专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09047477B2 Distributed key encryption in servers 有权
标题翻译：服务器中的分布式密钥加密
公开(公告)号：US09047477B2
公开(公告)日：2015-06-02
申请号：US12471474
申请日：2009-05-26
申请人： Fabian Nunez-Tejerina , Jeffrey B. Kay , Robert C. Fruth , Naveen A. Palavalli , Ramesh Chinta , Tolga Acar
发明人： Fabian Nunez-Tejerina , Jeffrey B. Kay , Robert C. Fruth , Naveen A. Palavalli , Ramesh Chinta , Tolga Acar
IPC分类号： H04L9/00 , G06F21/62 , H04L9/32 , H04L29/06
CPC分类号： G06F21/6209 , H04L9/006 , H04L9/3263 , H04L63/0823
摘要： Architecture that stores specific passwords on behalf of users, and encrypts the passwords using encryption keys managed by a distributed key management system. The encryption keys are stored in a directory service (e.g., hierarchical) in an area that is inaccessible by selected entities (e.g., administrative users) having superior permissions such as supervisory administrators, but accessible to the account components that need to access the unencrypted passwords. The distributed key management system makes the encryption key stored in the directory service available to all hardware/software components that need the key to encrypt or decrypt the passwords.
摘要翻译：代表用户存储特定密码的体系结构，并使用由分布式密钥管理系统管理的加密密钥加密密码。加密密钥存储在具有诸如监督管理员等优越许可的选定实体（例如，管理用户）无法访问的区域中的目录服务（例如，分级）中，但是对于需要访问未加密密码的帐户组件可访问。分布式密钥管理系统使存储在目录服务中的加密密钥可用于需要密钥的所有硬件/软件组件来加密或解密密码。

2. 发明申请

US20120159577A1 ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES 有权
标题翻译：政治语言的不寻常原则
公开(公告)号：US20120159577A1
公开(公告)日：2012-06-21
申请号：US12970867
申请日：2010-12-16
申请人： Mira Belinkiy , Tolga Acar , Thomas Roeder , Jason Mackay , Brian LaMacchia
发明人： Mira Belinkiy , Tolga Acar , Thomas Roeder , Jason Mackay , Brian LaMacchia
IPC分类号： H04L9/32
CPC分类号： H04L9/3265 , G06F21/6218 , H04L2209/42
摘要： Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity.
摘要翻译：描述允许安全策略语言适应匿名凭据的技术。安全策略语言中的策略语句可以引用匿名凭据。当策略语句被评估以决定是否授予对由策略语句介导的资源的访问时，使用匿名凭证。可以实施策略语言，以允许一个匿名凭据将访问授予权限委派给另一个匿名凭据。此外，匿名凭证可以被重新随机化，以避免匿名凭证的使用之间的联系，这可能危及匿名。

3. 发明授权

US09015489B2 Securing passwords against dictionary attacks 有权
标题翻译：保护密码免受字典攻击
公开(公告)号：US09015489B2
公开(公告)日：2015-04-21
申请号：US12755426
申请日：2010-04-07
申请人： Mira Belenkiy , Tolga Acar , Henry Nelson Jerez Morales , Alptekin Kupcu
发明人： Mira Belenkiy , Tolga Acar , Henry Nelson Jerez Morales , Alptekin Kupcu
IPC分类号： G06F21/00 , G06F7/04 , H04L29/06 , H04L9/08 , H04L9/32
CPC分类号： H04L63/0428 , H04L9/0841 , H04L9/3226 , H04L9/3271 , H04L63/06 , H04L63/083 , H04L63/0853
摘要： Described herein are various technologies pertaining to constructions of a password-based authentication protocol that are configured to allow a user to register with and authenticate to an online service without the online service receiving a password or a deterministic function of the password of the user. When registering with an online service, a client computing device establishes a cryptographically strong random secret and stores an encryption of such secret with a data storage device. The storage device also never receives the password or a deterministic function of the password. When the user wishes to authenticate to the online service, the user employs her password to retrieve the encrypted secret from the storage device, decrypts such secret, and utilizes the decrypted secret to answer a cryptographically strong challenge provided to the user by the online service upon the online service receiving a username pertaining to such user.
摘要翻译：这里描述的是涉及基于密码的认证协议的构造的各种技术，其被配置为允许用户在没有在线服务接收密码或用户的密码的确定性功能的情况下向在线服务注册和认证。当在线服务注册时，客户端计算设备建立密码强的随机秘密，并将这种秘密的加密存储在数据存储设备中。存储设备也从不接收密码或密码的确定性功能。当用户希望对在线服务进行身份验证时，用户使用她的密码从存储设备中取回加密的秘密，解密这样的秘密，并利用解密的秘密来回答由在线服务提供给用户的加密强大的挑战，该在线服务接收与该用户有关的用户名。

