公开(公告)号：US09866391B1

公开(公告)日：2018-01-09

申请号：US13754756

申请日：2013-01-30

申请人： Amazon Technologies, Inc.

发明人： Justin Canfield Crites ,  Jesper Mikael Johansson ,  Daniel Bruce Lloyd

IPC分类号： H04L9/32

CPC分类号： H04L9/3244

摘要： A method for permissions based communication in an example includes receiving an electronic communication from a sender to a recipient at a domain server. The electronic communication may include a permission request for permission to send subsequent electronic communications to the recipient. The electronic communication may be analyzed at the domain server to determine whether to deliver the subsequent electronic communications from the sender to the recipient.

公开(公告)号：US20140006778A1

公开(公告)日：2014-01-02

申请号：US13912715

申请日：2013-06-07

申请人： International Business Machines Corporation

发明人： Bret W. Dixon ,  Scot W. Dixon

IPC分类号： H04L29/06

CPC分类号： H04L63/123 ,  G06F21/31 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3244 ,  H04L9/3247 ,  H04L29/08099 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/1408 ,  H04L63/1416

摘要： A digital signature of a message originator of a message is validated by a processor on message retrieval by a message recipient as a first-tier validation of the message. In response to a successful first-tier validation of the digital signature of the message originator, a transaction token and a message originator identifier are extracted from a message payload of the message. Communication is initiated with a verification service within a secure messaging environment of the message originator as a second-tier validation of the message using the extracted transaction token and the extracted message originator identifier to confirm whether the secure messaging environment of the message originator generated the transaction token and inserted the transaction token into the message payload. Results of the second-tier validation of the message with the verification service within the secure messaging environment of the message originator are determined.

公开(公告)号：US09712324B2

公开(公告)日：2017-07-18

申请号：US13846977

申请日：2013-03-19

申请人： Forcepoint Federal LLC

发明人： Matthew D. Neumann ,  Michael W. Smith

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F21/62 ,  G06F21/00

CPC分类号： H04L9/3244 ,  G06F21/62 ,  H04L9/0866 ,  H04L9/3236 ,  H04L63/0428 ,  H04L63/107

摘要： Embodiments of a method and apparatus for reducing or eliminating unauthorized access to secured files are generally described herein. In some embodiments, the method includes establishing a connection between a communication portion of the secured file and an authentication agent. The method may include requesting a decryption key from the authentication agent for accessing the secured file on a first computing device. The decryption key may be based on device information retrieved from devices in an authenticated environment of devices. The authenticated environment may be an environment in which the secured the was encrypted. The method may include destroying the secured file subsequent to receiving a message indicating that the requesting has failed.

公开(公告)号：US08938074B2

公开(公告)日：2015-01-20

申请号：US13716427

申请日：2012-12-17

申请人： Steven J. Drucker

发明人： Steven J. Drucker

IPC分类号： H04K1/00 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L9/3244 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/3226

摘要： An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by assembling the message specific identifier from one or more attributes associated with the message and the first device. An encryption key request is transmitted to a server, wherein the encryption key request is based upon the message specific identifier. An encryption key is received from the server, wherein the encryption key is based on the message specific identifier and a random character set. The message is encrypted using the received encryption key and the encrypted message is sent to the second device.

摘要翻译： 公开了使用消息特定标识符在第一设备和第二设备之间安全地传送消息的设备和方法。 该方法通过从与消息和第一设备相关联的一个或多个属性组装消息特定标识符开始。 将加密密钥请求发送到服务器，其中加密密钥请求基于消息特定标识符。 从服务器接收加密密钥，其中加密密钥基于消息特定标识符和随机字符集。 消息使用接收的加密密钥进行加密，加密的消息被发送到第二设备。

公开(公告)号：US08874924B2

公开(公告)日：2014-10-28

申请号：US13671341

申请日：2012-11-07

申请人： Gavin McMillan

发明人： Gavin McMillan

IPC分类号： H04L9/32 ,  G07F17/32

CPC分类号： H04L9/3244 ,  G06F21/16 ,  G07F17/32 ,  G07F17/3241 ,  H04L2209/608

摘要： Methods and apparatus for identifying media are described. An example method includes determining application identification information for a media presentation application executing on a media device, determining a first watermark for the application identification information from a lookup table, requesting media identification information for media from the media presentation application, determining a second watermark for the media identification information from the lookup table, inserting the first watermark in the media prior to output of the media by the media device, and inserting the second watermark in the media prior to the output of the media by the media device.

