-
公开(公告)号:US20150195301A1
公开(公告)日:2015-07-09
申请号:US14359969
申请日:2013-11-19
申请人: Abhilasha Bhargav-Spantzel , John B. Vicente , Mohammad R. Haghighat , Oliver W. Chen , Hormuzd M. Khosravi , Uri Kahana
发明人: Abhilasha Bhargav-Spantzel , John B. Vicente , Mohammad R. Haghighat , Oliver W. Chen , Hormuzd M. Khosravi , Uri Kahana
IPC分类号: H04L29/06 , G06F17/30 , G06F3/0484
CPC分类号: H04L63/1441 , G06F3/0484 , G06F17/30864 , G06F21/552 , G06F21/577 , G06F2221/2105
摘要: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.
摘要翻译: 本公开涉及上下文感知主动威胁管理系统。 通常,设备可以使用内部活动数据以及关于外部活动的数据(例如由远程资源提供)来进行威胁评估和缓解。 设备可以包括例如恶意环境检测(HED)模块来协调威胁评估和缓解。 HED模块可以从远程资源累积内部活动数据(例如,来自设备中的安全服务)和关于系统环境和/或物理环境的外部活动数据。 然后,HED模块可以基于活动数据来评估威胁,并且确定自动和/或手动缓解操作以应对威胁。 在一个实施例中,可视化特征也可以用于例如可视化对用户的威胁,可视化自动/手动缓解操作,请求关于手动缓解操作的执行的用户确认等。
-
公开(公告)号:US20160180068A1
公开(公告)日:2016-06-23
申请号:US14580817
申请日:2014-12-23
申请人: Barnan Das , Abhilasha Bhargav-Spantzel , Narayan Biswal , Micha J Sheller , Ned M Smith , Hormuzd M. Khosravi
发明人: Barnan Das , Abhilasha Bhargav-Spantzel , Narayan Biswal , Micha J Sheller , Ned M Smith , Hormuzd M. Khosravi
CPC分类号: G06F21/32 , G06F21/316 , H04L63/0861 , H04L63/1408 , H04L2463/082
摘要: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.
摘要翻译: 用于用户的多因素认证的技术包括具有一个或多个传感器的计算设备。 计算设备可以通过分析生物特征和/或环境传感器数据来认证用户,以确定是否允许用户访问计算设备。 为了这样做,计算设备可以基于用于认证用户的每个生物认证因子的认证期间的环境来确定可靠性评分。 此外,计算设备可以基于用户在一段时间内的历史认证尝试期间收集的传感器数据来确定登录模式。 计算设备可以应用机器学习分类算法,以基于由计算设备应用的登录模式来确定是否允许用户访问计算设备的分类规则。 其他实施例在本文中被描述并被要求保护。
-
公开(公告)号:US20170093906A1
公开(公告)日:2017-03-30
申请号:US14866628
申请日:2015-09-25
CPC分类号: H04L63/1441 , H04L9/3218 , H04L9/3234 , H04L9/3271 , H04L63/1433
摘要: Technologies for anonymous context attestation and threat analytics include a computing device to receive sensor data generated by one or more sensors of the computing device and generate an attestation quote based on the sensor data. The attestation quote includes obfuscated attributes of the computing device based on the sensor data. The computing device transmits zero knowledge commitment of the attestation quote to a server and receives a challenge from the server in response to transmitting the zero knowledge commitment. The challenge requests an indication regarding whether the obfuscated attributes of the computing device have commonality with attributes identified in a challenge profile received with the challenge. The computing device generates a zero knowledge proof that the obfuscated attributes of the computing device have commonality with the attributes identified in the challenge profile.
