-
公开(公告)号:US20140366111A1
公开(公告)日:2014-12-11
申请号:US13994016
申请日:2013-03-15
申请人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
发明人: Micah J. Sheller , Conor P. Cahill , Jason Martin , Ned M. Smith , Brandon Baker
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/316 , G06F2221/2101 , G06F2221/2103 , G06F2221/2139 , H04L63/0861 , H04L67/14 , H04L67/24
摘要: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
摘要翻译: 通常,本公开描述了连续认证置信模块。 系统可以包括用户设备,包括被配置为确定存在数据的处理器电路; 包括被配置为捕获传感器输入的传感器中的至少一个的置信因子和被配置为监视用户设备的活动的系统监视模块中的至少一个; 存储器被配置为存储置信度分数和操作系统; 以及连续认证置信模块,被配置为响应于特定用户的初始认证来确定置信度得分,至少部分地基于用户存在和/或选择的存在数据的期望来更新置信度分数,并且通知操作 系统,如果更新的置信度分数在会话关闭阈值的容限内,认证不再有效; 所述初始认证被配置为打开会话,所述置信度分数被配置为指示所述会话期间的当前认证强度。
-
2.发明申请Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine 有权使用融合安全引擎的Web服务提供商的隐私增强密钥管理公开(公告)号:US20140181925A1
公开(公告)日:2014-06-26
申请号:US13721760
申请日:2012-12-20
CPC分类号: H04L9/0861 , G06F21/31 , G06F21/33 , G06F21/45 , H04L9/3234 , H04L63/0281 , H04L63/061 , H04L63/08 , H04L63/0815 , H04L63/0823 , H04L63/0838 , H04L63/1466 , H04L2209/127 , H04L2463/082
摘要: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器的安全引擎包括身份提供者逻辑,以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者, 以执行与所述第二系统的安全通信,以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行,并且响应于所述验证,将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言,用户已被认证给系统。 描述和要求保护其他实施例。
-
3.发明申请MECHANISM FOR FACILITATING DYNAMIC CONTEXT-BASED ACCESS CONTROL OF RESOURCES 审中-公开促进动态基于上下文的资源访问控制机制公开(公告)号:US20150135258A1
公开(公告)日:2015-05-14
申请号:US14129961
申请日:2013-09-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , G06F21/45 , G06F21/6218 , G06F2221/2111 , H04L63/0876 , H04L63/20
摘要: A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要翻译: 描述了一种用于促进根据一个实施例的资源的基于上下文的访问控制的机制。 如本文所述的实施例的方法包括接收访问多个资源的资源的第一请求。 第一请求可以与对应于在计算设备处放置第一请求的用户相关联的一个或多个上下文相关联。 该方法还可以包括评估一个或多个上下文。 一个或多个上下文的评估可以包括将一个或多个上下文与与所请求的资源相关联的一个或多个访问策略进行匹配。 该方法还可以包括:如果一个或多个上下文满足访问策略中的至少一个,则接受第一请求。
-
4.发明申请公开(公告)号:US20140189807A1
公开(公告)日:2014-07-03
申请号:US13822216
申请日:2011-11-18
申请人: Conor P. Cahill , Vinay Phegade , Jason Martin , Anand Rajan , Nikhil M. Deshpande , Radia Perlman
发明人: Conor P. Cahill , Vinay Phegade , Jason Martin , Anand Rajan , Nikhil M. Deshpande , Radia Perlman
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/41 , G06F2221/2139 , H04L9/3268 , H04L63/0853 , H04L63/0861 , H04L63/0876 , H04L63/108
摘要: Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider.
