公开(公告)号：US08677472B1

公开(公告)日：2014-03-18

申请号：US13246457

申请日：2011-09-27

申请人： Yedidya Dotan ,  Yael Villa ,  Ayelet Levin ,  Boris Kronrod ,  Lawrence N. Friedman

发明人： Yedidya Dotan ,  Yael Villa ,  Ayelet Levin ,  Boris Kronrod ,  Lawrence N. Friedman

IPC分类号： H04L29/06

CPC分类号： H04L67/38 ,  H04L67/125 ,  H04L67/22

摘要： A method of operating a VM server (VMS) is described, including (a) executing a VM instance (VMI) at the VMS, the VMI having a remote display within a terminal program of a client computer, the terminal program being configured to send commands received by the client from a user to the VMS to affect operation of the VMI, (b) running a browser within the VMI, the browser having a connection to a secure web application running on a web application server, the commands sent from the terminal program to the VMS allowing the user to interact with the web application via the terminal program and the browser running on the VMI, (c) at the VMS, asynchronously collecting information in connection with the commands sent from the user to the VMS, and (d) at the VMS, asynchronously sending the collected information to an analysis server to be analyzed for anomalous behavior.

摘要翻译： 描述了操作VM服务器（VMS）的方法，包括：（a）在VMS处执行VM实例（VMI），VMI在客户计算机的终端程序内具有远程显示，终端程序被配置为发送 客户端从用户接收到VMS以影响VMI的操作的命令，（b）在VMI内运行浏览器，浏览器具有到在web应用服务器上运行的安全web应用的连接，从 终端程序允许用户通过终端程序和在VMI上运行的浏览器与网络应用程序进行交互，（c）在VMS处，异步地收集与从用户发送到VMS的命令有关的信息;以及 （d）在VMS处，将收集的信息异步发送到分析服务器进行异常行为分析。

公开(公告)号：US08782174B1

公开(公告)日：2014-07-15

申请号：US13077103

申请日：2011-03-31

申请人： Yedidya Dotan ,  Ayelet Levin ,  Boris Kronrod

发明人： Yedidya Dotan ,  Ayelet Levin ,  Boris Kronrod

IPC分类号： G06F15/16

CPC分类号： H04L67/06 ,  G06F21/566 ,  H04L63/0245 ,  H04L63/145 ,  H04L63/18 ,  H04L67/02 ,  H04L67/08

摘要： Methods, computer program products, and apparatuses are provided for securely exchanging a data file between a client machine and a remote application server (e.g., a banking application operating on a banking server) in the context of a user communicating with the remote application server through a secure virtualized environment running on a virtualization server.

摘要翻译： 提供了方法，计算机程序产品和装置，用于在与远程应用服务器通信的用户的上下文中安全地交换客户端机器和远程应用服务器（例如，在银行服务器上操作的银行应用程序）之间的数据文件 在虚拟化服务器上​​运行的安全虚拟化环境。

公开(公告)号：US09131374B1

公开(公告)日：2015-09-08

申请号：US13434991

申请日：2012-03-30

申请人： Ayelet Avni ,  Ayelet Levin ,  Bryan Knauss ,  Yedidya Dotan

发明人： Ayelet Avni ,  Ayelet Levin ,  Bryan Knauss ,  Yedidya Dotan

IPC分类号： H04M1/66 ,  H04W12/06 ,  H04L9/32

CPC分类号： H04W12/06 ,  H04L9/3271 ,  H04L9/3297 ,  H04L2209/80 ,  H04W88/02

摘要： An improved technique employs knowledge-based authentication (KBA) based on data stored in a mobile apparatus. The mobile apparatus collects data from sources including email data, web browsing data, accessed YouTube video data, and GPS location data recently stored in the mobile apparatus. From such data, the mobile apparatus builds questions and stores the questions on a database on the phone. Upon receiving a request to access a resource stored in the mobile apparatus from a user, the mobile apparatus selects questions at random and ranks them according to a policy accessible to the mobile apparatus. The mobile apparatus presents the highest-ranked questions to the user. The mobile apparatus grants or rejects access to the resource based on an authentication result that the mobile apparatus generates from answers to the questions submitted by the user.

摘要翻译： 改进的技术基于存储在移动装置中的数据使用基于知识的认证（KBA）。 移动装置从包括电子邮件数据，网页浏览数据，访问的YouTube视频数据以及最近存储在移动装置中的GPS位置数据的源收集数据。 根据这些数据，移动装置建立问题并将问题存储在电话上的数据库上。 在从用户接收到访问存储在移动装置中的资源的请求时，移动装置随机选择问题并根据移动装置可访问的策略对它们进行排序。 移动设备向用户呈现最高排名的问题。 移动装置基于移动装置从对用户提交的问题的答案产生的认证结果来准许或拒绝对资源的访问。

公开(公告)号：US09917846B1

公开(公告)日：2018-03-13

申请号：US13340829

申请日：2011-12-30

申请人： Triinu Magi Shaashua ,  Harel Efraim ,  Ayelet Levin

发明人： Triinu Magi Shaashua ,  Harel Efraim ,  Ayelet Levin

IPC分类号： H04L9/08 ,  H04L29/06

CPC分类号： H04L63/107 ,  H04W4/00 ,  H04W4/90

摘要： An improved technique identifies risky transactions by mapping raw user location data to a particular cell in a fixed grid. Along these lines, when a user initiates a transaction with a service provider over a mobile device, the service provider collects raw location data such as a latitude and longitude for the user and transmits the location data to an adaptive authentication server. The adaptive authentication server then accesses a fixed set of geographical areas overlaid on a map of the Earth. For example, the geographic areas can correspond to square cells whose corners are defined by selected latitudes and longitudes. The adaptive authentication server finds a particular geographical area which contains the latitude and longitude for the user. Based on an identifier of the particular geographical area, the adaptive authentication server assigns a risk score to the transaction.