利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

37 条记录 (耗时 0.025 秒)

    Cryptographic peer discovery, authentication, and authorization for on-path signaling
    12.
    发明授权
    Cryptographic peer discovery, authentication, and authorization for on-path signaling 有权
    路由信令的密码对等体发现,认证和授权

    公开(公告)号:US08122482B2

    公开(公告)日:2012-02-21

    申请号:US12019541

    申请日:2008-01-24

    申请人: David A. McGrew Melinda L. Shore

    发明人: David A. McGrew Melinda L. Shore

    IPC分类号: G06F17/00 H04L29/06

    CPC分类号: H04L63/0263 H04L63/029 H04L63/0807

    摘要: A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came. A response is received. A verification value is generated based on the cryptographic key and the challenge. It is determined whether the response matches the verification value. If the response matches the verification value, then it is determined whether the request is allowed by an authorization set that is mapped to the group identifier. If the request is allowed, then a policy of the intermediary network device is configured based on the request.

    摘要翻译: 公开了一种用于加密对等体发现,认证和授权的方法。 根据一个实施例,寻址到中继网络设备之外的目的地设备的数据分组在中间网络设备处被截取。 数据包包含请求和组标识符。 选择映射到组标识符的共享密钥加密密钥。 从数据包来自何时向上游设备发送一个挑战。 收到回复。 基于加密密钥和挑战生成验证值。 确定响应是否匹配验证值。 如果响应匹配验证值,则确定该映射到组标识符的授权集是否允许该请求。 如果允许请求,则根据请求配置中间网络设备的策略。

    Protecting Digital Data such as Images on a Device with Image Acquisition Capabilities
    13.
    发明申请
    Protecting Digital Data such as Images on a Device with Image Acquisition Capabilities 有权
    保护具有图像采集功能的设备上的数字数据(如图像)

    公开(公告)号:US20100211799A1

    公开(公告)日:2010-08-19

    申请号:US12388387

    申请日:2009-02-18

    申请人: Philip John Steuart Gladstone David A. McGrew

    发明人: Philip John Steuart Gladstone David A. McGrew

    IPC分类号: H04L9/16 G06F12/14

    CPC分类号: H04L9/0891 H04L9/0894

    摘要: Digital data, such as images on a digital camera, is typically protected (e.g., encrypted and/or authenticated) based on a master key stored off the device. The original master key can be acquired in a number of different ways, including being generated by the device or by another device. A one-way, progressive series of keys are derived from the master key such that only images or data of a same session can be authenticated or decrypted for viewing, export or manipulation of the decrypted image/data. In order to decrypt images or data of a previous session on the device, the master key must be imported to the device, such as by, but not limited to, taking a picture of a representation of the key and interpreting the image to reacquire the master key.

    摘要翻译: 数字数据,例如数字照相机上的图像,通常基于存储在设备上的主密钥进行保护(例如,加密和/或认证)。 原始主密钥可以以多种不同的方式获取,包括由设备或另一设备生成。 从主密钥导出单向,渐进的一系列密钥,使得仅能够认证或解密相同会话的图像或数据以查看,导出或操纵解密的图像/数据。 为了对设备上的先前会话的图像或数据进行解密,主密钥必须被导入到设备中,例如通过但不限于获取密钥的表示的图片并解释图像来重新获取 主密钥。

    Authentication via monitoring
    14.
    发明授权
    Authentication via monitoring 有权
    通过监控认证

    公开(公告)号:US08806572B2

    公开(公告)日:2014-08-12

    申请号:US12475486

    申请日:2009-05-30

    申请人: David A. McGrew Sandeep Rao

    发明人: David A. McGrew Sandeep Rao

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1408 H04L63/08

    摘要: Systems, methods, and other embodiments associated with authentication via monitoring are described. One example method includes detecting a data flow in which indicia of identity (DFWIOI) travel between a first endpoint and a second endpoint. The DFWIOI may be partially encrypted. The example method may also include collecting an identity data associated with the DFWIOI from the DFWIOI, the first endpoint, the second endpoint, and so on. The example method may also include making an authentication policy decision regarding the DFWIOI based, at least in part, on the identity data. The example method may also include controlling a networking device associated with the DFWIOI based, at least in part, on the authentication policy decision.

