20020016913 | Wheeler et al. | Feb 2002 | A1 |
| 20020037736 | Kawaguchi et al. | Mar 2002 | A1 |
| 20020040344 | Preiser et al. | Apr 2002 | A1 |
| 20020054695 | Bjorn et al. | May 2002 | A1 |
| 20020067832 | Jablon | Jun 2002 | A1 |
| 20020073316 | Collins et al. | Jun 2002 | A1 |
| 20020073320 | Rinkevich et al. | Jun 2002 | A1 |
| 20020082962 | Farris et al. | Jun 2002 | A1 |
| 20020087894 | Foley et al. | Jul 2002 | A1 |
| 20020112157 | Doyle et al. | Aug 2002 | A1 |
| 20020112170 | Foley et al. | Aug 2002 | A1 |
| 20020174344 | Ting | Nov 2002 | A1 |
| 20020174348 | Ting | Nov 2002 | A1 |
| 20020190124 | Piotrowski | Dec 2002 | A1 |
| 20030007645 | Ofir | Jan 2003 | A1 |
| 20030021283 | See et al. | Jan 2003 | A1 |
| 20030035548 | Kwan | Feb 2003 | A1 |
| 20030051171 | Pearson | Mar 2003 | A1 |
| 20030055792 | Kinoshita et al. | Mar 2003 | A1 |
| 20030065805 | Barnes et al. | Apr 2003 | A1 |
| 20030084300 | Koike | May 2003 | A1 |
| 20030087629 | Juitt et al. | May 2003 | A1 |
| 20030115142 | Brickell et al. | Jun 2003 | A1 |
| 20030135740 | Talmor et al. | Jul 2003 | A1 |
| 20030152252 | Kondo et al. | Aug 2003 | A1 |
| 20030182551 | Frantz et al. | Sep 2003 | A1 |
| 20030226036 | Bivens et al. | Dec 2003 | A1 |
| 20030236991 | Letsinger | Dec 2003 | A1 |
| 20040039909 | Cheng | Feb 2004 | A1 |
| 20040039946 | Smith | Feb 2004 | A1 |
| 20040093372 | Chen et al. | May 2004 | A1 |
| 20040101170 | Tisse et al. | May 2004 | A1 |
| 20040123153 | Wright et al. | Jun 2004 | A1 |
| 20040243801 | Chen et al. | Dec 2004 | A1 |
| 20050021964 | Bhatnagar et al. | Jan 2005 | A1 |
| 20050080716 | Belyi et al. | Apr 2005 | A1 |
| 20050097320 | Golan et al. | May 2005 | A1 |
| 20050100166 | Smetters et al. | May 2005 | A1 |
| 20050125295 | Tidwell et al. | Jun 2005 | A1 |
| 20050136979 | Dietl | Jun 2005 | A1 |
| 20050160052 | Schneider et al. | Jul 2005 | A1 |
| 20050187883 | Bishop et al. | Aug 2005 | A1 |
| 20050223217 | Howard et al. | Oct 2005 | A1 |
| 20050223236 | Yamada et al. | Oct 2005 | A1 |
| 20050278253 | Meek et al. | Dec 2005 | A1 |
| 20060026671 | Potter et al. | Feb 2006 | A1 |
| 20060029062 | Rao et al. | Feb 2006 | A1 |
| 20060064582 | Teal et al. | Mar 2006 | A1 |
| 20060101136 | Akashika et al. | May 2006 | A1 |
| 20060136727 | Voss | Jun 2006 | A1 |
| 20060149580 | Helsper et al. | Jul 2006 | A1 |
| 20060156385 | Chiviendacz et al. | Jul 2006 | A1 |
| 20060161435 | Atef et al. | Jul 2006 | A1 |
| 20060161672 | Jolley et al. | Jul 2006 | A1 |
| 20060174037 | Bernardi et al. | Aug 2006 | A1 |
| 20060177061 | Orsini et al. | Aug 2006 | A1 |
| 20060195689 | Blecken et al. | Aug 2006 | A1 |
| 20060213978 | Geller et al. | Sep 2006 | A1 |
| 20060242415 | Gaylor | Oct 2006 | A1 |
| 20060256108 | Scaralata | Nov 2006 | A1 |
| 20060282670 | Karchov | Dec 2006 | A1 |
| 20060294390 | Navratil et al. | Dec 2006 | A1 |
| 20070005988 | Zhang et al. | Jan 2007 | A1 |
| 20070038568 | Greene et al. | Feb 2007 | A1 |
| 20070043949 | Bugbee | Feb 2007 | A1 |
| 20070077915 | Black et al. | Apr 2007 | A1 |
| 20070087756 | Hoffberg | Apr 2007 | A1 |
| 20070088950 | Wheeler et al. | Apr 2007 | A1 |
| 20070094165 | Gyorfi et al. | Apr 2007 | A1 |
| 20070100756 | Varma | May 2007 | A1 |
| 20070101138 | Camenisch et al. | May 2007 | A1 |
| 20070106895 | Huang et al. | May 2007 | A1 |
| 20070107048 | Halls et al. | May 2007 | A1 |
| 20070118883 | Potter et al. | May 2007 | A1 |
| 20070162581 | Maes | Jul 2007 | A1 |
| 20070165625 | Eisner et al. | Jul 2007 | A1 |
| 20070168677 | Kudo et al. | Jul 2007 | A1 |
| 20070169182 | Wolfond et al. | Jul 2007 | A1 |
| 20070180495 | Hardjono | Aug 2007 | A1 |
| 20070198435 | Siegal et al. | Aug 2007 | A1 |
| 20070217590 | Loupia et al. | Sep 2007 | A1 |
| 20070220597 | Ishida | Sep 2007 | A1 |
| 20070226514 | Maletsky | Sep 2007 | A1 |
| 20070234417 | Blakley, III et al. | Oct 2007 | A1 |
| 20070239980 | Funayama | Oct 2007 | A1 |
| 20070278291 | Rans et al. | Dec 2007 | A1 |
| 20070286130 | Shao et al. | Dec 2007 | A1 |
| 20070288380 | Starrs | Dec 2007 | A1 |
| 20080005562 | Sather et al. | Jan 2008 | A1 |
| 20080024302 | Yoshida | Jan 2008 | A1 |
| 20080025234 | Zhu et al. | Jan 2008 | A1 |
| 20080028453 | Nguyen et al. | Jan 2008 | A1 |
| 20080034207 | Cam-Winget et al. | Feb 2008 | A1 |
| 20080046334 | Lee et al. | Feb 2008 | A1 |
| 20080046984 | Bohmer et al. | Feb 2008 | A1 |
| 20080049983 | Miller et al. | Feb 2008 | A1 |
| 20080072054 | Choi et al. | Mar 2008 | A1 |
| 20080086759 | Colson | Apr 2008 | A1 |
| 20080134311 | Medvinsky et al. | Jun 2008 | A1 |
| 20080141339 | Gomez et al. | Jun 2008 | A1 |
| 20080172725 | Fujii et al. | Jul 2008 | A1 |
| 20080184349 | Ting | Jul 2008 | A1 |
| 20080184351 | Gephart et al. | Jul 2008 | A1 |
| 20080189212 | Kulakowski et al. | Aug 2008 | A1 |
| 20080196101 | Sade | Aug 2008 | A1 |
| 20080209545 | Asano | Aug 2008 | A1 |
| 20080232565 | Kutt et al. | Sep 2008 | A1 |
| 20080235801 | Soderberg et al. | Sep 2008 | A1 |
| 20080271150 | Boerger et al. | Oct 2008 | A1 |
| 20080289019 | Lam | Nov 2008 | A1 |
| 20080289020 | Cameron et al. | Nov 2008 | A1 |
| 20080313719 | Kaliski, Jr. et al. | Dec 2008 | A1 |
| 20080320308 | Kostiainen et al. | Dec 2008 | A1 |
| 20090025084 | Siourthas et al. | Jan 2009 | A1 |
| 20090049510 | Zhang et al. | Feb 2009 | A1 |
| 20090055322 | Bykov et al. | Feb 2009 | A1 |
| 20090064290 | Norman | Mar 2009 | A1 |
| 20090064292 | Carter et al. | Mar 2009 | A1 |
| 20090077638 | Norman | Mar 2009 | A1 |
| 20090083850 | Fadell et al. | Mar 2009 | A1 |
| 20090089870 | Wahl | Apr 2009 | A1 |
| 20090094164 | Fontaine et al. | Apr 2009 | A1 |
| 20090100269 | Naccache | Apr 2009 | A1 |
| 20090116651 | Liang et al. | May 2009 | A1 |
| 20090119221 | Weston et al. | May 2009 | A1 |
| 20090133113 | Schneider | May 2009 | A1 |
| 20090134972 | Wu et al. | May 2009 | A1 |
| 20090138724 | Chiou et al. | May 2009 | A1 |
| 20090138727 | Campello | May 2009 | A1 |
| 20090158425 | Chan et al. | Jun 2009 | A1 |
| 20090164797 | Kramer et al. | Jun 2009 | A1 |
| 20090183003 | Haverinen | Jul 2009 | A1 |
| 20090187988 | Hulten et al. | Jul 2009 | A1 |
| 20090193508 | Brenneman et al. | Jul 2009 | A1 |
| 20090196418 | Tkacik et al. | Aug 2009 | A1 |
| 20090199264 | Lang | Aug 2009 | A1 |
| 20090204964 | Foley et al. | Aug 2009 | A1 |
| 20090235339 | Mennes et al. | Sep 2009 | A1 |
| 20090240624 | James et al. | Sep 2009 | A1 |
| 20090245507 | Vuillaume et al. | Oct 2009 | A1 |
| 20090271618 | Camenisch et al. | Oct 2009 | A1 |
| 20090271635 | Liu et al. | Oct 2009 | A1 |
| 20090276474 | Sela | Nov 2009 | A1 |
| 20090300714 | Ahn | Dec 2009 | A1 |
| 20090300720 | Guo et al. | Dec 2009 | A1 |
| 20090307139 | Mardikar et al. | Dec 2009 | A1 |
| 20090323962 | Aciicmez | Dec 2009 | A1 |
| 20090327131 | Beenau et al. | Dec 2009 | A1 |
| 20090327737 | Hsu | Dec 2009 | A1 |
| 20090328197 | Newell et al. | Dec 2009 | A1 |
| 20100010932 | Law et al. | Jan 2010 | A1 |
| 20100023454 | Exton et al. | Jan 2010 | A1 |
| 20100025466 | Cardone | Feb 2010 | A1 |
| 20100029300 | Chen | Feb 2010 | A1 |
| 20100042848 | Rosener | Feb 2010 | A1 |
| 20100062744 | Ibrahim | Mar 2010 | A1 |
| 20100070424 | Monk | Mar 2010 | A1 |
| 20100077454 | Xiao | Mar 2010 | A1 |
| 20100082484 | Erhart et al. | Apr 2010 | A1 |
| 20100083000 | Kesanupalli | Apr 2010 | A1 |
| 20100094681 | Almen et al. | Apr 2010 | A1 |
| 20100105427 | Gupta | Apr 2010 | A1 |
| 20100107222 | Glasser | Apr 2010 | A1 |
| 20100114776 | Weller et al. | May 2010 | A1 |
| 20100121855 | Dalia et al. | May 2010 | A1 |
| 20100150353 | Bauchot et al. | Jun 2010 | A1 |
| 20100169650 | Brickell et al. | Jul 2010 | A1 |
| 20100175116 | Gum | Jul 2010 | A1 |
| 20100186072 | Kumar | Jul 2010 | A1 |
| 20100191612 | Raleigh | Jul 2010 | A1 |
| 20100192209 | Steeves et al. | Jul 2010 | A1 |
| 20100205658 | Griffin | Aug 2010 | A1 |
| 20100211792 | Ureche et al. | Aug 2010 | A1 |
| 20100223663 | Morimoto et al. | Sep 2010 | A1 |
| 20100235637 | Lu et al. | Sep 2010 | A1 |
| 20100242088 | Thomas | Sep 2010 | A1 |
| 20100266128 | Asokan et al. | Oct 2010 | A1 |
| 20100287369 | Monden | Nov 2010 | A1 |
| 20100299265 | Walters et al. | Nov 2010 | A1 |
| 20100299738 | Wahl | Nov 2010 | A1 |
| 20100325427 | Ekberg et al. | Dec 2010 | A1 |
| 20100325664 | Kang | Dec 2010 | A1 |
| 20100325684 | Grebenik et al. | Dec 2010 | A1 |
| 20100325711 | Etchegoyen | Dec 2010 | A1 |
| 20110004918 | Chow et al. | Jan 2011 | A1 |
| 20110004933 | Dickinson et al. | Jan 2011 | A1 |
| 20110022835 | Schibuk | Jan 2011 | A1 |
| 20110035788 | White et al. | Feb 2011 | A1 |
| 20110047608 | Levenberg | Feb 2011 | A1 |
| 20110071841 | Fomenko et al. | Mar 2011 | A1 |
| 20110078443 | Greenstein et al. | Mar 2011 | A1 |
| 20110082801 | Baghdasaryan et al. | Apr 2011 | A1 |
| 20110083016 | Kesanupalli et al. | Apr 2011 | A1 |
| 20110093942 | Koster et al. | Apr 2011 | A1 |
| 20110099361 | Shah et al. | Apr 2011 | A1 |
| 20110099367 | Thom | Apr 2011 | A1 |
| 20110107087 | Lee et al. | May 2011 | A1 |
| 20110138450 | Kesanupalli et al. | Jun 2011 | A1 |
| 20110157346 | Zyzdryn et al. | Jun 2011 | A1 |
| 20110167154 | Bush et al. | Jul 2011 | A1 |
| 20110167472 | Evans et al. | Jul 2011 | A1 |
| 20110184838 | Winters et al. | Jul 2011 | A1 |
| 20110191200 | Bayer et al. | Aug 2011 | A1 |
| 20110197267 | Gravel et al. | Aug 2011 | A1 |
| 20110219427 | Hito et al. | Sep 2011 | A1 |
| 20110225431 | Stufflebeam, Jr. et al. | Sep 2011 | A1 |
| 20110225643 | Faynberg et al. | Sep 2011 | A1 |
| 20110228330 | Nogawa | Sep 2011 | A1 |
| 20110231911 | White et al. | Sep 2011 | A1 |
| 20110246756 | Smith | Oct 2011 | A1 |
| 20110246766 | Orsini et al. | Oct 2011 | A1 |
| 20110265159 | Ronda et al. | Oct 2011 | A1 |
| 20110279228 | Kumar et al. | Nov 2011 | A1 |
| 20110280402 | Ibrahim et al. | Nov 2011 | A1 |
| 20110296518 | Faynberg et al. | Dec 2011 | A1 |
| 20110307706 | Fielder | Dec 2011 | A1 |
| 20110307949 | Ronda et al. | Dec 2011 | A1 |
| 20110313872 | Carter et al. | Dec 2011 | A1 |
| 20110314549 | Song et al. | Dec 2011 | A1 |
| 20110320823 | Saroiu et al. | Dec 2011 | A1 |
| 20120018506 | Hammad et al. | Jan 2012 | A1 |
| 20120023567 | Hammad | Jan 2012 | A1 |
| 20120023568 | Cha et al. | Jan 2012 | A1 |
| 20120030083 | Newman et al. | Feb 2012 | A1 |
| 20120046012 | Forutanpour et al. | Feb 2012 | A1 |
| 20120047555 | Xiao et al. | Feb 2012 | A1 |
| 20120066757 | Vysogorets et al. | Mar 2012 | A1 |
| 20120075062 | Osman et al. | Mar 2012 | A1 |
| 20120084566 | Chin et al. | Apr 2012 | A1 |
| 20120084850 | Novak et al. | Apr 2012 | A1 |
| 20120102553 | Hsueh et al. | Apr 2012 | A1 |
| 20120124639 | Shaikh et al. | May 2012 | A1 |
| 20120124651 | Ganesan et al. | May 2012 | A1 |
| 20120130898 | Snyder et al. | May 2012 | A1 |
