-
公开(公告)号:US20080162227A1
公开(公告)日:2008-07-03
申请号:US11999393
申请日:2007-12-05
IPC分类号: G06Q10/00
CPC分类号: G06Q30/06 , G06Q10/063 , G06Q10/06375
摘要: Disclosed is a method and apparatus for combatting click fraud. In a system including a first entity, a second entity, a third entity, and a fourth entity, the first entity performs a transaction with the second entity. The transaction between the first entity and the second entity may be an on-line purchase by a client device from an attestor. The second entity causes an integrity-protected classification value to be created. The integrity-protected classification value is derived at least in part from behavioral data about the first entity, and data associated with the classification value is stored in a data repository of the first entity. The first entity then performs a transaction with the third entity, and the transaction causes the stored data to be released to the fourth entity. The fourth entity computes a compensation for the third entity.
摘要翻译: 公开了一种打击点击欺诈的方法和装置。 在包括第一实体,第二实体,第三实体和第四实体的系统中,第一实体与第二实体执行交易。 第一实体和第二实体之间的交易可以是来自证明者的客户端设备的在线购买。 第二个实体导致创建完整性保护的分类值。 完整性保护的分类值至少部分地由关于第一实体的行为数据导出,并且与分类值相关联的数据被存储在第一实体的数据存储库中。 第一实体然后与第三实体执行事务,并且事务导致存储的数据被释放到第四实体。 第四实体计算第三实体的补偿。
-
公开(公告)号:US20070194889A1
公开(公告)日:2007-08-23
申请号:US11671275
申请日:2007-02-05
申请人: Daniel Bailey , Ari Juels
发明人: Daniel Bailey , Ari Juels
IPC分类号: H04Q5/22
CPC分类号: H04L9/321 , H04L9/3271 , H04L2209/56 , H04L2209/805 , Y02P90/265
摘要: Enhanced security is provided in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, a first command is transmitted from the reader to write a first data unit to a memory of given one of the RFID devices. A reply is received in the reader from the given RFID device indicating that a second data unit determined based on contents of the first data unit is available in the memory to be accessed by the reader. A second command is transmitted from the reader to the given RFID device to allow the reader to read the memory to thereby obtain the second data unit. The first and second data units comprise information exchanged as part of a cryptographic protocol carried out between the reader and the given RFID device. In an illustrative embodiment, the cryptographic protocol may comprise a challenge-response authentication protocol.
摘要翻译: RFID系统中提供了增强的安全性,RFID系统包括多个RFID设备和与一个或多个设备通信的至少一个读取器。 在本发明的一个方面,从读取器发送第一命令以将第一数据单元写入给定的一个RFID设备的存储器。 在读取器中从给定的RFID装置接收到答复,指示基于第一数据单元的内容确定的第二数据单元在读取器要访问的存储器中可用。 第二命令从读取器发送到给定的RFID设备,以允许读取器读取存储器,从而获得第二数据单元。 第一和第二数据单元包括作为在读取器和给定RFID设备之间执行的密码协议的一部分交换的信息。 在说明性实施例中,密码协议可以包括询问 - 响应认证协议。
-
公开(公告)号:US20070186105A1
公开(公告)日:2007-08-09
申请号:US11671264
申请日:2007-02-05
申请人: Daniel Bailey , John Brainard , Ari Juels , Burton Kaliski
发明人: Daniel Bailey , John Brainard , Ari Juels , Burton Kaliski
IPC分类号: H04L9/00
CPC分类号: H04L9/0861 , H04L9/3228 , H04L9/3234 , H04L63/0492 , H04L63/08 , H04L63/0838 , H04L2209/805 , H04W12/06
摘要: A first processing device, which may be, for example, a wireless authentication token or an RFID tag, transmits information in a wireless network in a manner that emulates standard communications of an access point of the wireless network, although the first processing device is not configured to operate as an actual access point of the wireless network. A second processing device, which may be, for example, a computer or other station of the wireless network, receives the transmitted information and is able to determine therefrom that the information originates from an emulated access point rather than an actual access point. The second processing device responds to this condition by utilizing the transmitted information in a manner distinct from its utilization of similar information received from the actual access point of the wireless network.
