-
11.发明授权公开(公告)号:US08825848B1
公开(公告)日:2014-09-02
申请号:US13424955
申请日:2012-03-20
IPC分类号: G06F15/173
CPC分类号: G06F21/577 , G06F11/3476 , G06F11/3495 , G06F17/30144 , G06F2201/86 , H04L63/1425
摘要: An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information.
摘要翻译: 用于在电子系统中记录事件的用于取证分析的改进技术包括:通过记录单元从电子系统的不同取证代理接收事件记录,并应用事件记录中包含的定时信息,以使记录单元中的事件记录更新 准确的订单。 在一些示例中,定时信息包括在用于存储事件序列的电子系统的代理之间建立的向量时钟。 向量时钟提供关于在法庭代理之间发生的特定事件的序列信息,其被应用于校正报告的事件记录的顺序。 在其他示例中,定时信息包括从公共时间戳服务器向代理发布的时间戳。 在其他示例中,定时信息包括代理正在其上运行的设备的时间戳,或上述定时信息示例的任何组合。
-
公开(公告)号:US09154556B1
公开(公告)日:2015-10-06
申请号:US13337442
申请日:2011-12-27
申请人: Yedidya Dotan , Lawrence N. Friedman , Ayelet Biger , Asaf Shoval
发明人: Yedidya Dotan , Lawrence N. Friedman , Ayelet Biger , Asaf Shoval
IPC分类号: G06F15/173 , H04L29/08
CPC分类号: H04L67/14 , H04L41/5083 , H04L43/045 , H04L67/02 , H04L67/143 , H04L67/322
摘要: A technique manages access to a limited number of computerized sessions. The technique involves receiving, from a waiting user, a session request for a computerized session, and queuing the session request in a wait queue in response to all of the limited number of computerized sessions being currently assigned to other users. The technique further involves, while the session request is queued in the wait queue, providing permission to the waiting user to un-assign a computerized session which is currently assigned to another user. With such a technique, the user has the option of simply waiting until a computerized session has been relinquished (i.e., if the user is willing to be patient) or un-assigning a computerized session currently assigned to another user (e.g., in order to speed up access to a computerized session).
摘要翻译: 一种技术管理对有限数量的计算机化会话的访问。 该技术涉及从等待用户接收对计算机化会话的会话请求,并且响应于当前分配给其他用户的所有有限数量的计算机化会话,将会话请求排队在等待队列中。 该技术还涉及当会话请求在等待队列中排队时,向等待用户提供许可以取消分配当前分配给另一用户的计算机会话。 通过这样的技术,用户可以选择简单地等待计算机化会话被放弃(即,如果用户愿意耐心)或者取消分配当前分配给另一用户的计算机化会话(例如,为了 加快访问计算机化会话)。
-
公开(公告)号:US08955069B1
公开(公告)日:2015-02-10
申请号:US13538102
申请日:2012-06-29
CPC分类号: H04L63/0861 , G06F21/32 , G06F2221/2115 , H04W12/06
摘要: Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The authentication optionally comprises an event-based authentication. The mobile device does not have to contain token generating material.
摘要翻译: 使用用户的移动设备提供基于事件的生物特征认证。 尝试访问受保护资源的用户通过接收访问受保护资源的请求进行认证; 响应于使用所述用户的移动设备的所述请求从所述用户收集生物特征信息; 使用所收集的生物特征信息来执行用户的生物体认证; 并基于生物认证授权对受保护的资源的访问。 认证可选地包括基于事件的认证。 移动设备不必包含令牌生成材料。
-
公开(公告)号:US08819803B1
公开(公告)日:2014-08-26
申请号:US13537594
申请日:2012-06-29
IPC分类号: H04L9/08
CPC分类号: H04L9/3213 , H04L63/0815 , H04L63/0876 , H04L63/1483 , H04L67/02
摘要: A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client.
