-
1.发明授权Method and apparatus utilizing dynamic questioning to provide secure access control 失效利用动态询问提供安全访问控制的方法和设备
公开(公告)号:US5774525A
公开(公告)日:1998-06-30
申请号:US911259
申请日:1997-08-14
CPC分类号: G06F21/40 , G06F21/31 , H04M3/382 , H04M3/493 , G06F2221/2103
摘要: A method and corresponding apparatus utilizes questioning to provide secure access control including the steps of storing information in a database; generating at least one question based upon the information stored in the data base; communicating to the user the generated question(s); receiving a response associated with the question(s), interpreting the response to determine whether the response conforms to the information upon which is based the associated question(s); and outputting an authorization status indicating whether or not the user is authorized for access according to the determination. The question(s) concerns a relationship among portions of information contained in said data base. This feature is advantageous because it protects against an eavesdropper gaining access to the service or facility and provides the capability of generating a relatively large number of different questions from a small data base. Furthermore, the questions asked of the user may be based on dynamic data, which advantageously protects against eavesdroppers gaining access to the service or facility. In addition, the number and/or type of questions generated by the first module may correspond to a security level of the system. The security level may be set by the service or facility, or may be set the system control module according to user input.
摘要翻译: 一种方法和相应的装置利用提问来提供安全的访问控制,包括将信息存储在数据库中的步骤; 基于存储在数据库中的信息生成至少一个问题; 向用户传达所产生的问题; 接收与所述问题相关联的响应,解释所述响应以确定所述响应是否符合基于相关问题的信息; 并且根据该确定输出指示用户是否被授权访问的授权状态。 该问题涉及所述数据库中包含的部分信息之间的关系。 该特征是有利的,因为它防止窃听者获得对服务或设施的访问,并且提供从小数据库生成相对大量不同问题的能力。 此外,用户询问的问题可以基于动态数据,其有利地防止窃听者获得对服务或设施的访问。 此外,第一模块产生的问题的数量和/或类型可以对应于系统的安全级别。 安全级别可以由服务或设施设置,或者可以根据用户输入设置系统控制模块。
-
公开(公告)号:US08800032B2
公开(公告)日:2014-08-05
申请号:US13030009
申请日:2011-02-17
申请人: Marcel Mordechay Yung , Yoram Ofek
发明人: Marcel Mordechay Yung , Yoram Ofek
IPC分类号: G06F11/00
CPC分类号: H04L69/16 , G06F21/14 , H04L47/10 , H04L47/193 , H04L47/27 , H04L47/283 , H04L63/0227 , H04L63/10 , H04L69/161 , H04L69/163 , Y10S707/99939
摘要: This invention discloses a method and system for processing logic modules, each having a separate functionality, into a unique functionality that is to be executed in an interlocked mode as a unique functionality. The method is based on taking logic modules (programs and data) with known functionality and transforming them into a hidden program by integrating modules to execute together into a logic which is partially obfuscated and/or encrypted and/or physically hidden. The hidden program is being updated dynamically to strengthen it against reverse engineering efforts. The program includes the functionality for generating security signals, which are unpredictable by observers, such as a pseudo random sequence of security signals. Only elements that share the means for producing the security signals can check their validity. The modules include operational tasks and performance parameters for this operation. The operation can be transmission of data packets with given parameters of performance that the hidden program contains. The generated security signals thus assure that the correct operation was taken place and can be used to signal various cryptographic parameters as well.
摘要翻译: 本发明公开了一种用于将逻辑模块(每个具有单独功能)处理成独特功能的方法和系统,其将以互锁模式作为唯一功能执行。 该方法基于采用具有已知功能的逻辑模块(程序和数据),并通过将模块集成到部分模糊化和/或加密和/或物理隐藏的逻辑中来将其转换为隐藏程序。 隐藏的程序正在动态更新,以加强对抗逆向工程的工作。 该程序包括用于生成安全信号的功能,这些观察者不可预知,例如安全信号的伪随机序列。 只有分享安全信号产生手段的元素才能检查其有效性。 这些模块包括此操作的操作任务和性能参数。 该操作可以传输具有隐藏程序包含的性能的给定参数的数据包。 所产生的安全信号因此确保正确的操作发生,并且也可用于发送各种加密参数。
-
公开(公告)号:US07305704B2
公开(公告)日:2007-12-04
申请号:US10219380
申请日:2002-08-14
申请人: Yoram Ofek , Marcel Mordechay Yung
发明人: Yoram Ofek , Marcel Mordechay Yung
CPC分类号: H04L69/16 , G06F21/14 , H04L47/10 , H04L47/193 , H04L47/27 , H04L47/283 , H04L63/0227 , H04L63/10 , H04L69/161 , H04L69/163 , Y10S707/99939
摘要: This invention discloses a method and system for detecting and reacting to unexpected communications patterns. The system consists of a plurality of end stations and a plurality of network interfaces, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The system further consists of a plurality of secure management servers, which continuously exchange management messages with the network interfaces. Consequently, the secure management servers have the information for detecting unexpected communications patterns. The method allows the control of end stations, and when an unexpected communication pattern is detected, selectively only packets from authenticated programs can be allowed to be transmitted.
