专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06985583B1 System and method for authentication seed distribution 有权
公开(公告)号：US06985583B1
公开(公告)日：2006-01-10
申请号：US09304775
申请日：1999-05-04
申请人： John G. Brainard , Burton S. Kaliski, Jr. , Magnus Nyström , Ronald L. Rivest
发明人： John G. Brainard , Burton S. Kaliski, Jr. , Magnus Nyström , Ronald L. Rivest
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/08 , G06F21/31 , G06F21/33 , H04L9/0844 , H04L9/0869 , H04L9/3234 , H04L63/0428
摘要： In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.

2. 发明授权

US08413221B2 Methods and apparatus for delegated authentication 有权
标题翻译：委托认证的方法和设备
公开(公告)号：US08413221B2
公开(公告)日：2013-04-02
申请号：US11930738
申请日：2007-10-31
申请人： Burton S. Kaliski, Jr. , Magnus Nyström
发明人： Burton S. Kaliski, Jr. , Magnus Nyström
IPC分类号： H04L9/32
CPC分类号： H04L63/0815 , H04L63/0838
摘要： An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user. The authentication-delegating service may be graded to provide different types of delegated authentication information based on respective levels of trust that may be associated with relying parties.
摘要翻译：在认证服务器或其他处理设备中实现的认证委托服务被配置为从依赖方接收与特定用户相关联的委托认证信息的请求，以确定与依赖方相关联的信任级别，并且提供如果依赖方具有足够的信任级别，则委托认证信息到依赖方，以便允许依赖方根据委托认证信息认证用户。委托的认证信息具有基于这样的信息可以当前认证用户的属性。委派的认证信息可以包括例如从特定用户的一次性密码或其他认证凭证导出的至少一个值。认证委托服务可以被分级以根据可能与依赖方相关联的相应信任级别来提供不同类型的委托认证信息。

3. 发明授权

US07849323B2 Password presentation for multimedia devices 有权
标题翻译：多媒体设备密码显示
公开(公告)号：US07849323B2
公开(公告)日：2010-12-07
申请号：US11556506
申请日：2006-11-03
申请人： John Field , Burton S. Kaliski, Jr. , Magnus Nyström , James Townsend
发明人： John Field , Burton S. Kaliski, Jr. , Magnus Nyström , James Townsend
IPC分类号： G06F21/00
CPC分类号： H04L63/083
摘要： A multimedia device or other type of processing device comprises a memory, a processor coupled to the memory, and playback circuitry coupled to the processor. In one aspect, the processor is operative to control the storage in the memory of at least one multimedia file containing a one-time password or other type of password, where the password is generated externally to the processing device, and to control the playback of the multimedia file via the playback circuitry to make the password apparent to or otherwise accessible to an associated user or other entity. The multimedia file may comprise, for example, an audio file, with the password being presented to the user in an audible form upon playback of the audio file. As another example, the multimedia file may comprise a video file, with the password being presented to the user in a visible form upon playback of the video file.
摘要翻译：多媒体设备或其他类型的处理设备包括存储器，耦合到存储器的处理器以及耦合到处理器的重放电路。在一个方面，处理器可操作以控制存储器中的至少一个多媒体文件的存储，所述至少一个多媒体文件包含一次性密码或其他类型的密码，其中密码在处理设备外部产生，并且控制播放所述多媒体文件经由所述重放电路使得所述密码对相关联的用户或其他实体显而易见或以其他方式可访问。多媒体文件可以包括例如音频文件，其中在回放音频文件时以可听形式向用户呈现密码。作为另一示例，多媒体文件可以包括视频文件，其中在回放视频文件时以可见形式向用户呈现密码。

4. 发明授权

US07502467B2 System and method for authentication seed distribution 有权
标题翻译：种子分配认证系统和方法
公开(公告)号：US07502467B2
公开(公告)日：2009-03-10
申请号：US11265510
申请日：2005-11-02
申请人： John G. Brainard , Burton S. Kaliski, Jr. , Magnus Nyström , Ronald L. Rivest
发明人： John G. Brainard , Burton S. Kaliski, Jr. , Magnus Nyström , Ronald L. Rivest
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/08 , G06F21/31 , G06F21/33 , H04L9/0844 , H04L9/0869 , H04L9/3234 , H04L63/0428
摘要： In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.
摘要翻译：在根据本发明的用户认证系统和方法的一个实施例中，设备与服务器共享被称为主种子的秘密。设备和服务器都使用密钥导出函数从主种子中导出一个或多个称为验证者种子的秘密。服务器与一个或多个验证者共享一个验证者种子。设备或使用该设备的实体可以使用适当的验证者种子与验证者之一进行身份验证。以这种方式，设备和验证者可以共享秘密，该验证者的验证者种子，而没有知道主种子的验证者或任何其他验证者种子。因此，设备只需要存储一个主播种子，可以访问正确导出适当种子所需的信息，并具有种子推导能力。验证者不能损害主粒子，因为验证者无法访问主粒子。

5. 发明授权

US08954965B2 Trusted execution environment virtual machine cloning 有权
标题翻译：可信执行环境虚拟机克隆
公开(公告)号：US08954965B2
公开(公告)日：2015-02-10
申请号：US13566250
申请日：2012-08-03
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F9/455
CPC分类号： G06F21/53
摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要翻译：克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机机。