| 20120137137 | Brickell et al. | May 2012 | A1 |
| 20120144461 | Rathbun | Jun 2012 | A1 |
| 20120159577 | Belinkiy et al. | Jun 2012 | A1 |
| 20120191979 | Feldbau | Jul 2012 | A1 |
| 20120203906 | Jaudon et al. | Aug 2012 | A1 |
| 20120204032 | Wilkins et al. | Aug 2012 | A1 |
| 20120210135 | Panchapakesan et al. | Aug 2012 | A1 |
| 20120239950 | Davis et al. | Sep 2012 | A1 |
| 20120249298 | Sovio et al. | Oct 2012 | A1 |
| 20120272056 | Ganesan | Oct 2012 | A1 |
| 20120278873 | Calero et al. | Nov 2012 | A1 |
| 20120291114 | Poliashenko | Nov 2012 | A1 |
| 20120308000 | Arnold et al. | Dec 2012 | A1 |
| 20120313746 | Rahman et al. | Dec 2012 | A1 |
| 20120317297 | Bailey | Dec 2012 | A1 |
| 20120323717 | Kirsch | Dec 2012 | A1 |
| 20130013931 | O'Hare et al. | Jan 2013 | A1 |
| 20130042115 | Sweet et al. | Feb 2013 | A1 |
| 20130042327 | Chow | Feb 2013 | A1 |
| 20130046976 | Rosati et al. | Feb 2013 | A1 |
| 20130046991 | Lu et al. | Feb 2013 | A1 |
| 20130047200 | Radhakrishnan et al. | Feb 2013 | A1 |
| 20130054336 | Graylin | Feb 2013 | A1 |
| 20130054967 | Davoust et al. | Feb 2013 | A1 |
| 20130055370 | Goldberg et al. | Feb 2013 | A1 |
| 20130061055 | Schibuk | Mar 2013 | A1 |
| 20130066832 | Sheehan | Mar 2013 | A1 |
| 20130067546 | Thavasi et al. | Mar 2013 | A1 |
| 20130073859 | Carlson et al. | Mar 2013 | A1 |
| 20130080769 | Cha et al. | Mar 2013 | A1 |
| 20130086669 | Sondhi et al. | Apr 2013 | A1 |
| 20130090939 | Robinson et al. | Apr 2013 | A1 |
| 20130097682 | Zeljkovic et al. | Apr 2013 | A1 |
| 20130104187 | Weidner | Apr 2013 | A1 |
| 20130104190 | Simske et al. | Apr 2013 | A1 |
| 20130119130 | Braams | May 2013 | A1 |
| 20130124285 | Pravetz et al. | May 2013 | A1 |
| 20130124422 | Hubert et al. | May 2013 | A1 |
| 20130125197 | Pravetz et al. | May 2013 | A1 |
| 20130125222 | Pravetz et al. | May 2013 | A1 |
| 20130133049 | Peirce | May 2013 | A1 |
| 20130133054 | Davis et al. | May 2013 | A1 |
| 20130139238 | Ryan | May 2013 | A1 |
| 20130144785 | Karpenko et al. | Jun 2013 | A1 |
| 20130159413 | Davis et al. | Jun 2013 | A1 |
| 20130159716 | Buck et al. | Jun 2013 | A1 |
| 20130160083 | Schrix et al. | Jun 2013 | A1 |
| 20130160100 | Langley | Jun 2013 | A1 |
| 20130167196 | Spencer et al. | Jun 2013 | A1 |
| 20130191884 | Leicher et al. | Jul 2013 | A1 |
| 20130205360 | Novak et al. | Aug 2013 | A1 |
| 20130212637 | Guccione et al. | Aug 2013 | A1 |
| 20130219456 | Sharma et al. | Aug 2013 | A1 |
| 20130227646 | Haggerty et al. | Aug 2013 | A1 |
| 20130239173 | Dispensa | Sep 2013 | A1 |
| 20130239189 | Ionescu | Sep 2013 | A1 |
| 20130246272 | Kirsch et al. | Sep 2013 | A1 |
| 20130247164 | Hoggan | Sep 2013 | A1 |
| 20130262305 | Jones et al. | Oct 2013 | A1 |
| 20130276060 | Wiedmann et al. | Oct 2013 | A1 |
| 20130282589 | Shoup et al. | Oct 2013 | A1 |
| 20130308778 | Fosmark et al. | Nov 2013 | A1 |
| 20130318343 | Bjarnason et al. | Nov 2013 | A1 |
| 20130326213 | Murphy et al. | Dec 2013 | A1 |
| 20130326215 | Leggette et al. | Dec 2013 | A1 |
| 20130337777 | Deutsch et al. | Dec 2013 | A1 |
| 20130346176 | Alolabi et al. | Dec 2013 | A1 |
| 20130347064 | Aissi et al. | Dec 2013 | A1 |
| 20140002238 | Taveau et al. | Jan 2014 | A1 |
| 20140006776 | Scott-Nash et al. | Jan 2014 | A1 |
| 20140007215 | Romano et al. | Jan 2014 | A1 |
| 20140013422 | Janus et al. | Jan 2014 | A1 |
| 20140033271 | Barton et al. | Jan 2014 | A1 |
| 20140037092 | Bhattacharya et al. | Feb 2014 | A1 |
| 20140040987 | Haugsnes | Feb 2014 | A1 |
| 20140044265 | Kocher et al. | Feb 2014 | A1 |
| 20140047510 | Belton et al. | Feb 2014 | A1 |
| 20140066015 | Aissi | Mar 2014 | A1 |
| 20140068746 | Gonzalez et al. | Mar 2014 | A1 |
| 20140075501 | Srinivasan | Mar 2014 | A1 |
| 20140075516 | Chermside | Mar 2014 | A1 |
| 20140082715 | Grajek | Mar 2014 | A1 |
| 20140086413 | Matsuda et al. | Mar 2014 | A1 |
| 20140089243 | Oppenheimer | Mar 2014 | A1 |
| 20140090039 | Bhow | Mar 2014 | A1 |
| 20140090088 | Bjones et al. | Mar 2014 | A1 |
| 20140096177 | Smith | Apr 2014 | A1 |
| 20140096182 | Smith | Apr 2014 | A1 |
| 20140101439 | Pettigrew et al. | Apr 2014 | A1 |
| 20140108784 | Pendarakis | Apr 2014 | A1 |
| 20140109174 | Barton et al. | Apr 2014 | A1 |
| 20140109200 | Tootill | Apr 2014 | A1 |
| 20140114857 | Griggs et al. | Apr 2014 | A1 |
| 20140115702 | Li et al. | Apr 2014 | A1 |
| 20140130127 | Toole et al. | May 2014 | A1 |
| 20140137191 | Goldsmith et al. | May 2014 | A1 |
| 20140137220 | Niemela | May 2014 | A1 |
| 20140149746 | Yau | May 2014 | A1 |
| 20140164776 | Hook et al. | Jun 2014 | A1 |
| 20140173754 | Barbir | Jun 2014 | A1 |
| 20140188770 | Agrafioti et al. | Jul 2014 | A1 |
| 20140189350 | Baghdasaryan et al. | Jul 2014 | A1 |
| 20140189360 | Baghdasaryan et al. | Jul 2014 | A1 |
| 20140189779 | Baghdasaryan et al. | Jul 2014 | A1 |
| 20140189791 | Lindemann et al. | Jul 2014 | A1 |
| 20140189807 | Cahill et al. | Jul 2014 | A1 |
| 20140189808 | Mahaffey et al. | Jul 2014 | A1 |
| 20140189828 | Baghdasaryan et al. | Jul 2014 | A1 |
| 20140189835 | Umerley | Jul 2014 | A1 |
| 20140201809 | Choyi et al. | Jul 2014 | A1 |
| 20140208407 | VanBlon | Jul 2014 | A1 |
| 20140215585 | Sanaullah | Jul 2014 | A1 |
| 20140230032 | Duncan | Aug 2014 | A1 |
| 20140245391 | Adenuga | Aug 2014 | A1 |
| 20140250011 | Weber | Sep 2014 | A1 |
| 20140250511 | Kendall | Sep 2014 | A1 |
| 20140250523 | Savvides et al. | Sep 2014 | A1 |
| 20140258125 | Gerber et al. | Sep 2014 | A1 |
| 20140258711 | Brannon | Sep 2014 | A1 |
| 20140279516 | Rellas et al. | Sep 2014 | A1 |
| 20140282868 | Sheller et al. | Sep 2014 | A1 |
| 20140282945 | Smith et al. | Sep 2014 | A1 |
| 20140282965 | Sambamurthy et al. | Sep 2014 | A1 |
| 20140289116 | Polivanyi et al. | Sep 2014 | A1 |
| 20140289117 | Baghdasaryan | Sep 2014 | A1 |
| 20140289509 | Baghdasaryan | Sep 2014 | A1 |
| 20140289820 | Lindemann et al. | Sep 2014 | A1 |
| 20140289821 | Wilson | Sep 2014 | A1 |
| 20140289833 | Briceno et al. | Sep 2014 | A1 |
| 20140289834 | Lindemann et al. | Sep 2014 | A1 |
| 20140298419 | Boubez et al. | Oct 2014 | A1 |
| 20140304505 | Dawson | Oct 2014 | A1 |
| 20140325239 | Ghose | Oct 2014 | A1 |
| 20140333413 | Kursun et al. | Nov 2014 | A1 |
| 20140335824 | Abraham | Nov 2014 | A1 |
| 20140337948 | Hoyos et al. | Nov 2014 | A1 |
| 20140344904 | Venkataramani | Nov 2014 | A1 |
| 20150019220 | Talhami et al. | Jan 2015 | A1 |
| 20150046340 | Dimmick | Feb 2015 | A1 |
| 20150046989 | Oberheide | Feb 2015 | A1 |
| 20150052342 | Jang | Feb 2015 | A1 |
| 20150058931 | Miu et al. | Feb 2015 | A1 |
| 20150072726 | Stern | Mar 2015 | A1 |
| 20150074745 | Stern | Mar 2015 | A1 |
| 20150095999 | Toth et al. | Apr 2015 | A1 |
| 20150096002 | Shuart et al. | Apr 2015 | A1 |
| 20150113618 | Sinha | Apr 2015 | A1 |
| 20150121068 | Lindemann et al. | Apr 2015 | A1 |
| 20150134330 | Baldwin et al. | May 2015 | A1 |
| 20150142628 | Suplee et al. | May 2015 | A1 |
| 20150180869 | Verma | Jun 2015 | A1 |
| 20150193781 | Dave et al. | Jul 2015 | A1 |
| 20150242605 | Du et al. | Aug 2015 | A1 |
| 20150244525 | McCusker et al. | Aug 2015 | A1 |
| 20150244696 | Ma | Aug 2015 | A1 |
| 20150269050 | Filimonov et al. | Sep 2015 | A1 |
| 20150281279 | Smith | Oct 2015 | A1 |
| 20150304110 | Oberheide | Oct 2015 | A1 |
| 20150326529 | Morita | Nov 2015 | A1 |
| 20150334165 | Arling | Nov 2015 | A1 |
| 20150373039 | Wang | Dec 2015 | A1 |
| 20150381580 | Graham, III et al. | Dec 2015 | A1 |
| 20160005032 | Yau et al. | Jan 2016 | A1 |
| 20160034892 | Carpenter et al. | Feb 2016 | A1 |
| 20160036588 | Thackston | Feb 2016 | A1 |
| 20160050193 | Kanov | Feb 2016 | A1 |
| 20160071105 | Groarke et al. | Mar 2016 | A1 |
| 20160072787 | Balabine et al. | Mar 2016 | A1 |
| 20160078869 | Syrdal et al. | Mar 2016 | A1 |
| 20160087952 | Tartz et al. | Mar 2016 | A1 |
| 20160087957 | Shah et al. | Mar 2016 | A1 |
| 20160094543 | Innes et al. | Mar 2016 | A1 |
| 20160098555 | Mersh | Apr 2016 | A1 |
| 20160098562 | Hawblitzel | Apr 2016 | A1 |
| 20160099811 | Hawblitzel | Apr 2016 | A1 |
| 20160134421 | Chen et al. | May 2016 | A1 |
| 20160188958 | Martin | Jun 2016 | A1 |
| 20160191499 | Momchilov | Jun 2016 | A1 |
| 20160204933 | Ronchi | Jul 2016 | A1 |
| 20160219043 | Blanke | Jul 2016 | A1 |
| 20160241552 | Lindemann | Aug 2016 | A1 |
| 20160259941 | Vasudevan | Sep 2016 | A1 |
| 20160275461 | Sprague | Sep 2016 | A1 |
| 20160292687 | Kruglick et al. | Oct 2016 | A1 |
| 20160294810 | Wang | Oct 2016 | A1 |
| 20160316365 | Buhler et al. | Oct 2016 | A1 |
| 20160364787 | Walker | Dec 2016 | A1 |
| 20160373257 | Adrangi | Dec 2016 | A1 |
| 20170004291 | Pathak et al. | Jan 2017 | A1 |
| 20170004487 | Hagen et al. | Jan 2017 | A1 |
| 20170011406 | Tunnell et al. | Jan 2017 | A1 |
| 20170013012 | Hansen | Jan 2017 | A1 |
| 20170027008 | Krishnamoorthy | Jan 2017 | A1 |
| 20170032111 | Johansson | Feb 2017 | A1 |
| 20170041147 | Krahn | Feb 2017 | A1 |
| 20170048070 | Gulati et al. | Feb 2017 | A1 |
| 20170085587 | Turgeman | Mar 2017 | A1 |
| 20170103226 | Eberlein | Apr 2017 | A1 |
| 20170109751 | Dunkelberger et al. | Apr 2017 | A1 |
| 20170155513 | Acar | Jun 2017 | A1 |
| 20170195121 | Frei et al. | Jul 2017 | A1 |
| 20170221068 | Krauss et al. | Aug 2017 | A1 |
| 20170249482 | Takaai et al. | Aug 2017 | A1 |
| 20170250972 | Ronda et al. | Aug 2017 | A1 |
| 20170279614 | Mercury | Sep 2017 | A1 |
| 20170289140 | Cai | Oct 2017 | A1 |
| 20170317833 | Smith et al. | Nov 2017 | A1 |
| 20170330174 | Demarinis et al. | Nov 2017 | A1 |
| 20170330180 | Song et al. | Nov 2017 | A1 |
| 20170331632 | Leoutsarakos et al. | Nov 2017 | A1 |
| 20170352116 | Pierce et al. | Dec 2017 | A1 |
| 20170373844 | Sykora | Dec 2017 | A1 |
| 20180034641 | Tiwari | Feb 2018 | A1 |
| 20180039990 | Lindemann | Feb 2018 | A1 |
| 20180041503 | Lindemann | Feb 2018 | A1 |
| 20180046823 | Durham | Feb 2018 | A1 |
| 20180075231 | Subramanian et al. | Mar 2018 | A1 |
| 20180109538 | Kumar | Apr 2018 | A1 |
| 20180167211 | Falk | Jun 2018 | A1 |
| 20180176195 | Pangam | Jun 2018 | A1 |
| 20180183586 | Bhargav-Spantzel | Jun 2018 | A1 |
| 20180191501 | Lindemann | Jul 2018 | A1 |
| 20180191695 | Lindemann | Jul 2018 | A1 |
| 20180204192 | Whaley et al. | Jul 2018 | A1 |
| 20180204213 | Zappier et al. | Jul 2018 | A1 |
| 20180309567 | Wooden | Oct 2018 | A1 |
| 20180314817 | Gadde | Nov 2018 | A1 |
| 20180323970 | Maron | Nov 2018 | A1 |
| 20180341765 | Ando | Nov 2018 | A1 |
| 20180351941 | Chhabra | Dec 2018 | A1 |
| 20180367310 | Leong | Dec 2018 | A1 |
| 20180375655 | Thom | Dec 2018 | A1 |
| 20190050551 | Goldman-Kirst | Feb 2019 | A1 |
| 20190068568 | Liderman | Feb 2019 | A1 |
| 20190089701 | Mercury | Mar 2019 | A1 |
| 20190124081 | Nowak et al. | Apr 2019 | A1 |