    摘要翻译: 描述了通过监视与认证相关联的系统,方法和其他实施例。 一个示例性方法包括检测在第一端点和第二端点之间的身份标识(DFWIOI)行进的数据流。 DFWIOI可能被部分加密。 示例性方法还可以包括从DFWIOI,第一端点,第二端点等收集与DFWIOI相关联的身份数据。 该示例方法还可以包括至少部分地基于身份数据来做出关于DFWIOI的认证策略决定。 该示例方法还可以包括至少部分地基于认证策略决定来控制与DFWIOI相关联的联网设备。

    Enabling stateless server-based pre-shared secrets
    15.
    发明授权
    Enabling stateless server-based pre-shared secrets 有权
    启用基于无状态的基于服务器的预共享机密

    公开(公告)号:US08166301B2

    公开(公告)日:2012-04-24

    申请号:US11843292

    申请日:2007-08-22

    申请人: Nancy Cam-Winget Hao Zhou Padmanabha C. Jakkahalli Joseph Salowey David A. McGrew

    发明人: Nancy Cam-Winget Hao Zhou Padmanabha C. Jakkahalli Joseph Salowey David A. McGrew

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0435 H04L9/0822 H04L9/0841 H04L63/08 H04L67/14

    摘要: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

    摘要翻译: 公开了一种实现无状态的基于服务器的预共享机密的方法。 基于客户端不知道的本地密钥,服务器加密客户端的状态信息。 客户端的状态信息可以包括例如客户端的认证凭证,客户端的授权特征以及客户端用于导出会话密钥的共享秘密密钥。 通过各种机制中的任一种,加密的客户端状态信息被提供给客户端。 服务器可以释放存储客户端状态信息的内存。 当服务器需要客户端的状态信息时,客户端向服务器发送客户端存储的加密状态信息。 服务器使用本地密钥解密客户端状态信息。 因为每个客户端都以加密形式存储客户端自己的状态信息,服务器不需要永久存储任何客户端的状态信息。

    Inspection and rewriting of cryptographically protected data from group VPNs
    16.
    发明申请
    Inspection and rewriting of cryptographically protected data from group VPNs 有权
    密码保护的数据从组VPN的检查和重写

    公开(公告)号:US20100064137A1

    公开(公告)日:2010-03-11

    申请号:US12231813

    申请日:2008-09-05

    申请人: David A. McGrew Mark Baugher Saul Adler William C. Melohn

    发明人: David A. McGrew Mark Baugher Saul Adler William C. Melohn

    IPC分类号: H04L9/00

    CPC分类号: H04L63/0464 H04L9/0833 H04L9/3242 H04L63/065

    摘要: Systems, methods, and other embodiments associated with processing secure network traffic are described. One example method includes determining whether a device is a preconfigured member of a group key system. If the device is not a preconfigured member then the method selectively establishes membership in the group key system by requesting membership from a group controller. The example method may also include receiving a set of keys from the group controller and being assigned a role by the group controller. The method may further include processing secure network traffic as an inspection point, a rewriting point, and/or a validation point based on the received set of keys and the assigned role(s).

