专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09722996B1 Partial password-based authentication using per-request risk scores 有权
公开(公告)号：US09722996B1
公开(公告)日：2017-08-01
申请号：US14665276
申请日：2015-03-23
申请人： EMC Corporation
发明人： Eyal Kolman , Alon Kaufman , Ereli Eran , Eyal Gruss
IPC分类号： H04L29/06 , G06F15/16 , G06F17/30
CPC分类号： H04L63/083 , G06F21/31 , G06F21/46
摘要： A system that permits authentication based on a partial password, in which a risk score is assigned to an authentication request, and a minimum partial password size is generated based on the risk score. User-entered password characters are compared to one or more partial passwords having lengths equal to or greater than the minimum partial password size. If a match is found, the user is authenticated. A password similarity threshold for the request may also be generated based on the risk score, indicating a minimum level of similarity required between the user-entered password characters and the characters in a partial password, in order for there to be a match. When the user-entered password characters match a partial password, and the requesting user is authenticated, the system may stop inputting user-entered password characters, and/or transmitting the user-entered password characters to a server computer.

2. 发明授权

US09331916B1 Data-driven detection of servers and clients 有权
标题翻译：数据驱动的服务器和客户端检测
公开(公告)号：US09331916B1
公开(公告)日：2016-05-03
申请号：US13832280
申请日：2013-03-15
申请人： EMC Corporation
发明人： Eyal Kolman , Alex Vaystikh , Oshry Ben-Harush
IPC分类号： G06F15/173 , H04L12/26
CPC分类号： H04L43/04 , H04L41/142 , H04L43/028
摘要： An improved technique involves processing network traffic data to automatically establish whether a device on the network satisfies a particular set of constraints. Along these lines, a SIEM server observes and processes incoming and outgoing traffic data corresponding to a particular device at an address of the network. The SIEM server then analyzes this traffic data in order to determine whether the data satisfies a set of constraints satisfied by a client, or another set of constraints satisfied by a server. The SIEM server then applies the label of “client” or “server” to the device according to which set of constraints the SIEM server determines the data to have satisfied.
摘要翻译：改进的技术涉及处理网络流量数据以自动建立网络上的设备是否满足特定的约束集合。沿着这些线路，SIEM服务器在网络的地址处观察并处理与特定设备相对应的传入和传出流量数据。然后，SIEM服务器分析此流量数据，以确定数据是否满足客户端满足的一组约束，或服务器满足的另一组约束。然后，SIEM服务器根据SIEM服务器确定数据满足的约束集合将“客户机”或“服务器”的标签应用于设备。

3. 发明授权

US10015185B1 Risk score aggregation for automated detection of access anomalies in a computer network 有权
公开(公告)号：US10015185B1
公开(公告)日：2018-07-03
申请号：US15079228
申请日：2016-03-24
申请人： EMC Corporation
发明人： Eyal Kolman , Kineret Raviv
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/08 , H04L63/102
摘要： A processing device in one embodiment comprises a processor coupled to a memory and is configured to generate access profiles for respective user identifiers, to obtain data characterizing a current access for a given one of the user identifiers, to extract a plurality of features from the data characterizing the current access for the given user identifier, and to generate feature risk scores based on the extracted features and the access profile for the given user identifier. The processing device is further configured to aggregate the feature risk scores into a composite risk score. The aggregation illustratively comprises weighting the feature risk scores as a function of their relative levels of riskiness. The composite risk score is compared to a threshold, and an alert is generated relating to the current access based on a result of comparing the composite risk score to the threshold.

4. 发明授权

US09699196B1 Providing security to an enterprise via user clustering 有权
公开(公告)号：US09699196B1
公开(公告)日：2017-07-04
申请号：US14868567
申请日：2015-09-29
申请人： EMC Corporation
发明人： Eyal Kolman , Carmit Sahar , Marcelo Blatt , Alon Kaufman
IPC分类号： H04L29/06 , G06F17/30
CPC分类号： H04L63/104 , G06F17/30598 , G06F17/30958 , H04L63/08 , H04L63/101
摘要： A computer-implemented technique provides security to an enterprise. The technique involves receiving, by processing circuitry, personal information belonging to users of the enterprise. The technique further involves providing, by the processing circuitry, lists of user identifiers based on user relationships defined by the personal information. The lists of user identifiers respectively identify clusters of users of the enterprise. The technique further involves electronically imposing, by the processing circuitry, security classes on the clusters of users of the enterprise based on the lists of user identifiers. Along these lines, such classification can be used for risk assessment (e.g., authentication), alert filtering (e.g., filtering false alarms), and permission/privilege monitoring and/or assignment, among others.