| 20190139005 | Piel | May 2019 | A1 |
| 20190149334 | Van Der Velden | May 2019 | A1 |
| 20190156301 | Bentov | May 2019 | A1 |
| 20190164156 | Lindemann | May 2019 | A1 |
| 20190179806 | Reinsberg | Jun 2019 | A1 |
| 20190190724 | Sundaresan | Jun 2019 | A1 |
| 20190205885 | Lim et al. | Jul 2019 | A1 |
| 20190222424 | Lindemann | Jul 2019 | A1 |
| 20190238598 | Mohamad Abdul | Aug 2019 | A1 |
| 20190251234 | Liu et al. | Aug 2019 | A1 |
| 20190253404 | Briceno et al. | Aug 2019 | A1 |
| 20190306169 | Statia | Oct 2019 | A1 |
| 20190327223 | Kumar | Oct 2019 | A1 |
| 20190354397 | Goel | Nov 2019 | A1 |
| 20190384627 | De Caro | Dec 2019 | A1 |
| 20200007530 | Mohamad Abdul | Jan 2020 | A1 |
| 20200084042 | Nelson | Mar 2020 | A1 |
| 20200084216 | North | Mar 2020 | A1 |
| 20200092103 | Zavertnik | Mar 2020 | A1 |
| 20200097661 | Block | Mar 2020 | A1 |
| 20200110695 | Maciel | Apr 2020 | A1 |
| 20200111118 | Patel | Apr 2020 | A1 |
| 20200137056 | Havaralu et al. | Apr 2020 | A1 |
| 20200167474 | Goldman | May 2020 | A1 |
| 20200177563 | Huapaya | Jun 2020 | A1 |
| 20200213297 | Suraparaju | Jul 2020 | A1 |
| 20200351656 | Johansson | Nov 2020 | A1 |
| 20210144551 | Lee et al. | May 2021 | A1 |
| 20220029812 | Tamiya et al. | Jan 2022 | A1 |
| Number | Date | Country |
|---|---|---|
| 1539501 | Jun 2001 | AU |
| 2933336 | Oct 2015 | CA |
| 1312510 | Sep 2001 | CN |
| 1446331 | Oct 2003 | CN |
| 1705923 | Dec 2005 | CN |
| 1705925 | Dec 2005 | CN |
| 1882963 | Dec 2006 | CN |
| 101051908 | Oct 2007 | CN |
| 101101687 | Jan 2008 | CN |
| 101276448 | Oct 2008 | CN |
| 101336436 | Dec 2008 | CN |
| 101394283 | Mar 2009 | CN |
| 101410847 | Apr 2009 | CN |
| 101495956 | Jul 2009 | CN |
| 101636949 | Jan 2010 | CN |
| 101751629 | Jun 2010 | CN |
| 101803272 | Aug 2010 | CN |
| 102077546 | May 2011 | CN |
| 102187701 | Sep 2011 | CN |
| 102246455 | Nov 2011 | CN |
| 102255917 | Nov 2011 | CN |
| 102404116 | Apr 2012 | CN |
| 102696212 | Sep 2012 | CN |
| 102713922 | Oct 2012 | CN |
| 102763111 | Oct 2012 | CN |
| 102763114 | Oct 2012 | CN |
| 103220145 | Jul 2013 | CN |
| 103460738 | Dec 2013 | CN |
| 103475666 | Dec 2013 | CN |
| 103793632 | May 2014 | CN |
| 103888252 | Jun 2014 | CN |
| 103945374 | Jul 2014 | CN |
| 103999401 | Aug 2014 | CN |
| 105229596 | Jan 2016 | CN |
| 106575326 | Apr 2017 | CN |
| 106575416 | Apr 2017 | CN |
| 107533501 | Jan 2018 | CN |
| 1376302 | Jan 2004 | EP |
| 2339777 | Jun 2011 | EP |
| 2343679 | Jul 2011 | EP |
| 2357754 | Aug 2011 | EP |
| H06195307 | Jul 1994 | JP |
| H09231172 | Sep 1997 | JP |
| 2001-325469 | Nov 2001 | JP |
| 2002152189 | May 2002 | JP |
| 2003143136 | May 2003 | JP |
| 2003-219473 | Jul 2003 | JP |
| 2003223235 | Aug 2003 | JP |
| 2003-274007 | Sep 2003 | JP |
| 2003318894 | Nov 2003 | JP |
| 2004-007556 | Jan 2004 | JP |
| 2004-508619 | Mar 2004 | JP |
| 2004-118456 | Apr 2004 | JP |
| 2004348308 | Dec 2004 | JP |
| 2005092614 | Apr 2005 | JP |
| 2005316936 | Nov 2005 | JP |
| 2006-144421 | Jun 2006 | JP |
| 2007-514333 | May 2007 | JP |
| 2007148470 | Jun 2007 | JP |
| 2007-194866 | Aug 2007 | JP |
| 2007220075 | Aug 2007 | JP |
| 2007249726 | Sep 2007 | JP |
| 2008-017301 | Jan 2008 | JP |
| 2008065844 | Mar 2008 | JP |
| 2008-165411 | Jul 2008 | JP |
| 2009-032070 | Feb 2009 | JP |
| 2009-199530 | Sep 2009 | JP |
| 2009223452 | Oct 2009 | JP |
| 2010015263 | Jan 2010 | JP |
| 2010-045542 | Feb 2010 | JP |
| 2010505286 | Feb 2010 | JP |
| 2010-097467 | Apr 2010 | JP |
| 2011-165102 | Aug 2011 | JP |
| 2012503243 | Feb 2012 | JP |
| 2012-078979 | Apr 2012 | JP |
| 4939121 | May 2012 | JP |
| 2013016070 | Jan 2013 | JP |
| 2013122736 | Jun 2013 | JP |
| 2013522722 | Jun 2013 | JP |
| 2014-524218 | Sep 2014 | JP |
| 2015-511348 | Apr 2015 | JP |
| 2016-521403 | Jul 2016 | JP |
| 2016-208510 | Dec 2016 | JP |
| 2017-505048 | Feb 2017 | JP |
| 2017-152880 | Aug 2017 | JP |
| 2017-157926 | Sep 2017 | JP |
| 2017-528963 | Sep 2017 | JP |
| 2017-535843 | Nov 2017 | JP |
| 10-2004-0034327 | Apr 2004 | KR |
| 10-2008-0075956 | Aug 2008 | KR |
| 10-2011-0122452 | Nov 2011 | KR |
| 10-2012-0136236 | Dec 2012 | KR |
| 10-2014-0054151 | May 2014 | KR |
| 10-2015-0103264 | Sep 2015 | KR |
| 200701120 | Jan 2007 | TW |
| 201121280 | Jun 2011 | TW |
| 9750205 | Dec 1997 | WO |
| 03017159 | Feb 2003 | WO |
| 0365169 | Aug 2003 | WO |
| 03065169 | Aug 2003 | WO |
| 2005003985 | Jan 2005 | WO |
| 2006024042 | Mar 2006 | WO |
| 2007004224 | Jan 2007 | WO |
| 2007023756 | Mar 2007 | WO |
| 2007094165 | Aug 2007 | WO |
| 2009158530 | Dec 2009 | WO |
| 2010032216 | Mar 2010 | WO |
| 2010067433 | Jun 2010 | WO |
| 2013082190 | Jun 2013 | WO |
| 2014011997 | Jan 2014 | WO |
| 2014105994 | Jul 2014 | WO |
| 2015130734 | Sep 2015 | WO |
| 2016019093 | Feb 2016 | WO |
| 2016019106 | Feb 2016 | WO |
| 2017219007 | Dec 2017 | WO |
| Entry |
|---|
| Biryukov et al., “Argon2: the memory-hard function for password hashing and other applications”, Version 1.2.1 of Argon2: PHC release, Dec. 26, 2015, pp. 1-18. |
| Communication pursuant to Article 94(3) EPC, EP App. No. 14770682.4, Jul. 7, 2020, 4 pages. |
| Communication pursuant to Article 94(3) EPC, EP App. No. 14803988.6, Aug. 10, 2020, 7 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 14/218,646, Jul. 8, 2020, 5 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/229,233, Jul. 29, 2020, 3 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/229,233, Jun. 30, 2020, 3 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/881,522, Jul. 27, 2020, 2 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/881,522, Aug. 26, 2020, 2 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/881,522, Jul. 13, 2020, 2 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/881,522, Jun. 17, 2020, 2 pages. |
| Decision to Grant a Patent, EP App. No. 15826364.0, Jul. 2, 2020, 2 pages. |
| Decision to Grant a Patent, EP App. No. 15828152.7, Aug. 13, 2020, 2 pages. |
| Decision to Refuse, EP App. No. 15827334.2, Jul. 2, 2020, 17 pages. |
| First Office Action, CN App. No. 201580041803.4, Apr. 23, 2020, 13 pages (5 pages of English Translation and 8 pages of Original Document). |
| Intention to Grant, EP App. No. 15786796.1, Jun. 5, 2020, 6 pages. |
| International Preliminary Report on Patentability, PCT App. No. PCT/US2019/013199, Jul. 23, 2020, 11 pages. |
| International Search Report and Written Opinion, PCT App. No. PCT/US2020/022944, Jun. 18, 2020, 12 pages. |
| Office Action, JP App. No. 2017-505513, Aug. 3, 2020, 9 pages (5 pages of English Translation and 4 pages of Original Document). |
| Communication pursuant to Article 94(3) EPC, EP App. No. 15786487.7, Feb. 20, 2020, 6 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 14/218,646, May 26, 2020, 5 pages. |
| Crowley et al., “Online Identity and Consumer Trust: Assessing Online Risk”, Available Online at <https://www.brookings.edu/wp-content/uploads/2016/06/0111_online_identity_trust.pdf>, Jan. 11, 2011, 15 pages. |
| Decision of Final Rejection, JP App. No. 2016-566924, Feb. 27, 2020, 8 pages (5 pages of English Translation and 3 pages of Original Document). |
| Decision of Final Rejection, JP App. No. 2017-505072, Feb. 25, 2020, 9 pages (5 pages of English Translation and 4 pages of Original Document). |
| Decision to Grant a Patent, EP App. No. 15827363.1, Aug. 8, 2019, 2 pages. |
| Decision to Grant a Patent, EP App. No. 15841530.7, Dec. 5, 2019, 2 pages. |
| Decision to Grant, JP App. No. 2016-566912, Dec. 26, 2019, 3 pages (2 pages of English Translation and 1 page of Original Document). |
| Final Office Action, U.S. Appl. No. 15/822,531, Apr. 7, 2020, 22 pages. |
| First Office Action CN App. No. 201580040831.4, Mar. 3, 2020, 31 pages (18 pages of English Translation and 13 pages of Office Action). |
| First Office Action, CN App. No. 201580022332.2, Aug. 5, 2019, 14 pages (7 pages of English Translation and 7 pages of Original Document). |
| First Office Action, CN App. No. 201580040836.7, Apr. 22, 2020, 11 pages (5 pages of English Translation and 6 pages of Original Document). |
| Intention to Grant under Rule 71(3) EPC, EP App. No. 15826364.0, Feb. 18, 2020, 6 pages. |
| Intention to Grant under Rule 71(3) EPC, EP App. No. 15826660.1, Apr. 28, 2020, 6 pages. |
| Intention to Grant under Rule 71(3) EPC, EP App. No. 15828152.7, Apr. 1, 2020, 6 pages. |
| International Preliminary Report on Patentability, PCT App. No. PCT/US2018/062608, Jun. 11, 2020, 9 pages. |
| International Search Report and Written Opinion, PCT App. No. PCT/US2020/020439, May 27, 2020, 9 pages. |
| Manabe et al., “Person Verification using Handwriting Gesture”, Proceedings of the 26th Annual Conference of Japanese Society for Artifical Intelligence, 2012, 9 pages (English Abstract Submitted). |
| Non-Final Office Action, U.S. Appl. No. 15/229,233, Jan. 31, 2020, 18 pages. |
| Notice of Allowance, U.S. Appl. No. 14/145,466, Feb. 12, 2020, 12 pages. |
| Notice of Allowance, U.S. Appl. No. 14/218,646, Dec. 17, 2019, 6 pages. |
| Notice of Allowance, U.S. Appl. No. 14/218,646, Mar. 25, 2020, 8 pages. |
| Notice of Allowance, U.S. Appl. No. 14/218,677, May 8, 2020, 10 pages. |
| Notice of Allowance, U.S. Appl. No. 15/229,233, May 19, 2020, 10 pages. |
| Notice of Allowance, U.S. Appl. No. 15/229,254, Jan. 15, 2020, 9 pages. |
| Notice of Allowance, U.S. Appl. No. 15/229,254, Mar. 17, 2020, 3 pages. |
| Notice of Allowance, U.S. Appl. No. 15/881,522, Apr. 20, 2020, 10 pages. |
| Notice of Allowance, U.S. Appl. No. 15/881,522, Dec. 31, 2019, 10 pages. |
| Notice of Reasons for Refusal, JP App. No. 2018-209608, Oct. 7, 2019, 11 pages (7 pages of English Translation and 4 pages of Original Document). |
| Office Action, CN App No. 201580049696.X, Feb. 6, 2020, 11 pages (5 pages of English Translation and 6 pages of Original Document). |
| Second Office Action, CN App. No. 201580022332.2, May 7, 2020, 7 pages (4 pages of English Translation and 3 pages of Original Document). |
| Second Office Action, CN App. No. 201580040813.6, Mar. 24, 2020, 19 pages (11 pages of English Translation and 8 pages of Original Document). |
