公开(公告)号：US08699713B1

公开(公告)日：2014-04-15

申请号：US13250225

申请日：2011-09-30

申请人： Ronald L. Rivest ,  Ari Juels

发明人： Ronald L. Rivest ,  Ari Juels

IPC分类号： H04L9/00 ,  H04L29/06 ,  H04L9/08

CPC分类号： H04L63/068 ,  H04L9/08 ,  H04L9/0891 ,  H04L63/12 ,  H04L63/1441

摘要： A key is updated in a first cryptographic device and an update message comprising information characterizing the updated key is sent from the first cryptographic device to a second cryptographic device. The update message as sent by the first cryptographic device is configured to permit the second cryptographic device to detect compromise of the updated key by determining if an inconsistency is present in the corresponding received update message based at least in part on that received update message and one or more previously-received update messages. In an illustrative embodiment, the first cryptographic device comprises an authentication token and the second cryptographic device comprises an authentication server.

摘要翻译： 在第一加密设备中更新密钥，并且包括表征更新的密钥的信息的更新消息从第一密码设备发送到第二密码设备。 由第一加密设备发送的更新消息被配置为允许第二密码设备通过至少部分地基于接收到的更新消息和一个接收到的更新消息来确定对应的接收到的更新消息中是否存在不一致性来检测更新密钥的折中 或更多以前收到的更新消息。 在说明性实施例中，第一密码设备包括认证令牌，第二密码设备包括认证服务器。

公开(公告)号：US08533350B2

公开(公告)日：2013-09-10

申请号：US11590083

申请日：2006-10-31

申请人： Bjorn Markus Jakobsson ,  Ari Juels

发明人： Bjorn Markus Jakobsson ,  Ari Juels

IPC分类号： G06F15/173

CPC分类号： H04L67/42 ,  H04L63/0807

摘要： Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

公开(公告)号：US08515070B2

公开(公告)日：2013-08-20

申请号：US12251036

申请日：2008-10-14

申请人： Ari Juels ,  Daniel Vernon Bailey

发明人： Ari Juels ,  Daniel Vernon Bailey

IPC分类号： H04K1/00 ,  H04Q5/22 ,  A61N1/00

CPC分类号： A61N1/37252 ,  A61B5/0031 ,  A61B90/98 ,  A61B2560/0271 ,  A61N1/37235 ,  A61N1/37282 ,  G06F19/00 ,  G06F21/31 ,  G06F21/6245 ,  G06Q50/24 ,  G16H40/63

摘要： Enhanced security is provided in a system comprising a medical device and a monitoring device. The medical device is configured for implantation into a living organism, and comprises processing circuitry and an interface for communicating with the monitoring device. Access to the medical device by the monitoring device is controlled based on measurement of one or more physiological values of the living organism by at least one of the two devices. In an illustrative embodiment, the medical device and the monitoring device are configured to include respective physiological value sensors for measuring respective dynamic physiological values of the living organism. The medical device is further configured to determine if the dynamic physiological values are sufficiently similar to one another and to grant or deny the monitoring device access to the medical device based on the determination.

摘要翻译： 在包括医疗装置和监视装置的系统中提供增强的安全性。 医疗装置被配置为植入生物体，并且包括处理电路和用于与监视装置通信的接口。 基于由两个装置中的至少一个测量生物体的一个或多个生理值来控制由监视装置对医疗装置的访问。 在说明性实施例中，医疗装置和监视装置被配置为包括用于测量活体的各个动态生理值的各自的生理值传感器。 医疗设备还被配置为确定动态生理值是否彼此足够相似，并且基于该确定来授予或拒绝监视设备对医疗设备的访问。

公开(公告)号：US08495372B2

公开(公告)日：2013-07-23

申请号：US11939232

申请日：2007-11-13

申请人： Daniel Vernon Bailey ,  John G. Brainard ,  Ari Juels ,  Burton S. Kaliski, Jr.

发明人： Daniel Vernon Bailey ,  John G. Brainard ,  Ari Juels ,  Burton S. Kaliski, Jr.

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L9/0861 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/0838 ,  H04L2209/805 ,  H04W12/06

摘要： In one aspect, a first processing device, which may be an authentication token, establishes a shared key through a pairing protocol carried out between the first processing device and a second processing device. The pairing protocol also involves communication between the second processing device and an authentication server. As part of the pairing protocol, the first processing device sends identifying information to the second processing device, and the second processing device utilizes the identifying information to obtain the shared key from the authentication server. The first processing device encrypts authentication information utilizing the shared key, and transmits the encrypted authentication information from the first processing device to the second processing device. The second processing device utilizes the shared key to decrypt the encrypted authentication information.

