专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09935770B1 Security alerting system with dynamic buffer size adaptation 有权
公开(公告)号：US09935770B1
公开(公告)日：2018-04-03
申请号：US13922718
申请日：2013-06-20
申请人： EMC Corporation
发明人： Ari Juels , Nikolaos Triandopoulos , Kevin D. Bowers
IPC分类号： H04L9/32
CPC分类号： H04L9/32 , G06F21/554 , G06F2221/2101 , G06F2221/2107 , H04L9/0861 , H04L9/3242 , H04L2209/38
摘要： A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System indicating a potential compromise of a protected resource is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer, wherein a size of the buffer is based on a connection history of the Security Alerting System; and transmitting the buffer to the server. The alert message can optionally be encrypted. The buffer can be increased in proportion to a duration of a disruption of a connection. The size of the buffer can be increased by adding buffer slots at a location of a current write pointer index. Techniques are also disclosed for detecting truncation attacks and alert message gaps. The alert messages can have a variable size by writing alert message into consecutive buffer slots.

2. 发明授权

US09929860B1 Methods and apparatus for generalized password-based secret sharing 有权
公开(公告)号：US09929860B1
公开(公告)日：2018-03-27
申请号：US14984352
申请日：2015-12-30
申请人： EMC Corporation
发明人： Nikolaos Triandopoulos , Yupeng Zhang
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L9/085 , H04L9/0863 , H04L9/0894
摘要： Generalized password-based secret sharing schemes are provided. A secret sharing method comprises obtaining a secret; obtaining fixed values from one or more parties; setting an element of a column vector of a password-based linear secret sharing scheme based on the secret; randomly selecting values from a field for additional elements of the column vector; setting remaining elements of the column vector to values that ensure that a product of a matrix and the column vector, for each fixed-share party, is equal to the corresponding fixed value; and distributing non-fixed shares to additional parties using a labeling function. In another method, a defining matrix corresponds to the secret and a field of both the secret and a plurality of shares of the secret. A given share for each party in the set is set to the corresponding obtained fixed value. A row in the defining matrix is randomly selected such that an element in the row corresponding to each party in the set is equal to the corresponding obtained fixed value.

3. 发明授权

US09712320B1 Delegatable pseudorandom functions and applications 有权
公开(公告)号：US09712320B1
公开(公告)日：2017-07-18
申请号：US13931939
申请日：2013-06-30
申请人： EMC Corporation
发明人： Aggelos Kiayias , Stavros Papadopoulos , Nikolaos Triandopoulos , Thomas Megas Zacharias
IPC分类号： H04L9/00 , H04L9/08
CPC分类号： H04L9/008 , H04L9/0662 , H04L9/3218 , H04L2209/50 , H04L2209/76
摘要： Techniques are provided for delegating evaluation of pseudorandom functions to a proxy. A delegator delegates evaluation of a pseudorandom function to a proxy, by providing a trapdoor τ to the proxy based on a secret key k and a predicate P using an algorithm T, wherein the predicate P defines a plurality of values for which the proxy will evaluate the pseudorandom function, wherein the plurality of values comprise a subset of a larger domain of values, and wherein the trapdoor τ provides an indication to the proxy of the plurality of values. A proxy evaluates a pseudorandom function delegated by a delegator by receiving a trapdoor τ from the delegator that provides an indication of a plurality of values to be evaluated, wherein the plurality of values comprise a subset of a larger domain of values; and evaluating an algorithm C on the trapdoor τ to obtain the pseudorandom function value for each of the plurality of values. The trapdoor τ can be provided to the proxy using a Gordreich, Goldwasser, Micali (GGM) binary tree representation.

4. 发明授权

US09225717B1 Event-based data signing via time-based one-time authentication passcodes 有权
标题翻译：基于事件的数据签名通过基于时间的一次性认证密码
公开(公告)号：US09225717B1
公开(公告)日：2015-12-29
申请号：US13826924
申请日：2013-03-14
申请人： EMC Corporation
发明人： John Brainard , Nikolaos Triandopoulos , Marten van Dijk , Ari Juels
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , H04L29/06 , G06F12/00 , G06F12/14 , G06F13/00 , G11C7/00 , H04L9/06
CPC分类号： H04L63/0846 , H04L9/3228 , H04L9/3242 , H04L9/3247 , H04L9/3297 , H04L2209/38 , H04L2209/56
摘要： Methods and apparatus are provided for signing data transactions using one-time authentication passcodes. User authentication passcodes are generated by generating a time-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated time-based user authentication passcode is used for authentication of the user; and generating an event-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated event-based user authentication passcode is used to sign one or more data transactions. The generation of an event-based user authentication passcode can be performed on-demand. The generation of the event-based user authentication passcode can optionally be performed substantially simultaneously with the generation of the time-based user authentication passcode.
摘要翻译：提供了使用一次性认证密码对数据事务进行签名的方法和装置。通过基于前向安全伪随机数生成基于时间的用户认证密码来生成用户认证密码，其中所生成的基于时间的用户认证密码用于用户认证; 以及基于前向安全伪随机数生成基于事件的用户认证密码，其中所生成的基于事件的用户认证密码用于签署一个或多个数据事务。基于事件的用户认证密码的生成可以按需执行。基于事件的用户认证密码的生成可以选择性地与生成基于时间的用户认证密码同时执行。