摘要翻译： 描述用于识别介质的方法和装置。 一种示例性方法包括确定在媒体设备上执行的媒体呈现应用的应用识别信息，从查找表确定应用标识信息的第一水印，从媒体呈现应用请求媒体的媒体识别信息，为 来自查找表的媒体识别信息，在由媒体设备输出媒体之前在媒体中插入第一水印，以及在由媒体设备输出媒体之前将第二水印插入到媒体中。

公开(公告)号：US08619986B2

公开(公告)日：2013-12-31

申请号：US13188225

申请日：2011-07-21

申请人： Steven J. Drucker

发明人： Steven J. Drucker

IPC分类号： H04K1/00 ,  H04L9/32

CPC分类号： H04L9/3244 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/3226

摘要： An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by receiving an encryption key request from a sending device, where the encryption key request is based upon the message specific identifier, which is associated with a plurality of attributes associated with the message and the sending device. In more detail, the message specific identifier may be an information-based indicator that is unique with respect to the message and the sending device. The method parses the encryption key request and the message specific identifier to provide an intermediate argument used to enter a current random character set that is periodically generated and stored into memory. The intermediate argument helps identify which type of encryption method is desired for use in encryption key generation. An encryption key is constructed using the intermediate argument as an entry point to the current random character set. A data structure is stored associated with the message specific identifier, a random character set identifier for the current random character set, and an identifier of the encryption method used before the key is transmitted back to the device.

摘要翻译： 公开了使用消息特定标识符在第一设备和第二设备之间安全地传送消息的设备和方法。 该方法开始于从发送设备接收加密密钥请求，其中加密密钥请求基于消息特定标识符，其与与消息和发送设备相关联的多个属性相关联。 更详细地，消息特定标识符可以是关于消息和发送设备是唯一的基于信息的指示符。 该方法解析加密密钥请求和消息特定标识符，以提供用于输入周期性生成并存储到存储器中的当前随机字符集的中间参数。 中间参数有助于确定在加密密钥生成中使用哪种类型的加密方法。 使用中间参数作为当前随机字符集的入口点构建加密密钥。 存储与消息特定标识符相关联的数据结构，用于当前随机字符集的随机字符集标识符，以及在将密钥发送回设备之前使用的加密方法的标识符。

公开(公告)号：US09160539B1

公开(公告)日：2015-10-13

申请号：US13537981

申请日：2012-06-29

申请人： Ari Juels ,  Nikolaos Triandopoulos ,  Kevin Bowers ,  Catherine Hart

发明人： Ari Juels ,  Nikolaos Triandopoulos ,  Kevin Bowers ,  Catherine Hart

IPC分类号： H04L9/32

CPC分类号： H04L9/3244 ,  G06F21/554 ,  G06F2221/2107 ,  H04L9/3242 ,  H04L9/3247

摘要： Methods and apparatus are provided for secure transmission of alert messages over a message locking channel. An alert message is transmitted from a Security Alerting System indicating a potential compromise of a protected resource by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer; and transmitting the buffer to the server. The alert message is authenticated by digitally signing the alert message or applying a message authentication code and is possibly encrypted using a secret key known by a server, wherein the secret key evolves in a forward-secure manner. The authenticated alert message can be maintained in the buffer after the transmitting step. The buffer optionally has a fixed-size and alert messages can be stored in a round-robin manner, for example, from a random position. The buffer can be encrypted prior to transmission to the server.

摘要翻译： 提供了用于通过消息锁定通道安全地传送警报消息的方法和装置。 通过从安全警报系统获取警报消息，从安全警报系统发送指示受保护资源的潜在危害的警报消息; 使用服务器已知的密钥对所述警报消息进行认证，其中所述秘密密钥以前向安全的方式演进; 将经认证的警报消息存储在缓冲器中; 并将缓冲区发送到服务器。 警报消息通过对警报消息进行数字签名或应用消息认证码进行认证，并且可以使用服务器已知的秘密密钥加密，其中秘密密钥以前向安全的方式发展。 在发送步骤之后，可以在缓冲器中维护认证的警报消息。 缓冲器可选地具有固定大小，并且警报消息可以以循环方式存储，例如从随机位置存储。 缓冲区可以在传输到服务器之前进行加密。

公开(公告)号：US08904183B2

公开(公告)日：2014-12-02

申请号：US12731833

申请日：2010-03-25

申请人： Bhargav R. Bellur ,  Aravind V. Iyer ,  Debojyoti Bhattacharya

发明人： Bhargav R. Bellur ,  Aravind V. Iyer ,  Debojyoti Bhattacharya

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04W12/06 ,  G08G1/16 ,  H04W4/04 ,  H04L9/16

CPC分类号： H04L63/1458 ,  G08G1/161 ,  H04L9/16 ,  H04L9/3236 ,  H04L9/3242 ,  H04L9/3244 ,  H04L9/3247 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/123 ,  H04L2209/805 ,  H04L2209/84 ,  H04W4/046 ,  H04W12/06 ,  H04W12/10