摘要翻译： 一方面，可以是认证令牌的第一处理设备通过在第一处理设备和第二处理设备之间执行的配对协议来建立共享密钥。 配对协议还涉及第二处理设备和认证服务器之间的通信。 作为配对协议的一部分，第一处理设备向第二处理设备发送识别信息，并且第二处理设备利用识别信息从认证服务器获得共享密钥。 第一处理装置利用共享密钥加密认证信息，并将加密的认证信息从第一处理装置发送到第二处理装置。 第二处理装置利用共享密钥对加密的认证信息进行解密。

公开(公告)号：US08346742B1

公开(公告)日：2013-01-01

申请号：US13075848

申请日：2011-03-30

申请人： Ari Juels ,  Marten Erik van Dijk ,  Alina Oprea ,  Ronald L. Rivest ,  Emil P. Stefanov

发明人： Ari Juels ,  Marten Erik van Dijk ,  Alina Oprea ,  Ronald L. Rivest ,  Emil P. Stefanov

IPC分类号： G06F17/00

CPC分类号： G06F21/577

摘要： A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.

摘要翻译： 客户端设备或其他处理设备包括文件处理模块，文件处理模块可操作以从文件系统请求证明文件系统以不同于第一格式的第二格式存储具有第一格式的文件， 从文件系统接收证明，并使用响应于该请求的文件系统提供的证明来验证文件是否以第二格式存储。 该证明至少部分地基于第二格式的文件的应用功能，并且该功能对生成证明施加了最低资源要求。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地，一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。

公开(公告)号：US07750793B2

公开(公告)日：2010-07-06

申请号：US11191633

申请日：2005-07-28

申请人： Ari Juels

发明人： Ari Juels

IPC分类号： H04Q5/22 ,  G08B13/14

CPC分类号： G06K7/10019 ,  G06K7/0008

摘要： Methods and apparatus are disclosed for use in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, an identifier transmitted by a given one of the RFID devices is received by a reader or by an associated verifier via the reader. At least first and second codes are determined, by the reader or verifier, with the first code being a valid code for the identifier, and the second code being an invalid code for the identifier. The reader, or verifier via the reader, communicates with the given device to determine if the device is able to confirm that the first code is a valid code and the second code is an invalid code.

摘要翻译： 公开了用于RFID系统中的方法和装置，所述RFID系统包括多个RFID设备和至少一个与一个或多个设备通信的读取器。 在本发明的一个方面，由RFID读取器中的给定的一个发送的标识符由读取器或相关联的验证器经由读取器接收。 至少第一和第二代码由读取器或验证者确定，第一代码是标识符的有效代码，第二代码是标识符的无效代码。 读取器或验证器经由读取器与给定设备通信以确定设备是否能够确认第一代码是有效代码，而第二代码是无效代码。

公开(公告)号：US20080162227A1

公开(公告)日：2008-07-03

申请号：US11999393

申请日：2007-12-05

申请人： Bjorn Markus Jakobsson ,  Ari Juels ,  Sidney Louis Stamm

发明人： Bjorn Markus Jakobsson ,  Ari Juels ,  Sidney Louis Stamm

IPC分类号： G06Q10/00

CPC分类号： G06Q30/06 ,  G06Q10/063 ,  G06Q10/06375

摘要： Disclosed is a method and apparatus for combatting click fraud. In a system including a first entity, a second entity, a third entity, and a fourth entity, the first entity performs a transaction with the second entity. The transaction between the first entity and the second entity may be an on-line purchase by a client device from an attestor. The second entity causes an integrity-protected classification value to be created. The integrity-protected classification value is derived at least in part from behavioral data about the first entity, and data associated with the classification value is stored in a data repository of the first entity. The first entity then performs a transaction with the third entity, and the transaction causes the stored data to be released to the fourth entity. The fourth entity computes a compensation for the third entity.

摘要翻译： 公开了一种打击点击欺诈的方法和装置。 在包括第一实体，第二实体，第三实体和第四实体的系统中，第一实体与第二实体执行交易。 第一实体和第二实体之间的交易可以是来自证明者的客户端设备的在线购买。 第二个实体导致创建完整性保护的分类值。 完整性保护的分类值至少部分地由关于第一实体的行为数据导出，并且与分类值相关联的数据被存储在第一实体的数据存储库中。 第一实体然后与第三实体执行事务，并且事务导致存储的数据被释放到第四实体。 第四实体计算第三实体的补偿。

公开(公告)号：US20070194889A1

公开(公告)日：2007-08-23

申请号：US11671275

申请日：2007-02-05

申请人： Daniel Bailey ,  Ari Juels

发明人： Daniel Bailey ,  Ari Juels

IPC分类号： H04Q5/22

CPC分类号： H04L9/321 ,  H04L9/3271 ,  H04L2209/56 ,  H04L2209/805 ,  Y02P90/265

摘要： Enhanced security is provided in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, a first command is transmitted from the reader to write a first data unit to a memory of given one of the RFID devices. A reply is received in the reader from the given RFID device indicating that a second data unit determined based on contents of the first data unit is available in the memory to be accessed by the reader. A second command is transmitted from the reader to the given RFID device to allow the reader to read the memory to thereby obtain the second data unit. The first and second data units comprise information exchanged as part of a cryptographic protocol carried out between the reader and the given RFID device. In an illustrative embodiment, the cryptographic protocol may comprise a challenge-response authentication protocol.