-
公开(公告)号:US20160286393A1
公开(公告)日:2016-09-29
申请号:US14669268
申请日:2015-03-26
CPC分类号: H04W12/06 , G06F21/35 , G06F21/43 , H04L9/3215 , H04L9/3234 , H04L63/0853 , H04L63/18 , H04L2209/80 , H04W12/08
摘要: In an embodiment, at least one non-transitory computer readable storage medium includes instructions that when executed enable a system to: request, by an authentication logic of the system during a multi-factor authentication of a user of the system to obtain access to a first service, a token to be sent from a second system associated with the first service to a third system associated with the user; receive, in the authentication logic, the token from the third system without user involvement via a secure channel; and send the token from the authentication logic to the second system to authenticate the user. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,至少一个非暂时性计算机可读存储介质包括指令,当被执行时,该指令使得系统能够在系统的用户的多因素认证期间由系统的认证逻辑请求以获得对 第一服务,要从与第一服务相关联的第二系统发送到与用户相关联的第三系统的令牌; 在认证逻辑中接收来自第三系统的令牌,而无需通过安全信道进行用户参与; 并将令牌从认证逻辑发送到第二系统以认证用户。 描述和要求保护其他实施例。
-
公开(公告)号:US20150057839A1
公开(公告)日:2015-02-26
申请号:US14128569
申请日:2013-08-26
申请人: Sherry S. Chang , Jason Martin , Abhilasha Bhargav-Spantzel , Hormuzd M. Khosravi , Craig T. Owen
发明人: Sherry S. Chang , Jason Martin , Abhilasha Bhargav-Spantzel , Hormuzd M. Khosravi , Craig T. Owen
IPC分类号: B60R16/037
CPC分类号: B60R16/037 , B60R16/0373
摘要: Embodiments of apparatus and methods for configuring user customizable operational features of a vehicle are described. In embodiments, an apparatus may include a communication module configured to be disposed in the vehicle, and communicate with a mobile device a user. The apparatus may further include a controller configured to be disposed in the vehicle and coupled with the communication module, to obtain from the mobile device, one or more preferences of the user for one or more user customizable features of the vehicle, and adjust the one or more user customizable operational features of the vehicle based at least in part on the one or more preferences of the user obtained. Other embodiments may be described and/or claimed.
摘要翻译: 描述了用于配置车辆的用户可定制操作特征的装置和方法的实施例。 在实施例中,装置可以包括被配置为布置在车辆中并且与用户的移动设备通信的通信模块。 该装置还可以包括控制器,其被配置为设置在车辆中并与通信模块耦合,以从移动设备获得用户对于车辆的一个或多个用户可定制特征的一个或多个偏好,并且调整一个 至少部分地基于所获得的用户的一个或多个偏好来确定车辆的用户可自定义的操作特征。 可以描述和/或要求保护其他实施例。
-
公开(公告)号:US20140317413A1
公开(公告)日:2014-10-23
申请号:US13997826
申请日:2012-03-29
CPC分类号: H04L63/10 , G06F21/57 , H04L9/3247 , H04L9/3271 , H04L63/08 , H04L63/1433 , H04L63/145 , H04L2209/72
摘要: In accordance with embodiments disclosed herein, there are provided systems, apparatuses, and methods for implementing secure remediation of devices requesting cloud services. For example, in one embodiment, such means may include means for receiving, at a services provider, a request for services from a client; means for requesting authentication from the client to verify the client is one of a plurality of known subscribers of the services; means for requesting attestation to verify compliance of the client with a policy specified by the services provider; means for receiving an attestation confirmation from an attestation verifier, the attestation confirmation verifying compliance of the client with the policy specified by the services provider; and means for granting the client access to the services requested.
摘要翻译: 根据本文公开的实施例,提供了用于实现请求云服务的设备的安全修复的系统,设备和方法。 例如,在一个实施例中,这种装置可以包括用于在服务提供商处接收来自客户端的服务请求的装置; 用于从客户端请求认证以验证客户端是服务的多个已知订户之一的装置; 用于请求认证以根据服务提供商指定的策略来验证客户的合规性的方式; 用于从证明验证者接收证明确认的手段,证明确认客户端遵守服务提供商指定的策略; 以及用于授予客户端访问所请求的服务的方法。
-
公开(公告)号:US20130337777A1
公开(公告)日:2013-12-19
申请号:US13997759
申请日:2012-03-28
IPC分类号: H04W12/08
CPC分类号: H04W12/08 , H04L9/3228 , H04L63/0838 , H04L2463/082 , H04W4/50 , H04W12/06
摘要: Embodiments of apparatus, computer-implemented methods, systems, devices, and computer-readable media are described herein for accepting capability attestation of a device for determination of whether to grant access to a service during a state of operation. In various embodiments, access to the service sought may be conditionally granted responsive to verification of the capability attested. In various embodiments, during the state of operation, access to the service may be granted on a limited basis.