摘要翻译: 可以是例如无线认证令牌或RFID标签的第一处理设备以模拟无线网络的接入点的标准通信的方式在无线网络中发送信息,尽管第一处理设备不是 被配置为作为无线网络的实际接入点进行操作。 可以是例如无线网络的计算机或其他站的第二处理设备接收所发送的信息,并且能够从其确定信息源自仿真接入点而不是实际接入点。 第二处理装置以与从无线网络的实际接入点接收到的类似信息不同的方式利用所发送的信息来响应该条件。
-
公开(公告)号:US07219368B2
公开(公告)日:2007-05-15
申请号:US09815560
申请日:2001-03-23
申请人: Ari Juels , Niklas Frykholm
发明人: Ari Juels , Niklas Frykholm
IPC分类号: G06F17/30
CPC分类号: G06F21/36 , G06K9/222 , H03M13/00 , H04L9/304 , H04L9/3226 , H04L9/3236 , H04L63/083 , H04L2209/16
摘要: Enrollment and authentication of a user based on a sequence of discrete graphical choices is described. A graphical interface presents various images and memory cues that a user may associate with their original graphical choices. Enrollment may require the input to have a security parameter value that meets or exceeds a threshold. An acceptable sequence of graphical choices is converted to a sequence of values and mapped to a sequence of codewords. Both a hash of the sequence of codewords and a sequence of offsets are stored for use in authenticating the user. An offset is the difference between a value and its corresponding codeword. Authentication requires the user to enter another sequence of discrete graphical choices that is approximately the same as original. The offsets are summed with the corresponding values before mapping to codewords. Authentication requires the sequence of codewords, or a hash thereof, to match.
摘要翻译: 描述了基于一系列离散图形选择的用户的注册和认证。 图形界面呈现用户可能与其原始图形选择相关联的各种图像和记忆提示。 注册可能需要输入具有满足或超过阈值的安全参数值。 将可接受的图形选择序列转换为一系列值并映射到码字序列。 存储码字序列和偏移序列的哈希都用于认证用户。 偏移量是值与其对应码字之间的差值。 验证需要用户输入与原始图像大致相同的另一个离散图形选项序列。 在映射到码字之前,将偏移量与相应的值相加。 认证需要码字序列或其散列符合。
-
65.发明申请Method and apparatus for storing information in a browser storage area of a client device 有权用于在客户端设备的浏览器存储区域中存储信息的方法和装置公开(公告)号:US20070106748A1
公开(公告)日:2007-05-10
申请号:US11590083
申请日:2006-10-31
申请人: Bjorn Jakobsson , Ari Juels
发明人: Bjorn Jakobsson , Ari Juels
IPC分类号: G06F15/16
CPC分类号: H04L67/42 , H04L63/0807
摘要: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.
摘要翻译: 公开了一种用于在服务器和客户端设备之间的第一网络会话期间执行将编码信息存储在客户端设备上的步骤的方法和装置。 为了使编码信息存储在客户机设备处,服务器首先确定对信息进行编码的一组网络资源请求。 这些网络资源请求可以包括对一个或多个特定URL的请求和/或对一个或多个文件的请求。 然后,服务器使客户端设备发起网络资源请求。 服务器可以通过例如将客户端设备重定向到网络资源来引起该启动。 启动网络资源请求的客户端设备使代表网络资源请求的数据存储在客户端设备处。
-
66.发明授权Method and apparatus for extracting unbiased random bits from a potentially biased source of randomness 有权从潜在的偏置随机来源中提取无偏随机比特的方法和装置公开(公告)号:US06393447B1
公开(公告)日:2002-05-21
申请号:US09177013
申请日:1998-10-22
申请人: Bjorn Markus Jakobsson , Ari Juels
发明人: Bjorn Markus Jakobsson , Ari Juels
IPC分类号: G06F102
CPC分类号: G06F7/58
摘要: The invention generates a random bit string from a sequence of readings taken from a potentially biased source of randomness, such as a random stationary source which can be represented as a biased die. A simulated unbiased source is generated from the potentially biased source, and a reading is taken from the simulated unbiased source. The reading is then converted to a bit string. Taking a reading from the simulated unbiased source may involve generating an integer pair (R,S), which depends on the sequence of readings from the random source, and represents a roll of value R on a simulated unbiased die U with S sides. The pair (R,S) is then converted into an output bit string bkbk−1 . . . b1 which is unbiased over sequences of readings from the random source.
摘要翻译: 本发明根据从潜在的偏置随机源获得的读取序列产生随机比特串,例如可以表示为偏置的模具的随机静态源。 从潜在偏置的源产生模拟的无偏压源,并且从模拟的无偏压源获取读数。 然后将读数转换为位串。 从模拟的非偏置源读取可能涉及生成取决于来自随机源的读数序列的整数对(R,S),并且在具有S侧的模拟无偏模U上表示一卷R值。 然后将对(R,S)转换成输出位串bkbk-1。 。 。 b1是来自随机源的读数序列的公差。
-
公开(公告)号:US09525551B1
公开(公告)日:2016-12-20
申请号:US13248127
申请日:2011-09-29
申请人: Karl Ackerman , Marten Erik van Dijk , Ari Juels , Emily Shen
发明人: Karl Ackerman , Marten Erik van Dijk , Ari Juels , Emily Shen
CPC分类号: H04L9/3228 , G06F21/31 , G06F21/34 , H04L9/088
摘要: A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.
