会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Method and system for improved internet security via HTTP-only cookies
    • 方法和系统,通过仅HTTP Cookie改进互联网安全
    • US07359976B2
    • 2008-04-15
    • US10303113
    • 2002-11-23
    • David A. RossCem PayaAaron Goldfeder
    • David A. RossCem PayaAaron Goldfeder
    • G06F15/16
    • H04L63/1441G06F21/6263H04L67/02H04L69/329
    • A system and method that prevents certain cookies, as specified by an Internet server, from being accessed through client-side script, thereby mitigating the amount of damage that cross-site scripting attacks can accomplish. The server marks selected cookies with an attribute that flags such cookies as being protected, and a security mechanism in the client prevents protected cookies from being accessed via script. A protected (flagged) cookie can still be accessed by the server, (e.g., via HTTP), while non-flagged cookies can be accessed by the server or script. An API or similar layer implements the security mechanism that checks for the attribute, and fails requests for any cookies having that attribute set. The present invention can also be adapted to prevent a malicious script from overwriting existing HTTP-only cookies on a client machine.
    • 防止由Internet服务器指定的某些Cookie通过客户端脚本访问的系统和方法,从而减轻跨站点脚本攻击可以实现的损害量。 服务器将所选的Cookie标记为将这样的Cookie标记为受保护的属性,客户端中的安全机制可防止通过脚本访问受保护的Cookie。 服务器(例如,通过HTTP)仍然可以访问受保护(标记的)Cookie,而未标记的Cookie可以被服务器或脚本访问。 API或类似的层实现检查属性的安全机制,并且对具有该属性集的任何Cookie的请求失败。 本发明还可以适用于防止恶意脚本覆盖客户端机器上现有的只有HTTP的cookie。
    • 7. 发明申请
    • AUTHENTICATION ARCHITECTURE
    • 认证架构
    • US20080115200A1
    • 2008-05-15
    • US12013616
    • 2008-01-14
    • Lance OlsonHenrik NielsenCem Paya
    • Lance OlsonHenrik NielsenCem Paya
    • H04L9/32G06F21/00
    • H04L9/3271G06F21/31H04L63/08H04L63/205H04L2209/34
    • A system enabling an application desiring access to a resource addressable by a URI to produce a response to an authentication challenge to a request to access the URI without including code specific to an authentication system and/or method is provided. The system includes an authentication manager that can pass an authentication challenge to authentication modules and/or objects operable to produce a response to the authentication challenge. The system may also include a cache adapted to store one or more responses to the authentication challenge communicated from the authentication modules, with such cache also being employed to facilitate pre-authenticating test challenges and/or pseudo-challenges.
    • 提供了一种能够使得希望访问可由URI寻址的资源的应用程序的系统,以产生对访问URI的请求的认证挑战的响应,而不包括特定于认证系统和/或方法的代码。 该系统包括认证管理器,其可以将认证挑战传递给可操作以产生对认证挑战的响应的认证模块和/或对象。 该系统还可以包括适于存储针对从认证模块传送的认证挑战的一个或多个响应的缓存,还使用这种缓存来促进预验证测试挑战和/或伪挑战。
    • 8. 发明申请
    • Using hierarchical identity based cryptography for authenticating outbound mail
    • 使用基于层次标识的加密技术来验证出站邮件
    • US20070124578A1
    • 2007-05-31
    • US11291946
    • 2005-11-30
    • Cem PayaJosh Benaloh
    • Cem PayaJosh Benaloh
    • H04L9/00
    • H04L63/06H04L9/3073H04L9/3247H04L9/3271H04L51/00H04L63/12
    • A hierarchical identity based cryptographic system (“HIBC”) is integrated with the domain name system (“DNS”). A private key is assigned to each of the top level domain name authorities responsible for assigning the top level domain names (e.g., net, .com, etc.). The private key is generated according to an HIBC system, wherein the corresponding public key is based on the identity of the particular domain authority. When user requests a domain name from one of the top level domain name authorities, the user is issued a private key that is generated by the top level domain authority using its private key and the identity of the user according to the particular HIBC system implemented. The user's corresponding public key can be derived from the identity of the user and the public key of the top level domain name authority. Similarly, when the user adds servers and accounts to the users domain, the user can generate private keys for the servers and accounts using the users private key according to the particular HIBC system. Later, emails originating from the users domain can be authenticated by recipients using the public key associated with the top level domain name authority.
