-
公开(公告)号:US09660813B1
公开(公告)日:2017-05-23
申请号:US13431214
申请日:2012-03-27
申请人: Marten Erik van Dijk , Eyal Kolman , Roy Hodgman
发明人: Marten Erik van Dijk , Eyal Kolman , Roy Hodgman
CPC分类号: H04L9/3255 , G06F21/6254 , H04L9/3247 , H04L63/0853 , H04L67/1044
摘要: A server is configured to communicate with a group of clients over a network in one embodiment. The server maps the group of clients into a plurality of subgroups of bounded size, communicates to a given one of the clients information identifying the particular subgroup to which that client belongs as well as the other clients in that subgroup. The given client utilizes the communicated information to generate a ring signature over the corresponding subgroup of clients based on the communicated information. The subgroup size may be bounded to a minimum size and a maximum size in accordance with a variable privacy parameter. The server can increase or decrease the value of the parameter in order to provide respective increased or decreased privacy to the clients, by making it respectively more or less difficult to determine which client in a corresponding one of the subgroups produced the received ring signature.
-
2.发明授权公开(公告)号:US09471777B1
公开(公告)日:2016-10-18
申请号:US13404839
申请日:2012-02-24
CPC分类号: G06F21/55 , G06F21/45 , H04L9/002 , H04L63/1441
摘要: A processing device is configured to identify a plurality of defensive security actions to be taken to address a persistent security threat to a system comprising information technology infrastructure, and to determine a schedule for performance of the defensive security actions based at least in part on a selected distribution derived from a game-theoretic model, such as a delayed exponential distribution or other type of modified exponential distribution. The system subject to the persistent security threat is configured to perform the defensive security actions in accordance with the schedule in order to deter the persistent security threat. The distribution may be selected so as to optimize defender benefit in the context of the game-theoretic model, where the game-theoretic model may comprise a stealthy takeover game in which attacker and defender entities can take actions at any time but cannot determine current game state without taking an action.
摘要翻译: 处理设备被配置为识别要采取的多个防御性安全措施以解决对包括信息技术基础设施的系统的持续安全威胁,并且至少部分地基于所选择的确定用于执行防御性安全动作的调度 衍生自游戏理论模型的分布,例如延迟指数分布或其他类型的修改指数分布。 受到持续安全威胁的系统被配置为根据时间表执行防御性安全措施,以便阻止持续的安全威胁。 可以选择分配,以便在游戏理论模型的上下文中优化后卫利益,其中游戏理论模型可以包括隐形收购游戏,其中攻击者和后卫实体可以随时采取行动但不能确定当前游戏 状态而不采取行动。
-
公开(公告)号:US07392453B2
公开(公告)日:2008-06-24
申请号:US10477491
申请日:2002-05-15
CPC分类号: G11B20/00891 , G11B20/00 , G11B20/00086 , G11B20/18
摘要: Information signals such as grayscale images or audio signals are represented as a sequence of PCM signal samples. To embed auxiliary data in the least significant bits of the signal, the samples are slightly distorted. There is a so-termed “rate-distortion function” (20) which gives the largest embedding rate R given a certain distortion level D. It appears that the efficiency of prior art embedding schemes such as LSB replacement (21,22) can be improved. The invention discloses such embedding schemes (23,24). According to the invention, the signal is divided into groups of L (L>1) signal samples (x). For each group of signal samples, a vector of least significant portions (x mod n) of the signal samples is created. For n=2, the vector comprises the least significant bit of each signal sample. The syndrome of said vector (as defined in the field of error detection and correction) represents the embedded data. Only one (or a few, in any case less than L) signal sample(s) of a group needs to be modified so as to achieve that the vector assumes a desired syndrome value.
摘要翻译: 诸如灰度图像或音频信号的信息信号被表示为PCM信号样本的序列。 为了将辅助数据嵌入到信号的最低有效位中,样本稍微失真。 存在所谓的“速率失真函数”(20),给出给定一定的失真水平D的最大嵌入速率R.看起来,诸如LSB替换(21,22)的现有技术嵌入方案的效率可以是 改进。 本发明公开了这种嵌入方案(23,24)。 根据本发明,信号被分成L(L> 1)个信号样本(x)的组。 对于每组信号样本,产生信号样本的最低有效部分(xmod n)的向量。 对于n = 2,矢量包括每个信号样本的最低有效位。 所述向量(如在错误检测和校正领域中定义的)的综合表示嵌入数据。 需要修改组中只有一个(或少数在任何情况下小于L个)信号样本),以便实现矢量呈现期望的综合征值。
-
4.发明授权Method and apparatus for embedding an additional layer of error correction into an error correcting code 失效用于将错误校正的附加层嵌入纠错码的方法和装置公开(公告)号:US07340663B2
公开(公告)日:2008-03-04
申请号:US10509475
申请日:2003-03-14
IPC分类号: H03M13/00
CPC分类号: H03M13/2906 , G11B20/1833
摘要: A method of embedding an additional layer of error correction into an error correcting code, wherein information is encoded into code words of said code over a first Galois field and wherein a number of code words are arranged in the columns of a code block comprising a user data sub-block and a parity data sub-block, provides an additional layer of error correction that can be easily implemented without losing compatibility improving the error correction capabilities. The method includes the steps of: encoding the rows of at least the user data sub-block separately or in groups using a horizontal error correcting code over a second Galois field larger than the first Galois field to obtain horizontal parities, and embedding the horizontal parities as additional layer in the error correcting code.