摘要翻译: 一种方法用于验证客户端设备与认证客户端的关联。 从用于建立与服务器的会话的客户端使用的客户端设备接收到用于认证客户端的认证请求。 客户端由身份验证设备进行身份验证。 创建令牌并将其提供给客户端设备。 收集客户端设备的识别信息。 识别信息识别客户端设备。 评估从客户端装置收集的识别信息。 基于评估,确认识别信息对应于与认证客户端相关联的客户端设备。
-
公开(公告)号:US08752172B1
公开(公告)日:2014-06-10
申请号:US13169167
申请日:2011-06-27
CPC分类号: H04L63/1483
摘要: A technique processes an email message. The technique involves receiving the email message from a network, and performing an authenticity analysis operation to determine authenticity of the email message. The technique further involves forwarding a copy of the email message to an external central hub through the network when a result of the authenticity analysis operation indicates that the email message is not authentic, and refraining from sending the copy of the email message to the external central hub through the network when the result of the authenticity analysis operation indicates that the email message is authentic. Such an embodiment is well suited for identifying spear phishing attacks within email messages routinely handled by an email server.
摘要翻译: 一种技术处理电子邮件。 该技术涉及从网络接收电子邮件消息,并执行真实性分析操作以确定电子邮件消息的真实性。 该技术还涉及当真实性分析操作的结果指示电子邮件消息不可信时,通过网络将电子邮件消息的副本转发到外部中央集线器,并且避免将电子邮件消息的副本发送到外部中央 当真实性分析操作的结果表明电子邮件信息是真实的时,通过网络集线器。 这样的实施例非常适合于识别由电子邮件服务器常规处理的电子邮件内的矛钓鱼攻击。
-
16.发明授权Establishing a trusted session from a non-web client using adaptive authentication 有权使用自适应认证从非Web客户端建立可信会话公开(公告)号:US08701199B1
公开(公告)日:2014-04-15
申请号:US13336570
申请日:2011-12-23
申请人: Yedidya Dotan , Lawrence N. Friedman , James Wiese
发明人: Yedidya Dotan , Lawrence N. Friedman , James Wiese
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/0853 , H04L63/18
摘要: A technique controls launching of a client application on an electronic device. The technique involves, after the client application is installed on the electronic device, providing input from the electronic device to an adaptive authentication service of a remote authentication server. The technique further involves receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the electronic device. The technique further involves invoking the client application with the credential on the electronic device to establish a trusted session between the client application and an application server. Such a technique is well suited for use by multi environment clients such as general purpose computers, tablets and smart phones.
摘要翻译: 一种技术控制在电子设备上启动客户端应用程序。 该技术涉及在将客户端应用程序安装在电子设备上之后,提供从电子设备到远程认证服务器的自适应认证服务的输入。 该技术还包括响应于基于从电子设备提供的输入的成功的自适应认证结果从远程认证服务器的自适应认证服务接收凭证。 该技术还涉及使用电子设备上的凭证调用客户端应用程序,以在客户端应用程序和应用程序服务器之间建立可信任的会话。 这种技术非常适合于诸如通用计算机,平板电脑和智能电话的多环境客户端使用。
-
公开(公告)号:US09405897B1
公开(公告)日:2016-08-02
申请号:US13538640
申请日:2012-06-29
CPC分类号: G06F21/44 , G06F21/316 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80
摘要: There is disclosed a method and system for use in authenticating an entity. An entity location history is stored comprising a historical record of locations visited by the entity. An authentication request is received from the entity. A pattern of recent locations visited by the entity indicative of irregular behavior is detected. An analysis is performed between the pattern of recent locations indicative of irregular behavior and the entity location history for establishing the riskiness of the authentication request. An authentication result is generated based on the analysis between the pattern of recent locations indicative of irregular behavior and the entity location history.
摘要翻译: 公开了一种用于认证实体的方法和系统。 存储实体位置历史,其包括由该实体访问的位置的历史记录。 从实体接收到认证请求。 检测到由实体访问的指示不规则行为的最近位置的模式。 在指示不规则行为的最近位置的模式和用于建立认证请求的风险的实体位置历史之间进行分析。 基于指示不规则行为的最近位置的模式与实体位置历史之间的分析,生成认证结果。
-
公开(公告)号:US09282114B1
公开(公告)日:2016-03-08
申请号:US13172999
申请日:2011-06-30
CPC分类号: H04L63/1441 , G06F21/552 , G06F21/554 , G06F21/577 , G06F2221/2111 , H04L63/107 , H04L63/1416
摘要: Embodiments relate to the generation of alerts in an event management system based upon risk. When an event device associated with the event management system, presents a logon page to a client device, the event device includes a beacon as part of the page to monitor and collect web device profile characteristics related to the client device. In response to a logon attempt by the client device, an event management device receives a notification regarding logon attempt and a risk assessment associated with the web device profile characteristics of the client device. Based upon a correlation of the notification and the corresponding risk assessment, the event management device can generate an alert, such as a SIEM alert, and can include an indication of priority, whether relatively low or high, and/or a confidence factor, whether or not the alert can be suppressed as part of the alert.
