公开(公告)号：US08959650B1

公开(公告)日：2015-02-17

申请号：US13537539

申请日：2012-06-29

申请人： Gareth D. Richards ,  Yedidya Dotan ,  Riaz Zolfonoon ,  Gregory Dicovitsky

发明人： Gareth D. Richards ,  Yedidya Dotan ,  Riaz Zolfonoon ,  Gregory Dicovitsky

IPC分类号： G06F21/00

CPC分类号： G06F21/44 ,  G06F21/335

摘要： A method is used in validating association of client devices with sessions. Information of a client device executing a user agent is gathered by a server for creating a device identifier for the client device upon receiving a request from the user agent for establishing a session between the user agent and the server. The device identifier includes information identifying the client device. The device identifier is associated with the session. The client device is validated by the server upon receiving subsequent requests from the client device during the session. Validating the client device includes gathering information of the client device sending each subsequent request for creating a device identifier for the client device and comparing the device identifier created from the information gathered during each subsequent request with the device identifier associated with the session.

摘要翻译： 一种方法用于验证客户端设备与会话的关联。 服务器收集执行用户代理的客户端设备的信息，用于在从用户代理接收到用于在用户代理和服务器之间建立会话的请求时，为客户端设备创建设备标识符。 设备标识符包括标识客户端设备的信息。 设备标识符与会话相关联。 客户端设备在会话期间从客户端设备收到后续请求时由服务器进行验证。 验证客户端设备包括收集客户端设备的信息，发送每个后续请求，用于创建客户端设备的设备标识符，并将从每个后续请求中收集的信息创建的设备标识符与与该会话相关联的设备标识符进行比较。

公开(公告)号：US09781130B1

公开(公告)日：2017-10-03

申请号：US13536999

申请日：2012-06-28

申请人： Daniel V. Bailey ,  Lawrence N. Friedman ,  Riaz Zolfonoon ,  Yedidya Dotan

发明人： Daniel V. Bailey ,  Lawrence N. Friedman ,  Riaz Zolfonoon ,  Yedidya Dotan

IPC分类号： G06F15/173 ,  H04L29/06 ,  G06F21/44 ,  G06F21/55 ,  H04W12/06 ,  H04L9/32

CPC分类号： H04L63/107 ,  G06F21/316 ,  G06F21/44 ,  G06F21/552 ,  G06F2221/2111 ,  G06F2221/2151 ,  H04L9/3271 ,  H04L9/3297 ,  H04L2209/80 ,  H04W4/02 ,  H04W12/06

摘要： A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.

公开(公告)号：US08904496B1

公开(公告)日：2014-12-02

申请号：US13435951

申请日：2012-03-30

申请人： Daniel V. Bailey ,  Lawrence N. Friedman ,  Yedidya Dotan ,  Samuel Curry ,  Riaz Zolfonoon

发明人： Daniel V. Bailey ,  Lawrence N. Friedman ,  Yedidya Dotan ,  Samuel Curry ,  Riaz Zolfonoon

IPC分类号： G06F21/00 ,  G06F21/44

CPC分类号： G06F21/44 ,  G06F21/552 ,  G06F2221/2111 ,  G06F2221/2151 ,  H04L9/3271 ,  H04L9/3297 ,  H04L2209/80 ,  H04W12/06

摘要： There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.

摘要翻译： 公开了一种用于认证与计算机资源有关的实体的方法和系统。 从实体接收到对计算机资源的访问的认证请求。 从与实体相关联的通信设备接收输入信号。 输入信号包括通信设备的当前位置。 通信设备的当前位置来源于输入信号。 捕获与通信设备相关的位置历史记录。 位置历史包括通信设备在一段时间内访问的离散位置的记录。 在通信设备的当前位置和与通信设备相关的位置历史之间进行分析。 基于通信设备的当前位置和与通信设备相关的位置历史之间的分析生成认证结果。 验证结果可用于认证实体。

公开(公告)号：US09282114B1

公开(公告)日：2016-03-08

申请号：US13172999

申请日：2011-06-30

申请人： Yedidya Dotan ,  Lawrence N. Friedman ,  Manoj Nair ,  Riaz Zolfonoon

发明人： Yedidya Dotan ,  Lawrence N. Friedman ,  Manoj Nair ,  Riaz Zolfonoon

IPC分类号： G06F21/55 ,  H04L9/00 ,  H04L29/06

CPC分类号： H04L63/1441 ,  G06F21/552 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/2111 ,  H04L63/107 ,  H04L63/1416

