公开(公告)号：US20130124866A1

公开(公告)日：2013-05-16

申请号：US13297200

申请日：2011-11-15

Applicant: Augustin J. FARRUGIA ,  Gelareh TABAN ,  Amine El KAMEL ,  Gianpaolo FASOLI ,  Srinivas VEDULA

Inventor： Augustin J. FARRUGIA ,  Gelareh TABAN ,  Amine El KAMEL ,  Gianpaolo FASOLI ,  Srinivas VEDULA

IPC: H04L9/00

CPC classification number: H04L9/0822 ,  H04L9/0825 ,  H04L9/0861 ,  H04L2209/603

Abstract: In the context of a computer client-server architecture, typically used in the Internet for communicating between a server and applications running on user computers (clients), a method is provided for enhancing security in the context of digital rights management (DRM) where the server is an untrusted server that may not be secure, but the client is secure. This method operates to authenticate the server to the client and vice versa to defeat hacking attacks intended to obtain confidential information. Values passed between the server and the client include encrypted random numbers, authentication values and other verification data generated using cryptographic techniques including double encryption.

Abstract translation: 在通常在因特网中用于在服务器和在用户计算机（客户端）上运行的应用程序之间进行通信的计算机客户机 - 服务器架构的上下文中，提供了一种用于增强数字版权管理（DRM）上下文中的安全性的方法，其中 服务器是不可信的服务器，可能不安全，但客户端是安全的。 该方法用于向客户端认证服务器，反之亦然，以打败旨在获取机密信息的黑客攻击。 在服务器和客户端之间传递的值包括加密的随机数，认证值和使用包括双加密的加密技术生成的其他验证数据。

公开(公告)号：US08079069B2

公开(公告)日：2011-12-13

申请号：US12054137

申请日：2008-03-24

Applicant: Lloyd Leon Burch ,  Srinivas Vedula

Inventor： Lloyd Leon Burch ,  Srinivas Vedula

IPC: G06F7/04

CPC classification number: G06F21/6218

Abstract: Before a relying party grants a client access to a resource, the last use of the security token by the client to access the resource of the relying party can be verified. Verification can be accomplished by comparing the last time the client sent the security token to the relying party with the last time the relying party received the security token from the client. If the last use of the security token is not verified, the possibility exists that the security token has been fraudulently used by a third party.

Abstract translation: 在依赖方授予客户端访问资源之前，可以验证客户端最后使用安全令牌来访问依赖方的资源。 验证可以通过比较客户端最后一次发送安全令牌到依赖方的时间来完成，最后一次依赖方从客户端接收到安全令牌。 如果安全令牌的最后使用未被验证，则可能存在安全令牌被第三方欺诈性地使用。

公开(公告)号：US20110047622A1

公开(公告)日：2011-02-24

申请号：US12546520

申请日：2009-08-24

Applicant: Ginger M. Myles ,  Srinivas Vedula ,  Gianpaolo Fasoli ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

Inventor： Ginger M. Myles ,  Srinivas Vedula ,  Gianpaolo Fasoli ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

IPC: G06F21/22 ,  G06F9/45 ,  G06F9/46

CPC classification number: G06F21/54 ,  G06F9/4484 ,  G06F9/544 ,  G06F9/545

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.

Abstract translation: 本文公开了用于呼叫路径实施的系统，计算机实现的方法和计算机可读存储介质。 该方法包括在运行期间跟踪软件程序中一系列函数调用的运行时调用顺序，以及在运行时执行受保护函数调用时，只允许或导致仅受保护函数调用的正确执行 如果运行时间调用顺序与预定顺序相匹配。 预定顺序可以是基于软件程序中的功能调用的编程顺序的期望的运行时呼叫顺序。 该方法可以包括维护与运行时呼叫顺序相关联的演进值，并通过传递基于演进值而破坏的演进值和功能参数来调用受保护功能。 受保护的功能基于传递的演进值和预期的预定呼叫顺序来破坏已损坏的参数。 包含未受损参数的缓冲区可以替换损坏的参数。

公开(公告)号：US07405402B1

公开(公告)日：2008-07-29

申请号：US11360930

申请日：2006-02-22

Applicant: Srinivas Vedula ,  Amir Azordegan ,  Laurence Hordon ,  Alan D. Brodie ,  Gian Francesco Lorusso ,  Takuji Tada

