专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08799334B1 Remote verification of file protections for cloud data storage 有权
标题翻译：远程验证云数据存储的文件保护
公开(公告)号：US08799334B1
公开(公告)日：2014-08-05
申请号：US13339768
申请日：2011-12-29
申请人： Emil P. Stefanov , Marten Erik van Dijk , Alina M. Oprea , Ari Juels
发明人： Emil P. Stefanov , Marten Erik van Dijk , Alina M. Oprea , Ari Juels
IPC分类号： G06F17/30
CPC分类号： G06F21/577 , G06F2211/007 , G06F2221/2107
摘要： A client device or other processing device comprises a file processing module, with the file processing module being operative to provide a file to a file system for encoding, to receive from the file system a corresponding encoded file, and to verify that the file system stores at least a designated portion of an encapsulation of the encoded file. In an illustrative embodiment, the file processing module receives, in addition to or in place of the encoded file, a proof of correct encoding. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译：客户端设备或其他处理设备包括文件处理模块，文件处理模块可操作以向文件系统提供文件以进行编码，从文件系统接收对应的编码文件，并验证文件系统存储至少编码文件的封装的指定部分。在说明性实施例中，文件处理模块除了编码文件之外还是代替编码文件，接收正确编码的证明。文件系统可以包括与云存储提供商相关联的一个或多个服务器。有利地，一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。

2. 发明授权

US09471777B1 Scheduling of defensive security actions in information processing systems 有权
标题翻译：在信息处理系统中安排防御性安全措施
公开(公告)号：US09471777B1
公开(公告)日：2016-10-18
申请号：US13404839
申请日：2012-02-24
申请人： Ari Juels , Marten Erik van Dijk , Alina M. Oprea , Ronald L. Rivest
发明人： Ari Juels , Marten Erik van Dijk , Alina M. Oprea , Ronald L. Rivest
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： G06F21/55 , G06F21/45 , H04L9/002 , H04L63/1441
摘要： A processing device is configured to identify a plurality of defensive security actions to be taken to address a persistent security threat to a system comprising information technology infrastructure, and to determine a schedule for performance of the defensive security actions based at least in part on a selected distribution derived from a game-theoretic model, such as a delayed exponential distribution or other type of modified exponential distribution. The system subject to the persistent security threat is configured to perform the defensive security actions in accordance with the schedule in order to deter the persistent security threat. The distribution may be selected so as to optimize defender benefit in the context of the game-theoretic model, where the game-theoretic model may comprise a stealthy takeover game in which attacker and defender entities can take actions at any time but cannot determine current game state without taking an action.
摘要翻译：处理设备被配置为识别要采取的多个防御性安全措施以解决对包括信息技术基础设施的系统的持续安全威胁，并且至少部分地基于所选择的确定用于执行防御性安全动作的调度衍生自游戏理论模型的分布，例如延迟指数分布或其他类型的修改指数分布。受到持续安全威胁的系统被配置为根据时间表执行防御性安全措施，以便阻止持续的安全威胁。可以选择分配，以便在游戏理论模型的上下文中优化后卫利益，其中游戏理论模型可以包括隐形收购游戏，其中攻击者和后卫实体可以随时采取行动但不能确定当前游戏状态而不采取行动。

3. 发明授权

US08346742B1 Remote verification of file protections for cloud data storage 有权
标题翻译：远程验证云数据存储的文件保护
公开(公告)号：US08346742B1
公开(公告)日：2013-01-01
申请号：US13075848
申请日：2011-03-30
申请人： Ari Juels , Marten Erik van Dijk , Alina Oprea , Ronald L. Rivest , Emil P. Stefanov
发明人： Ari Juels , Marten Erik van Dijk , Alina Oprea , Ronald L. Rivest , Emil P. Stefanov
IPC分类号： G06F17/00
CPC分类号： G06F21/577
摘要： A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.
摘要翻译：客户端设备或其他处理设备包括文件处理模块，文件处理模块可操作以从文件系统请求证明文件系统以不同于第一格式的第二格式存储具有第一格式的文件，从文件系统接收证明，并使用响应于该请求的文件系统提供的证明来验证文件是否以第二格式存储。该证明至少部分地基于第二格式的文件的应用功能，并且该功能对生成证明施加了最低资源要求。文件系统可以包括与云存储提供商相关联的一个或多个服务器。有利地，一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。

