-
公开(公告)号:US08289970B2
公开(公告)日:2012-10-16
申请号:US12505074
申请日:2009-07-17
申请人: Brian D. Swander , Daniel R. Simon
发明人: Brian D. Swander , Daniel R. Simon
CPC分类号: H04L63/02 , H04L63/164 , H04L63/20
摘要: Described are embodiments directed to negotiating an encapsulation mode between an initiator and a responder. As part of the negotiation of the security association, an encapsulation mode is negotiated that allows packets to be sent between the initiator and responder without encapsulation. The ability to send packets without encapsulation allows intermediaries, such as a firewall, at the responder to easily inspect the packets and implement additional features such as security filtering.
摘要翻译: 描述了旨在协商发起者和应答者之间的封装模式的实施例。 作为安全关联协商的一部分,协商一种封装模式,允许在发起者和应答者之间发送数据包,而无需封装。 发送数据包而不封装的能力允许响应方的中间人(如防火墙)轻松检查数据包,并实现其他功能,如安全过滤。
-
公开(公告)号:US07917758B2
公开(公告)日:2011-03-29
申请号:US11685075
申请日:2007-03-12
申请人: Ashwin Palekar , Arun Ayyagari , Daniel R. Simon
发明人: Ashwin Palekar , Arun Ayyagari , Daniel R. Simon
CPC分类号: H04L63/0428 , H04L63/08 , H04L63/162
摘要: An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.
摘要翻译: 可以使用认证协议来建立网络上的两个设备之间的安全通信方法。 一旦建立,安全通信可以用于通过各种认证方法认证客户端,在中间设备不能被信任的环境中提供安全性,例如无线网络或外部网络接入点。 此外,会话密钥和其他相关信息的高速缓存可以使得两个安全通信的端点能够快速恢复其通信,尽管中断,例如当一个端点改变其连接到网络的接入点时。 而且,两台设备之间的安全通信可以使用户能够从家庭网络中漫游,从而提供通过外部网络进行访问的机制,同时允许外部网络监视和控制其带宽的使用。
-
公开(公告)号:US20110035593A1
公开(公告)日:2011-02-10
申请号:US12907775
申请日:2010-10-19
IPC分类号: H04L9/32
CPC分类号: H04L9/3228 , H04L9/3263 , H04L9/3273
摘要: A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.
摘要翻译: 建立安全互信的过程包括生成一次性密码。 一次性密码在网络中发生的通信中在设备之间传输。 每个设备通过用相应的一组随机数散列密码的多个子串和设备的认证证书来生成一组认证者。 设备交换相应的认证器组。 然后,每个设备在多阶段过程中交替显示其相应的一组随机数及其认证证书。 设备根据由其他设备显示的相应的一组密钥和认证证书及其拥有的一次性密码子字符串重新计算认证者。 如果每个设备确定由给定设备重新计算的认证者与先前从另一设备接收到的认证者匹配,则建立安全的相互信任。
-
公开(公告)号:US20110013634A1
公开(公告)日:2011-01-20
申请号:US12505074
申请日:2009-07-17
申请人: Brian D. Swander , Daniel R. Simon
发明人: Brian D. Swander , Daniel R. Simon
CPC分类号: H04L63/02 , H04L63/164 , H04L63/20
摘要: Described are embodiments directed to negotiating an encapsulation mode between an initiator and a responder. As part of the negotiation of the security association, an encapsulation mode is negotiated that allows packets to be sent between the initiator and responder without encapsulation. The ability to send packets without encapsulation allows intermediaries, such as a firewall, at the responder to easily inspect the packets and implement additional features such as security filtering.
摘要翻译: 描述了旨在协商发起者和应答者之间的封装模式的实施例。 作为安全关联协商的一部分,协商一种封装模式,允许在发起者和应答者之间发送数据包,而无需封装。 发送数据包而不封装的能力允许响应方的中间人(如防火墙)轻松检查数据包,并实现其他功能,如安全过滤。
-
公开(公告)号:US07836306B2
公开(公告)日:2010-11-16
申请号:US11170523
申请日:2005-06-29
CPC分类号: H04L9/3228 , H04L9/3263 , H04L9/3273
摘要: A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.
摘要翻译: 建立安全互信的过程包括生成一次性密码。 一次性密码在网络中发生的通信中在设备之间传输。 每个设备通过用相应的一组随机数散列密码的多个子串和设备的认证证书来生成一组认证者。 设备交换相应的认证器组。 然后,每个设备在多阶段过程中交替显示其相应的一组随机数及其认证证书。 设备根据由其他设备显示的相应的一组密钥和认证证书及其拥有的一次性密码子字符串重新计算认证者。 如果每个设备确定由给定设备重新计算的认证者与先前从另一设备接收到的认证者匹配,则建立安全的相互信任。
-
公开(公告)号:US07822200B2
公开(公告)日:2010-10-26
申请号:US11074885
申请日:2005-03-07
申请人: Kim Cameron , Arun K. Nanda , Josh D. Benaloh , John P. Shewchuk , Daniel R. Simon , Andrew Bortz
发明人: Kim Cameron , Arun K. Nanda , Josh D. Benaloh , John P. Shewchuk , Daniel R. Simon , Andrew Bortz
IPC分类号: H04L9/00
CPC分类号: H04L63/0442 , G06F21/445 , G06F2221/2129 , H04L9/0869 , H04L9/3218 , H04L63/06 , H04L2463/061
摘要: Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.
