专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US5373559A System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens 失效
标题翻译：在采用认证令牌的分布式认证方案中增加密码猜测攻击难度的系统
公开(公告)号：US5373559A
公开(公告)日：1994-12-13
申请号：US34225
申请日：1993-03-18
申请人： Charles W. Kaufman , Radia J. Pearlman , Morrie Gasser
发明人： Charles W. Kaufman , Radia J. Pearlman , Morrie Gasser
IPC分类号： G06F1/00 , G06F21/33 , G06F21/34 , H04L9/08 , H04L9/32 , H04K1/00
CPC分类号： G06F21/34 , G06F21/335 , G06F2221/2103 , G06F2221/2151 , H04L9/0877 , H04L9/3226 , H04L9/3234 , H04L9/3236 , H04L9/3271
摘要： An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.
摘要翻译：改进的安全系统禁止窃听，字典攻击和入侵存储的密码列表。在一个实现中，用户向工作站提供“密码”和从被动认证令牌生成器获得的“令牌”。工作站通过对密码和令牌执行第一散列算法来计算“传输代码”。工作站将传输代码发送到服务器。然后，服务器尝试通过将来自存储的列表的密码与在接收到传输代码之前由第二相同的被动认证令牌发生器产生的令牌组合来再现传输代码。如果任何密码/令牌组合产生传输代码，则工作站被提供有用于与期望的计算系统进行通信的消息; 使用通过对密码和令牌应用不同散列算法计算的会话代码来加密该消息。在另一实施例中，工作站向认证服务器发送用户名。服务器验证用户名的有效性，并使用活动的认证令牌生成器来获得对任意选择的挑战的“响应”。服务器通过响应和密码执行散列算法生成会话代码。服务器将该挑战和使用会话代码加密的消息发送到工作站。工作站通过对密码和接收到的质询执行散列算法来生成会话代码，并使用会话代码解密加密的消息。该消息在与期望的计算系统通信中是有用的。

2. 发明授权

US5491752A System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens 失效
标题翻译：在采用认证令牌的分布式认证方案中增加密码猜测攻击难度的系统
公开(公告)号：US5491752A
公开(公告)日：1996-02-13
申请号：US300576
申请日：1994-09-02
申请人： Charles W. Kaufman , Radia J. Pearlman , Morrie Gasser
发明人： Charles W. Kaufman , Radia J. Pearlman , Morrie Gasser
IPC分类号： G06F1/00 , G06F21/33 , G06F21/34 , H04L9/08 , H04L9/32 , H04K1/00
CPC分类号： G06F21/34 , G06F21/335 , H04L9/0877 , H04L9/3226 , H04L9/3234 , H04L9/3236 , H04L9/3271 , G06F2221/2103 , G06F2221/2151
摘要： An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.
摘要翻译：改进的安全系统禁止窃听，字典攻击和入侵存储的密码列表。在一个实现中，用户向工作站提供“密码”和从被动认证令牌生成器获得的“令牌”。工作站通过对密码和令牌执行第一散列算法来计算“传输代码”。工作站将传输代码发送到服务器。然后，服务器尝试通过将来自存储的列表的密码与在接收到传输代码之前由第二相同的被动认证令牌发生器产生的令牌组合来再现传输代码。如果任何密码/令牌组合产生传输代码，则工作站被提供有用于与期望的计算系统进行通信的消息; 使用通过对密码和令牌应用不同散列算法计算的会话代码来加密该消息。在另一实施例中，工作站向认证服务器发送用户名。服务器验证用户名的有效性，并使用活动的认证令牌生成器来获得对任意选择的挑战的“响应”。服务器通过响应和密码执行散列算法生成会话代码。服务器将该挑战和使用会话代码加密的消息发送到工作站。工作站通过对密码和接收到的质询执行散列算法来生成会话代码，并使用会话代码解密加密的消息。该消息在与期望的计算系统通信中是有用的。

