专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07836295B2 Method and apparatus for improving the resilience of content distribution networks to distributed denial of service attacks 失效
标题翻译：用于提高内容分发网络对分布式拒绝服务攻击的弹性的方法和装置
公开(公告)号：US07836295B2
公开(公告)日：2010-11-16
申请号：US10207695
申请日：2002-07-29
申请人： Suresh N. Chari , Pau-Chen Cheng , Kang-Won Lee , Sambit Sahu , Anees A. Shaikh
发明人： Suresh N. Chari , Pau-Chen Cheng , Kang-Won Lee , Sambit Sahu , Anees A. Shaikh
IPC分类号： H04L12/66
CPC分类号： H04L63/1408 , H04L63/1458 , H04L67/1002
摘要： Several deterrence mechanisms suitable for content distribution networks (CDN) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n2)amount of traffic to victimize a CDN-hosted site when the site content is served from n CDN caches. Without these modifications, the attacker must generate only O(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN.
摘要翻译：提供了适用于内容分发网络（CDN）的几种威慑机制。这些包括基于散列的请求路由方案和站点分配方案。基于散列的请求路由方案提供了一种区分合法请求与假请求的方法。使用这种机制，当从n个CDN缓存提供站点内容时，攻击者需要生成O（n2）个流量来伤害CDN托管站点。没有这些修改，攻击者必须只生成O（n）流量才能关闭该站点。站点分配方案可以在CDN托管的网站之间提供足够的隔离，以防止一个网站的攻击使其他站点不可用。使用基于二进制代码的分配策略，可以保证对任何单个网站的成功攻击禁用其分配的服务器，也不会导致其他由CDN托管的网站。

2. 发明申请

US20100011421A1 ENABLING AUTHENTICATION OF OPENID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE 有权
标题翻译：当所要求的身份提供者不可用时，启用OPENID用户的认证
公开(公告)号：US20100011421A1
公开(公告)日：2010-01-14
申请号：US12172252
申请日：2008-07-13
申请人： Suresh N. Chari , Gang Chen , Todd Eric Kaplinger
发明人： Suresh N. Chari , Gang Chen , Todd Eric Kaplinger
IPC分类号： H04L9/00
CPC分类号： H04L63/0815 , G06F21/31
摘要： A method, system and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process.
摘要翻译：一种方法，系统和计算机程序产品，用于当请求的身份提供者不可用时启用OpenID用户的认证。依赖方从OpenID用户接收登录请求，其中登录请求包含用户名。依赖方读取与所接收的用户名相关联的可信身份提供者列表，并选择其中一个身份提供者。依赖方使用所选择的身份提供者的标识（例如，统一资源定位符）和用户名来生成OpenID标识符。依赖方使用形成的OpenID标识符向所选择的身份提供者发送认证请求（用于认证OpenID用户的请求）。如果所选择的身份提供者不可用，则依赖方从与所接收的用户名相关联的身份提供者的列表中选择另一个身份提供者并重复上述过程。

3. 发明授权

US08983877B2 Role mining with user attribution using generative models 有权
标题翻译：使用生成模型的角色挖掘与用户归因
公开(公告)号：US08983877B2
公开(公告)日：2015-03-17
申请号：US13411174
申请日：2012-03-02
申请人： Suresh N. Chari , Ian Michael Molloy , Youngja Park
发明人： Suresh N. Chari , Ian Michael Molloy , Youngja Park
IPC分类号： G06N5/00 , G06F1/00 , G06N99/00 , G06F21/60
CPC分类号： G06N99/005 , G06F21/604
摘要： Applications of machine learning techniques such as Latent Dirichlet Allocation (LDA) and author-topic models (ATM) to the problems of mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements are provided. In one aspect, a method for performing role mining given a plurality of users and a plurality of permissions is provided. The method includes the following steps. At least one generative machine learning technique, e.g., LDA, is used to obtain a probability distribution θ for user-to-role assignments and a probability distribution β for role-to-permission assignments. The probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments are used to produce a final set of roles, including user-to-role assignments and role-to-permission assignments.
摘要翻译：潜在的Dirichlet分配（LDA）和作者主题模型（ATM）等机器学习技术的应用对于用户角色的挖掘问题，从授权中指定访问控制策略以及包含这些权利使用记录的日志的应用是提供。在一个方面，提供了赋予多个用户和多个权限的用于执行角色挖掘的方法。该方法包括以下步骤。使用至少一种生成机器学习技术，例如LDA来获得概率分布; 用于角色角色分配和概率分布＆bgr; 用于角色到权限分配。概率分布与概念; 用于角色角色分配和概率分布; 角色到权限分配用于生成一组最终角色，包括用户角色分配和角色到权限分配。