4. 发明授权

US08706701B1 Scalable cloud file system with efficient integrity checks 有权
标题翻译：可扩展的云文件系统，具有高效的完整性检查
公开(公告)号：US08706701B1
公开(公告)日：2014-04-22
申请号：US13174452
申请日：2011-06-30
申请人： Emil P. Stefanov , Marten E. Van Dijk , Alina M. Oprea , Ari Juels
发明人： Emil P. Stefanov , Marten E. Van Dijk , Alina M. Oprea , Ari Juels
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F17/30091 , G06F11/1088 , G06F17/30197 , G06F21/64
摘要： Example embodiments of the present invention provide authenticated file system that provides integrity and freshness of both data and metadata more efficiently than existing systems. The architecture of example embodiments of the present invention is natural to cloud settings involving a cloud service provider and enterprise-class tenants, thereby addressing key practical considerations, including garbage collection, multiple storage tiers, multi-layer caching, and checkpointing. Example embodiments of the present invention support a combination of strong integrity protection and practicality for large (e.g., petabyte-scale), high-throughput file systems. Further, example embodiments of the present invention support proofs of retrievability (PoRs) that let the cloud prove to the tenant efficiently at any time and for arbitrary workloads that the full file system (i.e., every bit) is intact, leveraging integrity-checking capabilities to achieve a property that previous PoRs lack, specifically efficiency in dynamic settings (i.e., for frequently changing data objects).
摘要翻译：本发明的示例性实施例提供经认证的文件系统，其比现有系统更有效地提供数据和元数据的完整性和新鲜度。本发明的示例性实施例的架构对于涉及云服务提供商和企业级租户的云设置是自然的，由此解决关键的实际考虑，包括垃圾收集，多个存储层，多层缓存和检查点。本发明的示例性实施例支持强大的完整性保护和大型（例如，PB级）高吞吐量文件系统的实用性的组合。此外，本发明的示例实施例支持使得云在任何时候有效地向租户提供证明的可检索证据（PoR），以及完整文件系统（即，每一位）完整的任意工作负载，利用完整性检查能力实现以前的PoR缺少的属性，特别是动态设置的效率（即，频繁更改数据对象）。

5. 发明授权

US08984609B1 Methods and apparatus for embedding auxiliary information in one-time passcodes 有权
标题翻译：将辅助信息嵌入一次性密码的方法和装置
公开(公告)号：US08984609B1
公开(公告)日：2015-03-17
申请号：US13404780
申请日：2012-02-24
申请人： Ari Juels , Nikolaos Triandopoulos , Ronald Rivest , Marten Erik van Dijk
发明人： Ari Juels , Nikolaos Triandopoulos , Ronald Rivest , Marten Erik van Dijk
IPC分类号： G06F9/00
CPC分类号： G06F21/34 , G06F2221/2129 , H04L9/3228 , H04L63/0846
摘要： Methods and apparatus are provided for embedding auxiliary information in one-time passcode authentication tokens. Auxiliary information is embedded in authentication information transmitted to a receiver by obtaining the auxiliary information; and mapping the auxiliary information to a codeword using a secret key, wherein the secret key is shared between the security token and an authentication authority; and combining the codeword with a tokencode generated by a security token to generate a one-time passcode. The one-time passcode can then be transmitted to the receiver.
摘要翻译：提供了将辅助信息嵌入一次性密码认证令牌中的方法和装置。辅助信息被嵌入到通过获取辅助信息发送到接收器的认证信息中; 以及使用秘密密钥将所述辅助信息映射到码字，其中所述秘密密钥在所述安全令牌和认证机构之间共享; 以及将码字与由安全令牌生成的令牌代码组合以生成一次性密码。然后可以将一次性密码传送到接收器。

