专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08601552B1 Personal identification pairs 有权
标题翻译：个人识别对
公开(公告)号：US08601552B1
公开(公告)日：2013-12-03
申请号：US12748690
申请日：2010-03-29
申请人： Kevin D. Bowers , Ari Juels
发明人： Kevin D. Bowers , Ari Juels
IPC分类号： G06F21/00
CPC分类号： G06F21/36
摘要： A method by which a computer system authenticates a user is provided. The method includes (a) displaying a plurality of unique elements to a user on a display device, (b) receiving a set of points corresponding to a sweeping motion performed by the user with respect to the display device, (c) determining a pair of unique elements of the plurality of unique elements defined by endpoints of the sweeping motion, and (d) authenticating the user only if the pair of unique elements is associated for authentication purposes with the user. An apparatus and computer program product for performing the method are also provided.
摘要翻译：提供了计算机系统认证用户的方法。该方法包括：（a）在显示设备上向用户显示多个唯一元素，（b）接收与用户相对于显示设备执行的扫描运动相对应的一组点，（c）确定一对由扫描运动的端点定义的多个唯一元素的唯一元素，以及（d）只有当该对唯一元素与用户的认证目的相关联时才对用户进行认证。还提供了一种用于执行该方法的装置和计算机程序产品。

2. 发明授权

US09659177B1 Authentication token with controlled release of authentication information based on client attestation 有权
公开(公告)号：US09659177B1
公开(公告)日：2017-05-23
申请号：US13625465
申请日：2012-09-24
申请人： Ari Juels , Kevin D. Bowers
发明人： Ari Juels , Kevin D. Bowers
IPC分类号： G06F3/00 , G06F21/57
CPC分类号： G06F21/57 , G06F21/34 , G06F21/445 , G06F21/575 , H04L63/0853 , H04L63/0869
摘要： An authentication token configured to generate authentication information comprises an attestation module. The attestation module of the authentication token is configured to receive an attestation generated by an attestation module of a client, to perform a check on the received attestation, and to release the authentication information to a designated entity if the check indicates that the attestation is valid. The designated entity may comprise the client itself or another entity that participates in an authentication process involving at least one of the authentication token and the client. The authentication token in performing the check on the attestation received from the client may determine if the received attestation conforms to a predetermined policy. The attestation may comprise a platform attestation generated by the client for a given instantiated software stack of the client.

3. 发明授权

US09015476B1 Cryptographic device operable in a challenge-response mode 有权
标题翻译：加密设备可在质询 - 响应模式下操作
公开(公告)号：US09015476B1
公开(公告)日：2015-04-21
申请号：US13708322
申请日：2012-12-07
申请人： Ari Juels , Guoying Luo , Kevin D. Bowers
发明人： Ari Juels , Guoying Luo , Kevin D. Bowers
IPC分类号： H04L9/34 , G06F21/34
CPC分类号： G06F21/34 , G06F2221/2103
摘要： Methods, apparatus and articles of manufacture for implementing cryptographic devices operable in a challenge-response mode are provided herein. A method includes storing a set of authentication information in a first cryptographic device associated with a user, receiving a challenge in the first cryptographic device in connection with a user authentication request responsive to a request from the user to access a protected resource, wherein the challenge comprises an index of at least one non-sequential portion of the authentication information stored in the first cryptographic device, and outputting a non-sequential portion of the authentication information from the set of authentication information stored in the first cryptographic device in response to the challenge for use in authenticating the user.
摘要翻译：本文提供了用于实现以质询 - 响应模式操作的加密装置的方法，装置和制造。一种方法包括将一组认证信息存储在与用户相关联的第一密码设备中，响应于来自用户访问受保护资源的请求，在与第一密码设备相关联的用户认证请求中接收质询，其中，挑战包括存储在第一密码装置中的认证信息的至少一个非顺序部分的索引，并且响应于该挑战从存储在第一密码装置中的认证信息集合输出认证信息的非顺序部分用于认证用户。

4. 发明申请

US20150242616A1 Credential recovery with the assistance of trusted entities 有权
标题翻译：在信任实体的协助下进行凭证恢复
公开(公告)号：US20150242616A1
公开(公告)日：2015-08-27
申请号：US14190195
申请日：2014-02-26
申请人： Alina Oprea , Kevin D. Bowers , Nikolaos Triandopoulos , Ting-Fang Yen , Ari Juels
发明人： Alina Oprea , Kevin D. Bowers , Nikolaos Triandopoulos , Ting-Fang Yen , Ari Juels
IPC分类号： G06F21/44
CPC分类号： G06F21/445 , G06F21/32 , G06F21/34 , G06F2221/2113 , G06F2221/2131
摘要： There is disclosed a method for use in credential recovery. In one exemplary embodiment, the method comprises determining a policy that requires at least one trusted entity to verify the identity of a first entity in order to facilitate credential recovery. The method also comprises receiving at least one communication that confirms verification of the identity of the first entity by at least one trusted entity. The method further comprises permitting credential recovery based on the received verification.
摘要翻译：公开了用于证书恢复的方法。在一个示例性实施例中，该方法包括确定需要至少一个可信实体来验证第一实体的身份以便于凭证恢复的策略。该方法还包括接收由至少一个可信实体验证第一实体的身份的至少一个通信。该方法还包括基于所接收的验证允许凭证恢复。

