利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

11 条记录 (耗时 0.027 秒)

    Detecting soft token copies
    2.
    发明授权
    Detecting soft token copies 有权
    检测软令牌副本

    公开(公告)号:US08752156B1

    公开(公告)日:2014-06-10

    申请号:US13435848

    申请日:2012-03-30

    申请人: Marten van Dijk Kevin D. Bowers Samuel Curry Sean P. Doyle Nikolaos Triandopoulos Riaz Zolfonoon

    发明人: Marten van Dijk Kevin D. Bowers Samuel Curry Sean P. Doyle Nikolaos Triandopoulos Riaz Zolfonoon

    IPC分类号: H04L29/06

    CPC分类号: H04W12/06 H04L9/0869 H04L9/3228 H04W12/12

    摘要: A technique for detecting unauthorized copies of a soft token that runs on a mobile device includes generating a set of random bits on the mobile device and providing samples of the set of random bits, as well as token codes from the soft token, for delivery to a server during authentication requests. The server acquires the set of random bits of the mobile device, or learns the set of random bits over the course of multiple login attempts. Thereafter, the server predicts values of the samples of the set of random bits and tests actual samples arriving in connection with subsequent authentication requests. Mismatches between predicted samples and received samples indicate discrepancies between the random bits of the device providing the samples and the random bits of the mobile device, and thus indicate unauthorized soft token copies.

    摘要翻译: 用于检测在移动设备上运行的软令牌的未授权复制的技术包括在移动设备上生成一组随机比特,并提供该组随机比特的样本以及来自该软令牌的令牌代码,用于递送到 认证请求期间的服务器。 服务器获取移动设备的一组随机比特,或者在多次登录尝试过程中学习一组随机比特。 此后,服务器预测该组随机比特的样本的值并测试结合后续认证请求到达的实际样本。 预测样本和接收到的样本之间的不匹配指示提供样本的设备的随机比特与移动设备的随机比特之间的差异,并且因此指示未授权的软令牌副本。

    Soft token posture assessment
    3.
    发明授权
    Soft token posture assessment 有权
    软令牌姿势评估

    公开(公告)号:US08683563B1

    公开(公告)日:2014-03-25

    申请号:US13435616

    申请日:2012-03-30

    申请人: Marten van Dijk Kevin D. Bowers Samuel Curry Sean P. Doyle William M. Duane Ari Juels Michael J. O'Malley Nikolaos Triandopoulos Riaz Zolfonoon

    发明人: Marten van Dijk Kevin D. Bowers Samuel Curry Sean P. Doyle William M. Duane Ari Juels Michael J. O'Malley Nikolaos Triandopoulos Riaz Zolfonoon

    IPC分类号: G06F7/04

    CPC分类号: H04L9/00 G06F21/43 G06F21/554 G06F21/56 H04L63/1433 H04W12/06 H04W12/12

    摘要: An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.

    摘要翻译: 用于评估其上运行软令牌的设备的安全状态的改进技术从运行软令牌的设备收集设备姿态信息,并且发起设备姿态信息传输到服务器以用于评估设备是否已经被 遭受恶意活动。 设备姿态信息可以涉及设备的软件状态,硬件状态和/或环境上下文。 在一些示例中,设备姿态信息被直接发送到服务器。 在其他示例中,设备姿态信息通过嵌入在显示给用户的密码中的辅助位发送到服务器,用户可以作为认证请求的一部分读取和传送到服务器。 服务器可以在多个区域中应用设备姿态信息,包括例如认证管理,风险评估和/或安全分析。

    Providing authentication codes which include token codes and biometric factors
    4.
    发明授权
    Providing authentication codes which include token codes and biometric factors 有权
    提供包括令牌代码和生物特征因子的认证码

    公开(公告)号:US08752146B1

    公开(公告)日:2014-06-10

    申请号:US13434280

    申请日:2012-03-29

    申请人: Marten van Dijk Kevin D. Bowers Samuel Curry Sean P. Doyle Nikolaos Triandopoulos Riaz Zolfonoon

    发明人: Marten van Dijk Kevin D. Bowers Samuel Curry Sean P. Doyle Nikolaos Triandopoulos Riaz Zolfonoon

    IPC分类号: G06F21/00 H04L29/06 H04L9/32 H04L9/08 G06F21/32

    CPC分类号: H04L63/0861 G06F21/32 G06F21/43 H04L9/3215 H04L9/3228 H04L9/3231 H04L63/0838 H04L63/18

    摘要: A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements. Additionally, the token codes and the biometric factors of the composite passcodes operate as authentication inputs to user authentication operations performed by the authentication server. In some arrangements, the biometric factors are results of facial recognition (e.g., via a camera), voice recognition (e.g., via a microphone), gate recognition (e.g., via an accelerometer), touch recognition and/or typing recognition (e.g., via a touchscreen or keyboard), combinations thereof, etc.