摘要翻译: 第一加密设备由第二加密设备认证。 第二加密设备存储与第一密码设备相关联的秘密值的备选版本作为妥协秘密值的对策。 结合在第一加密装置和第二密码装置之间执行的协议,第二加密装置至少部分地基于秘密值的备选版本来确定秘密值,并利用所确定的秘密值来认证第一加密装置 加密设备 秘密值的替代版本可以包括秘密值的随机倾斜版本。 例如,秘密值可以包括第一密码设备的密钥或其他参数,秘密值的备选版本可以包括密钥或其他参数的随机倾斜版本。
-
公开(公告)号:US09235971B1
公开(公告)日:2016-01-12
申请号:US13170345
申请日:2011-06-28
申请人: Ari Juels , Stephen Todd , YinKee Yee
发明人: Ari Juels , Stephen Todd , YinKee Yee
IPC分类号: G08B21/00 , G06F15/16 , G06F15/173 , G06F9/44
CPC分类号: G08B21/00 , G05B23/027 , G08B3/10 , G08B29/181
摘要: A service window optimized system alert engine is disclosed for automated generation and delivery of alerts relating to detected conditions of a monitored system. The service window optimized system alert engine comprises a state monitor, a system configuration and history module, an alert generator, and an alert router. The state monitor is configured to send status data of the monitored system to the alert generator. The system configuration and history module provides information to the alert generator specifying an alert generation policy established for the monitored system. The alert generator is configured to process the status data from the state monitor in accordance with the alert generation policy specified by the system configuration and history module to generate at least one alert. The alert router is configured to determine optimal delivery characteristics for the generated alert and to deliver the alert in accordance with the optimal delivery characteristics.
摘要翻译: 公开了一种服务窗口优化的系统警报引擎,用于自动生成和传送与被监视系统的检测到的条件有关的警报。 服务窗口优化的系统警报引擎包括状态监视器,系统配置和历史模块,警报发生器和警报路由器。 状态监视器被配置为将监视的系统的状态数据发送到警报发生器。 系统配置和历史模块向警报生成器提供指定为受监视系统建立的警报生成策略的信息。 警报发生器被配置为根据由系统配置和历史模块指定的警报生成策略从状态监视器处理状态数据以生成至少一个警报。 警报路由器被配置为确定所生成的警报的最佳传送特性,并根据最佳传送特性传递警报。
-
公开(公告)号:US09137012B2
公开(公告)日:2015-09-15
申请号:US11671264
申请日:2007-02-05
CPC分类号: H04L9/0861 , H04L9/3228 , H04L9/3234 , H04L63/0492 , H04L63/08 , H04L63/0838 , H04L2209/805 , H04W12/06
摘要: A first processing device, which may be, for example, a wireless authentication token or an RFID tag, transmits information in a wireless network in a manner that emulates standard communications of an access point of the wireless network, although the first processing device is not configured to operate as an actual access point of the wireless network. A second processing device, which may be, for example, a computer or other station of the wireless network, receives the transmitted information and is able to determine therefrom that the information originates from an emulated access point rather than an actual access point. The second processing device responds to this condition by utilizing the transmitted information in a manner distinct from its utilization of similar information received from the actual access point of the wireless network.
摘要翻译: 可以是例如无线认证令牌或RFID标签的第一处理设备以模拟无线网络的接入点的标准通信的方式在无线网络中发送信息,尽管第一处理设备不是 被配置为作为无线网络的实际接入点进行操作。 可以是例如无线网络的计算机或其他站的第二处理设备接收所发送的信息,并且能够从其确定信息源自仿真接入点而不是实际接入点。 第二处理装置以与从无线网络的实际接入点接收到的类似信息不同的方式利用所发送的信息来响应该条件。
-
公开(公告)号:US09009385B1
公开(公告)日:2015-04-14
申请号:US13174177
申请日:2011-06-30
CPC分类号: G06F3/0622 , G06F12/0802 , G06F12/14 , G06F12/1416 , G06F13/1663 , G06F21/556
摘要: At least one virtual machine implemented on a given physical machine in an information processing system is able to detect the presence of one or more other virtual machines that are also co-resident on that same physical machine. More particularly, at least one virtual machine is configured to avoid usage of a selected portion of a memory resource of the physical machine for a period of time, and to monitor the selected portion of the memory resource for activity during the period of time. Detection of a sufficient level of such activity indicates that the physical machine is also being shared by at least one other virtual machine. The memory resource of the physical machine may comprise, for example, a cache memory, and the selected portion of the memory resource may comprise one or more randomly selected sets of the cache memory.
摘要翻译: 在信息处理系统中的给定物理机器上实现的至少一个虚拟机能够检测一个或多个也同时驻留在同一物理机器上的其他虚拟机的存在。 更具体地,至少一个虚拟机被配置为避免在一段时间内使用物理机器的存储器资源的选定部分,并且在该时间段期间监视存储器资源的所选部分的活动。 检测足够的这种活动水平表明物理机器也被至少一个其他虚拟机共享。 物理机器的存储器资源可以包括例如高速缓冲存储器,并且存储器资源的选定部分可以包括高速缓冲存储器的一个或多个随机选择的组。
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.033 秒)