6. 发明授权

US09118661B1 Methods and apparatus for authenticating a user using multi-server one-time passcode verification 有权
标题翻译：使用多服务器一次性密码验证认证用户的方法和装置
公开(公告)号：US09118661B1
公开(公告)日：2015-08-25
申请号：US13404737
申请日：2012-02-24
申请人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk
发明人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk
IPC分类号： H04L29/06
CPC分类号： H04L63/0838 , H04L63/0853
摘要： Methods and apparatus are provided for authenticating a user using multi-server one-time passcode verification. A user is authenticated by receiving authentication information from the user; and authenticating the user based on the received authentication information using at least two authentication servers, wherein the received authentication information is based on a secret shared between a security token associated with the user and an authentication authority that provides the at least two authentication servers. For example, the authentication information can comprise a passcode comprised of a tokencode from the security token and a password from the user. The user can be authenticated only if, for example, all of the at least two authentication servers authenticate the received authentication information.
摘要翻译：提供了使用多服务器一次性密码验证来验证用户的方法和装置。通过从用户接收认证信息来认证用户; 以及使用至少两个认证服务器基于所接收的认证信息来认证所述用户，其中，所接收的认证信息基于与所述用户相关联的安全令牌和提供所述至少两个认证服务器的认证机构之间共享的秘密。例如，认证信息可以包括由来自安全令牌的令牌代码和来自用户的密码组成的密码。只有在例如所有至少两个认证服务器中的所有认证服务器对接收到的认证信息进行认证时，才可以认证用户。

7. 发明授权

US09515989B1 Methods and apparatus for silent alarm channels using one-time passcode authentication tokens 有权
标题翻译：使用一次性密码认证令牌的静音报警信道的方法和装置
公开(公告)号：US09515989B1
公开(公告)日：2016-12-06
申请号：US13404788
申请日：2012-02-24
申请人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk , Ronald Rivest
发明人： Ari Juels , Nikolaos Triandopoulos , Marten Erik van Dijk , Ronald Rivest
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L63/00 , H04L63/0428 , H04L63/065 , H04L63/0838 , H04L63/0869 , H04L63/123 , H04L63/126 , H04L63/14
摘要： Methods and apparatus are provided for silent alarm channels using one-time passcode authentication tokens. A message is transmitted indicating a potential attack on a protected resource by obtaining the message; combining the message with a tokencode generated by a security token to generate a one-time passcode; and transmitting the one-time passcode to a receiver. A plurality of the messages can be obtained in parallel, and the plurality of parallel messages can be combined with the tokencode to generate the one-time passcode. A subsequent message can optionally be generated by applying a hash function to a prior n-bit value to provide a counter identifying each message. The message optionally also comprises one or more additional bits to provide an annotation of the message.
摘要翻译：为使用一次性密码认证令牌的静音报警通道提供方法和装置。通过获得消息来传送指示对受保护资源的潜在攻击的消息; 将消息与由安全令牌生成的令牌代码组合以生成一次性密码; 并将一次性密码发送到接收机。可以并行获得多个消息，并且多个并行消息可以与令牌代码组合以生成一次性密码。可以可选地通过将哈希函数应用于先前的n位值来产生后续消息，以提供识别每个消息的计数器。消息可选地还包括一个或多个附加位以提供消息的注释。

8. 发明授权

US09525551B1 Randomly skewing secret values as a countermeasure to compromise 有权
标题翻译：随机倾斜秘密价值作为妥协的对策
公开(公告)号：US09525551B1
公开(公告)日：2016-12-20
申请号：US13248127
申请日：2011-09-29
申请人： Karl Ackerman , Marten Erik van Dijk , Ari Juels , Emily Shen
发明人： Karl Ackerman , Marten Erik van Dijk , Ari Juels , Emily Shen
IPC分类号： H04L9/32 , G06F21/31 , G06F21/34
CPC分类号： H04L9/3228 , G06F21/31 , G06F21/34 , H04L9/088
摘要： A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.
摘要翻译：第一加密设备由第二加密设备认证。第二加密设备存储与第一密码设备相关联的秘密值的备选版本作为妥协秘密值的对策。结合在第一加密装置和第二密码装置之间执行的协议，第二加密装置至少部分地基于秘密值的备选版本来确定秘密值，并利用所确定的秘密值来认证第一加密装置加密设备秘密值的替代版本可以包括秘密值的随机倾斜版本。例如，秘密值可以包括第一密码设备的密钥或其他参数，秘密值的备选版本可以包括密钥或其他参数的随机倾斜版本。

