Main

About

Contact

Consulting

phillipgriffin.com

Information Security Consulting

Products

Software

Capabilities

Innovation

Patents Awarded:

8,242,892 - Communicating a Privacy Policy Associated With a Radio Frequency Identification Tag and Associated Object
Issued 8-14-2012. A system, method and program product for communicating a privacy policy associated with a RFID tag.
8,289,135 - Associating a Biometric Reference Template With a Radio Frequency Identification Tag
Issued 10-16-2012. A system, method and program product for associating a biometric reference template with a RFID tag embedded in or attached to a physical object.
8,301,902 - Communicating a Privacy Policy Associated With a Biometric Reference Template
Issued 10-30-2012. A system, method and program product for communicating a privacy policy associated with a reference template.
8,327,134 - Checking the Revocation Status of a Biometric Reference Template
Issued 12-04-2012. A system, method and program product for checking the revocation status of a biometric reference template.
8,359,475 - Generating a Cancelable Biometric Reference Template On Demand
Issued 1-22-2013. A system, method and program product for generating a cancelable biometric reference template on demand.
8,508,339 - Associating a Biometric Reference Template With an Identification Tag
Issued 8-13-2013. A method and system for associating a biometric reference template with an identification tag for a physical object.
8,700,909 - Revocation of a Biometric Reference Template
Issued 4-15-2014. A system, method and program product for generating a biometric reference template revocation message on demand.
8,756,416 - Checking revocation status of a biometric reference template
Issued 6-17-2014. A method and system for checking a revocation status of a biometric reference template previously generated for an individual.
8,782,397 - Compact Attribute for Cryptographically Protected Messages
Issued 7-15-2014. A method for verifying a signature of a signed message comprises.
9,298,902 - Recording creation of a cancelable biometric reference template in an event journal
Issued 3-29-2016. A method for logging cancelable templates in a biometric event journal.
Current Patent List: U.S. Patent Office

Publications:

An Internet of Block Things [copy],
Submitted to ITU Journal: ICT Discoveries (Issue No 2: Data for Good),
(Schema: SignedDataBlocks.asn)
Biometric Electronic Signature Security [copy],
Proceedings of the 9th International Conference on Applied Human Factors and Ergonomics (Human Factors in Cybersecurity),
Springer Advances in Intelligent Systems and Computing series. Lowes Sapphire Falls Resort, Orlando, Florida, July 21-25, 2018.
Biometric Electronic Signatures,
Information Systems Security Association Journal, Vol. 15, No. 11 (ISSA),
The ISSA Journal, November, 2017.
Adaptive Weak Secrets for Authenticated Key Exchange [copy],
Proceedings of the 8th International Conference on Applied Human Factors and Ergonomics (Human Factors in Cybersecurity),
Springer Advances in Intelligent Systems and Computing series. Westin Bonaventure Hotel, Los Angeles, California, July 17-21, 2017.
Secure Authentication on the Internet of Things [copy],
IEEE SoutheastCon 2017, Embassy Suites Golf Resort and Spa, Charlotte, North Carolina, March 30-April 2, 2017.
Biometric-Based Cybersecurity Techniques [copy],
Proceedings of the 7th International Conference on Applied Human Factors and Ergonomics (Human Factors in Cybersecurity),
Springer Advances in Intelligent Systems and Computing series. Walt Disney World, Swan and Dolphin Hotel, Buena Vista, Florida, July 27-31, 2016.
Gaining Confidence in the Cloud,
Information Systems Security Association Journal, Vol. 14, No. 1 (ISSA),
The ISSA Journal, January, 2016.
Security for Ambient Assisted Living,
Accepted at IoT Ambient Assisted Living Workshop (IoTAAL) - IEEE Global Communications (GLOBECOM 2015) Conference, December 6-10, San Diego, CA. ( Slides - pptx)
Biometric Knowledge Extraction for Multi-Factor Authentication and Key Exchange,
Accepted by 2015 Complex Adaptive Systems Conference (Engineering Cyber Physical Systems: Machine Learning, Data Analytics and Smart Systems Architecting), Missouri Institute of Science and Technology, in San Jose, California, 2-4 November 2015.
[Program Committee]
Transport Layer Secured Password-Authenticated Key Exchange,
Information Systems Security Association Journal, Vol. 13, No. 6 (ISSA),
The ISSA Journal, June, 2015.
Formal Security Protocol Analysis,
Information Systems Security Association Journal, Vol. 13, No. 4 (ISSA),
The ISSA Journal, April, 2015.
Standardization Transparency - An Out of Body Experience [draft],
Springer Lecture Notes in Computer Science (LNCS) series, Volume 8893, Proceedings of the 1st International Conference on Research in Security Standardisation, SSR 2014: Security Standardisation Research Conference, Royal Holloway, University of London, Surrey, UK, 16-17 December, 2014.
[Program Committee] [Session Chair]
Web Services Security For All,
Information Systems Security Association Journal, Vol. 12, No. 9 (ISSA),
The ISSA Journal, September, 2014.
Telebiometric Authentication Objects [copy],
Proceedings of the 2014 Complex Adaptive Systems Conference (Conquering Complexity: Challenges and Opportunities),
Missouri Institute of Science and Technology, in Philadelphia, Pennsylvania, 3-5 November 2014.
[Program Committee, Session Chair]
Web Services Security for Everyone,
Accepted for the 6th ITU Kaleidoscope Conference: Living in a converged world - impossible without standards? (ITU Kaleidoscope 2014),
The Bonch-Bruevich Saint-Petersburg State University of Telecommunications (SPbSUT), Saint Petersburg, Russian Federation, 3-5 June 2014.
Telebiometric Information Security and Safety Management Update,
Communications Magazine, IEEE, 52(1), 186-192. January, 2014.
Biometric Authentication Objects For Access Control,
Proceedings of the 8th Future Security Research Conference (Future Security 2013),
Fraunhofer Institute for Technological Trend Analysis, Berlin, Germany, 17-19 September 2013.
Telebiometric Information Security and Safety Management,
Proceedings of the 5th ITU Kaleidoscope Conference: Building Sustainable Communities (ITU Kaleidoscope 2013),
Clock Tower Centennial Hall, Kyoto University, Kyoto, Japan, 22-24 April 2013.
[ITU K-2013 Video]
Secure Biometric Information: Extending the DoD Electronic Biometric Transmission Specification,
Department of Defense (DoD) Defense Standardization Program Journal, (DSP Journal)
Biometric Standardization, January-March, 2013.
Compact Biometric Messages: Efficient DoD EBTS Transactions,
Department of Defense (DoD) Defense Standardization Program Journal, (DSP Journal)
Biometric Standardization, January-March, 2013.
Signcryption for Biometric Security,
Journal of Cyber Security and Information Systems Vol. 1, No. 1 (CSIAC),
Software-Intensive Systems Engineering, October, 2012.
Signcryption Information Assets,
Information Systems Security Association Journal, Vol. 10, No. 6 (ISSA),
The ISSA Journal, June 2012.
Protecting Biometrics Using Signcryption,
Proceedings of the ID360: The Global Forum on Identity (ID360 2012),
AT&T Conference Center, The Center for Identity, University of Texas, Austin, Texas, USA, April 24, 2012.
Repository-Level Biometric Reference Template Attribute,
IBM invention disclosure IPCOM000178316D,
IP.com Journal, ISSN 1533-0001, January 22, 2009.
Cancelable Biometric Loyalty Template Services,
IBM invention disclosure IPCOM000178052D,
IP.com Journal, ISSN 1533-0001, January 14, 2009.
ISO 19092: A Standard for Biometric Security Management,
Information Systems Security Association Journal, Vol. 5, No. 1 (ISSA),
The ISSA Journal, January 2007.
Key Commitment Using CMS In ECMQV Key Agreement,
Raleigh Information Systems Security Association Chapter Online,
ISSA Raleigh Chapter, March, 2006.
Public Key Infrastructure (PKI) Certificate Extensions,
International Standards Organization (ISO Bulletin),
ISO Bulletin, May 2002.

