专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07703128B2 Digital identity management 有权
标题翻译：数字身份管理
公开(公告)号：US07703128B2
公开(公告)日：2010-04-20
申请号：US10365878
申请日：2003-02-13
申请人： David B. Cross , Philip J. Hallin , Matthew W. Thomlinson , Thomas C. Jones
发明人： David B. Cross , Philip J. Hallin , Matthew W. Thomlinson , Thomas C. Jones
IPC分类号： G06F7/04
CPC分类号： H04L9/3263 , G06F21/33 , G06F21/45 , H04L9/006 , H04L9/14 , H04L9/30 , H04L9/3231 , H04L9/3234 , H04L63/06 , H04L2209/603
摘要： One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.
摘要翻译：一个方面涉及一种用于管理用于应用程序的数字ID生命周期的过程和相关设备，以及通过公共数字身份管理系统（DIMS）和应用编程接口（API）层抽象用于多种凭证的应用程序。

12. 发明授权

US6021203A Coercion resistant one-time-pad cryptosystem that facilitates transmission of messages having different levels of security 失效
标题翻译：有助于传输具有不同安全级别的消息的强制一次性密码密码系统
公开(公告)号：US6021203A
公开(公告)日：2000-02-01
申请号：US763333
申请日：1996-12-11
申请人： John R. Douceur , Michael P. Calligaro , Matthew W. Thomlinson
发明人： John R. Douceur , Michael P. Calligaro , Matthew W. Thomlinson
IPC分类号： H04L9/00
CPC分类号： H04L9/0656
摘要： A protocol is provided for transmitting low security messages and high security messages with one-time-pad cryptosystem. In one implementation of the present invention, low security messages are encrypted using random bit strings in accordance with a one-time-pad encryption scheme. A high security message and a decoy message are embedded within a set of encryption keys and cyphertexts that is to be transmitted from a sender to a receiver. The encryption keys are transmitted over a secure channel from the sender to the receiver, and the cyphertexts are transmitted over a publicly accessible channel from the sender to the receiver. The receiver uses the encryption keys and knowledge regarding keys for a high security message and a decoy message to decrypt the low security messages, extract the high security message and/or decoy message, and decrypt the high security message and/or decoy message. The provision of the decoy message is revealed when duress is applied to coerce the receiver into revealing the key for a supposedly high security message.
摘要翻译：提供了一种用于传输低安全性消息和高安全性消息与一次性密码密码系统的协议。在本发明的一个实现中，根据一次性加密方案，使用随机比特串来加密低安全性消息。一个高安全性消息和诱饵消息嵌入在一组加密密钥和从发送方发送到接收方的密码文件夹中。加密密钥通过安全信道从发送方发送到接收方，并且密码文件通过公开可访问的信道从发送方发送到接收方。接收机使用关于密钥的加密密钥和知识用于高安全性消息和诱饵消息来解密低安全性消息，提取高安全性消息和/或诱骗消息，以及解密高安全性消息和/或诱骗消息。当胁迫应用于胁迫接收者以揭示所谓的高安全性消息的密钥时，揭示诱饵消息的提供。

13. 发明授权

US08745703B2 Identifying exploitation of vulnerabilities using error report 有权
标题翻译：使用错误报告识别利用漏洞
公开(公告)号：US08745703B2
公开(公告)日：2014-06-03
申请号：US12144694
申请日：2008-06-24
申请人： John J. Lambert , Matthew W. Thomlinson , Alexander R. G. Lucas , James P. Kelly , David S. Carter , Matthew I. Diver , Emma L. Crowe
发明人： John J. Lambert , Matthew W. Thomlinson , Alexander R. G. Lucas , James P. Kelly , David S. Carter , Matthew I. Diver , Emma L. Crowe
IPC分类号： G06F21/00
CPC分类号： H04L63/1433 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/566 , G06F21/577 , G06F2221/2101 , G06F2221/2123
摘要： A tool and method examine error report information from a computer to determine not only whether a virus or other malware may be present on the computer but also may determine what vulnerability a particular exploit was attempting to use to subvert security mechanism to install the virus. A system monitor may collect both error reports and information about the error report, such as geographic location, hardware configuration, and software/operating system version information to build a profile of the spread of an attack and to be able to issue notifications related to increased data collection for errors, including crashes related to suspected services under attack.
摘要翻译：一种工具和方法从计算机检查错误报告信息，不仅可以确定计算机上是否存在病毒或其他恶意软件，还可以确定特定漏洞利用何种漏洞破坏安全机制来安装病毒。系统监视器可以收集错误报告和关于错误报告的信息，例如地理位置，硬件配置和软件/操作系统版本信息，以构建攻击传播的简档，并且能够发布与增加的相关的通知数据收集错误，包括与受到攻击的可疑服务有关的崩溃。

