-
公开(公告)号:US5835683A
公开(公告)日:1998-11-10
申请号:US371903
申请日:1995-01-12
CPC分类号: G06N5/022
摘要: An authoring system and method create a knowledge base for an expert system that comprises communication cells for storing external data, assertion cells for storing data acquired from a user in the course of a user dialog, and interaction cells that specify (multimedia) interactions with the user, which are carried out as the cells are invoked by the run-time program. Each interaction cell has an enabling condition that must be satisfied before it can be invoked. At authoring time, the knowledge base is constructed by an expert system author who allocates the knowledge base cells on a rectangular grid similar to a spreadsheet. The author can try out various what-if scenarios by setting the values of assertion and communication cells and recalculating the knowledge base or simulating the created expert system. The grid is only an authoring tool, which is not visible or present at run time. A preferred application of the system is to create a health care expert system that will exchange information with a health care provider.
摘要翻译: 创作系统和方法为专家系统创建知识库,该专家系统包括用于存储外部数据的通信单元,用于在用户对话过程中存储从用户获取的数据的断言单元,以及指定(多媒体)与用户对话交互的交互单元 用户,它们是由运行时程序调用的单元执行的。 每个交互单元都具有必须在被调用之前必须满足的启用条件。 在创作时,知识库由专家系统作者构建,该专家系统作者将类似于电子表格的矩形网格分配知识库。 作者可以通过设置断言和通信单元的值并重新计算知识库或模拟创建的专家系统来尝试各种假设情景。 网格只是一个创作工具,在运行时不可见或存在。 该系统的首选应用是创建一个医疗保健专家系统,与卫生保健提供者交换信息。
-
公开(公告)号:US20220103573A1
公开(公告)日:2022-03-31
申请号:US17485492
申请日:2021-09-26
申请人: Francisco Corella
发明人: Francisco Corella
摘要: A method is provided for inspecting network traffic carried by a connection that is encrypted as specified by a network encryption protocol that provides forward secrecy. A server establishes a shared secret with a client as specified by the protocol, derives traffic secrets from the shared secret, and sends the traffic secret to a visibility middlebox. The visibility middlebox derives keying materials from the traffic secrets and uses the keying materials to decrypt the traffic.
-
公开(公告)号:US20170338967A1
公开(公告)日:2017-11-23
申请号:US15599249
申请日:2017-05-18
摘要: An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. When the certificate authority issues a certificate, the node issues a ledger transaction with an instruction to store a validation hash of the certificate in the issuance store, and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores. An on-ledger verifier validates a certificate by verifying that its serial number is not in the revocation store while its validation hash is in the verifier's replica of the issuance store.
-
公开(公告)号:US07975292B2
公开(公告)日:2011-07-05
申请号:US12138409
申请日:2008-06-12
申请人: Francisco Corella
发明人: Francisco Corella
IPC分类号: G06F7/04
CPC分类号: G06F21/31 , H04L63/083 , H04L63/20
摘要: A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account. Access is granted upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account. The method includes granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.
摘要翻译: 一种控制对应用的交互环境的访问的方法,包括接收与访问帐户有关的登录请求,每个登录请求包括要与访问帐户相关联的访问密码进行匹配的登录密码。 数据库包括至少一个帐户记录,其包括指示访问密码是临时密码还是永久密码的密码状态字段,以及指示管理员是否已将安全保留置于访问帐户上的安全保持字段。 当登录密码与访问密码匹配失败时,在收到登录请求后,访问被拒绝。 当登录密码与访问密码匹配时,访问被拒绝,密码状态字段表示访问密码是永久密码,安全保留字段表示访问帐户上有安全保护。 当登录密码与访问密码匹配时,在接收到登录请求时,访问被授予,密码状态字段指示访问密码是永久密码,并且安全保持字段指示访问帐户没有安全保持。 该方法包括授权访问,其被限制为允许更改访问密码,并且当登录密码与访问密码匹配并且访问密码是临时密码时,在接收到登录请求时提示访问密码的改变。
-
公开(公告)号:US20200153824A1
公开(公告)日:2020-05-14
申请号:US16734316
申请日:2020-01-04
摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.