| Summon to Attend Oral Proceedings pursuant to Rule 115(1) EPC, EP App. No. 15827334.2, Dec. 17, 2019, 11 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/066,273 mailed Jun. 16, 2016, 43 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/066,273 mailed May 8, 2015, 31 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/066,273, mailed May 18, 2017, 46 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/066,384 mailed Jan. 7, 2015, 24 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/066,384 mailed Mar. 17, 2016, 40 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/145,439 mailed Feb. 12, 2015, 18 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/145,466 mailed Sep. 9, 2016, 13 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/145,533 mailed Jan. 26, 2015, 13 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/145,607 mailed Mar. 20, 2015, 22 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,504, mailed Feb. 27, 2017, 12 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,551 mailed Apr. 23, 2015, 9 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,551 mailed Jan. 21, 2016, 11 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,551 mailed May 12, 2016, 11 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,575 mailed Feb. 10, 2015, 17 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,575 mailed Jan. 29, 2016, 25 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,575, mailed Mar. 8, 2018, 29 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,575, mailed May 4, 2017, 88 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,611, mailed Feb. 7, 2019, 27 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,611 mailed Jun. 16, 2016, 13 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,611, mailed Sep. 19, 2017, 76 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,646, mailed Mar. 7, 2018, 32 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,646, mailed Mar. 10, 2016, 23 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,646, mailed Mar. 27, 2017, 24 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,677 mailed Aug. 2, 2016, 15 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,677, mailed Feb. 2, 2018, 25 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,677, mailed Feb. 10, 2017, 18 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,692 mailed Nov. 4, 2015, 16 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,692 mailed Oct. 25, 2016, 33 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,692, mailed Sep. 19, 2017, 37 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,743, mailed Aug. 2, 2017, 24 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,743 mailed Aug. 19, 2016, 11 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,743 mailed Jan. 21, 2016, 12 pages. |
| Non-final Office Action from U.S. Appl. No. 14/268,563, mailed Apr. 21, 2017, 83 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/268,563, mailed May 13, 2019, 47 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/268,619 mailed Aug. 24, 2015, 17 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/268,619 mailed Mar. 21, 2016, 7 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/268,733 mailed Jul. 16, 2015, 13 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/448,641 mailed Nov. 9, 2015, 21 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/448,747 mailed Aug. 19, 2016, 21 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/448,814, mailed Apr. 5, 2017, 57 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/448,814 mailed Aug. 4, 2015, 13 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/448,868 mailed Dec. 31, 2015, 12 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/487,992 mailed Dec. 3, 2015, 15 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/859,328, mailed Jul. 14, 2017, 29 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/859,328, mailed Sep. 15, 2016, 39 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/229,233, mailed Apr. 18, 2019, 87 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/229,254, mailed Feb. 14, 2018, 75 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/229,254, mailed Feb. 26, 2019, 46 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/396,452 mailed Oct. 13, 2017, 76 pages. |
| Non-Final Office action from U.S. Appl. No. 15/595,460, mailed Jul. 27, 2017, 09 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/042870, mailed Feb. 9, 2017, 8 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/050348, mailed Mar. 30, 2017, 7 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/42783, mailed Feb. 9, 2017, 12 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/42827, mailed Feb. 9, 2017, 6 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2017/045534, mailed Feb. 14, 2019, 11 pages. |
| International Search Report and Written Opinion for Application No. PCT/US13/77888, mailed Aug. 4, 2014, 10 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/028924 mailed Jul. 30, 2015, 10 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/042786, mailed Oct. 16, 2015, 8 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/042799, mailed Oct. 16, 2015, 8 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/042870, mailed Oct. 30, 2015, 9 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/050348, mailed Dec. 22, 2015, 9 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/42783, mailed Oct. 19, 2015, 13 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2015/42827, mailed Oct. 30, 2015, 9 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2017/045534, mailed Nov. 27, 2017, 14 pages. |
| International Search Report and Written Opinion for Application No. PCT/US2019/013199, mailed Apr. 1, 2019, 12 pages. |
| International Search Report and Written Opinion for PCT Application No. PCT/US2018/062608, mailed Mar. 28, 2019, 12 pages. |
| Jafri R., et al. “A Survey of Face Recognition Techniques,” Journal of Information Processing Systems, 2009, vol. 5 (2), pp. 41-68. |
| Julian J., et al., “Biometric Enabled Portable Trusted Computing Platform,” 2011 IEEE 10th International Conference on Trust Security and Privacy in Computing and Communications (TRUSTCOM), Nov. 16, 2011, pp. 436-442. |
| Kim et al., “Secure User Authentication based on the Trusted Platform for Mobile Devices,” EURASIP Journal on Wireless Communications and Networking, Sep. 29, 2016, pp. 1-15. |
| Kim H.C., et al., “A Design of One-Time Password Mechanism Using Public Key Infrastructure,” Networked Computing and Advanced Information Management, 2008, NCM'08, 4th International Conference on IEEE, Sep. 2, 2008, pp. 18-24. |
| Kollreider K., et al., “Evaluating Liveness by Face Images and the Structure Tensor,” Halmstad, Sweden: s.n., Halmstad University, SE-30118, Sweden, [online], 2005, Retrieved from the Internet: URL: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.62.6534&rep=rep1 &type=pdf, pp. 75-80. |
| Kollreider K., et al., “Non-Instrusive Liveness Detection by Face Images,” Image and Vision Computing, 2007, vol. 27 (3), pp. 233-244. |
| Kong S., et al. “Recent Advances in Visual and Infrared Face Recognition: A Review,” Journal of Computer Vision and Image Understanding, 2005, vol. 97 (1), pp. 103--135. |
| Li J., et al., “Live Face Detection Based on the Analysis of Fourier Spectra,” Biometric Technology for Human Identification, 2004, pp. 296-303. |
| Linux.com, “The source for Linux information,” 2012, 3 pages, downloaded from http://www.linux.com/ on Jan. 28, 2015. |
| Lubin, G., et al., “16 Heatmaps That Reveal Exactly Where People Look,” Business Insider, [online], May 21, 2012, [Cited: Nov. 1, 2012], Retrieved from the Internet: URL: http://www.businessinsider.com/eye-tracking-heatmaps-2012-5? pp=1, pp. 1-21. |
| Maatta J., et al., “Face Spoofing Detection From Single Images Using Micro-Texture Analysis,” Machine Vision Group, University of Oulu, Finland, Oulu, IEEE, [online], 2011, Retrieved from the Internet: URL: http://www.ee.oulu.fi/research/mvmp/mvg/files/pdf/131.pdf., pp. 1-7. |
| Marcialis G.L., et al. “First International Fingerprint Liveness Detection Competition—Livdet 2009,” Image Analysis and Processing—ICIAP, Springer Berlin Heidelberg, 2009. pp. 12-23. |
| Martins R A., et al., “A Potpourri of Authentication Mechanisms the Mobile Device Way,” CISTI, Jan. 2013, pp. 843-848. |
| Mobile Device Security Using Transient Authentication, IEEE Transactions on Mobile Computing, 2006, vol. 6 (11), pp. 1489-1502. |
| Monden A., et al., “Remote Authentication Protocol,” Multimedia, Distributed, Cooperative and Mobile Symposium (DICOM02007), Information Processing Society of Japan, Jun. 29, 2007, pp. 1322-1331. |
| National Science & Technology Council's Subcommittee on Biometrics. Biometrics Glossary. 33 pages, Last updated Sep. 14, 2006. NSTC. http://www.biometrics.gov/documents/glossary.pdf. |
| Nielsen, Jakib. useit.com. Jakob Nielsen's Alertbox—Horizontal Attention Leans Left. [Online] Apr. 6, 2010. [Cited: Nov. 1, 2012.] 4 pages. http://www.useit.com/alertbox/horizontal-attention.html. |
| Nielsen, Jakob. useit.com. Jakob Nielsen's Alertbox—Scrolling and Attention. [Online] Mar. 22, 2010. [Cited: Nov. 1, 2012.] 6 pages. http://www.useit.com/alertbox/scrolling-attention.html. |
| Niinuma K., et al., “Continuous User Authentication Using Temporal Information,” Apr. 2010, http://www.cse.msu.edu/biometrics/Publications/Face/NiinumaJain_ContinuousAuth_SPIE10.pdf, 11 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,646, mailed Dec. 31, 2018, 42 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,677, mailed Dec. 26, 2018, 32 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/218,692, mailed Jul. 31, 2018, 40 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/145,466, mailed May 11, 2018, 33 pages. |
| Non-Final Office Action from U.S. Appl. No. 14/268,563, mailed Jun. 28, 2018, 56 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/881,522, mailed Jun. 6, 2018, 87 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/900,620, mailed Oct. 19, 2018, 66 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,761, mailed Feb. 27, 2014, 24 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,761, mailed Sep. 9, 2014, 36 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,776, mailed Jul. 15, 2014, 16 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,780, mailed Aug. 4, 2014, 30 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,780, mailed Mar. 12, 2014, 22 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,791, mailed Jun. 27, 2014, 17 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,795, mailed Jan. 5, 2015, 19 pages. |
| Non-Final Office Action from U.S. Appl. No. 13/730,795, mailed Jun. 11, 2014, 14 pages. |
| RFC 2560: Myers M., et al., “The Online Certificate Status Protocol, OCSP,” Network working group, Jun. 1999, RFC 2560, 22 pages. |
| RFC 6063: Doherty, et al., “Dynamic Symmetric Key Provisioning Protocol (DSKPP),” Dec. 2010, 105 pages, Internet Engineering Task Force (IETF), Request for Comments : 6063. |
| RFC 6749: Hardt D, “The OAuth 2.0 Authorization Framework,” Internet Engineering Task Force(IETF), Request for Comments: 6749, retrieved from https://tools.ietf.org/pdf/rfc6749.pdf, Oct. 2012, pp. 1-76. |
| Roberts C., “Biometric Attack Vectors and Defences,” Sep. 2006, 25 pages. Retrieved from the Internet: URL: http://otago.ourarchive.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf. |
