-
公开(公告)号:US09305153B1
公开(公告)日:2016-04-05
申请号:US13538913
申请日:2012-06-29
摘要: There is disclosed a user authentication device for generating time-varying authentication information for authenticating a user in an authentication system. The device comprising at least one sensor for sensing at least one of a biometric measurement of the user and a characteristic of the environmental surroundings of the device.There is also disclosed an authentication system and a method for authenticating a user in an authentication system.
摘要翻译: 公开了一种用于在认证系统中生成用于认证用户的时变认证信息的用户认证装置。 该装置包括至少一个传感器,用于感测使用者的生物测量和设备的环境环境的特征中的至少一个。 还公开了一种在认证系统中认证用户的认证系统和方法。
-
公开(公告)号:US08955066B1
公开(公告)日:2015-02-10
申请号:US13536191
申请日:2012-06-28
CPC分类号: G07F7/04 , G06F21/316
摘要: A technique of knowledge-based authentication receives information from third parties as to a user's recent web history including purchase history at an on-line retailer or search engine queries to produce a challenge question to authenticate the user based on that recent web history.
摘要翻译: 基于知识的认证的技术从第三方接收关于用户的近期网络历史的信息,包括在线零售商或搜索引擎查询的购买历史,以产生基于最近的网络历史认证用户的挑战问题。
-
公开(公告)号:US08949953B1
公开(公告)日:2015-02-03
申请号:US13611919
申请日:2012-09-12
IPC分类号: H04L29/06
CPC分类号: H04L63/08
摘要: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.
摘要翻译: 一种方法包括:(a)从应用服务器接收用户的登录消息,所述登录消息包括用于基于凭证的认证(CBA)的用户凭证,(b)将所述用户证书转发到CBA服务器以用于 CBA,(c)作为响应,从CBA服务器接收认证决定消息,(d)从CBA服务器接收到的认证决定消息发送决策信息给基于风险的认证(RBA)服务器,RBA服务器为 与CBA服务器不同的是,RBA服务器在执行RBA认证决策时要使用的决策信息,(e)如果认证决定消息为肯定的,则向应用服务器发送质询消息以启动要由 补充CBA的RBA服务器,以及(f)如果认证决定消息为否定,则向应用服务器发送拒绝消息。
-
公开(公告)号:US09781130B1
公开(公告)日:2017-10-03
申请号:US13536999
申请日:2012-06-28
CPC分类号: H04L63/107 , G06F21/316 , G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W4/02 , H04W12/06
摘要: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.
-
5.发明授权Virtualization platform for secured communications between a user device and an application server 有权用于用户设备和应用服务器之间的安全通信的虚拟化平台公开(公告)号:US08694993B1
公开(公告)日:2014-04-08
申请号:US13077230
申请日:2011-03-31
申请人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
发明人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
CPC分类号: H04L63/08 , G06F2009/45587 , H04L63/0272 , H04L67/10 , H04L67/42
摘要: A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.
摘要翻译: 为用户设备和应用服务器之间的安全通信提供了模块化虚拟化平台。 客户端计算设备在通过网络与应用服务器进行虚拟会话期间执行安全通信。 客户端计算设备加载虚拟机客户端; 并且基于一个或多个性能因素选择远程模块用作虚拟会话的虚拟化服务器。 利用所选择的模块建立虚拟会话,并且可以经由所选模块的虚拟会话在客户端计算设备和应用服务器之间发生安全通信。 可以使用基于点对点八卦的状态通知过程从多个模块收集性能因素。 路线列表优选地存储多个模块的性能因素。 路由列表可以包含指向多个虚拟化平台中的多个远程模块的指针,以增加可靠性。
-
公开(公告)号:US08631486B1
公开(公告)日:2014-01-14
申请号:US12414845
申请日:2009-03-31
IPC分类号: G06F21/00
CPC分类号: G06F21/31 , G06F21/57 , H04L63/08 , H04L63/105
摘要: A method is used in identity assurance. A process is executed that is used to verify a user identity. A description of the executed process is stored and is used to determine a level of trust.
摘要翻译: 身份保证中使用了一种方法。 执行用于验证用户身份的过程。 存储执行过程的描述,并用于确定信任级别。
-
7.发明授权Injecting code decrypted by a hardware decryption module into Java applications 有权将由硬件解密模块解密的代码注入Java应用程序公开(公告)号:US09021271B1
公开(公告)日:2015-04-28
申请号:US13337817
申请日:2011-12-27
CPC分类号: G06F11/34 , G06F21/123
摘要: A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.