    摘要翻译: 描述了与处理安全网络业务相关联的系统,方法和其他实施例。 一个示例性方法包括确定设备是组密钥系统的预配置成员。 如果设备不是预配置的成员,则该方法通过从组控制器请求成员资格来选择性地建立组密钥系统中的成员关系。 示例性方法还可以包括从组控制器接收一组密钥并由组控制器分配角色。 该方法还可以包括基于所接收的密钥集合和所分配的角色来将安全网络业务作为检查点,重写点和/或验证点进行处理。

    Avoiding server storage of client state
    17.
    发明授权
    Avoiding server storage of client state 有权
    避免服务器存储客户端状态

    公开(公告)号:US07373502B2

    公开(公告)日:2008-05-13

    申请号:US10756633

    申请日:2004-01-12

    申请人: David A. McGrew

    发明人: David A. McGrew

    IPC分类号: H04L9/00

    CPC分类号: H04L63/0435 H04L9/0838 H04L9/14 H04L9/3226 H04L63/0807 H04L67/02 H04L67/142 H04L2209/80 H04L2463/121 Y10S707/99942 Y10S707/99943

    摘要: A method is disclosed for avoiding the storage of client state on a server. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the server can use to encrypt and authenticate communication to and from the client. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

    摘要翻译: 公开了一种避免在服务器上存储客户端状态的方法。 基于客户端不知道的本地密钥,服务器加密客户端的状态信息。 客户端的状态信息可以包括例如客户端的认证凭证,客户端的授权特征以及服务器可以用来加密和认证与客户端的通信的共享秘密密钥。 通过各种机制中的任一种,加密的客户端状态信息被提供给客户端。 服务器可以释放存储客户端状态信息的内存。 当服务器需要客户端的状态信息时,客户端向服务器发送客户端存储的加密状态信息。 服务器使用本地密钥解密客户端状态信息。 因为每个客户端都以加密形式存储客户端自己的状态信息,服务器不需要永久存储任何客户端的状态信息。

    Enabling stateless server-based pre-shared secrets
    18.
    发明授权
    Enabling stateless server-based pre-shared secrets 有权
    启用基于无状态的基于服务器的预共享机密

    公开(公告)号:US07346773B2

    公开(公告)日:2008-03-18

    申请号:US10756634

    申请日:2004-01-12

    申请人: Nancy Cam-Winget Hao Zhou Padmanabha C. Jakkahalli Joseph Salowey David A. McGrew

    发明人: Nancy Cam-Winget Hao Zhou Padmanabha C. Jakkahalli Joseph Salowey David A. McGrew

    IPC分类号: H04L9/00 G06F15/16

    CPC分类号: H04L63/0435 H04L9/0822 H04L9/0841 H04L63/08 H04L67/14

    摘要: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

    摘要翻译: 公开了一种实现无状态的基于服务器的预共享机密的方法。 基于客户端不知道的本地密钥,服务器加密客户端的状态信息。 客户端的状态信息可以包括例如客户端的认证凭证,客户端的授权特征以及客户端用于导出会话密钥的共享秘密密钥。 通过各种机制中的任一种,加密的客户端状态信息被提供给客户端。 服务器可以释放存储客户端状态信息的内存。 当服务器需要客户端的状态信息时,客户端向服务器发送客户端存储的加密状态信息。 服务器使用本地密钥解密客户端状态信息。 因为每个客户端都以加密形式存储客户端自己的状态信息,服务器不需要永久存储任何客户端的状态信息。

    Password checking
    19.
    发明授权
    Password checking 有权
    密码检查

    公开(公告)号:US08539247B2

    公开(公告)日:2013-09-17

    申请号:US12821082

    申请日:2010-06-22

    申请人: David A. McGrew Andrew D. Persaud

    发明人: David A. McGrew Andrew D. Persaud

    IPC分类号: G06F21/00

    CPC分类号: G06F21/31 G06F21/46

    摘要: A method is disclosed for password checking. After input is received, a proposed password included in the input is parsed into symbols. At least one of the symbols includes two or more characters. A probably metric is determined based on a sequence of symbols. The probability metric is used to determine whether or not the password is secure.

    摘要翻译: 公开了用于密码检查的方法。 在接收到输入之后,包括在输入中的建议密码被分析成符号。 符号中的至少一个包括两个或更多个字符。 可能的度量是基于符号序列确定的。 概率度量用于确定密码是否安全。