| Rocha A., et al., “Vision of the Unseen: Current Trends and Challenges in Digital Image and Video Forensics,” ACM Computing Surveys, 2010, 47 pages. Retrieved from the Internet: URL: http://www.wjscheirer.com/papers/wjscsur2011forensics.pdf. |
| Rodrigues R.N., et al., “Robustness of Multimodal Biometric Fusion Methods Against Spoof Attacks,” Journal of Visual Language and Computing. 2009. 11 pages, doi:10.1016/j.jvlc.2009.01.010; Retrieved from the Internet: URL: http://cubs.buffalo.edu/govind/papers/visual09.pdf. |
| Ross A., et al., “Multimodal Biometrics: An Overview,” Proceedings of 12th European Signal Processing Conference (EUSIPCO), Sep. 2004, pp. 1221-1224. Retrieved from the Internet: URL: http://www.csee.wvu.edu/-ross/pubs/RossMultimodaiOverview EUSIPC004.pdf. |
| Saito T, “Mastering TCP/IP, Information Security,” Ohmsha Ltd, Sep. 1, 2013, pp. 77-80 (7 Pages). |
| Schneier B., Biometrics: Uses and Abuses. Aug. 1999. Inside Risks 110 (CACM 42, Aug. 8, 1999), Retrieved from the Internet: URL: http://www.schneier.com/essay-019.pdf, 3 pages. |
| Schuckers, “Spoofing and Anti-Spoofing Measures,” Information Security Technical Report, 2002, vol. 2002, pp. 56-62. |
| Schwartz et al., “Face Spoofing Detection Through Partial Least Squares and Low-Level Descriptors,” International Conference on Biometrics, 2011, vol. 2011, pp. 1-8. |
| Smiatacz M., et al., Gdansk University of Technology. Liveness Measurements Using Optical Flow for Biometric Person Authentication. Metrology and Measurement Systems. 2012, vol. XIX, 2. pp. 257-268. |
| Starnberger G., et al., “QR-TAN: Secure Mobile Transaction Authentication,” Availability, Reliability and Security, 2009, ARES'09, International Conference on IEEE, Mar. 16, 2009, pp. 578-583. |
| Supplementary Partial European Search Report for Application No. 13867269, dated Aug. 3, 2016, 7 pages. |
| T. Weigold et al., “The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks,” P. Lipp, A.R. Sadeghi, and K.M. Koch, eds., Proc. Trust Conf. (Trust 2008), LNCS 4968, Springer-Verlag, 2008, pp. 75-91. |
| Tan et al., “Face Liveness Detection from a Single Image with Sparse Low Rank Bilinear Discriminative Model,” European Conference on Computer Vision, 2010, vol. 2010, pp. 1-14. |
| TechTarget, “What is network perimeter? Definition from WhatIs.com”, downloaded from http://searchnetworking.techtarget.com/definition/network-perimeter on Jun. 14, 2018, 3 pages. |
| The Extended M2VTS Database, [Online] [Cited: Sep. 29, 2012] downloaded from http://www.ee.surrey.ac.uk/CVSSP/xm2vtsdb/ on Jan. 28, 2015, 1 page. |
| Transmittal of International Preliminary Report On Patentability from foreign counterpart PCT Patent Application No. PCT/US2014/031344 dated Oct. 1, 2015, 9 pages. |
| Tresadern P., et al., “Mobile Biometrics (MoBio): Joint Face and Voice Verification for a Mobile Platform”, 2012, 7 pages. Retrieved from the Internet: URL: http://personal.ee.surrey.ac.uk/Personai/Norman.Poh/data/tresadem_PervComp2012draft.pdf. |
| Tronci R., et al., “Fusion of Multiple Clues for Photo-Attack Detection in Face Recognition Systems,” International Joint Conference on Biometrics, 2011. pp. 1-6. |
| Uludag, Umut, and Anil K. Jain. “Attacks on biometric systems: a case study in fingerprints.” Electronic Imaging 2004. International Society for Optics and Photonics, 2004, 12 pages. |
| Unobtrusive User-Authentication on Mobile Phones using Biometric Gait Recognition, 2010, 6 pages. |
| Uymatiao M.L.T., et al., “Time-based OTP authentication via secure tunnel (TOAST); A mobile TOTP scheme using TLS seed exchange and encrypted offline keystore,” 2014 4th IEEE International Conference on Information Science and Technology, IEEE, Apr. 26, 2014, pp. 225-229. |
| Validity, OSTP Framework, 24 pages, 2010. |
| Vassilev, A.T.; du Castel, B.; Ali, A.M., “Personal Brokerage of Web Service Access,” Security & Privacy, IEEE , vol. 5, No. 5, pp. 24-31, Sep.-Oct. 2007. |
| Watanabe H., et al., “The Virtual Wearable Computing System Assumed Widely Movement,” the multimedia, distribution and cooperation which were taken into consideration, mobile (DICOMO2009) symposium collected-papers [CD-ROM], Japan, Information Processing Society of Japan, Jul. 1, 2009, and vol. 2009 (1), pp. 1406-1414. (Abstract only in English). |
| WikiPedia article for Eye Tracking, 15 pages, Last Modified Jun. 21, 2014, en.wikipedia.org/wiki/Eye_tracking. |
| Willis N., Linux.com. Weekend Project: Take a Tour of Open Source Eye-Tracking Software. [Online] Mar. 2, 2012. [Cited: Nov. 1, 2012.], 4 pages. Retrieved from the Internet: URL: https://www.linux.com/learn/tutorials/550880-weekend-project-take-a-tour-of-opensource-eye-tracking-software. |
| Wilson R., “How To Trick Google's New Face Unlock On Android 4.1 Jelly Bean,” Aug. 6, 2012, 5 pages, [online], [retrieved Aug. 13, 2015]. Retrieved from the Internet: URL: http://printscreenmac.info/how-to-trick-android-jelly-bean-faceunlock/. |
| World Wide Web Consortium, W3C Working Draft: Media Capture and Streams, 2013, 36 pages. |
| Zhang, “Security Verification of Hardware-enabled Attestation Protocols,” IEEE, 2012, pp. 47-54. |
| Zhao W., et al., “Face Recognition: A Literature Survey,” ACM Computing Surveys, 2003, vol. 35 (4), pp. 399-458. |
| Zhou, et al., “Face Recognition from Still Images and Videos”. University of Maryland, College Park, MD 20742. Maryland : s.n., Nov. 5, 2004.pp. 1-23, Retrieved from the Internet: http://citeseerx.ist.psu.edu/viewdoc/download?doi=1 0.1.1.77.1312&rep=rep1 &type=pdf. |
| Abate A., et al., “2D and 3D face recognition: A survey,” Jan. 2007, Pattern Recognition Letters, pp. 1885-1906. |
| Advisory Action from U.S. Appl. No. 13/730,791, mailed Jan. 23, 2015, 4 pages. |
| Akhtar Z., et al., “Spoof Attacks on Multimodal Biometric Systems,” International Conference on Information and Network Technology, 2011, vol. 4, pp. 46-51. |
| Babich A., “Biometric Authentication. Types of Biometric Identifiers,” Haaga-Helia, University of Applied Sciences, 2012, retrieved from https://www.theseus.fi/bitstream/handle/10024/44684/Babich_Aleksandra.pdf, 56 pages. |
| Bao W., et al., “A liveness detection method for face recognition based on optical flow field”, 2009, pp. 233-236, http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5054589&isnumber=5054562. |
| Barker E., et al., “Recommendation for key management Part 3: Application-Specific Key Management Guidance,” NIST Special Publication 800-57, Dec. 2009, pp. 1-103. |
| Behaviosec, “Measuring FAR/FRR/EER in Continuous Authentication,” Stockholm, Sweden (2009), 8 pages. |
| Brickell, E., et al., Intel Corporation; Jan Camenish, IBM Research; Liqun Chen, HP Laboratories. “Direct Anonymous Attestation”. Feb. 11, 2004, pp. 1-28 [online]. Retrieved from the Internet: URL:https://eprint.iacr.org/2004/205.pdf. |
| Chakka M., et al., “Competition on Counter Measures to 2-D Facial Spoofing Attacks”. 6 pages .2011. http://www.csis.pace.edu/-ctappert/dps/IJCB2011/papers/130.pdf. 978-1-4577-1359-0/11. |
| Chen L., “Direct Anonymous Attestation,” Oct. 12, 2005, retrieved from https://trustedcomputinggroup.org/wp-content/uploads/051012_DAA-slides.pdf on Apr. 2, 2018, 27 pages. |
| Chen L., et al., “Flexible and scalable digital signatures in TPM 2.0.” Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 2013, 12 pages. |
| Chetty G. School of ISE University of Canberra Australia. “Multilevel liveness verification for face-voice biometric authentication”. BYSM-2006 Symposium. Baltimore: BYSM-Symposium 9 pages. Sep. 19, 2006. http://www.biometrics.org/bc2006/presentations/Tues_Sep_19/BSYM/19_Chetty_research.pdf. |
| Communication pursuant to Article 94(3) EPC for Application No. 15786796.1, mailed Oct. 23, 2018, 4 pages. |
| Communication Pursuant to Article 94(3) EPC for Application No. 15828152.7, mailed Jan. 31, 2019, 7 pages. |
| Communication pursuant to Article 94(3) EPC for Application No. 15841530.7, mailed Feb. 8, 2019, 4 pages. |
| Communication pursuant to Rules 161(2) and 162 EPC for EP Application No. 15826364.0, mailed Mar. 7, 2017, 2 pages. |
| Communication Pursuant to Rules 70(2) and 70a(2) EPC for European Application No. 15786487.7, mailed Nov. 9, 2017, 1 page. |
| Communication Pursuant to Rules 70(2) and 70a(2) EPC for European Application No. 15827363.7, mailed Mar. 13, 2018, 1 page. |
| Corrected Notice of Allowance from U.S. Appl. No. 15/396,452, mailed Aug. 30, 2018, 17 pages. |
| Corrected Notice of Allowance from U.S. Appl. No. 14/066,273, mailed Feb. 8, 2018, 4 pages. |
| Corrected Notice of Allowance from U.S. Appl. No. 15/396,454, mailed Sep. 28, 2018, 24 pages. |
| Corrected Notice of Allowance from U.S. Appl. No. 14/218,575, mailed Jun. 24, 2019, 16 pages. |
| Crazy Egg Heatmap Shows Where People Click on Your Website, 2012, 3 pages, www.michaelhartzell.com/Blog/bid/92970/Crazy-Egg-Heatmap-shows-where-people-click-on-your-website). |
| Dawei Zhang; Peng Hu, “Trusted e-commerce user agent based on USB Key”, Proceedings of the International MultiConference of Engineers and Computer Scientists 2008 vol. I, IMECS 2008, Mar. 19-21, 2008, Hong Kong, 7 pages. |
| Decision to Grant a Patent from counterpart Japanese Patent Application No. 2016-516743 mailed Jan. 10, 2019, 5 pages. |
| Decision to Grant from foreign counterpart Japanese Patent Application No. 2015-550778, mailed Jul. 25, 2018, 6 pages. |
| Delac K. et al., Eds., “Image Compression in Face Recognition a Literature Survey,” InTech, Jun. 1, 2008, ISBN 978-953-7619-34-3, Uploaded as individual Chapters 1-15, downloaded from https://www.intechopen.com/books/recent_advances_in_face_recognition/image_compression_in_face_recognition_-_a_literature_survey, 15 pages. |
| Extended European Search Report for U.S. Appl. No. 13/867,269, mailed Nov. 4, 2016, 10 pages. |
| Extended European Search Report for Application No. 14803988.6, mailed Dec. 23, 2016, 10 pages. |
| Extended European Search Report for Application No. 15786487.7, mailed Oct. 23, 2017, 8 pages. |
| Extended European Search Report for Application No. 15786796.1, mailed Nov. 3, 2017, 9 pages. |
| Extended European Search Report for Application No. 15826364.0, mailed Feb. 20, 2018, 6 pages. |
| Extended European Search Report for Application No. 15826660.1, mailed Nov. 16, 2017, 9 pages. |
| Extended European Search Report for Application No. 15827334.2, mailed Nov. 17, 2017, 8 pages. |
| Extended European Search Report for Application No. 15827363.1, mailed Feb. 22, 2018, 7 pages. |
| Extended European Search Report for Application No. 15828152.7, mailed Feb. 20, 2018, 8 pages. |
| Extended European Search Report for Application No. 15841530.7, mailed Mar. 26, 2018, 8 pages. |