摘要翻译: 通过与硬件安全模块(HSM)通信的计算机执行方法。 该方法包括(a)在计算机上运行一个进程虚拟机(PVM),该PVM被配置为在PVM环境内执行便携式字节码指令,以及(b)在该PVM环境内执行(1)读取加密指令 来自计算机的数据存储的代码,(2)将加密的指令代码发送到HSM,(3)响应于从HSM接收解密的指令代码,以及(4)在PVM中运行的应用程序中注入解密的指令代码 由PVM执行的环境。 实施例还涉及类似的计算机程序产品和装置。
-
公开(公告)号:US07810147B2
公开(公告)日:2010-10-05
申请号:US11607836
申请日:2006-12-01
CPC分类号: H04L63/0838 , H04L63/1441
摘要: A system for detecting and preventing replay attacks includes a plurality of interconnected authentication servers, and one or more tokens for generating a one-time passcode and providing the one-time passcode to one of the authentication servers for authentication. The system includes an adjudicator function associated with each authentication server. The adjudicator evaluates a high water mark value associated with a token seeking authentication, allows authentication to proceed for the token if the high water mark evaluation indicates that the one-time passcode was not used in a previous authentication, and prevents authentication if the high water mark evaluation indicates that the one-time passcode was used in a previous authentication. The token is associated with a home authentication server that maintains a current high water mark of the token. The home authentication server validates the current high water mark on behalf of the adjudicator function evaluating the token for authentication.
摘要翻译: 用于检测和防止重放攻击的系统包括多个互连的认证服务器,以及用于生成一次性密码并将一次性密码提供给一个认证服务器进行认证的一个或多个令牌。 该系统包括与每个认证服务器相关联的裁判员功能。 审判员评估与令牌寻求认证相关联的高水位值,如果高水位评估指示在先前认证中未使用一次性密码,则允许认证进行令牌,并且如果高水位则防止认证 标记评估表示在以前的认证中使用一次性密码。 令牌与维护令牌当前高水位的家庭认证服务器相关联。 家庭认证服务器代表评估用于认证的令牌的裁判员功能验证当前的高水位标记。
-
公开(公告)号:US09154556B1
公开(公告)日:2015-10-06
申请号:US13337442
申请日:2011-12-27
申请人: Yedidya Dotan , Lawrence N. Friedman , Ayelet Biger , Asaf Shoval
发明人: Yedidya Dotan , Lawrence N. Friedman , Ayelet Biger , Asaf Shoval
IPC分类号: G06F15/173 , H04L29/08
CPC分类号: H04L67/14 , H04L41/5083 , H04L43/045 , H04L67/02 , H04L67/143 , H04L67/322
摘要: A technique manages access to a limited number of computerized sessions. The technique involves receiving, from a waiting user, a session request for a computerized session, and queuing the session request in a wait queue in response to all of the limited number of computerized sessions being currently assigned to other users. The technique further involves, while the session request is queued in the wait queue, providing permission to the waiting user to un-assign a computerized session which is currently assigned to another user. With such a technique, the user has the option of simply waiting until a computerized session has been relinquished (i.e., if the user is willing to be patient) or un-assigning a computerized session currently assigned to another user (e.g., in order to speed up access to a computerized session).
摘要翻译: 一种技术管理对有限数量的计算机化会话的访问。 该技术涉及从等待用户接收对计算机化会话的会话请求,并且响应于当前分配给其他用户的所有有限数量的计算机化会话,将会话请求排队在等待队列中。 该技术还涉及当会话请求在等待队列中排队时,向等待用户提供许可以取消分配当前分配给另一用户的计算机会话。 通过这样的技术,用户可以选择简单地等待计算机化会话被放弃(即,如果用户愿意耐心)或者取消分配当前分配给另一用户的计算机化会话(例如,为了 加快访问计算机化会话)。
-
公开(公告)号:US08955069B1
公开(公告)日:2015-02-10
申请号:US13538102
申请日:2012-06-29
CPC分类号: H04L63/0861 , G06F21/32 , G06F2221/2115 , H04W12/06
摘要: Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The authentication optionally comprises an event-based authentication. The mobile device does not have to contain token generating material.
摘要翻译: 使用用户的移动设备提供基于事件的生物特征认证。 尝试访问受保护资源的用户通过接收访问受保护资源的请求进行认证; 响应于使用所述用户的移动设备的所述请求从所述用户收集生物特征信息; 使用所收集的生物特征信息来执行用户的生物体认证; 并基于生物认证授权对受保护的资源的访问。 认证可选地包括基于事件的认证。 移动设备不必包含令牌生成材料。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.018 秒)
