-
公开(公告)号:US09641538B1
公开(公告)日:2017-05-02
申请号:US13536990
申请日:2012-06-28
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W12/06
摘要: There is disclosed a method, system and a computer program product for use in authenticating an entity. An authentication request is received from the entity. Information in connection with the entity is acquired from an external source. Based on the information, a risk score is set such that the riskiness of the authentication request can be readily deduced therefrom.
-
公开(公告)号:US09240986B1
公开(公告)日:2016-01-19
申请号:US13628746
申请日:2012-09-27
申请人: Karl Ackerman , William W. Duane , Yedidya Dotan
发明人: Karl Ackerman , William W. Duane , Yedidya Dotan
CPC分类号: H04L63/08 , G06F21/34 , H04L63/0838 , H04L2463/082 , H04W4/02 , H04W12/06
摘要: A method is used in managing security and wireless signal detection. Information is gathered about analog signal reception at a receiver. Based on the information, a result is produced for use in determining location information at the receiver. The result is used to affect a security decision.
摘要翻译: 一种方法用于管理安全和无线信号检测。 收集关于在接收机处的模拟信号接收的信息。 基于该信息,产生用于确定接收器处的位置信息的结果。 结果用于影响安全决策。
-
3.发明授权Injecting code decrypted by a hardware decryption module into Java applications 有权将由硬件解密模块解密的代码注入Java应用程序公开(公告)号:US09021271B1
公开(公告)日:2015-04-28
申请号:US13337817
申请日:2011-12-27
CPC分类号: G06F11/34 , G06F21/123
摘要: A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.
摘要翻译: 通过与硬件安全模块(HSM)通信的计算机执行方法。 该方法包括(a)在计算机上运行一个进程虚拟机(PVM),该PVM被配置为在PVM环境内执行便携式字节码指令,以及(b)在该PVM环境内执行(1)读取加密指令 来自计算机的数据存储的代码,(2)将加密的指令代码发送到HSM,(3)响应于从HSM接收解密的指令代码,以及(4)在PVM中运行的应用程序中注入解密的指令代码 由PVM执行的环境。 实施例还涉及类似的计算机程序产品和装置。
-
4.发明授权Controlling access to a protected resource using a virtual desktop and ongoing authentication 有权使用虚拟桌面控制对受保护资源的访问和正在进行的身份验证公开(公告)号:US08701174B1
公开(公告)日:2014-04-15
申请号:US13246023
申请日:2011-09-27
申请人: Yedidya Dotan
发明人: Yedidya Dotan
IPC分类号: H04L9/32
CPC分类号: H04L9/3228 , G06F21/34 , G06F2221/2139 , H04L63/0838
摘要: A technique controls access to a protected resource. The technique involves performing a series of authentication operations between an end user device and an authentication engine, and providing, while the series of authentication operations results in ongoing successful authentication, a virtual desktop session from a virtual desktop server to the end user device to enable a user at the end user device to access the protected resource using the virtual desktop session. The technique further involves closing the virtual desktop session when the series of authentication operations results in unsuccessful authentication (e.g., receipt of an incorrect authentication factor, loss of communications between the end user device and the authentication engine, etc.) to prevent further access to the protected resource using the virtual desktop session. Such operation provides additional security beyond that offered by a virtual desktop session without ongoing authentication, and thus protects against more advanced types of cyber threats.
摘要翻译: 技术控制对受保护资源的访问。 该技术涉及在最终用户设备和认证引擎之间执行一系列认证操作,并且在一系列认证操作导致持续的成功认证时,提供从虚拟桌面服务器到最终用户设备的虚拟桌面会话以启用 最终用户设备上的用户使用虚拟桌面会话来访问受保护的资源。 该技术还涉及当一系列认证操作导致认证失败(例如,接收不正确的认证因素,终端用户设备与认证引擎之间的通信丢失等)时关闭虚拟桌面会话,以防止进一步访问 受保护的资源使用虚拟桌面会话。 这样的操作提供了超出虚拟桌面会话提供的安全性,而无需进行身份验证,从而防止更高级的网络威胁。
-
公开(公告)号:US09781130B1
公开(公告)日:2017-10-03
申请号:US13536999
申请日:2012-06-28
CPC分类号: H04L63/107 , G06F21/316 , G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W4/02 , H04W12/06
摘要: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.
-
公开(公告)号:US09183595B1
公开(公告)日:2015-11-10
申请号:US13434983
申请日:2012-03-30
申请人: Ayelet Avni , Ayelet Eliezer , Yedidya Dotan
发明人: Ayelet Avni , Ayelet Eliezer , Yedidya Dotan
IPC分类号: G06Q50/00
摘要: An improved technique generates questions to authenticate a user as part of a group. Along these lines, a KBA system, upon receiving a request to authenticate a particular user, collects facts having references to users of the group of users. The collected facts, however, may also include references to users not in the group of users. In building a set of questions for the particular user, the KBA system is capable of favoring facts having references to users of the group of users and few, if any, references to users not in the group of users; conversely, the KBA system is capable of discarding facts having too many references to users not in the group of users. The particular user's responses to the set of questions are indicative of whether the particular user belongs to the group.
