-
公开(公告)号:US08739308B1
公开(公告)日:2014-05-27
申请号:US13431898
申请日:2012-03-27
申请人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
发明人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
IPC分类号: G06F21/00
CPC分类号: H04N21/44055 , G06F21/60 , G06F21/602 , G06F21/6218 , G06F21/64 , H04L9/0819 , H04L9/088 , H04L9/3242 , H04L2209/24 , H04L2209/38 , H04N21/4627
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。
-
12.发明授权公开(公告)号:US08490162B1
公开(公告)日:2013-07-16
申请号:US13248736
申请日:2011-09-29
IPC分类号: G06F21/00
CPC分类号: H04L63/083 , G06F21/316 , G06F21/552 , H04L63/08 , H04L63/102 , H04L63/1433 , H04L63/1441 , H04L63/20
摘要: A system includes a memory and a processor. The memory is operable to store a credential verifier associated with a user account and a counter. The processor is coupled to the memory and the memory includes executable instructions that cause the system to receive a first authentication attempt and increment the counter if validation of the first authentication attempt against the credential verifier fails. The instructions also cause the system to receive a second authentication attempt and increment the counter only if validation of the second authentication attempt against the credential verifier fails and the second authentication attempt is distinct from the first authentication attempt.
摘要翻译: 系统包括存储器和处理器。 存储器可操作地存储与用户帐户和计数器相关联的凭证验证器。 处理器耦合到存储器,并且存储器包括可执行指令,其使系统接收第一认证尝试,并且如果针对证书验证器的第一认证尝试的验证失败,则递增计数器。 指令还使得系统接收第二认证尝试,并且只有当对证书验证者的第二认证尝试的验证失败并且第二认证尝试与第一认证尝试不同时才递增计数器。
-
公开(公告)号:US09215076B1
公开(公告)日:2015-12-15
申请号:US13431882
申请日:2012-03-27
申请人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
发明人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
CPC分类号: H04L63/062 , G06F21/64 , H04L9/0836 , H04L9/321 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38 , H04L2209/60 , H04L2463/061
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。
-
公开(公告)号:US08881256B1
公开(公告)日:2014-11-04
申请号:US13333933
申请日:2011-12-21
申请人: Gregory B. Roth , Cristian M. Ilac , James E. Scharf, Jr. , Nathan R. Fitch , Graeme D. Baer , Brian Irl Pratt , Kevin Ross O'Neill
发明人: Gregory B. Roth , Cristian M. Ilac , James E. Scharf, Jr. , Nathan R. Fitch , Graeme D. Baer , Brian Irl Pratt , Kevin Ross O'Neill
CPC分类号: H04L63/08 , G06F21/123 , G06Q20/3821 , H04L63/0428 , H04L67/22
摘要: Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.
摘要翻译: 系统和方法在与能够访问与一组Web服务集合相关联的一组计算资源的一组凭证相关联的便携式物理对象上提供存储介质。 在一些实施例中,包括一组凭证的信息被预先包装到便携式物理对象的存储介质上。 在分布式系统中预先激活了对该组Web服务的订阅。 当便携式物理对象与计算设备耦合并且凭证集被认证时,启用对该组Web服务的访问。 在一些实施例中,便携式物理对象由用户以预付的方式购买,而不需要用户向该服务集注册帐户,允许用户对于与该组Web服务的交互保持匿名。
-
公开(公告)号:US08856957B1
公开(公告)日:2014-10-07
申请号:US13334490
申请日:2011-12-22
申请人: Gregory B. Roth , Kevin Ross O'Neill , Eric Jason Brandwine , Eric D. Crahen , Cristian M. Ilac
发明人: Gregory B. Roth , Kevin Ross O'Neill , Eric Jason Brandwine , Eric D. Crahen , Cristian M. Ilac
CPC分类号: H04L63/0884 , G06F21/33
摘要: A federated identity system is described. A federated identity broker registers a first customer as an identity provider and a second customer as an identity consumer. The federated identity broker acts as an intermediary between the first customer and the second customer, to broker an identity request from the first customer that is fulfilled by the second customer.