14. 发明申请

US20120174200A1 DIGITAL IDENTITY MANAGEMENT 有权
标题翻译：数字身份管理
公开(公告)号：US20120174200A1
公开(公告)日：2012-07-05
申请号：US13410173
申请日：2012-03-01
申请人： David B. Cross , Philip J. Hallin , Matthew W. Thomlinson , Thomas C. Jones
发明人： David B. Cross , Philip J. Hallin , Matthew W. Thomlinson , Thomas C. Jones
IPC分类号： G06F21/00
CPC分类号： H04L9/3263 , G06F21/33 , G06F21/45 , H04L9/006 , H04L9/14 , H04L9/30 , H04L9/3231 , H04L9/3234 , H04L63/06 , H04L2209/603
摘要： One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.
摘要翻译：一个方面涉及一种用于管理用于应用程序的数字ID生命周期的过程和相关设备，以及通过公共数字身份管理系统（DIMS）和应用编程接口（API）层抽象用于多种凭证的应用程序。

15. 发明申请

US20080072327A1 Distribution of encrypted software update to reduce attack window 有权
标题翻译：分发加密软件更新以减少攻击窗口
公开(公告)号：US20080072327A1
公开(公告)日：2008-03-20
申请号：US11515439
申请日：2006-08-31
申请人： Matthew W. Thomlinson , Christian E. Walker
发明人： Matthew W. Thomlinson , Christian E. Walker
IPC分类号： G06F11/00 , G06F12/14 , H04L9/32 , G06F12/16 , G06F11/30 , G06F15/18 , G08B23/00
CPC分类号： G06F21/57
摘要： Software updates remedy vulnerabilities in a computer program that has been distributed and installed on a plurality of computers. The software updates are distributed in encrypted form, and then, after the encrypted update has been delivered to a sufficient number of machines, the decryption key for the update is delivered. Since the key is relatively small, it can be distributed to a large number of machines very quickly, thereby reducing the amount of time between when the update is first known to the public, and the time at which all or most machines have installed the update to protect against the vulnerability.
摘要翻译：软件更新补救已分发并安装在多台计算机上的计算机程序中的漏洞。软件更新以加密形式分发，然后在加密更新已经传送到足够数量的机器之后，传递更新的解密密钥。由于密钥相对较小，因此可以非常快地分发到大量机器，从而减少了公众首次知道更新时间和所有或大多数机器安装更新的时间以防止漏洞。

16. 发明授权

US06532542B1 Protected storage of core data secrets 失效
标题翻译：保护存储的核心数据秘密
公开(公告)号：US06532542B1
公开(公告)日：2003-03-11
申请号：US08978215
申请日：1997-11-25
申请人： Matthew W. Thomlinson , Scott Field
发明人： Matthew W. Thomlinson , Scott Field
IPC分类号： G06F1130
CPC分类号： H04L63/0428 , G06F21/6245 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/06 , H04L63/08 , H04L63/12
摘要： The invention provides central storage for core data secrets, referred to as data items. The architecture includes a storage server, a plurality of installable storage providers, and one or more authentication providers. Programming interfaces are exposed so that application programs can utilize the services provided by the invention without having to actually implement the features. When storing a data item using the protected storage services, an application program can specify rules that determine when to allow access to the data item. Access can be limited to specified application programs, to certain classes of application programs, or to application program having certain properties. Such properties for a particular application might include, for example, the publisher of the application and/or the name of the application. These properties might also include properties specified by an authentication certificate associated with the application program.
摘要翻译：本发明为核心数据秘密提供了称为数据项的中央存储。该架构包括存储服务器，多个可安装的存储提供商以及一个或多个认证提供者。编程接口被公开，使得应用程序可以利用本发明提供的服务，而不必实际实现特征。当使用受保护的存储服务存储数据项时，应用程序可以指定确定何时允许访问数据项的规则。访问可以限于指定的应用程序，某些类的应用程序或具有某些属性的应用程序。特定应用程序的这些属性可能包括例如应用程序的发行者和/或应用程序的名称。这些属性也可能包括与应用程序相关联的认证证书指定的属性。

