专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09817957B1 Access management based on active environment comprising dynamically reconfigurable sets of smart objects 有权
公开(公告)号：US09817957B1
公开(公告)日：2017-11-14
申请号：US14731015
申请日：2015-06-04
申请人： EMC Corporation
发明人： Andres D. Molina-Markham , Kevin D. Bowers , Nikolaos Triandopoulos
IPC分类号： G06F21/00 , G06F21/31 , G06N99/00 , G06F21/57
CPC分类号： G06F21/31 , G06F21/316 , G06F21/57 , G06F21/602 , G06F2221/034 , G06N99/005
摘要： A processing device comprises a processor coupled to a memory and is configured to predict or otherwise determine that a user will utilize a target application on a user device in involvement with a particular set of smart objects, to request cryptographic material for activating the smart objects of the set, to receive the cryptographic material responsive to the request, and to utilize the cryptographic material to activate the smart objects. Each of the activated smart objects provides a verifier with a proof of involvement with the user device. The verifier controls user access to the target application based at least in part on the proofs provided by the activated smart objects. The determining, requesting, receiving and utilizing operations in some embodiments are performed by a learning agent running on the processing device. The learning agent illustratively includes functionality for learning target application access behavior of the user over time.

2. 发明授权

US09256725B2 Credential recovery with the assistance of trusted entities 有权
公开(公告)号：US09256725B2
公开(公告)日：2016-02-09
申请号：US14190195
申请日：2014-02-26
申请人： EMC Corporation
发明人： Alina Oprea , Kevin D. Bowers , Nikolaos Triandopoulos , Ting-Fang Yen , Ari Juels
IPC分类号： H04L29/06 , G06F21/44
CPC分类号： G06F21/445 , G06F21/32 , G06F21/34 , G06F2221/2113 , G06F2221/2131
摘要： There is disclosed a method for use in credential recovery. In one exemplary embodiment, the method comprises determining a policy that requires at least one trusted entity to verify the identity of a first entity in order to facilitate credential recovery. The method also comprises receiving at least one communication that confirms verification of the identity of the first entity by at least one trusted entity. The method further comprises permitting credential recovery based on the received verification.

3. 发明授权

US09935770B1 Security alerting system with dynamic buffer size adaptation 有权
公开(公告)号：US09935770B1
公开(公告)日：2018-04-03
申请号：US13922718
申请日：2013-06-20
申请人： EMC Corporation
发明人： Ari Juels , Nikolaos Triandopoulos , Kevin D. Bowers
IPC分类号： H04L9/32
CPC分类号： H04L9/32 , G06F21/554 , G06F2221/2101 , G06F2221/2107 , H04L9/0861 , H04L9/3242 , H04L2209/38
摘要： A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System indicating a potential compromise of a protected resource is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer, wherein a size of the buffer is based on a connection history of the Security Alerting System; and transmitting the buffer to the server. The alert message can optionally be encrypted. The buffer can be increased in proportion to a duration of a disruption of a connection. The size of the buffer can be increased by adding buffer slots at a location of a current write pointer index. Techniques are also disclosed for detecting truncation attacks and alert message gaps. The alert messages can have a variable size by writing alert message into consecutive buffer slots.

4. 发明授权

US09621576B1 Detecting malicious websites 有权
公开(公告)号：US09621576B1
公开(公告)日：2017-04-11
申请号：US14587871
申请日：2014-12-31
申请人： EMC Corporation
发明人： Alina Oprea , Sumayah Alrwais , Kevin D. Bowers , Todd S. Leetham , Zhou Li , Ronald L. Rivest
IPC分类号： G08B23/00 , H04L29/06 , H04L29/08
CPC分类号： H04L63/1441 , H04L63/1425 , H04L63/168 , H04L67/02 , H04L67/30 , H04L67/306
摘要： There are disclosed techniques for use in detecting malicious websites. In at least one embodiment, there is disclosed a technique for generating a profile in connection with a website. The profile comprising at least one attribute associated with the website. The technique also comprises collecting information relating to the website during a visit to the website. The technique further comprises detecting a change in connection with the website. The detection of the change comprises identifying a variation between the generated profile and the collected information.

