专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08683452B1 Dynamically obfuscated javascript 有权
标题翻译：动态混淆的javascript
公开(公告)号：US08683452B1
公开(公告)日：2014-03-25
申请号：US12974756
申请日：2010-12-21
申请人： Roy Hodgman , Ofer Mizrach , Ofri Mann , Alex Vaystikh
发明人： Roy Hodgman , Ofer Mizrach , Ofri Mann , Alex Vaystikh
IPC分类号： G06F9/44 , G06F9/45 , G06F12/14
CPC分类号： G06F8/51
摘要： An improved technique of providing computer code to a set of client computers is disclosed. In the improved technique, a set of files is generated, each file in the set of files including computer code configured to be read by an interpreter on each client computer, the computer code in each file including a set of functions, each function in the set of functions having a name, the name of a function in the set of functions in a first file in the set of files differing from the name of a corresponding function in the set of functions in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer.
摘要翻译：公开了一种向一组客户端计算机提供计算机代码的改进技术。在改进的技术中，生成一组文件，文件集中的每个文件包括配置为由每个客户端计算机上的解释器读取的计算机代码，每个文件中的计算机代码包括一组功能，每个功能在一组具有名称的功能的名称，该组文件中的第一个文件中的功能集中的功能的名称与文件集中的第二个文件中的功能集中的相应功能的名称不同，第一文件中的计算机代码和第二文件中的计算机代码被构造和布置成在每个客户端计算机上通过解释器运行时产生功能上相同的计算机指令集。

2. 发明授权

US10592978B1 Methods and apparatus for risk-based authentication between two servers on behalf of a user 有权
公开(公告)号：US10592978B1
公开(公告)日：2020-03-17
申请号：US13537525
申请日：2012-06-29
申请人： Alex Vaystikh , Alon Kaufman , Yael Villa
发明人： Alex Vaystikh , Alon Kaufman , Yael Villa
IPC分类号： G06Q40/00
摘要： Methods and apparatus are provided for risk-based authentication between two servers on behalf of a user. A method is provided for controlling access by a consumer to a service provider on behalf of a user. An authentication request is issued responsive to an initial access request from the consumer to access the service provider on behalf of the user. An access token is provided to the consumer upon approval from the user to grant access to the consumer. Upon receiving a subsequent access request from the consumer with the access token to access the service provider on behalf of the user; a risk analysis is performed to determine if the subsequent access request should be granted. The risk analysis can determine if the subsequent access complies with one or more rules of the user. The user is optionally prompted to specify whether to allow the subsequent access request and/or future similar transactions.

3. 发明授权

US09092782B1 Methods and apparatus for risk evaluation of compromised credentials 有权
标题翻译：损害凭证风险评估的方法和手段
公开(公告)号：US09092782B1
公开(公告)日：2015-07-28
申请号：US13537506
申请日：2012-06-29
申请人： Alex Zaslavsky , Alon Kaufman , Yael Villa , Marcelo Blatt , Alex Vaystikh
发明人： Alex Zaslavsky , Alon Kaufman , Yael Villa , Marcelo Blatt , Alex Vaystikh
IPC分类号： G06F21/00 , G06Q20/40
CPC分类号： G06F21/577 , G06F21/45 , G06F2221/2131 , G06Q20/4016
摘要： Techniques are provided for evaluating compromised credential information. A method for evaluating compromised credentials comprises the steps of: collecting data regarding previously compromised credentials that were used to commit an unauthorized activity; applying one or more statistical learning methods to the collected data to identify one or more patterns; and evaluating a risk of credentials that have been compromised by one or more attackers using the identified patterns. According to a further aspect of the invention, a risk score is generated for one or more users and devices. The risk scores are optionally ordered based on an order of risk. The data can be collected, for example, from one or more of anti-fraud servers and information sources.
摘要翻译：提供技术来评估受损的凭证信息。用于评估受损凭据的方法包括以下步骤：收集关于用于提交未授权活动的先前被破坏的凭证的数据; 将一个或多个统计学习方法应用于所收集的数据以识别一个或多个模式; 并评估已被一个或多个攻击者使用识别的模式损害的凭据风险。根据本发明的另一方面，为一个或多个用户和设备生成风险评分。风险分数可根据风险顺序进行排序。可以例如从一个或多个反欺诈服务器和信息源收集数据。

