Techniques for password attack mitigation
    4.
    发明申请
    Techniques for password attack mitigation 失效
    减轻密码攻击的技术

    公开(公告)号:US20070005985A1

    公开(公告)日:2007-01-04

    申请号:US11174126

    申请日:2005-06-30

    IPC分类号: H04L9/00

    摘要: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

    摘要翻译: 具有记录多个无效认证请求的第一计数器的装置,系统和方法,基于第一计数器的值设置第一时间段的第一定时器和与第一计数器和第一定时器相关联的认证模块 为了接收包括用户名的初始认证请求,并且当所述用户名无效时,该模块将使第一时间段内的用户名下的任何后续认证请求无效,而不管后续请求是否包括有效的用户名。 该系统还包括通信介质。 该方法包括在第一会话中接收具有新信息的认证请求,验证新信息,以及在第一会话中缓存经验证的新信息。

    Techniques for password attack mitigation
    5.
    发明授权
    Techniques for password attack mitigation 失效
    减轻密码攻击的技术

    公开(公告)号:US08132018B2

    公开(公告)日:2012-03-06

    申请号:US11174126

    申请日:2005-06-30

    IPC分类号: G06F21/00

    摘要: Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

    摘要翻译: 具有记录多个无效认证请求的第一计数器的装置,系统和方法,基于第一计数器的值设置第一时间段的第一定时器和与第一计数器和第一定时器相关联的认证模块 为了接收包括用户名的初始认证请求,并且当所述用户名无效时,该模块将在第一时间段期间使用户名下的任何后续认证请求无效,而不管后续请求是否包括有效的用户名。 该系统还包括通信介质。 该方法包括在第一会话中接收具有新信息的认证请求,验证新信息,以及在第一会话中缓存经验证的新信息。

    Secure platform voucher service for software components within an execution environment
    7.
    发明授权
    Secure platform voucher service for software components within an execution environment 有权
    在执行环境中的软件组件的安全平台凭证服务

    公开(公告)号:US08499151B2

    公开(公告)日:2013-07-30

    申请号:US13412382

    申请日:2012-03-05

    IPC分类号: H04L29/06

    摘要: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.

    摘要翻译: 用于执行环境中的软件的安全平台凭证服务的设备,物品,方法和系统。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制仅通过认证的,授权和验证的软件组件进行访问的存储器区域。 配置远程实体或网关只需要知道平台的公钥或证书层次结构来接收任何组件的验证。 验证或凭证有助于向远程实体确保在平台或网络上运行的恶意软件无法访问配置的资料。 代表在受保护的内存区域中提供的经认证/授权/验证的软件组件的软件组件可访问的基础平台来锁定和解锁秘密。

    SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT
    8.
    发明申请
    SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
    执行环境中软件组件的安全维护服务

    公开(公告)号:US20090038017A1

    公开(公告)日:2009-02-05

    申请号:US11833073

    申请日:2007-08-02

    IPC分类号: H04L9/32 G06F12/14

    摘要: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

    摘要翻译: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。

    Network vulnerability assessment of a host platform from an isolated partition in the host platform
    9.
    发明申请
    Network vulnerability assessment of a host platform from an isolated partition in the host platform 有权
    主机平台上的孤立分区的主机平台的网络漏洞评估

    公开(公告)号:US20070271360A1

    公开(公告)日:2007-11-22

    申请号:US11435038

    申请日:2006-05-16

    IPC分类号: G06F15/173

    摘要: According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.

    摘要翻译: 根据本发明的实施例,主机平台设备包括可以检测主机平台设备完全连接到网络的尝试的嵌入式固件代理。 固件代理可以限制主机平台设备和网络之间的流量来引导流量,测试设备以确定设备漏洞,可能暂时停止访问其他外围设备,并将设备漏洞的报告传输到远程策略服务器。 在执行测试之后,固件代理可以从远程策略服务器接收关于设备是否被允许完全连接到网络的指示,并且如果是,是否存在对业务流量的任何进一步的限制,对于 例如,如果允许外围设备访问。

    Secure vault service for software components within an execution environment
    10.
    发明授权
    Secure vault service for software components within an execution environment 有权
    为执行环境中的软件组件提供安全的保管库服务

    公开(公告)号:US08839450B2

    公开(公告)日:2014-09-16

    申请号:US11833073

    申请日:2007-08-02

    IPC分类号: G06F12/14 G06F17/30

    摘要: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

    摘要翻译: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。