摘要翻译: 一种将错误校正的附加层嵌入到纠错码中的方法,其中信息通过第一伽罗瓦域编码成所述码的码字,并且其中多个码字排列在包括用户的码块的列中 数据子块和奇偶校验数据子块提供可以容易地实现的附加的纠错层,而不失去改进纠错能力的兼容性。 该方法包括以下步骤:在大于第一伽罗瓦域的第二伽罗瓦域上,使用水平纠错码,分别地或以组分组编码至少用户数据子块的行以获得水平奇偶校验,并嵌入水平奇偶校验 作为纠错码中的附加层。
-
5.发明授权Methods and apparatus for authenticating a user using multi-server one-time passcode verification 有权使用多服务器一次性密码验证认证用户的方法和装置公开(公告)号:US09118661B1
公开(公告)日:2015-08-25
申请号:US13404737
申请日:2012-02-24
IPC分类号: H04L29/06
CPC分类号: H04L63/0838 , H04L63/0853
摘要: Methods and apparatus are provided for authenticating a user using multi-server one-time passcode verification. A user is authenticated by receiving authentication information from the user; and authenticating the user based on the received authentication information using at least two authentication servers, wherein the received authentication information is based on a secret shared between a security token associated with the user and an authentication authority that provides the at least two authentication servers. For example, the authentication information can comprise a passcode comprised of a tokencode from the security token and a password from the user. The user can be authenticated only if, for example, all of the at least two authentication servers authenticate the received authentication information.
摘要翻译: 提供了使用多服务器一次性密码验证来验证用户的方法和装置。 通过从用户接收认证信息来认证用户; 以及使用至少两个认证服务器基于所接收的认证信息来认证所述用户,其中,所接收的认证信息基于与所述用户相关联的安全令牌和提供所述至少两个认证服务器的认证机构之间共享的秘密。 例如,认证信息可以包括由来自安全令牌的令牌代码和来自用户的密码组成的密码。 只有在例如所有至少两个认证服务器中的所有认证服务器对接收到的认证信息进行认证时,才可以认证用户。
-
公开(公告)号:US07103829B2
公开(公告)日:2006-09-05
申请号:US10144529
申请日:2002-05-13
申请人: Marten Erik Van Dijk , Constant Paul Marie Jozef Baggen , Ludovicus Marinus Gerardus Maria Tolhuizen
发明人: Marten Erik Van Dijk , Constant Paul Marie Jozef Baggen , Ludovicus Marinus Gerardus Maria Tolhuizen
IPC分类号: H03M13/00
CPC分类号: H03M13/158 , G11B20/18 , G11B20/1833 , H03M13/1515
摘要: A method of selecting a generator matrix (G) for encoding information words (m) including information symbols (m1, m2, mk) into codewords (c) of a code (C) provides an enhanced error correction capability if at least one information symbol (m1, m2, m3) is known a priori to a decoder decoding received, possibly mutilated codewords (r). In order to design a code of which the correction power is enhanced if some information symbols are known to the decoder prior to decoding, the generator matrix (G) is selected such that the minimum Hamming distance of at least one subcode (C′) of the code (C) is larger than the minimum Hamming distance of the code (C), and that a subcode generator matrix (G′) of the at least one subcode (C′) is derived from the generator matrix (G) of the code (C) by omitting the at least one row from the generator matrix (G) corresponding to the at least one a priori known information symbol (m1, m2, m3).
