专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10103875B1 Authentication through a secret holding proxy 有权
公开(公告)号：US10103875B1
公开(公告)日：2018-10-16
申请号：US13332199
申请日：2011-12-20
申请人： Gregory B. Roth , Graeme D. Baer , Nathan R. Fitch , Eric D. Crahen , Eric J. Brandwine
发明人： Gregory B. Roth , Graeme D. Baer , Nathan R. Fitch , Eric D. Crahen , Eric J. Brandwine
IPC分类号： H04L9/08 , H04L9/06
摘要： Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.

2. 发明授权

US09256762B1 Securing a remote database 有权
标题翻译：保护远程数据库
公开(公告)号：US09256762B1
公开(公告)日：2016-02-09
申请号：US13332182
申请日：2011-12-20
申请人： Gregory B. Roth , Nathan R. Fitch , Bradley Jeffrey Behm , Patrick J. Ward , Graeme Baer , Eric Jason Brandwine
发明人： Gregory B. Roth , Nathan R. Fitch , Bradley Jeffrey Behm , Patrick J. Ward , Graeme Baer , Eric Jason Brandwine
IPC分类号： G06F21/62 , G06F17/30
CPC分类号： G06F21/6227 , G06F17/30389 , G06F17/30427 , G06F17/30477 , G06F21/602 , G06F21/6218 , H04L9/3247 , H04L9/3263
摘要： A database access system may protect a field by storing the field as one or more underlying fields within a database. The database engine may not have access to keys used to protect the underlying fields within the database, such as by encryption, while the database access system may have access to the keys. Underlying fields may be used to store protected data and aid in the querying of protected data. The database access system may modify queries to use the underlying fields, which may include encrypting query terms and/or modifying query terms to fit the use of the underlying fields. The database access system may modify query results to match the format of the original query, which may include decrypting protected results and/or removing underlying fields.
摘要翻译：数据库访问系统可以通过将字段存储为数据库中的一个或多个底层字段来保护字段。数据库引擎可能无法访问用于保护数据库中的基础字段的密钥，例如通过加密，而数据库访问系统可以访问密钥。基础领域可用于存储受保护的数据，并帮助查询受保护的数据。数据库访问系统可以修改查询以使用基础字段，其可以包括加密查询项和/或修改查询词以适合使用底层字段。数据库访问系统可以修改查询结果以匹配原始查询的格式，其可以包括解密受保护的结果和/或移除基础字段。

3. 发明授权

US09225690B1 Browser security module 有权
标题翻译：浏览器安全模块
公开(公告)号：US09225690B1
公开(公告)日：2015-12-29
申请号：US13312774
申请日：2011-12-06
申请人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
发明人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC分类号： H04L29/06
CPC分类号： H04L9/085 , H04L63/04 , H04L63/0428 , H04L63/06 , H04L67/02
摘要： Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
摘要翻译：可以发送经认证的请求，而不需要包括或潜在地公开用于认证过程的秘密信息的请求。客户机设备使用诸如密钥的安全凭证来签署要发送给接收者的请求。当接收到请求时，收件人确定请求是否使用发送方的正确密钥进行了签名。在一些实施例中，客户端令牌包括在无状态地编码密钥的请求中，使得能够解码客户端令牌的接收者确定密钥并将该密钥与请求的签名进行比较。发件人可以将秘密信息存储在诸如浏览器安全模块的安全位置，使得秘密信息不会暴露给在客户端设备上执行的浏览器或脚本。

4. 发明授权

US09178701B2 Parameter based key derivation 有权
标题翻译：基于参数的密钥推导
公开(公告)号：US09178701B2
公开(公告)日：2015-11-03
申请号：US13248962
申请日：2011-09-29
申请人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
发明人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
IPC分类号： H04L9/32 , H04L9/08 , G06F21/31 , H04L29/06
CPC分类号： H04L9/0891 , G06F21/31 , G06F2221/2115 , H04L9/083 , H04L9/088 , H04L9/3247 , H04L63/08 , H04L2209/38 , H04L2463/061
摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译：用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。生成的密钥可以用作签名密钥来签名消息。取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

5. 发明授权

US09117062B1 Stateless and secure authentication 有权
标题翻译：无状态和安全认证
公开(公告)号：US09117062B1
公开(公告)日：2015-08-25
申请号：US13312760
申请日：2011-12-06
申请人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
发明人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC分类号： G06F21/30 , H04L9/32
CPC分类号： H04L63/08 , G06F21/30 , G06F21/31 , H04L9/0825 , H04L9/32 , H04L9/3213 , H04L9/3234 , H04L63/00 , H04L63/06 , H04L63/0807 , H04L63/168
摘要： Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
摘要翻译：可以发送经认证的请求，而不需要包括或潜在地公开用于认证过程的秘密信息的请求。客户机设备使用诸如密钥的安全凭证来签署要发送给接收者的请求。当接收到请求时，收件人确定请求是否使用发送方的正确密钥进行了签名。在一些实施例中，客户端令牌包括在无状态地编码密钥的请求中，使得能够解码客户端令牌的接收者确定密钥并将该密钥与请求的签名进行比较。发件人可以将秘密信息存储在诸如浏览器安全模块的安全位置，使得秘密信息不会暴露给在客户端设备上执行的浏览器或脚本。

