公开(公告)号：US07954152B2

公开(公告)日：2011-05-31

申请号：US11275433

申请日：2005-12-30

申请人： Tomer Shiran

发明人： Tomer Shiran

IPC分类号： G06F21/00 ,  G06F21/20 ,  G06F21/22

CPC分类号： H04L67/22 ,  H04L63/1466 ,  H04L2463/102

摘要： Session management by analysis of requests and responses is described herein. A gateway receives requests from a client system, forwards the same to a protected resource, and receives responses from the protected resource. The gateway includes a session management module that manages an authenticated session between the client system and the protected resource. In one aspect, the session management module receives responses that are labeled to indicate whether the requests corresponding to the responses are user-initiated or automatically-initiated. In other aspects, the session management module analyzes the requests to identify any periodic patterns appearing therein. The session management module identifies any requests that are part of a periodic pattern as automatically-initiated requests. In either case, the session management module maintains a timer for each session, and resets the timer when a user-initiated request is identified. Any session whose timer expires is terminated.

摘要翻译： 本文描述了通过分析请求和响应的会话管理。 网关从客户端系统接收请求，将其转发到受保护的资源，并从受保护的资源接收响应。 网关包括一个会话管理模块，用于管理客户机系统和受保护资源之间的认证会话。 在一个方面，会话管理模块接收被标记以指示与响应相对应的请求是用户发起还是自动启动的响应。 在其他方面，会话管理模块分析请求以识别其中出现的任何周期性模式。 会话管理模块将作为周期性模式的一部分的任何请求标识为自动发起的请求。 在任一情况下，会话管理模块维护每个会话的定时器，并且当识别出用户发起的请求时，重置定时器。 定时器到期的任何会话终止。

公开(公告)号：US20090299887A1

公开(公告)日：2009-12-03

申请号：US12132607

申请日：2008-06-03

申请人： Maya Shiran ,  Tomer Shiran ,  Yehuda Shiran ,  Alon Shiran

发明人： Maya Shiran ,  Tomer Shiran ,  Yehuda Shiran ,  Alon Shiran

IPC分类号： G06Q30/00

CPC分类号： G06Q30/02 ,  G06Q40/00

摘要： A system and method is disclosed for detecting savings opportunities for consumers based on the price protection and/or return policies of retailers, following a process of purchasing items from online or physical retailers. The system receives an order statement which comprises information about an order, such as an identifier of the retailer, a date and the details of one or more purchases, where each purchase includes at least an identifier of an item and the amount paid for that item. The system then extracts that information from the order statement, without requiring the user to specify the details of each purchase separately. The system continuously monitors the prices of the items and the conditions specified in the retailer's price protection and/or return policies. If the system determines that the customer is eligible to receive a refund or can profit from returning an item to the retailer and re-purchasing it (perhaps from a different retailer), it either requests the refund from the retailer on behalf of the customer, or notifies the user.

摘要翻译： 公开了一种系统和方法，用于根据零售商的价格保护和/或退货政策，在从在线零售商或实体零售商处购买物品的过程中，为消费者提供储蓄机会。 该系统接收订单，其中包含关于订单的信息，例如零售商的标识符，日期和一个或多个购买的细节，其中每个购买至少包括项目的标识符和为该项目支付的金额 。 然后系统从订单报表中提取该信息，而不需要用户分别指定每个购买的详细信息。 系统不断监测物品的价格和零售商的价格保护和/或退货政策规定的条件。 如果系统确定客户有资格获得退款，或者可以从零售商退回物品并重新购买（可能来自不同零售商）获利，则可以代表客户向零售商要求退款， 或通知用户。

公开(公告)号：US20080134311A1

公开(公告)日：2008-06-05

申请号：US11607720

申请日：2006-12-01

申请人： Gennady Medvinsky ,  Nir Nice ,  Tomer Shiran ,  Alexander Teplitsky ,  Paul Leach ,  John Neystadt

发明人： Gennady Medvinsky ,  Nir Nice ,  Tomer Shiran ,  Alexander Teplitsky ,  Paul Leach ,  John Neystadt

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/166 ,  G06F21/33 ,  G06F2221/2115 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3271 ,  H04L29/06965 ,  H04L63/0823 ,  H04L2209/38

摘要： The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.

