专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08925058B1 Authentication involving authentication operations which cross reference authentication factors 有权
标题翻译：涉及认证操作的认证交叉参考认证因素
公开(公告)号：US08925058B1
公开(公告)日：2014-12-30
申请号：US13434257
申请日：2012-03-29
申请人： Yedidya Dotan , William M. Duane , John Linn , Roy Hodgman , Derek Lin
发明人： Yedidya Dotan , William M. Duane , John Linn , Roy Hodgman , Derek Lin
IPC分类号： G06F7/04 , G06F15/16
CPC分类号： H04L63/0861 , G06F21/31 , G06F21/32
摘要： A technique of authenticating a person involves obtaining, during a current authentication session to authenticate the person, a first authentication factor from the person and a second authentication factor from the person, at least one of the first and second authentication factors being a biometric input. The technique further involves performing an authentication operation which cross references the first authentication factor with the second authentication factor. The technique further involves outputting, as a result of the authentication operation, an authentication result signal indicating whether the authentication operation has determined the person in the current authentication session likely to be legitimate or an imposter. Such authentication, which cross references authentication factors to leverage off of their interdependency, provides stronger authentication than conventional naïve authentication.
摘要翻译：认证人的技术涉及在当前身份认证会话期间从人员获得第一认证因子和从人员获得第二认证因素，所述第一和第二认证因素中的至少一个是生物特征输入。该技术还涉及执行认证操作，该认证操作以第二认证因素交叉引用第一认证因素。该技术还包括作为认证操作的结果，输出一个认证结果信号，该认证结果信号指示认证操作是否已经确定当前认证会话中的人可能是合法的或冒牌者。这种认证交叉引用认证因素以利用其相互依赖性，提供比传统初始认证更强大的认证。

2. 发明授权

US08902045B1 Controlling access to a computerized resource based on authentication using pulse data 有权
标题翻译：基于使用脉冲数据的认证来控制对计算机资源的访问
公开(公告)号：US08902045B1
公开(公告)日：2014-12-02
申请号：US13336573
申请日：2011-12-23
申请人： John Linn , William M. Duane , Yedidya Dotan , Roy Hodgman
发明人： John Linn , William M. Duane , Yedidya Dotan , Roy Hodgman
IPC分类号： G08B21/00
CPC分类号： G06F21/32 , A61B5/0077 , A61B5/024 , A61B5/0452 , A61B5/117 , A61B5/7264 , G06K9/00288 , G06K9/00617 , G06K9/00892 , G06K2009/00322 , G06K2009/00939 , H04L63/0861 , H04W12/06
摘要： A technique performs an authentication operation using pulse and facial data from a user. The technique involves obtaining current pulse data from a user, and performing a comparison between the current pulse data from the user and expected pulse data for the user. The technique further involves generating an authentication result based on the comparison between the current pulse data and the expected pulse data. The authentication result may control user access to a computerized resource. Since such a technique uses pulse data, a perpetrator cannot simply submit a static image of a subject's face to circumvent the authentication process. In some arrangements, the technique involves obtaining videos of human faces and deriving cardiac pulse rates from the videos. For such arrangements, a standard webcam can be used to capture the videos. Moreover, such techniques are capable of factoring in circadian rhythms and/or aging adjustments to detect and thwart video replay attacks.
摘要翻译：一种技术使用来自用户的脉冲和面部数据进行认证操作。该技术涉及从用户获取当前脉冲数据，并且执行来自用户的当前脉冲数据与用户的预期脉冲数据之间的比较。该技术还涉及基于当前脉冲数据与预期脉冲数据之间的比较产生认证结果。认证结果可以控制用户对计算机资源的访问。由于这种技术使用脉冲数据，所以犯罪者不能简单地提交被摄体脸部的静态图像以绕过认证过程。在某些安排中，该技术涉及从视频获得人脸视频和导出心脏脉搏率。对于这样的安排，可以使用标准网络摄像头来捕获视频。此外，这些技术能够考虑昼夜节奏和/或老化调整以检测和阻止视频重播攻击。