5. 发明授权

US09037858B1 Distributed cryptography using distinct value sets each comprising at least one obscured secret value 有权
标题翻译：分布式密码学使用各自包含至少一个模糊秘密值的不同值集合
公开(公告)号：US09037858B1
公开(公告)日：2015-05-19
申请号：US13795801
申请日：2013-03-12
申请人： EMC Corporation
发明人： Ari Juels , Sandra Carielli , Kevin D. Bowers , Guoying Luo
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L9/085 , H04L9/3226
摘要： An authentication system comprises multiple servers and a controller coupled to or otherwise associated with the servers. The controller is configured to control storage in the servers of respective chaff sets or other types of value sets, each including at least one secret value obscured within a distinct arrangement of other values. Each of the servers comprises a local verifier configured to generate an indication as to whether or not a received input value corresponds to one of the values in its value set. The controller comprises a global verifier configured to authenticate the received input value based on the indications generated by at least a subset of the servers. By way of example, the secret value may comprise a common value which is the same for all of the value sets, with the value sets otherwise including distinct values such that their intersection yields only the common value.
摘要翻译：认证系统包括多个服务器和耦合到或与服务器相关联的控制器。控制器被配置为控制各个衣服组或其他类型的值集合的服务器中的存储，每个包含至少一个秘密值在其他值的不同排列中被遮蔽。每个服务器包括本地验证器，其被配置为生成关于接收到的输入值是否对应于其值集合中的一个值的指示。控制器包括全球验证器，其被配置为基于由至少一个服务器的子集产生的指示来认证所接收的输入值。作为示例，秘密值可以包括对于所有值集合相同的公共值，其中值集合否则包括不同的值，使得它们的交集仅产生公共值。

6. 发明授权

US08874904B1 View computation and transmission for a set of keys refreshed over multiple epochs in a cryptographic device 有权
标题翻译：查看在密码设备中的多个历元上刷新的一组密钥的计算和传输
公开(公告)号：US08874904B1
公开(公告)日：2014-10-28
申请号：US13713658
申请日：2012-12-13
申请人： EMC Corporation
发明人： Ari Juels , Kevin D. Bowers
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L9/088 , H04L9/0891 , H04L9/3228 , H04L9/3234
摘要： A first cryptographic device is configured to store a set of keys that is refreshed in each of a plurality of epochs. The first cryptographic device computes for each of at least a subset of the epochs at least one view based on at least a portion of the set of keys for that epoch, and transmits the views to a second cryptographic device in association with their respective epochs. At least one view computed for a current one of the epochs is configured for utilization in combination with one or more previous views computed for one or more previous ones of the epochs to permit the second cryptographic device to confirm authenticity of the set of keys for the current epoch. The first cryptographic device may include an authentication token and the second cryptographic device may include an authentication server.
摘要翻译：第一加密设备被配置为存储在多个历元中的每一个中刷新的一组密钥。所述第一加密设备基于至少一部分所述时期的密钥集合来计算至少一个历元的至少一个子集的至少一个视图，并且将视图与它们各自的历元相关联地发送到第二密码装置。对于当前时期之一计算的至少一个视图被配置为与针对一个或多个先前的历元计算的一个或多个先前视图结合使用，以允许第二密码装置确认该组密钥的真实性当前时代第一加密设备可以包括认证令牌，并且第二密码设备可以包括认证服务器。

7. 发明授权

US10063562B1 Flexible access management framework based on measuring application usage behavior 有权
公开(公告)号：US10063562B1
公开(公告)日：2018-08-28
申请号：US15086522
申请日：2016-03-31
申请人： EMC Corporation
发明人： Andres D. Molina-Markham , Alina Oprea , Kevin D. Bowers
IPC分类号： H04L29/00 , H04L29/06
CPC分类号： H04L63/105 , H04L63/083 , H04W12/00508 , H04W12/06
摘要： Techniques of controlling access to a resource involve selecting an authentication scheme for authenticating a user based on an environmental context in which the user is requesting access to the resource. Along these lines, the access control server receives application usage data from a user and separates the data into current environmental factors and current usage factors. In response, the access control server compares the current environmental factors to expected environmental factors for each of multiple predefined environmental contexts. Based on measures of closeness between the current and expected environmental factors, the access control server computes a familiarity score indicative of whether the request to access the resource is recognizable within the particular environmental context. The access control server then selects, based on the familiarity score, an authentication scheme from a choice of multiple such schemes by which to authenticate the user before granting the user access to the resource.

8. 发明授权

US09461821B1 System and method for key material protection on devices using a secret sharing scheme 有权
标题翻译：使用秘密共享方案的设备上的密钥保护的系统和方法
公开(公告)号：US09461821B1
公开(公告)日：2016-10-04
申请号：US14319276
申请日：2014-06-30
申请人： EMC Corporation
发明人： Salah Machani , Nikolaos Triandopoulos , Kevin D. Bowers , Todd A. Morneau
IPC分类号： H04L9/08 , H04L9/32
CPC分类号： H04L9/085 , H04L9/0894
摘要： Encryption key(s) and/or other protected material are protected on devices. A secret splitting scheme is applied to a secret, S, that protects at least one data item to obtain a plurality of secret shares. At least one secret share is encrypted to provide at least one encrypted secret share using an encryption scheme that uses at least one other secret share as the encryption key. A subset of the plurality of secret shares and encrypted secret share(s) is required to reconstruct the secret, S. One or more secret shares and/or encrypted secret shares are provided to at least one device, for example, based on a corresponding key-release policy, to allow access to the data item(s) secured by the secret, S. The secret, S, comprises, for example, a secret key used to protect at least one content item and/or a key used to protect one or more of a content container and a vault storing one or more protected data items.
摘要翻译：加密密钥和/或其他受保护的材料在设备上受到保护。秘密分割方案被应用于秘密S，其保护至少一个数据项以获得多个秘密份额。至少一个秘密共享被加密以使用使用至少一个其他秘密共享作为加密密钥的加密方案提供至少一个加密的秘密共享。多个秘密份额和加密的秘密份额的子集需要重建秘密S.将一个或多个秘密份额和/或加密的秘密份额提供给至少一个设备，例如，基于相应的密钥释放策略，以允许对由秘密S保护的数据项的访问。秘密S包括例如用于保护至少一个内容项的秘密密钥和/或用于保护存储一个或多个受保护数据项的内容容器和保管库中的一个或多个。

