专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08700705B2 Sharing of user preferences 有权
标题翻译：分享用户喜好
公开(公告)号：US08700705B2
公开(公告)日：2014-04-15
申请号：US12814291
申请日：2010-06-11
申请人： George Danezis , Tuomas Aura , Shuo Chen , Emre Mehmet Kiciman
发明人： George Danezis , Tuomas Aura , Shuo Chen , Emre Mehmet Kiciman
IPC分类号： G06F15/16
CPC分类号： G06Q10/10 , G06F17/30522 , G06F17/30867 , H04L63/0421 , H04W4/21
摘要： Sharing of user preferences is described. In an embodiment a user preference associated with a user is shared with a group of users in order to improve the relevance of results they receive. A database is used to store information detailing a number of groups of users extracted from a social network graph, where the social network graph describes connections between users. On receipt of a user preference associated with a user, a group of users containing the user is selected and the user preference is then shared with everyone in the selected group. In a further embodiment, the groups of users in the database may comprise cohesive groups of users and an extended group associated with each cohesive group. When selecting a group to share preference data with, a cohesive group containing the user is first selected and then the preference data is shared with the corresponding extended group.
摘要翻译：描述用户偏好的共享。在一个实施例中，与用户相关联的用户偏好与一组用户共享，以便提高他们接收的结果的相关性。数据库用于存储详细从社交网络图提取的多组用户的信息，其中社交网络图描述用户之间的连接。在接收到与用户相关联的用户偏好时，选择包含该用户的一组用户，然后与所选择的组中的每个人共享该用户偏好。在另一实施例中，数据库中的用户组可以包括用户的内聚组和与每个内聚组相关联的扩展组。当选择一个组以共享偏好数据时，首先选择一个包含用户的内聚组，然后将偏好数据与对应的扩展组共享。

2. 发明授权

US06711400B1 Authentication method 失效
标题翻译：认证方式
公开(公告)号：US06711400B1
公开(公告)日：2004-03-23
申请号：US09418138
申请日：1999-10-14
申请人： Tuomas Aura
发明人： Tuomas Aura
IPC分类号： H04M166
CPC分类号： H04W12/06 , H04L63/0869
摘要： In telecommunications systems, the traffic can be protected from eavesdropping and the use of a false identity can be prevented by verifying the authenticity of the terminal equipment by means of an authentication procedure. Verifying the authenticity of the terminal equipment is especially important in the mobile communications systems. In the authentication procedure, the network checks the authenticity of the identity stated by the subscriber device. Additionally, the subscriber device can check the authenticity of the network identity. In the systems in accordance with prior art, the secret information required for making the authentication must be transferred via unsecure transfer networks and given to the visited networks. The information makes it possible to make unlimited number of authentications in an unlimited time. In this case, an active eavesdropper may be able to acquire the information and make the authentication process without forming a connection to the subscriber's authentication centre. The invention presents a method in which each individual authentication process is done between the mobile station and the authentication center. This means that the reliability of the network is checked in connection with every authentication, and not enough information is transferred between the network elements to make it possible to use a false identity.
摘要翻译：在电信系统中，可以保护流量免受窃听，并且可以通过认证过程来验证终端设备的真实性来防止使用虚假身份。验证终端设备的真实性在移动通信系统中尤其重要。在认证过程中，网络检查用户设备所表示的身份的真实性。另外，用户设备可以检查网络身份的真实性。在根据现有技术的系统中，用于进行认证所需的秘密信息必须通过不安全的传输网络传送并被给予被访问的网络。该信息可以在无限制的时间内使无限数量的身份验证。在这种情况下，主动窃听者可能能够获取信息并进行认证过程，而不形成与用户认证中心的连接。本发明提出了一种在移动台和认证中心之间进行各个认证处理的方法。这意味着网络的可靠性与每次认证相关联，并且网元之间没有足够的信息传输，从而可以使用虚假身份。

