Using mock tokens to protect against malicious activity
    1.
    发明授权
    Using mock tokens to protect against malicious activity 有权
    使用模拟令牌来防范恶意活动

    公开(公告)号:US09516059B1

    公开(公告)日:2016-12-06

    申请号:US13170732

    申请日:2011-06-28

    IPC分类号: G06F21/55 H04L29/06 H04L9/32

    摘要: A technique provides protection against malicious activity. The technique involves providing a mock token to fraudster equipment. The mock token appears to be a legitimate user token that identifies a legitimate user (e.g., an actual user token, a token seed, etc.). The technique further involves receiving, from the fraudster equipment, an authentication request which uses the mock token and, in response to receiving the authentication request which uses the mock token from the fraudster equipment, performing a set of authentication server operations to protect against future activity by the fraudster equipment (e.g., deny access to the fraudster equipment, acquire specific information about the fraudster equipment, output a message to subscribers of an eFraud network, and so on).

    摘要翻译: 一种技术提供了防止恶意活动的保护。 该技术涉及向欺诈设备提供模拟令牌。 模拟令牌似乎是标识合法用户(例如,实际用户令牌,令牌种子等)的合法用户令牌。 该技术还涉及从欺诈设备接收使用模拟令牌的认证请求,并且响应于从欺诈设备接收使用模拟令牌的认证请求,执行一组认证服务器操作以防止将来的活动 通过欺诈设备(例如,拒绝访问欺诈设备,获取关于欺诈设备的具体信息,向eFraud网络的用户输出消息等)。

    Injecting code decrypted by a hardware decryption module into Java applications
    2.
    发明授权
    Injecting code decrypted by a hardware decryption module into Java applications 有权
    将由硬件解密模块解密的代码注入Java应用程序

    公开(公告)号:US09021271B1

    公开(公告)日:2015-04-28

    申请号:US13337817

    申请日:2011-12-27

    IPC分类号: G06F11/30 G06F11/34

    CPC分类号: G06F11/34 G06F21/123

    摘要: A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.

    摘要翻译: 通过与硬件安全模块(HSM)通信的计算机执行方法。 该方法包括(a)在计算机上运行一个进程虚拟机(PVM),该PVM被配置为在PVM环境内执行便携式字节码指令,以及(b)在该PVM环境内执行(1)读取加密指令 来自计算机的数据存储的代码,(2)将加密的指令代码发送到HSM,(3)响应于从HSM接收解密的指令代码,以及(4)在PVM中运行的应用程序中注入解密的指令代码 由PVM执行的环境。 实施例还涉及类似的计算机程序产品和装置。

    Virtualization platform for secured communications between a user device and an application server
    4.
    发明授权
    Virtualization platform for secured communications between a user device and an application server 有权
    用于用户设备和应用服务器之间的安全通信的虚拟化平台

    公开(公告)号:US08694993B1

    公开(公告)日:2014-04-08

    申请号:US13077230

    申请日:2011-03-31

    IPC分类号: G06F9/455 G06F15/16

    摘要: A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.

    摘要翻译: 为用户设备和应用服务器之间的安全通信提供了模块化虚拟化平台。 客户端计算设备在通过网络与应用服务器进行虚拟会话期间执行安全通信。 客户端计算设备加载虚拟机客户端; 并且基于一个或多个性能因素选择远程模块用作虚拟会话的虚拟化服务器。 利用所选择的模块建立虚拟会话,并且可以经由所选模块的虚拟会话在客户端计算设备和应用服务器之间发生安全通信。 可以使用基于点对点八卦的状态通知过程从多个模块收集性能因素。 路线列表优选地存储多个模块的性能因素。 路由列表可以包含指向多个虚拟化平台中的多个远程模块的指针,以增加可靠性。

    Techniques for sharing authentication data among authentication servers

    公开(公告)号:US10063549B1

    公开(公告)日:2018-08-28

    申请号:US13169668

    申请日:2011-06-27

    IPC分类号: H04L29/06

    摘要: A technique of supporting multi-factor authentication uses a database server. The technique involves receiving suspicious user activity data from a first set of authentication servers and storing the suspicious user activity data from the first set of authentication servers, as sharable authentication data, in a database of the database server. The technique further involves providing the sharable authentication data from the database to a second set of authentication servers. Each authentication server of the second set of authentication servers performs multi-factor authentication operations based on (i) local authentication data which is gathered by that authentication server and (ii) the sharable authentication data provided from the database. Accordingly, useful authentication data from one authentication server (e.g., a network address of a computer which mischievously attempts to probe or infiltrate that authentication server) can be shared with other authentication servers to enhance their ability to identify fraudsters.

