摘要:
Methods and apparatus are disclosed for use in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, an identifier transmitted by a given one of the RFID devices is received by a reader or by an associated verifier via the reader. At least first and second codes are determined, by the reader or verifier, with the first code being a valid code for the identifier, and the second code being an invalid code for the identifier. The reader, or verifier via the reader, communicates with the given device to determine if the device is able to confirm that the first code is a valid code and the second code is an invalid code.
摘要:
A method of controlling access to resources on a smart card, the method involving: providing a list of n questions for presentation to the user, where n is an integer; receiving from the user answers to questions among the list of n questions; determining how many of the received answers are correct; and if a sufficient number of the n questions was answered correctly, granting access to the resources on the smart card.
摘要:
Disclosed is a method and apparatus for combatting click fraud. In a system including a first entity, a second entity, a third entity, and a fourth entity, the first entity performs a transaction with the second entity. The transaction between the first entity and the second entity may be an on-line purchase by a client device from an attestor. The second entity causes an integrity-protected classification value to be created. The integrity-protected classification value is derived at least in part from behavioral data about the first entity, and data associated with the classification value is stored in a data repository of the first entity. The first entity then performs a transaction with the third entity, and the transaction causes the stored data to be released to the fourth entity. The fourth entity computes a compensation for the third entity.
摘要:
Enhanced security is provided in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, a first command is transmitted from the reader to write a first data unit to a memory of given one of the RFID devices. A reply is received in the reader from the given RFID device indicating that a second data unit determined based on contents of the first data unit is available in the memory to be accessed by the reader. A second command is transmitted from the reader to the given RFID device to allow the reader to read the memory to thereby obtain the second data unit. The first and second data units comprise information exchanged as part of a cryptographic protocol carried out between the reader and the given RFID device. In an illustrative embodiment, the cryptographic protocol may comprise a challenge-response authentication protocol.
摘要:
A first processing device, which may be, for example, a wireless authentication token or an RFID tag, transmits information in a wireless network in a manner that emulates standard communications of an access point of the wireless network, although the first processing device is not configured to operate as an actual access point of the wireless network. A second processing device, which may be, for example, a computer or other station of the wireless network, receives the transmitted information and is able to determine therefrom that the information originates from an emulated access point rather than an actual access point. The second processing device responds to this condition by utilizing the transmitted information in a manner distinct from its utilization of similar information received from the actual access point of the wireless network.
摘要:
Enrollment and authentication of a user based on a sequence of discrete graphical choices is described. A graphical interface presents various images and memory cues that a user may associate with their original graphical choices. Enrollment may require the input to have a security parameter value that meets or exceeds a threshold. An acceptable sequence of graphical choices is converted to a sequence of values and mapped to a sequence of codewords. Both a hash of the sequence of codewords and a sequence of offsets are stored for use in authenticating the user. An offset is the difference between a value and its corresponding codeword. Authentication requires the user to enter another sequence of discrete graphical choices that is approximately the same as original. The offsets are summed with the corresponding values before mapping to codewords. Authentication requires the sequence of codewords, or a hash thereof, to match.
摘要:
Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.
摘要:
The invention generates a random bit string from a sequence of readings taken from a potentially biased source of randomness, such as a random stationary source which can be represented as a biased die. A simulated unbiased source is generated from the potentially biased source, and a reading is taken from the simulated unbiased source. The reading is then converted to a bit string. Taking a reading from the simulated unbiased source may involve generating an integer pair (R,S), which depends on the sequence of readings from the random source, and represents a roll of value R on a simulated unbiased die U with S sides. The pair (R,S) is then converted into an output bit string bkbk−1 . . . b1 which is unbiased over sequences of readings from the random source.
摘要:
A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.
摘要:
A service window optimized system alert engine is disclosed for automated generation and delivery of alerts relating to detected conditions of a monitored system. The service window optimized system alert engine comprises a state monitor, a system configuration and history module, an alert generator, and an alert router. The state monitor is configured to send status data of the monitored system to the alert generator. The system configuration and history module provides information to the alert generator specifying an alert generation policy established for the monitored system. The alert generator is configured to process the status data from the state monitor in accordance with the alert generation policy specified by the system configuration and history module to generate at least one alert. The alert router is configured to determine optimal delivery characteristics for the generated alert and to deliver the alert in accordance with the optimal delivery characteristics.