3. 发明授权

US07493652B2 Verifying location of a mobile node 有权
标题翻译：验证移动节点的位置
公开(公告)号：US07493652B2
公开(公告)日：2009-02-17
申请号：US10736952
申请日：2003-12-15
申请人： Anssi Tuomas Aura
发明人： Anssi Tuomas Aura
IPC分类号： H04L9/32
CPC分类号： H04W88/005 , H04L41/12 , H04L63/126 , H04W8/082 , H04W8/14 , H04W12/12 , H04W36/0038 , H04W40/246 , H04W40/248 , H04W40/36 , H04W60/00 , H04W80/04
摘要： A secure router protocol yields a secure router advertisement for inclusion in binding updates between a mobile node and a correspondent node. Inclusion of the mobile node's home address or other security data relating to the mobile node's identity in the secure routing advertisement allows a correspondent node to verify the identity of the mobile node. Furthermore, inclusion of the advertising access router's subnet prefix and signatures allows a correspondent node to verify that the mobile node that sent the binding update is located at the subnet prefix.
摘要翻译：安全路由器协议产生用于包括在移动节点和通信节点之间的绑定更新中的安全路由器通告。在移动节点的归属地址或与移动节点的身份有关的其他安全数据包括在安全路由通告中允许通信节点验证移动节点的身份。此外，包括广告接入路由器的子网前缀和签名允许通信节点验证发送绑定更新的移动节点位于子网前缀。

4. 发明授权

US07409544B2 Methods and systems for authenticating messages 有权
标题翻译：用于验证消息的方法和系统
公开(公告)号：US07409544B2
公开(公告)日：2008-08-05
申请号：US10401241
申请日：2003-03-27
申请人： Anssi Tuomas Aura
发明人： Anssi Tuomas Aura
IPC分类号： H04L9/00
CPC分类号： H04L63/0823 , H04L9/3236 , H04L63/123 , H04L2209/60 , H04L2209/805
摘要： Disclosed is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value. Removal of this limitation is achieved by increasing the cost of both address generation and brute-force attacks by the same parameterized factor while keeping the cost of address use and verification constant. The address owner computes two hash values using its public key and other parameters. The first hash value is used by the owner to derive its network address. The purpose of the second hash is to artificially increase that computational complexity of generating new addresses and, consequently, the cost of brute-force attacks. As another measure against brute-force attacks, the routing prefix (i.e., the non-node selectable portion) of the address is included in the first hash input.
摘要翻译：公开了一种认证机制，其提供重量级认证机制的大部分安全性，但具有较低的管理和通信开销，同时不限于密码散列值的长度的64位限制。通过相同的参数化因素增加地址生成和暴力攻击的成本，同时保持地址使用和验证成本恒定，实现了这一限制。地址所有者使用其公钥和其他参数来计算两个哈希值。所有者使用第一个哈希值来导出其网络地址。第二个哈希的目的是人为地增加生成新地址的计算复杂性，从而增加暴力攻击的成本。作为针对暴力攻击的另一措施，地址的路由前缀（即，非节点可选部分）被包括在第一散列输入中。

5. 发明授权

US08261062B2 Non-cryptographic addressing 有权
标题翻译：非加密寻址
公开(公告)号：US08261062B2
公开(公告)日：2012-09-04
申请号：US11159555
申请日：2005-06-22
申请人： Tuomas Aura , Michael Roe
发明人： Tuomas Aura , Michael Roe
IPC分类号： H04L29/06
CPC分类号： H04L9/3236 , H04L9/3263 , H04L63/0823 , H04L63/123 , H04L67/10 , H04L69/24 , H04L2209/64 , H04L2209/805
摘要： To allow down-level devices to participate in a network controlled by a protocol including CGAS or ECGAs, the CGA or ECGA authentication may be made optional to allow the down-level devices to execute non-CGA or non-ECGA versions of network protocols, while at the same time allowing the use of CGA- and/or ECGA-authenticated versions of the same protocols. To identify non-cryptographic addresses (e.g., non-CGA and non-ECGA), the address bits of a non-CGA or non-ECGA such that the address cannot be or is probably not an encoding of the hash of a public key. In this manner, a receiving node may properly identify the capabilities of the sending node, perform an appropriate authentication of the message containing the non-cryptographic address, and/or prioritize processing of information contained in the message with the non-cryptographic address.
摘要翻译：为了允许下级设备参与由包括CGAS或ECGAs的协议控制的网络，CGA或ECGA认证可以是可选的，以允许下级设备执行网络协议的非CGA或非ECGA版本，同时允许使用相同协议的CGA和/或ECGA认证版本。为了识别非加密地址（例如，非CGA和非ECGA），非CGA或非ECGA的地址位，使得地址不能或可能不是公共密钥的散列的编码。以这种方式，接收节点可以适当地识别发送节点的能力，对包含非加密地址的消息执行适当的认证，和/或优先处理包含在具有非加密地址的消息中的信息。