摘要翻译: 本文描述了设备,计算机实现的方法,系统,设备和计算机可读介质的实施例,用于接受用于确定在操作状态期间是否授予对服务的访问的设备的能力认证。 在各种实施例中,可以响应于所验证的能力的验证有条件地授予对所寻求的服务的访问。 在各种实施例中,在操作状态期间,可以在有限的基础上授予对服务的访问。
-
公开(公告)号:US20160092697A1
公开(公告)日:2016-03-31
申请号:US14495959
申请日:2014-09-25
申请人: Alex Nayshtut , Ned Smith , Avishay Sharaga , Oleg Pogorelik , Abhilasha Bhargav-Spantzel , Michael Raziel , Avi Priev , Adi Shaliv , Igor Muttik
发明人: Alex Nayshtut , Ned Smith , Avishay Sharaga , Oleg Pogorelik , Abhilasha Bhargav-Spantzel , Michael Raziel , Avi Priev , Adi Shaliv , Igor Muttik
CPC分类号: G06F21/6254 , G06Q30/0261 , H04L63/04 , H04L63/0414 , H04W4/021 , H04W4/21 , H04W8/06 , H04W12/00 , H04W12/02
摘要: In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.
摘要翻译: 在一个示例中,公开了客户机 - 服务器平台身份架构。 平台身份架构可用于使场地运营商能够提供在线服务并收集遥测数据和指标,同时为终端用户提供更多的隐私控制。 当进入兼容的场所时,用户的设备在安全硬件或软件中生成签名的临时假名身份(TPI)。 上传到场地服务器的任何遥测包括签名,使得服务器可以验证数据是否有效。 TPI可能有内置的到期。 因此,场地服务器可以在TPI期间接收有用的跟踪数据,同时确保用户永久地保持数据或与个人识别信息相关联。
-
9.发明申请MECHANISM FOR FACILITATING DYNAMIC CONTEXT-BASED ACCESS CONTROL OF RESOURCES 审中-公开促进动态基于上下文的资源访问控制机制公开(公告)号:US20150135258A1
公开(公告)日:2015-05-14
申请号:US14129961
申请日:2013-09-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/45 , G06F21/6218 , G06F2221/2111 , H04L63/0876 , H04L63/20
摘要: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要翻译: 描述了一种用于促进根据一个实施例的资源的基于上下文的访问控制的机制。 如本文所述的实施例的方法包括接收访问多个资源的资源的第一请求。 第一请求可以与对应于在计算设备处放置第一请求的用户相关联的一个或多个上下文相关联。 该方法还可以包括评估一个或多个上下文。 一个或多个上下文的评估可以包括将一个或多个上下文与与所请求的资源相关联的一个或多个访问策略进行匹配。 该方法还可以包括:如果一个或多个上下文满足访问策略中的至少一个,则接受第一请求。
-
公开(公告)号:US20160182491A1
公开(公告)日:2016-06-23
申请号:US14581277
申请日:2014-12-23
申请人: Lichun Jia , Craig T. Owen , Kevin C. Cheng , Ned M. Smith , Abhilasha Bhargav-Spantzel , Dave P. Singh
发明人: Lichun Jia , Craig T. Owen , Kevin C. Cheng , Ned M. Smith , Abhilasha Bhargav-Spantzel , Dave P. Singh
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/1433 , H04L63/20
摘要: Methods, apparatus, systems and articles of manufacture are disclosed to manage an authentication sequence. An example disclosed apparatus includes a verification engine to verify whether a platform policy sequence is authorized for the platform, when the platform policy sequence is authorized, a policy sequence engine to extract an ordered sequence of credential types from the platform policy sequence, in response to a platform log in request, a platform instruction engine to transmit an instruction for a first one of the credential types associated with a first sequence position of the platform policy sequence, to determine whether a response to the instruction contains a value indicative of the first credential type, and when the response contains the value indicative of the first credential type, comparing the value to a first threshold confidence value, and a platform authorization engine to unlock platform functionality when the value indicative of the first credential type satisfies the first threshold confidence value.
摘要翻译: 公开了方法,装置,系统和制品以管理认证序列。 一个示例公开的装置包括验证引擎,用于在平台策略序列被授权时验证平台策略序列是否被授权给平台策略序列,策略序列引擎从平台策略序列中提取凭证类型的有序序列,以响应于 平台登录请求,平台指令引擎,用于发送与平台策略序列的第一序列位置相关联的凭证类型中的第一个的指令,以确定对指令的响应是否包含指示第一凭证的值 并且当所述响应包含指示所述第一凭证类型的值时,将所述值与第一阈值置信度值进行比较,以及当所述指示所述第一凭证类型的值满足所述第一阈值置信度值时,平台授权引擎来解锁平台功能 。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.034 秒)
