-
公开(公告)号:US08949953B1
公开(公告)日:2015-02-03
申请号:US13611919
申请日:2012-09-12
IPC分类号: H04L29/06
CPC分类号: H04L63/08
摘要: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.
摘要翻译: 一种方法包括:(a)从应用服务器接收用户的登录消息,所述登录消息包括用于基于凭证的认证(CBA)的用户凭证,(b)将所述用户证书转发到CBA服务器以用于 CBA,(c)作为响应,从CBA服务器接收认证决定消息,(d)从CBA服务器接收到的认证决定消息发送决策信息给基于风险的认证(RBA)服务器,RBA服务器为 与CBA服务器不同的是,RBA服务器在执行RBA认证决策时要使用的决策信息,(e)如果认证决定消息为肯定的,则向应用服务器发送质询消息以启动要由 补充CBA的RBA服务器,以及(f)如果认证决定消息为否定,则向应用服务器发送拒绝消息。
-
公开(公告)号:US08650405B1
公开(公告)日:2014-02-11
申请号:US13173607
申请日:2011-06-30
IPC分类号: G06F21/00
CPC分类号: G06F21/31
摘要: An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The user-specific authentication information is processed to form a PIN, and authentication of the user proceeds based on the PIN and any other authentication factors provided. Since the disclosed techniques compute PINs automatically based on information exchanged between a client machine and a server, the user is relieved of any burden associated with registering and remembering a PIN.
摘要翻译: 改进的基于PIN的认证技术用于向服务器认证客户端机器的用户,基于用户特定的认证信息(例如加密的cookie信息)自动生成用户的个人识别号码(PIN)。 服务器向客户机提供用户特定的认证信息。 当用户提交认证请求时,收集用户特定的身份验证信息并将其上传到服务器。 处理用户特定认证信息以形成PIN,并且用户的认证基于PIN和提供的任何其他认证因素而进行。 由于所公开的技术基于在客户机和服务器之间交换的信息自动计算PIN,所以用户免除与注册和记住PIN相关联的任何负担。
-
3.发明授权Injecting code decrypted by a hardware decryption module into Java applications 有权将由硬件解密模块解密的代码注入Java应用程序公开(公告)号:US09021271B1
公开(公告)日:2015-04-28
申请号:US13337817
申请日:2011-12-27
CPC分类号: G06F11/34 , G06F21/123
摘要: A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.
摘要翻译: 通过与硬件安全模块(HSM)通信的计算机执行方法。 该方法包括(a)在计算机上运行一个进程虚拟机(PVM),该PVM被配置为在PVM环境内执行便携式字节码指令,以及(b)在该PVM环境内执行(1)读取加密指令 来自计算机的数据存储的代码,(2)将加密的指令代码发送到HSM,(3)响应于从HSM接收解密的指令代码,以及(4)在PVM中运行的应用程序中注入解密的指令代码 由PVM执行的环境。 实施例还涉及类似的计算机程序产品和装置。
-
公开(公告)号:US09781130B1
公开(公告)日:2017-10-03
申请号:US13536999
申请日:2012-06-28
CPC分类号: H04L63/107 , G06F21/316 , G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W4/02 , H04W12/06
摘要: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.
-
5.发明授权Virtualization platform for secured communications between a user device and an application server 有权用于用户设备和应用服务器之间的安全通信的虚拟化平台公开(公告)号:US08694993B1
公开(公告)日:2014-04-08
申请号:US13077230
申请日:2011-03-31
申请人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
发明人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
CPC分类号: H04L63/08 , G06F2009/45587 , H04L63/0272 , H04L67/10 , H04L67/42
摘要: A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.
摘要翻译: 为用户设备和应用服务器之间的安全通信提供了模块化虚拟化平台。 客户端计算设备在通过网络与应用服务器进行虚拟会话期间执行安全通信。 客户端计算设备加载虚拟机客户端; 并且基于一个或多个性能因素选择远程模块用作虚拟会话的虚拟化服务器。 利用所选择的模块建立虚拟会话,并且可以经由所选模块的虚拟会话在客户端计算设备和应用服务器之间发生安全通信。 可以使用基于点对点八卦的状态通知过程从多个模块收集性能因素。 路线列表优选地存储多个模块的性能因素。 路由列表可以包含指向多个虚拟化平台中的多个远程模块的指针,以增加可靠性。
-
公开(公告)号:US10063549B1
公开(公告)日:2018-08-28
申请号:US13169668
申请日:2011-06-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L63/0838 , H04L63/1441 , H04L2463/082
摘要: A technique of supporting multi-factor authentication uses a database server. The technique involves receiving suspicious user activity data from a first set of authentication servers and storing the suspicious user activity data from the first set of authentication servers, as sharable authentication data, in a database of the database server. The technique further involves providing the sharable authentication data from the database to a second set of authentication servers. Each authentication server of the second set of authentication servers performs multi-factor authentication operations based on (i) local authentication data which is gathered by that authentication server and (ii) the sharable authentication data provided from the database. Accordingly, useful authentication data from one authentication server (e.g., a network address of a computer which mischievously attempts to probe or infiltrate that authentication server) can be shared with other authentication servers to enhance their ability to identify fraudsters.
