-
1.发明授权Providing authentication codes which include token codes and biometric factors 有权提供包括令牌代码和生物特征因子的认证码公开(公告)号:US08752146B1
公开(公告)日:2014-06-10
申请号:US13434280
申请日:2012-03-29
申请人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , Nikolaos Triandopoulos , Riaz Zolfonoon
CPC分类号: H04L63/0861 , G06F21/32 , G06F21/43 , H04L9/3215 , H04L9/3228 , H04L9/3231 , H04L63/0838 , H04L63/18
摘要: A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements. Additionally, the token codes and the biometric factors of the composite passcodes operate as authentication inputs to user authentication operations performed by the authentication server. In some arrangements, the biometric factors are results of facial recognition (e.g., via a camera), voice recognition (e.g., via a microphone), gate recognition (e.g., via an accelerometer), touch recognition and/or typing recognition (e.g., via a touchscreen or keyboard), combinations thereof, etc.
摘要翻译: 一种技术提供认证码以将用户认证给认证服务器。 该技术涉及通过电子设备(例如,智能电话,平板电脑,笔记本电脑等)从加密密钥生成令牌代码。 该技术还涉及从用户获取生物测量,并输出复合密码作为认证码。 复合密码包括基于生物特征测量的令牌代码和生物特征因子。 此外,复合密码的令牌代码和生物特征因子作为认证服务器执行的用户认证操作的认证输入。 在一些布置中,生物特征因子是面部识别(例如,经由相机),语音识别(例如,经由麦克风),门识别(例如,经由加速度计),触摸识别和/或打字识别(例如, 通过触摸屏或键盘),其组合等
-
公开(公告)号:US08752156B1
公开(公告)日:2014-06-10
申请号:US13435848
申请日:2012-03-30
申请人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , Nikolaos Triandopoulos , Riaz Zolfonoon
IPC分类号: H04L29/06
CPC分类号: H04W12/06 , H04L9/0869 , H04L9/3228 , H04W12/12
摘要: A technique for detecting unauthorized copies of a soft token that runs on a mobile device includes generating a set of random bits on the mobile device and providing samples of the set of random bits, as well as token codes from the soft token, for delivery to a server during authentication requests. The server acquires the set of random bits of the mobile device, or learns the set of random bits over the course of multiple login attempts. Thereafter, the server predicts values of the samples of the set of random bits and tests actual samples arriving in connection with subsequent authentication requests. Mismatches between predicted samples and received samples indicate discrepancies between the random bits of the device providing the samples and the random bits of the mobile device, and thus indicate unauthorized soft token copies.
摘要翻译: 用于检测在移动设备上运行的软令牌的未授权复制的技术包括在移动设备上生成一组随机比特,并提供该组随机比特的样本以及来自该软令牌的令牌代码,用于递送到 认证请求期间的服务器。 服务器获取移动设备的一组随机比特,或者在多次登录尝试过程中学习一组随机比特。 此后,服务器预测该组随机比特的样本的值并测试结合后续认证请求到达的实际样本。 预测样本和接收到的样本之间的不匹配指示提供样本的设备的随机比特与移动设备的随机比特之间的差异,并且因此指示未授权的软令牌副本。
-
公开(公告)号:US08683563B1
公开(公告)日:2014-03-25
申请号:US13435616
申请日:2012-03-30
申请人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
IPC分类号: G06F7/04
CPC分类号: H04L9/00 , G06F21/43 , G06F21/554 , G06F21/56 , H04L63/1433 , H04W12/06 , H04W12/12
摘要: An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.
摘要翻译: 用于评估其上运行软令牌的设备的安全状态的改进技术从运行软令牌的设备收集设备姿态信息,并且发起设备姿态信息传输到服务器以用于评估设备是否已经被 遭受恶意活动。 设备姿态信息可以涉及设备的软件状态,硬件状态和/或环境上下文。 在一些示例中,设备姿态信息被直接发送到服务器。 在其他示例中,设备姿态信息通过嵌入在显示给用户的密码中的辅助位发送到服务器,用户可以作为认证请求的一部分读取和传送到服务器。 服务器可以在多个区域中应用设备姿态信息,包括例如认证管理,风险评估和/或安全分析。
-
公开(公告)号:US08875263B1
公开(公告)日:2014-10-28
申请号:US13434272
申请日:2012-03-29
申请人: Marten van Dijk , Kevin D. Bowers , John G. Brainard , Samuel Curry , Sean P. Doyle , Michael J. O'Malley , Nikolaos Triandopoulos
发明人: Marten van Dijk , Kevin D. Bowers , John G. Brainard , Samuel Curry , Sean P. Doyle , Michael J. O'Malley , Nikolaos Triandopoulos
CPC分类号: G06F21/31 , G06F21/34 , G06F21/42 , H04L9/3228 , H04L63/08 , H04L63/083 , H04L63/0846 , H04L63/0853 , H04L63/18
摘要: A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel provides communications in a direction opposite to that of the forward channel. The technique further involves changing the first set of machine states to a second set of machine states in response to the command, and providing a new series of authentication codes based on the second set of machine states. The new series of authentication codes is provided from the electronic apparatus to the server through the forward channel for user authentication.