-
公开(公告)号:US10567377B2
公开(公告)日:2020-02-18
申请号:US15468100
申请日:2017-03-23
摘要: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.
-
7.发明申请公开(公告)号:US20160269393A1
公开(公告)日:2016-09-15
申请号:US15136834
申请日:2016-04-22
IPC分类号: H04L29/06
CPC分类号: H04L63/083 , G06F21/32 , G06F21/33 , G06F21/41 , G06F21/45 , H04L9/0866 , H04L9/3213 , H04L9/3226 , H04L9/3236 , H04L9/3247 , H04L63/045 , H04L63/0807 , H04L63/0861
摘要: A method and system are provided for authenticating a user to an application back-end using a key pair and one or more bearer tokens such as a password, a biometric code, or a biometric key, while protecting the bearer tokens against back-end security breaches. In one embodiment, an application front-end authenticates the user by sending the bearer tokens and a public key to the application back-end, and demonstrating knowledge of a private key. The application back-end compares an authentication-phase tag derived from a joint hash of the public key and the bearer tokens against a registration-phase tag stored in a device record within a back-end database. The public key is not stored in the database, thereby depriving an adversary who breaches back-end security of information needed to test guesses of the bearer tokens.
摘要翻译: 提供了一种方法和系统,用于使用密钥对和一个或多个承载令牌(例如密码,生物特征码或生物特征密钥)将用户认证到应用后端,同时保护承载令牌免受后端安全性 违规 在一个实施例中,应用程序前端通过向应用程序后端发送承载令牌和公钥来验证用户,以及演示私钥的知识。 应用程序后端将公钥的联合哈希和承载令牌之间的认证相位标签与存储在后端数据库中的设备记录中的注册阶段标签进行比较。 公共密钥不存储在数据库中,从而剥夺了一个对手破坏了持续令牌猜测所需的信息的后端安全性。
-
公开(公告)号:US09185111B2
公开(公告)日:2015-11-10
申请号:US13954973
申请日:2013-07-30
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0869 , H04L2463/082
摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱重新生成包含来自PIN和原始凭证的密钥对的证书,并且密码地认证到后端子系统中的验证者黑盒; 那么验证者黑箱将认证令牌发送给证明者黑匣子作为加密认证的可验证确认,证明者黑箱将认证令牌发送到计算设备中的应用前端,应用前端发送 后端子系统中应用程序后端的身份验证令牌,应用程序后端验证身份验证令牌。
-
9.发明申请公开(公告)号:US20140006781A1
公开(公告)日:2014-01-02
申请号:US13925824
申请日:2013-06-24
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0869 , H04L2463/082
摘要: A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device authenticates cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential. The verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication. The prover black-box sends the authentication token to an application front-end in the computing device. The application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
摘要翻译: 一种向后端子系统认证计算设备的方法。 在一个实施例中,计算设备中的证明器黑箱通过证明拥有密码证书来密码地认证到后端子系统中的验证者黑箱。 验证者黑箱将认证令牌发送到证明者黑匣子,作为加密认证的可验证确认。 证明者黑箱将认证令牌发送到计算设备中的应用程序前端。 应用程序前端将认证令牌发送到后端子系统中的应用程序后端,应用程序后端会验证身份验证令牌。
-
公开(公告)号:US10764067B2
公开(公告)日:2020-09-01
申请号:US15599249
申请日:2017-05-18
摘要: An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. When the certificate authority issues a certificate, the node issues a ledger transaction with an instruction to store a validation hash of the certificate in the issuance store, and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores. An on-ledger verifier validates a certificate by verifying that its serial number is not in the revocation store while its validation hash is in the verifier's replica of the issuance store.
-
-
-
-
-
-
-
-
-
搜索结果
38 条记录 (耗时 0.02 秒)
