公开(公告)号：US20070230694A1

公开(公告)日：2007-10-04

申请号：US11509215

申请日：2006-08-23

申请人： Gregory Rose ,  Alexander Gantman ,  Lu Xiao

发明人： Gregory Rose ,  Alexander Gantman ,  Lu Xiao

IPC分类号： H04L9/22

CPC分类号： G06F7/588 ,  G06F7/58 ,  H04L9/0662 ,  H04L2209/043 ,  H04L2209/24

摘要： A cryptographically secure pseudo-random number generator is configured to obtain one or more unpredictable sources of entropy that provide a seed. A current internal state of the number generator is modified as a function of the current internal state and the seed to accumulate entropy. The modified internal state may be obtained by using non-linear feedback shift register operations on the internal state and the seed. A pseudo-random number is then generated based on the modified internal state of the number generator. The one or more unpredictable sources of entropy may be combined into the seed. The internal state of the number generator may be continually modified with additional seeds obtained from the one or more unpredictable sources and the current internal state. Additionally, the internal state of the number generator may be modified on demand with a new seed received from a calling application.

摘要翻译： 密码安全的伪随机数发生器被配置为获得提供种子的一个或多个不可预知的熵源。 数字发生器的当前内部状态被修改为当前内部状态和种子以累积熵的函数。 可以通过对内部状态和种子使用非线性反馈移位寄存器操作来获得修改的内部状态。 然后基于数字发生器的修改的内部状态生成伪随机数。 一个或多个不可预测的熵源可以组合到种子中。 可以使用从一个或多个不可预测的源获得的附加种子和当前的内部状态来连续修改号码发生器的内部状态。 此外，可以根据需要修改号码发生器的内部状态，并从呼叫应用程序接收到新的种子。

公开(公告)号：US09104854B2

公开(公告)日：2015-08-11

申请号：US13211818

申请日：2011-08-17

申请人： Lu Xiao ,  Alexander Gantman

发明人： Lu Xiao ,  Alexander Gantman

IPC分类号： G06F21/00 ,  G06F21/36

CPC分类号： G06F21/36 ,  G06F2221/2133

摘要： Disclosed is a method for visual verification a Captcha's source. In the method, a Captcha is served to a user. The Captcha includes visual information related to a characteristic of a source of the Captcha and related to a puzzle question of the Captcha. The visual information is for visual verification by the user of the Captcha's source. A response is received from the user based on the served Captcha. A determination is made as to whether the received response is a solution of the puzzle question of the served Captcha.

摘要翻译： 披露了一种视觉验证验证码的方法。 在该方法中，向用户提供验证码。 验证码包括与验证码来源相关的视觉信息，并且与Captcha的难题相关。 视觉信息用于验证验证码的来源。 基于提供的验证码从用户接收到响应。 确定接收的响应是否是服务验证码的拼图问题的解决方案。

公开(公告)号：US08788802B2

公开(公告)日：2014-07-22

申请号：US11535937

申请日：2006-09-27

申请人： Alexander Gantman ,  Tolga Yalcinkaya ,  Gregory Gordon Rose ,  Lu Xiao

发明人： Alexander Gantman ,  Tolga Yalcinkaya ,  Gregory Gordon Rose ,  Lu Xiao

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC分类号： H04L9/0872 ,  H04L9/088 ,  H04L9/321 ,  H04L63/083 ,  H04L2209/76

摘要： A constrained proxy key is used to secure communications between two devices via an intermediary device. A first proxy key is generated at a host device (key generator device) based on a shared secret key, one or more constraints on the first proxy key, and a key derivation function. At least the shared secret key and key derivation function are known to the host device an a client device (authentication device). The first proxy key is sent to a proxy device to use in authenticating communications with the client device. An authenticated message is generated by the proxy device using the first proxy key and sent to the client device. The client device locally generates a second proxy key using the key derivation function, one or more constraints, and the shared secret key for authenticating the proxy device. The proxy device is authenticated if the client device successfully accesses the authenticated message from the proxy device using the second proxy key.

摘要翻译： 受限代理密钥用于通过中间设备来保护两个设备之间的通信。 基于共享秘密密钥，第一代理密钥上的一个或多个约束和密钥导出功能，在主机设备（密钥发生器设备）处生成第一代理密钥。 至少共享秘密密钥和密钥导出功能对于主机设备是已知的客户端设备（认证设备）。 第一代理密钥被发送到代理设备以用于认证与客户端设备的通信。 认证消息由代理设备使用第一代理密钥生成并发送到客户端设备。 客户端设备使用密钥导出功能，一个或多个约束和用于认证代理设备的共享秘密密钥本地生成第二代理密钥。 如果客户端设备使用第二代理密钥从代理设备成功访问认证消息，则代理设备被认证。

公开(公告)号：US20080263117A1

公开(公告)日：2008-10-23

申请号：US11738972

申请日：2007-04-23

申请人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao ,  David Figueroa

发明人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao ,  David Figueroa

IPC分类号： G06F7/58 ,  G06F15/177

CPC分类号： G06F7/582 ,  G06F7/588 ,  H04L9/0869

摘要： A secure seeding and reseeding scheme is provided for pseudorandom number generators by using a pre-stored initialization seed. This scheme initializes a pseudorandom number generator into an unknown state even when entropy collection is unavailable. A primary seed file and a shadow seed file are maintained with initialization seed information in a secure file system. If the primary seed file is corrupted, the pseudorandom number generator is seeded with the content of the shadow seed file. Additionally, a trusted timer or clock may be mixed with the pre-stored initialization seed to add entropy even when the pre-stored seed information has been compromised.