4. 发明授权

US08875244B1 Method and apparatus for authenticating a user using dynamic client-side storage values 有权
标题翻译：使用动态客户端存储值来认证用户的方法和装置
公开(公告)号：US08875244B1
公开(公告)日：2014-10-28
申请号：US13077076
申请日：2011-03-31
申请人： Alex Vaystikh , Oleg Freylafert
发明人： Alex Vaystikh , Oleg Freylafert
IPC分类号： G06F7/04 , G06F17/30 , H04L29/06 , G06F15/173 , G06F21/00 , H04L9/32
CPC分类号： H04L9/3228 , H04L9/321 , H04L63/0428 , H04L63/0815 , H04L63/0876
摘要： Access of a client device to a protected resource is controlled by issuing an authentication information request for a dynamic sub-set of client-side storage values previously stored on the client device by one or more servers. Authentication information is received from the client device based on the dynamic sub-set of client-side storage values. The client device is authenticated based upon verification of the received authentication information. The received authentication information from the client device is optionally encrypted. The client-side storage values comprise any value stored by one or more servers on the client device. The client-side storage values are substantially specific to the client device. The client-side storage values are optionally stored as a matrix. The requested dynamic sub-set of the client-side storage values may comprise one or more cells from a plurality of records in the matrix. The requested dynamic sub-set of the client-side storage values ensures that an authentication for two different login sessions do not request a same sub-set of the client-side storage values.
摘要翻译：通过对一个或多个服务器先前存储在客户端设备上的客户端存储值的动态子集发出认证信息请求来控制客户端设备到受保护资源的访问。基于客户端存储值的动态子集，从客户端设备接收认证信息。基于所接收的认证信息的验证来对客户端设备进行认证。来自客户端设备的接收到的认证信息可选地加密。客户端存储值包括由客户端设备上的一个或多个服务器存储的任何值。客户端存储值实质上特定于客户端设备。客户端存储值可选地存储为矩阵。所请求的客户端存储值的动态子集可以包括矩阵中的多个记录中的一个或多个单元。所请求的客户端存储值的动态子集确保两个不同登录会话的认证不要求客户端存储值的相同子集。

5. 发明授权

US08479276B1 Malware detection using risk analysis based on file system and network activity 有权
标题翻译：基于文件系统和网络活动的风险分析的恶意软件检测
公开(公告)号：US08479276B1
公开(公告)日：2013-07-02
申请号：US12981072
申请日：2010-12-29
申请人： Alex Vaystikh , Robert Polansky , Samir Dilipkumar Saklikar , Liron Liptz
发明人： Alex Vaystikh , Robert Polansky , Samir Dilipkumar Saklikar , Liron Liptz
IPC分类号： G06F7/04
CPC分类号： G06F21/577
摘要： A virtual machine computing platform uses a security virtual machine (SVM) in operational communications with a risk engine which has access to a database including stored patterns corresponding to patterns of filtered operational data that are expected to be generated during operation of the monitored virtual machine when malware is executing. The stored patterns may have been generated during preceding design and training phases. The SVM is operated to (1) receive raw operational data from a virtual machine monitor, the raw operational data obtained from file system operations and network operations of the monitored virtual machine; (2) apply rule-based filtering to the raw operational data to generate filtered operational data; and (3) in conjunction with the risk engine, perform a mathematical (e.g., Bayesian) analysis based on the filtered operational data and the stored patterns in the database to calculate a likelihood that the malware is executing in the monitored virtual machine. A control action is taken if the likelihood is sufficiently high.
摘要翻译：虚拟机计算平台使用安全虚拟机（SVM）与风险引擎进行操作通信，所述风险引擎可以访问数据库，所述数据库包括对应于预期在所监视的虚拟机的操作期间生成的经过过滤的操作数据的模式的存储模式，恶意软件正在执行。存储的模式可能在以前的设计和训练阶段已经生成。运行SVM以（1）从虚拟机监视器接收原始操作数据，从文件系统操作获得的原始操作数据和被监视虚拟机的网络操作; （2）对原始操作数据应用基于规则的过滤以生成经过滤的操作数据; 和（3）结合风险引擎，基于过滤的操作数据和数据库中存储的模式执行数学（例如，贝叶斯）分析，以计算恶意软件在被监视的虚拟机中执行的可能性。如果可能性足够高，则采取控制措施。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式