-
公开(公告)号:US20230291556A1
公开(公告)日:2023-09-14
申请号:US18196750
申请日:2023-05-12
CPC分类号: H04L9/088 , H04L9/0891 , H04L9/321 , H04L9/3247 , H04L9/0618 , H04L9/0643 , H04L9/14 , H04L9/30
摘要: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.
-
公开(公告)号:US20230239289A1
公开(公告)日:2023-07-27
申请号:US18194891
申请日:2023-04-03
CPC分类号: H04L63/0838 , G06F21/34
摘要: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.
-
公开(公告)号:US11102189B2
公开(公告)日:2021-08-24
申请号:US14316675
申请日:2014-06-26
发明人: Kevin Ross O'Neill , Gregory B. Roth , Eric Jason Brandwine , Brian Irl Pratt , Bradley Jeffery Behm , Nathan R. Fitch
摘要: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.
-
公开(公告)号:US20180241742A1
公开(公告)日:2018-08-23
申请号:US15958655
申请日:2018-04-20
摘要: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.
-
公开(公告)号:US09832171B1
公开(公告)日:2017-11-28
申请号:US13916964
申请日:2013-06-13
CPC分类号: H04L63/0428 , H04L9/0822 , H04L9/0825 , H04L9/083 , H04L9/0891 , H04L9/0894 , H04L9/14 , H04L9/16 , H04L9/3213 , H04L9/3234 , H04L9/3247 , H04L63/0435 , H04L63/0807
摘要: A plurality of devices are each operable to provide information that is usable for to prove authorization with any of the other devices. The devices may have common access to a cryptographic key. A device may use the cryptographic key to encrypt a session key and provide both the session key and the encrypted session key. Requests to any of the devices can include the encrypted session key and a digital signature generated using the session key. In this manner, a device that receives the request can decrypt the session key and use the decrypted session key to verify the digital signature.
-
公开(公告)号:US09756031B1
公开(公告)日:2017-09-05
申请号:US14513147
申请日:2014-10-13
发明人: Gregory B. Roth , Cristian M. Ilac , James E. Scharf, Jr. , Nathan R. Fitch , Graeme D. Baer , Brian Irl Pratt , Kevin Ross O'Neill
CPC分类号: H04L63/08 , G06F21/123 , G06Q20/3821 , H04L63/0428 , H04L67/22
摘要: Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.
-
公开(公告)号:US09686261B2
公开(公告)日:2017-06-20
申请号:US14629332
申请日:2015-02-23
发明人: Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
CPC分类号: H04L63/08 , G06F21/62 , G06F2221/2141 , H04L63/10
摘要: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
-
公开(公告)号:US09608813B1
公开(公告)日:2017-03-28
申请号:US13916999
申请日:2013-06-13
IPC分类号: H04L9/08
CPC分类号: H04L63/0428 , H04L9/0822 , H04L9/0825 , H04L9/083 , H04L9/0891 , H04L9/0894 , H04L9/14 , H04L9/16 , H04L9/3213 , H04L9/3234 , H04L9/3247 , H04L63/0435 , H04L63/0807
摘要: A plurality of devices have common access to a cryptographic key. The cryptographic key is rotated by providing the devices simultaneous access to both the cryptographic key and a new cryptographic key and then revoking access to the cryptographic key. Keys stored externally and encrypted under the cryptographic key can be reencrypted under the new cryptographic key. Keys intended for electronic shredding can be left encrypted under the old cryptographic key.
-
公开(公告)号:US09590959B2
公开(公告)日:2017-03-07
申请号:US13764963
申请日:2013-02-12
CPC分类号: H04L63/0471 , G06F21/602 , G06F21/6218 , G06F2221/2101 , H04L9/0894 , H04L9/3242 , H04L9/3247 , H04L63/045 , H04L63/08 , H04L67/1097 , H04L2209/76
摘要: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.
摘要翻译: 分布式计算环境利用加密服务。 密码服务代表一个或多个实体安全地管理密钥。 密码服务被配置为接收和响应执行密码操作(例如加密和解密)的请求。 请求可以来自使用分布式计算环境和/或分布式计算环境的子系统的实体。
-
公开(公告)号:US20160283723A1
公开(公告)日:2016-09-29
申请号:US15173523
申请日:2016-06-03
CPC分类号: G06F21/602 , H04L9/0897 , H04L63/1416 , H04L2209/76
摘要: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.
摘要翻译: 一个安全模块可以安全地管理密钥。 安全模块可用于实现包括请求处理组件的加密服务。 请求处理组件通过使安全模块执行密码操作来响应请求,请求处理组件由于缺乏对适当的密钥的访问而无法执行。 安全模块可以是安全管理密钥的一组安全模块的成员。 将秘密信息从一个安全模块传递到另一个安全模块的技术防止未经授权的访问秘密信息。
-
-
-
-
-
-
-
-
-
搜索结果
65 条记录 (耗时 0.039 秒)