6. 发明授权

US08724815B1 Key management in a distributed system 有权
标题翻译：分布式系统中的密钥管理
公开(公告)号：US08724815B1
公开(公告)日：2014-05-13
申请号：US13248351
申请日：2011-09-29
申请人： Gregory B. Roth , Kevin Ross O'Neill , Nathan R. Fitch
发明人： Gregory B. Roth , Kevin Ross O'Neill , Nathan R. Fitch
IPC分类号： H04L29/00
CPC分类号： H04L63/062
摘要： Secure information is managed for each host or machine in an electronic environment using cryptographic keys. In some embodiments, a globally distributed system manage and rotate keys across various nodes within the system based on a predetermined schedule of each key's lifecycle. The predetermined schedule decides when keys are created, distributed, and used with respect to each key's pre-assigned time (e.g., an expiration time, a creation time). The schedule of the key's lifecycle may be predetermined and adjusted based on various system requirements. The keys may be automatically rotated throughout the various nodes in the system in a way such that the keys are not unnecessarily exposed for too long but are accessible to the ciphertext producers and the ciphertext consumers when needed. Further, the keys are created and rotated in a way to ensure robustness of the system in the event of a global WAN outage or network partition.
摘要翻译：使用加密密钥在电子环境中为每个主机或机器管理安全信息。在一些实施例中，全球分布式系统基于每个密钥的生命周期的预定时间表来管理和旋转系统内各个节点上的密钥。预定时间表决定关于每个键的预分配时间（例如，到期时间，创建时间）创建，分发和使用键。密钥生命周期的时间表可以根据各种系统要求进行预定和调整。密钥可以以系统的各种节点自动旋转，使得密钥不会被不必要地暴露太久，但是当需要时密钥生成器和密文消费者可以访问这些密钥。此外，以全局WAN中断或网络分区的方式创建和旋转密钥以确保系统的鲁棒性。

7. 发明申请

US20130086663A1 KEY DERIVATION TECHNIQUES 有权
标题翻译：主要衍生技术
公开(公告)号：US20130086663A1
公开(公告)日：2013-04-04
申请号：US13248973
申请日：2011-09-29
申请人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
发明人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L9/083 , G06F21/31 , G06F2221/2115 , H04L9/0861 , H04L9/088 , H04L9/3242 , H04L9/3247 , H04L63/0884 , H04L63/126 , H04L2209/38
摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译：用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。生成的密钥可以用作签名密钥来签名消息。取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

8. 发明申请

US20130086661A1 TECHNIQUES FOR CLIENT CONTRUCTED SESSIONS 有权
标题翻译：客户参加会议的技术
公开(公告)号：US20130086661A1
公开(公告)日：2013-04-04
申请号：US13248953
申请日：2011-09-29
申请人： Gregory B. Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
发明人： Gregory B. Roth , Eric Jason Brandwine , Nathan R. Fitch , Cristian M. Ilac , Eric D. Crahen
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/102 , G06F21/335 , G06F2221/2137 , H04L9/083 , H04L9/0861 , H04L9/088 , H04L9/32 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38
摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译：用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。生成的密钥可以用作签名密钥来签名消息。取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

9. 发明授权

US08051491B1 Controlling use of computing-related resources by multiple independent parties 有权
标题翻译：由多个独立方控制计算相关资源的使用
公开(公告)号：US08051491B1
公开(公告)日：2011-11-01
申请号：US11966692
申请日：2007-12-28
申请人： Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
发明人： Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
IPC分类号： G06F7/04 , G06F17/30 , H04N7/16
CPC分类号： H04L63/10 , G06F21/604 , G06F21/6218 , G06F2221/2141 , H04L63/0227 , H04L63/102 , H04L63/20
摘要： Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要翻译：描述了用于管理对计算相关资源的访问的技术，例如，可以使多个不同方独立地控制对资源的访问（例如，使得只有当所有多个关联方批准该访问时，访问资源的请求才能成功）。例如，执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源（例如，由在这种情况下，可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源（例如，存储的数据文件）的访问权限，例如，最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。

10. 发明授权

US09639825B1 Securing multifactor authentication 有权
公开(公告)号：US09639825B1
公开(公告)日：2017-05-02
申请号：US13159840
申请日：2011-06-14
申请人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
发明人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
IPC分类号： H04L9/32 , H04W4/00 , H04M1/00 , G06Q10/10 , G06Q20/10 , G06F21/34 , H04L29/06
CPC分类号： G06Q10/10 , G06F21/34 , G06F21/36 , G06Q20/10 , H04L9/3215 , H04L9/3228 , H04L9/3271 , H04L63/0838 , H04L63/0853 , H04L63/18 , H04L2463/082
摘要： In certain embodiments, a system receives a request sent by a device to authorize an operation. The system initiates display of an image encoding a challenge code to allow the device to capture the image and extract the challenge code. The device calculates a response using the challenge code and a seed, and sends the response to the system. In certain examples, the device may send the request over a first channel and the response over a second channel distinct from the first channel. In other examples, the device displays the response and a user inputs the response into a computing system to send to the system.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式