6. 发明授权

US07624264B2 Using time to determine a hash extension 有权
标题翻译：使用时间来确定散列扩展
公开(公告)号：US07624264B2
公开(公告)日：2009-11-24
申请号：US11165412
申请日：2005-06-22
申请人： Tuomas Aura , Michael Roe
发明人： Tuomas Aura , Michael Roe
IPC分类号： H04L9/00 , G06F7/04 , H04L9/32
CPC分类号： H04L9/3236 , H04L9/006 , H04L63/0823 , H04L63/123 , H04L67/10 , H04L2209/805
摘要： An extensible cryptographically generated network address may be generated by forming at least a portion of the network address as a portion of a first hash value. The first hash value may be formed by generating a plurality of hash values by hashing a concatenation of a public key and a modifier using a second hash function until a stop condition. The stop condition may include computing the plurality of hash values for a period of time specified by a time parameter. A second hash value may be selected from the plurality of hash values, and the modifier used to compute that hash value may be stored. A hash indicator may be generated which indicates the selected second hash value. The first hash value may be generated as a hash of a concatenation of at least the public key and the modifier. At least a portion of the node-selectable portion of the network address may include at least a portion of the first hash value.
摘要翻译：可以通过将网络地址的至少一部分形成为第一散列值的一部分来生成可扩展的加密生成的网络地址。可以通过使用第二散列函数对公钥和修饰符的级联进行散列来生成多个散列值直到停止条件来形成第一散列值。停止条件可以包括在由时间参数指定的时间段内计算多个散列值。可以从多个散列值中选择第二散列值，并且可以存储用于计算该散列值的修饰符。可以生成指示所选择的第二散列值的散列指示符。第一散列值可以被生成为至少公钥和修饰符的级联的散列。网络地址的节点可选择部分的至少一部分可以包括第一散列值的至少一部分。

7. 发明申请

US20060020807A1 Non-cryptographic addressing 有权
标题翻译：非加密寻址
公开(公告)号：US20060020807A1
公开(公告)日：2006-01-26
申请号：US11159555
申请日：2005-06-22
申请人： Tuomas Aura , Michael Roe
发明人： Tuomas Aura , Michael Roe
IPC分类号： H04L9/00
CPC分类号： H04L9/3236 , H04L9/3263 , H04L63/0823 , H04L63/123 , H04L67/10 , H04L69/24 , H04L2209/64 , H04L2209/805
摘要： To allow down-level devices to participate in a network controlled by a protocol including CGAS or ECGAs, the CGA or ECGA authentication may be made optional to allow the down-level devices to execute non-CGA or non-ECGA versions of network protocols, while at the same time allowing the use of CGA- and/or ECGA-authenticated versions of he same protocols. To identify non-cryptographic addresses (e.g., non-CGA and non-ECGA), the address bits of a non-CGA or non-ECGA such that the address cannot be or is probably not an encoding of the hash of a public key. In this manner, a receiving node may properly identify the capabilities of the sending node, perform an appropriate authentication of the message containing the non-cryptographic address, and/or prioritize processing of information contained in the message with the non-cryptographic address.
摘要翻译：为了允许下级设备参与由包括CGAS或ECGAs的协议控制的网络，CGA或ECGA认证可以是可选的，以允许下级设备执行网络协议的非CGA或非ECGA版本，同时允许使用相同协议的CGA和/或ECGA认证版本。为了识别非加密地址（例如，非CGA和非ECGA），非CGA或非ECGA的地址位，使得地址不能或可能不是公共密钥的散列的编码。以这种方式，接收节点可以适当地识别发送节点的能力，对包含非加密地址的消息执行适当的认证，和/或优先处理包含在具有非加密地址的消息中的信息。

