-
公开(公告)号:US20180302396A1
公开(公告)日:2018-10-18
申请号:US16007205
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US09954759B2
公开(公告)日:2018-04-24
申请号:US14811855
申请日:2015-07-29
发明人: Yossi Gilad , Shahar Kohanim
IPC分类号: G06F15/173 , H04L12/26 , H04L29/08
CPC分类号: H04L43/50 , H04L43/06 , H04L43/0864 , H04L67/28
摘要: Evaluating communications via a computer network for the presence of proxy-based communications, by sending to a computer via a computer network multiple data packets followed by an out-of-sequence data packet that is out-of-sequence relative to any of the multiple data packets, receipt of the out-of-sequence data packet configured to cause the computer to send an acknowledgement via the computer network, and to cause the requestor to send a second data request via the computer and the computer network, detecting receipt of the acknowledgement at a first time, detecting receipt of the second data request at a second time, calculating a time delay between the first time and the second time, performing the sending, detecting and calculating steps multiple times for calculating multiple time delays, and determining whether the requestor is communicating via a proxy by evaluating the multiple time delays with respect to a predefined proxy evaluation criterion.
-
公开(公告)号:US20180295123A1
公开(公告)日:2018-10-11
申请号:US16007393
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US20180295122A1
公开(公告)日:2018-10-11
申请号:US16007353
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US10027477B2
公开(公告)日:2018-07-17
申请号:US15475405
申请日:2017-03-31
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US10164965B2
公开(公告)日:2018-12-25
申请号:US16007393
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US20170207912A1
公开(公告)日:2017-07-20
申请号:US15475405
申请日:2017-03-31
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L9/085 , G06F21/41 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247 , H04L63/0815
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≦n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≦t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≦t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US09705872B2
公开(公告)日:2017-07-11
申请号:US14865287
申请日:2015-09-25
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
CPC分类号: H04L9/085 , G06F21/41 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247 , H04L63/0815
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≦n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≦t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≦t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US10164964B2
公开(公告)日:2018-12-25
申请号:US16007205
申请日:2018-06-13
发明人: Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
摘要: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:US09985865B2
公开(公告)日:2018-05-29
申请号:US14948427
申请日:2015-11-23
发明人: Yossi Gilad , Shahar Kohanim
IPC分类号: G06F15/173 , H04L12/26 , H04L29/08
CPC分类号: H04L43/50 , H04L43/06 , H04L43/0864 , H04L67/28
摘要: Evaluating communications via a computer network for the presence of proxy-based communications, by sending to a computer via a computer network multiple data packets followed by an out-of-sequence data packet that is out-of-sequence relative to any of the multiple data packets, receipt of the out-of-sequence data packet configured to cause the computer to send an acknowledgement via the computer network, and to cause the requestor to send a second data request via the computer and the computer network, detecting receipt of the acknowledgement at a first time, detecting receipt of the second data request at a second time, calculating a time delay between the first time and the second time, performing the sending, detecting and calculating steps multiple times for calculating multiple time delays, and determining whether the requestor is communicating via a proxy by evaluating the multiple time delays with respect to a predefined proxy evaluation criterion.
-
-
-
-
-
-
-
-
-