5. 发明授权

US08984384B1 Distributed storage system with efficient handling of file updates 有权
标题翻译：具有高效处理文件更新的分布式存储系统
公开(公告)号：US08984384B1
公开(公告)日：2015-03-17
申请号：US12827097
申请日：2010-06-30
申请人： Ari Juels , Kevin D. Bowers , Alina Oprea
发明人： Ari Juels , Kevin D. Bowers , Alina Oprea
IPC分类号： G06F21/62 , H04L29/08
CPC分类号： G06F21/6218 , G06F21/64 , H04L67/1097
摘要： A client device or other processing device comprises a file encoding module, with the file encoding module being configured to separate a file into a plurality of sets of file blocks, to assign sets of the file blocks to respective ones of a plurality of servers, to define a plurality of parity groups each comprising a different subset of the plurality of servers, to assign, for each of the servers, each of its file blocks to at least one of the defined parity groups, and to compute one or more parity blocks for each of the parity groups. The file blocks are stored on their associated servers, and the parity blocks computed for each of the parity groups are stored on respective ones of the servers other than those within that parity group. Such an arrangement advantageously ensures that only a limited number of parity block recomputations are required in response to file block updates.
摘要翻译：客户端设备或其他处理设备包括文件编码模块，文件编码模块被配置为将文件分离成多组文件块，以将多个文件块的集合分配给多个服务器中的相应的服务器，定义多个奇偶校验组，每个奇偶校验组包括多个服务器的不同子集，为每个服务器将其每个文件块分配给所定义的奇偶校验组中的至少一个，并计算一个或多个奇偶校验块用于每个奇偶校验组。文件块存储在其相关联的服务器上，并且为每个奇偶校验组计算的奇偶校验块存储在除了该奇偶校验组内的那些服务器之外的相应服务器上。这种安排有利地确保了响应于文件块更新仅需要有限数量的奇偶校验块重新计算。

6. 发明授权

US08813234B1 Graph-based approach to deterring persistent security threats 有权
标题翻译：以图为基础的方法来阻止持续的安全威胁
公开(公告)号：US08813234B1
公开(公告)日：2014-08-19
申请号：US13171759
申请日：2011-06-29
申请人： Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
发明人： Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
IPC分类号： G06F21/00
CPC分类号： G06F21/552 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要： A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.
摘要翻译：处理设备包括处理器，其耦合到存储器并且实现基于图的方法以保护包括信息技术基础设施的系统免受持久的安全威胁。持续性安全威胁的攻击升级状态被分配给图中的相应节点，并且用于防止节点对之间的转换的防御成本被分配给图中的相应边缘。计算图的最小值，并根据最小值确定防御策略。包含受到持续安全威胁的信息技术基础架构的系统是根据防御策略配置的，以便阻止持续的安全威胁。

7. 发明授权

US08381062B1 Proof of retrievability for archived files 有权
标题翻译：归档文件的可检索性证明
公开(公告)号：US08381062B1
公开(公告)日：2013-02-19
申请号：US12115145
申请日：2008-05-05
申请人： Ari Juels , Burton S. Kaliski, Jr. , Kevin D. Bowers , Alina M. Oprea
发明人： Ari Juels , Burton S. Kaliski, Jr. , Kevin D. Bowers , Alina M. Oprea
IPC分类号： G06F11/00
CPC分类号： G06F21/602 , G06F11/10 , G06F21/64 , H04L9/3221 , H04L63/123 , H04L63/126
摘要： A proof of retrievability (POR) mechanism is applicable to a file for providing assurances of file possession to a requesting client by transmitting only a portion of the entire file. The client compares or examines validation values returned from predetermined validation segments of the file with previously computed validation attributes for assessing the existence of the file. Since the archive server does not have access to the validation function prior to the request, or challenge, from the client, the archive server cannot anticipate the validation values expected from the validation function. Further, since the validation segments from which the validation attributes, and hence the validation values were derived, are also unknown to the server, the server cannot anticipate which portions of the file will be employed for validation.
摘要翻译：可检索性（POR）机制的证明适用于通过传送整个文件的一部分来向请求客户端提供文件拥有保证的文件。客户端比较或检查从文件的预定验证段返回的验证值与先前计算的验证属性，以评估文件的存在。由于存档服务器在请求之前无法访问验证函数，或者从客户端询问，归档服务器无法预期验证函数预期的验证值。此外，由于从其导出验证属性以及因此导出验证值的验证段对于服务器而言也是未知的，所以服务器不能预期该文件的哪些部分将用于验证。