-
公开(公告)号:US09781129B1
公开(公告)日:2017-10-03
申请号:US13536978
申请日:2012-06-28
IPC分类号: H04L29/06
CPC分类号: H04L63/107 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W12/06
摘要: There is disclosed a method and system for use in authenticating an entity. An authentication request is received from the entity. An input signal is received from a communications device associated with the entity. The input signal comprises the current location of the communications device. The current location of the communications device is derived from the input signal. Based on the current location of the communications device, an event is detected at substantially the same location as the current location of the communications device. An analysis is performed between the current location of the communications device and the event. An authentication result is generated based on the analysis between the current location of the communications device and the event. The authentication result can be used for authenticating the entity.
-
公开(公告)号:US09516059B1
公开(公告)日:2016-12-06
申请号:US13170732
申请日:2011-06-28
CPC分类号: H04L63/1491 , H04L63/0807 , H04L63/1483
摘要: A technique provides protection against malicious activity. The technique involves providing a mock token to fraudster equipment. The mock token appears to be a legitimate user token that identifies a legitimate user (e.g., an actual user token, a token seed, etc.). The technique further involves receiving, from the fraudster equipment, an authentication request which uses the mock token and, in response to receiving the authentication request which uses the mock token from the fraudster equipment, performing a set of authentication server operations to protect against future activity by the fraudster equipment (e.g., deny access to the fraudster equipment, acquire specific information about the fraudster equipment, output a message to subscribers of an eFraud network, and so on).
摘要翻译: 一种技术提供了防止恶意活动的保护。 该技术涉及向欺诈设备提供模拟令牌。 模拟令牌似乎是标识合法用户(例如,实际用户令牌,令牌种子等)的合法用户令牌。 该技术还涉及从欺诈设备接收使用模拟令牌的认证请求,并且响应于从欺诈设备接收使用模拟令牌的认证请求,执行一组认证服务器操作以防止将来的活动 通过欺诈设备(例如,拒绝访问欺诈设备,获取关于欺诈设备的具体信息,向eFraud网络的用户输出消息等)。
-
公开(公告)号:US09230066B1
公开(公告)日:2016-01-05
申请号:US13534873
申请日:2012-06-27
CPC分类号: G06F21/00 , G06F21/316 , G06F2221/2111 , H04L63/107 , H04W4/02 , H04W12/06
摘要: An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user.
摘要翻译: 改进的技术基于确定用户设备发送的先前交易数据的能力来认证用户。 沿着这些方式,改进的技术使用独立的信息源来验证给定收集器获得的先前交易数据的准确性。 例如,当位置数据的收集器是手机的GPS单元时,独立的信息源可以是在交易时最靠近手机的信元塔。 虽然由单元塔提供的位置数据可能不如GPS单元提供的位置数据那样精确,但是这样的数据对于确认来自GPS单元的位置数据是有用的。 在这种情况下,如果单元塔提供的数据未能证实由GPS单元提供的数据,则GPS单元增加了验证用户的重大风险。
-
10.发明授权Authentication based on a current location of a communications device associated with an entity 有权基于与实体相关联的通信设备的当前位置的认证公开(公告)号:US08904496B1
公开(公告)日:2014-12-02
申请号:US13435951
申请日:2012-03-30
CPC分类号: G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W12/06
摘要: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.
摘要翻译: 公开了一种用于认证与计算机资源有关的实体的方法和系统。 从实体接收到对计算机资源的访问的认证请求。 从与实体相关联的通信设备接收输入信号。 输入信号包括通信设备的当前位置。 通信设备的当前位置来源于输入信号。 捕获与通信设备相关的位置历史记录。 位置历史包括通信设备在一段时间内访问的离散位置的记录。 在通信设备的当前位置和与通信设备相关的位置历史之间进行分析。 基于通信设备的当前位置和与通信设备相关的位置历史之间的分析生成认证结果。 验证结果可用于认证实体。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.027 秒)