摘要翻译: 公开了方法,系统和装置以促进基于客户端的认证。 示例性方法包括将身份授权与客户机平台相关联在隔离的执行环境中,将用户身份与身份管理机构相关联,生成与第一服务提供商相关联的第一密钥对,基于第一授权序列生成认证 客户端平台,并签署一部分密钥对的认证,并向第一个服务提供商发送签名的认证,以授权客户端平台和第一个服务提供商之间的通信。
-
公开(公告)号:US20150038172A1
公开(公告)日:2015-02-05
申请号:US13995595
申请日:2012-02-09
摘要: Systems and methods for generating suggestions based on group criteria. A device may act as a proxy for a group and scan information from other devices in the group. The proxy device may then transmit the scanned information to a remote resource. The remote resource may obtain preference information based on profile information, for devices that are determined to be registered with a service, and based on inquiry responses for unregistered devices. The preference information may be compiled into group criteria that may be employed in making one or more suggestions to the group. If the group selects one of the suggestions then the remote resource may make arrangements based on the selection. Otherwise, additional suggestions may be provided to the group. The remote resource may also monitor the group and continue to make suggestions accordingly.
摘要翻译: 基于组标准生成建议的系统和方法。 设备可以充当组的代理,并从组中的其他设备扫描信息。 代理设备然后可以将扫描的信息发送到远程资源。 远程资源可以基于简档信息,对于被确定要注册到服务的设备,以及基于对未注册设备的查询响应来获得偏好信息。 偏好信息可以被编译成可以用于向组中提供一个或多个建议的组标准。 如果组选择其中一个建议,则远程资源可以基于选择进行安排。 否则,可能会向群组提供其他建议。 远程资源还可以监视组,并继续作出建议。
-
公开(公告)号:US20140006163A1
公开(公告)日:2014-01-02
申请号:US13976058
申请日:2012-03-30
IPC分类号: G06Q30/02
CPC分类号: G06Q30/0261 , G06Q10/10 , G06Q30/02 , H04W4/025 , H04W4/21
摘要: An embodiment of the invention provides context aware messaging. Such context aware messaging may include delivering communications (e.g., coupons, promotions) to mobile device users based on the device user's context (e.g., physical location, time of day and week, habits, tendencies, and the like). An embodiment includes sensing an environmental condition for a user; wirelessly communicating the sensed condition to a remotely located node; and receiving a context based communication in response to communicating the sensed condition to the remotely located node; wherein the context based communication corresponds to the sensed environmental condition. Other embodiments are described herein.
摘要翻译: 本发明的实施例提供上下文感知消息。 这种上下文感知消息可以包括基于设备用户的上下文(例如,物理位置,时间和周,习惯,倾向等)来向移动设备用户传递通信(例如,优惠券,促销)。 实施例包括感测用户的环境状况; 将感测到的条件无线地传送到远程定位的节点; 以及响应于将感测到的条件传送到位于远程的节点,接收基于上下文的通信; 其中基于上下文的通信对应于所感测的环境条件。 本文描述了其它实施例。
-
公开(公告)号:US08284931B2
公开(公告)日:2012-10-09
申请号:US12786129
申请日:2010-05-24
申请人: David F. Pare , David L. Biderman , Stephen E. Loomis , Scott K. Brown , Michael Wise , David Wexelblat , Conor P. Cahill , David S. Bill
发明人: David F. Pare , David L. Biderman , Stephen E. Loomis , Scott K. Brown , Michael Wise , David Wexelblat , Conor P. Cahill , David S. Bill
CPC分类号: H04L65/602 , H04L9/0637 , H04L9/065 , H04L9/08 , H04L9/0844 , H04L9/12 , H04L67/2842 , H04L67/32
摘要: An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.
