-
公开(公告)号:US20100262834A1
公开(公告)日:2010-10-14
申请号:US12423163
申请日:2009-04-14
CPC分类号: H04L9/0891 , G06F21/31 , G06F21/33 , H04L9/3228 , H04L9/3247 , H04L9/3271 , H04L63/0838 , H04L2209/80
摘要: Single-use character combinations are a secure mechanism for user authentication. Such “one-time passwords” (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device's public key in a trusted manner, enabling more efficient generation of the shared secret with the second server.
摘要翻译: 一次性字符组合是用户认证的安全机制。 这种“一次性密码”(OTP)可以由用户另外保持容易访问的移动设备生成。 密钥交换,例如根据Diffie-Hellman算法,可以向移动设备和服务器提供可以从其生成OTP的共享秘密。 共享密钥可以从服务器上发布的参数导出,并定期更新,移动设备可以在生成OTP之前从服务器获取这些参数。 这样的参数也可以指定要使用的OTP机制的类型。 第二个站点可以独立地使用移动设备建立OTP机制。 为了提高效率,第一台服务器可以提供一种以令人信服的方式提供移动设备公钥的身份令牌,从而能够更有效地生成第二台服务器的共享密钥。
-
公开(公告)号:US08230231B2
公开(公告)日:2012-07-24
申请号:US12423163
申请日:2009-04-14
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , G06F21/31 , G06F21/33 , H04L9/3228 , H04L9/3247 , H04L9/3271 , H04L63/0838 , H04L2209/80
摘要: Single-use character combinations are a secure mechanism for user authentication. Such “one-time passwords” (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device's public key in a trusted manner, enabling more efficient generation of the shared secret with the second server.
摘要翻译: 一次性字符组合是用户认证的安全机制。 这种“一次性密码”(OTP)可以由用户另外保持容易访问的移动设备生成。 密钥交换,例如根据Diffie-Hellman算法,可以向移动设备和服务器提供可以从其生成OTP的共享秘密。 共享密钥可以从服务器上发布的参数导出,并定期更新,移动设备可以在生成OTP之前从服务器获取这些参数。 这样的参数也可以指定要使用的OTP机制的类型。 第二个站点可以独立地使用移动设备建立OTP机制。 为了提高效率,第一台服务器可以提供一种以令人信服的方式提供移动设备公钥的身份令牌,从而能够更有效地生成第二台服务器的共享密钥。
-
公开(公告)号:US08381279B2
公开(公告)日:2013-02-19
申请号:US12371464
申请日:2009-02-13
CPC分类号: H04L9/3226 , G06F21/31 , G06F2221/2105 , G06F2221/2149 , G06Q10/06 , G06Q30/0603 , G06Q40/02 , H04L9/3236 , H04L63/083 , H04L2209/56 , H04L2209/88
摘要: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.
摘要翻译: 本文档描述了将登录限制在访问权限子集中的工具。 在一个实施例中,这些工具通过对用户ID,一般密码和一个或多个期望的约束执行加密算法来生成受限密码。 使用受限密码来代替通用密码,以获得访问权限,该访问权限是使用通用密码时将被授予的访问权限的子集。
-
公开(公告)号:US07337324B2
公开(公告)日:2008-02-26
申请号:US10725243
申请日:2003-12-01
申请人: Josh Benaloh , Ismail Cem Paya
发明人: Josh Benaloh , Ismail Cem Paya
IPC分类号: H04L9/32
CPC分类号: H04L63/12 , G06F21/31 , H04L63/0435 , H04L63/0442
摘要: A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, HIPs entail multiple steps (request service, receive challenge, respond to challenge) that can be burdensome. The system and method of the invention in one embodiment provides a “black-box” to potential users consisting of a challenge generator and a secret key. The challenge is generated for the user and the response can be provided as part of the service request, eliminating the need for a separate challenge from a service provider and response to the challenge.
摘要翻译: 用于自动确定计算机用户是人或自动脚本的系统和方法。 人类交互式证明(HIP)目前用于通过自动计算机脚本来阻止Web服务的自动注册。 不幸的是,HIP需要多重步骤(请求服务,接收挑战,应对挑战),这可能是繁重的。 在一个实施例中,本发明的系统和方法为由挑战发生器和秘密密钥组成的潜在用户提供“黑箱”。 为用户生成挑战,并且响应可以作为服务请求的一部分提供,消除了对来自服务提供商的单独挑战的需求以及对挑战的响应。
-
5.发明申请Using hierarchical identity based cryptography for authenticating outbound mail 有权使用基于层次标识的加密技术来验证出站邮件公开(公告)号:US20070124578A1
公开(公告)日:2007-05-31
申请号:US11291946
申请日:2005-11-30
申请人: Cem Paya , Josh Benaloh
发明人: Cem Paya , Josh Benaloh
IPC分类号: H04L9/00
CPC分类号: H04L63/06 , H04L9/3073 , H04L9/3247 , H04L9/3271 , H04L51/00 , H04L63/12
摘要: A hierarchical identity based cryptographic system (“HIBC”) is integrated with the domain name system (“DNS”). A private key is assigned to each of the top level domain name authorities responsible for assigning the top level domain names (e.g., net, .com, etc.). The private key is generated according to an HIBC system, wherein the corresponding public key is based on the identity of the particular domain authority. When user requests a domain name from one of the top level domain name authorities, the user is issued a private key that is generated by the top level domain authority using its private key and the identity of the user according to the particular HIBC system implemented. The user's corresponding public key can be derived from the identity of the user and the public key of the top level domain name authority. Similarly, when the user adds servers and accounts to the users domain, the user can generate private keys for the servers and accounts using the users private key according to the particular HIBC system. Later, emails originating from the users domain can be authenticated by recipients using the public key associated with the top level domain name authority.
