-
公开(公告)号:US09344279B2
公开(公告)日:2016-05-17
申请号:US14484371
申请日:2014-09-12
CPC分类号: G06F21/83 , G06F21/31 , G06F21/6218 , H04L9/3226 , H04L63/083 , H04L63/0853 , H04L2209/24 , H04M1/72527 , H04W4/80 , H04W12/04 , H04W12/06
摘要: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.
摘要翻译: 在移动设备和使用小键盘进行访问控制的交易终端之间建立认证通道。 假设终端键盘是不可信任的,而移动设备具有只有设备用户才能访问和使用的可信接口。 交易终端包括短距离通信设备和配置为与外部键盘设备通信以代替交易终端自己的键盘的键区界面应用。 移动设备包括移动应用。 响应于检测到用户访问请求,在交易终端中的键盘接口应用和移动设备中的键盘接口功能之间执行握手协议。 如果握手协议成功,则通知用户交易终端被信任。 用户然后在移动设备上输入他/她的密码和/或PIN,代替通过终端键盘的直接输入。
-
公开(公告)号:US20140337953A1
公开(公告)日:2014-11-13
申请号:US13889915
申请日:2013-05-08
CPC分类号: G06F21/31 , G06F21/33 , G06F21/41 , H04L63/08 , H04L63/0807 , H04L63/0853
摘要: An un-authenticated user attempts to access a protected resource at a Web- or cloud-based application from within a rich client. The client has an associated local HTTP server. Upon being refused access, a browser-based login dialog is opened automatically within an embedded browser panel. After receipt of the user's login credential in the panel, the browser passes the credential server application. If the user is authenticated, the browser-based dialog receives a cookie establishing that the user is authenticated for a session. The browser then automatically makes a request to the HTTP server, passing the cookie. Upon receipt of the request at the rich client HTTP server, the rich client saves the cookie in an associated data store, shuts down the login dialog, and re-issues the original request to the server, this time passing the cookie. The rich client, having provided the cookie, is then permitted to access the resource.
摘要翻译: 未经身份验证的用户尝试从富客户端内的基于Web或云的应用程序访问受保护的资源。 客户端具有关联的本地HTTP服务器。 被拒绝访问后,嵌入式浏览器面板中将自动打开基于浏览器的登录对话框。 在面板中收到用户的登录凭据后,浏览器会传递凭据服务器应用程序。 如果用户被认证,则基于浏览器的对话框将收到一个确认该用户已被认证用于会话的cookie。 然后,浏览器会自动向HTTP服务器发出请求,传递cookie。 在富客户端HTTP服务器上收到请求后,富客户端将Cookie保存在关联的数据存储中,关闭登录对话框,并重新向服务器发出原始请求,此时通过cookie。 富客户端提供了cookie,然后被允许访问该资源。
-
公开(公告)号:US09009815B2
公开(公告)日:2015-04-14
申请号:US13842097
申请日:2013-03-15
CPC分类号: G06F21/46 , G06F2221/2117 , H04L9/3226 , H04L63/083 , H04L63/0846 , H04L63/20 , H04L2209/26
摘要: An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user's password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user.
摘要翻译: 提供了一种方法来增加一组用户的密码强度。 该方法检测与其中一个用户对应的密码事件。 响应于检测到的密码事件,该方法识别用户密码的强度,并将其与一组或多个对应于用户组的密码强度指标进行比较。 然后将密码强度比较数据作为反馈传送回用户。
-
4.发明授权公开(公告)号:US09503471B2
公开(公告)日:2016-11-22
申请号:US14834531
申请日:2015-08-25
发明人: Mark McGloin , John Douglas Curtis , Peter Otto Mierswa , Russell L. Holden , Olgierd Stanislaw Pieczul
CPC分类号: H04L63/1458 , G06F9/505 , G06F17/30153 , H04L63/1416 , H04L63/1425 , H04L2463/141
摘要: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.
-
公开(公告)号:US09462068B2
公开(公告)日:2016-10-04
申请号:US14028214
申请日:2013-09-16
发明人: Olgierd Stanislaw Pieczul , Brent Allan Hepburn , David Scott Kern , Mark McGloin , Mark Lawrence Rovelli
IPC分类号: G06F15/173 , H04L29/08 , G06F11/36
摘要: In a cloud computing environment, a user authenticates to multiple cloud services concurrently. A master service has knowledge of or tracks the cloud service(s) to which a user is authenticated. Each cloud service may enforce its own inactivity period, and the inactivity period of at least first and second cloud services may be distinct from one another. When the master service receives an indication that the authenticated user is attempting to take an action at a first cloud service despite an activity timeout there, the master service issues a status request to at least the second cloud service to determine whether the user is still active at the second cloud service (despite its different inactivity period). If the user is still active at the second cloud service, the master service provides a response, selectively overriding (re-setting) the activity timeout at the first cloud service to permit the action.