4. 发明申请

US20120324233A1 Verifying Requests for Access to a Service Provider Using an Authentication Component 有权
标题翻译：验证使用身份验证组件访问服务提供商的请求
公开(公告)号：US20120324233A1
公开(公告)日：2012-12-20
申请号：US13160831
申请日：2011-06-15
申请人： Duy Lan Nguyen , Tolga Acar
发明人： Duy Lan Nguyen , Tolga Acar
IPC分类号： H04L9/32
CPC分类号： H04L63/0823 , G06Q20/341 , H04L9/0866 , H04L9/3073 , H04L9/3234 , H04L9/3268 , H04L9/3281 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/0853 , H04L2209/84
摘要： The subject disclosure is directed towards processing requests for accessing a service provider. After examining at least one security token, a public key and a portion of attribute information are identified. An authentication component is accessed and applied to the public key. A unique user identifier is employed in generating the public key. The authentication component is generated using information from at least one revoked security token or at least one valid security token. The authentication component is configured to prove validity of the at least one security token.
摘要翻译：主题公开涉及处理访问服务提供商的请求。在检查至少一个安全令牌之后，识别公钥和属性信息的一部分。访问认证组件并将其应用于公钥。在生成公钥时采用唯一的用户标识符。使用来自至少一个撤销的安全令牌或至少一个有效安全令牌的信息生成认证组件。认证组件被配置为证明至少一个安全性令牌的有效性。

5. 发明授权

US08325924B2 Managing group keys 有权
标题翻译：管理组密钥
公开(公告)号：US08325924B2
公开(公告)日：2012-12-04
申请号：US12389217
申请日：2009-02-19
申请人： Tolga Acar , Josh Benaloh , Niels Thomas Ferguson , Carl M. Ellison , Mira Belenkiy , Duy Lan Nguyen
发明人： Tolga Acar , Josh Benaloh , Niels Thomas Ferguson , Carl M. Ellison , Mira Belenkiy , Duy Lan Nguyen
IPC分类号： H04L9/00
CPC分类号： H04L9/0891 , H04L9/0833
摘要： In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided.
摘要翻译：在一个示例中，一个或多个加密密钥可以与组相关联。该组的任何成员可以使用密钥来加密和解密信息，从而允许该组的成员共享加密的信息。域控制器（DC）维护组的密钥副本。 DC可以彼此同步，使得每个DC可以具有组的密钥的副本。密钥可能有过期日期，连接到DC的任何客户端可能在密钥接近到期时生成新密钥。各种客户端可以在不同的时间段之前以不同的时间量创建新的密钥。因此，早期存储密钥的DC可能有时间通过同步传播新创建的密钥，而其他DC被请求存储由其他客户端创建的密钥。以这种方式，可以避免创建过多的新密钥。