Inventor： Srinivas Vedula ,  Amir Azordegan ,  Laurence Hordon ,  Alan D. Brodie ,  Gian Francesco Lorusso ,  Takuji Tada

IPC: G01N23/00 ,  G21K7/00 ,  H01J3/14

CPC classification number: G01N23/04 ,  H01J37/21 ,  H01J37/28 ,  H01J2237/0492 ,  H01J2237/153 ,  H01J2237/2817

Abstract: One embodiment relates to an electron beam apparatus for automated imaging of a substrate surface. An electron source is configured to emit electrons, and a gun lens is configured to focus the electrons emitted by the electron source so as to form an electron beam. A condenser lens system is configured to receive the electron beam and to reduce its numerical aperture to an ultra-low numerical aperture. An objective lens is configured to focus the ultra-low numerical aperture beam onto the substrate surface. Other embodiments are also disclosed.

Abstract translation: 一个实施例涉及用于衬底表面的自动成像的电子束装置。 电子源被配置为发射电子，并且枪形透镜被配置为聚焦由电子源发射的电子以形成电子束。 聚光透镜系统被配置为接收电子束并且将其数值孔径减小到超低数值孔径。 物镜被配置为将超低数值孔径光束聚焦到衬底表面上。 还公开了其他实施例。

公开(公告)号：US08850206B2

公开(公告)日：2014-09-30

申请号：US13297200

申请日：2011-11-15

Applicant: Augustin J. Farrugia ,  Gelareh Taban ,  Amine El Kamel ,  Gianpaolo Fasoli ,  Srinivas Vedula

Inventor： Augustin J. Farrugia ,  Gelareh Taban ,  Amine El Kamel ,  Gianpaolo Fasoli ,  Srinivas Vedula

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L9/0822 ,  H04L9/0825 ,  H04L9/0861 ,  H04L2209/603

Abstract: In the context of a computer client-server architecture, typically used in the Internet for communicating between a server and applications running on user computers (clients), a method is provided for enhancing security in the context of digital rights management (DRM) where the server is an untrusted server that may not be secure, but the client is secure. This method operates to authenticate the server to the client and vice versa to defeat hacking attacks intended to obtain confidential information. Values passed between the server and the client include encrypted random numbers, authentication values and other verification data generated using cryptographic techniques including double encryption.

Abstract translation: 在通常在因特网中用于在服务器和在用户计算机（客户端）上运行的应用程序之间进行通信的计算机客户机 - 服务器架构的上下文中，提供了一种用于增强数字版权管理（DRM）上下文中的安全性的方法，其中 服务器是不可信的服务器，可能不安全，但客户端是安全的。 该方法用于向客户端认证服务器，反之亦然，以打败旨在获取机密信息的黑客攻击。 在服务器和客户端之间传递的值包括加密的随机数，认证值和使用包括双加密的加密技术生成的其他验证数据。

公开(公告)号：US20130182842A1

公开(公告)日：2013-07-18

申请号：US13349451

申请日：2012-01-12

Applicant: Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gelareh Taban ,  Nicholas T. Sullivan ,  Srinivas Vedula

Inventor： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gelareh Taban ,  Nicholas T. Sullivan ,  Srinivas Vedula

IPC: H04L9/14 ,  H04L9/08

CPC classification number: H04L9/14 ,  H04L9/0861 ,  H04L2209/603 ,  H04N21/2347 ,  H04N21/26613 ,  H04N21/63345

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

Abstract translation: 本文公开了用于混合媒体数字版权管理内容和安全数字资产分配的关键空间划分和子密钥导出的系统，方法和非暂时的计算机可读存储介质。 实施示例性方法的系统使用单向函数从与加密的媒体资产相关联的主密钥导出一组家庭密钥，其中每个家庭密钥与相应的客户端平台类型唯一地相关联，其中主密钥从 一个服务器帐户数据库，并从一组家庭密钥中识别客户端设备的客户端平台类型和相应的家庭密钥。 该系统使用相应的家庭密钥对加密的媒体资产进行加密，以产生特定于平台的加密媒体资产，并将平台特定的加密媒体资产发送到客户端设备。 因此，不同的客户端设备接收可以全部基于相同主密钥导出的特定于设备的加密资产。

公开(公告)号：US08332918B2

公开(公告)日：2012-12-11

申请号：US11951524

申请日：2007-12-06

Applicant: Srinivas Vedula ,  Cameron Craig Morris ,  Larry Hal Henderson

Inventor： Srinivas Vedula ,  Cameron Craig Morris ,  Larry Hal Henderson

IPC: H04L29/06

CPC classification number: G06F21/46 ,  G06F2221/2101

Abstract: Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.