4. 发明授权

US08028072B2 Method, apparatus and computer program product implementing session-specific URLs and resources 失效
标题翻译：方法，设备和计算机程序产品实现特定于会话的URL和资源
公开(公告)号：US08028072B2
公开(公告)日：2011-09-27
申请号：US12041146
申请日：2008-03-03
申请人： David A. George , Raymond B. Jennings, III , Suresh N. Chari , Anees Shaikh
发明人： David A. George , Raymond B. Jennings, III , Suresh N. Chari , Anees Shaikh
IPC分类号： G06F15/16
CPC分类号： H04L12/5691 , H04L47/826 , H04L63/10
摘要： Methods, apparatus and computer program products implement session-specific URIs for allocating network resources by receiving a request from a user for at least one network resource; assigning a session-specific URI to the at least one network resource for use in identifying the at least one network resource and controlling access to the at least one network resource; updating a network directory service with the session-specific URI; and communicating the session-specific URI to the user. The user communicates the session-specific URI to other participants in the session during which the at least one network resource will be used. After a pre-determined time, the session ends and the at least one network resource is de-allocated by, for example, changing the URI of the at least one network resource. Frequent changes of URIs hinder efforts by unauthorized individuals to gain access to network resources.
摘要翻译：方法，装置和计算机程序产品通过从用户接收至少一个网络资源的请求来实现用于分配网络资源的会话专用URI; 将特定于会话的URI分配给所述至少一个网络资源，以用于识别所述至少一个网络资源并控制对所述至少一个网络资源的访问; 使用会话特定URI更新网络目录服务; 并将会话特定URI传达给用户。用户将会话特定URI传送到会话中的其他参与者，在该会话期间将使用至少一个网络资源。在预定时间之后，会话结束，并且至少一个网络资源通过例如改变至少一个网络资源的URI而被去分配。 URI的频繁变化阻碍未经授权的人员获得网络资源的访问权限。

5. 发明授权

US07142670B2 Space-efficient, side-channel attack resistant table lookups 失效
公开(公告)号：US07142670B2
公开(公告)日：2006-11-28
申请号：US09943720
申请日：2001-08-31
申请人： Suresh N. Chari , Josyula R. Rao , Pankaj Rohatgi , Helmut Scherzer
发明人： Suresh N. Chari , Josyula R. Rao , Pankaj Rohatgi , Helmut Scherzer
IPC分类号： H04K1/00 , H04L9/00
CPC分类号： G06F21/556 , H04L9/002 , H04L2209/043 , H04L2209/08
摘要： Methods, apparatus and computer software and hardware products providing method, apparatus and system solutions for implementing table lookups in a side-channel attack resistant manner. Embodiments are provided for devices and situations where there is limited amount of RAM memory available or restrictions on memory addressing. The solutions solve problems associated with look up tables with large indices, as well as problems associated with looking up large sized tables or a collection of tables of large cumulative size, in limited devices, in an efficient side-channel attack resistant manner. These solutions provide defenses against both first-order side channel attacks as well as higher-order side channel attacks. One aspect of the present invention is the creation of one or more random tables which are used possibly in conjunction with other tables to perform a table lookup. This denies an adversary information about the table lookup from the side channel and thereby imparting side-channel resistance to the table lookup operation. Another aspect of the present invention is the use of a combination of some operations such as Table Split, Table Mask and Table Aggregate, to achieve this side-channel resistance within the limited amounts of available RAM and limited memory addressing capabilities of the device performing table lookups.