摘要翻译： 在实体链中委托认证的方法依赖于在网关设备和用户之间的至少一部分TLS握手的记录，其中用户需要访问期望的服务器。 然后，该方法依赖于在TLS握手的记录部分中重新验证加密证据，TLS握手被转发到（1）到需要访问的服务器，在这种情况下，服务器重新验证记录部分以确认认证 ，或者（2）到第三方实体，在这种情况下，第三方实体确认认证，并向网关服务器提供凭证，然后网关服务器使用凭证作为用户对服务器进行认证。

公开(公告)号：US20070192836A1

公开(公告)日：2007-08-16

申请号：US11276139

申请日：2006-02-15

申请人： Tomer Shiran ,  Sara Bitan ,  Nir Nice ,  Jeroen de Borst ,  Dave Field ,  Shai Herzog

发明人： Tomer Shiran ,  Sara Bitan ,  Nir Nice ,  Jeroen de Borst ,  Dave Field ,  Shai Herzog

IPC分类号： H04L9/32 ,  G06K9/00 ,  G06F15/16 ,  H04L9/00 ,  G06F17/30 ,  G06F17/00 ,  G06F9/00 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00 ,  G06F15/173

CPC分类号： H04L9/321 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297

摘要： Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.

摘要翻译： 这里描述了用于执行具有强认证的显式授权的系统和方法。 系统可以包括一个或多个客户端，一个或多个终端服务器，以及在客户端和终端服务器之间中间或之间的一个或多个网关。 客户端可以包括适合于向网关强烈认证客户端的显式强委派组件。 显式强委托组件还可以向网关显式地委托代表客户端进行认证的权限，并定义显式授权有效的时间段。 在系统不需要访问第三方证书或密钥分发机构的意义上，该系统可以被视为是独立的。 最后，客户端代表客户端控制网关可以对其进行身份验证的网关或终端服务器。

公开(公告)号：US20050108069A1

公开(公告)日：2005-05-19

申请号：US10714635

申请日：2003-11-18

申请人： Tomer Shiran ,  Yehuda Shiran ,  Ari Shotland ,  Oren Naim

发明人： Tomer Shiran ,  Yehuda Shiran ,  Ari Shotland ,  Oren Naim

IPC分类号： G06Q10/00 ,  G06F17/60

CPC分类号： G06Q10/02

摘要： A system and a method is disclosed for prefetching travel information relevant to travel products from travel suppliers, prior to a process of making travel reservations by users. The system includes a prefetcher for retrieving the travel information. The system also includes a cache for storing the travel information retrieved by the prefetcher and a front-end wherein the system is able to receive queries from the user and respond to the queries. Prefetching creates a comprehensive cache having a substantially high probability of containing the travel information that the user needs.

摘要翻译： 公开了一种系统和方法，用于在由用户进行旅行预订的过程之前预取与旅行供应商的旅行产品相关的旅行信息。 该系统包括用于检索旅行信息的预取器。 该系统还包括用于存储由预取器检索的旅行信息的缓存和前端，其中系统能够接收来自用户的查询并响应查询。 预取创建具有包含用户需要的旅行信息的基本上高概率的综合高速缓存。

公开(公告)号：US08959596B2

公开(公告)日：2015-02-17

申请号：US11454373

申请日：2006-06-15

申请人： Nir Nice ,  Ron Mondri ,  Tomer Shiran ,  Boaz Ein-Gil

发明人： Nir Nice ,  Ron Mondri ,  Tomer Shiran ,  Boaz Ein-Gil

IPC分类号： G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L63/0838 ,  H04L9/0863 ,  H04L9/3228 ,  H04L63/083 ,  H04L63/0853

摘要： A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.