摘要翻译： 通过使用预先存储的初始化种子为伪随机数发生器提供安全的种子和再种植方案。 即使熵收集不可用，该方案将伪随机数发生器初始化为未知状态。 在安全文件系统中，使用初始化种子信息维护主种子文件和影子种子文件。 如果主种子文件被破坏，则伪随机数生成器被种子与影子种子文件的内容。 此外，即使预先存储的种子信息已被破坏，可信任的定时器或时钟可以与预先存储的初始化种子混合以添加熵。

公开(公告)号：US08407760B2

公开(公告)日：2013-03-26

申请号：US12253754

申请日：2008-10-17

申请人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao

发明人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao

IPC分类号： G06F17/00 ,  G06F7/04 ,  G06F9/00 ,  G06F21/00

CPC分类号： H04L63/102 ,  G06F21/6218

摘要： Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table.

摘要翻译： 公开了一种用于在具有基于角色的访问控制的远程站中转换访问权限的方法，用于具有由中央访问控制管理模块定义的访问权限的未知角色。 在该方法中，在远程站中维护角色能力表，指定在远程站中可解释的角色的集中定义的访问权限。 接收到与远程站中不可解释的未知角色相关联的访问请求。 访问请求包括将未知角色与其他中心定义角色相关联的角色转换列表。 其他中心定义角色中的至少一个可在远程站中解释。 从角色转换列表中选择一个角色，该角色可在远程站中解释，用于解释访问请求的未知角色。 基于与角色转换表中选择的可解释角色的访问权限，基于与未知角色关联的访问请求授予访问权限。

公开(公告)号：US08019802B2

公开(公告)日：2011-09-13

申请号：US11509215

申请日：2006-08-23

申请人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao

发明人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao

IPC分类号： G06F7/58

CPC分类号： G06F7/588 ,  G06F7/58 ,  H04L9/0662 ,  H04L2209/043 ,  H04L2209/24

摘要： A cryptographically secure pseudo-random number generator is configured to obtain one or more unpredictable sources of entropy that provide a seed. A current internal state of the number generator is modified as a function of the current internal state and the seed to accumulate entropy. The modified internal state may be obtained by using non-linear feedback shift register operations on the internal state and the seed. A pseudo-random number is then generated based on the modified internal state of the number generator. The one or more unpredictable sources of entropy may be combined into the seed. The internal state of the number generator may be continually modified with additional seeds obtained from the one or more unpredictable sources and the current internal state. Additionally, the internal state of the number generator may be modified on demand with a new seed received from a calling application.

摘要翻译： 密码安全的伪随机数发生器被配置为获得提供种子的一个或多个不可预知的熵源。 数字发生器的当前内部状态被修改为当前内部状态和种子以累积熵的函数。 可以通过对内部状态和种子使用非线性反馈移位寄存器操作来获得修改的内部状态。 然后基于数字发生器的修改的内部状态生成伪随机数。 一个或多个不可预测的熵源可以组合到种子中。 可以使用从一个或多个不可预测的源获得的附加种子和当前的内部状态来连续修改号码发生器的内部状态。 此外，可以根据需要修改号码发生器的内部状态，并从呼叫应用程序接收到新的种子。

公开(公告)号：US20080037785A1

公开(公告)日：2008-02-14

申请号：US11535937

申请日：2006-09-27

申请人： Alexander Gantman ,  Tolga Yalcinkaya ,  Gregory Gordon Rose ,  Lu Xiao

发明人： Alexander Gantman ,  Tolga Yalcinkaya ,  Gregory Gordon Rose ,  Lu Xiao

IPC分类号： H04L9/06 ,  H04L9/08 ,  H04L9/28

CPC分类号： H04L9/0872 ,  H04L9/088 ,  H04L9/321 ,  H04L63/083 ,  H04L2209/76

摘要： A constrained proxy key is used to secure communications between two devices via an intermediary device. A first proxy key is generated at a host device (key generator device) based on a shared secret key, one or more constraints on the first proxy key, and a key derivation function. At least the shared secret key and key derivation function are known to the host device an a client device (authentication device). The first proxy key is sent to a proxy device to use in authenticating communications with the client device. An authenticated message is generated by the proxy device using the first proxy key and sent to the client device. The client device locally generates a second proxy key using the key derivation function, one or more constraints, and the shared secret key for authenticating the proxy device. The proxy device is authenticated if the client device successfully accesses the authenticated message from the proxy device using the second proxy key.