摘要翻译: 本文公开的示例性实施例可以包括用于创建成对安全密钥的方法和系统,包括从网站接收身份密钥,生成主密钥,通过利用所述密钥对的加密功能来创建成对对称密钥或非对称密钥对 身份密钥和主密钥,并将成对的公有或对称密钥存储在客户端和网站上。
-
公开(公告)号:US07743145B2
公开(公告)日:2010-06-22
申请号:US10827474
申请日:2004-04-19
IPC分类号: G06F15/16
CPC分类号: G06F21/445 , G06F2221/2103 , G06F2221/2129
摘要: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.
摘要翻译: 本发明扩展到验证计算系统的可测量方面。 提供者会向请求者发出一个挑战,质询请求证明请求者被正确地配置为访问资源。 请求者访问指示请求者如何证明访问资源的适当配置的信息。 请求者制定并发送证据,证明请求者配置的一个或多个可衡量的方面是适当的。 提供者收到证据,证明请求者配置的一个或多个可衡量的方面是适当的,并授权请求者访问该资源。 请求者的一个可衡量方面的证明可以与其他类型的认证一起使用,以授权请求者访问提供商的资源。 挑战的解决方案可以预先计算并存储在供应商可访问的位置。
-
68.发明授权System and method for protecting privacy and anonymity of parties of network communications 失效保护网络通信各方隐私和匿名的系统和方法公开(公告)号:US07669049B2
公开(公告)日:2010-02-23
申请号:US11072143
申请日:2005-03-04
申请人: Yi-Min Wang , Qixiang Sun , Daniel R. Simon , Wilfred Russell
发明人: Yi-Min Wang , Qixiang Sun , Daniel R. Simon , Wilfred Russell
IPC分类号: G06F9/00
CPC分类号: H04L63/0442 , G06Q20/3821 , H04L29/06 , H04L63/062 , H04L67/02 , H04L67/327 , H04L69/329
摘要: A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client.For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain.A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.
摘要翻译: 提供了一种用于处理因特网上的客户机和目标服务器之间的网络通信以保护客户端的隐私和匿名性的系统和方法。 对于客户端和目标服务器之间的会话,路由控制服务器使用从参与的Web服务器池中随机选择的多个Web服务器设置路由链,作为用于在客户端和目标服务器之间路由消息的路由器。 为了防止流量分析,当消息沿着路由链转发时,“洋葱加密”方案被应用于消息。 与路由控制服务器协作的支付服务器允许用户支付隐私保护服务,而不暴露她的真实身份。
-
公开(公告)号:US07665126B2
公开(公告)日:2010-02-16
申请号:US10738272
申请日:2003-12-17
申请人: Daniel R. Simon , Paramvir Bahl , Helen Jiahe Wang
发明人: Daniel R. Simon , Paramvir Bahl , Helen Jiahe Wang
CPC分类号: H04L63/0823 , H04W12/06 , H04W12/12 , H04W40/00 , H04W48/16 , H04W76/10 , H04W88/14 , H04W88/18
摘要: In an exemplary method implementation, a method includes: designating a neighborhood administrator; receiving notification of a delinquent router from the designated neighborhood administrator; and excluding the delinquent router responsive to the notification. In an exemplary mesh router implementation, a mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to exclude another mesh router that is associated with a particular certificate when the particular certificate has been identified as delinquent by the designated neighborhood administrator. mesh router.
摘要翻译: 在示例性方法实现中,一种方法包括:指定邻域管理员; 从指定的邻里管理员接收违规路由器的通知; 并根据通知排除违规路由器。 在示例性网状路由器实现中,网状路由器能够与其他网状路由器建立无线网状网络,网状路由器还能够指定邻域管理员网状路由器; 并且网格路由器适于在特定证书被指定的邻域管理员识别为违规时排除与特定证书相关联的另一网状路由器。 网状路由器。
-
公开(公告)号:US20100031287A1
公开(公告)日:2010-02-04
申请号:US12183089
申请日:2008-07-31
申请人: Daniel R. Simon , Xiaofeng Fan
发明人: Daniel R. Simon , Xiaofeng Fan
IPC分类号: H04N5/445
CPC分类号: H04N7/173 , G06Q30/02 , H04N21/234318 , H04N21/235 , H04N21/435 , H04N21/4532 , H04N21/4622 , H04N21/472 , H04N21/47205 , H04N21/475 , H04N21/478 , H04N21/812 , H04N2005/4432
摘要: Systems and methodologies for implementing automation-resistant interactive computing services are provided herein. Function invocation mechanisms can be utilized as described herein to facilitate invocation and/or activation of one or more functions of an interactive service upon performance of an interaction falling within a predefined class of interaction with selected multimedia content. The described functionality invocation mechanisms can operate similarly to a traditional captcha image by requiring interaction that is easily understandable and performable by a human user but is prohibitively difficult for an automated program to carry out. Techniques such as masking relationships between user interaction and function invocation and varying elements of the selected multimedia content for respective accesses can be utilized to provide additional resistance to automation. Described invocation mechanisms can additionally be merged with advertising, which can optionally be targeted to a particular user(s).
摘要翻译: 本文提供了实现自动化防御交互式计算服务的系统和方法。 可以如本文所述使用函数调用机制来促进在执行与所选择的多媒体内容的预定类别的交互中的交互时的交互式服务的一个或多个功能的调用和/或激活。 所描述的功能调用机制可以通过需要由人类用户容易地理解和执行的交互来执行与传统的验证码图像类似的操作,但对于自动化程序来说是非常困难的。 可以利用诸如屏蔽用户交互和功能调用之间的关系以及用于相应访问的所选多媒体内容的变化元素的技术来提供对自动化的附加阻力。 描述的调用机制可以另外与广告合并,广告可以可选地被定向到特定的用户。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.051 秒)