8. 发明授权

US08683563B1 Soft token posture assessment 有权
标题翻译：软令牌姿势评估
公开(公告)号：US08683563B1
公开(公告)日：2014-03-25
申请号：US13435616
申请日：2012-03-30
申请人： Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
发明人： Marten van Dijk , Kevin D. Bowers , Samuel Curry , Sean P. Doyle , William M. Duane , Ari Juels , Michael J. O'Malley , Nikolaos Triandopoulos , Riaz Zolfonoon
IPC分类号： G06F7/04
CPC分类号： H04L9/00 , G06F21/43 , G06F21/554 , G06F21/56 , H04L63/1433 , H04W12/06 , H04W12/12
摘要： An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.
摘要翻译：用于评估其上运行软令牌的设备的安全状态的改进技术从运行软令牌的设备收集设备姿态信息，并且发起设备姿态信息传输到服务器以用于评估设备是否已经被遭受恶意活动。设备姿态信息可以涉及设备的软件状态，硬件状态和/或环境上下文。在一些示例中，设备姿态信息被直接发送到服务器。在其他示例中，设备姿态信息通过嵌入在显示给用户的密码中的辅助位发送到服务器，用户可以作为认证请求的一部分读取和传送到服务器。服务器可以在多个区域中应用设备姿态信息，包括例如认证管理，风险评估和/或安全分析。

9. 发明授权

US08618913B1 Radio frequency identification enabled mobile device 有权
标题翻译：射频识别启用移动设备
公开(公告)号：US08618913B1
公开(公告)日：2013-12-31
申请号：US12907625
申请日：2010-10-19
申请人： Daniel V. Bailey , John Brainard , Ari Juels , Kevin D. Bowers
发明人： Daniel V. Bailey , John Brainard , Ari Juels , Kevin D. Bowers
IPC分类号： H04Q5/22
CPC分类号： H04L67/12 , G06F3/017 , H04M1/7253 , H04M1/72569 , H04Q2213/13095 , H04W4/02 , H04W4/80 , H04W12/06 , H04W12/08
摘要： An RFID enabled mobile device is configured to provide a secure release of RFID information. The RFID enabled mobile device, such as an RFID enabled cellular telephone, includes a set of sensors, such as a camera, one or more accelerometers, a wireless transceiver configured to send and receive data with an Internet device, and a global positioning system (GPS) receiver. The RFID enabled mobile device utilizes sensor attributes or information from one or more sensor of the set of sensors and, based upon the sensor attributes, controls the release of RFID information and/or other authentication data to an RFID interrogation system. In essence, the RFID enabled mobile device leverages from the conventional sensors typically incorporated as part of the mobile device and uses contextual data from its sensors and communication partners to make security decisions regarding the release of RFID information.
摘要翻译： RFID启用的移动设备被配置为提供RFID信息的安全释放。支持RFID的移动设备，例如支持RFID的蜂窝电话，包括一组传感器，例如相机，一个或多个加速度计，被配置为使用因特网设备发送和接收数据的无线收发器以及全球定位系统（ GPS）接收机。 RFID启用的移动设备利用来自传感器组的一个或多个传感器的传感器属性或信息，并且基于传感器属性，控制RFID信息和/或其他认证数据到RFID询问系统的释放。实质上，支持RFID的移动设备利用通常作为移动设备的一部分并入的常规传感器，并使用来自其传感器和通信伙伴的上下文数据来做出关于RFID信息的释放的安全决定。

10. 发明授权

US08132073B1 Distributed storage system with enhanced security 有权
标题翻译：具有增强安全性的分布式存储系统
公开(公告)号：US08132073B1
公开(公告)日：2012-03-06
申请号：US12495189
申请日：2009-06-30
申请人： Kevin D. Bowers , Ari Juels , Alina Oprea
发明人： Kevin D. Bowers , Ari Juels , Alina Oprea
IPC分类号： H03M13/00
CPC分类号： H03M13/3761 , G06F21/6227 , H03M13/1515 , H04L9/085 , H04L9/0894 , H04L9/3242 , H04L9/3271
摘要： A client device or other processing device separates a file into blocks and distributes the blocks across multiple servers for storage. In one aspect, subsets of the blocks are allocated to respective primary servers, a code of a first type is applied to the subsets of the blocks to expand the subsets by generating one or more additional blocks for each subset, and the expanded subsets of the blocks are stored on the respective primary servers. A code of a second type is applied to groups of blocks each including one block from each of the expanded subsets to expand the groups by generating one or more additional blocks for each group, and the one or more additional blocks for each expanded group are stored on respective secondary servers. The first and second codes are advantageously configured to provide security against an adversary that is able to corrupt all of the servers over multiple periods of time but fewer than all of the servers within any particular one of the periods of time.
摘要翻译：客户端设备或其他处理设备将文件分成块并将块分布在多个服务器上进行存储。在一个方面，将块的子集分配给相应的主服务器，将第一类型的代码应用于块的子集，以通过为每个子集生成一个或多个附加块来扩展子集，并且扩展子集块存储在相应的主服务器上。第二类型的代码被应用于每个包括来自每个扩展子集的一个块的块组，以通过为每个组生成一个或多个附加块来扩展组，并且存储每个扩展组的一个或多个附加块在相应的辅助服务器上。有利地，第一和第二代码被配置为提供抵御对手的安全性，所述对手能够在多个时间段内破坏所有服务器，但是比所述时间段内的任何特定时间段内的所有服务器更少。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式