| Extended European Search Report from European Patent Application No. 14770682.4, mailed Jan. 17, 2017, 14 pages. |
| Final Office Action from U.S. Appl. No. 14/145,466, mailed Nov. 20, 2018, 28 pages. |
| Final Office Action from U.S. Appl. No. 14/218,677, mailed May 31, 2018, 16 pages. |
| Final Office Action from U.S. Appl. No. 14/218,677, mailed Jun. 10, 2019, 15 pages. |
| Final Office Action from U.S. Appl. No. 14/268,563, mailed Dec. 27, 2018, 47 pages. |
| Final Office Action from U.S. Appl. No. 15/229,254, mailed Aug. 23, 2018, 16 pages. |
| Final Office Action from U.S. Appl. No. 13/730,761, mailed Jan. 15, 2015, 31 pages. |
| Final Office Action from U.S. Appl. No. 13/730,761, mailed Jul. 8, 2014, 36 pages. |
| Final Office Action from U.S. Appl. No. 13/730,776, mailed Nov. 3, 2014, 20 pages. |
| Final Office Action from U.S. Appl. No. 13/730,780, mailed Jan. 27, 2015, 30 pages. |
| Final Office Action from U.S. Appl. No. 13/730,780, mailed May 12, 2014, 34 pages. |
| Final Office Action from U.S. Appl. No. 13/730,791, mailed Nov. 13, 2014, 22 pages. |
| Final Office Action from U.S. Appl. No. 13/730,795, mailed Aug. 14, 2014, 20 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/595,460, mailed May 3, 2018, 20 pages. |
| Non-Final Office Action from U.S. Appl. No. 15/954,188, mailed Sep. 7, 2018, 41 pages. |
| Notice of Allowance from U.S. Appl. No. 15/396,454, mailed Jan. 28, 2019, 23 pages. |
| Notice of Allowance from U.S. Appl. No. 15/396,454, mailed Nov. 16, 2018, 34 pages. |
| Notice of Allowance from foreign counterpart Chinese Patent Application No. 201480031042.X, mailed Jul. 23, 2018, 5 pages. |
| Notice of Allowance from foreign counterpart Taiwan Patent Application No. 106125986, mailed Jul. 6, 2018, 7 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,743, mailed Aug. 1, 2018, 18 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,814, mailed May 9, 2018, 42 pages. |
| Notice of Allowance from U.S. Appl. No. 15/396,452, mailed Jul. 2, 2018, 23 pages. |
| Notice of Allowance from U.S. Appl. No. 14/487,992 mailed May 12, 2016, 11 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,761, mailed Jun. 10, 2015, 15 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,761, mailed Sep. 28, 2015, 5 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,776, mailed Feb. 13, 2015, 16 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,776, mailed Mar. 24, 2015, 3 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,780, mailed Aug. 13, 2015, 13 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,791, mailed Mar. 10, 2015, 17 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,795, mailed Jan. 14, 2016, 11 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,795, mailed May 15, 2015, 3 pages. |
| Notice of Allowance from U.S. Appl. No. 13/730,795, mailed Sep. 17, 2015, 11 pages. |
| Notice of Allowance from U.S. Appl. No. 14/066,273, mailed Jan. 18, 2018, 26 pages. |
| Notice of Allowance from U.S. Appl. No. 14/066,384 mailed Sep. 27, 2016, 19 pages. |
| Notice of Allowance from U.S. Appl. No. 14/066,384, mailed Dec. 1, 2017, 23 pages. |
| Notice of Allowance from U.S. Appl. No. 14/066,384, mailed Jul. 26, 2017, 20 pages. |
| Notice of Allowance from U.S. Appl. No. 14/066,384, mailed May 23, 2017, 50 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,439 mailed Jul. 6, 2015, 6 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,439 mailed Mar. 14, 2016, 17 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,439 mailed Oct. 28, 2015, 12 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,533 mailed Jan. 20, 2016, 12 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,533 mailed May 11, 2015, 5 bages. |
| Notice of Allowance from U.S. Appl. No. 14/145,533 mailed Sep. 14, 2015, 13 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,607 mailed Feb. 1, 2016, 28 pages. |
| Notice of Allowance from U.S. Appl. No. 14/145,607 mailed Sep. 2, 2015, 19 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,504, mailed May 31, 2018, 95 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,551, mailed Aug. 16, 2017, 24 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,551, mailed Dec. 13, 2017, 13 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,551, mailed Feb. 8, 2017, 56 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,551, mailed Mar. 1, 2017, 7 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,575, mailed Apr. 10, 2019, 32 pages. |
| Notice of Allowance from U.S. Appl. No. 14/218,692, mailed Dec. 5, 2018, 13 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,619 mailed Oct. 3, 2016, 65 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,619 mailed Jul. 19, 2016, 5 bages. |
| Notice of Allowance from U.S. Appl. No. 14/268,686 mailed Apr. 18, 2016, 16 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,686 mailed Jul. 8, 2016, 4 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,686 mailed Mar. 30, 2016, 38 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,686 mailed Nov. 5, 2015, 23 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,733 mailed Sep. 23, 2016, 8 pages. |
| Notice of Allowance from U.S. Appl. No. 14/268,733, mailed Jan. 20, 2017, 62 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,641 mailed Jun. 7, 2016, 13 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,697 mailed Jan. 14, 2016, 23 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,697 mailed May 20, 2016, 14 pages. |
| Final Office Action from U.S. Appl. No. 14/066,273 mailed Feb. 11, 2016, 29 pages. |
| Final Office Action from U.S. Appl. No. 14/066,273, mailed Jan. 10, 2017, 24 pages. |
| Final Office Action from U.S. Appl. No. 14/066,273, mailed Sep. 8, 2017, 30 pages. |
| Final Office Action from U.S. Appl. No. 14/066,384 mailed Aug. 20, 2015, 23 pages. |
| Final Office Action from U.S. Appl. No. 14/145,466, mailed Apr. 13, 2017, 61 pages. |
| Final Office Action from U.S. Appl. No. 14/218,504, mailed Sep. 12, 2017, 83 pages. |
| Final Office Action from U.S. Appl. No. 14/218,551 mailed Sep. 9, 2015, 15 pages. |
| Final Office Action from U.S. Appl. No. 14/218,551 mailed Sep. 16, 2016, 11 pages. |
| Final Office Action from U.S. Appl. No. 14/218,575 mailed Aug. 7, 2015, 19 pages. |
| Final Office Action from U.S. Appl. No. 14/218,575 mailed Jul. 7, 2016, 29 pages. |
| Final Office Action from U.S. Appl. No. 14/218,575, mailed Jul. 31, 2017, 42 pages. |
| Final Office Action from U.S. Appl. No. 14/218,575 mailed Sep. 5, 2018, 19 pages. |
| Final Office Action from U.S. Appl. No. 14/218,611, mailed Jan. 27, 2017, 14 pages. |
| Final Office Action from U.S. Appl. No. 14/218,611, mailed May 3, 2018, 20 pages. |
| Final Office Action from U.S. Appl. No. 14/218,646, mailed Aug. 9, 2018, 23 pages. |
| Final Office Action from U.S. Appl. No. 14/218,646 mailed Aug. 11, 2016, 25 pages. |
| Final Office Action from U.S. Appl. No. 14/218,646, mailed Sep. 27, 2017, 81 pages. |
| Final Office Action from U.S. Appl. No. 14/218,677, mailed Sep. 28, 2017, 16 pages. |
| Final Office Action from U.S. Appl. No. 14/218,692, mailed Apr. 17, 2018, 99 pages. |
| Final Office Action from U.S. Appl. No. 14/218,692, mailed Feb. 28, 2017, 27 pages. |
| Final Office Action from U.S. Appl. No. 14/218,692 mailed Mar. 2, 2016, 24 pages. |
| Final Office Action from U.S. Appl. No. 14/218,743, mailed Feb. 7, 2018, 27 pages. |
| Final Office Action from U.S. Appl. No. 14/218,743, mailed Mar. 3, 2017, 67 pages. |
| Final Office Action from U.S. Appl. No. 14/268,563, mailed Nov. 3, 2017, 46 pages. |
| Final Office Action from U.S. Appl. No. 14/268,619 mailed Dec. 14, 2015, 10 pages. |
| Final Office Action from U.S. Appl. No. 14/268,733 mailed Jan. 15, 2016. 14 pages. |
| Final Office Action from U.S. Appl. No. 14/448,747, mailed Feb. 13, 2017, 74 pages. |
| Final Office Action from U.S. Appl. No. 14/448,814 mailed Feb. 16, 2016, 14 pages. |
| Final Office Action from U.S. Appl. No. 14/448,814 mailed Jun. 14, 2016, 17 bages. |
| Final Office Action from U.S. Appl. No. 14/448,814 mailed Oct. 6, 2017, 24 pages. |
| Final Office Action from U.S. Appl. No. 14/448,868 mailed Aug. 19, 2016, 11 pages. |
| Final Office Action from U.S. Appl. No. 14/859,328, mailed Mar. 6, 2017, 26 pages. |
| Final Office Action from U.S. Appl. No. 15/396,452, mailed Feb. 27, 2018, 24 pages. |
| Final Office Action from U.S. Appl. No. 15/595,460, mailed Jan. 11, 2018, 19 pages. |
| Final Office Action from U.S. Appl. No. 15/881,522, mailed Feb. 6, 2019, 21 pages. |
| Final Office Action from U.S. Appl. No. 15/954,188, mailed Feb. 25, 2019, 8 pages. |
| First Office Action and Search Report from foreign counterpart China Patent Application No. 201380068869.3, mailed Sep. 19, 2017, 17 pages. |
| First Office Action and Search Report from foreign counterpart China Patent Application No. 201480025959.9, mailed Jul. 7, 2017, 10 pages. |
| Fourth Office Action from foreign counterpart China Patent Application No. 201480025959.9, mailed Apr. 12, 2019, 10 pages. |
| Grother, P.J., et al., NIST. Report on the Evaluation of 2D Still-Image Face Recognition Algorithms, NIST IR 7709. s.I, NIST, 2011, Jun. 22, 2010, pp. 1-58. |
| GSM Arena, “Ice Cream Sandwich's Face Unlock duped using a photograph,” Nov. 13, 2011, downloaded from http://www.gsmarena.com/ice_cream_sandwichs_face_unlock_duped_using_a_photograph-news-3377.php on Aug. 18, 2015, 2 pages. |
| Heikkila M., et al., “A Texture-Based Method for Modeling the Background and Detecting Moving Objects”, Oulu : IEEE , Jun. 22, 2005, Draft, Retrieved from the Internet: http://www.ee.oulu.fi/mvg/files/pdf/pdf_662.pdf, 16 pages. |
| Hernandez, T., “But What Does It All Mean? Understanding Eye-Tracking Results (Part 3)”, Sep. 4, 2007, 2 pages. EyeTools. Part III: What is a heatmap . . . really? [Online] [Cited: Nov. 1, 2012.] Retrieved from the Internet: URL:http://eyetools.com/articles/p3- understanding-eye-tracking-what-is-a-heatmap-really. |
| Himanshu, et al., “A Review of Face Recognition”. International Journal of Research in Engineering & Applied Sciences. Feb. 2012, vol. 2, pp. 835-846. Retrieved from the Internet: URL:http://euroasiapub.org/IJREAS/Feb2012/81.pdf. |
| Huang L., et al., “Clickjacking: Attacks and Defenses”. S.I. : Usenix Security 2012, pp. 1-16, 2012 [online]. Retrieved from the Internet: URL:https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final39.pdf. |
| International Preliminary Report On Patentability for Application No. PCT/US2013/077888, mailed Jul. 9, 2015, 7 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/028924 mailed Nov. 17, 2016, 9 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/028927 mailed Nov. 17, 2016, 10 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/042786, mailed Feb. 9, 2017, 7 pages. |