摘要翻译: 技术控制在电子设备内运行的软令牌。 该技术涉及提供基于第一组机器状态的初始系列认证码。 通过前向信道从电子设备向服务器提供初始系列认证码,以认证用户。 该技术还涉及通过电子设备和服务器之间的反向信道从服务器接收命令。 反向信道在与正向信道相反的方向上提供通信。 该技术还涉及响应于该命令将第一组机器状态改变到第二组机器状态,并且基于第二组机器状态提供新的一系列认证代码。 新的认证码系列通过前向信道从电子设备提供给服务器,用于用户认证。
-
公开(公告)号:US08819769B1
公开(公告)日:2014-08-26
申请号:US13435606
申请日:2012-03-30
申请人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , Eyal Kolman , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人: Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , Eyal Kolman , Nikolaos Triandopoulos , Riaz Zolfonoon
IPC分类号: H04L29/06
CPC分类号: H04L63/0876 , H04L67/303
摘要: An improved technique for managing access of a user of a computing machine to a remote network collects device posture information about the user's mobile device. The mobile device runs a soft token, and the collected posture information pertains to various aspects of the mobile device, such as the mobile device's hardware, software, environment, and/or users, for example. The server applies the collected device posture information along with token codes from the soft token in authenticating the user to the remote network.
摘要翻译: 用于管理计算机的用户对远程网络的访问的改进技术收集关于用户的移动设备的设备姿态信息。 移动设备运行软令牌,并且收集的姿态信息涉及例如移动设备的各个方面,例如移动设备的硬件,软件,环境和/或用户。 服务器将所收集的设备姿态信息以及来自软令牌的令牌代码应用于将用户认证到远程网络。
-
公开(公告)号:US08683570B1
公开(公告)日:2014-03-25
申请号:US13435611
申请日:2012-03-30
CPC分类号: G06F21/35 , H04L63/0838 , H04L63/0853 , H04L63/1416
摘要: An improved technique provides scheduled data transfer between a mobile device and a server. The mobile device combines token codes generated by a soft token with sequences of auxiliary bits and displays the combinations to users as passcodes. Users may then copy the passcodes to their computers for authenticating to a server on a remote network. As the passcodes include both token codes and sequences of auxiliary bits, a communication channel is established whereby the auxiliary bits as well as the soft token codes are transmitted from the mobile device to the server.
摘要翻译: 改进的技术提供了移动设备和服务器之间的调度数据传输。 移动设备将由软令牌产生的令牌代码与辅助位序列组合,并将用户的组合显示为密码。 然后,用户可以将密码复制到其计算机,以便对远程网络上的服务器进行身份验证。 由于密码包括令牌码和辅助比特序列,所以建立通信信道,由此辅助比特以及软令牌码从移动设备发送到服务器。
-
7.发明授权公开(公告)号:US08978159B1
公开(公告)日:2015-03-10
申请号:US13731514
申请日:2012-12-31
申请人: Marten van Dijk , Samuel J. Curry , Robert D. Hopley , John G. Linn , Alina M. Oprea , Kenneth Ray
发明人: Marten van Dijk , Samuel J. Curry , Robert D. Hopley , John G. Linn , Alina M. Oprea , Kenneth Ray
IPC分类号: G06F21/62
CPC分类号: G06F21/6227 , G06F2221/2107
摘要: Access control systems are provided that mediate access to derivatives of sensitive data. A method is provided for processing a data request from a client, the data request comprising a client identifier and an indication of the intended use of the data, by receiving the data request from the client; providing the client identifier and indicated use to an access manager, wherein the access manager assesses a risk of providing access to the data for the indicated use; if the access manager grants access for the indicated use, receiving one or more keys with corresponding computing restrictions from the access manager; computing a result; and providing the result to the client, wherein the provided result comprises the derivative of sensitive data. The access manager grants the access for the indicated use, for example, based on a risk score.
摘要翻译: 提供访问控制系统,介绍对敏感数据导数的访问。 提供一种通过从客户端接收数据请求来处理来自客户端的数据请求的方法,所述数据请求包括客户端标识符和数据的预期用途的指示; 向访问管理器提供客户端标识符并指示使用,其中访问管理器评估为所指示的使用提供访问数据的风险; 如果访问管理器为所指示的使用者授予访问权限,则从访问管理器接收具有相应计算限制的一个或多个密钥; 计算结果; 并将结果提供给客户端,其中所提供的结果包括敏感数据的导数。 访问管理器例如基于风险分数来授予针对指定用途的访问。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.02 秒)
