-
41.发明授权公开(公告)号:US09659177B1
公开(公告)日:2017-05-23
申请号:US13625465
申请日:2012-09-24
申请人: Ari Juels , Kevin D. Bowers
发明人: Ari Juels , Kevin D. Bowers
CPC分类号: G06F21/57 , G06F21/34 , G06F21/445 , G06F21/575 , H04L63/0853 , H04L63/0869
摘要: An authentication token configured to generate authentication information comprises an attestation module. The attestation module of the authentication token is configured to receive an attestation generated by an attestation module of a client, to perform a check on the received attestation, and to release the authentication information to a designated entity if the check indicates that the attestation is valid. The designated entity may comprise the client itself or another entity that participates in an authentication process involving at least one of the authentication token and the client. The authentication token in performing the check on the attestation received from the client may determine if the received attestation conforms to a predetermined policy. The attestation may comprise a platform attestation generated by the client for a given instantiated software stack of the client.
-
42.发明授权Methods and apparatus for silent alarm channels using one-time passcode authentication tokens 有权使用一次性密码认证令牌的静音报警信道的方法和装置公开(公告)号:US09515989B1
公开(公告)日:2016-12-06
申请号:US13404788
申请日:2012-02-24
CPC分类号: H04L63/00 , H04L63/0428 , H04L63/065 , H04L63/0838 , H04L63/0869 , H04L63/123 , H04L63/126 , H04L63/14
摘要: Methods and apparatus are provided for silent alarm channels using one-time passcode authentication tokens. A message is transmitted indicating a potential attack on a protected resource by obtaining the message; combining the message with a tokencode generated by a security token to generate a one-time passcode; and transmitting the one-time passcode to a receiver. A plurality of the messages can be obtained in parallel, and the plurality of parallel messages can be combined with the tokencode to generate the one-time passcode. A subsequent message can optionally be generated by applying a hash function to a prior n-bit value to provide a counter identifying each message. The message optionally also comprises one or more additional bits to provide an annotation of the message.
摘要翻译: 为使用一次性密码认证令牌的静音报警通道提供方法和装置。 通过获得消息来传送指示对受保护资源的潜在攻击的消息; 将消息与由安全令牌生成的令牌代码组合以生成一次性密码; 并将一次性密码发送到接收机。 可以并行获得多个消息,并且多个并行消息可以与令牌代码组合以生成一次性密码。 可以可选地通过将哈希函数应用于先前的n位值来产生后续消息,以提供识别每个消息的计数器。 消息可选地还包括一个或多个附加位以提供消息的注释。
-
公开(公告)号:US09280871B2
公开(公告)日:2016-03-08
申请号:US11774857
申请日:2007-07-09
IPC分类号: G07F17/32
CPC分类号: G07F17/3251 , G07F17/32
摘要: Techniques for providing authentication functionality in a gaming system are disclosed. In one aspect, a gaming system is configured such that, at a given point during a current session of a game in progress that involves at least one user previously granted access by the system to participate in the current session, information available from an authentication token associated with the user is obtained prior to allowing the user to take a particular action in the game. A determination is made as to whether or not the user will be allowed to take the particular action in the game, based on the obtained information. The obtained information may comprise, for example, at least a portion of a one-time password generated by a hardware or software authentication token.
摘要翻译: 公开了一种用于在游戏系统中提供认证功能的技术。 在一个方面,游戏系统被配置为使得在正在进行的游戏的当前会话期间的给定点处涉及至少一个用户先前被系统授权参与当前会话的访问,来自认证令牌的信息 在允许用户在游戏中采取特定动作之前获得与用户相关联。 根据所获得的信息确定用户是否将被允许在游戏中采取特定动作。 获得的信息可以包括例如由硬件或软件认证令牌生成的一次性密码的至少一部分。
-
公开(公告)号:US09154480B1
公开(公告)日:2015-10-06
申请号:US13711859
申请日:2012-12-12
申请人: Ari Juels
发明人: Ari Juels
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L9/3234 , H04L9/3271
摘要: In conjunction with a registration mode of operation, a first cryptographic device in one embodiment sends challenges to a second cryptographic device comprising a symmetric-key cryptographic module or other key-based cryptographic module that utilizes one or more secret keys. The first cryptographic device receives from the second cryptographic device responses to respective ones of the challenges, and stores information characterizing the responses. In conjunction with an authentication mode of operation, the first cryptographic device sends a selected one of the challenges to the second cryptographic device, receives from the second cryptographic device a response to the selected challenge, and authenticates the second cryptographic device utilizing the response to the selected challenge and the stored information. The first cryptographic device generates the challenges and authenticates the second cryptographic device without having knowledge of the one or more secret keys of the key-based cryptographic module of the second cryptographic device.