Abstract translation: 介绍了技术实时自适应密码策略。 定期分析密码模式以及与模式相关的其他因素，以动态确定密码强度值。 强度值可以根据使用统计信息随时间而变化。 当强度值低于可接受的阈值时，与该特定模式相关联的密码可以被实时降级或拒绝，并且现有策略可以被调整以反映该模式的不合需要。

公开(公告)号：US08302210B2

公开(公告)日：2012-10-30

申请号：US12546520

申请日：2009-08-24

Applicant: Ginger M. Myles ,  Srinivas Vedula ,  Gianpaolo Fasoli ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

Inventor： Ginger M. Myles ,  Srinivas Vedula ,  Gianpaolo Fasoli ,  Julien Lerouge ,  Tanya Michelle Lattner ,  Augustin J. Farrugia

IPC: G06F21/00

CPC classification number: G06F21/54 ,  G06F9/4484 ,  G06F9/544 ,  G06F9/545

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.

Abstract translation: 本文公开了用于呼叫路径实施的系统，计算机实现的方法和计算机可读存储介质。 该方法包括在运行期间跟踪软件程序中一系列函数调用的运行时调用顺序，以及在运行时执行受保护函数调用时，只允许或导致仅受保护函数调用的正确执行 如果运行时间调用顺序与预定顺序相匹配。 预定顺序可以是基于软件程序中的功能调用的编程顺序的期望的运行时呼叫顺序。 该方法可以包括维护与运行时呼叫顺序相关联的演进值，并通过传递基于演进值而破坏的演进值和功能参数来调用受保护功能。 受保护的功能基于传递的演进值和预期的预定呼叫顺序来破坏已损坏的参数。 包含未受损参数的缓冲区可以替换损坏的参数。

公开(公告)号：US20090172788A1

公开(公告)日：2009-07-02

申请号：US11964933

申请日：2007-12-27

Applicant: Srinivas Vedula ,  Cameron Craig Morris

Inventor： Srinivas Vedula ,  Cameron Craig Morris

IPC: G06F21/00 ,  H04L9/32

CPC classification number: H04L63/08 ,  H04L63/1441

Abstract: Techniques for credential strength analysis via failed intruder access attempts are presented. Intruders attempting to access a secure network with failed credentials are monitored. The failed credentials are retained and evaluated in view of previously recorded failed credentials. Credential policy is updated in response to the evaluation and intruder trends and sophistication levels are also predicted in response to the evaluation.

Abstract translation: 提出了通过失败的入侵者访问尝试进行凭证强度分析的技术。 监控尝试访问失败凭证的安全网络的入侵者。 鉴于以前记录的失败凭证，保留和评估失败的凭据。 根据评估和入侵者趋势更新凭证政策，并且对评估进行回应，也预测了复杂程度。

公开(公告)号：US20090113523A1

公开(公告)日：2009-04-30

申请号：US11924744

申请日：2007-10-26

Applicant: Srinivas Vedula ,  Larry Hal Henderson ,  Stephen Kent Winn

Inventor： Srinivas Vedula ,  Larry Hal Henderson ,  Stephen Kent Winn

IPC: H04L9/32

CPC classification number: H04L63/0815

Abstract: In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal.

Abstract translation: 在各种实施例中，提供了用于灵活资源认证的技术。 主体尝试使用第一个凭据登录到目标资源。 目标资源不识别第一凭证，并且响应于此，将第一凭证转发到身份服务。 身份服务通过第一个凭据验证主体，并将第二个凭据提供给目标资源。 目标资源识别并验证第二个凭据并授予对主体的访问权限。