5. 发明授权

US09154516B1 Detecting risky network communications based on evaluation using normal and abnormal behavior profiles 有权
标题翻译：基于使用正常和异常行为特征的评估来检测风险网络通信
公开(公告)号：US09154516B1
公开(公告)日：2015-10-06
申请号：US14039881
申请日：2013-09-27
申请人： EMC Corporation
发明人： Alex Vaystikh , Ereli Eran , Eyal Kolman
IPC分类号： G06F15/173 , H04L29/06
CPC分类号： H04L63/1425
摘要： A technique detects riskiness of a communication in a network based on behavior profiling. The technique involves generating a network history baseline (e.g., normal and abnormal behavior profiles) from prior network communications occurring in the network. The technique further involves, for a new network communication, assigning the new network communication a risk score based on a comparison of the new network communication to the network history baseline. The risk score is a numerical measure of behavioral normalcy relative to the prior network communications occurring in the network. The technique further involves providing an output signal having a first value when the risk score is above a predefined risk threshold to indicate that the communication is risky, and a second value which is different than the first value when the risk score is below the predefined risk threshold to indicate that the communication is not risky.
摘要翻译：一种技术可以基于行为分析来检测网络中的通信风险。该技术涉及从网络中发生的先前网络通信产生网络历史基线（例如，正常和异常行为简档）。该技术还涉及对于新的网络通信，基于新的网络通信与网络历史基线的比较来分配新的网络通信风险评分。风险分数是相对于在网络中发生的先前网络通信的行为正常性的数值测量。所述技术还涉及当所述风险评分高于预定风险阈值时提供具有第一值的输出信号，以指示所述通信是有风险的，以及当所述风险评分低于所述预定风险时所述第二值与所述第一值不同的第二值表示通信没有风险的阈值。

6. 发明授权

US09130985B1 Data driven device detection 有权
标题翻译：数据驱动器件检测
公开(公告)号：US09130985B1
公开(公告)日：2015-09-08
申请号：US13931830
申请日：2013-06-29
申请人： EMC Corporation
发明人： Eyal Kolman , Alon Kaufman , Yael Villa , Alex Vaystikh , Ereli Eran , Eyal Yehowa Gruss
IPC分类号： G06F7/00 , H04L29/06 , G06F17/30 , G06N5/02
CPC分类号： H04L63/1433 , G06F7/00 , G06F17/30 , G06F21/44 , G06F2221/2129 , G06N5/02 , G06N7/005 , H04L63/0876 , H04L63/205
摘要： Data driven device detection is provided, whereby a device is detected by obtaining a plurality of feature values for a given device; obtaining a set of device attributes for a plurality of potential devices; calculating a probability value that the given device is each potential device within the plurality of potential devices; identifying a candidate device associated with a maximum probability value among the calculated probability values; and labeling the given device as the candidate device if the associated maximum probability value satisfies a predefined threshold. The predefined threshold can be a function, for example, of whether the given user has previously used this device. The obtained feature values can be obtained for a selected set of features satisfying one or more predefined characteristic criteria. The device attributes can be obtained, for example, from a profile for each of the plurality of potential devices.
摘要翻译：提供数据驱动装置检测，由此通过获得给定装置的多个特征值来检测装置; 获得一组用于多个潜在设备的设备属性; 计算所述给定设备是所述多个潜在设备内的每个潜在设备的概率值; 识别在所计算的概率值中与最大概率值相关联的候选设备; 以及如果所述相关联的最大概率值满足预定阈值，则将所述给定设备标记为候选设备。预定义的阈值可以是例如给定用户先前使用该设备的功能。可以针对满足一个或多个预定特征标准的所选择的特征集获得所获得的特征值。可以例如从多个潜在设备中的每一个的配置文件获得设备属性。

