公开(公告)号：US20110093939A1

公开(公告)日：2011-04-21

申请号：US12582185

申请日：2009-10-20

申请人： Marc R. Barbour ,  Carl M. Ellison ,  Kristjan E. Hatlelid ,  Janet L. Schneider ,  Pieter R. Kasselman

发明人： Marc R. Barbour ,  Carl M. Ellison ,  Kristjan E. Hatlelid ,  Janet L. Schneider ,  Pieter R. Kasselman

IPC分类号： H04L9/32

CPC分类号： H04L63/10 ,  G06F21/40 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/105

摘要： A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. The collection of multiple user credentials is also compared to a threshold combination of user credentials to be satisfied to access the resource, and a determination is made, based on the comparing and the verifying, as to whether access to the resource is permitted. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device.

摘要翻译： 在设备处获得与多个不同用户之一相关联的多个用户凭证的集合，并且验证多个用户凭证中的一个或多个。 还将多个用户凭证的收集与用于访问资源的用户凭证的阈值组合进行比较，并且基于对允许对资源的访问的比较和验证进行确定。 指示是否允许请求用户访问资源的指示返回或提供给另一设备。

公开(公告)号：US08418237B2

公开(公告)日：2013-04-09

申请号：US12582185

申请日：2009-10-20

申请人： Marc R. Barbour ,  Carl M. Ellison ,  Kristjan E. Hatlelid ,  Janet L. Schneider ,  Pieter R. Kasselman

发明人： Marc R. Barbour ,  Carl M. Ellison ,  Kristjan E. Hatlelid ,  Janet L. Schneider ,  Pieter R. Kasselman

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  G06F21/40 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/105

摘要： A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. The collection of multiple user credentials is also compared to a threshold combination of user credentials to be satisfied to access the resource, and a determination is made, based on the comparing and the verifying, as to whether access to the resource is permitted. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device.

摘要翻译： 在设备处获得与多个不同用户之一相关联的多个用户凭证的集合，并且验证多个用户凭证中的一个或多个。 还将多个用户凭证的收集与用于访问资源的用户凭证的阈值组合进行比较，并且基于对允许对资源的访问的比较和验证进行确定。 指示是否允许请求用户访问资源的指示返回或提供给另一设备。

公开(公告)号：US09106629B2

公开(公告)日：2015-08-11

申请号：US12543326

申请日：2009-08-18

申请人： Carl M. Ellison ,  Larry Zhu ,  Tore L. Sundelin ,  Gleb Kholodov

发明人： Carl M. Ellison ,  Larry Zhu ,  Tore L. Sundelin ,  Gleb Kholodov

IPC分类号： G06F15/16 ,  H04L29/06 ,  G06F21/40 ,  H04L9/08 ,  H04L29/08

CPC分类号： H04L63/061 ,  G06F21/40 ,  H04L9/0869 ,  H04L9/0891 ,  H04L63/083 ,  H04L67/10

摘要： Each member of a group contributes to and calculates a new shared value. A distributed shared value algorithm is used to reach unanimous agreement on a shared value, such that every group member can use the new shared value as soon as it is changed. The distributed shared value agreement methodology operates without the selection of a leader. Each group member performs the distributed shared value agreement methodology and computes the new shared value using one or more of the contributions from the group members in such a way that no one member coerces the resulting shared value.

摘要翻译： 组中的每个成员都贡献并计算新的共享值。 使用分布式共享值算法来达成对共享值的一致协议，使得每个组成员都可以在更改后立即使用新的共享值。 分配的共享价值协议方法运行而不选择领导者。 每个组成员执行分布式共享价值协议方法，并使用来自组成员的一个或多个贡献来计算新的共享值，使得没有一个成员强制所得到的共享值。

公开(公告)号：US09026571B2

公开(公告)日：2015-05-05

申请号：US12258997

申请日：2008-10-27

申请人： Carl M. Ellison

发明人： Carl M. Ellison

IPC分类号： G06F7/58

CPC分类号： H04L9/3242 ,  G06F7/58 ,  H04L9/0869 ,  H04L2209/24

摘要： In accordance with one or more aspects, an initial output string is generated by a random number generator. The initial output string is sent to a random number service, and an indication of failure is received from the random number service if the initial output string is the same as a previous initial output string received by the random number service. Operation of the device is ceased in response to the indication of failure. Additionally, entropy estimates for hash values of an entropy source can be generated by an entropy estimation service based on hash values of various entropy source values received by the entropy estimation service. The hash values can be incorporated into an entropy pool of the device, and the entropy estimate of the pool being updated based on the estimated entropy of the entropy source.

摘要翻译： 根据一个或多个方面，初始输出字符串由随机数生成器生成。 如果初始输出字符串与由随机数服务接收的先前初始输出字符串相同，则将初始输出字符串发送到随机数服务，并且从随机数服务接收到失败指示。 响应于故障指示停止设备的操作。 此外，可以通过基于由熵估计服务接收的各种熵源值的哈希值的熵估计服务来生成熵源的散列值的熵估计。 哈希值可以被合并到设备的熵池中，并且基于熵源的估计熵更新池的熵估计。

公开(公告)号：US20140108814A1

公开(公告)日：2014-04-17

申请号：US12978266

申请日：2010-12-23

申请人： Vijay G. Bharadwaj ,  Niels T. Ferguson ,  Carl M. Ellison ,  Magnus Bo Gustaf Nyström ,  Dayi Zhou ,  Denis Issoupov ,  Octavian T. Ureche ,  Peter J. Novotney ,  Cristian M. Ilac

发明人： Vijay G. Bharadwaj ,  Niels T. Ferguson ,  Carl M. Ellison ,  Magnus Bo Gustaf Nyström ,  Dayi Zhou ,  Denis Issoupov ,  Octavian T. Ureche ,  Peter J. Novotney ,  Cristian M. Ilac

IPC分类号： G06F21/60

CPC分类号： G06F21/602 ,  G06F2221/2141 ,  H04L9/0836 ,  H04L9/0866

摘要： Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.

