-
公开(公告)号:US09280871B2
公开(公告)日:2016-03-08
申请号:US11774857
申请日:2007-07-09
IPC分类号: G07F17/32
CPC分类号: G07F17/3251 , G07F17/32
摘要: Techniques for providing authentication functionality in a gaming system are disclosed. In one aspect, a gaming system is configured such that, at a given point during a current session of a game in progress that involves at least one user previously granted access by the system to participate in the current session, information available from an authentication token associated with the user is obtained prior to allowing the user to take a particular action in the game. A determination is made as to whether or not the user will be allowed to take the particular action in the game, based on the obtained information. The obtained information may comprise, for example, at least a portion of a one-time password generated by a hardware or software authentication token.
摘要翻译: 公开了一种用于在游戏系统中提供认证功能的技术。 在一个方面,游戏系统被配置为使得在正在进行的游戏的当前会话期间的给定点处涉及至少一个用户先前被系统授权参与当前会话的访问,来自认证令牌的信息 在允许用户在游戏中采取特定动作之前获得与用户相关联。 根据所获得的信息确定用户是否将被允许在游戏中采取特定动作。 获得的信息可以包括例如由硬件或软件认证令牌生成的一次性密码的至少一部分。
-
2.发明授权公开(公告)号:US07363494B2
公开(公告)日:2008-04-22
申请号:US10010769
申请日:2001-12-04
CPC分类号: G06Q20/32 , G06Q20/385 , G06Q20/40 , H04L9/3226 , H04L9/3297 , H04L2209/56 , H04L2209/80
摘要: A time-based method for generating an authentication code associated with an entity uses an authentication code generated from a secret, a dynamic, time-varying variable, and the number of previous authentication code generations within the particular time interval. Other information such as a personal identification number (PIN) and a verifier identifier can also be combined into the authentication code.
摘要翻译: 用于生成与实体相关联的认证码的基于时间的方法使用从秘密,动态,时变变量和特定时间间隔内的先前认证码生成次数生成的认证码。 诸如个人识别码(PIN)和验证者标识符的其他信息也可以组合成认证码。
-
公开(公告)号:US07502467B2
公开(公告)日:2009-03-10
申请号:US11265510
申请日:2005-11-02
CPC分类号: H04L63/08 , G06F21/31 , G06F21/33 , H04L9/0844 , H04L9/0869 , H04L9/3234 , H04L63/0428
摘要: In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.
摘要翻译: 在根据本发明的用户认证系统和方法的一个实施例中,设备与服务器共享被称为主种子的秘密。 设备和服务器都使用密钥导出函数从主种子中导出一个或多个称为验证者种子的秘密。 服务器与一个或多个验证者共享一个验证者种子。 设备或使用该设备的实体可以使用适当的验证者种子与验证者之一进行身份验证。 以这种方式,设备和验证者可以共享秘密,该验证者的验证者种子,而没有知道主种子的验证者或任何其他验证者种子。 因此,设备只需要存储一个主播种子,可以访问正确导出适当种子所需的信息,并具有种子推导能力。 验证者不能损害主粒子,因为验证者无法访问主粒子。
-
公开(公告)号:US06985583B1
公开(公告)日:2006-01-10
申请号:US09304775
申请日:1999-05-04
CPC分类号: H04L63/08 , G06F21/31 , G06F21/33 , H04L9/0844 , H04L9/0869 , H04L9/3234 , H04L63/0428
摘要: In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.
-
5.发明授权公开(公告)号:US09471777B1
公开(公告)日:2016-10-18
申请号:US13404839
申请日:2012-02-24
CPC分类号: G06F21/55 , G06F21/45 , H04L9/002 , H04L63/1441
摘要: A processing device is configured to identify a plurality of defensive security actions to be taken to address a persistent security threat to a system comprising information technology infrastructure, and to determine a schedule for performance of the defensive security actions based at least in part on a selected distribution derived from a game-theoretic model, such as a delayed exponential distribution or other type of modified exponential distribution. The system subject to the persistent security threat is configured to perform the defensive security actions in accordance with the schedule in order to deter the persistent security threat. The distribution may be selected so as to optimize defender benefit in the context of the game-theoretic model, where the game-theoretic model may comprise a stealthy takeover game in which attacker and defender entities can take actions at any time but cannot determine current game state without taking an action.