摘要翻译： 单个密码可用于系统中的几个实体的用户的验证，而不会影响安全性。 在确定有效性时，会考虑提供验证凭证的实体的来源以及密码。 如果先前没有使用验证凭证（例如用户的有效密码和凭据来源），则一次性密码系统将验证凭据。 在一次性密码系统中，验证处理器从客户端处理器接收验证凭证。 如果客户机处理器以前没有将验证凭证发送给验证处理器，并且凭据有效，则验证处理器将验证凭据。 否则，凭据无效。 其他客户端处理器可以使用相同的密码及其各自的源标识符，只要其他客户端处理器以前没有使用过凭据，凭证就被声明为有效的。

公开(公告)号：US20070294749A1

公开(公告)日：2007-12-20

申请号：US11454373

申请日：2006-06-15

申请人： Nir Nice ,  Ron Mondri ,  Tomer Shiran ,  Boaz Ein-Gil

发明人： Nir Nice ,  Ron Mondri ,  Tomer Shiran ,  Boaz Ein-Gil

IPC分类号： H04L9/32

CPC分类号： H04L63/0838 ,  H04L9/0863 ,  H04L9/3228 ,  H04L63/083 ,  H04L63/0853

摘要： A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.

摘要翻译： 单个密码可用于系统中的几个实体的用户的验证，而不会影响安全性。 在确定有效性时，会考虑提供验证凭证的实体的来源以及密码。 如果先前没有使用验证凭证（例如用户的有效密码和凭据来源），则一次性密码系统将验证凭据。 在一次性密码系统中，验证处理器从客户端处理器接收验证凭证。 如果客户机处理器以前没有将验证凭证发送给验证处理器，并且凭据有效，则验证处理器将验证凭据。 否则，凭据无效。 其他客户端处理器可以使用相同的密码及其各自的源标识符，只要其他客户端处理器以前没有使用过凭据，凭证就被声明为有效的。

公开(公告)号：US08091124B2

公开(公告)日：2012-01-03

申请号：US11710335

申请日：2007-02-23

申请人： Itai Almog ,  Tomer Shiran

发明人： Itai Almog ,  Tomer Shiran

IPC分类号： H04L29/06

CPC分类号： H04L63/0281 ,  H04L63/08

摘要： Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is received in response, the content is public, whereby the web proxy server caches the content and returns the content to the client. If the requested content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.

摘要翻译： 描述了一种技术，通过该技术，Web代理服务器通过未认证的连接将客户端对内容的请求转发到Web服务器，包括当客户端已经具有到该Web服务器的认证连接时。 如果收到网页内容作为回应，内容是公开的，由此Web代理服务器缓存内容并将内容返回给客户端。 如果由于需要验证而未收到所请求的内容，则通过客户端的已认证连接重新请求内容，或者如果还不存在，则将响应返回给客户端以完成认证过程以建立认证连接 。 可以将学习机制（例如，持续已知的私有URL）耦合到选择机制以维护对私有的对象的引用，从而避免在未经认证的连接上的已知私人对象的冗余检索尝试。

公开(公告)号：US20090094263A1

公开(公告)日：2009-04-09

申请号：US11867100

申请日：2007-10-04

申请人： Tomer Shiran ,  Nir Nice ,  Itai Almog ,  Adar Greenshpon

发明人： Tomer Shiran ,  Nir Nice ,  Itai Almog ,  Adar Greenshpon

IPC分类号： G06F17/30

CPC分类号： H04L69/04 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2828

摘要： Systems and methods are described that improve the efficiency of byte caching mechanisms when transmitting or receiving structured data. Some of these techniques may normalize the structured data before transmission over the network. Other techniques may use templates or semantic differences.

摘要翻译： 描述了系统和方法，用于在发送或接收结构化数据时提高字节缓存机制的效率。 这些技术中的一些可以在通过网络传输之前规范化结构化数据。 其他技术可能使用模板或语义差异。

公开(公告)号：US20080209524A1

公开(公告)日：2008-08-28

申请号：US11710335

申请日：2007-02-23

申请人： Itai Almog ,  Tomer Shiran

发明人： Itai Almog ,  Tomer Shiran

IPC分类号： H04L9/32

CPC分类号： H04L63/0281 ,  H04L63/08

摘要： Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.

摘要翻译： 描述了一种技术，通过该技术，Web代理服务器通过未认证的连接将客户端对内容的请求转发到Web服务器，包括当客户端已经具有到该Web服务器的认证连接时。 如果由于需要验证而未收到网页内容，则会通过客户端的身份验证的连接重新请求内容，或者如果尚未存在，则将该响应返回给客户端以完成认证过程以建立认证连接 。 可以将学习机制（例如，持续已知的私有URL）耦合到选择机制以维护对私有的对象的引用，从而避免在未经认证的连接上的已知私人对象的冗余检索尝试。