3. 发明授权

US09119539B1 Performing an authentication operation during user access to a computerized resource 有权
标题翻译：在用户访问计算机资源期间执行认证操作
公开(公告)号：US09119539B1
公开(公告)日：2015-09-01
申请号：US13432732
申请日：2012-03-28
申请人： Yedidya Dotan , Lawrence N. Friedman , William M. Duane
发明人： Yedidya Dotan , Lawrence N. Friedman , William M. Duane
IPC分类号： G08B21/00 , A61B5/024
CPC分类号： A61B5/02438 , G06F21/32 , H04L63/0861 , H04L67/04 , H04L67/14 , H04W12/06
摘要： A method, electronic apparatus and computer program product for performing authentication operation is disclosed. An authentication request is received from user of computerized resource. The request comprises user identifier identifying user. The authenticity of user is verified based on user identifier. An access session is established in which user can access resource in response to successfully verifying user. An electronic input signal is received from electronic input device during session. The device is configured to take a biometric measurement from the user. Biometric data is derived from signal. A comparison is performed between biometric data and expected biometric data. An authentication result is generated based on comparison between biometric data and expected biometric data, wherein result can be used for further authentication of user during session.
摘要翻译：公开了一种执行认证操作的方法，电子设备和计算机程序产品。从计算机化资源的用户接收到认证请求。该请求包括用户识别用户标识符。基于用户标识验证用户的真实性。建立访问会话，用户可以在其中访问资源以响应成功验证用户。在会话期间从电子输入设备接收电子输入信号。该设备被配置为从用户进行生物测量。生物特征数据来源于信号。在生物特征数据和预期生物特征数据之间进行比较。基于生物特征数据和预期生物特征数据之间的比较来生成认证结果，其中结果可以用于会话期间用户的进一步验证。

4. 发明授权

US09641538B1 Authenticating an entity 有权
公开(公告)号：US09641538B1
公开(公告)日：2017-05-02
申请号：US13536990
申请日：2012-06-28
申请人： Daniel V Bailey , Lawrence N Friedman , Yedidya Dotan , Samuel Curry
发明人： Daniel V Bailey , Lawrence N Friedman , Yedidya Dotan , Samuel Curry
IPC分类号： H04L29/06
CPC分类号： H04L63/102 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W12/06
摘要： There is disclosed a method, system and a computer program product for use in authenticating an entity. An authentication request is received from the entity. Information in connection with the entity is acquired from an external source. Based on the information, a risk score is set such that the riskiness of the authentication request can be readily deduced therefrom.

5. 发明授权

US09240986B1 Managing security and wireless signal detection 有权
标题翻译：管理安全和无线信号检测
公开(公告)号：US09240986B1
公开(公告)日：2016-01-19
申请号：US13628746
申请日：2012-09-27
申请人： Karl Ackerman , William W. Duane , Yedidya Dotan
发明人： Karl Ackerman , William W. Duane , Yedidya Dotan
IPC分类号： G06F17/30 , H04L29/06 , G06F21/34
CPC分类号： H04L63/08 , G06F21/34 , H04L63/0838 , H04L2463/082 , H04W4/02 , H04W12/06
摘要： A method is used in managing security and wireless signal detection. Information is gathered about analog signal reception at a receiver. Based on the information, a result is produced for use in determining location information at the receiver. The result is used to affect a security decision.
摘要翻译：一种方法用于管理安全和无线信号检测。收集关于在接收机处的模拟信号接收的信息。基于该信息，产生用于确定接收器处的位置信息的结果。结果用于影响安全决策。

6. 发明授权

US09021271B1 Injecting code decrypted by a hardware decryption module into Java applications 有权
标题翻译：将由硬件解密模块解密的代码注入Java应用程序
公开(公告)号：US09021271B1
公开(公告)日：2015-04-28
申请号：US13337817
申请日：2011-12-27
申请人： Gareth D. Richards , Lawrence N. Friedman , Alexander Volanis , Yedidya Dotan
发明人： Gareth D. Richards , Lawrence N. Friedman , Alexander Volanis , Yedidya Dotan
IPC分类号： G06F11/30 , G06F11/34
CPC分类号： G06F11/34 , G06F21/123
摘要： A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.
摘要翻译：通过与硬件安全模块（HSM）通信的计算机执行方法。该方法包括（a）在计算机上运行一个进程虚拟机（PVM），该PVM被配置为在PVM环境内执行便携式字节码指令，以及（b）在该PVM环境内执行（1）读取加密指令来自计算机的数据存储的代码，（2）将加密的指令代码发送到HSM，（3）响应于从HSM接收解密的指令代码，以及（4）在PVM中运行的应用程序中注入解密的指令代码由PVM执行的环境。实施例还涉及类似的计算机程序产品和装置。