摘要： A computationally efficient message verification strategy that achieves non-repudiation and resilience to computational denial of service attacks in conjunction with a broadcast authentication protocol that authenticates messages using a combination of a digital signature and a TESLA MAC. When messages are received at a receiver, the verification strategy separates the messages into messages with the same sender identification. The strategy then determines whether the TESLA MAC authenticator is valid for each message and discards those messages that do not have a valid TESLA MAC. The strategy collects the messages that have a valid TESLA MAC for each sender identification and performs a batch verification process on the group of messages to determine if the messages in the group have a valid digital signature. This strategy verifies each message in the group of messages if the batch verification process shows that the group of messages has a valid digital signature.

摘要翻译： 结合使用数字签名和TESLA MAC的组合认证消息的广播认证协议，实现对计算拒绝服务攻击的不可否认性和弹性的计算有效的消息验证策略。 当在接收器处接收到消息时，验证策略将消息分成具有相同发送者标识的消息。 然后，策略确定TESLA MAC认证器是否对每个消息有效，并丢弃那些没有有效TESLA MAC的消息。 该策略针对每个发送者标识收集具有有效TESLA MAC的消息，并对消息组执行批处理验证过程，以确定组中的消息是否具有有效的数字签名。 如果批次验证过程显示消息组具有有效的数字签名，则该策略将验证消息组中的每个消息。

公开(公告)号：US08792416B2

公开(公告)日：2014-07-29

申请号：US12305549

申请日：2007-06-19

申请人： Ryo Kitahara ,  Katsuhiro Noguchi

发明人： Ryo Kitahara ,  Katsuhiro Noguchi

IPC分类号： H04L9/32 ,  H04L9/30 ,  H04L9/00

CPC分类号： H04L9/3244 ,  G06F21/31 ,  G06F2221/2145 ,  H04L9/006 ,  H04L9/30 ,  H04L9/3247 ,  H04L63/062 ,  H04L63/12 ,  H04L2209/80 ,  H04W4/12 ,  H04W4/90 ,  H04W12/10 ,  H04W88/12

摘要： In a mobile communication system, a radio device is configured to transmit notification information transmitted from a distribution server, to a mobile station, by use of broadcast communication. The distribution server 10 includes a key transmitter unit 12 configured to transmit a public key of the distribution server 10 to the mobile station UE; the radio device RNC, Node B includes a notification information transmitter unit 22, 42, 42A configured to transmit, to the mobile station UE, the notification information transmitted from the distribution server 10; and the mobile station UE includes an authentication unit 36 configured to authenticate the validity of the received notification information in reference to an electronic signature for the notification information.

摘要翻译： 在移动通信系统中，无线装置被配置为通过使用广播通信来发送从分发服务器发送到移动台的通知信息。 分发服务器10包括：密钥发送单元12，被配置为向移动台UE发送分发服务器10的公开密钥; 无线设备RNC，节点B包括：通知信息发送部22,42,42，被配置为向移动台UE发送从分发服务器10发送的通知信息; 并且移动台UE包括认证单元36，其被配置为参照用于通知信息的电子签名认证接收到的通知信息的有效性。

公开(公告)号：US08583915B1

公开(公告)日：2013-11-12

申请号：US12131809

申请日：2008-06-02

申请人： Andrew Shane Huang

发明人： Andrew Shane Huang

IPC分类号： H04L29/06

CPC分类号： H04L9/32 ,  H04L9/006 ,  H04L9/0825 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3236 ,  H04L9/3244 ,  H04L9/3247 ,  H04L9/3271 ,  H04L63/0869 ,  H04L63/1441

摘要： Systems and methods for client authentication and verification in a distributed client-server system are described. An authentication and verification system may include a plurality of client devices containing private keys, a first server configured to interface with the plurality of client devices, and a second, secure server configured to interface with the first server and store public keys associated with the private keys on the client devices. A method is further described for verifying client devices in conjunction with the first and second servers. The first server may contain secure tokens that can be decrypted in conjunction with the authentication and verification method.

摘要翻译： 描述了分布式客户端 - 服务器系统中用于客户端认证和验证的系统和方法。 认证和验证系统可以包括包含私钥的多个客户端设备，被配置为与多个客户端设备进行接口的第一服务器，以及被配置为与第一服务器接口并存储与该私有设备相关联的公钥的第二安全服务器 客户端设备上的密钥。 进一步描述了结合第一和​​第二服务器验证客户端设备的方法。 第一个服务器可能包含可以与认证和验证方法一起解密的安全令牌。