    • 基于层次标识的加密系统(“HIBC”)与域名系统(“DNS”)集成。 私钥分配给负责分配顶级域名(例如,net,.com等)的顶级域名权限。 私钥根据HIBC系统生成,其中相应的公钥基于特定域权限的身份。 当用户从顶级域名权限之一请求域名时,将使用其私有密钥和根据实施的特定HIBC系统的用户身份由顶级域机构生成的私钥。 用户的相应公钥可以从用户的身份和顶级域名权限的公钥中导出。 类似地,当用户将服务器和帐户添加到用户域时,用户可以使用根据特定HIBC系统的用户私钥为服务器和帐户生成私钥。 之后,来自用户域的电子邮件可以由收件人使用与顶级域名权限关联的公钥进行身份验证。
    • 9. 发明授权
    • Methods and systems for scripting defense
    • 防御脚本的方法和系统
    • US08931084B1
    • 2015-01-06
    • US12558173
    • 2009-09-11
    • Cem PayaJohann Tomas SigurdssonSumit Gwalani
    • Cem PayaJohann Tomas SigurdssonSumit Gwalani
    • H04L29/06H04L29/08G06F21/12
    • H04L67/02G06F21/121G06F21/51G06F21/6281G06F2221/2119H04L63/1466H04L67/34
    • Methods and systems for cross-site scripting (XSS) defense are described herein. An embodiment includes, embedding one or more tags in content at a server to identify executable and non-executable regions in the content and transmitting the content with the tags to a client based on a request from the client. Another embodiment includes receiving content embedded with one or more permission tags from a server, processing the content and the permission tags, and granting permission to a browser to execute executable content in the content based on the permission tags. A method embodiment also includes receiving content embedded with one or more verify tags from a server, performing an integrity check using the verify tags and granting permission to a browser to execute executable content in the content based on the integrity check.
    • 本文描述了跨站点脚本(XSS)防御的方法和系统。 一个实施例包括:在服务器的内容中嵌入一个或多个标签以识别内容中的可执行和不可执行区域,并且基于客户端的请求将具有标签的内容传送给客户端。 另一实施例包括从服务器接收嵌入有一个或多个权限标签的内容,处理内容和许可标签,以及授权浏览器基于许可标签在内容中执行可执行内容。 方法实施例还包括从服务器接收嵌入有一个或多个验证标签的内容,使用验证标签执行完整性检查,并授予浏览器基于完整性检查在内容中执行可执行内容的许可。
    • 10. 发明授权
    • Using hierarchical identity based cryptography for authenticating outbound mail
    • 使用基于层次标识的加密技术来验证出站邮件
    • US07788484B2
    • 2010-08-31
    • US11291946
    • 2005-11-30
    • Cem PayaJosh D. Benaloh
    • Cem PayaJosh D. Benaloh
    • H04L29/06
    • H04L63/06H04L9/3073H04L9/3247H04L9/3271H04L51/00H04L63/12
    • A hierarchical identity based cryptographic system (“HIBC”) is integrated with the domain name system (“DNS”). A private key is assigned to each of the top level domain name authorities responsible for assigning the top level domain names (e.g., .net, .com, etc.). The private key is generated according to an HIBC system, wherein the corresponding public key is based on the identity of the particular domain authority. When user requests a domain name from one of the top level domain name authorities, the user is issued a private key that is generated by the top level domain authority using its private key and the identity of the user according to the particular HIBC system implemented. The user's corresponding public key can be derived from the identity of the user and the public key of the top level domain name authority. Similarly, when the user adds servers and accounts to the users domain, the user can generate private keys for the servers and accounts using the users private key according to the particular HIBC system. Later, emails originating from the users domain can be authenticated by recipients using the public key associated with the top level domain name authority.
    • 基于层次标识的加密系统(“HIBC”)与域名系统(“DNS”)集成。 私有密钥分配给负责分配顶级域名(例如.net,.com等)的每个顶级域名权限。 私钥根据HIBC系统生成,其中相应的公钥基于特定域权限的身份。 当用户从顶级域名权限之一请求域名时,将使用其私有密钥和根据实施的特定HIBC系统的用户身份由顶级域机构生成的私钥。 用户的相应公钥可以从用户的身份和顶级域名权限的公钥中导出。 类似地,当用户将服务器和帐户添加到用户域时,用户可以使用根据特定HIBC系统的用户私钥为服务器和帐户生成私钥。 之后,来自用户域的电子邮件可以由收件人使用与顶级域名权限关联的公钥进行身份验证。