专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08966570B1 Entity to authorize delegation of permissions 有权
标题翻译：实体授权授权
公开(公告)号：US08966570B1
公开(公告)日：2015-02-24
申请号：US13427622
申请日：2012-03-22
申请人： Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
发明人： Gregory B. Roth , Nathan R. Fitch , Kevin Ross O'Neill , Graeme D. Baer , Bradley Jeffery Behm , Brian Irl Pratt
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： H04L63/08 , G06F21/62 , G06F2221/2141 , H04L63/10
摘要： Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
摘要翻译：描述了授权以启用帐户访问的系统和方法。系统利用可以在至少一个用户的安全帐户内创建的委托简档。授权简介包括一个名称，一个确认策略，指定可能在该帐户外部以及被允许承担该授权简档的主体，以及一个授权策略，指示在该帐户内为在委托简介。创建授权配置文件后，可以将其提供给外部主体或服务。这些外部主体或服务可以使用委托简档来获取使用委托简档的凭据在帐户中执行各种操作的凭据。

2. 发明授权

US08881256B1 Portable access to auditing information 有权
标题翻译：便携式访问审核信息
公开(公告)号：US08881256B1
公开(公告)日：2014-11-04
申请号：US13333933
申请日：2011-12-21
申请人： Gregory B. Roth , Cristian M. Ilac , James E. Scharf, Jr. , Nathan R. Fitch , Graeme D. Baer , Brian Irl Pratt , Kevin Ross O'Neill
发明人： Gregory B. Roth , Cristian M. Ilac , James E. Scharf, Jr. , Nathan R. Fitch , Graeme D. Baer , Brian Irl Pratt , Kevin Ross O'Neill
IPC分类号： H04L29/06 , G06F21/00 , G06F21/12 , G06Q20/38
CPC分类号： H04L63/08 , G06F21/123 , G06Q20/3821 , H04L63/0428 , H04L67/22
摘要： Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.
摘要翻译：系统和方法在与能够访问与一组Web服务集合相关联的一组计算资源的一组凭证相关联的便携式物理对象上提供存储介质。在一些实施例中，包括一组凭证的信息被预先包装到便携式物理对象的存储介质上。在分布式系统中预先激活了对该组Web服务的订阅。当便携式物理对象与计算设备耦合并且凭证集被认证时，启用对该组Web服务的访问。在一些实施例中，便携式物理对象由用户以预付的方式购买，而不需要用户向该服务集注册帐户，允许用户对于与该组Web服务的交互保持匿名。

3. 发明授权

US09639825B1 Securing multifactor authentication 有权
公开(公告)号：US09639825B1
公开(公告)日：2017-05-02
申请号：US13159840
申请日：2011-06-14
申请人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
发明人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
IPC分类号： H04L9/32 , H04W4/00 , H04M1/00 , G06Q10/10 , G06Q20/10 , G06F21/34 , H04L29/06
CPC分类号： G06Q10/10 , G06F21/34 , G06F21/36 , G06Q20/10 , H04L9/3215 , H04L9/3228 , H04L9/3271 , H04L63/0838 , H04L63/0853 , H04L63/18 , H04L2463/082
摘要： In certain embodiments, a system receives a request sent by a device to authorize an operation. The system initiates display of an image encoding a challenge code to allow the device to capture the image and extract the challenge code. The device calculates a response using the challenge code and a seed, and sends the response to the system. In certain examples, the device may send the request over a first channel and the response over a second channel distinct from the first channel. In other examples, the device displays the response and a user inputs the response into a computing system to send to the system.

4. 发明授权

US09053297B1 Filtering communications 有权
标题翻译：过滤通信
公开(公告)号：US09053297B1
公开(公告)日：2015-06-09
申请号：US13312788
申请日：2011-12-06
申请人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
发明人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC分类号： G06F21/00 , G06F21/10
CPC分类号： G06F21/10 , G06F21/34 , G06F21/6263 , G06F2221/2101 , G06F2221/2119 , H04L63/0428 , H04L63/08 , H04L63/168
摘要： Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
摘要翻译：可以发送经认证的请求，而不需要包括或潜在地公开用于认证过程的秘密信息的请求。客户机设备使用诸如密钥的安全凭证来签署要发送给接收者的请求。当接收到请求时，收件人确定请求是否使用发送方的正确密钥进行了签名。在一些实施例中，客户端令牌包括在无状态地编码密钥的请求中，使得能够解码客户端令牌的接收者确定密钥并将该密钥与请求的签名进行比较。发件人可以将秘密信息存储在诸如浏览器安全模块的安全位置，使得秘密信息不会暴露给在客户端设备上执行的浏览器或脚本。

5. 发明授权

US09628875B1 Provisioning a device to be an authentication device 有权
公开(公告)号：US09628875B1
公开(公告)日：2017-04-18
申请号：US13159711
申请日：2011-06-14
申请人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
发明人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
IPC分类号： H04L9/32 , H04K1/00 , H04B7/00 , H04Q5/22 , G06F15/173
CPC分类号： H04L63/0838 , G06F15/173 , G06F21/35 , G06F21/36 , H04L9/3268 , H04L63/061 , H04L63/08 , H04Q5/22 , H04W12/06 , H04W88/02
摘要： In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

