-
公开(公告)号:US09154556B1
公开(公告)日:2015-10-06
申请号:US13337442
申请日:2011-12-27
申请人: Yedidya Dotan , Lawrence N. Friedman , Ayelet Biger , Asaf Shoval
发明人: Yedidya Dotan , Lawrence N. Friedman , Ayelet Biger , Asaf Shoval
IPC分类号: G06F15/173 , H04L29/08
CPC分类号: H04L67/14 , H04L41/5083 , H04L43/045 , H04L67/02 , H04L67/143 , H04L67/322
摘要: A technique manages access to a limited number of computerized sessions. The technique involves receiving, from a waiting user, a session request for a computerized session, and queuing the session request in a wait queue in response to all of the limited number of computerized sessions being currently assigned to other users. The technique further involves, while the session request is queued in the wait queue, providing permission to the waiting user to un-assign a computerized session which is currently assigned to another user. With such a technique, the user has the option of simply waiting until a computerized session has been relinquished (i.e., if the user is willing to be patient) or un-assigning a computerized session currently assigned to another user (e.g., in order to speed up access to a computerized session).
摘要翻译: 一种技术管理对有限数量的计算机化会话的访问。 该技术涉及从等待用户接收对计算机化会话的会话请求,并且响应于当前分配给其他用户的所有有限数量的计算机化会话,将会话请求排队在等待队列中。 该技术还涉及当会话请求在等待队列中排队时,向等待用户提供许可以取消分配当前分配给另一用户的计算机会话。 通过这样的技术,用户可以选择简单地等待计算机化会话被放弃(即,如果用户愿意耐心)或者取消分配当前分配给另一用户的计算机化会话(例如,为了 加快访问计算机化会话)。
-
2.发明授权Injecting code decrypted by a hardware decryption module into Java applications 有权将由硬件解密模块解密的代码注入Java应用程序公开(公告)号:US09021271B1
公开(公告)日:2015-04-28
申请号:US13337817
申请日:2011-12-27
CPC分类号: G06F11/34 , G06F21/123
摘要: A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.
摘要翻译: 通过与硬件安全模块(HSM)通信的计算机执行方法。 该方法包括(a)在计算机上运行一个进程虚拟机(PVM),该PVM被配置为在PVM环境内执行便携式字节码指令,以及(b)在该PVM环境内执行(1)读取加密指令 来自计算机的数据存储的代码,(2)将加密的指令代码发送到HSM,(3)响应于从HSM接收解密的指令代码,以及(4)在PVM中运行的应用程序中注入解密的指令代码 由PVM执行的环境。 实施例还涉及类似的计算机程序产品和装置。
-
公开(公告)号:US09781130B1
公开(公告)日:2017-10-03
申请号:US13536999
申请日:2012-06-28
CPC分类号: H04L63/107 , G06F21/316 , G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W4/02 , H04W12/06
摘要: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.
-
4.发明授权Virtualization platform for secured communications between a user device and an application server 有权用于用户设备和应用服务器之间的安全通信的虚拟化平台公开(公告)号:US08694993B1
公开(公告)日:2014-04-08
申请号:US13077230
申请日:2011-03-31
申请人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
发明人: Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
CPC分类号: H04L63/08 , G06F2009/45587 , H04L63/0272 , H04L67/10 , H04L67/42
摘要: A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.
摘要翻译: 为用户设备和应用服务器之间的安全通信提供了模块化虚拟化平台。 客户端计算设备在通过网络与应用服务器进行虚拟会话期间执行安全通信。 客户端计算设备加载虚拟机客户端; 并且基于一个或多个性能因素选择远程模块用作虚拟会话的虚拟化服务器。 利用所选择的模块建立虚拟会话,并且可以经由所选模块的虚拟会话在客户端计算设备和应用服务器之间发生安全通信。 可以使用基于点对点八卦的状态通知过程从多个模块收集性能因素。 路线列表优选地存储多个模块的性能因素。 路由列表可以包含指向多个虚拟化平台中的多个远程模块的指针,以增加可靠性。
-
公开(公告)号:US10063549B1
公开(公告)日:2018-08-28
申请号:US13169668
申请日:2011-06-27
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L63/0838 , H04L63/1441 , H04L2463/082
摘要: A technique of supporting multi-factor authentication uses a database server. The technique involves receiving suspicious user activity data from a first set of authentication servers and storing the suspicious user activity data from the first set of authentication servers, as sharable authentication data, in a database of the database server. The technique further involves providing the sharable authentication data from the database to a second set of authentication servers. Each authentication server of the second set of authentication servers performs multi-factor authentication operations based on (i) local authentication data which is gathered by that authentication server and (ii) the sharable authentication data provided from the database. Accordingly, useful authentication data from one authentication server (e.g., a network address of a computer which mischievously attempts to probe or infiltrate that authentication server) can be shared with other authentication servers to enhance their ability to identify fraudsters.