摘要翻译： 描述密码密钥管理技术。 在一个或多个实现中，读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。

公开(公告)号：US08504838B2

公开(公告)日：2013-08-06

申请号：US13072677

申请日：2011-03-26

申请人： Stefan Thom ,  Erik Lee Holt ,  Shivaram H. Mysore ,  Valerie Kathleen Bays ,  Carl M. Ellison

发明人： Stefan Thom ,  Erik Lee Holt ,  Shivaram H. Mysore ,  Valerie Kathleen Bays ,  Carl M. Ellison

IPC分类号： H04L29/06

CPC分类号： G06F21/34 ,  G06Q20/341 ,  G06Q20/388 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L9/0897

摘要： Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.

公开(公告)号：US08006295B2

公开(公告)日：2011-08-23

申请号：US11770677

申请日：2007-06-28

申请人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

发明人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

IPC分类号： G06F7/04

CPC分类号： H04L63/145 ,  G06F21/445 ,  G06F2221/2115 ,  G06F2221/2129 ,  H04L9/0891 ,  H04L63/0442 ,  H04L63/0823

摘要： The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

摘要翻译： 主题公开涉及域识别系统，其包括具有密钥和经验无意义的标识符的主体，用于识别网络环境中的组件的经典无意义的标识符。 可以通过绑定将符号无意义的标识符绑定到公钥。 组件可以是组件邻域的一部分，并且每个成员组件都知道成员的绑定。

公开(公告)号：US07979703B2

公开(公告)日：2011-07-12

申请号：US11254076

申请日：2005-10-19

申请人： Carl M. Ellison ,  Elissa E. S. Murphy ,  Manav Mishra

发明人： Carl M. Ellison ,  Elissa E. S. Murphy ,  Manav Mishra

IPC分类号： H04L9/32

CPC分类号： H04L63/126 ,  H04L9/3247 ,  H04L63/101

摘要： A method and system for determining the reputation of a sender for sending desirable communications is provided. The reputation system identifies senders of communications by keys sent along with the communications. The reputation system then may process a communication to determine whether it is a desirable communication. The reputation system then establishes a reputation for the sender of the communication based on the assessment of whether that communication and other communications sent by that sender are desirable. Once the reputation of a sender is established, the reputation system can discard communications from senders with undesired reputations, provide to the recipient communications from senders with desired reputations, and place in a suspect folder communications from senders with an unknown reputation.

摘要翻译： 提供了一种用于确定用于发送所需通信的发送者的信誉的方法和系统。 信誉系统通过与通信一起发送的密钥来识别通信的发送者。 信誉系统然后可以处理通信以确定它是否是期望的通信。 信誉系统然后基于对该发送者发送的通信和其他通信是否期望的评估来确定通信发送者的声誉。 一旦建立了发送者的声誉，信誉系统就可以丢弃具有不良声誉的发送者的通信，从具有所需信誉的发送者提供给接收方的通信，并将其置于具有未知信誉的发件人的可疑文件夹通信中。

公开(公告)号：US20080244736A1

公开(公告)日：2008-10-02

申请号：US11694014

申请日：2007-03-30

申请人： Butler Lampson ,  Ravindra Nath Pandya ,  Paul J. Leach ,  Muthukrishnan Paramasivam ,  Carl M. Ellison ,  Charles William Kaufman

发明人： Butler Lampson ,  Ravindra Nath Pandya ,  Paul J. Leach ,  Muthukrishnan Paramasivam ,  Carl M. Ellison ,  Charles William Kaufman

IPC分类号： G06F12/14

CPC分类号： G06F21/604 ,  G06F21/6218

摘要： Access control as it relates to policies or permissions is provided based on a created model. A security policy is abstracted and can be independent of a mechanism used to protect resources. An asbstract model of a potential user, user role and/or resource is created without associating a specific individual and/or resource with a model. These abstract user models and abstract resource models can be used across applications or within disparate applications. The abstracted security policies can be selectively applied to the model. Specific users and/or resources can be associated with one or more abstract user model or abstract resource model. The models can be nested to provide configurations for larger systems.

摘要翻译： 基于创建的模型提供与策略或权限相关的访问控制。 安全策略被抽象出来，可以独立于用于保护资源的机制。 创建潜在用户，用户角色和/或资源的抽象模型，而不将特定个人和/或资源与模型相关联。 这些抽象用户模型和抽象资源模型可以跨应用程序或不同的应用程序使用。 抽象的安全策略可以选择性地应用于模型。 特定用户和/或资源可以与一个或多个抽象用户模型或抽象资源模型相关联。 这些型号可以嵌套，以提供更大系统的配置。

公开(公告)号：US20080022132A1

公开(公告)日：2008-01-24

申请号：US11449553

申请日：2006-06-07

申请人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

发明人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

IPC分类号： G06F12/14

CPC分类号： G06F21/85 ,  G06F21/78 ,  G06F2221/2113 ,  H04L9/0836

摘要： Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.

摘要翻译： 通过使用单个密码引擎执行磁盘操作来控制对诸如磁盘的存储设备的访问。 与控制对存储设备的访问相关联的分层结构的每个层相关联的密钥被组合。 这种组合的结果被用作密码引擎的关键。 要从存储装置检索和写入存储装置的数据利用组合密钥由加密引擎进行操作。 通过组合与分层结构的层相关联的功能来组合密钥。 组合功能可以包括排他或功能，加密散列函数或其组合。