White papers:

Corrections to the ISO/IEC 29150 Schema, June 2012.
In this note, defects in the schema of the first edition of the ISO/IEC 29150 Signcryption standard are described, and a corrected ASN.1 module is proposed. An example signcryption algorithm identifier value is defined and binary and markup representations of this value are presented. Although the schema errors are small and do not affect the textual content of the standard, programming language code generation and other tools cannot process the schema unless it is correct.

[ Corrected ISO/IEC 29150 Signcryption ASN.1 schema]

Course offerings:

Half day and full day training sessions are offered in the topics listed below. These courses can be held in Raleigh, North Carolina, USA, or on site at your business location. All course materials have been created by Phil Griffin, who also leads these sessions. Send contact information for scheduling and pricing information.

Course: C0001
Title: S/MIME - Basic Cryptographic Message Syntax (CMS)

Abstract: This course provides an introduction to Cryptographic Message Syntax (CMS) and XML CMS, and describes the history, application, message types, and notation used to provide data integrity, origin authentication, and data privacy services using digital signatures, message digests (hashes), and symmetric and asymmetric encryption of arbitrary content.
[Outline]
Course: C0002
Title: S/MIME - Advanced Cryptographic Message Syntax (CMS)

Abstract: This course extends the introduction to Cryptographic Message Syntax (CMS) and XML CMS, presenting advanced information on key management techniques for key establishment. Topics include signed data signature and verification processing, application of the proposed SigncryptedData type, Diffie-Hellman and ECMQV key agreement techniques, and key control using a key commitment protocol. A brief review of introductory CMS concepts is also provided.
[Outline]
Course: C0003
Title: ASN.1 - Basic Abstract Syntax Notation One

Abstract: This course provides a basic introduction to Abstract Syntax Notation One (ASN.1) and presents useful types. The student is introduced to the concept of modules, object identification and the specification of XML values based on an abstract schema.
[Outline]
Course: C0004
Title: ASN.1 - Advanced Abstract Syntax Notation One

Abstract: This course extends the basic introduction to Abstract Syntax Notation One and presents concepts of information objects, classes and sets. Encoding rules commonly used in security protocols are described, including XML Encoding Rules (XER) and Distinguished Encoding Rules (DER).
[Outline]

Information Object Identifier Registry:

A registry of information object idetifiers is maintained and all OID assignments are made available to the public in the file: oidreg.txt. Identified information object identifiers are provided here for client enterprizes, examples, products, and other named objects.

Unique OIDs can be provided for your business for $ 300.00 (US) . An information object registry based on your new OID can be designed and implemented for an additional $ 200.00.