6. 发明授权

US09674177B1 Dynamic knowledge-based user authentication without need for presentation of predetermined credential 有权
公开(公告)号：US09674177B1
公开(公告)日：2017-06-06
申请号：US12333385
申请日：2008-12-12
申请人： Magnus Nyström
发明人： Magnus Nyström
IPC分类号： G06F17/30 , H04L29/06
CPC分类号： H04L63/083 , G06F21/31 , G06F2221/2131 , H04L63/0846
摘要： A personal computing device, server or other type of processing device authenticates a user attempting to access a protected resource by verifying user knowledge of one or more extracted characteristics of stored information indicative of an internal operating state of that resource. The one or more extracted characteristics are characteristics that would likely be known to the user if that user had made one or more previous authenticated accesses to the protected resource. For example, the extracted characteristics may be indicative of a manner in which the user had utilized the protected resource during the one or more previous authenticated accesses to the protected resource. The processing device receives input from the user regarding the one or more extracted characteristics, and grants or denies access to the protected resource based at least in part on the input received from the user.

7. 发明申请

US20140040890A1 TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINE CLONING 有权
标题翻译：实施执行环境虚拟机克隆
公开(公告)号：US20140040890A1
公开(公告)日：2014-02-06
申请号：US13566250
申请日：2012-08-03
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F9/455
CPC分类号： G06F21/53
摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要翻译：克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机机。

8. 发明申请

US20120110644A1 GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT 有权
标题翻译：全球有效的测量操作系统启动与HIBERNATION支持
公开(公告)号：US20120110644A1
公开(公告)日：2012-05-03
申请号：US12938363
申请日：2010-11-02
申请人： Stefan Thom , Nathan Ide , Scott Daniel Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
发明人： Stefan Thom , Nathan Ide , Scott Daniel Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
IPC分类号： H04L9/32 , G06F15/16 , G06F21/00
CPC分类号： G06F21/57 , G06F2221/2101 , H04L9/0897
摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.
摘要翻译：事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示休眠前的计算设备现在已经恢复。休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是记录。在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

9. 发明授权

US07562221B2 Authentication method and apparatus utilizing proof-of-authentication module 有权
标题翻译：使用认证证明模块的认证方法和设备
公开(公告)号：US07562221B2
公开(公告)日：2009-07-14
申请号：US11530998
申请日：2006-09-12
申请人： Magnus Nyström , Anders Rundgren , William M. Duane
发明人： Magnus Nyström , Anders Rundgren , William M. Duane
IPC分类号： H04L9/32
CPC分类号： G06Q20/3674 , G06F21/41 , H04L9/3213 , H04L9/3228 , H04L63/0807 , H04L63/0815 , H04L63/0838
摘要： A single sign-on technique allows multiple accesses to one or more applications or other resources using a proof-of-authentication module operating in conjunction with a standard authentication component. The application or other resource issues an authentication information request to the standard authentication component responsive to an access request from the user. The application or other resource receives, responsive to the authentication information request, a proof-of-authentication value from the standard authentication component, and authenticates the user based on the proof-of-authentication value. The standard authentication component interacts with the proof-of-authentication module to obtain the proof-of-authentication value. The proof-of-authentication module is configured to generate multiple proof-of-authentication values for authentication of respective access requests of the user.
摘要翻译：单一登录技术允许使用与标准认证组件一起运行的认证证明模块对一个或多个应用程序或其他资源进行多次访问。响应于来自用户的访问请求，应用或其他资源向标准认证组件发出认证信息请求。应用程序或其他资源响应于认证信息请求接收来自标准认证组件的认证证明值，并且基于认证证明值对用户进行认证。标准认证组件与认证证明模块交互以获得认证证明值。身份验证模块被配置为生成用于认证用户的各个访问请求的多个认证证明值。

10. 发明授权

US08826033B1 Data protection using virtual-machine-specific stable system values 有权
标题翻译：使用虚拟机特定的稳定系统值进行数据保护
公开(公告)号：US08826033B1
公开(公告)日：2014-09-02
申请号：US12644195
申请日：2009-12-22
申请人： Ajay Venkateshan Krishnaprasad , Parasuraman Narasimhan , Robert Polansky , Magnus Nyström
发明人： Ajay Venkateshan Krishnaprasad , Parasuraman Narasimhan , Robert Polansky , Magnus Nyström
IPC分类号： G06F21/22
CPC分类号： G06F21/53 , G06F21/554
摘要： A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.
摘要翻译：物理主机上的虚拟机通过在创建存储的系统指纹时，从存在的稳定系统值（SSV）中创建并存储“存储的系统指纹”来提供受保护数据的受控访问。 SSV包括在克隆虚拟机（VM）时进行更改但在迁移VM时不会更改的虚拟机特定值。在请求访问受保护的数据时，当处理请求时，从存在的SSV计算当前系统指纹，将当前系统指纹与存储的系统指纹进行比较，以确定是否存在预定的匹配度，并且仅当存在预定匹配度时才允许对受保护数据的访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式