摘要： Embodiments relate to the generation of alerts in an event management system based upon risk. When an event device associated with the event management system, presents a logon page to a client device, the event device includes a beacon as part of the page to monitor and collect web device profile characteristics related to the client device. In response to a logon attempt by the client device, an event management device receives a notification regarding logon attempt and a risk assessment associated with the web device profile characteristics of the client device. Based upon a correlation of the notification and the corresponding risk assessment, the event management device can generate an alert, such as a SIEM alert, and can include an indication of priority, whether relatively low or high, and/or a confidence factor, whether or not the alert can be suppressed as part of the alert.

摘要翻译： 实施例涉及基于风险在事件管理系统中生成警报。 当与事件管理系统相关联的事件设备向客户端设备提供登录页面时，事件设备包括作为页面一部分的信标，以监视和收集与客户端设备相关的web设备配置文件特征。 响应于客户端设备的登录尝试，事件管理设备接收关于登录尝试的通知和与客户端设备的web设备简档特性相关联的风险评估。 基于通知的相关性和相应的风险评估，事件管理设备可以生成诸如SIEM警报的警报，并且可以包括无论相对低或高的优先级的指示和/或置信因子 或者不是可以抑制警报作为警报的一部分。

公开(公告)号：US09021271B1

公开(公告)日：2015-04-28

申请号：US13337817

申请日：2011-12-27

申请人： Gareth D. Richards ,  Lawrence N. Friedman ,  Alexander Volanis ,  Yedidya Dotan

发明人： Gareth D. Richards ,  Lawrence N. Friedman ,  Alexander Volanis ,  Yedidya Dotan

IPC分类号： G06F11/30 ,  G06F11/34

CPC分类号： G06F11/34 ,  G06F21/123

摘要： A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.

摘要翻译： 通过与硬件安全模块（HSM）通信的计算机执行方法。 该方法包括（a）在计算机上运行一个进程虚拟机（PVM），该PVM被配置为在PVM环境内执行便携式字节码指令，以及（b）在该PVM环境内执行（1）读取加密指令 来自计算机的数据存储的代码，（2）将加密的指令代码发送到HSM，（3）响应于从HSM接收解密的指令代码，以及（4）在PVM中运行的应用程序中注入解密的指令代码 由PVM执行的环境。 实施例还涉及类似的计算机程序产品和装置。

公开(公告)号：US08819803B1

公开(公告)日：2014-08-26

申请号：US13537594

申请日：2012-06-29

申请人： Gareth D. Richards ,  Yedidya Dotan ,  Lawrence N. Friedman

发明人： Gareth D. Richards ,  Yedidya Dotan ,  Lawrence N. Friedman

IPC分类号： H04L9/08

CPC分类号： H04L9/3213 ,  H04L63/0815 ,  H04L63/0876 ,  H04L63/1483 ,  H04L67/02

摘要： A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client.

摘要翻译： 一种方法用于验证客户端设备与认证客户端的关联。 从用于建立与服务器的会话的客户端使用的客户端设备接收到用于认证客户端的认证请求。 客户端由身份验证设备进行身份验证。 创建令牌并将其提供给客户端设备。 收集客户端设备的识别信息。 识别信息识别客户端设备。 评估从客户端装置收集的识别信息。 基于评估，确认识别信息对应于与认证客户端相关联的客户端设备。

公开(公告)号：US09641538B1

公开(公告)日：2017-05-02

申请号：US13536990

申请日：2012-06-28

申请人： Daniel V Bailey ,  Lawrence N Friedman ,  Yedidya Dotan ,  Samuel Curry

发明人： Daniel V Bailey ,  Lawrence N Friedman ,  Yedidya Dotan ,  Samuel Curry

IPC分类号： H04L29/06

CPC分类号： H04L63/102 ,  G06F21/552 ,  G06F2221/2111 ,  G06F2221/2151 ,  H04L9/3271 ,  H04L9/3297 ,  H04L2209/80 ,  H04W12/06

摘要： There is disclosed a method, system and a computer program product for use in authenticating an entity. An authentication request is received from the entity. Information in connection with the entity is acquired from an external source. Based on the information, a risk score is set such that the riskiness of the authentication request can be readily deduced therefrom.

