-
1.发明授权公开(公告)号:US09471777B1
公开(公告)日:2016-10-18
申请号:US13404839
申请日:2012-02-24
CPC分类号: G06F21/55 , G06F21/45 , H04L9/002 , H04L63/1441
摘要: A processing device is configured to identify a plurality of defensive security actions to be taken to address a persistent security threat to a system comprising information technology infrastructure, and to determine a schedule for performance of the defensive security actions based at least in part on a selected distribution derived from a game-theoretic model, such as a delayed exponential distribution or other type of modified exponential distribution. The system subject to the persistent security threat is configured to perform the defensive security actions in accordance with the schedule in order to deter the persistent security threat. The distribution may be selected so as to optimize defender benefit in the context of the game-theoretic model, where the game-theoretic model may comprise a stealthy takeover game in which attacker and defender entities can take actions at any time but cannot determine current game state without taking an action.
摘要翻译: 处理设备被配置为识别要采取的多个防御性安全措施以解决对包括信息技术基础设施的系统的持续安全威胁,并且至少部分地基于所选择的确定用于执行防御性安全动作的调度 衍生自游戏理论模型的分布,例如延迟指数分布或其他类型的修改指数分布。 受到持续安全威胁的系统被配置为根据时间表执行防御性安全措施,以便阻止持续的安全威胁。 可以选择分配,以便在游戏理论模型的上下文中优化后卫利益,其中游戏理论模型可以包括隐形收购游戏,其中攻击者和后卫实体可以随时采取行动但不能确定当前游戏 状态而不采取行动。
-
公开(公告)号:US08346742B1
公开(公告)日:2013-01-01
申请号:US13075848
申请日:2011-03-30
IPC分类号: G06F17/00
CPC分类号: G06F21/577
摘要: A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译: 客户端设备或其他处理设备包括文件处理模块,文件处理模块可操作以从文件系统请求证明文件系统以不同于第一格式的第二格式存储具有第一格式的文件, 从文件系统接收证明,并使用响应于该请求的文件系统提供的证明来验证文件是否以第二格式存储。 该证明至少部分地基于第二格式的文件的应用功能,并且该功能对生成证明施加了最低资源要求。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地,一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。
-
公开(公告)号:US08813234B1
公开(公告)日:2014-08-19
申请号:US13171759
申请日:2011-06-29
申请人: Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
发明人: Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
IPC分类号: G06F21/00
CPC分类号: G06F21/552 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.
摘要翻译: 处理设备包括处理器,其耦合到存储器并且实现基于图的方法以保护包括信息技术基础设施的系统免受持久的安全威胁。 持续性安全威胁的攻击升级状态被分配给图中的相应节点,并且用于防止节点对之间的转换的防御成本被分配给图中的相应边缘。 计算图的最小值,并根据最小值确定防御策略。 包含受到持续安全威胁的信息技术基础架构的系统是根据防御策略配置的,以便阻止持续的安全威胁。
-
4.发明授权Method and apparatus for selective blocking of radio frequency identification devices 有权用于选择性地阻断射频识别装置的方法和装置公开(公告)号:US06970070B2
公开(公告)日:2005-11-29
申请号:US10673540
申请日:2003-09-29
申请人: Ari Juels , Ronald L. Rivest , Michael Szydlo
发明人: Ari Juels , Ronald L. Rivest , Michael Szydlo
CPC分类号: G06K7/0008 , G06K19/0723 , G06K19/07336
摘要: Techniques are disclosed for providing enhanced privacy in an RFID system comprising a plurality of RFID devices, each having an associated identifier, and at least one reader which communicates with one or more of the devices. A blocker device is operative to receive a communication directed from the reader to one or more of the RFID devices, and to generate, possibly based on information in the received communication, an output transmittable to the reader. The output simulates one or more responses from at least one of the RFID devices in a manner which prevents the reader from determining at least a portion of the identifier of at least one of the RFID devices. The blocker device may itself comprise one of the RFID devices. In an illustrative embodiment, the output generated by the blocker device interferes with the normal operation of a singulation algorithm implemented by the reader.