5. 发明授权

US09817957B1 Access management based on active environment comprising dynamically reconfigurable sets of smart objects 有权
公开(公告)号：US09817957B1
公开(公告)日：2017-11-14
申请号：US14731015
申请日：2015-06-04
申请人： EMC Corporation
发明人： Andres D. Molina-Markham , Kevin D. Bowers , Nikolaos Triandopoulos
IPC分类号： G06F21/00 , G06F21/31 , G06N99/00 , G06F21/57
CPC分类号： G06F21/31 , G06F21/316 , G06F21/57 , G06F21/602 , G06F2221/034 , G06N99/005
摘要： A processing device comprises a processor coupled to a memory and is configured to predict or otherwise determine that a user will utilize a target application on a user device in involvement with a particular set of smart objects, to request cryptographic material for activating the smart objects of the set, to receive the cryptographic material responsive to the request, and to utilize the cryptographic material to activate the smart objects. Each of the activated smart objects provides a verifier with a proof of involvement with the user device. The verifier controls user access to the target application based at least in part on the proofs provided by the activated smart objects. The determining, requesting, receiving and utilizing operations in some embodiments are performed by a learning agent running on the processing device. The learning agent illustratively includes functionality for learning target application access behavior of the user over time.

6. 发明授权

US09465874B1 Authenticated hierarchical set operations and applications 有权
标题翻译：经认证的层次集合操作和应用程序
公开(公告)号：US09465874B1
公开(公告)日：2016-10-11
申请号：US14696606
申请日：2015-04-27
申请人： EMC Corporation
发明人： Dimitrios Papadopoulos , Nikolaos Triandopoulos , Ran Canetti
IPC分类号： G06F7/04 , G06F17/30 , H04L29/06 , G06F21/62
CPC分类号： G06F17/30864 , G06F21/6227 , H04L63/123
摘要： Methods and apparatus are provided for authenticated hierarchical set operations. A third party server processes a query (possibly from a client) on data sets outsourced by a source of the data. The query comprises a hierarchical set operation between at least two of the data sets. Authenticated Set Operation techniques for flat set operations can be iteratively applied for hierarchical set operations. In addition, bilinear accumulators are extended to provide an extractable accumulation scheme comprising a primary bilinear accumulator and a secondary bilinear accumulator. The client receives (i) an encoding of an answer to the query, (ii) a verification comprising, for example, one or more of subset witnesses, completeness witnesses, and/or accumulation values, and (iii) at least one argument for at least one intersection operation, union operation and/or set difference operation.
摘要翻译：为认证的分层设置操作提供了方法和装置。第三方服务器处理来自数据源外包的数据集的查询（可能来自客户端）。该查询包括至少两个数据集之间的分层设置操作。经认证的集合操作的操作技术可以迭代应用于层次集合操作。此外，双线性累加器被扩展以提供包括初级双线性累加器和次级双线性累加器的可提取积累方案。客户端接收（i）对查询的答案的编码，（ii）包括例如子集证人，完整性证人和/或累积值中的一个或多个的验证，以及（iii）至少一个参数至少一个交集操作，联合操作和/或设置差分操作。

7. 发明授权

US09455973B1 Secure storage and retrieval of data in a database with multiple data classes and multiple data identifiers 有权
标题翻译：安全地存储和检索具有多个数据类型和多个数据标识符的数据库中的数据
公开(公告)号：US09455973B1
公开(公告)日：2016-09-27
申请号：US14139978
申请日：2013-12-24
申请人： EMC Corporation
发明人： Peter Robinson , Nikolaos Triandopoulos , David Alistair Healy
IPC分类号： G06F7/04 , H04L29/06
CPC分类号： H04L63/08 , H04L9/0861 , H04L9/32 , H04L63/0823
摘要： Secure storage and retrieval of data is provided with multiple data classes and data identifiers. Data values of a client are stored by receiving one or more authentication sets, at least one data value, an associated data class of the data value and a pseudo-random client value; calculating a data seed value based on the pseudo-random client value, a pseudo-random server value and the associated data class of the data value; generating a random data index value; generating a database index value based on the data seed value and the random data index value; storing the database index value; and providing the random data index value to the client. The client can be authenticated at the time of storage based on the one or more authentication sets. The authentication of the client and the storage of the data can be atomic such that only authenticated clients store the one or more data values. Techniques are also provided for the retrieval of stored data.
摘要翻译：数据的安全存储和检索具有多个数据类和数据标识符。通过接收一个或多个认证集，至少一个数据值，数据值的相关数据类和伪随机客户端值来存储客户端的数据值; 基于伪随机客户值计算数据种子值，伪随机服务器值和数据值的相关联的数据类; 生成随机数据索引值; 基于数据种子值和随机数据索引值生成数据库索引值; 存储数据库索引值; 并向客户端提供随机数据索引值。可以基于一个或多个认证集在存储时验证客户端。客户端的认证和数据的存储可以是原子的，使得仅经过验证的客户端存储一个或多个数据值。还提供了用于检索存储的数据的技术。