6. 发明授权

US6148081A Security model for interactive television applications 有权
标题翻译：互动电视应用的安全模式
公开(公告)号：US6148081A
公开(公告)日：2000-11-14
申请号：US196964
申请日：1998-11-20
申请人： Steven Szymanski , Jean Rene Menand , Vincent Dureau , Suresh N. Chari
发明人： Steven Szymanski , Jean Rene Menand , Vincent Dureau , Suresh N. Chari
IPC分类号： G06F21/22 , H04N5/00 , H04N7/16 , H04L9/32
CPC分类号： H04N21/443 , H04N7/163
摘要： A system and method implemented in an interactive television system for restricting or controlling the access rights of interactive television applications and carousels. The system broadcasts modules from a broadcast station to a plurality of receiving stations, which execute applications containing the modules. In one embodiment, the applications utilize a credential consisting of a producer identification number (ID) and an application ID for each of the grantor and grantee applications, an expiration date, a set of permission data, a producer certificate and a signature. An application requesting access and a carousel granting access may be identified by respective producer and application IDs. The credential utilizes public key encryption to ensure the integrity of the credential. The producer and application IDs may be replaced with wildcards so that rights may be granted to a group of producers or applications.
摘要翻译：一种用于限制或控制交互式电视应用和转盘的访问权限的交互式电视系统中实现的系统和方法。系统将模块从广播站广播到多个接收站，这些接收站执行包含模块的应用。在一个实施例中，应用程序利用由生产者标识号（ID）和每个授权人和受让人应用程序的应用程序ID组成的证书，到期日期，一组许可数据，生产者证书和签名。请求访问的应用程序和授予访问权限的转盘可以由相应的生产者和应用程序ID来标识。该凭证利用公钥加密来确保凭证的完整性。生产者和应用程序ID可以被通配符替换，以便可以向一组生产者或应用程序授予权限。

7. 发明授权

US6038319A Security model for sharing in interactive television applications 失效
标题翻译：在交互式电视应用中共享的安全模型
公开(公告)号：US6038319A
公开(公告)日：2000-03-14
申请号：US87386
申请日：1998-05-29
申请人： Suresh N. Chari
发明人： Suresh N. Chari
IPC分类号： H04N7/16 , H04L9/32
CPC分类号： H04N21/443 , H04N7/163
摘要： A system and method implemented in an interactive television system for restricting access between modules of different interactive television applications and carousels. The system broadcasts modules from a broadcast station to a plurality of receiving stations, which execute applications containing the modules. The applications utilize a credential consisting of a producer identification number (ID) and an application ID for each of the grantor and grantee applications/carousels, an expiration date, a producer certificate and a signature. A application requesting access (grantee) and a carousel granting access (grantor) are each identified by respective producer and application IDs. The credential utilizes public key encryption for ensure the integrity of the credential. The producer and application IDs of the grantee application and the application ID of the grantor carousel may be replaced with wildcards so that access to a single carousel's modules is granted to a group of producers or applications, or access to a group of carousels is granted to a single producer or application.
摘要翻译：在交互式电视系统中实现的用于限制不同交互式电视应用和转盘之间的模块之间的接入的系统和方法。系统将模块从广播站广播到多个接收站，这些接收站执行包含模块的应用。应用程序使用由生产者标识号（ID）和每个设保人和受让人应用程序/转盘，应用程序ID，生产者证书和签名的应用程序ID组成的凭证。请求访问（受让人）和授予访问权（转让人）的轮播的应用程序各自由相应的制作人和应用程序标识。该凭证利用公钥加密来确保凭证的完整性。受赠人应用程序的生产者和应用程序ID以及授权人轮播的应用程序ID可以用通配符替换，以便向一组生产者或应用程序授予访问单个轮播模块的权限，或者授予对一组轮播的访问权限单一生产者或应用程序。

8. 发明申请

US20130097103A1 Techniques for Generating Balanced and Class-Independent Training Data From Unlabeled Data Set 审中-公开
标题翻译：从非标准数据集中生成平衡和类别独立训练数据的技术
公开(公告)号：US20130097103A1
公开(公告)日：2013-04-18
申请号：US13274002
申请日：2011-10-14
申请人： Suresh N. Chari , Ian Michael Molloy , Youngja Park , Zijie Qi
发明人： Suresh N. Chari , Ian Michael Molloy , Youngja Park , Zijie Qi
IPC分类号： G06F15/18 , G06F17/30
CPC分类号： G06N20/00
摘要： Techniques for creating training sets for predictive modeling are provided. In one aspect, a method for generating training data from an unlabeled data set is provided which includes the following steps. A small initial set of data is selected from the unlabeled data set. Labels are acquired for the initial set of data selected from the unlabeled data set resulting in labeled data. The data in the unlabeled data set is clustered using a semi-supervised clustering process along with the labeled data to produce data clusters. Data samples are chosen from each of the clusters to use as the training data. The selecting, presenting, clustering and choosing steps are repeated with one or more additional sets of data selected from the unlabeled data set until a desired amount of training data has been obtained, wherein at each iteration an amount of the labeled data is increased.
摘要翻译：提供了用于创建预测建模训练集的技术。一方面，提供了一种用于从未标记的数据集生成训练数据的方法，包括以下步骤。从未标记的数据集中选择一小段初始数据。从未标记的数据集中选择的初始数据集中获取标签，从而产生标记数据。未标记数据集中的数据使用半监督聚类过程与标记数据一起聚类以产生数据集群。从每个群集中选择数据样本以用作训练数据。使用从未标记的数据集中选择的一个或多个附加数据集重复选择，呈现，聚类和选择步骤，直到获得了所需量的训练数据，其中在每次迭代时，标记数据的量增加。