| International Preliminary Report on Patentability for Application No. PCT/US2015/042799, mailed Feb. 9, 2017, 7 pages. |
| Corrected Notice of Allowability, U.S. Appl. No. 15/881,522, Sep. 9, 2020, 2 pages. |
| Decision to Grant, EP App. No. 15826660.1, Sep. 3, 2020, 2 pages. |
| Non Final Office Action, U.S. Appl. No. 15/822,531, Sep. 9, 2020, 23 pages. |
| Notification to Grant Patent Right for Invention, CN App. No. 201580049696.X, Sep. 2, 2020, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Requirement for Restriction/Election, U.S. Appl. No. 16/392,301, Sep. 14, 2020, 13 pages. |
| Third Office Action, CN App. No. 201580040813.6, Aug. 28, 2020, 10 pages (5 pages of English Translation and 5 pages of Original Document). |
| Communication pursuant to Article 94(3) EPC, EP App. No. 13867269.6, Aug. 30, 2019, 6 pages. |
| Communication Pursuant to Article 94(3) EPC, EP App. No. 14770682.4, Jun. 6, 2019, 5 pages. |
| Communication pursuant to Article 94(3) EPC, EP App. No. 15786796.1, May 31, 2019, 5 pages. |
| Communication pursuant to Article 94(3) EPC, EP App. No. 15826660.1, Jul. 4, 2019, 6 pages. |
| Communication Pursuant to Article 94(3) EPC, EP App. No. 15827334.2, Apr. 30, 2019, 9 pages. |
| Communication pursuant to Article 94(3)EPC, EP. App. No. 14803988.6, Oct. 25, 2019, 5 pages. |
| Final Office Action, U.S. Appl. No. 14/218,611, Aug. 2, 2019, 26 pages. |
| Final Office Action, U.S. Appl. No. 14/268,563, Nov. 8, 2019, 36 pages. |
| Final Office Action, U.S. Appl. No. 15/229,233, Sep. 24, 2019, 18 pages. |
| First Office Action and Search Report, CN App. No. 201580040813.6, Jun. 28, 2019, 19 pages. |
| First Office Action and Search Report, CN App. No. 201580040814, Jul. 10, 2019, 10 pages (Translation available only for the office action). |
| Hebbes L., et al., “2-Factor Authentication with 2D Barcodes,” Proceedings of the Fifth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2011), 2011, pp. 86-96. |
| IEEE P802.11ah/D5.0: “Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 2: Sub 1 GHz License Exempt Operation,” IEEE Draft Standard for Information technology—Telecommunications and information exchange between systems, Local and metropolitan area networks-Specific requirements, Mar. 2015, 632 pages. |
| IEEE Std 802.11-2012: “Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” IEEE Standard for Information technology—Telecommunicationsand information exchange between systems, Local and metropolitan area networks—Specific requirements, Mar. 29, 2012, 2793 pages. |
| IEEE Std 802.11ac-2013 “Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 4: Enhancements for Very High Throughput for Operation in Bands below 6 Ghz,” IEEE Standard for Information technology—Telecommunicationsand information exchange between systems, Local and metropolitan area networks—Specific requirements, Dec. 18, 2013, 425 pages. |
| Non-Final Office Action, U.S. Appl. No. 14/218,677, Oct. 30, 2019, 5 pages. |
| Non-Final Office Action, U.S. Appl. No. 15/881,522, Jul. 16, 2019, 39 pages. |
| Notice of Abandonment, U.S. Appl. No. 16/209,838, Sep. 4, 2019, 2 pages. |
| Notice of Allowance, TW App. No. 102148853, Jul. 6, 2017, 3 pages. |
| Notice of Allowance, U.S. Appl. No. 14/218,646, Sep. 5, 2019, 6 pages. |
| Notice of Allowance, U.S. Appl. No. 15/229,254, Sep. 11, 2019, 8 pages. |
| Notice of Reasons for Refusal, JP App. No. 2018-153218, Jun. 5, 2019, 7 pages. |
| Notification to Grant Patent Right for Invention, CN App. No. 201580021972, Jul. 16, 2019, 4 pages. |
| Office Action and Search Report, TW App. No. 107127837, Jun. 26, 2019, 4 pages. |
| Rejection Judgment, JP App. No. 2017-505513, Jun. 17, 2019, 4 pages. |
| Requirement for Restriction/Election, U.S. Appl. No. 15/822,531, Oct. 16, 2019, 6 pages. |
| Schmidt et al., “Trusted Platform Validation and Management,” International Journal of Dependable and Trustworthy Information Systems, vol. 1, No. 2, Apr.-Jun. 2010, pp. 1-31. |
| Theuner et al., “Analysis of Advertising Effectiveness with Eye Tracking”, Department of Marketing, Ludwigshafen University of Applied Science, Proceedings of Measuring Behavior 2008, 2008, 2 pages. |
| Notification of Grant of Invention Patent, CN App. No. 201580022332.2, Sep. 4, 2020, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Notification of Grant of Invention Patent, CN App. No. 201580041803.4, Oct. 9, 2020, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Second Office Action, CN App. No. 201580040831.4, Sep. 2, 2020, 8 pages (5 pages of English Translation and 3 pages of Original Document). |
| Notice of Allowance from U.S. Appl. No. 14/448,697 mailed Sep. 1, 2016, 3 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,697 mailed Sep. 15, 2015, 14 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,747, mailed Jun. 20, 2017, 14 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,868, mailed Apr. 27, 2017, 62 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,868, mailed Jun. 26, 2017, 14 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,868, mailed Mar. 23, 2017, 57 pages. |
| Notice of Allowance from U.S. Appl. No. 14/448,868, mailed Nov. 17, 2017, 15 pages. |
| Notice of Allowance from U.S. Appl. No. 14/487,992, mailed Apr. 12, 2017, 14 pages. |
| Notice of Allowance from U.S. Appl. No. 14/487,992, mailed Dec. 27, 2016, 28 pages. |
| Notice of Allowance from U.S. Appl. No. 14/487,992, mailed Jul. 17, 2017, 8 pages. |
| Notice of Allowance from U.S. Appl. No. 14/487,992, mailed Jun. 14, 2017, 14 pages. |
| Notice of Allowance from U.S. Appl. No. 14/487,992 mailed Sep. 6, 2016, 26 pages. |
| Notice of Allowance from U.S. Appl. No. 14/859,328, mailed Feb. 1, 2018, 18 pages. |
| Notice of Allowance from U.S. Appl. No. 15/396,454, mailed Sep. 18, 2018, 79 pages. |
| Notice of Allowance from U.S. Appl. No. 15/595,460, mailed Mar. 14, 2019, 32 pages. |
| Notice of Allowance from U.S. Appl. No. 15/595,460, mailed May 17, 2019, 10 pages. |
| Notice of Allowance from U.S. Appl. No. 15/595,460, mailed Oct. 9, 2018, 8 pages. |
| Notice of Allowance from U.S. Appl. No. 15/900,620, mailed Feb. 15, 2019, 20 pages. |
| Notice of Allowance from U.S. Appl. No. 15/954,188, mailed Apr. 26, 2019, 5 pages. |
| Notice of Reasons for Rejection from foreign counterpart Japanese Patent Application No. 2017-505513, mailed Oct. 22, 2018, 6 pages. |
| Notice of Reasons for Rejection from foreign counterpart Japanese Patent Application No. 2016-566924, mailed Mar. 7, 2019, 23 pages. |
| Notification Concerning Transmittal of International Preliminary Report on Patentability for Application No. PCT/US14/39627, mailed on Dec. 10, 2015, 8 pages. |
| Notification for Granting Patent Right and Search Report from foreign counterpart Chinese Patent Application No. 201380068869.3, mailed May 4, 2018, 10 pages. |
| Notification of Reason for Rejection from foreign counterpart Japanese Patent Application No. 2016-505506, mailed Feb. 13, 2018, 6 pages. |
| Notification of Reasons for Refusal from foreign counterpart Japanese Patent Application No. 2017-505072, mailed Apr. 15, 2019, 8 pages. |
| Notification of Reasons for Refusal from foreign counterpart Japanese Patent Application No. 2017-514840, mailed Apr. 1, 2019, 10 pages. |
| Notification of Reasons for Rejection from foreign counterpart Japanese Patent Application No. 2016-0516743, mailed Apr. 23, 2018, 12 pages. |
| Notification of Reasons for Rejection from foreign counterpart Japanese Patent Application No. 2016-566912, mailed Jan. 31, 2019, 11 pages. |
| Notification of Transmittal of the International Search Report and the Written Opinion from counterpart Patent Cooperation Treaty Application No. PCT/US14/31344, mailed Nov. 3, 2014, 16 pages. |
| Notification of Transmittal of the International Search Report and the Written Opinion from counterpart Patent Cooperation Treaty Application No. PCT/US14/39627, mailed Oct. 16, 2014, 10 bages. |
| Notification of Transmittal or International Search Report and Written Opinion from PCT/US2015/028927, mailed Jul. 30, 2015, 12 pages. |
| OASIS Standard, “Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0,” Mar. 15, 2005, 70 pages. |
| Office Action and Search Report from foreign counterpart Chinese Patent Application No. 201480031042.X, mailed Dec. 4, 2017, 20 pages. |
| Office Action and Search Report from foreign counterpart Taiwan Patent Application No. 106125986, mailed Mar. 19, 2018, 6 pages. |
| Office Action from foreign counterpart Japanese Patent Application No. 2015-550778, mailed Feb. 7, 2018, 14 pages. |
| Office Action from foreign counterpart Japanese Patent Application No. 2017-505504, mailed Apr. 15, 2019, 3 pages. |
| Office Action from foreign counterpart Taiwan Patent Application No. 102148853, mailed Feb. 17, 2017, 9 pages. |
| “OpenID Connect Core 1.0—draft 17,” Feb. 3, 2014, 70 pages. |
| Pan G., et al., “Liveness Detection for Face Recognition” in: Recent Advances in Face Recognition, 2008, pp. 109-124, Vienna : I-Tech, 2008, Ch. 9, ISBN: 978-953-7619-34-3. |
| Pan G., et al., “Monocular Camera-based Face Liveness Detection by Combining Eyeblink and Scene Context,” pp. 215-225, s.I. : Springer Science+Business Media, LLC, Aug. 4, 2010. Retrieved from the Internet: URL: http://www.cs.zju.edu.cn/-gpan/publication/2011-TeleSysliveness.pdf. |
| Partial Supplementary European Search Report from European Patent Application No. 14770682.4, mailed Oct. 14, 2016, 8 pages. |
| Peng Y., et al., “RASL: Robust Alignment by Sparse and Low-Rank Decomposition for Linearly Correlated Images”, IEEE Conference on Computer Vision and Pattern Recognition, 2010, pp. 763-770. Retrieved from the Internet: URL: http://yima.csl.illinois.edu/psfile/RASL CVPR10.pdf. |
| Phillips P. J., et al., “Biometric Image Processing and Recognition,” Chellappa, 1998, Eusipco, 8 pages. |
| Phillips P.J., et al., “Face Recognition Vendor Test 2002: Evaluation Report,” s.I. : NISTIR 6965, 2002, 56 pages. Retrieved from the Internet: URL: http://www.facerec.org/vendors/FRVT2002_Evaluation_Report.pdf. |
| Phillips P.J., et al., “FRVT 2006 and ICE 2006 Large-Scale Results”, NIST IR 7408, Gaithersburg, NIST, 2006, Mar. 29, 2007, pp. 1-55. |
| Pinto A., et al., “Video-Based Face Spoofing Detection through Visual Rhythm Analysis,” Los Alamitos : IEEE Computer Society Conference Publishing Services, 2012, Conference on Graphics, Patterns and Images, 8 pages. (SIBGRAPI). Retrieved from the Internet: URL: http://sibgrapi.sid.inpe.br/rep/sid.inpe.br/sibgrapi/2012/07.13.21.16?mirror=SID.inpe.br/ banon/2001/03.30.15.38.24&metadatarepository=sid.inpe.br/sibgrapi/2012/07.13.21.1 6.53. |
| Quinn G.W., et al., “Performance of Face Recognition Algorithms on Compressed Images”, NIST Inter Agency Report 7830, NIST, Dec. 4, 2011, 35 pages. |