摘要翻译: 基于层次标识的加密系统(“HIBC”)与域名系统(“DNS”)集成。 私钥分配给负责分配顶级域名(例如,net,.com等)的顶级域名权限。 私钥根据HIBC系统生成,其中相应的公钥基于特定域权限的身份。 当用户从顶级域名权限之一请求域名时,将使用其私有密钥和根据实施的特定HIBC系统的用户身份由顶级域机构生成的私钥。 用户的相应公钥可以从用户的身份和顶级域名权限的公钥中导出。 类似地,当用户将服务器和帐户添加到用户域时,用户可以使用根据特定HIBC系统的用户私钥为服务器和帐户生成私钥。 之后,来自用户域的电子邮件可以由收件人使用与顶级域名权限关联的公钥进行身份验证。
-
公开(公告)号:US20060137023A1
公开(公告)日:2006-06-22
申请号:US11236912
申请日:2005-09-28
申请人: Josh Benaloh
发明人: Josh Benaloh
IPC分类号: H04L9/32
CPC分类号: G06Q20/3829 , H04L9/0836 , H04L9/0894 , H04L2209/60
摘要: Described herein are one or more implementations that generate and encrypted content data structure package and/or data tree.
-
公开(公告)号:US20060031338A1
公开(公告)日:2006-02-09
申请号:US10914325
申请日:2004-08-09
申请人: Nina Kang , Joshua Goodman , Robert Rounthwaite , Josh Benaloh , Elissa Murphy , Manav Mishra , Gopalakrishnan Seshadrinathan , Derek Hazeur , Ryan Colvin
发明人: Nina Kang , Joshua Goodman , Robert Rounthwaite , Josh Benaloh , Elissa Murphy , Manav Mishra , Gopalakrishnan Seshadrinathan , Derek Hazeur , Ryan Colvin
IPC分类号: G06F15/16
CPC分类号: G06Q20/3674 , H04L51/12
摘要: Disclosed are systems and methods that facilitate securing communication channels used in a challenge-response system to mitigate spammer intrusion or deception. The systems and methods make use of unique IDs that can be added to outbound messages originating from a sender, a recipient, and a third-party server. The IDs can be correlated according to the relevant parties. Thus, for example, a sender can add a signed ID to an outgoing message. A challenge sent back to the sender for that particular message can echo the same ID or a new ID derived from the original ID to allow a sender to verify that the challenge corresponds to an actual message. The IDs can include cookies as well to facilitate correlation of messages and to facilitate the retrieval of messages once a sender is determined to be legitimate.
摘要翻译: 公开了有助于确保在挑战 - 响应系统中使用的通信信道的系统和方法,以减轻垃圾邮件发送者入侵或欺骗。 系统和方法使用可以添加到源自发件人,收件人和第三方服务器的出站邮件的唯一ID。 ID可以根据相关方关联。 因此,例如,发送者可以向输出消息添加签名的ID。 向该发送者发送的针对该特定消息的挑战可以回显与原始ID相同的ID或新的ID,以允许发送方验证该挑战是否对应于实际的消息。 ID可以包括cookie,以便于消息的相关性,并且一旦发送者被确定为合法,便于检索消息。
-
8.发明申请Manifest-based trusted agent management in a trusted operating system environment 审中-公开在受信任的操作系统环境中进行基于清单的可信代理管理公开(公告)号:US20050278477A1
公开(公告)日:2005-12-15
申请号:US11207081
申请日:2005-08-18
申请人: Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
发明人: Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
摘要: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
摘要翻译: 在受信任的操作系统环境中的基于清单的可信代理管理包括接收接收到的执行进程的请求,并为进程设置虚拟内存空间。 此外,访问对应于进程的清单,并且可以基于二进制文件中包括在清单中的指示符限制在虚拟存储器空间中执行多个二进制文件中的哪一个。
-
公开(公告)号:US20050066185A1
公开(公告)日:2005-03-24
申请号:US10985202
申请日:2004-11-10
申请人: John Douceur , Josh Benaloh , Gideon Yuval , Atul Adya
发明人: John Douceur , Josh Benaloh , Gideon Yuval , Atul Adya
CPC分类号: H04L63/0428 , G06F21/6209 , G06F21/6218 , G06F2221/2107
摘要: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
-
公开(公告)号:US20050066184A1
公开(公告)日:2005-03-24
申请号:US10985201
申请日:2004-11-10
申请人: John Douceur , Josh Benaloh , Gideon Yuval , Atul Adya
发明人: John Douceur , Josh Benaloh , Gideon Yuval , Atul Adya
CPC分类号: H04L63/0428 , G06F21/6209 , G06F21/6218 , G06F2221/2107
摘要: An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
摘要翻译: 使用多个计算设备建立专用加密系统。 专用加密系统允许排除某些明文(例如,由计算设备之一)和密文(例如,由计算设备中的另一个),同时保持由加密产生的隐私(例如,因此, 其他计算设备看不到明文)。 独占加密系统可以被实现为具有目录条目(例如,文件名或文件夹名称)为明文,或作为其他系统的一部分的无服务器分布式文件系统的一部分。
-
-
-
-
-
-
-
-
-
搜索结果
68 条记录 (耗时 0.035 秒)