7. 发明授权

US08701174B1 Controlling access to a protected resource using a virtual desktop and ongoing authentication 有权
标题翻译：使用虚拟桌面控制对受保护资源的访问和正在进行的身份验证
公开(公告)号：US08701174B1
公开(公告)日：2014-04-15
申请号：US13246023
申请日：2011-09-27
申请人： Yedidya Dotan
发明人： Yedidya Dotan
IPC分类号： H04L9/32
CPC分类号： H04L9/3228 , G06F21/34 , G06F2221/2139 , H04L63/0838
摘要： A technique controls access to a protected resource. The technique involves performing a series of authentication operations between an end user device and an authentication engine, and providing, while the series of authentication operations results in ongoing successful authentication, a virtual desktop session from a virtual desktop server to the end user device to enable a user at the end user device to access the protected resource using the virtual desktop session. The technique further involves closing the virtual desktop session when the series of authentication operations results in unsuccessful authentication (e.g., receipt of an incorrect authentication factor, loss of communications between the end user device and the authentication engine, etc.) to prevent further access to the protected resource using the virtual desktop session. Such operation provides additional security beyond that offered by a virtual desktop session without ongoing authentication, and thus protects against more advanced types of cyber threats.
摘要翻译：技术控制对受保护资源的访问。该技术涉及在最终用户设备和认证引擎之间执行一系列认证操作，并且在一系列认证操作导致持续的成功认证时，提供从虚拟桌面服务器到最终用户设备的虚拟桌面会话以启用最终用户设备上的用户使用虚拟桌面会话来访问受保护的资源。该技术还涉及当一系列认证操作导致认证失败（例如，接收不正确的认证因素，终端用户设备与认证引擎之间的通信丢失等）时关闭虚拟桌面会话，以防止进一步访问受保护的资源使用虚拟桌面会话。这样的操作提供了超出虚拟桌面会话提供的安全性，而无需进行身份验证，从而防止更高级的网络威胁。

8. 发明授权

US09781130B1 Managing policies 有权
公开(公告)号：US09781130B1
公开(公告)日：2017-10-03
申请号：US13536999
申请日：2012-06-28
申请人： Daniel V. Bailey , Lawrence N. Friedman , Riaz Zolfonoon , Yedidya Dotan
发明人： Daniel V. Bailey , Lawrence N. Friedman , Riaz Zolfonoon , Yedidya Dotan
IPC分类号： G06F15/173 , H04L29/06 , G06F21/44 , G06F21/55 , H04W12/06 , H04L9/32
CPC分类号： H04L63/107 , G06F21/316 , G06F21/44 , G06F21/552 , G06F2221/2111 , G06F2221/2151 , H04L9/3271 , H04L9/3297 , H04L2209/80 , H04W4/02 , H04W12/06
摘要： A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.

9. 发明授权

US09183595B1 Using link strength in knowledge-based authentication 有权
标题翻译：在基于知识的认证中使用链接强度
公开(公告)号：US09183595B1
公开(公告)日：2015-11-10
申请号：US13434983
申请日：2012-03-30
申请人： Ayelet Avni , Ayelet Eliezer , Yedidya Dotan
发明人： Ayelet Avni , Ayelet Eliezer , Yedidya Dotan
IPC分类号： G06Q50/00
CPC分类号： G06F21/40 , G06Q50/00
摘要： An improved technique generates questions to authenticate a user as part of a group. Along these lines, a KBA system, upon receiving a request to authenticate a particular user, collects facts having references to users of the group of users. The collected facts, however, may also include references to users not in the group of users. In building a set of questions for the particular user, the KBA system is capable of favoring facts having references to users of the group of users and few, if any, references to users not in the group of users; conversely, the KBA system is capable of discarding facts having too many references to users not in the group of users. The particular user's responses to the set of questions are indicative of whether the particular user belongs to the group.
摘要翻译：改进的技术会产生问题，以将用户作为组的一部分进行身份验证。沿着这些方向，KBA系统在接收到对特定用户的认证的请求时收集具有对该组用户的用户的引用的事实。然而，收集的事实也可能包括对不在用户组中的用户的引用。在为特定用户构建一组问题时，KBA系统能够有利于参考用户组的用户的事实，并且很少（如果有的话）引用不在用户组中的用户; 相反，KBA系统能够丢弃具有太多参考的事实，而不是用户组中的用户。特定用户对该组问题的响应指示特定用户是否属于该组。

10. 发明授权

US08694993B1 Virtualization platform for secured communications between a user device and an application server 有权
标题翻译：用于用户设备和应用服务器之间的安全通信的虚拟化平台
公开(公告)号：US08694993B1
公开(公告)日：2014-04-08
申请号：US13077230
申请日：2011-03-31
申请人： Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
发明人： Yedidya Dotan , Boris Kronrod , Orit Yaron , Lawrence N. Friedman , Assaf Shoval
IPC分类号： G06F9/455 , G06F15/16
CPC分类号： H04L63/08 , G06F2009/45587 , H04L63/0272 , H04L67/10 , H04L67/42
摘要： A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.
摘要翻译：为用户设备和应用服务器之间的安全通信提供了模块化虚拟化平台。客户端计算设备在通过网络与应用服务器进行虚拟会话期间执行安全通信。客户端计算设备加载虚拟机客户端; 并且基于一个或多个性能因素选择远程模块用作虚拟会话的虚拟化服务器。利用所选择的模块建立虚拟会话，并且可以经由所选模块的虚拟会话在客户端计算设备和应用服务器之间发生安全通信。可以使用基于点对点八卦的状态通知过程从多个模块收集性能因素。路线列表优选地存储多个模块的性能因素。路由列表可以包含指向多个虚拟化平台中的多个远程模块的指针，以增加可靠性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式