6. 发明申请

US20110252229A1 SECURING PASSWORDS AGAINST DICTIONARY ATTACKS 有权
标题翻译：安全口令反对字典攻击
公开(公告)号：US20110252229A1
公开(公告)日：2011-10-13
申请号：US12755426
申请日：2010-04-07
申请人： Mira Belenkiy , Tolga Acar , Henry Nelson Jerez Morales , Alptekin Kupcu
发明人： Mira Belenkiy , Tolga Acar , Henry Nelson Jerez Morales , Alptekin Kupcu
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L63/0428 , H04L9/0841 , H04L9/3226 , H04L9/3271 , H04L63/06 , H04L63/083 , H04L63/0853
摘要： Described herein are various technologies pertaining to constructions of a password-based authentication protocol that are configured to allow a user to register with and authenticate to an online service without the online service receiving a password or a deterministic function of the password of the user. When registering with an online service, a client computing device establishes a cryptographically strong random secret and stores an encryption of such secret with a data storage device. The storage device also never receives the password or a deterministic function of the password. When the user wishes to authenticate to the online service, the user employs her password to retrieve the encrypted secret from the storage device, decrypts such secret, and utilizes the decrypted secret to answer a cryptographically strong challenge provided to the user by the online service upon the online service receiving a username pertaining to such user.
摘要翻译：这里描述的是涉及基于密码的认证协议的构造的各种技术，其被配置为允许用户在没有在线服务接收密码或用户的密码的确定性功能的情况下向在线服务注册和认证。当在线服务注册时，客户端计算设备建立密码强的随机秘密，并将这种秘密的加密存储在数据存储设备中。存储设备也从不接收密码或密码的确定性功能。当用户希望对在线服务进行身份验证时，用户使用她的密码从存储设备中取回加密的秘密，解密这样的秘密，并利用解密的秘密来回答由在线服务提供给用户的加密强大的挑战，该在线服务接收与该用户有关的用户名。

7. 发明申请

US20080263361A1 Cryptographically strong key derivation using password, audio-visual and mental means 审中-公开
标题翻译：使用密码，视听和心理手段的密码型强密码派生
公开(公告)号：US20080263361A1
公开(公告)日：2008-10-23
申请号：US11788687
申请日：2007-04-20
申请人： Tanmoy Dutta , Sunil Kadam , Tolga Acar
发明人： Tanmoy Dutta , Sunil Kadam , Tolga Acar
IPC分类号： H04L9/00
CPC分类号： H04L9/0863 , H04L9/0891 , H04L2209/60 , H04L2209/80
摘要： A security system that uses a cryptographic key derived from human interaction with media. The system employs a set of parameters that includes user responses to graphical media and/or audio data, among other parameters. The architecture adds a fourth dimension to the conventional authentication means in order to make at least an offline attack on the key much more difficult. In addition to a standard set of parameters such as password, salt (random bits inserted into the encryption process) and iteration count, the system further utilizes information in the form of “what the user does” by presenting and prompting the user to interact with media in some way. The media can include audio information, video information, and/or image information, for example.
摘要翻译：一种安全系统，它使用与媒体进行人工交互导出的加密密钥。系统采用一组参数，其中包括用户对图形媒体和/或音频数据的响应以及其他参数。该体系结构为常规认证手段增加了第四个维度，以便至少使密钥的脱机攻击更加困难。除了密码，盐（插入加密过程中的随机位）和迭代计数等一系列参数之外，系统还通过呈现和提示用户进行交互来进一步利用“用户所做的”形式的信息媒体在某种程度上媒体可以包括例如音频信息，视频信息和/或图像信息。