摘要翻译: 改进的技术会产生问题,以将用户作为组的一部分进行身份验证。 沿着这些方向,KBA系统在接收到对特定用户的认证的请求时收集具有对该组用户的用户的引用的事实。 然而,收集的事实也可能包括对不在用户组中的用户的引用。 在为特定用户构建一组问题时,KBA系统能够有利于参考用户组的用户的事实,并且很少(如果有的话)引用不在用户组中的用户; 相反,KBA系统能够丢弃具有太多参考的事实,而不是用户组中的用户。 特定用户对该组问题的响应指示特定用户是否属于该组。
-
7.发明授权Virtualization platform for secured communications between a user device and an application server 有权用于用户设备和应用服务器之间的安全通信的虚拟化平台公开(公告)号:US08694993B1
公开(公告)日:2014-04-08
申请号:US13077230
申请日:2011-03-31
申请人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
发明人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
CPC分类号: H04L63/08 , G06F2009/45587 , H04L63/0272 , H04L67/10 , H04L67/42
摘要: A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.
摘要翻译: 为用户设备和应用服务器之间的安全通信提供了模块化虚拟化平台。 客户端计算设备在通过网络与应用服务器进行虚拟会话期间执行安全通信。 客户端计算设备加载虚拟机客户端; 并且基于一个或多个性能因素选择远程模块用作虚拟会话的虚拟化服务器。 利用所选择的模块建立虚拟会话,并且可以经由所选模块的虚拟会话在客户端计算设备和应用服务器之间发生安全通信。 可以使用基于点对点八卦的状态通知过程从多个模块收集性能因素。 路线列表优选地存储多个模块的性能因素。 路由列表可以包含指向多个虚拟化平台中的多个远程模块的指针,以增加可靠性。
-
公开(公告)号:US08683592B1
公开(公告)日:2014-03-25
申请号:US13341174
申请日:2011-12-30
申请人: Yedidya Dotan , Assaf Natanzon , Uri Rivner
发明人: Yedidya Dotan , Assaf Natanzon , Uri Rivner
CPC分类号: G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1425
摘要: An improved technique for performing forensic investigations in an electronic system includes capturing and associating multiple streams of information. The streams include a network stream and a storage stream. The network stream includes a record of network activities. The storage stream includes a record of storage activities. In some examples, the storage stream includes both disk activities and memory activities, including both reads and writes. Records of the captured streams are stored in a data storage array and are associated by applying a common timing reference to the records. A comprehensive history is thus obtained, with both network and storage activities coordinated in time, to enable examination and tracing of suspect or malicious occurrences across network and storage domains. The improved technique can be used in both physical and virtual computing environments and affords particular advantages in virtual and cloud environments where forensic analysis has proven to be difficult.
摘要翻译: 用于在电子系统中执行取证调查的改进技术包括捕获和关联多个信息流。 流包括网络流和存储流。 网络流包括网络活动的记录。 存储流包括存储活动的记录。 在一些示例中,存储流包括磁盘活动和内存活动,包括读取和写入。 捕获的流的记录被存储在数据存储阵列中,并且通过对记录应用公共定时参考来相关联。 因此,能够及时协调网络和存储活动,从而实现对网络和存储域的可疑或恶意事件的检查和跟踪。 改进的技术可以在物理和虚拟计算环境中使用,并在虚拟和云环境中提供特别的优势,其中法证分析已被证明是困难的。
-
9.发明授权Techniques for authenticating users of massive multiplayer online role playing games using adaptive authentication 有权使用自适应认证来认证大型多人在线角色扮演游戏用户的技术公开(公告)号:US08370389B1
公开(公告)日:2013-02-05
申请号:US12751057
申请日:2010-03-31
申请人: Yedidya Dotan
发明人: Yedidya Dotan
CPC分类号: A63F13/71 , A63F13/216 , A63F13/327 , A63F13/79 , A63F13/822 , A63F2300/401 , A63F2300/532 , A63F2300/5573 , G06F21/43 , G06F2221/2103
摘要: A technique authenticates a user of a massively multiplayer online role playing game (MMORPG). The technique involves establishing a user database containing user information describing the MMORPG user based on a set of first transmissions received from a game provider of the MMORPG. The technique further involves (i) receiving a second transmission from the game provider, the second transmission including an authentication request to authenticate the MMORPG user, and (ii) providing a response transmission to the game provider in response to the second transmission. The response transmission includes an authentication result based on an adaptive authentication operation involving the user database. The authentication result controls whether the game provider provides the MMORPG user with current access to the MMORPG.
摘要翻译: 一种技术验证了大型多人在线角色扮演游戏(MMORPG)的用户。 该技术包括基于从MMORPG的游戏提供商接收的一组第一传输来建立包含描述MMORPG用户的用户信息的用户数据库。 该技术还包括(i)从游戏提供者接收第二传输,第二传输包括认证请求以验证MMORPG用户,以及(ii)响应于第二传输向游戏提供者提供响应传输。 响应传输包括基于涉及用户数据库的自适应认证操作的认证结果。 验证结果控制游戏提供者是否向MMORPG用户提供对MMORPG的当前访问。
-
公开(公告)号:US10063549B1
公开(公告)日:2018-08-28
申请号:US13169668
申请日:2011-06-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L63/0838 , H04L63/1441 , H04L2463/082
摘要: A technique of supporting multi-factor authentication uses a database server. The technique involves receiving suspicious user activity data from a first set of authentication servers and storing the suspicious user activity data from the first set of authentication servers, as sharable authentication data, in a database of the database server. The technique further involves providing the sharable authentication data from the database to a second set of authentication servers. Each authentication server of the second set of authentication servers performs multi-factor authentication operations based on (i) local authentication data which is gathered by that authentication server and (ii) the sharable authentication data provided from the database. Accordingly, useful authentication data from one authentication server (e.g., a network address of a computer which mischievously attempts to probe or infiltrate that authentication server) can be shared with other authentication servers to enhance their ability to identify fraudsters.
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.014 秒)