-
公开(公告)号:US09781129B1
公开(公告)日:2017-10-03
申请号:US13536978
申请日:2012-06-28
IPC分类号: H04L29/06
CPC分类号: H04L63/107 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W12/06
摘要: There is disclosed a method and system for use in authenticating an entity. An authentication request is received from the entity. An input signal is received from a communications device associated with the entity. The input signal comprises the current location of the communications device. The current location of the communications device is derived from the input signal. Based on the current location of the communications device, an event is detected at substantially the same location as the current location of the communications device. An analysis is performed between the current location of the communications device and the event. An authentication result is generated based on the analysis between the current location of the communications device and the event. The authentication result can be used for authenticating the entity.
-
公开(公告)号:US09516059B1
公开(公告)日:2016-12-06
申请号:US13170732
申请日:2011-06-28
CPC分类号: H04L63/1491 , H04L63/0807 , H04L63/1483
摘要: A technique provides protection against malicious activity. The technique involves providing a mock token to fraudster equipment. The mock token appears to be a legitimate user token that identifies a legitimate user (e.g., an actual user token, a token seed, etc.). The technique further involves receiving, from the fraudster equipment, an authentication request which uses the mock token and, in response to receiving the authentication request which uses the mock token from the fraudster equipment, performing a set of authentication server operations to protect against future activity by the fraudster equipment (e.g., deny access to the fraudster equipment, acquire specific information about the fraudster equipment, output a message to subscribers of an eFraud network, and so on).
摘要翻译: 一种技术提供了防止恶意活动的保护。 该技术涉及向欺诈设备提供模拟令牌。 模拟令牌似乎是标识合法用户(例如,实际用户令牌,令牌种子等)的合法用户令牌。 该技术还涉及从欺诈设备接收使用模拟令牌的认证请求,并且响应于从欺诈设备接收使用模拟令牌的认证请求,执行一组认证服务器操作以防止将来的活动 通过欺诈设备(例如,拒绝访问欺诈设备,获取关于欺诈设备的具体信息,向eFraud网络的用户输出消息等)。
-
公开(公告)号:US09230066B1
公开(公告)日:2016-01-05
申请号:US13534873
申请日:2012-06-27
CPC分类号: G06F21/00 , G06F21/316 , G06F2221/2111 , H04L63/107 , H04W4/02 , H04W12/06
摘要: An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user.
摘要翻译: 改进的技术基于确定用户设备发送的先前交易数据的能力来认证用户。 沿着这些方式,改进的技术使用独立的信息源来验证给定收集器获得的先前交易数据的准确性。 例如,当位置数据的收集器是手机的GPS单元时,独立的信息源可以是在交易时最靠近手机的信元塔。 虽然由单元塔提供的位置数据可能不如GPS单元提供的位置数据那样精确,但是这样的数据对于确认来自GPS单元的位置数据是有用的。 在这种情况下,如果单元塔提供的数据未能证实由GPS单元提供的数据,则GPS单元增加了验证用户的重大风险。
-
公开(公告)号:US08949953B1
公开(公告)日:2015-02-03
申请号:US13611919
申请日:2012-09-12
IPC分类号: H04L29/06
CPC分类号: H04L63/08
摘要: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.
摘要翻译: 一种方法包括:(a)从应用服务器接收用户的登录消息,所述登录消息包括用于基于凭证的认证(CBA)的用户凭证,(b)将所述用户证书转发到CBA服务器以用于 CBA,(c)作为响应,从CBA服务器接收认证决定消息,(d)从CBA服务器接收到的认证决定消息发送决策信息给基于风险的认证(RBA)服务器,RBA服务器为 与CBA服务器不同的是,RBA服务器在执行RBA认证决策时要使用的决策信息,(e)如果认证决定消息为肯定的,则向应用服务器发送质询消息以启动要由 补充CBA的RBA服务器,以及(f)如果认证决定消息为否定,则向应用服务器发送拒绝消息。
-
10.发明授权Authentication based on a current location of a communications device associated with an entity 有权基于与实体相关联的通信设备的当前位置的认证公开(公告)号:US08904496B1
公开(公告)日:2014-12-02
申请号:US13435951
申请日:2012-03-30
CPC分类号: G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W12/06
摘要: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.
摘要翻译: 公开了一种用于认证与计算机资源有关的实体的方法和系统。 从实体接收到对计算机资源的访问的认证请求。 从与实体相关联的通信设备接收输入信号。 输入信号包括通信设备的当前位置。 通信设备的当前位置来源于输入信号。 捕获与通信设备相关的位置历史记录。 位置历史包括通信设备在一段时间内访问的离散位置的记录。 在通信设备的当前位置和与通信设备相关的位置历史之间进行分析。 基于通信设备的当前位置和与通信设备相关的位置历史之间的分析生成认证结果。 验证结果可用于认证实体。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.023 秒)