8. 发明授权

US09288049B1 Cryptographically linking data and authentication identifiers without explicit storage of linkage 有权
标题翻译：密码学链接数据和认证标识符，而不显式地存储链接
公开(公告)号：US09288049B1
公开(公告)日：2016-03-15
申请号：US13931188
申请日：2013-06-28
申请人： EMC Corporation
发明人： Peter Robinson , David Alistair Healy , Nikolaos Triandopoulos
IPC分类号： H04L9/32 , H04L9/08
CPC分类号： H04L63/08 , H04L9/0861 , H04L9/32 , H04L63/0823
摘要： Methods and apparatus are provided for cryptographically linking data identifiers and authentication identifiers without storing the association between the authentication and data secrets in the database of the server. A data secret of a client is provided to a server for storage with an authentication identifier (AuthId) and a pseudo-random client value. The server provides the client with a sequence number of the stored data secret that is associated with a data identifier (DataId) identifying the data secret obtained using a Key Derivation Function and a storage seed. The client registers with the server to obtain the authentication identifier (AuthId). Techniques are also provided for retrieving and updating the data secret.
摘要翻译：提供了用于密码地链接数据标识符和认证标识符的方法和装置，而不存储服务器的数据库中的认证和数据秘密之间的关联。客户端的数据秘密被提供给服务器以用认证标识符（AuthId）和伪随机客户端值进行存储。服务器向客户端提供与识别使用密钥导出功能和存储种子获得的数据秘密的数据标识符（DataId）相关联的存储数据秘密的序列号。客户端向服务器注册以获取认证标识符（AuthId）。还提供了用于检索和更新数据秘密的技术。

9. 发明授权

US09152716B1 Techniques for verifying search results over a distributed collection 有权
标题翻译：用于验证分布式集合中的搜索结果的技术
公开(公告)号：US09152716B1
公开(公告)日：2015-10-06
申请号：US13731885
申请日：2012-12-31
申请人： EMC Corporation
发明人： Nikolaos Triandopoulos , Michael T. Goodrich , Duy Nguyen , Olga Ohrimenko , Charalampos Papamanthou , Roberto Tamassia , Cristina Videira Lopes
IPC分类号： G06F17/30
CPC分类号： G06F17/30867
摘要： An improved search engine technique allows a user to ensure that an untrusted search engine provides complete and correct search results without requiring large proofs for large data collections. Thus techniques are presented for a trusted crawler to index a distributed collection of documents and create an authenticated search structure that allows an untrusted search server to return reliably complete and correct search results.
摘要翻译：改进的搜索引擎技术允许用户确保不受信任的搜索引擎提供完整且正确的搜索结果，而不需要大数据集的大量证明。因此，为可信赖的爬网程序呈现技术以对分布式文档集合进行索引，并创建一个经过身份验证的搜索结构，允许不受信任的搜索服务器返回可靠的完整且正确的搜索结果。

10. 发明授权

US09083515B1 Forward secure pseudorandom number generation resilient to forward clock attacks 有权
标题翻译：前向安全的伪随机数生成弹性到前向时钟攻击
公开(公告)号：US09083515B1
公开(公告)日：2015-07-14
申请号：US13728271
申请日：2012-12-27
申请人： EMC Corporation
发明人： Marten van Dijk , Nikolaos Triandopoulos , Ari Juels , Ronald Rivest
IPC分类号： H04L9/22 , H04L9/08 , H04L29/06 , H04L9/00
CPC分类号： H04L9/0869 , H04L9/005 , H04L9/0891 , H04L63/068 , H04L63/1441 , H04L2209/38
摘要： Methods and apparatus are provided for generation of forward secure pseudorandom numbers that are resilient to such forward clock attacks. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node νi in a hierarchical tree, wherein the current leaf νi produces a first pseudorandom number ri−1; updating the first state si to a second state si+t corresponding to a second leaf node νi+t; and computing a second pseudorandom number ri+t−1 corresponding to the second leaf node νi+t, wherein the second pseudorandom number ri+t−1 is based on a forward clock reset index that identifies an instance of the hierarchical tree, wherein the instance of the hierarchical tree is incremented when one or more criteria indicating a forward clock attack are detected. The forward clock reset index can be encoded in a forward secure manner in the hierarchical tree.
摘要翻译：提供了用于产生对这种前向时钟攻击具有弹性的前向安全伪随机数的方法和装置。通过获得与分层树中的当前叶节点＆ngr; i对应的第一状态si来生成正向安全伪随机数，其中当前叶子n产生第一伪随机数ri-1; 将第一状态si更新为对应于第二叶节点ngr i + t的第二状态si + t; 并且计算与第二叶节点＆ngr; i + t对应的第二伪随机数ri + t-1，其中第二伪随机数ri + t-1基于标识分层树的实例的前向时钟重置索引，其中当检测到指示前向时钟攻击的一个或多个准则时，分层树的实例被增加。正向时钟复位索引可以以分层树中的前向安全方式进行编码。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式