摘要翻译: 描述联合身份系统。 联合身份经纪人将第一个客户作为身份提供者注册,第二个客户作为身份消费者注册。 联合身份证券代理人作为第一客户和第二客户之间的中间人,从第二客户履行的第一客户身份验证身份请求。
-
公开(公告)号:US08745710B1
公开(公告)日:2014-06-03
申请号:US13532245
申请日:2012-06-25
申请人: Gregory B. Roth , Cristian M. Ilac
发明人: Gregory B. Roth , Cristian M. Ilac
IPC分类号: H04W12/06
CPC分类号: H04L63/08 , H04L9/0872 , H04L9/0891 , H04L63/061 , H04L63/0838 , H04W12/04 , H04W12/06
摘要: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.
摘要翻译: 可以在至少一个发送者和至少一个接收者之间自动重新协商秘密信息,例如种子,密码和密钥。 诸如计数器,事件或挑战等各种机制可用于通过各种请求或通信来触发自动重新谈判。 这些更改可能导致当前的秘密信息与旧版本的秘密信息分歧,这些秘密信息可能是由非预期的第三方获得的。 在一些实施例中,秘密可以被配置为随着时间的推移“衰减”,或者周期性地引入可以被授权方确定为有效的小变化,但是可以降低秘密信息的先前版本的有效性。
-
公开(公告)号:US09178701B2
公开(公告)日:2015-11-03
申请号:US13248962
申请日:2011-09-29
申请人: Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
发明人: Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
CPC分类号: H04L9/0891 , G06F21/31 , G06F2221/2115 , H04L9/083 , H04L9/088 , H04L9/3247 , H04L63/08 , H04L2209/38 , H04L2463/061
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息,作为用于生成密钥的结果,使生成的密钥可用于比秘密凭证更小的使用范围。 此外,密钥生成可以涉及函数的多次调用,其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制,可以采取一个或多个动作。
-
公开(公告)号:US20130086663A1
公开(公告)日:2013-04-04
申请号:US13248973
申请日:2011-09-29
申请人: Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
发明人: Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
CPC分类号: H04L9/083 , G06F21/31 , G06F2221/2115 , H04L9/0861 , H04L9/088 , H04L9/3242 , H04L9/3247 , H04L63/0884 , H04L63/126 , H04L2209/38
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息,作为用于生成密钥的结果,使生成的密钥可用于比秘密凭证更小的使用范围。 此外,密钥生成可以涉及函数的多次调用,其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制,可以采取一个或多个动作。
-
公开(公告)号:US20130086661A1
公开(公告)日:2013-04-04
申请号:US13248953
申请日:2011-09-29
CPC分类号: H04L63/102 , G06F21/335 , G06F2221/2137 , H04L9/083 , H04L9/0861 , H04L9/088 , H04L9/32 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息,作为用于生成密钥的结果,使生成的密钥可用于比秘密凭证更小的使用范围。 此外,密钥生成可以涉及函数的多次调用,其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制,可以采取一个或多个动作。
-
公开(公告)号:US09203818B1
公开(公告)日:2015-12-01
申请号:US13593274
申请日:2012-08-23
CPC分类号: H04L63/083 , H04L43/106 , H04L63/08 , H04L63/0807 , H04L63/0846 , H04L63/108 , H04L63/168 , H04L63/20 , H04L67/14 , H04L67/146 , H04L67/42 , H04L2463/121
摘要: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
摘要翻译: 存储到cookie或其他安全令牌的会话专用信息可以被选择和/或导致随时间变化,使得较旧的副本随着时间变得不那么有用。 这种方法降低了获取cookie副本的实体在会话中执行未授权任务的能力。 使用请求收到的cookie可以包含可能需要落在当前值的可接受范围内的会话的时间戳和操作计数,以便请求被处理。 返回响应的cookie可以根据各种因素设置为正确的值或从先前值递增。 允许的频带可以随着会话的年龄而减小,并且可以基于会话的事件来连续地更新诸如会话的不良因素的各种参数值。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.041 秒)