17. 发明授权

US06389535B1 Cryptographic protection of core data secrets 有权
标题翻译：核心数据秘密的加密保护
公开(公告)号：US06389535B1
公开(公告)日：2002-05-14
申请号：US09172718
申请日：1998-10-13
申请人： Matthew W. Thomlinson , Scott Field , Allan Cooper
发明人： Matthew W. Thomlinson , Scott Field , Allan Cooper
IPC分类号： G06F124
CPC分类号： H04L63/0428 , G06F21/6209 , G06F21/6218 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/12
摘要： Described herein is a system for protecting data from unauthorized access. The system uses a central service provider with exposed complementary interfaces: a data protect function that accepts clear data and returns an encrypted representation of the data, and a data unprotect function that accepts encrypted data and returns corresponding clear or unencrypted data. In addition, a user-readable description is optionally packaged with the encrypted data. Different encryption providers can be registered to perform actual encryption and decryption. A default encryption provider performs encryption and decryption based on a user logon secret such as a password. The default encryption provider also accepts additional entropy from calling application programs. The default encryption provider utilizes a multi-level key encryption scheme to minimize the amount of encryption that has to be re-done when the user changes a password. In addition, data recovery information is escrowed so that keys can be recovered when a user's password is changed.
摘要翻译：这里描述了一种用于保护数据免受未经授权访问的系统。该系统使用具有暴露的互补接口的中央服务提供商：数据保护功能，接受清晰的数据并返回数据的加密表示，以及接收加密数据并返回相应的清除或未加密数据的数据非保护功能。此外，用户可读描述可选地与加密数据一起打包。可以注册不同的加密提供者来执行实际的加密和解密。默认加密提供商根据用户登录密码（如密码）执行加密和解密。默认的加密提供者也接受来自调用应用程序的额外的熵。默认加密提供商利用多级密钥加密方案来最小化用户更改密码时必须重新完成的加密数量。此外，数据恢复信息被保留，以便在更改用户密码时可以恢复密钥。

18. 发明授权

US06253324B1 Server verification of requesting clients 失效
标题翻译：请求客户端的服务器验证
公开(公告)号：US06253324B1
公开(公告)日：2001-06-26
申请号：US08996637
申请日：1997-12-23
申请人： Scott Field , Matthew W. Thomlinson , Allan Cooper
发明人： Scott Field , Matthew W. Thomlinson , Allan Cooper
IPC分类号： G06F978
CPC分类号： H04L63/0428 , G06F21/6245 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/06 , H04L63/08 , H04L63/12
摘要： Described herein is a method of verifying the integrity of client programs that request services from server programs. The invention includes a step of accepting a request for services from a client program, wherein the client program executes from an executable image in executable memory. In response to such a request, the server program identifies one or more image files on secondary storage corresponding to non-writeable sections of the executable image. The server program then compares the non-writeable sections of the executable image with the corresponding sections of the image files to determine whether the executable image has been altered in the executable memory. The server program provides the requested services only if the executable image of the client program has not been altered.
摘要翻译：这里描述了一种验证从服务器程序请求服务的客户端程序的完整性的方法。本发明包括接受来自客户端程序的服务请求的步骤，其中客户端程序从可执行存储器中的可执行映像执行。响应于这样的请求，服务器程序识别与可执行映像的不可写入部分相对应的辅助存储器上的一个或多个映像文件。服务器程序然后将可执行映像的不可写入部分与图像文件的相应部分进行比较，以确定可执行映像是否在可执行存储器中被更改。仅当客户机程序的可执行映像未被更改时，服务器程序才提供所请求的服务。