摘要翻译: 使用初始化向量(IV)来解密已经使用Cypher块链接(CBC)加密加密的流的块,而不需要解析流内的先前块。 例如,访问分发点以检索加密内容的监听者向调配对分发点上的加密内容的访问的应用服务器认证自身,并且响应地接收密钥。 然后,收听者在其开始之后的某处(例如,使用预览剪辑)请求访问加密内容流中的参考点。 分配点将参考点与加密流的相应块相关联,并且识别先前用于该块的加密的IV。 分发点向收听者提供相关的加密内容块和IV,以允许加密内容的中间流呈现,而不需要收听者解密加密流中的先前块。
-
公开(公告)号:US08176430B1
公开(公告)日:2012-05-08
申请号:US12403779
申请日:2009-03-13
申请人: Conor P. Cahill
发明人: Conor P. Cahill
CPC分类号: H04L63/1483 , G06F17/24 , G06F17/30882 , G06F17/30887 , G06F17/30905 , G06F21/31 , H04L29/0809
摘要: Techniques are provided for displaying a uniform resource locator (URL) to assist a user in determining whether a URL destination is what the user expects. A link is presented for selection to a user, and a URL corresponding to the link is accessed. A portion of the URL that corresponds to a hostname component of the URL may be identified, and the URL may be displayed. The hostname component of the URL is visually distinguished from other components of the URL. In addition to or as an alternative to displaying the URL and visually distinguishing the hostname component, a warning message relating to the hostname portion of the URL may be displayed. The techniques may be implemented as a software plug-in or in any type of software application that is capable of recognizing URLs.
摘要翻译: 提供了用于显示统一资源定位符(URL)的技术,以帮助用户确定URL目的地是用户期望的。 呈现用于选择的链接给用户,并且访问与链接相对应的URL。 可以识别与URL的主机名组件相对应的URL的一部分,并且可以显示URL。 URL的主机名组件在视觉上与URL的其他组件区分开。 除了显示URL和在视觉上区分主机名组件之外,还可以显示与URL的主机名部分有关的警告消息。 这些技术可以被实现为软件插件或能够识别URL的任何类型的软件应用程序。
-
公开(公告)号:US07526730B1
公开(公告)日:2009-04-28
申请号:US10675781
申请日:2003-09-30
申请人: Conor P. Cahill
发明人: Conor P. Cahill
CPC分类号: H04L63/1483 , G06F17/24 , G06F17/30882 , G06F17/30887 , G06F17/30905 , G06F21/31 , H04L29/0809
摘要: Techniques are provided for displaying a uniform resource locator (URL) to assist a user in determining whether a URL destination is what the user expects. A link is presented for selection to a user, and a URL corresponding to the link is accessed. A portion of the URL that corresponds to a hostname component of the URL may be identified, and the URL may be displayed. The hostname component of the URL is visually distinguished from other components of the URL. In addition to or as an alternative to displaying the URL and visually distinguishing the hostname component, a warning message relating to the hostname portion of the URL may be displayed. The techniques may be implemented as a software plug-in or in any type of software application that is capable of recognizing URLs.
摘要翻译: 提供了用于显示统一资源定位符(URL)以帮助用户确定URL目的地是用户期望的方式的技术。 呈现用于选择的链接给用户,并且访问与链接相对应的URL。 可以识别与URL的主机名组件相对应的URL的一部分,并且可以显示URL。 URL的主机名组件在视觉上与URL的其他组件区分开。 除了显示URL和在视觉上区分主机名组件之外,还可以显示与URL的主机名部分有关的警告消息。 这些技术可以被实现为软件插件或能够识别URL的任何类型的软件应用程序。
-
公开(公告)号:US08893239B2
公开(公告)日:2014-11-18
申请号:US13620607
申请日:2012-09-14
申请人: Conor P. Cahill
发明人: Conor P. Cahill
CPC分类号: H04L63/083 , H04L63/08 , H04L63/10 , H04L65/1006 , H04L65/1066
摘要: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.
摘要翻译: 服务提供商可以向客户端和/或客户端提供一个或多个服务。 提供服务可以涉及在服务提供商处接收包括安全令牌的服务请求并确定安全令牌是否有效。 提供服务还可以涉及如果安全令牌是有效的并且生成包括会话安全令牌的服务响应,则确定会话安全令牌。 提供服务还可以包括接收包括会话安全令牌的服务请求,确定会话安全令牌是否有效,以及如果会话安全令牌有效,则生成第二服务响应。
-
-
-
-
-
-
-
-
-
搜索结果
31 条记录 (耗时 0.028 秒)