摘要翻译: 结合注册操作模式,一个实施例中的第一密码设备向包括对称密钥密码模块或利用一个或多个秘密密钥的其他基于密钥的密码模块的第二密码设备发送挑战。 第一加密设备从第二加密设备接收对各个挑战的响应,并且存储表征响应的信息。 结合认证操作模式,第一密码装置向第二密码装置发送选定的挑战之一,从第二密码装置接收对所选择的挑战的响应,并利用对第二密码装置的响应来认证第二密码装置 选择的挑战和存储的信息。 第一密码装置在不了解第二密码装置的基于密钥的加密模块的一个或多个秘密密钥的情况下产生挑战并认证第二密码装置。
-
公开(公告)号:US09015476B1
公开(公告)日:2015-04-21
申请号:US13708322
申请日:2012-12-07
申请人: Ari Juels , Guoying Luo , Kevin D. Bowers
发明人: Ari Juels , Guoying Luo , Kevin D. Bowers
CPC分类号: G06F21/34 , G06F2221/2103
摘要: Methods, apparatus and articles of manufacture for implementing cryptographic devices operable in a challenge-response mode are provided herein. A method includes storing a set of authentication information in a first cryptographic device associated with a user, receiving a challenge in the first cryptographic device in connection with a user authentication request responsive to a request from the user to access a protected resource, wherein the challenge comprises an index of at least one non-sequential portion of the authentication information stored in the first cryptographic device, and outputting a non-sequential portion of the authentication information from the set of authentication information stored in the first cryptographic device in response to the challenge for use in authenticating the user.
摘要翻译: 本文提供了用于实现以质询 - 响应模式操作的加密装置的方法,装置和制造。 一种方法包括将一组认证信息存储在与用户相关联的第一密码设备中,响应于来自用户访问受保护资源的请求,在与第一密码设备相关联的用户认证请求中接收质询,其中,挑战 包括存储在第一密码装置中的认证信息的至少一个非顺序部分的索引,并且响应于该挑战从存储在第一密码装置中的认证信息集合输出认证信息的非顺序部分 用于认证用户。
-
46.发明授权公开(公告)号:US09008303B1
公开(公告)日:2015-04-14
申请号:US13334709
申请日:2011-12-22
申请人: Ari Juels , Nikolaos Triandopoulos , Kevin Bowers
发明人: Ari Juels , Nikolaos Triandopoulos , Kevin Bowers
CPC分类号: H04L9/0869 , G06F7/582 , H04L9/0891 , H04L2209/38
摘要: Methods and apparatus are provided for generation of forward secure pseudorandom numbers. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node vi in a hierarchical tree, wherein the current leaf vi produces a first pseudorandom number ri−t and wherein the hierarchical tree comprises at least one chain comprised of a plurality of nodes on a given level of the hierarchical tree; updating the first state si to a second state si+t corresponding to a second leaf node vi+t; and computing a second pseudorandom number ri+t−1 corresponding to the second leaf node vi+t. The variable t may be an integer greater than one. Updating the state does not require generation of all pseudorandom numbers produced by leaf nodes between the current leaf node vi and the second leaf node vi+t.
摘要翻译: 提供了用于产生前向安全伪随机数的方法和装置。 通过获得与分层树中的当前叶节点vi相对应的第一状态si来生成正向安全伪随机数,其中当前叶vi产生第一伪随机数ri-t,并且其中分级树包括至少一个链,其包括 分层树的给定级别上的多个节点; 将第一状态si更新为对应于第二叶节点vi + t的第二状态si + t; 以及计算对应于第二叶节点vi + t的第二伪随机数ri + t-1。 变量t可以是大于1的整数。 更新状态不需要生成当前叶节点vi和第二叶节点vi + t之间的叶节点产生的所有伪随机数。
-
公开(公告)号:US08934940B1
公开(公告)日:2015-01-13
申请号:US12967239
申请日:2010-12-14
申请人: Ari Juels
发明人: Ari Juels
IPC分类号: H04M1/00
CPC分类号: H04M1/72577 , H04M2250/12
摘要: A method and system for use in providing enhanced security for wireless telecommunications devices is disclosed. In at least one embodiment, the method and system may use a sensor of a wireless telecommunications device to help derive physical context data associated with the wireless telecommunications device. The physical context data can be used to determine whether the wireless telecommunications device has been moved in a gesture that is consistent with a use of the wireless telecommunications device for a specific purpose.