8. 发明授权

US08806565B2 Secure network location awareness 有权
标题翻译：安全的网络位置感知
公开(公告)号：US08806565B2
公开(公告)日：2014-08-12
申请号：US11854333
申请日：2007-09-12
申请人： Tuomas Aura , Michael Roe , Steven Murdoch
发明人： Tuomas Aura , Michael Roe , Steven Murdoch
IPC分类号： H04L29/06 , G06F17/00 , G06F7/04 , G06F17/30
CPC分类号： H04L63/0823 , H04L9/3265 , H04L2209/80
摘要： Secure network location awareness is provided whereby a client is able to use appropriate settings when communicating with an access node of a communications network. In an embodiment a client receives a signed message from the access node, the signed message comprising at least a certificate chain having a public key. In some embodiments the certificate chain may be only a self-signed certificate and in other embodiments the certificate chain is two or more certificates in length. The client validates the certificate chain and verifies the signature of the signed message. If this is successful the client accesses stored settings for use with the access node. The stored settings are accessed at least using information about the public key. In another embodiment the signed message also comprises a location identifier which is, for example, a domain name system (DNS) suffix of the access node.
摘要翻译：提供安全的网络位置感知，由此当与通信网络的接入节点通信时，客户端能够使用适当的设置。在一个实施例中，客户端从接入节点接收签名的消息，所签署的消息至少包括具有公开密钥的证书链。在一些实施例中，证书链可以仅是自签名证书，并且在其他实施例中，证书链是长度上的两个或更多个证书。客户端验证证书链并验证签名消息的签名。如果这是成功的，客户端访问存储的设置以与接入节点一起使用。至少使用有关公钥的信息访问存储的设置。在另一个实施例中，签名的消息还包括位置标识符，其是例如接入节点的域名系统（DNS）后缀。

9. 发明授权

US08239549B2 Dynamic host configuration protocol 有权
标题翻译：动态主机配置协议
公开(公告)号：US08239549B2
公开(公告)日：2012-08-07
申请号：US11854298
申请日：2007-09-12
申请人： Tuomas Aura , Michael Roe , Steven Murdoch
发明人： Tuomas Aura , Michael Roe , Steven Murdoch
IPC分类号： G06F15/16
CPC分类号： H04L61/2015 , H04L63/0823 , H04L63/126
摘要： Dynamic host configuration protocol (DHCP) is extended in order to assist with secure network location awareness. In an embodiment a DHCP client receives a signed DHCP response message from a DHCP server, the signed message comprising at least a certificate chain having a public key. In that embodiment the DHCP client validates the certificate chain and verifies the signature of the signed message. If this is successful the DHCP client accesses stored settings for use with the server. The stored settings are accessed at least using information about the public key. In some embodiments signed DHCPOFFER messages and signed DHCPACK messages are used. In another embodiment the signed DHCP message comprises a location identifier which is, for example, a domain name system (DNS) suffix of a DHCP server.
摘要翻译：动态主机配置协议（DHCP）被扩展，以协助安全的网络位置感知。在一个实施例中，DHCP客户端从DHCP服务器接收签名的DHCP响应消息，所签署的消息至少包括具有公钥的证书链。在该实施例中，DHCP客户端验证证书链并验证签名消息的签名。如果此操作成功，DHCP客户端将访问存储的设置以供服务器使用。至少使用有关公钥的信息访问存储的设置。在一些实施例中，使用了签名的DHCPOFFER消息和签名的DHCPACK消息。在另一个实施例中，签名的DHCP消息包括例如DHCP服务器的域名系统（DNS）后缀的位置标识符。

10. 发明授权

US07610487B2 Human input security codes 有权
标题翻译：人力输入安全码
公开(公告)号：US07610487B2
公开(公告)日：2009-10-27
申请号：US11170296
申请日：2005-06-28
申请人： Tuomas Aura , Michael Roe
发明人： Tuomas Aura , Michael Roe
IPC分类号： H04L9/00 , G06F7/04 , H04L9/32
CPC分类号： H04L63/0823 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/1458 , H04L2209/60 , H04L2209/80
摘要： The hash extension technique used to generate an ECGA may be used to increase the strength of one-way hash functions and/or decrease the number of bits in any situation where some external requirement limits the number of hash bits, and that limit is below what is (or may be in the future) considered secure against brute-force attacks. For example, to decrease the length of human entered security codes (and maintain the same security), and/or to increase the strength of a human entered security code (and maintain the length of the security code), the security code may be generated and/or authenticated using an extended hash method.
摘要翻译：用于生成ECGA的散列扩展技术可用于增加单向散列函数的强度和/或在某些外部要求限制散列位数的任何情况下减少位数，并且该限制低于是（或可能在将来）被认为是防止暴力攻击。例如，为了减少人类输入的安全码的长度（并保持相同的安全性）和/或增加人类输入的安全码的强度（并保持安全码的长度），则可以生成安全码和/或使用扩展散列方法进行认证。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式