9. 发明授权

US08813234B1 Graph-based approach to deterring persistent security threats 有权
标题翻译：以图为基础的方法来阻止持续的安全威胁
公开(公告)号：US08813234B1
公开(公告)日：2014-08-19
申请号：US13171759
申请日：2011-06-29
申请人： Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
发明人： Kevin D. Bowers , Marten E. van Dijk , Ari Juels , Alina M. Oprea , Ronald L. Rivest , Nikolaos Triandopoulos
IPC分类号： G06F21/00
CPC分类号： G06F21/552 , H04L63/1408 , H04L63/1441 , H04L63/20
摘要： A processing device comprises a processor coupled to a memory and implements a graph-based approach to protection of a system comprising information technology infrastructure from a persistent security threat. Attack-escalation states of the persistent security threat are assigned to respective nodes in a graph, and defensive costs for preventing transitions between pairs of the nodes are assigned to respective edges in the graph. A minimum cut of the graph is computed, and a defensive strategy is determined based on the minimum cut. The system comprising information technology infrastructure subject to the persistent security threat is configured in accordance with the defensive strategy in order to deter the persistent security threat.
摘要翻译：处理设备包括处理器，其耦合到存储器并且实现基于图的方法以保护包括信息技术基础设施的系统免受持久的安全威胁。持续性安全威胁的攻击升级状态被分配给图中的相应节点，并且用于防止节点对之间的转换的防御成本被分配给图中的相应边缘。计算图的最小值，并根据最小值确定防御策略。包含受到持续安全威胁的信息技术基础架构的系统是根据防御策略配置的，以便阻止持续的安全威胁。

10. 发明授权

US08689282B1 Security policy enforcement framework for cloud-based information processing systems 有权
标题翻译：基于云的信息处理系统的安全策略实施框架
公开(公告)号：US08689282B1
公开(公告)日：2014-04-01
申请号：US13336692
申请日：2011-12-23
申请人： Alina M. Oprea , Yinqian Zhang , Vijay Ganti , John P. Field , Ari Juels , Michael Kendrick Reiter
发明人： Alina M. Oprea , Yinqian Zhang , Vijay Ganti , John P. Field , Ari Juels , Michael Kendrick Reiter
IPC分类号： H04L29/06
CPC分类号： H04L63/20
摘要： Cloud infrastructure of a cloud service provider comprises a processing platform implementing a security policy enforcement framework. The security policy enforcement framework comprises a policy analyzer that is configured to identify at least one security policy associated with at least one tenant of the cloud service provider, to analyze the security policy against configuration information characterizing the cloud infrastructure of the cloud service provider, and to control execution of one or more applications of said at least one tenant within the cloud infrastructure in accordance with the security policy, based at least in part on one or more results of the analysis of the security policy. The security policy enforcement framework may be implemented in a platform-as-a-service (PaaS) layer of the cloud infrastructure, and may comprise a runtime controller, an operating system controller, a hypervisor controller and a PaaS controller.
摘要翻译：云服务提供商的云基础设施包括实施安全策略实施框架的处理平台。安全策略实施框架包括策略分析器，其被配置为识别与云服务提供商的至少一个租户相关联的至少一个安全策略，以针对表征云服务提供商的云基础设施的配置信息来分析安全策略;以及至少部分地基于对安全策略的分析的一个或多个结果来根据安全策略来控制云基础设施内的所述至少一个租户的一个或多个应用的执行。安全策略实施框架可以在云基础架构的平台即服务（PaaS）层中实现，并且可以包括运行时控制器，操作系统控制器，管理程序控制器和PaaS控制器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式