-
公开(公告)号:US09104848B2
公开(公告)日:2015-08-11
申请号:US13889915
申请日:2013-05-08
CPC分类号: G06F21/31 , G06F21/33 , G06F21/41 , H04L63/08 , H04L63/0807 , H04L63/0853
摘要: An un-authenticated user attempts to access a protected resource at a Web- or cloud-based application from within a rich client. The client has an associated local HTTP server. Upon being refused access, a browser-based login dialog is opened automatically within an embedded browser panel. After receipt of the user's login credential in the panel, the browser passes the credential server application. If the user is authenticated, the browser-based dialog receives a cookie establishing that the user is authenticated for a session. The browser then automatically makes a request to the HTTP server, passing the cookie. Upon receipt of the request at the rich client HTTP server, the rich client saves the cookie in an associated data store, shuts down the login dialog, and re-issues the original request to the server, this time passing the cookie. The rich client, having provided the cookie, is then permitted to access the resource.
摘要翻译: 未经身份验证的用户尝试从富客户端内的基于Web或云的应用程序访问受保护的资源。 客户端具有关联的本地HTTP服务器。 被拒绝访问后,嵌入式浏览器面板中将自动打开基于浏览器的登录对话框。 在面板中收到用户的登录凭据后,浏览器会传递凭据服务器应用程序。 如果用户被认证,则基于浏览器的对话框将收到一个确认该用户已被认证用于会话的cookie。 然后,浏览器会自动向HTTP服务器发出请求,传递cookie。 在富客户端HTTP服务器上收到请求后,富客户端将Cookie保存在关联的数据存储中,关闭登录对话框,并重新向服务器发出原始请求,此时通过cookie。 富客户端提供了cookie,然后被允许访问该资源。
-
公开(公告)号:US20140130174A1
公开(公告)日:2014-05-08
申请号:US13671610
申请日:2012-11-08
IPC分类号: G06F21/60
CPC分类号: G06F21/60 , G06F21/88 , G06F2221/2143 , H04L12/40104
摘要: A method, programmed medium and system are provided for a server-based security manager application to support a self-cleaning operation on a remote computerized device. When a computer device has been reported as being missing for example, the security manager server application will cause the device to take pro-determined actions such as un-installing predetermined applications contained on the device and removing all persisted data associated with such predetermined applications.
摘要翻译: 提供了一种用于基于服务器的安全管理器应用程序来支持远程计算机化设备上的自清洁操作的方法,编程介质和系统。 例如,当计算机设备被报告为丢失时,安全管理器服务器应用将导致设备采取预定的动作,诸如卸载包含在设备上的预定应用,并且移除与这些预定应用相关联的所有持久数据。
-
8.发明申请Pre-processing system for minimizing application-level denial-of-service in a multi-tenant system 审中-公开用于在多租户系统中最小化应用程序级拒绝服务的预处理系统公开(公告)号:US20170078325A1
公开(公告)日:2017-03-16
申请号:US15359088
申请日:2016-11-22
发明人: Mark McGloin , John Douglas Curtis , Peter Otto Mierswa , Russell L. Holden , Olgierd Stanislaw Pieczul
IPC分类号: H04L29/06
CPC分类号: H04L63/1458 , G06F9/505 , G06F16/1744 , H04L63/1416 , H04L63/1425 , H04L2463/141
摘要: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.
摘要翻译: 拒绝服务攻击在云计算环境(如多租户协同SaaS系统)中被阻止或缓解。 这通过提供一种机制来实现,对于租户应用程序或应用程序类定义“合法”行为的表征,最好连同在执行应用程序的请求超过定义的工作流程限制的情况下采取的动作一起实现。 生成一组应用程序配置文件。 通常,简档包括诸如由一个或多个请求变量定义的请求,一个或多个“约束”,一个或多个“请求映射”和一个或多个“动作”的信息。约束是用于 应用程序。 请求映射将请求变量直接或间接映射到约束。 配置文件信息定义请求如何映射到工作负载以确定请求是否在策略中,如果不是,则执行什么操作。
-
公开(公告)号:US09413534B2
公开(公告)日:2016-08-09
申请号:US14834607
申请日:2015-08-25
CPC分类号: G06F21/83 , G06F21/31 , G06F21/6218 , H04L9/3226 , H04L63/083 , H04L63/0853 , H04L2209/24 , H04M1/72527 , H04W4/80 , H04W12/04 , H04W12/06
摘要: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.
-
公开(公告)号:US20160224809A1
公开(公告)日:2016-08-04
申请号:US15093460
申请日:2016-04-07
CPC分类号: G06F21/83 , G06F21/31 , G06F21/6218 , H04L9/3226 , H04L63/083 , H04L63/0853 , H04L2209/24 , H04M1/72527 , H04W4/80 , H04W12/04 , H04W12/06
摘要: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.019 秒)
