专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09594911B1 Methods and apparatus for multi-factor authentication risk detection using beacon images 有权
标题翻译：使用信标图像进行多因素认证风险检测的方法和装置
公开(公告)号：US09594911B1
公开(公告)日：2017-03-14
申请号：US13617210
申请日：2012-09-14
申请人： Anton Khitrenovich , Oleg Freylafert , Yedidya Dotan , Maor Franco
发明人： Anton Khitrenovich , Oleg Freylafert , Yedidya Dotan , Maor Franco
IPC分类号： G06F21/57 , H04L29/06
CPC分类号： G06F21/577 , G06F21/31 , G06F21/57 , H04L63/083 , H04L63/10 , H04L63/1433
摘要： Methods and apparatus are provided for multi-factor authentication of a user using beacon images. Access is provided to a protected resource by receiving a browser request for a beacon image, wherein the beacon image is embedded in an access request page (e.g., a login page) for the protected resource; collecting data in response to the browser request from a device associated with the browser; and providing the data for a risk assessment of the request. The beacon image comprises, for example, a substantially invisible image and can be loaded when the access request page is loaded in the browser or when a user submits credentials in the access request page.
摘要翻译：提供了用于使用信标图像的用户的多因素认证的方法和装置。通过接收对信标图像的浏览器请求来向受保护资源提供访问，其中信标图像被嵌入在用于受保护资源的访问请求页面（例如，登录页面）中; 响应于来自与浏览器相关联的设备的浏览器请求收集数据; 并提供用于风险评估请求的数据。信标图像例如包括基本上不可见的图像，并且可以在访问请求页面被加载到浏览器中或当用户在访问请求页面中提交凭证时被加载。

2. 发明授权

US08650405B1 Authentication using dynamic, client information based PIN 有权
标题翻译：使用动态，基于客户端信息的PIN验证
公开(公告)号：US08650405B1
公开(公告)日：2014-02-11
申请号：US13173607
申请日：2011-06-30
申请人： Yedidya Dotan , Lawrence N. Friedman , Oleg Freylafert , Robert S. Philpott , Daniel Schiappa
发明人： Yedidya Dotan , Lawrence N. Friedman , Oleg Freylafert , Robert S. Philpott , Daniel Schiappa
IPC分类号： G06F21/00
CPC分类号： G06F21/31
摘要： An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The user-specific authentication information is processed to form a PIN, and authentication of the user proceeds based on the PIN and any other authentication factors provided. Since the disclosed techniques compute PINs automatically based on information exchanged between a client machine and a server, the user is relieved of any burden associated with registering and remembering a PIN.
摘要翻译：改进的基于PIN的认证技术用于向服务器认证客户端机器的用户，基于用户特定的认证信息（例如加密的cookie信息）自动生成用户的个人识别号码（PIN）。服务器向客户机提供用户特定的认证信息。当用户提交认证请求时，收集用户特定的身份验证信息并将其上传到服务器。处理用户特定认证信息以形成PIN，并且用户的认证基于PIN和提供的任何其他认证因素而进行。由于所公开的技术基于在客户机和服务器之间交换的信息自动计算PIN，所以用户免除与注册和记住PIN相关联的任何负担。

3. 发明授权

US08875244B1 Method and apparatus for authenticating a user using dynamic client-side storage values 有权
标题翻译：使用动态客户端存储值来认证用户的方法和装置
公开(公告)号：US08875244B1
公开(公告)日：2014-10-28
申请号：US13077076
申请日：2011-03-31
申请人： Alex Vaystikh , Oleg Freylafert
发明人： Alex Vaystikh , Oleg Freylafert
IPC分类号： G06F7/04 , G06F17/30 , H04L29/06 , G06F15/173 , G06F21/00 , H04L9/32
CPC分类号： H04L9/3228 , H04L9/321 , H04L63/0428 , H04L63/0815 , H04L63/0876
摘要： Access of a client device to a protected resource is controlled by issuing an authentication information request for a dynamic sub-set of client-side storage values previously stored on the client device by one or more servers. Authentication information is received from the client device based on the dynamic sub-set of client-side storage values. The client device is authenticated based upon verification of the received authentication information. The received authentication information from the client device is optionally encrypted. The client-side storage values comprise any value stored by one or more servers on the client device. The client-side storage values are substantially specific to the client device. The client-side storage values are optionally stored as a matrix. The requested dynamic sub-set of the client-side storage values may comprise one or more cells from a plurality of records in the matrix. The requested dynamic sub-set of the client-side storage values ensures that an authentication for two different login sessions do not request a same sub-set of the client-side storage values.
摘要翻译：通过对一个或多个服务器先前存储在客户端设备上的客户端存储值的动态子集发出认证信息请求来控制客户端设备到受保护资源的访问。基于客户端存储值的动态子集，从客户端设备接收认证信息。基于所接收的认证信息的验证来对客户端设备进行认证。来自客户端设备的接收到的认证信息可选地加密。客户端存储值包括由客户端设备上的一个或多个服务器存储的任何值。客户端存储值实质上特定于客户端设备。客户端存储值可选地存储为矩阵。所请求的客户端存储值的动态子集可以包括矩阵中的多个记录中的一个或多个单元。所请求的客户端存储值的动态子集确保两个不同登录会话的认证不要求客户端存储值的相同子集。