3. 发明授权

US5418854A Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system 失效
标题翻译：用于在分布式数据处理系统中保护密码的机密性的方法和装置
公开(公告)号：US5418854A
公开(公告)日：1995-05-23
申请号：US875050
申请日：1992-04-28
申请人： Charles W. Kaufman , Morrie Gasser , Butler W. Lampson , Joseph J. Tardo , Kannan Alagappan
发明人： Charles W. Kaufman , Morrie Gasser , Butler W. Lampson , Joseph J. Tardo , Kannan Alagappan
IPC分类号： G06F1/00 , G06F21/00 , H04K1/00
CPC分类号： G06F21/79 , G06F21/335 , G06F21/85 , H04L9/0822 , H04L9/0825 , H04L9/0863 , H04L9/3226 , H04L9/3236 , G06F2221/2143
摘要： Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.
摘要翻译：在用户节点和分布式公钥密码系统的目录服务节点之间的远程登录认证交换期间保护用户密码的机密性的装置包括用作登录过程的中介代理的专用服务器应用。登录代理有责任批准用户登录尝试并向用户分配私钥。但是，登录代理不被用户的密码信任，因此是“半信任”节点。在本发明的另一方面，登录协议允许远程认证用户密码，而不通过网络传输密码。

4. 发明授权

US5224163A Method for delegating authorization from one entity to another through the use of session encryption keys 失效
标题翻译：通过使用会话加密密钥将授权从一个实体委派给另一个实体的方法
公开(公告)号：US5224163A
公开(公告)日：1993-06-29
申请号：US589925
申请日：1990-09-28
申请人： Morrie Gasser , Andrew C. Goldstein , Charles W. Kaufman , Butler W. Lampson
发明人： Morrie Gasser , Andrew C. Goldstein , Charles W. Kaufman , Butler W. Lampson
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： H04L9/3271 , G06F21/335 , G06F21/6218 , H04L9/3247 , H04L9/3263 , G06F2221/2141 , G06F2221/2153 , H04L2209/38
摘要： A method for delegating authorization from one entity in a distributed computing system to another for a computing session is disclosed wherein a session public/private encryption key pair is utilized for each computing session. The private encryption key is erased to terminate the computing session.
摘要翻译：公开了一种用于将分配计算系统中的一个实体授权给用于计算会话的另一个实体的方法，其中会话公共/专用加密密钥对用于每个计算会话。专用加密密钥被擦除以终止计算会话。

5. 发明授权

US5497421A Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system 失效
公开(公告)号：US5497421A
公开(公告)日：1996-03-05
申请号：US314181
申请日：1994-09-28
申请人： Charles W. Kaufman , Morrie Gasser , Butler W. Lampson , Joseph J. Tardo , Kannan Alagappan
发明人： Charles W. Kaufman , Morrie Gasser , Butler W. Lampson , Joseph J. Tardo , Kannan Alagappan
IPC分类号： G06F1/00 , G06F21/00 , H04K1/00
CPC分类号： G06F21/79 , G06F21/335 , G06F21/85 , H04L9/0822 , H04L9/0825 , H04L9/0863 , H04L9/3226 , H04L9/3236 , G06F2221/2143
摘要： Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.