9. 发明申请

US20090222561A1 Method, Apparatus and Computer Program Product Implementing Session-Specific URLs and Resources 失效
标题翻译：方法，设备和计算机程序产品实现特定于会话的URL和资源
公开(公告)号：US20090222561A1
公开(公告)日：2009-09-03
申请号：US12041146
申请日：2008-03-03
申请人： David A. George , Raymond B. Jennings, III , Suresh N. Chari , Anees Shaikh
发明人： David A. George , Raymond B. Jennings, III , Suresh N. Chari , Anees Shaikh
IPC分类号： G06F15/173
CPC分类号： H04L12/5691 , H04L47/826 , H04L63/10
摘要： Methods, apparatus and computer program products implement session-specific URIs for allocating network resources by receiving a request from a user for at least one network resource; assigning a session-specific URI to the at least one network resource for use in identifying the at least one network resource and controlling access to the at least one network resource; updating a network directory service with the session-specific URI; and communicating the session-specific URI to the user. The user communicates the session-specific URI to other participants in the session during which the at least one network resource will be used. After a pre-determined time, the session ends and the at least one network resource is de-allocated by, for example, changing the URI of the at least one network resource. Frequent changes of URIs hinder efforts by unauthorized individuals to gain access to network resources.
摘要翻译：方法，装置和计算机程序产品通过从用户接收至少一个网络资源的请求来实现用于分配网络资源的会话专用URI; 将特定于会话的URI分配给所述至少一个网络资源，以用于识别所述至少一个网络资源并控制对所述至少一个网络资源的访问; 使用会话特定URI更新网络目录服务; 并将会话特定URI传达给用户。用户将会话特定URI传送到会话中的其他参与者，在该会话期间将使用至少一个网络资源。在预定时间之后，会话结束，并且至少一个网络资源通过例如改变至少一个网络资源的URI而被去分配。 URI的频繁变化阻碍未经授权的人员获得网络资源的访问权限。

10. 发明申请

US20120246098A1 Role Mining With User Attribution Using Generative Models 有权
标题翻译：使用生成模型的用户归因的角色挖掘
公开(公告)号：US20120246098A1
公开(公告)日：2012-09-27
申请号：US13411174
申请日：2012-03-02
申请人： Suresh N. Chari , Ian Michael Molloy , Youngja Park
发明人： Suresh N. Chari , Ian Michael Molloy , Youngja Park
IPC分类号： G06F15/18
CPC分类号： G06N99/005 , G06F21/604
摘要： Applications of machine learning techniques such as Latent Dirichlet Allocation (LDA) and author-topic models (ATM) to the problems of mining of user roles to specify access control policies from entitlement as well as logs which contain record of the usage of these entitlements are provided. In one aspect, a method for performing role mining given a plurality of users and a plurality of permissions is provided. The method includes the following steps. At least one generative machine learning technique, e.g., LDA, is used to obtain a probability distribution θ for user-to-role assignments and a probability distribution β for role-to-permission assignments. The probability distribution θ for user-to-role assignments and the probability distribution β for role-to-permission assignments are used to produce a final set of roles, including user-to-role assignments and role-to-permission assignments.
摘要翻译：潜在的Dirichlet分配（LDA）和作者主题模型（ATM）等机器学习技术的应用对于用户角色的挖掘问题，从授权中指定访问控制策略以及包含这些权利使用记录的日志的应用是提供。在一个方面，提供了赋予多个用户和多个权限的用于执行角色挖掘的方法。该方法包括以下步骤。使用至少一种生成机器学习技术，例如LDA来获得概率分布; 用于角色角色分配和概率分布＆bgr; 用于角色到权限分配。概率分布与概念; 用于角色角色分配和概率分布; 角色到权限分配用于生成一组最终角色，包括用户角色分配和角色到权限分配。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式