    摘要翻译: 一种技术提供认证码以将用户认证给认证服务器。 该技术涉及通过电子设备(例如,智能电话,平板电脑,笔记本电脑等)从加密密钥生成令牌代码。 该技术还涉及从用户获取生物测量,并输出复合密码作为认证码。 复合密码包括基于生物特征测量的令牌代码和生物特征因子。 此外,复合密码的令牌代码和生物特征因子作为认证服务器执行的用户认证操作的认证输入。 在一些布置中,生物特征因子是面部识别(例如,经由相机),语音识别(例如,经由麦克风),门识别(例如,经由加速度计),触摸识别和/或打字识别(例如, 通过触摸屏或键盘),其组合等

    Authentication based on a current location of a communications device associated with an entity
    5.
    发明授权
    Authentication based on a current location of a communications device associated with an entity 有权
    基于与实体相关联的通信设备的当前位置的认证

    公开(公告)号:US08904496B1

    公开(公告)日:2014-12-02

    申请号:US13435951

    申请日:2012-03-30

    申请人: Daniel V. Bailey Lawrence N. Friedman Yedidya Dotan Samuel Curry Riaz Zolfonoon

    发明人: Daniel V. Bailey Lawrence N. Friedman Yedidya Dotan Samuel Curry Riaz Zolfonoon

    IPC分类号: G06F21/00 G06F21/44

    CPC分类号: G06F21/44 G06F21/552 G06F2221/2111 G06F2221/2151 H04L9/3271 H04L9/3297 H04L2209/80 H04W12/06

    摘要: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.

    摘要翻译: 公开了一种用于认证与计算机资源有关的实体的方法和系统。 从实体接收到对计算机资源的访问的认证请求。 从与实体相关联的通信设备接收输入信号。 输入信号包括通信设备的当前位置。 通信设备的当前位置来源于输入信号。 捕获与通信设备相关的位置历史记录。 位置历史包括通信设备在一段时间内访问的离散位置的记录。 在通信设备的当前位置和与通信设备相关的位置历史之间进行分析。 基于通信设备的当前位置和与通信设备相关的位置历史之间的分析生成认证结果。 验证结果可用于认证实体。

    Detecting advanced persistent threats
    7.
    发明授权
    Detecting advanced persistent threats 有权
    检测高级持续威胁

    公开(公告)号:US08904531B1

    公开(公告)日:2014-12-02

    申请号:US13172979

    申请日:2011-06-30

    申请人: Samir D. Saklikar Aditya Kuppa Dennis Ray Moreau Riaz Zolfonoon

    发明人: Samir D. Saklikar Aditya Kuppa Dennis Ray Moreau Riaz Zolfonoon

    IPC分类号: G06F12/14

    CPC分类号: G06F21/552 H04L63/1416

    摘要: Techniques are provided for detecting the source of an APT-based leaked document by iteratively or recursively evaluating a set of network security logs (e.g., SIEM logs and FPC logs) for events consistent with APT behavior according to a set of heuristics to generate a reduced set of security events for consideration by the CIRT. A method of detecting an APT attack on an enterprise system is provided. The method includes (a) receiving, in a computerized device, an indication that a document has been leaked outside the enterprise system, (b) evaluating a log of security events of the enterprise system using a set of heuristics to produce a reduced set of events potentially relevant to the APT attack, and (c) outputting the reduced set of events over a user interface for consideration by a security analysis team. A system and computer program product for performing this method are also provided.