4. 发明授权

US08683568B1 Using packet interception to integrate risk-based user authentication into online services 有权
标题翻译：使用数据包拦截将基于风险的用户认证集成到在线服务中
公开(公告)号：US08683568B1
公开(公告)日：2014-03-25
申请号：US13239863
申请日：2011-09-22
申请人： Anton Khitrenovich , Oded Peer , Oleg Freylafert
发明人： Anton Khitrenovich , Oded Peer , Oleg Freylafert
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/168 , H04L67/1002
摘要： Techniques for using a network analyzer device connected to a network include (a) sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user, (b) analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, and (c) sending the extracted event information to an authentication server for risk-based authentication of the user.
摘要翻译：使用连接到网络的网络分析器装置的技术包括：（a）在基于web的应用服务器和用户机器之间嗅探穿过网络的分组，所述用户机器由用户操作，（b）分析所述嗅探分组以提取与用户机和基于web的应用服务器之间的交互事件相关的事件信息，以及（c）将提取的事件信息发送到用于用户的风险认证的认证服务器。

5. 发明授权

US09032490B1 Techniques for authenticating a user with heightened security 有权
标题翻译：用于认证具有较高安全性的用户的技术
公开(公告)号：US09032490B1
公开(公告)日：2015-05-12
申请号：US13611941
申请日：2012-09-12
申请人： Anton Khitrenovich , Oleg Freylafert , Yedidya Dotan
发明人： Anton Khitrenovich , Oleg Freylafert , Yedidya Dotan
IPC分类号： G06F15/16 , G06F17/30 , H04L29/06 , G06F21/31 , G06F21/00 , G06F15/173
CPC分类号： G06F21/31 , G06F21/35 , H04L63/08 , H04L63/083
摘要： A method performed by a computing device is described. The method includes (a) receiving an authentication request from an application server seeking to authenticate a user for access to a service provided by the application server, (b) communicating with a first authentication server to obtain a first authentication of the user, (c) communicating with a second authentication server to obtain a second authentication of the user, the second authentication server being distinct from the first authentication server and the second authentication being of a type distinct from the first authentication, (d) rejecting the authentication request if and only if one or both of the first authentication and the second authentication is negative, and (e) upon rejecting the authentication request, sending a rejection message to the application server without informing the application server whether the first authentication or the second authentication was negative.
摘要翻译：描述由计算设备执行的方法。该方法包括：（a）从应用服务器接收认证请求，寻求认证用户访问由应用服务器提供的服务，（b）与第一认证服务器通信以获得用户的第一认证，（c ）与第二认证服务器通信以获得用户的第二认证，所述第二认证服务器与所述第一认证服务器不同，并且所述第二认证是与所述第一认证不同的类型，（d）拒绝所述认证请求，仅当第一认证和第二认证中的一个或两个为否定时，以及（e）拒绝认证请求后，向应用服务器发送拒绝消息，而不通知应用服务器第一认证或第二认证是否为负。

6. 发明授权

US08949953B1 Brokering multiple authentications through a single proxy 有权
标题翻译：通过单个代理来代理多个身份验证
公开(公告)号：US08949953B1
公开(公告)日：2015-02-03
申请号：US13611919
申请日：2012-09-12
申请人： Anton Khitrenovich , Oleg Freylafert , Yedidya Dotan , Lawrence N. Friedman , Karl Ackerman
发明人： Anton Khitrenovich , Oleg Freylafert , Yedidya Dotan , Lawrence N. Friedman , Karl Ackerman
IPC分类号： H04L29/06
CPC分类号： H04L63/08
摘要： A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.
摘要翻译：一种方法包括：（a）从应用服务器接收用户的登录消息，所述登录消息包括用于基于凭证的认证（CBA）的用户凭证，（b）将所述用户证书转发到CBA服务器以用于 CBA，（c）作为响应，从CBA服务器接收认证决定消息，（d）从CBA服务器接收到的认证决定消息发送决策信息给基于风险的认证（RBA）服务器，RBA服务器为与CBA服务器不同的是，RBA服务器在执行RBA认证决策时要使用的决策信息，（e）如果认证决定消息为肯定的，则向应用服务器发送质询消息以启动要由补充CBA的RBA服务器，以及（f）如果认证决定消息为否定，则向应用服务器发送拒绝消息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式