    Authenticating an entity
    6.
    发明授权

    公开(公告)号:US09781129B1

    公开(公告)日:2017-10-03

    申请号:US13536978

    申请日:2012-06-28

    IPC分类号: H04L29/06

    摘要: There is disclosed a method and system for use in authenticating an entity. An authentication request is received from the entity. An input signal is received from a communications device associated with the entity. The input signal comprises the current location of the communications device. The current location of the communications device is derived from the input signal. Based on the current location of the communications device, an event is detected at substantially the same location as the current location of the communications device. An analysis is performed between the current location of the communications device and the event. An authentication result is generated based on the analysis between the current location of the communications device and the event. The authentication result can be used for authenticating the entity.

    Assessing risk for third-party data collectors
    7.
    发明授权
    Assessing risk for third-party data collectors 有权
    评估第三方数据收集者的风险

    公开(公告)号:US09230066B1

    公开(公告)日:2016-01-05

    申请号:US13534873

    申请日:2012-06-27

    IPC分类号: H04L29/00 G06F21/00

    摘要: An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user.

    摘要翻译: 改进的技术基于确定用户设备发送的先前交易数据的能力来认证用户。 沿着这些方式,改进的技术使用独立的信息源来验证给定收集器获得的先前交易数据的准确性。 例如,当位置数据的收集器是手机的GPS单元时,独立的信息源可以是在交易时最靠近手机的信元塔。 虽然由单元塔提供的位置数据可能不如GPS单元提供的位置数据那样精确,但是这样的数据对于确认来自GPS单元的位置数据是有用的。 在这种情况下,如果单元塔提供的数据未能证实由GPS单元提供的数据,则GPS单元增加了验证用户的重大风险。

    Brokering multiple authentications through a single proxy
    8.
    发明授权
    Brokering multiple authentications through a single proxy 有权
    通过单个代理来代理多个身份验证

    公开(公告)号:US08949953B1

    公开(公告)日:2015-02-03

    申请号:US13611919

    申请日:2012-09-12

    IPC分类号: H04L29/06

    CPC分类号: H04L63/08

    摘要: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.

    摘要翻译: 一种方法包括:(a)从应用服务器接收用户的登录消息,所述登录消息包括用于基于凭证的认证(CBA)的用户凭证,(b)将所述用户证书转发到CBA服务器以用于 CBA,(c)作为响应,从CBA服务器接收认证决定消息,(d)从CBA服务器接收到的认证决定消息发送决策信息给基于风险的认证(RBA)服务器,RBA服务器为 与CBA服务器不同的是,RBA服务器在执行RBA认证决策时要使用的决策信息,(e)如果认证决定消息为肯定的,则向应用服务器发送质询消息以启动要由 补充CBA的RBA服务器,以及(f)如果认证决定消息为否定,则向应用服务器发送拒绝消息。

    Authentication based on a current location of a communications device associated with an entity
    9.
    发明授权
    Authentication based on a current location of a communications device associated with an entity 有权
    基于与实体相关联的通信设备的当前位置的认证

    公开(公告)号:US08904496B1

    公开(公告)日:2014-12-02

    申请号:US13435951

    申请日:2012-03-30

    IPC分类号: G06F21/00 G06F21/44

    摘要: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.

    摘要翻译: 公开了一种用于认证与计算机资源有关的实体的方法和系统。 从实体接收到对计算机资源的访问的认证请求。 从与实体相关联的通信设备接收输入信号。 输入信号包括通信设备的当前位置。 通信设备的当前位置来源于输入信号。 捕获与通信设备相关的位置历史记录。 位置历史包括通信设备在一段时间内访问的离散位置的记录。 在通信设备的当前位置和与通信设备相关的位置历史之间进行分析。 基于通信设备的当前位置和与通信设备相关的位置历史之间的分析生成认证结果。 验证结果可用于认证实体。

    Ordering of event records in an electronic system for forensic analysis
    10.
    发明授权
    Ordering of event records in an electronic system for forensic analysis 有权
    在电子系统中订购事件记录进行法医分析

    公开(公告)号:US08825848B1

    公开(公告)日:2014-09-02

    申请号:US13424955

    申请日:2012-03-20

    IPC分类号: G06F15/173

    摘要: An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information.

    摘要翻译: 用于在电子系统中记录事件的用于取证分析的改进技术包括:通过记录单元从电子系统的不同取证代理接收事件记录,并应用事件记录中包含的定时信息,以使记录单元中的事件记录更新 准确的订单。 在一些示例中,定时信息包括在用于存储事件序列的电子系统的代理之间建立的向量时钟。 向量时钟提供关于在法庭代理之间发生的特定事件的序列信息,其被应用于校正报告的事件记录的顺序。 在其他示例中,定时信息包括从公共时间戳服务器向代理发布的时间戳。 在其他示例中,定时信息包括代理正在其上运行的设备的时间戳,或上述定时信息示例的任何组合。