7. 发明授权

US10693855B1 Fraud detection 有权
公开(公告)号：US10693855B1
公开(公告)日：2020-06-23
申请号：US15086315
申请日：2016-03-31
申请人： EMC Corporation
发明人： Eyal Kolman , Carmit Sahar
IPC分类号： H04L29/06
摘要： There are disclosed herein techniques for use in fraud detection. In one embodiment, there is disclosed a technique comprising receiving a request to authenticate an electronic transaction described by a particular value of an authentication factor. The technique also comprises analysing transaction data relating to prior electronic transactions to determine information in connection with the particular value of the authentication factor. The analysing comprising a first part and a second part that separately analyse transaction data relating to at least one prior electronic transaction such that one of the first and second parts distinguishes itself from the other of the first and second parts by the extent to which that one part discriminates against the at least one prior electronic transaction based on its age. The technique further comprising determining riskiness in connection with the transaction based on the information and generating, based on the information, an authentication result that indicates whether the transaction is authentic.

8. 发明授权

US09985980B1 Entropy-based beaconing detection 有权
公开(公告)号：US09985980B1
公开(公告)日：2018-05-29
申请号：US14969801
申请日：2015-12-15
申请人： EMC Corporation
发明人： Eyal Kolman , Kineret Raviv
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , H04L29/06
CPC分类号： H04L63/1416 , G06F21/552
摘要： A method includes (a) collecting information on times at which domains were contacted by each device of a set of devices on a network, (b) for each domain contacted by the set of devices, recording a list of time gaps between subsequent contacts to that domain by each device, (c) for each domain, calculating an entropy for the list of time gaps for that domain, a lower entropy indicating that that domain has been accessed at more regular intervals, while a higher entropy indicates that that domain has been accessed at more random intervals, (d) selecting a subset of the set of domains having smaller entropies relative to other domains of the set of domains, and (e) presenting the selected subset to an administrator with directions to review domains of the subset for potential contact with malware installed on devices of the computer network.

9. 发明授权

US09967275B1 Efficient detection of network anomalies 有权
公开(公告)号：US09967275B1
公开(公告)日：2018-05-08
申请号：US14972613
申请日：2015-12-17
申请人： EMC Corporation
发明人： Eyal Kolman , Kineret Raviv
IPC分类号： H04L29/06
CPC分类号： H04L63/1425 , H04L63/0272
摘要： Techniques of identifying anomalous behavior on an electronic network involve iteratively combining groups of adjacent bins of a histogram in such a way as to minimize a measure of error in the histogram. Along these lines, a user behavior analytics server represents a user behavior factor with a histogram. The UBA server reduces a number of bins in the histogram by iteratively selecting groups of adjacent bins for combination. Upon each iteration, the group of bins that is selected for combination is the group which, when its bins are combined, minimizes differences between the values of the bins in that group and a value of the combined bin.

10. 发明授权

US09601000B1 Data-driven alert prioritization 有权
公开(公告)号：US09601000B1
公开(公告)日：2017-03-21
申请号：US14039875
申请日：2013-09-27
申请人： EMC Corporation
发明人： Eyal Gruss , Alex Vaystikh , Eyal Kolman , Alon Kaufman , Yael Villa , Ereli Eran
IPC分类号： G08B23/00 , G06F11/00
CPC分类号： G06Q20/40 , G06F21/31 , G06F21/45 , G06F21/552 , G06Q20/4016 , G06Q20/405
摘要： A technique provides alert prioritization. The technique involves selecting attributes to use as alert scoring factors. The technique further involves updating, for an incoming alert having particular attribute values for the selected attributes, count data to represent encounter of the incoming alert from perspectives of the selected attributes. The technique further involves generating an overall significance score for the incoming alert based on the updated count data. The overall significance score is a measure of alert significance relative to other alerts. Scored alerts then can be sorted so that investigators focus on the alerts with the highest significance scores. Such a technique is well suited for adaptive authentication (AA) and Security Information and Event Management (SIEM) systems among other alert-based systems such as churn analysis systems, malfunction detection systems, and the like.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式