6. 发明授权

US09037511B2 Implementation of secure communications in a support system 有权
标题翻译：在支持系统中实现安全通信
公开(公告)号：US09037511B2
公开(公告)日：2015-05-19
申请号：US13248980
申请日：2011-09-29
申请人： Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
发明人： Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
IPC分类号： G06F21/00 , G06F21/60 , H04L29/06 , G06Q30/06
CPC分类号： G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
摘要： A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
摘要翻译：支持系统使用与guest虚拟机系统相关联的一组凭据代表多个客户系统协商安全连接。安全连接的操作对于客户系统可能是透明的，使得客系统可以发送和接收由诸如管理程序之类的支持系统加密或解密的消息。由于支持系统在客户系统和目的地之间，支持系统可以充当安全连接的本地端点。消息可以由支持系统改变以向客系统指示哪些通信被保护。证书可以由支持系统管理，使得客户机系统不需要访问凭证。

7. 发明授权

US10103875B1 Authentication through a secret holding proxy 有权
公开(公告)号：US10103875B1
公开(公告)日：2018-10-16
申请号：US13332199
申请日：2011-12-20
申请人： Gregory B. Roth , Graeme D. Baer , Nathan R. Fitch , Eric D. Crahen , Eric J. Brandwine
发明人： Gregory B. Roth , Graeme D. Baer , Nathan R. Fitch , Eric D. Crahen , Eric J. Brandwine
IPC分类号： H04L9/08 , H04L9/06
摘要： Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.

8. 发明授权

US09225690B1 Browser security module 有权
标题翻译：浏览器安全模块
公开(公告)号：US09225690B1
公开(公告)日：2015-12-29
申请号：US13312774
申请日：2011-12-06
申请人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
发明人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC分类号： H04L29/06
CPC分类号： H04L9/085 , H04L63/04 , H04L63/0428 , H04L63/06 , H04L67/02
摘要： Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
摘要翻译：可以发送经认证的请求，而不需要包括或潜在地公开用于认证过程的秘密信息的请求。客户机设备使用诸如密钥的安全凭证来签署要发送给接收者的请求。当接收到请求时，收件人确定请求是否使用发送方的正确密钥进行了签名。在一些实施例中，客户端令牌包括在无状态地编码密钥的请求中，使得能够解码客户端令牌的接收者确定密钥并将该密钥与请求的签名进行比较。发件人可以将秘密信息存储在诸如浏览器安全模块的安全位置，使得秘密信息不会暴露给在客户端设备上执行的浏览器或脚本。

9. 发明授权

US09117062B1 Stateless and secure authentication 有权
标题翻译：无状态和安全认证
公开(公告)号：US09117062B1
公开(公告)日：2015-08-25
申请号：US13312760
申请日：2011-12-06
申请人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
发明人： Nathan R. Fitch , Gregory B. Roth , Graeme D. Baer
IPC分类号： G06F21/30 , H04L9/32
CPC分类号： H04L63/08 , G06F21/30 , G06F21/31 , H04L9/0825 , H04L9/32 , H04L9/3213 , H04L9/3234 , H04L63/00 , H04L63/06 , H04L63/0807 , H04L63/168
摘要： Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
摘要翻译：可以发送经认证的请求，而不需要包括或潜在地公开用于认证过程的秘密信息的请求。客户机设备使用诸如密钥的安全凭证来签署要发送给接收者的请求。当接收到请求时，收件人确定请求是否使用发送方的正确密钥进行了签名。在一些实施例中，客户端令牌包括在无状态地编码密钥的请求中，使得能够解码客户端令牌的接收者确定密钥并将该密钥与请求的签名进行比较。发件人可以将秘密信息存储在诸如浏览器安全模块的安全位置，使得秘密信息不会暴露给在客户端设备上执行的浏览器或脚本。

10. 发明授权

US09571481B1 Once only distribution of secrets 有权
标题翻译：一次只分配秘密
公开(公告)号：US09571481B1
公开(公告)日：2017-02-14
申请号：US13308424
申请日：2011-11-30
申请人： Graeme D. Baer , Gregory B. Roth , Nathan R. Fitch
发明人： Graeme D. Baer , Gregory B. Roth , Nathan R. Fitch
IPC分类号： G06F21/31 , H04L29/06 , G06F21/33
CPC分类号： H04L63/0807 , G06F21/33 , G06F21/42 , H04L63/062 , H04L63/0823 , H04L63/0838
摘要： A secret distribution system may disclose a secret once to a client computing resource while maintaining the privacy of the message and allowing for recovery from dropped network messages. A claim code may be given to a client which may be sent to the secret distribution system, causing the secret distribution system to send a pending secret to the client. Until a client successfully confirms receipt of the pending secret or the claim code expires, the client may request new pending secrets to replace the prior unconfirmed secrets from the secret distribution system. Once a last-sent pending secret is confirmed by the client to the secret distribution system, the last-sent pending secret may be activated for use and the claim code invalidated.
摘要翻译：秘密分发系统可以在保持消息的隐私并允许从丢弃的网络消息恢复的同时向客户端计算资源公开一次秘密。可以向可以发送到秘密分发系统的客户端提供索赔代码，导致秘密分发系统向客户端发送等待的秘密。在客户端成功确认接收到待处理的秘密或索赔代码到期之前，客户端可以请求新的等待的秘密来从秘密分发系统中替换以前未确认的秘密。一旦客户端向秘密分发系统确认了最后发送的等待机密，则最后发送的待处理机密可能会被激活以供索赔代码无效。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式