摘要翻译: 实施例涉及基于风险在事件管理系统中生成警报。 当与事件管理系统相关联的事件设备向客户端设备提供登录页面时,事件设备包括作为页面一部分的信标,以监视和收集与客户端设备相关的web设备配置文件特征。 响应于客户端设备的登录尝试,事件管理设备接收关于登录尝试的通知和与客户端设备的web设备简档特性相关联的风险评估。 基于通知的相关性和相应的风险评估,事件管理设备可以生成诸如SIEM警报的警报,并且可以包括无论相对低或高的优先级的指示和/或置信因子 或者不是可以抑制警报作为警报的一部分。
-
19.发明授权Performing an authentication operation during user access to a computerized resource 有权在用户访问计算机资源期间执行认证操作公开(公告)号:US09119539B1
公开(公告)日:2015-09-01
申请号:US13432732
申请日:2012-03-28
CPC分类号: A61B5/02438 , G06F21/32 , H04L63/0861 , H04L67/04 , H04L67/14 , H04W12/06
摘要: A method, electronic apparatus and computer program product for performing authentication operation is disclosed. An authentication request is received from user of computerized resource. The request comprises user identifier identifying user. The authenticity of user is verified based on user identifier. An access session is established in which user can access resource in response to successfully verifying user. An electronic input signal is received from electronic input device during session. The device is configured to take a biometric measurement from the user. Biometric data is derived from signal. A comparison is performed between biometric data and expected biometric data. An authentication result is generated based on comparison between biometric data and expected biometric data, wherein result can be used for further authentication of user during session.
摘要翻译: 公开了一种执行认证操作的方法,电子设备和计算机程序产品。 从计算机化资源的用户接收到认证请求。 该请求包括用户识别用户标识符。 基于用户标识验证用户的真实性。 建立访问会话,用户可以在其中访问资源以响应成功验证用户。 在会话期间从电子输入设备接收电子输入信号。 该设备被配置为从用户进行生物测量。 生物特征数据来源于信号。 在生物特征数据和预期生物特征数据之间进行比较。 基于生物特征数据和预期生物特征数据之间的比较来生成认证结果,其中结果可以用于会话期间用户的进一步验证。
-
20.发明授权Multi-point collection of behavioral data relating to a virtualized browsing session with a secure server 有权与安全服务器的虚拟化浏览会话相关的行为数据的多点收集公开(公告)号:US08677472B1
公开(公告)日:2014-03-18
申请号:US13246457
申请日:2011-09-27
申请人: Yedidya Dotan , Yael Villa , Ayelet Levin , Boris Kronrod , Lawrence N. Friedman
发明人: Yedidya Dotan , Yael Villa , Ayelet Levin , Boris Kronrod , Lawrence N. Friedman
IPC分类号: H04L29/06
CPC分类号: H04L67/38 , H04L67/125 , H04L67/22
摘要: A method of operating a VM server (VMS) is described, including (a) executing a VM instance (VMI) at the VMS, the VMI having a remote display within a terminal program of a client computer, the terminal program being configured to send commands received by the client from a user to the VMS to affect operation of the VMI, (b) running a browser within the VMI, the browser having a connection to a secure web application running on a web application server, the commands sent from the terminal program to the VMS allowing the user to interact with the web application via the terminal program and the browser running on the VMI, (c) at the VMS, asynchronously collecting information in connection with the commands sent from the user to the VMS, and (d) at the VMS, asynchronously sending the collected information to an analysis server to be analyzed for anomalous behavior.
摘要翻译: 描述了操作VM服务器(VMS)的方法,包括:(a)在VMS处执行VM实例(VMI),VMI在客户计算机的终端程序内具有远程显示,终端程序被配置为发送 客户端从用户接收到VMS以影响VMI的操作的命令,(b)在VMI内运行浏览器,浏览器具有到在web应用服务器上运行的安全web应用的连接,从 终端程序允许用户通过终端程序和在VMI上运行的浏览器与网络应用程序进行交互,(c)在VMS处,异步地收集与从用户发送到VMS的命令有关的信息;以及 (d)在VMS处,将收集的信息异步发送到分析服务器进行异常行为分析。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.026 秒)