    摘要翻译: 提供了用于通过根据一组启发式反复地或递归地评估一组网络安全日志(例如,SIEM日志和FPC日志)以用于与APT行为一致的事件来产生减少的基于APT的泄露文档的源的技术 一套安全事件供CIRT考虑。 提供了一种检测企业系统上APT攻击的方法。 该方法包括(a)在计算机化的设备中接收文档已经泄漏到企业系统之外的指示,(b)使用一组启发式方法来评估企业系统的安全事件的日志,以产生一组减少的 与APT攻击有潜在关联的事件,(c)通过用户界面输出减少的事件集,供安全分析小组考虑。 还提供了用于执行该方法的系统和计算机程序产品。

    Generation of alerts in an event management system based upon risk
    9.
    发明授权
    Generation of alerts in an event management system based upon risk 有权
    根据风险在事件管理系统中生成警报

    公开(公告)号:US09282114B1

    公开(公告)日:2016-03-08

    申请号:US13172999

    申请日:2011-06-30

    申请人: Yedidya Dotan Lawrence N. Friedman Manoj Nair Riaz Zolfonoon

    发明人: Yedidya Dotan Lawrence N. Friedman Manoj Nair Riaz Zolfonoon

    IPC分类号: G06F21/55 H04L9/00 H04L29/06

    CPC分类号: H04L63/1441 G06F21/552 G06F21/554 G06F21/577 G06F2221/2111 H04L63/107 H04L63/1416

    摘要: Embodiments relate to the generation of alerts in an event management system based upon risk. When an event device associated with the event management system, presents a logon page to a client device, the event device includes a beacon as part of the page to monitor and collect web device profile characteristics related to the client device. In response to a logon attempt by the client device, an event management device receives a notification regarding logon attempt and a risk assessment associated with the web device profile characteristics of the client device. Based upon a correlation of the notification and the corresponding risk assessment, the event management device can generate an alert, such as a SIEM alert, and can include an indication of priority, whether relatively low or high, and/or a confidence factor, whether or not the alert can be suppressed as part of the alert.

    摘要翻译: 实施例涉及基于风险在事件管理系统中生成警报。 当与事件管理系统相关联的事件设备向客户端设备提供登录页面时,事件设备包括作为页面一部分的信标,以监视和收集与客户端设备相关的web设备配置文件特征。 响应于客户端设备的登录尝试,事件管理设备接收关于登录尝试的通知和与客户端设备的web设备简档特性相关联的风险评估。 基于通知的相关性和相应的风险评估,事件管理设备可以生成诸如SIEM警报的警报,并且可以包括无论相对低或高的优先级的指示和/或置信因子 或者不是可以抑制警报作为警报的一部分。

    Validating association of client devices with sessions
    10.
    发明授权
    Validating association of client devices with sessions 有权
    验证客户端设备与会话的关联

    公开(公告)号:US08959650B1

    公开(公告)日:2015-02-17

    申请号:US13537539

    申请日:2012-06-29

    申请人: Gareth D. Richards Yedidya Dotan Riaz Zolfonoon Gregory Dicovitsky

    发明人: Gareth D. Richards Yedidya Dotan Riaz Zolfonoon Gregory Dicovitsky

    IPC分类号: G06F21/00

    CPC分类号: G06F21/44 G06F21/335

    摘要: A method is used in validating association of client devices with sessions. Information of a client device executing a user agent is gathered by a server for creating a device identifier for the client device upon receiving a request from the user agent for establishing a session between the user agent and the server. The device identifier includes information identifying the client device. The device identifier is associated with the session. The client device is validated by the server upon receiving subsequent requests from the client device during the session. Validating the client device includes gathering information of the client device sending each subsequent request for creating a device identifier for the client device and comparing the device identifier created from the information gathered during each subsequent request with the device identifier associated with the session.

    摘要翻译: 一种方法用于验证客户端设备与会话的关联。 服务器收集执行用户代理的客户端设备的信息,用于在从用户代理接收到用于在用户代理和服务器之间建立会话的请求时,为客户端设备创建设备标识符。 设备标识符包括标识客户端设备的信息。 设备标识符与会话相关联。 客户端设备在会话期间从客户端设备收到后续请求时由服务器进行验证。 验证客户端设备包括收集客户端设备的信息,发送每个后续请求,用于创建客户端设备的设备标识符,并将从每个后续请求中收集的信息创建的设备标识符与与该会话相关联的设备标识符进行比较。