9. 发明授权

US09361447B1 Authentication based on user-selected image overlay effects 有权
标题翻译：基于用户选择的图像叠加效果进行认证
公开(公告)号：US09361447B1
公开(公告)日：2016-06-07
申请号：US14477152
申请日：2014-09-04
申请人： EMC Corporation
发明人： Kevin D. Bowers , Vihang P. Dudhalkar , Ari Juels , Ronald L. Rivest , Samir Saklikar , Nikolaos Triandopoulos
IPC分类号： G06F21/00 , G06F21/31 , H04L12/00 , G06F21/36 , G06F3/0484 , H04L9/32 , H04L29/06
CPC分类号： G06F21/36 , G06F3/04842 , G06F21/31 , G09C5/00 , H04L9/3226 , H04L63/08 , H04L63/083
摘要： A processing device comprises a processor coupled to a memory and is configured to implement an overlay effects selection interface for use in conjunction with generation of a graphical password. An image is obtained and presented in the overlay effects selection interface with a plurality of user-selectable overlay effects. User input is received identifying at least one overlay effect selected from the plurality of user-selectable overlay effects, and a modified version of the image is presented incorporating the selected at least one overlay effect. Information characterizing the image and the selected at least one overlay effect is utilized to control access to a protected resource. For example, the information characterizing the image and the selected at least one overlay effect may be obtained as part of a graphical password enrollment process and stored as at least a portion of the graphical password for controlling access to the protected resource.
摘要翻译：处理设备包括耦合到存储器的处理器，并且被配置为实现与生成图形密码一起使用的覆盖效果选择界面。获得图像并且在具有多个用户可选择的重叠效果的叠加效果选择界面中呈现图像。接收用户输入，识别从多个用户可选择的重叠效果中选择的至少一个叠加效果，并且呈现包含所选择的至少一个叠加效果的图像的修改版本。利用表征图像和所选择的至少一个叠加效果的信息来控制对受保护资源的访问。例如，可以获得表征图像和所选择的至少一个覆盖效果的信息，作为图形密码注册过程的一部分，并且被存储为用于控制对受保护资源的访问的图形口令的至少一部分。

10. 发明授权

US09323909B1 Sharing a cryptographic device by partitioning challenge-response space 有权
标题翻译：通过分配挑战响应空间来共享加密设备
公开(公告)号：US09323909B1
公开(公告)日：2016-04-26
申请号：US13708343
申请日：2012-12-07
申请人： EMC Corporation
发明人： Guoying Luo , Ari Juels , Kevin D. Bowers
IPC分类号： G06F21/00 , G06F21/31
CPC分类号： G06F21/31 , G06F21/335 , G06F21/34 , H04L63/0838 , H04L63/0853
摘要： Techniques, apparatus and articles of manufacture are provided herein. A method includes providing a first sub-set of authentication information from a set of authentication information associated with a first cryptographic device issued to a user to a second cryptographic device in connection with a first user authentication request responsive to a request from the user to access a first protected resource, wherein the first sub-set comprises a first set of N pre-computed passcodes and corresponding challenges, and providing a second sub-set of authentication information from the set of authentication information associated with the first cryptographic device to a third cryptographic device in connection with a second user authentication request responsive to a request from the user to access a second protected resource, wherein the second sub-set comprises a second set of N pre-computed passcodes and corresponding challenges.
摘要翻译：本文提供了技术，装置和制品。一种方法包括：响应于来自用户访问的请求，从与发送给用户的第一密码装置相关联的一组认证信息与第二密码装置相关联地提供认证信息的第一子集第一保护资源，其中所述第一子集包括第一组N个预先计算的密码和相应的挑战，并且从与所述第一密码装置相关联的一组认证信息提供第二认证信息子集，响应于来自用户访问第二受保护资源的请求而与第二用户认证请求相关联的加密设备，其中第二子集包括第二组N个预先计算的密码和相应的挑战。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式