-
公开(公告)号:US5768385A
公开(公告)日:1998-06-16
申请号:US521124
申请日:1995-08-29
申请人: Daniel R. Simon
发明人: Daniel R. Simon
CPC分类号: G06Q20/06 , G06Q20/0425 , G06Q20/24 , G06Q20/3678 , G06Q20/3825 , G06Q20/383 , G07F7/1016
摘要: An electronic cash protocol including the steps of using a one-way function f.sub.1 (x) to generate an image f.sub.1 (x.sub.1) from a preimage x.sub.1 ; sending the image f.sub.1 (x.sub.1) in an unblinded form to a second party; and receiving from the second party a note including a digital signature, wherein the note represents a commitment by the second party to credit a predetermined amount of money to a first presenter of the preimage x.sub.1 to the second party.
摘要翻译: 一种电子现金协议,包括使用单向函数f1(x)从前象素x1生成图像f1(x1)的步骤; 将图像f1(x1)以非盲形形式发送给第二方; 以及从所述第二方接收包括数字签名的音符,其中所述音符表示所述第二方承诺向所述第二方向所述前置图像x1的第一呈现者授予预定金额的金额。
-
公开(公告)号:US09363233B2
公开(公告)日:2016-06-07
申请号:US13526295
申请日:2012-06-18
申请人: Daniel R. Simon , Sharad Agarwal , David A. Maltz
发明人: Daniel R. Simon , Sharad Agarwal , David A. Maltz
CPC分类号: H04L63/1433 , H04L12/66 , H04L45/74 , H04L63/0227 , H04L63/0236 , H04L63/0263 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/1458 , H04L2463/146
摘要: In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS.
摘要翻译: 在一种DoS攻击中,恶意客户可能会尝试向无辜的客户发送大量的过滤器请求。 在一个实现中,过滤器请求服务器(FRS)可以允许客户针对哪个过滤器请求是对隐含的过滤器请求的指控或停止发送恶意流量提出异议。 如果客户声称无辜,FRS可能会记录客户发送的数据包的目的地址,如果这些过滤请求来自不符合先前已记录的一个或多个目标地址的客户,则会识别并忽略错误过滤器请求 由FRS。
-
公开(公告)号:US08627440B2
公开(公告)日:2014-01-07
申请号:US12647327
申请日:2009-12-24
申请人: David R. Mowers , Daniel R. Simon , Paul J. Leach , John A. Banes
发明人: David R. Mowers , Daniel R. Simon , Paul J. Leach , John A. Banes
IPC分类号: G06F15/16
CPC分类号: H04L63/08 , H04L63/0442 , H04L63/0807 , H04L63/0869 , H04L63/10 , H04L63/12 , H04L63/166 , H04L67/42
摘要: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
摘要翻译: 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器(DC)呈现证据的第一服务器,该第一认证上下文从客户端提交到第一服务器以获得可委托的证书,其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文,它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。
-
公开(公告)号:US08499244B2
公开(公告)日:2013-07-30
申请号:US12183089
申请日:2008-07-31
申请人: Daniel R. Simon , Xiaofeng Fan
发明人: Daniel R. Simon , Xiaofeng Fan
IPC分类号: G06F3/00
CPC分类号: H04N7/173 , G06Q30/02 , H04N21/234318 , H04N21/235 , H04N21/435 , H04N21/4532 , H04N21/4622 , H04N21/472 , H04N21/47205 , H04N21/475 , H04N21/478 , H04N21/812 , H04N2005/4432
摘要: Systems and methodologies for implementing automation-resistant interactive computing services are provided herein. Function invocation mechanisms can be utilized as described herein to facilitate invocation and/or activation of one or more functions of an interactive service upon performance of an interaction falling within a predefined class of interaction with selected multimedia content. The described functionality invocation mechanisms can operate similarly to a traditional captcha image by requiring interaction that is easily understandable and performable by a human user but is prohibitively difficult for an automated program to carry out. Techniques such as masking relationships between user interaction and function invocation and varying elements of the selected multimedia content for respective accesses can be utilized to provide additional resistance to automation. Described invocation mechanisms can additionally be merged with advertising, which can optionally be targeted to a particular user(s).
摘要翻译: 本文提供了实现自动化防御交互式计算服务的系统和方法。 可以如本文所述使用函数调用机制来促进在执行与所选择的多媒体内容的预定类别的交互中的交互时的交互式服务的一个或多个功能的调用和/或激活。 所描述的功能调用机制可以通过需要由人类用户容易地理解和执行的交互来执行与传统的验证码图像类似的操作,但对于自动化程序来说是非常困难的。 可以利用诸如屏蔽用户交互和功能调用之间的关系以及用于相应访问的所选多媒体内容的变化元素的技术来提供对自动化的附加阻力。 描述的调用机制可以另外与广告合并,广告可以可选地被定向到特定的用户。
-
公开(公告)号:US08301895B2
公开(公告)日:2012-10-30
申请号:US12629059
申请日:2009-12-02
申请人: Brian Swander , Daniel R. Simon , Pascal Menezes
发明人: Brian Swander , Daniel R. Simon , Pascal Menezes
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , H04L9/3263 , H04L63/0281 , H04L63/0823 , H04L63/123 , H04L67/02 , H04L2209/60
摘要: Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.
