会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • System for controlling access to encrypted data files by a plurality of users
    • 用于控制多个用户对加密数据文件的访问的系统
    • US06178508B1
    • 2001-01-23
    • US09031150
    • 1998-02-26
    • Charles W. Kaufman
    • Charles W. Kaufman
    • H04L932
    • G06F21/40G06F21/6209G06F21/6218G06F21/6227G06F2221/2107
    • A system in which an encrypted data file can be protected, accessed, and maintained by a plurality of users using cryptographically hashed passwords. The system provides for the creation in memory for each authorized user of a cryptographically hashed password as an entry in an unencrypted header file. The system compares an authorized user's cryptographically hashed password against a corresponding set of cryptographically hashed passwords in memory to determine whether the user is allowed access to the protected data file. The passwords are cryptographically one-way hashed with a “salt” value in such a way as to make reconstruction of original passwords by an unintended party virtually impossible, because the passwords never exist in memory in an unhashed state. Furthermore, the passwords are cryptographically “one-way” hashed so as not to be reconstructible. Upon successful authorization of a user, based on successful comparison of the user's hashed password with those in memory, the user gains access to the encrypted data file.
    • 可以由多个用户使用加密散列密码来保护,访问和维护加密数据文件的系统。 系统提供在密码散列密码的每个授权用户的内存中创建一个未加密的头文件中的条目。 该系统将授权用户的密码散列密码与存储器中相应的密码散列密码集进行比较,以确定用户是否被允许访问受保护的数据文件。 这些密码是密码单向散列的,具有“盐”值,使得由非意图方重建原始密码实际上是不可能的,因为密码从不存在于内存中。 此外,密码是加密的“单向”散列,以便不可重构。 在用户成功授权之后,基于用户的散列密码与存储器中的哈希密码的成功比较,用户获得对加密数据文件的访问。
    • 3. 发明授权
    • Method of issuance and revocation of certificates of authenticity used
in public key networks and other systems
    • 发布和撤销公钥网络等系统中使用的真实性证书的方法
    • US5261002A
    • 1993-11-09
    • US850593
    • 1992-03-13
    • Radia J. PerlmanCharles W. Kaufman
    • Radia J. PerlmanCharles W. Kaufman
    • G07F7/10H04L9/32H04L9/30
    • G07F7/1016H04L9/3263
    • A technique for issuing and revoking user certificates of authenticity in a public key cryptography system, wherein certificates do not need expiration dates, and the inconvenience and overhead associated with routine certificate renewals are minimized or avoided entirely. A Certification Authority issues certificates as required, and issues a blacklist having a start date, an expiration date, and an entry for every invalid certificate issued after the start date. Users assume that every certificate issued prior to the blacklist start date is invalid, and that invalid certificates issued after the start date will be included in the current blacklist. A new blacklist is issued prior to expiration of the current one, and the blacklist start date is changed only when the blacklist becomes unmanageably long.
    • 一种在公共密钥加密系统中发布和撤销用户证书的真实性的技术,其中证书不需要过期日期,并且与常规证书更新相关联的不便和开销被最小化或完全避免。 证书颁发机构根据需要颁发证书,并发出黑名单,具有开始日期,到期日期和开始日期之后发出的每个无效证书的条目。 用户假设在黑名单开始日期之前发出的每个证书无效,并且在开始日期之后发出的无效证书将被包含在当前的黑名单中。 在当前黑名单到期之前发出新的黑名单,黑名单开始日期只有在黑名单变得难以控制的时候才会改变。
    • 5. 发明授权
    • Secure remote password validation
    • 安全远程密码验证
    • US07669058B2
    • 2010-02-23
    • US10915044
    • 2004-08-10
    • Mark A. ChampineCharles W. Kaufman
    • Mark A. ChampineCharles W. Kaufman
    • G06F21/00
    • H04L63/083G06F21/31H04L9/0866H04L9/088H04L9/3226H04L9/3236H04L63/123
    • A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process.
    • 用于安全密码验证的方法,系统和装置可以包括配置为将本地认证数据和远程认证过程耦合的本地认证过程。 该系统还可以包括设置在本地认证过程中的比较器,并被编程以检测本地认证数据中的扩展密码字符串。 最后,系统可以包括设置在本地认证过程中的远程认证处理器,并且被编程为响应于比较器检测到针对所提供的用户标识符检索的扩展密码字符串来将密码验证外包给远程认证过程。 优选地,远程认证处理程序可以是远程认证过程的远程过程调用。
    • 9. 发明授权
    • System for increasing the difficulty of password guessing attacks in a
distributed authentication scheme employing authentication tokens
    • 在采用认证令牌的分布式认证方案中增加密码猜测攻击难度的系统
    • US5373559A
    • 1994-12-13
    • US34225
    • 1993-03-18
    • Charles W. KaufmanRadia J. PearlmanMorrie Gasser
    • Charles W. KaufmanRadia J. PearlmanMorrie Gasser
    • G06F1/00G06F21/33G06F21/34H04L9/08H04L9/32H04K1/00
    • G06F21/34G06F21/335G06F2221/2103G06F2221/2151H04L9/0877H04L9/3226H04L9/3234H04L9/3236H04L9/3271
    • An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.
    • 改进的安全系统禁止窃听,字典攻击和入侵存储的密码列表。 在一个实现中,用户向工作站提供“密码”和从被动认证令牌生成器获得的“令牌”。 工作站通过对密码和令牌执行第一散列算法来计算“传输代码”。 工作站将传输代码发送到服务器。 然后,服务器尝试通过将来自存储的列表的密码与在接收到传输代码之前由第二相同的被动认证令牌发生器产生的令牌组合来再现传输代码。 如果任何密码/令牌组合产生传输代码,则工作站被提供有用于与期望的计算系统进行通信的消息; 使用通过对密码和令牌应用不同散列算法计算的会话代码来加密该消息。 在另一实施例中,工作站向认证服务器发送用户名。 服务器验证用户名的有效性,并使用活动的认证令牌生成器来获得对任意选择的挑战的“响应”。 服务器通过响应和密码执行散列算法生成会话代码。 服务器将该挑战和使用会话代码加密的消息发送到工作站。 工作站通过对密码和接收到的质询执行散列算法来生成会话代码,并使用会话代码解密加密的消息。 该消息在与期望的计算系统通信中是有用的。