19. 发明授权

US6044155A Method and system for securely archiving core data secrets 失效
标题翻译：安全归档核心数据秘密的方法和系统
公开(公告)号：US6044155A
公开(公告)日：2000-03-28
申请号：US996634
申请日：1997-12-23
申请人： Matthew W. Thomlinson , Scott Field , Allan Cooper
发明人： Matthew W. Thomlinson , Scott Field , Allan Cooper
IPC分类号： G06F12/14 , G06F1/00 , G06F21/00 , G06F21/24 , H04L29/06 , H04K1/00 , H04K9/00
CPC分类号： H04L63/0428 , G06F21/6245 , H04L63/06 , H04L63/08 , H04L63/12 , G06F2211/007 , G06F2211/008 , G06F2221/2149
摘要： The invention provides central storage for core data secrets, referred to as data items. The data items are encrypted by a client computer using a client key that is derived from a logon secret, such as a password, supplied by a user during a network logon procedure. The client key is escrowed with the participation of a network supervisory computer such as a domain controller. The client sends the client key to the domain controller. The domain controller appends a user identification corresponding to the currently authenticated user of the client computer, and encrypts the resulting combination. The encrypted combination is sent back to and stored locally by the client. To recover the client key, the encrypted combination is sent to the domain controller, which decrypts the combination to obtain the data item. However, the data item is returned to the client computer only if the decrypted user identification corresponds to the currently authenticated user of the client computer.
摘要翻译：本发明为核心数据秘密提供了称为数据项的中央存储。数据项由客户端计算机使用从用户在网络登录过程中提供的诸如密码之类的登录秘密派生的客户端密钥进行加密。客户端密钥由网络监控计算机（例如域控制器）参与托管。客户端将客户端密钥发送到域控制器。域控制器附加与客户端计算机的当前认证的用户相对应的用户标识，并加密所得到的组合。加密组合由客户端发回并存储在本地。要恢复客户端密钥，加密的组合将发送到域控制器，该控制器解密组合以获取数据项。但是，仅当解密的用户标识对应于客户端计算机的当前已认证的用户时，才将数据项返回给客户端计算机。

20. 发明授权

US07890643B2 System and method for providing program credentials 有权
标题翻译：用于提供程序凭据的系统和方法
公开(公告)号：US07890643B2
公开(公告)日：2011-02-15
申请号：US12163881
申请日：2008-06-27
申请人： Dean Jason Justus , Josh D. Benaloh , Nathan James Fink , Michael Howard , Daniel R. Simon , Matthew W. Thomlinson
发明人： Dean Jason Justus , Josh D. Benaloh , Nathan James Fink , Michael Howard , Daniel R. Simon , Matthew W. Thomlinson
IPC分类号： G06F15/173
CPC分类号： H04L63/0815
摘要： A system for providing a client's credentials to a computer program comprises a database remote from the client and a single signon server module. The single signon server module can receive a request for the client's credentials from the computer program, determine whether the client's credentials are stored in the database, and send the client's credentials from the database to the computer program in response to a determination that the client's credentials are stored in the database. The single signon server module can store the client's credentials in the database in response to a determination that the client's credentials are not stored in the database. The single signon server module can encrypt the client's credentials prior to storing the client's credentials in the database and can decrypt the client's credentials prior to sending the client's credentials to the computer program.
摘要翻译：用于向计算机程序提供客户端凭据的系统包括远离客户端的数据库和单个登录服务器模块。单一登录服务器模块可以从计算机程序接收对客户端凭据的请求，确定客户端的凭据是否存储在数据库中，并且响应于确定客户端的凭据将客户端的凭据从数据库发送到计算机程序存储在数据库中。响应于确定客户端的凭据未存储在数据库中，单一登录服务器模块可以将客户端凭据存储在数据库中。单一登录服务器模块可以在将客户端凭据存储在数据库中之前加密客户端的凭据，并且可以在将客户端的凭据发送到计算机程序之前解密客户端的凭据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式