摘要翻译: 本发明公开了一种用于检测和反应意外通信模式的方法和系统。 该系统由多个终端站和多个网络接口组成,使得网络接口能够确定终端站使用的程序的真实性来生成和发送数据分组。 该系统还包括多个安全管理服务器,其连续地与网络接口交换管理消息。 因此,安全管理服务器具有用于检测意外通信模式的信息。 该方法允许端站的控制,并且当检测到意外的通信模式时,仅选择性地仅允许发送来自经认证的程序的分组。
-
4.发明授权Auto-recoverable and auto-certifiable cryptosystem with unescrowed signing keys 失效可自动恢复和自动认证的密码系统,带有未插入的签名密钥
公开(公告)号:US6122742A
公开(公告)日:2000-09-19
申请号:US878189
申请日:1997-06-18
CPC分类号: H04L9/3247 , H04L9/0894
摘要: A method is provided for an escrow cryptosystem combined with an unescrowed digital signature scheme that uses a single public key per user. This system is overhead-free, does not require a cryptographic tamper-proof hardware implementation (i.e., can be done in software), and is publicly verifiable. The system cannot be used subliminally to enable a shadow public key system. Namely, an unescrowed public key system that is publicly displayed in a covert fashion. The cryptosystem contains a key generation mechanism that outputs a key triplet, and a certificate of proof that the keys were generated according to the algorithm. The key triplet consists of a public key, a private decryption key, and a private signing key. Using the public key and the certificate, the triplet can be verified efficiently by anyone to have the following properties: (1) the private signing key is known to the user, and (2) the private decryption key is recoverable by the escrow authorities. The system assures that the escrow authorities are not able to forge signatures or get the private signing key. The system is designed so that its internals can be made publicly scrutinizable (e.g., it can be distributed in source code form).
摘要翻译: 提供了一种用于与使用每个用户单个公共密钥的未被描述的数字签名方案组合的托管密码系统的方法。 该系统是无间断的,不需要加密防篡改硬件实现(即可以在软件中完成),并且是可公开验证的。 系统不能潜意识地使用影子公钥系统。 即,以隐蔽的方式公开显示的未被描述的公钥系统。 密码系统包含输出密钥三元组的密钥生成机制,以及根据算法产生密钥的证明证书。 密钥三重组由公钥,私钥解密密钥和私有签名密钥组成。 使用公钥和证书,任何人都可以有效地验证三元组具有以下属性:(1)用户已知私人签名密钥,(2)私钥解密密钥可由托管机构恢复。 该系统确保代管当局无法伪造签名或获得私人签名密钥。 该系统的设计使其内部可以公开审查(例如,它可以以源代码形式分发)。
-
公开(公告)号:US20080221914A1
公开(公告)日:2008-09-11
申请号:US12073764
申请日:2008-03-10
IPC分类号: G06Q30/00
CPC分类号: G06Q20/40 , G06Q20/382 , G06Q20/3821 , G06Q20/401 , G06Q20/4037 , G06Q30/04 , G06Q30/0613 , G06Q40/00 , G07F7/08
摘要: A method for providing a warranty relating to a transaction between two parties, each party having a data communications device, in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, each location having a computer system, a database coupled to the computer system and storing information about each client of the institution and a data communications device coupled to the computer system for communication with the data communications device of any one party, each party being a client of at least one of the institutions, the method containing the steps of:transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction;conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; andtransmitting a response to the request from the respective location to the one party.
摘要翻译: 一种在包括由多个位置组成的基础设施的系统中提供与具有数据通信设备的双方之间的交易有关的保证的方法,每个位置与相应的机构相关联,所述各个机构向客户端提供服务,每个位置具有 计算机系统,耦合到计算机系统的数据库,并且存储关于机构的每个客户端的信息以及耦合到计算机系统的数据通信设备,用于与任何一方的数据通信设备进行通信,每个方面至少为客户端 其中一个机构,该方法包括以下步骤:从一方向作为相应机构的客户的交易发送保证请求到与相应机构相关联的相应位置,该请求包括标识对方的信息 交易和交易性质的信息; 在相应位置和与另一方是客户的机构相关联的位置之间进行信息交换; 以及从所述相应位置向所述一方发送对所述请求的响应。
-
公开(公告)号:US07343619B2
公开(公告)日:2008-03-11
申请号:US10219379
申请日:2002-08-14
IPC分类号: H04L9/32
CPC分类号: H04L69/16 , G06F21/14 , H04L47/10 , H04L47/193 , H04L47/27 , H04L47/283 , H04L63/0227 , H04L63/10 , H04L69/161 , H04L69/163 , Y10S707/99939
摘要: The objective of this invention is to ensure that programs that generate and send data packets are well behaved. This invention discloses a method and system that consist of an end station and a network interface, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The method is based on using a hidden program that was obfuscated within the program that is used to generate and send data packets from the end station. The hidden program is being updated dynamically and it includes the functionality for generating a pseudo random sequence of security signals. Only the network interface knows how the pseudo random sequence of security signals were generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby, verify the authenticity of the programs used to generate and send data packets.