6. 发明授权

US5235644A Probabilistic cryptographic processing method 失效
标题翻译：概率密码处理方法
公开(公告)号：US5235644A
公开(公告)日：1993-08-10
申请号：US546614
申请日：1990-06-29
申请人： Amar Gupta , Butler W. Lampson , William R. Hawe , Joseph J. Tardo , Charles W. Kaufman , Mark F. Kempf , Morrie Gasser , B. J. Herbison
发明人： Amar Gupta , Butler W. Lampson , William R. Hawe , Joseph J. Tardo , Charles W. Kaufman , Mark F. Kempf , Morrie Gasser , B. J. Herbison
IPC分类号： H04L29/02
CPC分类号： H04L29/02
摘要： A decryption method, and associated cryptographic processor, for performing in-line decryption of information frames received from a communication network through a first in-line processing stage. As an information packet is streamed into the cryptographic processor, a determination is made to an acceptable level of probability whether the packet contains data that should be decrypted. The decision whether or not decrypt is made by analyzing the incoming packet header, recognizing a limited number of packet formats, and further parsing the packet to locate any encrypted data and to make sure that the packet is not a segment of a larger message. Falsely decrypted packets are looped back through the cryptographic processor, to regenerate the data that was falsely decrypted. Decryption and encryption are performed in such a manner that a false decryption is completely reversible without loss of data. Special treatment is provided for packets containing data that cannot be divided into an integral number of standard blocks required for decryption processing.
摘要翻译：一种解密方法和相关联的密码处理器，用于通过第一串联处理级来执行从通信网络接收的信息帧的在线解密。当信息分组被流传输到密码处理器中时，确定分组是否包含应被解密的数据的可接受概率水平。通过分析进入的分组报头，识别有限数量的分组格式以及进一步解析分组以定位任何加密的数据并确保分组不是更大的消息的分段来进行解密的决定。虚假解密的数据包通过密码处理器环回，以重新生成被错误解密的数据。执行解密和加密，使得假解密完全可逆而不丢失数据。对于包含不能被分解为解密处理所需的整数个标准块的数据的数据包，提供特殊处理。

7. 发明授权

US5220604A Method for performing group exclusion in hierarchical group structures 失效
标题翻译：在分层组结构中执行组排除的方法
公开(公告)号：US5220604A
公开(公告)日：1993-06-15
申请号：US589924
申请日：1990-09-28
申请人： Morrie Gasser , Andrew C. Goldstein , Charles W. Kaufman
发明人： Morrie Gasser , Andrew C. Goldstein , Charles W. Kaufman
IPC分类号： G06F1/00 , G06F21/00 , H04L9/30
CPC分类号： G06F21/6281 , H04L9/3249 , H04L9/3263 , H04L9/3271 , Y10S707/99939
摘要： A method for denying a first group access to a system resource wherein a second group is selected such that the first group is a subgroup of the second group. Access is granted only to those members of the second group who do not derive their membership in the second group through their membership in the first group.
摘要翻译：一种拒绝对系统资源的第一组访问的方法，其中选择第二组以使得第一组是第二组的子组。访问权仅授予第二组通过其第一组成员组成第二组的成员的成员。

8. 发明授权

US06178508B1 System for controlling access to encrypted data files by a plurality of users 失效
标题翻译：用于控制多个用户对加密数据文件的访问的系统
公开(公告)号：US06178508B1
公开(公告)日：2001-01-23
申请号：US09031150
申请日：1998-02-26
申请人： Charles W. Kaufman
发明人： Charles W. Kaufman
IPC分类号： H04L932
CPC分类号： G06F21/40 , G06F21/6209 , G06F21/6218 , G06F21/6227 , G06F2221/2107
摘要： A system in which an encrypted data file can be protected, accessed, and maintained by a plurality of users using cryptographically hashed passwords. The system provides for the creation in memory for each authorized user of a cryptographically hashed password as an entry in an unencrypted header file. The system compares an authorized user's cryptographically hashed password against a corresponding set of cryptographically hashed passwords in memory to determine whether the user is allowed access to the protected data file. The passwords are cryptographically one-way hashed with a “salt” value in such a way as to make reconstruction of original passwords by an unintended party virtually impossible, because the passwords never exist in memory in an unhashed state. Furthermore, the passwords are cryptographically “one-way” hashed so as not to be reconstructible. Upon successful authorization of a user, based on successful comparison of the user's hashed password with those in memory, the user gains access to the encrypted data file.
摘要翻译：可以由多个用户使用加密散列密码来保护，访问和维护加密数据文件的系统。系统提供在密码散列密码的每个授权用户的内存中创建一个未加密的头文件中的条目。该系统将授权用户的密码散列密码与存储器中相应的密码散列密码集进行比较，以确定用户是否被允许访问受保护的数据文件。这些密码是密码单向散列的，具有“盐”值，使得由非意图方重建原始密码实际上是不可能的，因为密码从不存在于内存中。此外，密码是加密的“单向”散列，以便不可重构。在用户成功授权之后，基于用户的散列密码与存储器中的哈希密码的成功比较，用户获得对加密数据文件的访问。

