会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 31. 发明授权
    • System for increasing the difficulty of password guessing attacks in a
distributed authentication scheme employing authentication tokens
    • 在采用认证令牌的分布式认证方案中增加密码猜测攻击难度的系统
    • US5491752A
    • 1996-02-13
    • US300576
    • 1994-09-02
    • Charles W. KaufmanRadia J. PearlmanMorrie Gasser
    • Charles W. KaufmanRadia J. PearlmanMorrie Gasser
    • G06F1/00G06F21/33G06F21/34H04L9/08H04L9/32H04K1/00
    • G06F21/34G06F21/335H04L9/0877H04L9/3226H04L9/3234H04L9/3236H04L9/3271G06F2221/2103G06F2221/2151
    • An improved security system inhibits eavesdropping, dictionary attacks, and intrusion into stored password lists. In one implementation, the user provides a workstation with a "password", and a "token" obtained from a passive authentication token generator. The workstation calculates a "transmission code" by performing a first hashing algorithm upon the password and token. The workstation sends the transmission code to the server. Then, the server attempts to reproduce the transmission code by combining passwords from a stored list with tokens generated by a second identical passive authentication token generator just prior to receipt of the transmission code. If any password/token combination yields the transmission code, the workstation is provided with a message useful in communicating with a desired computing system; the message is encrypted with a session code calculated by applying a different hashing algorithm to the password and token. In another embodiment, the workstation transmits a user name to the authentication server. The server verifies the user name's validity, and uses an active authentication token generator to obtain a "response" to an arbitrarily selected challenge. The server generates a session code by performing a hashing algorithm upon the response and the password. The server sends the challenge and a message encrypted with the session code to the workstation. The workstation generates the session code by performing the hashing algorithm on the password and the received challenge, and uses the session code to decrypt the encrypted message. The message is useful in communicating with a desired computing system.
    • 改进的安全系统禁止窃听,字典攻击和入侵存储的密码列表。 在一个实现中,用户向工作站提供“密码”和从被动认证令牌生成器获得的“令牌”。 工作站通过对密码和令牌执行第一散列算法来计算“传输代码”。 工作站将传输代码发送到服务器。 然后,服务器尝试通过将来自存储的列表的密码与在接收到传输代码之前由第二相同的被动认证令牌发生器产生的令牌组合来再现传输代码。 如果任何密码/令牌组合产生传输代码,则工作站被提供有用于与期望的计算系统进行通信的消息; 使用通过对密码和令牌应用不同散列算法计算的会话代码来加密该消息。 在另一实施例中,工作站向认证服务器发送用户名。 服务器验证用户名的有效性,并使用活动的认证令牌生成器来获得对任意选择的挑战的“响应”。 服务器通过响应和密码执行散列算法生成会话代码。 服务器将该挑战和使用会话代码加密的消息发送到工作站。 工作站通过对密码和接收到的质询执行散列算法来生成会话代码,并使用会话代码解密加密的消息。 该消息在与期望的计算系统通信中是有用的。
    • 32. 发明授权
    • Probabilistic cryptographic processing method
    • 概率密码处理方法
    • US5235644A
    • 1993-08-10
    • US546614
    • 1990-06-29
    • Amar GuptaButler W. LampsonWilliam R. HaweJoseph J. TardoCharles W. KaufmanMark F. KempfMorrie GasserB. J. Herbison
    • Amar GuptaButler W. LampsonWilliam R. HaweJoseph J. TardoCharles W. KaufmanMark F. KempfMorrie GasserB. J. Herbison
    • H04L29/02
    • H04L29/02
    • A decryption method, and associated cryptographic processor, for performing in-line decryption of information frames received from a communication network through a first in-line processing stage. As an information packet is streamed into the cryptographic processor, a determination is made to an acceptable level of probability whether the packet contains data that should be decrypted. The decision whether or not decrypt is made by analyzing the incoming packet header, recognizing a limited number of packet formats, and further parsing the packet to locate any encrypted data and to make sure that the packet is not a segment of a larger message. Falsely decrypted packets are looped back through the cryptographic processor, to regenerate the data that was falsely decrypted. Decryption and encryption are performed in such a manner that a false decryption is completely reversible without loss of data. Special treatment is provided for packets containing data that cannot be divided into an integral number of standard blocks required for decryption processing.
    • 一种解密方法和相关联的密码处理器,用于通过第一串联处理级来执行从通信网络接收的信息帧的在线解密。 当信息分组被流传输到密码处理器中时,确定分组是否包含应被解密的数据的可接受概率水平。 通过分析进入的分组报头,识别有限数量的分组格式以及进一步解析分组以定位任何加密的数据并确保分组不是更大的消息的分段来进行解密的决定。 虚假解密的数据包通过密码处理器环回,以重新生成被错误解密的数据。 执行解密和加密,使得假解密完全可逆而不丢失数据。 对于包含不能被分解为解密处理所需的整数个标准块的数据的数据包,提供特殊处理。