| 摘要 |
An initial certificate is provided that enables an initial two-way secured communication session between a user computing device and a trusted server. An initial secured communication session is established by the trusted server with the user computing device after receiving the one-time certificate. The trusted server receives identification information associated with the user of the user computing device, wherein the identification information includes a representation of the user's identity that has been confirmed as a function of biometrics and further includes a representation of the user computing device. Moreover, a replacement certificate is generated that is unique to the combination of the user and the user computing device, and transmits the replacement certificate to the user computing device. Thereafter, a two-way secured communication session is established, by the trusted server. |
| 主权项 |
1. A method for providing secure communication between a user computing device and a trusted server, the method comprising:
providing, by a trusted server to a user computing device, an initial certificate that enables an initial two-way secured communication session between the user computing device and the trusted server; establishing, by the trusted server, an initial secured communication session with the user computing device using the initial certificate; causing, by the trusted server during the initial secured communication session, generation of a replacement certificate that includes identification information associated with a user of the user computing device, wherein the identification information includes a representation of the user's identity that has been established as a function of biometrics and further includes a representation of the user computing device; transmitting, by the trusted server, the replacement certificate to the user computing device prior to the initial secured communication session terminating; receiving, by the trusted server during a subsequent communication session between the user computing device and the trusted server:
i) the replacement certificate; andii) encoded information that represents that the user has been biometrically verified by the user computing device in accordance with the identification information; establishing, by the trusted server and using the replacement certificate with the encoded information, a two-way secured communication session with the user computing device; receiving, by the trusted server during the two-way secured communication session, a request to access an object; determining, by the trusted server, an object security level associated with the object and a subject security level associated the user; and allowing, by the trusted server for the user computing device, access to the object when the subject's security level is greater than or equal to the object's security level. |
