公开(公告)号：US08387122B2

公开(公告)日：2013-02-26

申请号：US12466242

申请日：2009-05-14

申请人： Michael Toomim ,  James Fogarty ,  James Landay ,  Nathan Morris ,  Xianhang Zhang ,  Tadayoshi Kohno

发明人： Michael Toomim ,  James Fogarty ,  James Landay ,  Nathan Morris ,  Xianhang Zhang ,  Tadayoshi Kohno

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： G06F21/6218 ,  G06F2221/2131

摘要： Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks.

摘要翻译： 访问旨在与特定个人群体共享的资源使用共享知识的简洁测试而不是（或另外）对帐户和访问控制列表进行控制。 用户可以轻松学习概念，并选择可以很少的努力来控制所需组的访问的问题。 这些问题可能相对安全，以致不能访问的人的猜测，特别是如果允许的猜测的数量相对有限。 用户通常可以预测他们的问题的安全性，但有时会低估攻击者使用网络搜索或枚举来发现答案的能力。 在这种情况下，系统可以自动发现弱问题，然后提出替代方案。 通过降低访问控制的门槛，共享知识测试可以使更多类型的信息在互联网和其他类型的网络上获得协作价值。

公开(公告)号：US20090288150A1

公开(公告)日：2009-11-19

申请号：US12466242

申请日：2009-05-14

申请人： Michael Toomim ,  James Fogarty ,  James Landay ,  Nathan Morris ,  Xianhang Zhang ,  Tadayoshi Kohno

发明人： Michael Toomim ,  James Fogarty ,  James Landay ,  Nathan Morris ,  Xianhang Zhang ,  Tadayoshi Kohno

IPC分类号： G06F7/04

CPC分类号： G06F21/6218 ,  G06F2221/2131

摘要： Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks.

摘要翻译： 访问旨在与特定个人群体共享的资源使用共享知识的简洁测试而不是（或另外）对帐户和访问控制列表进行控制。 用户可以轻松学习概念，并选择可以很少的努力来控制所需组的访问的问题。 这些问题可能相对安全，以致不能访问的人的猜测，特别是如果允许的猜测的数量相对有限。 用户通常可以预测他们的问题的安全性，但有时会低估攻击者使用网络搜索或枚举来发现答案的能力。 在这种情况下，系统可以自动发现弱问题，然后提出替代方案。 通过降低访问控制的门槛，共享知识测试可以使更多类型的信息在互联网和其他类型的网络上获得协作价值。