摘要翻译: 公开了用于在RFID系统中提供增强的隐私的技术,其包括多个RFID设备,每个RFID设备具有相关联的标识符,以及至少一个与一个或多个设备通信的读取器。 阻止装置可操作以接收从读取器指向一个或多个RFID装置的通信,并且可能基于所接收的通信中的信息生成可读取器的输出。 该输出以防止读取器确定RFID设备中的至少一个的标识符的至少一部分的方式来模拟来自至少一个RFID设备的一个或多个响应。 阻塞装置本身可以包括RFID装置之一。 在说明性实施例中,由阻塞装置产生的输出干扰由读取器实现的分割算法的正常操作。
-
公开(公告)号:US08438617B2
公开(公告)日:2013-05-07
申请号:US11926784
申请日:2007-10-29
申请人: John G. Brainard , Ari Juels , Ronald L. Rivest , Michael Szydlo
发明人: John G. Brainard , Ari Juels , Ronald L. Rivest , Michael Szydlo
CPC分类号: G06F21/31
摘要: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.
摘要翻译: 认证服务器认证第一用户,并生成提供给认证的第一用户的凭证代码。 响应于第二用户对第一用户的请求来保证第二用户,第一用户可以向第二用户提供凭证代码,从而允许第二用户被认证。 认证服务器从第二用户接收凭证代码,并且基于凭证代码认证第二用户。 经认证的第二用户可以被提供有可用于至少一个附加认证的临时密码或其他类型的代码。
-
公开(公告)号:US09280871B2
公开(公告)日:2016-03-08
申请号:US11774857
申请日:2007-07-09
IPC分类号: G07F17/32
CPC分类号: G07F17/3251 , G07F17/32
摘要: Techniques for providing authentication functionality in a gaming system are disclosed. In one aspect, a gaming system is configured such that, at a given point during a current session of a game in progress that involves at least one user previously granted access by the system to participate in the current session, information available from an authentication token associated with the user is obtained prior to allowing the user to take a particular action in the game. A determination is made as to whether or not the user will be allowed to take the particular action in the game, based on the obtained information. The obtained information may comprise, for example, at least a portion of a one-time password generated by a hardware or software authentication token.
摘要翻译: 公开了一种用于在游戏系统中提供认证功能的技术。 在一个方面,游戏系统被配置为使得在正在进行的游戏的当前会话期间的给定点处涉及至少一个用户先前被系统授权参与当前会话的访问,来自认证令牌的信息 在允许用户在游戏中采取特定动作之前获得与用户相关联。 根据所获得的信息确定用户是否将被允许在游戏中采取特定动作。 获得的信息可以包括例如由硬件或软件认证令牌生成的一次性密码的至少一部分。
-
公开(公告)号:US08699713B1
公开(公告)日:2014-04-15
申请号:US13250225
申请日:2011-09-30
申请人: Ronald L. Rivest , Ari Juels
发明人: Ronald L. Rivest , Ari Juels
CPC分类号: H04L63/068 , H04L9/08 , H04L9/0891 , H04L63/12 , H04L63/1441
摘要: A key is updated in a first cryptographic device and an update message comprising information characterizing the updated key is sent from the first cryptographic device to a second cryptographic device. The update message as sent by the first cryptographic device is configured to permit the second cryptographic device to detect compromise of the updated key by determining if an inconsistency is present in the corresponding received update message based at least in part on that received update message and one or more previously-received update messages. In an illustrative embodiment, the first cryptographic device comprises an authentication token and the second cryptographic device comprises an authentication server.