摘要翻译: 增强的网络数据传输安全性和个性化数据传输处理可以由两个端点对等体之间的通信路径中的中介机构实现,该端点对等体具有识别和认证端点对等体之一或两者的能力。 修改通信会话建立,端点对等体身份处理和认证以及数据流量加密协议,以允许中间人跟踪特定通信会话的端点对等体之间的通信,并获得用于认证端点对等体的信息,并识别它们之间传输的数据流量。 中间人可以使用一个或两个端点对等体的身份来强制基于身份的规则来处理通信会话的端点对等体之间的数据流量。
-
46.发明授权Method of negotiating security parameters and authenticating users interconnected to a network 有权协商安全参数和认证与网络互连的用户的方法公开(公告)号:US08275989B2
公开(公告)日:2012-09-25
申请号:US12500381
申请日:2009-07-09
IPC分类号: H04L29/06
CPC分类号: H04L63/061 , H04L9/0844 , H04L63/0823 , H04L63/164 , H04L63/20
摘要: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
摘要翻译: 公开了一种用于在两个或多个网络设备之间认证和协商安全参数的方法。 该方法具有多个模式,包括在两个或多个网络设备之间交换的多个消息。 在主模式中,两个或多个网络设备建立安全通道并选择在快速模式和用户模式期间使用的安全参数。 在快速模式下,两台或多台计算机派生一组密钥来保护根据安全协议发送的数据。 可选的用户模式提供了认证与两个或多个网络设备相关联的一个或多个用户的手段。 快速模式的一部分在主模式期间进行,从而最小化需要在启动器和应答器之间交换的多个消息。
-
公开(公告)号:US20110131417A1
公开(公告)日:2011-06-02
申请号:US12629059
申请日:2009-12-02
申请人: Brian Swander , Daniel R. Simon , Pascal Menezes
发明人: Brian Swander , Daniel R. Simon , Pascal Menezes
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , H04L9/3263 , H04L63/0281 , H04L63/0823 , H04L63/123 , H04L67/02 , H04L2209/60
摘要: Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.
摘要翻译: 增强的网络数据传输安全性和个性化数据传输处理可以由两个端点对等体之间的通信路径中的中介机构实现,该端点对等体具有识别和认证端点对等体之一或两者的能力。 修改通信会话建立,端点对等体身份处理和认证以及数据流量加密协议,以允许中间人跟踪特定通信会话的端点对等体之间的通信,并获得用于认证端点对等体的信息,并识别它们之间传输的数据流量。 中间人可以使用一个或两个端点对等体的身份来强制基于身份的规则来处理通信会话的端点对等体之间的数据流量。
-
公开(公告)号:US20100318799A1
公开(公告)日:2010-12-16
申请号:US12483052
申请日:2009-06-11
IPC分类号: H04L9/32
CPC分类号: H04L9/0836 , H04L9/0861 , H04L9/14 , H04L9/32 , H04L63/0272 , H04L63/0281 , H04L63/0464 , H04L63/061 , H04L63/064 , H04L63/164 , H04L2463/061
摘要: A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
摘要翻译: 用于计算机系统的分层密钥生成和分发机制,其中设备被组织成安全的飞地。 该机制使网络访问能够被定制,以达到每个设备所需的最低权限。 在层次结构的最低层,密钥用于形成设备之间的安全关联。 层次结构的每个级别的密钥都是从层次较高级别的密钥和密钥导出信息生成的。 密钥导出信息可以从设备的标识符或消息内容中确定,从而支持加密功能的硬件卸载。 因为可以基于参与安全关联的主机所在的包围来生成密钥,所以系统包括一种机构,通过该机制,设备可以发现它们所在的飞地。
-
公开(公告)号:US20100228962A1
公开(公告)日:2010-09-09
申请号:US12400281
申请日:2009-03-09
IPC分类号: H04L9/06
CPC分类号: H04L9/0844 , H04L63/0428 , H04L63/0471 , H04L63/0485 , H04L63/061
摘要: Some embodiments are directed to processing packet data sent according to a security protocol between a first computer and a second computer via a forwarding device. The forwarding device performs a portion of the processing, and forwards the packet data to a third computer, connected to the forwarding device, for other processing. The third computer may support non-standard extensions to the security protocol, such as extensions used in authorizing and establishing a connection over the secure protocol. The packet data may be subject to policies, such as firewall policies or security policies, that may be detected by the third computer. The third computer sends the results of its processing, such as a cryptographic key, or a detected access control policy, to the forwarding device.
摘要翻译: 一些实施例涉及经由转发设备处理根据第一计算机和第二计算机之间的安全协议发送的分组数据。 转发设备执行处理的一部分,并将分组数据转发到连接到转发设备的第三计算机,以进行其他处理。 第三台计算机可能支持安全协议的非标准扩展,例如用于通过安全协议建立和建立连接的扩展。 分组数据可能受到可能由第三计算机检测到的策略,例如防火墙策略或安全策略。 第三台计算机向转发设备发送其处理结果,如加密密钥或检测到的访问控制策略。
-
公开(公告)号:US07644275B2
公开(公告)日:2010-01-05
申请号:US10413799
申请日:2003-04-15
申请人: David R. Mowers , John Banes , Daniel R. Simon , Paul J. Leach
发明人: David R. Mowers , John Banes , Daniel R. Simon , Paul J. Leach
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , H04L63/0442 , H04L63/0807 , H04L63/0869 , H04L63/10 , H04L63/12 , H04L63/166 , H04L67/42
摘要: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
摘要翻译: 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器(DC)呈现证据的第一服务器,该第一认证上下文从客户端提交到第一服务器以获得可委托的证书,其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文,它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.051 秒)