8. 发明申请

US20080181412A1 CRYPTOGRAPHIC KEY CONTAINERS ON A USB TOKEN 有权
标题翻译： USB TOKEN上的CRYPTOGRAPHIC KEY CONTAINERS
公开(公告)号：US20080181412A1
公开(公告)日：2008-07-31
申请号：US11627466
申请日：2007-01-26
申请人： Tolga Acar , Carl M. Ellison
发明人： Tolga Acar , Carl M. Ellison
IPC分类号： H04L9/08
CPC分类号： G06F21/6209 , G06F21/79 , H04L9/0897
摘要： A Universal Serial Bus (USB) compatible storage device is utilized as a security token for storage of cryptographic keys. A cryptographic subsystem of a processor accesses cryptographic keys in containers on the USB compatible storage device. Accessing includes storing and/or retrieving. The processor does not include an infrastructure dedicated to the USB compatible storage device. Cryptographic key storage is redirected from an in-processor container to the USB compatible storage device. No password or PIN is required to access the cryptographic keys, yet enhanced security is provided. Utilizing a USB compatible storage device for a cryptographic key container provides a convenient, portable, mechanism for carrying the cryptographic key, and additional security is provided via physical possession of the device.
摘要翻译：通用串行总线（USB）兼容存储设备被用作存储加密密钥的安全令牌。处理器的加密子系统访问USB兼容存储设备上的容器中的加密密钥。访问包括存储和/或检索。处理器不包括专用于USB兼容存储设备的基础设施。加密密钥存储从处理器内容器重定向到USB兼容的存储设备。不需要密码或密码来访问加密密钥，但提供了增强的安全性。利用用于加密密钥容器的USB兼容存储设备提供用于携带加密密钥的便利的便携式机制，并且通过物理拥有该设备来提供额外的安全性。

9. 发明授权

US09008316B2 Role-based distributed key management 有权
标题翻译：基于角色的分布式密钥管理
公开(公告)号：US09008316B2
公开(公告)日：2015-04-14
申请号：US13434737
申请日：2012-03-29
申请人： Tolga Acar , Henry N. Jerez , Lan Duy Nguyen , Thomas Michael Roeder
发明人： Tolga Acar , Henry N. Jerez , Lan Duy Nguyen , Thomas Michael Roeder
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L9/0819 , H04L9/0816 , H04L9/0833 , H04L9/0838 , H04L9/0877 , H04L9/088 , H04L9/0891 , H04L9/0897 , H04L9/30 , H04L9/3247 , H04L2209/24
摘要： Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.
摘要翻译：描述了提供基于角色的分布式密钥管理（DKM）复制的实现。服务器节点从请求者节点接收请求以执行DKM创建或更新功能。服务器节点根据请求者节点的公钥来确定请求者节点的角色。服务器节点确定请求者节点的角色是否指示请求者节点被授权请求DKM创建或更新功能。如果请求者节点的角色被授权请求DKM创建或更新功能，则服务器节点执行所请求的功能。 DKM创建或更新功能可能涉及复制功能。公共密钥和信任链可能来自物理密码处理器，如TPM。

10. 发明授权

US07930332B2 Weighted entropy pool service 有权
标题翻译：加权熵池服务
公开(公告)号：US07930332B2
公开(公告)日：2011-04-19
申请号：US11690758
申请日：2007-03-23
申请人： Tolga Acar , Daniel B. Shumow , Andrew S. Tucker , Carl M. Ellison
发明人： Tolga Acar , Daniel B. Shumow , Andrew S. Tucker , Carl M. Ellison
IPC分类号： G06F1/02
CPC分类号： G06F7/58
摘要： A weighted entropy pool service system and methods. Weights are associated with entropy sources and are used to estimate a quantity of entropy contained in data from the entropy sources. An interface is optionally provided to facilitate connecting user entropy sources to the entropy pool service. The quantity of entropy contained in the system is tracked as entropy is distributed to entropy consumers. A persistent entropy pool state file stores entropy across system restarts.
摘要翻译：一种加权熵池服务系统及方法。权重与熵源相关联，用于估计来自熵源的数据中包含的熵量。可选地提供接口以便于将用户熵源连接到熵池服务。随着熵被分配给熵消费者，系统中包含的熵量被跟踪。持续熵池状态文件在系统重新启动之间存储熵。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式