摘要翻译: 本发明的目的是确保生成和发送数据分组的程序表现良好。 本发明公开了一种由终端站和网络接口组成的方法和系统,使得网络接口能够确定终端站使用的程序的真实性来生成和发送数据分组。 该方法基于使用在程序内被模糊化的隐藏程序,该程序用于从终端站生成和发送数据包。 隐藏的程序正在动态更新,它包括用于生成安全信号的伪随机序列的功能。 只有网络接口知道如何产生安全信号的伪随机序列,因此,网络接口能够检查安全信号的伪随机序列的有效性,从而验证用于生成和 发送数据包。
-
公开(公告)号:USRE38375E1
公开(公告)日:2003-12-30
申请号:US09560334
申请日:2000-04-27
申请人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
发明人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
IPC分类号: H04L900
CPC分类号: G06F21/10 , G06F2211/007 , G06F2211/008
摘要: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
公开(公告)号:US5937066A
公开(公告)日:1999-08-10
申请号:US725102
申请日:1996-10-02
申请人: Rosario Gennaro , Donald Byron Johnson , Paul Ashley Karger , Stephen Michael Matyas, Jr. , Mohammad Peyravian , David Robert Safford , Marcel Mordechay Yung , Nevenko Zunic
发明人: Rosario Gennaro , Donald Byron Johnson , Paul Ashley Karger , Stephen Michael Matyas, Jr. , Mohammad Peyravian , David Robert Safford , Marcel Mordechay Yung , Nevenko Zunic
CPC分类号: H04L9/0841 , H04L9/085 , H04L9/0897
摘要: A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value. To recover the secret value, the party seeking recovery presents the encrypted key-generating values and public recovery information to the key recovery agents, who decrypt the key-generating values, regenerate the key-encrypting keys from the corresponding key-generating values, and provide the regenerated key-encrypting keys to the recovering party. The recovering party uses the key-encrypting keys to recover the secret value. Since the key-generating values cannot be derived from the key-encrypting keys, they may be used over a period spanning multiple cryptographic sessions without requiring new values or new public key encryptions.
摘要翻译: 一个加密密钥恢复系统,分两个阶段运行。 在第一阶段,发送者与接收者建立秘密值。 对于每个密钥恢复代理,发送者生成密钥生成值作为秘密值的单向函数,并用密钥恢复代理的公钥加密密钥生成值。 在针对特定加密会话执行的第二阶段中,发送者针对每个密钥恢复代理生成密钥加密密钥作为对应的密钥生成值的单向函数,并且将密钥加密密钥乘以加密密钥 的关键回收剂。 加密的密钥生成值和乘法加密的会话密钥与其他恢复信息一起被发送,以允许由寻求恢复秘密值的一方拦截的方式。 为了恢复秘密值,寻求恢复方向密钥恢复代理提供加密的密钥生成值和公共恢复信息,密钥恢复代理解密密钥生成值,从相应的密钥生成值重新生成密钥加密密钥, 向恢复方提供重新生成的密钥加密密钥。 恢复方使用密钥加密密钥来恢复秘密值。 由于密钥生成值不能从密钥加密密钥导出,所以它们可以在跨越多个加密会话的时间段内使用,而不需要新的值或新的公钥加密。
-
公开(公告)号:US5745678A
公开(公告)日:1998-04-28
申请号:US914911
申请日:1997-08-18
申请人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
发明人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
CPC分类号: G06F21/10 , G06F2211/007 , G06F2211/008
摘要: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
摘要翻译: 一种用于检测数据处理系统内的授权程序的方法和系统。 本发明创建用于验证程序的验证结构。 验证结构嵌入在程序中并且响应于程序的启动,确定程序是否是授权程序。 确定使用验证结构。
-
公开(公告)号:US08321348B2
公开(公告)日:2012-11-27
申请号:US13357213
申请日:2012-01-24
IPC分类号: G06Q40/00
CPC分类号: G06Q20/40 , G06Q20/382 , G06Q20/3821 , G06Q20/401 , G06Q20/4037 , G06Q30/04 , G06Q30/0613 , G06Q40/00 , G07F7/08
摘要: A method for providing a warranty relating to a transaction between two parties, each party being a client of at least one respective institution which provides services to the respective party, the method including: transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction; conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and transmitting a response to the request from the respective location to the one party.
摘要翻译: 一种用于提供与双方之间的交易的保证的方法,每方是至少一个相应机构的客户向相应方提供服务,所述方法包括:从一方向交易发送对保证的请求,该请求 是相应机构的客户到与相应机构相关联的相应位置,该请求包括识别交易的另一方的信息和关于交易的性质的信息; 在相应位置和与另一方是客户的机构相关联的位置之间进行信息交换; 以及从所述相应位置向所述一方发送对所述请求的响应。
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.027 秒)