摘要翻译: 一种选择生成矩阵(G)的方法,用于对包括信息符号(m 1,m 2,m 2) )代码(C)的码字(c)提供增强的纠错能力,如果至少一个信息符号(m 1,m 2,m 3) 已知解码器先前解码接收到的,可能残留的码字(r)。 为了设计如果在解码之前解码器已知一些信息符号而增强校正功率的代码,则生成器矩阵(G)被选择为使得至少一个子代码(C')的最小汉明距离 代码(C)大于代码(C)的最小汉明距离,并且至少一个子代码(C')的子代码生成器矩阵(G')是从代码(C)的生成矩阵(G)导出的 代码(C)通过从对应于至少一个先验已知信息符号(m 1,m 2)的生成矩阵(G)中省略至少一行, m 3)。
-
7.发明授权Methods and apparatus for silent alarm channels using one-time passcode authentication tokens 有权使用一次性密码认证令牌的静音报警信道的方法和装置公开(公告)号:US09515989B1
公开(公告)日:2016-12-06
申请号:US13404788
申请日:2012-02-24
CPC分类号: H04L63/00 , H04L63/0428 , H04L63/065 , H04L63/0838 , H04L63/0869 , H04L63/123 , H04L63/126 , H04L63/14
摘要: Methods and apparatus are provided for silent alarm channels using one-time passcode authentication tokens. A message is transmitted indicating a potential attack on a protected resource by obtaining the message; combining the message with a tokencode generated by a security token to generate a one-time passcode; and transmitting the one-time passcode to a receiver. A plurality of the messages can be obtained in parallel, and the plurality of parallel messages can be combined with the tokencode to generate the one-time passcode. A subsequent message can optionally be generated by applying a hash function to a prior n-bit value to provide a counter identifying each message. The message optionally also comprises one or more additional bits to provide an annotation of the message.
摘要翻译: 为使用一次性密码认证令牌的静音报警通道提供方法和装置。 通过获得消息来传送指示对受保护资源的潜在攻击的消息; 将消息与由安全令牌生成的令牌代码组合以生成一次性密码; 并将一次性密码发送到接收机。 可以并行获得多个消息,并且多个并行消息可以与令牌代码组合以生成一次性密码。 可以可选地通过将哈希函数应用于先前的n位值来产生后续消息,以提供识别每个消息的计数器。 消息可选地还包括一个或多个附加位以提供消息的注释。
-
公开(公告)号:US09015231B1
公开(公告)日:2015-04-21
申请号:US13431231
申请日:2012-03-27
申请人: Roy Hodgman , Marten Erik van Dijk , Eyal Kolman
发明人: Roy Hodgman , Marten Erik van Dijk , Eyal Kolman
摘要: A server is configured to communicate with a group of clients over a network. Each of the clients obtains a corresponding informational message comprising security-related information such as an indication of compromise (IOC), inserts noise in the information message to generate an anonymized message, and communicates the anonymized message to the server. The anonymized messages communicated by the respective clients to the server may be configured so as to prevent the server from identifying any individual client associated with a particular one of the anonymized messages, while also allowing the server to extract from the anonymized messages collectively one or more characteristics of the underlying informational messages. A given client may insert noise in an informational message by, for example, selecting a noise value from a specified range of noise values, and combining the informational message and the selected noise value to generate the anonymized message.
摘要翻译: 服务器被配置为通过网络与一组客户端进行通信。 每个客户端获得包括诸如妥协指示(IOC)之类的安全相关信息的相应信息性消息,在信息消息中插入噪声以生成匿名消息,并将匿名消息传送到服务器。 可以将由相应客户端传送到服务器的匿名消息配置成防止服务器识别与特定一个匿名消息相关联的任何个人客户端,同时还允许服务器从匿名消息中抽出一个或多个 底层信息消息的特征。 给定的客户端可以通过例如从指定的噪声值范围中选择噪声值并将信息消息和所选择的噪声值组合以生成匿名消息来在信息消息中插入噪声。
-
公开(公告)号:US08799334B1
公开(公告)日:2014-08-05
申请号:US13339768
申请日:2011-12-29
IPC分类号: G06F17/30
CPC分类号: G06F21/577 , G06F2211/007 , G06F2221/2107
摘要: A client device or other processing device comprises a file processing module, with the file processing module being operative to provide a file to a file system for encoding, to receive from the file system a corresponding encoded file, and to verify that the file system stores at least a designated portion of an encapsulation of the encoded file. In an illustrative embodiment, the file processing module receives, in addition to or in place of the encoded file, a proof of correct encoding. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译: 客户端设备或其他处理设备包括文件处理模块,文件处理模块可操作以向文件系统提供文件以进行编码,从文件系统接收对应的编码文件,并验证文件系统存储 至少编码文件的封装的指定部分。 在说明性实施例中,文件处理模块除了编码文件之外还是代替编码文件,接收正确编码的证明。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地,一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。
-
公开(公告)号:US08346742B1
公开(公告)日:2013-01-01
申请号:US13075848
申请日:2011-03-30
IPC分类号: G06F17/00
CPC分类号: G06F21/577
摘要: A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译: 客户端设备或其他处理设备包括文件处理模块,文件处理模块可操作以从文件系统请求证明文件系统以不同于第一格式的第二格式存储具有第一格式的文件, 从文件系统接收证明,并使用响应于该请求的文件系统提供的证明来验证文件是否以第二格式存储。 该证明至少部分地基于第二格式的文件的应用功能,并且该功能对生成证明施加了最低资源要求。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地,一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.016 秒)