摘要翻译： 受限代理密钥用于通过中间设备来保护两个设备之间的通信。 基于共享秘密密钥，第一代理密钥上的一个或多个约束和密钥导出功能，在主机设备（密钥发生器设备）处生成第一代理密钥。 至少共享秘密密钥和密钥导出功能对于主机设备是已知的客户端设备（认证设备）。 第一代理密钥被发送到代理设备以用于认证与客户端设备的通信。 认证消息由代理设备使用第一代理密钥生成并发送到客户端设备。 客户端设备使用密钥导出功能，一个或多个约束和用于认证代理设备的共享秘密密钥本地生成第二代理密钥。 如果客户端设备使用第二代理密钥从代理设备成功访问认证消息，则代理设备被认证。

公开(公告)号：US20130047231A1

公开(公告)日：2013-02-21

申请号：US13211818

申请日：2011-08-17

申请人： Lu Xiao ,  Alexander Gantman

发明人： Lu Xiao ,  Alexander Gantman

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： G06F21/36 ,  G06F2221/2133

摘要： Disclosed is a method for visual verification a Captcha's source. In the method, a Captcha is served to a user. The Captcha includes visual information related to a characteristic of a source of the Captcha and related to a puzzle question of the Captcha. The visual information is for visual verification by the user of the Captcha's source. A response is received from the user based on the served Captcha. A determination is made as to whether the received response is a solution of the puzzle question of the served Captcha.

摘要翻译： 披露了一种视觉验证验证码的方法。 在该方法中，向用户提供验证码。 验证码包括与验证码来源相关的视觉信息，并且与Captcha的难题相关。 视觉信息用于验证验证码的来源。 基于提供的验证码从用户接收到响应。 确定接收的响应是否是服务验证码的拼图问题的解决方案。

公开(公告)号：US20100100933A1

公开(公告)日：2010-04-22

申请号：US12253754

申请日：2008-10-17

申请人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao

发明人： Gregory Gordon Rose ,  Alexander Gantman ,  Lu Xiao

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  G06F21/6218

摘要： Disclosed is a method for transitioning access rights, in a remote station with role-based access control, for an unknown role having access rights defined by a central access control management module. In the method, a role capability table is maintained in the remote station specifying centrally-defined access rights of roles that are interpretable in the remote station. An access request associated with an unknown role that is not interpretable in the remote station is received. The access request includes a role transition list that relates the unknown role to other centrally-defined roles. At least one of the other centrally-defined roles is interpretable in the remote station. A role is selected, from the role transition list, that is interpretable in the remote station for interpreting the unknown role of the access request. Access is granted based on the access request associated with the unknown role using the access rights of the interpretable role selected from the role transition table.

摘要翻译： 公开了一种用于在具有基于角色的访问控制的远程站中转换访问权限的方法，用于具有由中央访问控制管理模块定义的访问权限的未知角色。 在该方法中，在远程站中维护角色能力表，指定在远程站中可解释的角色的集中定义的访问权限。 接收到与远程站中不可解释的未知角色相关联的访问请求。 访问请求包括将未知角色与其他中心定义角色相关联的角色转换列表。 其他中心定义角色中的至少一个可在远程站中解释。 从角色转换列表中选择一个角色，该角色可在远程站中解释，用于解释访问请求的未知角色。 基于与角色转换表中选择的可解释角色的访问权限，基于与未知角色关联的访问请求授予访问权限。

公开(公告)号：US20070259690A1

公开(公告)日：2007-11-08

申请号：US11692097

申请日：2007-03-27

申请人： David Julian ,  Chong Lee ,  Kamram Moallemi ,  Avneesh Agrawal ,  Manuel Jaime ,  Robert Douglas ,  Lu Xiao ,  Gregory Rose

发明人： David Julian ,  Chong Lee ,  Kamram Moallemi ,  Avneesh Agrawal ,  Manuel Jaime ,  Robert Douglas ,  Lu Xiao ,  Gregory Rose

IPC分类号： H04B1/38

CPC分类号： H04W8/02 ,  G01S11/06 ,  G01S13/08 ,  H04L67/24 ,  H04W8/22 ,  H04W64/006

摘要： Various operations may be performed based on a distance-related function associated with two or more devices. For example, an association procedure for two or more devices may be based on one or more determined distances. Similarly, presence management may be based on one or more determined distances. A distance-related function may take various form including, for example, a distance between devices, two or more distances between devices, a rate of change in a relative distance between devices, relative acceleration between devices, or some combination of two or more of the these distance-related functions.

摘要翻译： 可以基于与两个或更多个设备相关联的距离相关功能来执行各种操作。 例如，两个或多个设备的关联过程可以基于一个或多个确定的距离。 类似地，存在管理可以基于一个或多个确定的距离。 距离相关功能可以采取各种形式，包括例如设备之间的距离，设备之间的两个或更多个距离，设备之间的相对距离的变化率，设备之间的相对加速度，或两个或更多个 这些距离相关的功能。