摘要翻译: 公开了一种用于为无线电信设备提供增强的安全性的方法和系统。 在至少一个实施例中,该方法和系统可以使用无线电信设备的传感器来帮助导出与无线电信设备相关联的物理上下文数据。 物理上下文数据可以用于确定无线电信设备是否已经在与特定目的的无线电信设备的使用一致的手势中移动。
-
公开(公告)号:US08799334B1
公开(公告)日:2014-08-05
申请号:US13339768
申请日:2011-12-29
IPC分类号: G06F17/30
CPC分类号: G06F21/577 , G06F2211/007 , G06F2221/2107
摘要: A client device or other processing device comprises a file processing module, with the file processing module being operative to provide a file to a file system for encoding, to receive from the file system a corresponding encoded file, and to verify that the file system stores at least a designated portion of an encapsulation of the encoded file. In an illustrative embodiment, the file processing module receives, in addition to or in place of the encoded file, a proof of correct encoding. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译: 客户端设备或其他处理设备包括文件处理模块,文件处理模块可操作以向文件系统提供文件以进行编码,从文件系统接收对应的编码文件,并验证文件系统存储 至少编码文件的封装的指定部分。 在说明性实施例中,文件处理模块除了编码文件之外还是代替编码文件,接收正确编码的证明。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地,一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。
-
49.发明授权Methods and apparatus for secure and reliable transmission of messages over a silent alarm channel 有权用于通过无声报警信道安全可靠地传送消息的方法和装置公开(公告)号:US08788817B1
公开(公告)日:2014-07-22
申请号:US13249957
申请日:2011-09-30
申请人: Ari Juels , Nikolaos Triandopoulos
发明人: Ari Juels , Nikolaos Triandopoulos
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , G06F21/55 , H04L63/0428 , H04L63/067 , H04L2209/38 , H04W4/38
摘要: Methods and apparatus are provided for secure and reliable transmission of messages over a silent alarm channel. A plurality of messages are transmitted by obtaining the plurality of messages; and transmitting the plurality of messages on a forward-secure channel to a receiver, wherein the forward-secure channel comprises a buffer having a plurality of entries, wherein each of the entries stores one of the messages and wherein at least one of the plurality of messages is maintained in the forward-secure channel after a receiver reads the channel. Two levels of encryption are optionally performed on the forward-secure channel. The messages carried by the disclosed silent alarm channels can comprise, for example, (i) entries in a security log; (ii) one-time passwords derived by authentication tokens; or (iii) tampering notifications from one or more sensor devices.
摘要翻译: 提供了方法和装置,用于通过无声警报通道安全可靠地传送消息。 通过获得多个消息来发送多个消息; 以及在前向安全信道上将所述多个消息发送到接收机,其中所述前向安全信道包括具有多个条目的缓冲器,其中每个条目存储所述消息之一,并且其中,所述多个 在接收器读取通道之后,消息在前向安全通道中保持。 可选地,在前向安全通道上执行两个级别的加密。 所公开的静默报警信道携带的消息可以包括例如(i)安全日志中的条目; (ii)通过认证令牌导出的一次性密码; 或(iii)篡改来自一个或多个传感器设备的通知。
-
公开(公告)号:US08706701B1
公开(公告)日:2014-04-22
申请号:US13174452
申请日:2011-06-30
CPC分类号: G06F17/30091 , G06F11/1088 , G06F17/30197 , G06F21/64
摘要: Example embodiments of the present invention provide authenticated file system that provides integrity and freshness of both data and metadata more efficiently than existing systems. The architecture of example embodiments of the present invention is natural to cloud settings involving a cloud service provider and enterprise-class tenants, thereby addressing key practical considerations, including garbage collection, multiple storage tiers, multi-layer caching, and checkpointing. Example embodiments of the present invention support a combination of strong integrity protection and practicality for large (e.g., petabyte-scale), high-throughput file systems. Further, example embodiments of the present invention support proofs of retrievability (PoRs) that let the cloud prove to the tenant efficiently at any time and for arbitrary workloads that the full file system (i.e., every bit) is intact, leveraging integrity-checking capabilities to achieve a property that previous PoRs lack, specifically efficiency in dynamic settings (i.e., for frequently changing data objects).
摘要翻译: 本发明的示例性实施例提供经认证的文件系统,其比现有系统更有效地提供数据和元数据的完整性和新鲜度。 本发明的示例性实施例的架构对于涉及云服务提供商和企业级租户的云设置是自然的,由此解决关键的实际考虑,包括垃圾收集,多个存储层,多层缓存和检查点。 本发明的示例性实施例支持强大的完整性保护和大型(例如,PB级)高吞吐量文件系统的实用性的组合。 此外,本发明的示例实施例支持使得云在任何时候有效地向租户提供证明的可检索证据(PoR),以及完整文件系统(即,每一位)完整的任意工作负载,利用完整性检查能力 实现以前的PoR缺少的属性,特别是动态设置的效率(即,频繁更改数据对象)。
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.038 秒)