| Ratha N.K., et al., “An Analysis of Minutiae Matching Strength,” Audio and Video-Based Biometric Person Authentication, Springer Berlin Heidelberg, 2001, 7 pages. |
| Ratha N.K., et al., “Enhancing Security and Privacy in Biometrics-Based Authentication Systems,” IBM Systems Journal, 2001, vol. 40 (3), pp. 614-634. |
| Requirement for Restriction/Election from U.S. Appl. No. 14/218,504 mailed Aug. 16, 2016, 11 pages. |
| Decision of Appeal, JP App. No. 2017-505513, Mar. 4, 2021, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Non-Final Office Action, U.S. Appl. No. 16/369,823, Mar. 18, 2021, 23 pages. |
| Notice of Allowance, CN App. No. 201580040813.6, Dec. 2, 2020, 2 pages of Original Document Only. |
| Notification to Grant Patent Right for Invention, CN App. No. 201580040831.4, Dec. 29, 2020, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Non-Final Office Action, U.S. Appl. No. 16/392,301, Mar. 22, 2021, 17 pages. |
| Office Action, EP App. No. 14803988.6, Mar. 9, 2021, 11 pages. |
| Intention to Grant, EP App. No. 14803988.6, Nov. 8, 2021, 7 pages. |
| Notification of Reason for Refusal, KR App. No. 10-2017-7003447, Nov. 2, 2021, 6 pages (3 pages of English Translation and 3 pages of Original Document). |
| Office Action, KR App. No. 10-2017-7003592, Nov. 16, 2021, 5 pages of Original Document Only. |
| Final Office Action, U.S. Appl. No. 15/822,531, Jun. 3, 2021, 19 pages. |
| Final Office Action, U.S. Appl. No. 16/392,301, Jun. 30, 2021, 20 pages. |
| Non-Final Office Action, U.S. Appl. No. 16/244,705, Jun. 17, 2021, 33 pages. |
| Brown et al., “U-Prove CTP R2 Whitepaper”, Revision 17, Microsoft Corporation, Feb. 2011, pp. 1-22. |
| European Search Report and Search Opinion, EP App. No. 19738099.1, Jul. 26, 2021, 13 pages. |
| Intention to Grant, EP App. No. 14770682.4, Jul. 13, 2021, 6 pages. |
| International Preliminary Report on Patentability, PCT App. No. PCT/US2020/020439, Sep. 10, 2021, 8 pages. |
| Non-Final Office Action U.S. Appl. No. 16/369,823, Sep. 28, 2021, 24 pages. |
| Notice to File a Response, KR App. No. 10-2016-7033634, Jul. 7, 2021, 22 pages (13 pages of English Translation and 9 pages of Original Document). |
| Notice to File a Response, KR App. No. 10-2017-7003444, Jul. 7, 2021, 26 pages (12 pages of English Translation and 14 pages of English Translation). |
| Notification of Reason for Refusal, KR App. No. 10-2016-7033631, Oct. 5, 2021, 20 pages (11 pages of English Translation and 9 pages of Original Document). |
| Notification of Reason for Refusal, KR App. No. 10-2017-7007634, Sep. 10, 2021, 13 pages (7 pages of English Translation and 6 pages of Original Document). |
| Othman et al., “The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity”, 2018 International Joint Conference on Neural Networks (IJCNN), Nov. 20, 2017, 7 pages. |
| Supplementary European Search Report and Search Opinion, EP App. No. 18882247.2, Aug. 30, 2021, 13 pages. |
| Wefel et al., “Raising User Acceptance of Token-based Authentication by Single Sign-On Sandro”, International Journal of Information and Computer Science, vol. 1, Jun. 2012, pp. 70-77. |
| Notice of Reasons for Refusal, JP App. No. 2018-209608, Jul. 12, 2021, 07 pages (4 pages of English Translation and 3 pages of Original Document). |
| Notification of Reason for Refusal, KR App. No. 10-2017-7003449, Jul. 7, 2021, 14 pages (7 pages of English Translation and 7 pages of Office Action). |
| Supplementary Partial European Search Report and Search Opinion, EP App. No. 18882247.2, May 28, 2021, 14 pages. |
| Notification of Reason for Refusal, KR App. No. 10-2017-7003450, Jan. 27, 2022, 12 pages (6 pages of English Translation and 6 pages of Original Document). |
| Decision to grant a European patent, EP App. No. 14770682.4, Nov. 25, 2021, 3 pages. |
| Decision to grant a European patent, EP App. No. 14803988.6, Jan. 20, 2022, 2 pages. |
| Grant of Patent, KR App. No. 10-2017-7003444, Jan. 6, 2022, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Notice Of Allowance, KR App. No. 10-2016-7033631, Jan. 13, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice Of Allowance, KR App. No. 10-2017-7003447, Jan. 12, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice of Reasons for Refusal, JP App. No. 2020-180503, Jan. 26, 2022, 10 pages (6 pages of English Translation and 4 pages of Original Document). |
| Notification of Reason for Refusal, KR App. No. 10-2016-7033634, Jan. 26, 2022, 6 pages (3 pages of English Translation and 3 pages of Original Document). |
| Non-Final Office Action, U.S. Appl. No. 16/392,301, Feb. 24, 2022, 14 pages. |
| Advisory Action, U.S. Appl. No. 15/822,531, Dec. 10, 2021, 4 pages. |
| Final Office Action, U.S. Appl. No. 16/244,705, Jan. 27, 2022, 36 pages. |
| Notice of Allowance, U.S. Appl. No. 16/244,705, Aug. 25, 2022, 20 pages. |
| Notice of Allowance, U.S. Appl. No. 16/369,823, Aug. 25, 2022, 10 pages. |
| European Search Report and Search Opinion, EP App. No. 21214856.3, Mar. 23, 2022, 9 pages. |
| Final Office Action, U.S. Appl. No. 16/369,823, Apr. 25, 2022, 7 pages. |
| Final Office Action, U.S. Appl. No. 16/392,301, Jun. 2, 2022, 18 pages. |
| Non-Final Office Action, U.S. Appl. No. 15/822,531, Mar. 29, 2022, 16 pages. |
| Notice of Allowance, KR App. No. 10-2017-7003449, Mar. 20, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice of Allowance, KR App. No. 10-2017-7003592, Jun. 9, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice of Allowance, KR App. No. 10-2017-7007634, Apr. 22, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Trial and Appeal Decision, JP App. No. 2018-209608, Apr. 11, 2022, 15 pages (8 pages of English Translation and 7 pages of Original Document). |
| Notice of Allowance, KR App. No. 10-2016-7033634, Jul. 20, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice of Allowance, KR App. No. 10-2017-7003450, Jul. 27, 2022, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Final Office Action, U.S. Appl. No. 15/822,531, Sep. 28, 2022, 16 pages. |
| Notice of Allowance, U.S. Appl. No. 16/244,705, Nov. 30, 2022, 16 pages. |
| Notice of Allowance, U.S. Appl. No. 16/369,823, Nov. 29, 2022, 9 pages. |
| Notice of Allowance, U.S. Appl. No. 16/392,301, Dec. 9, 2022, 10 pages. |
| Notice of Reasons for Refusal, JP App. No. 2020-180503, Nov. 21, 2022, 5 pages (3 pages of English Translation and 2 pages of Original Document). |
| Notice of Reasons for Refusal, JP App. No. 2020-546306, Nov. 16, 2022, 17 pages (10 pages of English Translation and 7 pages of Original Document). |
| Decision to Grant a Patent, JP App. No. 2020-538981, Aug. 7, 2023, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Final Office Action, U.S. Appl. No. 15/822,531, Jul. 28, 2023, 16 pages. |
| Notice of Allowance, CN App. No. 202010235627.0, Aug. 11, 2023, 2 pages of Original Document Only. |
| Notice of Allowance, KR App. No. 10-2016-0170660, Jul. 28, 2023, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice of Allowance, U.S. Appl. No. 15/822,531, Aug. 24, 2023, 9 pages. |
| Notice of Allowance, U.S. Appl. No. 16/392,301, Aug. 28, 2023, 8 pages. |
| Advisory Action, U.S. Appl. No. 15/822,531, Mar. 13, 2023, 3 pages. |
| First Office Action, CN App. No. 202010235627.0, Mar. 13, 2023, 8 pages (2 pages of English Translation and 6 pages of Original Document). |
| Notice of Allowance, U.S. Appl. No. 16/244,705, Apr. 19, 2023, 2 pages. |
| Notice of Allowance, U.S. Appl. No. 16/244,705, Mar. 1, 2023, 16 pages. |
| Notice of Allowance, U.S. Appl. No. 16/369,823, Mar. 15, 2023, 9 pages. |
| Notice of Allowance, U.S. Appl. No. 16/392,301, May 1, 2023, 10 pages. |
| Notice of Reasons for Refusal, JP App. No. 2020-538981, Feb. 27, 2023, 7 pages (4 pages of English Translation and 3 pages of Original Document). |
| Office Action, EP App. No. 18882247.2, Mar. 27, 2023, 5 pages. |
| Request for the Submission of an Opinion, KR App. No. 10-2016-0164456, Feb. 24, 2023, 5 pages (2 pages of English Translation and 3 pages of Original Document). |
| Request for the Submission of an Opinion, KR App. No. 10-2016-0170660, Mar. 5, 2023, 25 pages (13 pages of English Translation and 12 pages of Original Document). |
| Richards, G., “One-Time Password (OTP) Pre-Authentication,” Internet Engineering Task Force (IETF), RFC 6560, Apr. 2012, 43 pages, XP015081490. |
| Supplementary European Search Report and Search Opinion, EP App. No. 20782486.3, Nov. 28, 2022, 10 pages. |
| Decision of Refusal, JP App. No. 2020-546306, May 29, 2023, 7 pages (4 pages of English Translation and 3 pages of Original Document). |
| Decision to Grant a Patent, JP App. No. 2020-180503, Jun. 1, 2023, 4 pages (2 pages of English Translation and 2 pages of Original Document). |
| Notice of Allowance, KR App. No. 10-2016-0164456, Jul. 14, 2023, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Notice of Allowance, U.S. Appl. No. 16/244,705, Jun. 29, 2023, 15 pages. |
| Notice of Allowance, U.S. Appl. No. 16/369,823, Jul. 19, 2023, 8 pages. |
| Emeni, “U-Prove Offers Security while Protecting Privacy”, Available Online at <https://www.infoq.com/news/2010/03/U-Prove-Security-Privacy/>, 2010, 5 pages. |
| Intention to Grant, EP App. No. 18882247.2, Dec. 7, 2023, 7 pages. |
| Notice of Allowance, U.S. Appl. No. 16/369,823, Sep. 20, 2023, 6 pages. |
| Notice of Allowance, U.S. Appl. No. 16/392,301, Nov. 30, 2023, 7 pages. |
| Office Action, CN App. No. 201980008272.7, Aug. 17, 2023, 13 pages (6 pages of English translation and 7 pages of Original Document). |
| Office Action, EP App. No. 19738099.1, Sep. 13, 2023, 4 pages. |
| Office Action, KR App. No. 10-2020-7018624, Aug. 29, 2023, 8 pages (4 pages of English Translation and 4 pages of Original Document). |
| First Office Action, CN App. No. 202080026123.6, Feb. 8, 2024, 13 page (5 pages of English Translation and 8 pages of Original Document). |
| Office Action, KR App. No. 10-2020-7020336, Feb. 21, 2024, 18 pages (9 pages of English Translation and 9 pages of Original Document). |
| Avram, et al., “U-Prove: Providing Security without Sacrificing Privacy”, InfoQ, Available Online at <https://www.infoq.cn/article/2010/03/U-Prove-Security-Privacy>, Mar. 19, 2010, 5 pages. |
| Office Action, CN App. No. 201880076556.5, Apr. 26, 2024, 22 pages (12 pages of English Translation and 10 pages of Original Document). |
| Notice of Allowance, KR App. No. 10-2020-7018624, Feb. 28, 2024, 3 pages (1 page of English Translation and 2 pages of Original Document). |
| Office Action, CN App. No. 201980008272.7, May 12, 2024, 13 pages (7 pages of English Translation and 6 pages of Original Document). |
| Office Action, JP App. No. 2021-558614, Apr. 15, 2024, 8 pages (5 pages of English Translation and 3 pages of Original Document). |
| Number | Date | Country | |
|---|---|---|---|
| 20200280550 A1 | Sep 2020 | US |