9. 发明授权

US5650095A Process for preparing copper pyrithione 失效
标题翻译：制备吡啶硫酮铜的方法
公开(公告)号：US5650095A
公开(公告)日：1997-07-22
申请号：US589443
申请日：1996-01-22
申请人： Saeed M. Hosseini , Charles W. Kaufman , Patrick Hobbs , John J. Jardas , Murray A. Ruggiero , Shoaib Arif
发明人： Saeed M. Hosseini , Charles W. Kaufman , Patrick Hobbs , John J. Jardas , Murray A. Ruggiero , Shoaib Arif
IPC分类号： B01F3/08 , A01N43/40 , A01N55/02 , B01F17/12 , B01F17/38 , B01J13/00 , C07D213/89 , C07F1/08
CPC分类号： C07D213/89 , Y10S514/937
摘要： The present invention relates to a process for producing a gel-free dispersion or solution of copper pyrithione employing at least one surfactant. Also claimed is the dispersion or solution itself, as well as a solid particulate copper pyrithione composition comprising copper pyrithione particles having a particle shape selected from the group consisting of rods, spheres, needles, platelets and combinations thereof, and optionally containing at least a trace amount of a surfactant on the outer surface of at least a portion of said particles.
摘要翻译：本发明涉及使用至少一种表面活性剂制备无凝胶的分散液或吡啶硫酮铜溶液的方法。还要求的是分散体或溶液本身，以及包含具有选自杆，球，针，血小板及其组合的颗粒形状的吡啶硫酮铜颗粒的固体颗粒状铜吡啶硫酮组合物，并且任选地至少含有痕量在所述颗粒的至少一部分的外表面上的表面活性剂的量。

10. 发明授权

US5261002A Method of issuance and revocation of certificates of authenticity used in public key networks and other systems 失效
标题翻译：发布和撤销公钥网络等系统中使用的真实性证书的方法
公开(公告)号：US5261002A
公开(公告)日：1993-11-09
申请号：US850593
申请日：1992-03-13
申请人： Radia J. Perlman , Charles W. Kaufman
发明人： Radia J. Perlman , Charles W. Kaufman
IPC分类号： G07F7/10 , H04L9/32 , H04L9/30
CPC分类号： G07F7/1016 , H04L9/3263
摘要： A technique for issuing and revoking user certificates of authenticity in a public key cryptography system, wherein certificates do not need expiration dates, and the inconvenience and overhead associated with routine certificate renewals are minimized or avoided entirely. A Certification Authority issues certificates as required, and issues a blacklist having a start date, an expiration date, and an entry for every invalid certificate issued after the start date. Users assume that every certificate issued prior to the blacklist start date is invalid, and that invalid certificates issued after the start date will be included in the current blacklist. A new blacklist is issued prior to expiration of the current one, and the blacklist start date is changed only when the blacklist becomes unmanageably long.
摘要翻译：一种在公共密钥加密系统中发布和撤销用户证书的真实性的技术，其中证书不需要过期日期，并且与常规证书更新相关联的不便和开销被最小化或完全避免。证书颁发机构根据需要颁发证书，并发出黑名单，具有开始日期，到期日期和开始日期之后发出的每个无效证书的条目。用户假设在黑名单开始日期之前发出的每个证书无效，并且在开始日期之后发出的无效证书将被包含在当前的黑名单中。在当前黑名单到期之前发出新的黑名单，黑名单开始日期只有在黑名单变得难以控制的时候才会改变。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式