摘要翻译： RFID系统中提供了增强的安全性，RFID系统包括多个RFID设备和与一个或多个设备通信的至少一个读取器。 在本发明的一个方面，从读取器发送第一命令以将第一数据单元写入给定的一个RFID设备的存储器。 在读取器中从给定的RFID装置接收到答复，指示基于第一数据单元的内容确定的第二数据单元在读取器要访问的存储器中可用。 第二命令从读取器发送到给定的RFID设备，以允许读取器读取存储器，从而获得第二数据单元。 第一和第二数据单元包括作为在读取器和给定RFID设备之间执行的密码协议的一部分交换的信息。 在说明性实施例中，密码协议可以包括询问 - 响应认证协议。

公开(公告)号：US20070186105A1

公开(公告)日：2007-08-09

申请号：US11671264

申请日：2007-02-05

申请人： Daniel Bailey ,  John Brainard ,  Ari Juels ,  Burton Kaliski

发明人： Daniel Bailey ,  John Brainard ,  Ari Juels ,  Burton Kaliski

IPC分类号： H04L9/00

CPC分类号： H04L9/0861 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/0838 ,  H04L2209/805 ,  H04W12/06

摘要： A first processing device, which may be, for example, a wireless authentication token or an RFID tag, transmits information in a wireless network in a manner that emulates standard communications of an access point of the wireless network, although the first processing device is not configured to operate as an actual access point of the wireless network. A second processing device, which may be, for example, a computer or other station of the wireless network, receives the transmitted information and is able to determine therefrom that the information originates from an emulated access point rather than an actual access point. The second processing device responds to this condition by utilizing the transmitted information in a manner distinct from its utilization of similar information received from the actual access point of the wireless network.

摘要翻译： 可以是例如无线认证令牌或RFID标签的第一处理设备以模拟无线网络的接入点的标准通信的方式在无线网络中发送信息，尽管第一处理设备不是 被配置为作为无线网络的实际接入点进行操作。 可以是例如无线网络的计算机或其他站的第二处理设备接收所发送的信息，并且能够从其确定信息源自仿真接入点而不是实际接入点。 第二处理装置以与从无线网络的实际接入点接收到的类似信息不同的方式利用所发送的信息来响应该条件。

公开(公告)号：US07219368B2

公开(公告)日：2007-05-15

申请号：US09815560

申请日：2001-03-23

申请人： Ari Juels ,  Niklas Frykholm

发明人： Ari Juels ,  Niklas Frykholm

IPC分类号： G06F17/30

CPC分类号： G06F21/36 ,  G06K9/222 ,  H03M13/00 ,  H04L9/304 ,  H04L9/3226 ,  H04L9/3236 ,  H04L63/083 ,  H04L2209/16

摘要： Enrollment and authentication of a user based on a sequence of discrete graphical choices is described. A graphical interface presents various images and memory cues that a user may associate with their original graphical choices. Enrollment may require the input to have a security parameter value that meets or exceeds a threshold. An acceptable sequence of graphical choices is converted to a sequence of values and mapped to a sequence of codewords. Both a hash of the sequence of codewords and a sequence of offsets are stored for use in authenticating the user. An offset is the difference between a value and its corresponding codeword. Authentication requires the user to enter another sequence of discrete graphical choices that is approximately the same as original. The offsets are summed with the corresponding values before mapping to codewords. Authentication requires the sequence of codewords, or a hash thereof, to match.

摘要翻译： 描述了基于一系列离散图形选择的用户的注册和认证。 图形界面呈现用户可能与其原始图形选择相关联的各种图像和记忆提示。 注册可能需要输入具有满足或超过阈值的安全参数值。 将可接受的图形选择序列转换为一系列值并映射到码字序列。 存储码字序列和偏移序列的哈希都用于认证用户。 偏移量是值与其对应码字之间的差值。 验证需要用户输入与原始图像大致相同的另一个离散图形选项序列。 在映射到码字之前，将偏移量与相应的值相加。 认证需要码字序列或其散列符合。