摘要翻译: 处理设备被配置为识别要采取的多个防御性安全措施以解决对包括信息技术基础设施的系统的持续安全威胁,并且至少部分地基于所选择的确定用于执行防御性安全动作的调度 衍生自游戏理论模型的分布,例如延迟指数分布或其他类型的修改指数分布。 受到持续安全威胁的系统被配置为根据时间表执行防御性安全措施,以便阻止持续的安全威胁。 可以选择分配,以便在游戏理论模型的上下文中优化后卫利益,其中游戏理论模型可以包括隐形收购游戏,其中攻击者和后卫实体可以随时采取行动但不能确定当前游戏 状态而不采取行动。
-
6.发明授权Method and apparatus for selective blocking of radio frequency identification devices 有权用于选择性地阻断射频识别装置的方法和装置公开(公告)号:US06970070B2
公开(公告)日:2005-11-29
申请号:US10673540
申请日:2003-09-29
申请人: Ari Juels , Ronald L. Rivest , Michael Szydlo
发明人: Ari Juels , Ronald L. Rivest , Michael Szydlo
CPC分类号: G06K7/0008 , G06K19/0723 , G06K19/07336
摘要: Techniques are disclosed for providing enhanced privacy in an RFID system comprising a plurality of RFID devices, each having an associated identifier, and at least one reader which communicates with one or more of the devices. A blocker device is operative to receive a communication directed from the reader to one or more of the RFID devices, and to generate, possibly based on information in the received communication, an output transmittable to the reader. The output simulates one or more responses from at least one of the RFID devices in a manner which prevents the reader from determining at least a portion of the identifier of at least one of the RFID devices. The blocker device may itself comprise one of the RFID devices. In an illustrative embodiment, the output generated by the blocker device interferes with the normal operation of a singulation algorithm implemented by the reader.
摘要翻译: 公开了用于在RFID系统中提供增强的隐私的技术,其包括多个RFID设备,每个RFID设备具有相关联的标识符,以及至少一个与一个或多个设备通信的读取器。 阻止装置可操作以接收从读取器指向一个或多个RFID装置的通信,并且可能基于所接收的通信中的信息生成可读取器的输出。 该输出以防止读取器确定RFID设备中的至少一个的标识符的至少一部分的方式来模拟来自至少一个RFID设备的一个或多个响应。 阻塞装置本身可以包括RFID装置之一。 在说明性实施例中,由阻塞装置产生的输出干扰由读取器实现的分割算法的正常操作。
-
公开(公告)号:US08813234B1
公开(公告)日:2014-08-19
申请号:US13171759
申请日:2011-06-29
申请人: Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
发明人: Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
IPC分类号: G06F21/00
CPC分类号: G06F21/552 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要: A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.
摘要翻译: 处理设备包括处理器,其耦合到存储器并且实现基于图的方法以保护包括信息技术基础设施的系统免受持久的安全威胁。 持续性安全威胁的攻击升级状态被分配给图中的相应节点,并且用于防止节点对之间的转换的防御成本被分配给图中的相应边缘。 计算图的最小值,并根据最小值确定防御策略。 包含受到持续安全威胁的信息技术基础架构的系统是根据防御策略配置的,以便阻止持续的安全威胁。
-
公开(公告)号:US08438617B2
公开(公告)日:2013-05-07
申请号:US11926784
申请日:2007-10-29
申请人: John G. Brainard , Ari Juels , Ronald L. Rivest , Michael Szydlo
发明人: John G. Brainard , Ari Juels , Ronald L. Rivest , Michael Szydlo
CPC分类号: G06F21/31
摘要: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.
摘要翻译: 认证服务器认证第一用户,并生成提供给认证的第一用户的凭证代码。 响应于第二用户对第一用户的请求来保证第二用户,第一用户可以向第二用户提供凭证代码,从而允许第二用户被认证。 认证服务器从第二用户接收凭证代码,并且基于凭证代码认证第二用户。 经认证的第二用户可以被提供有可用于至少一个附加认证的临时密码或其他类型的代码。
-
公开(公告)号:US08699713B1
公开(公告)日:2014-04-15
申请号:US13250225
申请日:2011-09-30
申请人: Ronald L. Rivest , Ari Juels
发明人: Ronald L. Rivest , Ari Juels
CPC分类号: H04L63/068 , H04L9/08 , H04L9/0891 , H04L63/12 , H04L63/1441
摘要: A key is updated in a first cryptographic device and an update message comprising information characterizing the updated key is sent from the first cryptographic device to a second cryptographic device. The update message as sent by the first cryptographic device is configured to permit the second cryptographic device to detect compromise of the updated key by determining if an inconsistency is present in the corresponding received update message based at least in part on that received update message and one or more previously-received update messages. In an illustrative embodiment, the first cryptographic device comprises an authentication token and the second cryptographic device comprises an authentication server.
摘要翻译: 在第一加密设备中更新密钥,并且包括表征更新的密钥的信息的更新消息从第一密码设备发送到第二密码设备。 由第一加密设备发送的更新消息被配置为允许第二密码设备通过至少部分地基于接收到的更新消息和一个接收到的更新消息来确定对应的接收到的更新消息中是否存在不一致性来检测更新密钥的折中 或更多以前收到的更新消息。 在说明性实施例中,第一密码设备包括认证令牌,第二密码设备包括认证服务器。
-
公开(公告)号:US08346742B1
公开(公告)日:2013-01-01
申请号:US13075848
申请日:2011-03-30
IPC分类号: G06F17/00
CPC分类号: G06F21/577
摘要: A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译: 客户端设备或其他处理设备包括文件处理模块,文件处理模块可操作以从文件系统请求证明文件系统以不同于第一格式的第二格式存储具有第一格式的文件, 从文件系统接收证明,并使用响应于该请求的文件系统提供的证明来验证文件是否以第二格式存储。 该证明至少部分地基于第二格式的文件的应用功能,并且该功能对生成证明施加了最低资源要求。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地,一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.036 秒)