公开(公告)号：US09240986B1

公开(公告)日：2016-01-19

申请号：US13628746

申请日：2012-09-27

申请人： Karl Ackerman ,  William W. Duane ,  Yedidya Dotan

发明人： Karl Ackerman ,  William W. Duane ,  Yedidya Dotan

IPC分类号： G06F17/30 ,  H04L29/06 ,  G06F21/34

CPC分类号： H04L63/08 ,  G06F21/34 ,  H04L63/0838 ,  H04L2463/082 ,  H04W4/02 ,  H04W12/06

摘要： A method is used in managing security and wireless signal detection. Information is gathered about analog signal reception at a receiver. Based on the information, a result is produced for use in determining location information at the receiver. The result is used to affect a security decision.

摘要翻译： 一种方法用于管理安全和无线信号检测。 收集关于在接收机处的模拟信号接收的信息。 基于该信息，产生用于确定接收器处的位置信息的结果。 结果用于影响安全决策。

公开(公告)号：US08701174B1

公开(公告)日：2014-04-15

申请号：US13246023

申请日：2011-09-27

申请人： Yedidya Dotan

发明人： Yedidya Dotan

IPC分类号： H04L9/32

CPC分类号： H04L9/3228 ,  G06F21/34 ,  G06F2221/2139 ,  H04L63/0838

摘要： A technique controls access to a protected resource. The technique involves performing a series of authentication operations between an end user device and an authentication engine, and providing, while the series of authentication operations results in ongoing successful authentication, a virtual desktop session from a virtual desktop server to the end user device to enable a user at the end user device to access the protected resource using the virtual desktop session. The technique further involves closing the virtual desktop session when the series of authentication operations results in unsuccessful authentication (e.g., receipt of an incorrect authentication factor, loss of communications between the end user device and the authentication engine, etc.) to prevent further access to the protected resource using the virtual desktop session. Such operation provides additional security beyond that offered by a virtual desktop session without ongoing authentication, and thus protects against more advanced types of cyber threats.

摘要翻译： 技术控制对受保护资源的访问。 该技术涉及在最终用户设备和认证引擎之间执行一系列认证操作，并且在一系列认证操作导致持续的成功认证时，提供从虚拟桌面服务器到最终用户设备的虚拟桌面会话以启用 最终用户设备上的用户使用虚拟桌面会话来访问受保护的资源。 该技术还涉及当一系列认证操作导致认证失败（例如，接收不正确的认证因素，终端用户设备与认证引擎之间的通信丢失等）时关闭虚拟桌面会话，以防止进一步访问 受保护的资源使用虚拟桌面会话。 这样的操作提供了超出虚拟桌面会话提供的安全性，而无需进行身份验证，从而防止更高级的网络威胁。

公开(公告)号：US09183595B1

公开(公告)日：2015-11-10

申请号：US13434983

申请日：2012-03-30

申请人： Ayelet Avni ,  Ayelet Eliezer ,  Yedidya Dotan

发明人： Ayelet Avni ,  Ayelet Eliezer ,  Yedidya Dotan

IPC分类号： G06Q50/00

CPC分类号： G06F21/40 ,  G06Q50/00

摘要： An improved technique generates questions to authenticate a user as part of a group. Along these lines, a KBA system, upon receiving a request to authenticate a particular user, collects facts having references to users of the group of users. The collected facts, however, may also include references to users not in the group of users. In building a set of questions for the particular user, the KBA system is capable of favoring facts having references to users of the group of users and few, if any, references to users not in the group of users; conversely, the KBA system is capable of discarding facts having too many references to users not in the group of users. The particular user's responses to the set of questions are indicative of whether the particular user belongs to the group.

摘要翻译： 改进的技术会产生问题，以将用户作为组的一部分进行身份验证。 沿着这些方向，KBA系统在接收到对特定用户的认证的请求时收集具有对该组用户的用户的引用的事实。 然而，收集的事实也可能包括对不在用户组中的用户的引用。 在为特定用户构建一组问题时，KBA系统能够有利于参考用户组的用户的事实，并且很少（如果有的话）引用不在用户组中的用户; 相反，KBA系统能够丢弃具有太多参考的事实，而不是用户组中的用户。 特定用户对该组问题的响应指示特定用户是否属于该组。