摘要翻译: 在第一加密设备中更新密钥,并且包括表征更新的密钥的信息的更新消息从第一密码设备发送到第二密码设备。 由第一加密设备发送的更新消息被配置为允许第二密码设备通过至少部分地基于接收到的更新消息和一个接收到的更新消息来确定对应的接收到的更新消息中是否存在不一致性来检测更新密钥的折中 或更多以前收到的更新消息。 在说明性实施例中,第一密码设备包括认证令牌,第二密码设备包括认证服务器。
-
公开(公告)号:US20090113530A1
公开(公告)日:2009-04-30
申请号:US11926784
申请日:2007-10-29
申请人: John G. Brainard , Ari Juels , Ronald L. Rivest , Michael Szydlo
发明人: John G. Brainard , Ari Juels , Ronald L. Rivest , Michael Szydlo
CPC分类号: G06F21/31
摘要: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.
摘要翻译: 认证服务器认证第一用户,并生成提供给认证的第一用户的凭证代码。 响应于第二用户对第一用户的请求来保证第二用户,第一用户可以向第二用户提供凭证代码,从而允许第二用户被认证。 认证服务器从第二用户接收凭证代码,并且基于凭证代码认证第二用户。 经认证的第二用户可以被提供有可用于至少一个附加认证的临时密码或其他类型的代码。
-
公开(公告)号:US08966276B2
公开(公告)日:2015-02-24
申请号:US10938422
申请日:2004-09-10
申请人: Andrew Nanopoulos , Karl Ackerman , Piers Bowness , William Duane , Markus Jakobsson , Burt Kaliski , Dmitri Pal , Shane D. Rice , Ronald L. Rivest
发明人: Andrew Nanopoulos , Karl Ackerman , Piers Bowness , William Duane , Markus Jakobsson , Burt Kaliski , Dmitri Pal , Shane D. Rice , Ronald L. Rivest
CPC分类号: H04L63/0838 , G06F21/31 , G06F21/34 , G06F2221/2103 , H04L9/002 , H04L9/3228 , H04L9/3234 , H04L9/3236 , H04L9/3271 , H04L63/0853 , H04L2209/38 , H04L2209/80
摘要: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.
摘要翻译: 在用于断开认证的系统中,在预定时间段,事件顺序和/或挑战集合上对应于给定认证令牌输出的验证记录被下载到验证者。 记录包括给定认证令牌输出的加密或散列信息。 在使用时间间隔的一个实施例中,对于每个时间间隔,令牌输出数据,盐值和胡椒值被散列并与时间间隔的验证记录进行比较。 成功比较后,用户可以访问计算机。 也可以提供PIN值作为输入的散列函数。 哈希函数输出的一部分可以用作解密加密(Windows)密码或其他敏感信息的密钥。
-
公开(公告)号:US20100241569A1
公开(公告)日:2010-09-23
申请号:US12579313
申请日:2009-10-14
申请人: Ronald L. Rivest , Silvio Micali
发明人: Ronald L. Rivest , Silvio Micali
IPC分类号: G06Q20/00
CPC分类号: G06Q20/06 , G06Q20/02 , G06Q20/027 , G06Q20/04 , G06Q20/0425 , G06Q20/29 , G06Q20/3674 , G06Q20/382 , G06Q20/3825
摘要: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value TV. The micropayment scheme minimizes the bank's processing costs, while at the same time eliminating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.
摘要翻译: 提出了一种微支付系统和方法,用于付款人U为交易T建立支付给付款人M,该交易通常具有非常低的价值电视。 微支付方案最大限度地减少了银行的处理成本,同时消除了用户和商家进行交互的需要,以确定是否应选择给定的小额支付进行付款。 在一个实施例中,微支付方案包括时间限制,其要求在预定时间/日期间隔内向银行B呈现用于交易T的电子支票C.以用于支付。 在另一个实施例中,微支付方案包括选择性存款协议,其保证即使在概率框架内,用户也不会超出他实际花费的费用。 在另一个实施例中,微支付方案包括延迟选择协议,其为银行提供在支付选择过程上的控制和灵活性。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.027 秒)
