专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08051491B1 Controlling use of computing-related resources by multiple independent parties 有权
标题翻译：由多个独立方控制计算相关资源的使用
公开(公告)号：US08051491B1
公开(公告)日：2011-11-01
申请号：US11966692
申请日：2007-12-28
申请人： Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
发明人： Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
IPC分类号： G06F7/04 , G06F17/30 , H04N7/16
CPC分类号： H04L63/10 , G06F21/604 , G06F21/6218 , G06F2221/2141 , H04L63/0227 , H04L63/102 , H04L63/20
摘要： Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要翻译：描述了用于管理对计算相关资源的访问的技术，例如，可以使多个不同方独立地控制对资源的访问（例如，使得只有当所有多个关联方批准该访问时，访问资源的请求才能成功）。例如，执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源（例如，由在这种情况下，可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源（例如，存储的数据文件）的访问权限，例如，最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。

2. 发明授权

US08429757B1 Controlling use of computing-related resources by multiple independent parties 有权
标题翻译：由多个独立方控制计算相关资源的使用
公开(公告)号：US08429757B1
公开(公告)日：2013-04-23
申请号：US13277070
申请日：2011-10-19
申请人： Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
发明人： Mark Joseph Cavage , John Cormie , Nathan R. Fitch , Don Johnson , Peter Sirota
IPC分类号： H04L29/06
CPC分类号： H04L63/10 , G06F21/604 , G06F21/6218 , G06F2221/2141 , H04L63/0227 , H04L63/102 , H04L63/20
摘要： Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service) —in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
摘要翻译：描述了用于管理对计算相关资源的访问的技术，例如，可以使多个不同方独立地控制对资源的访问（例如，使得只有当所有多个关联方批准该访问时，访问资源的请求才能成功）。例如，执行的软件应用程序可以代表最终用户利用由一个或多个远程第三方网络服务提供的一种或多种类型的计算相关资源（例如，由在这种情况下，可以允许创建软件应用程序的开发者用户和终端用户独立地指定一个或多个特定的这样的计算相关资源（例如，存储的数据文件）的访问权限，例如，最终用户和软件应用程序开发者用户以后都不可以在未经对方批准的情况下访问这些资源。

3. 发明授权

US08904511B1 Virtual firewalls for multi-tenant distributed services 有权
标题翻译：用于多租户分布式服务的虚拟防火墙
公开(公告)号：US08904511B1
公开(公告)日：2014-12-02
申请号：US12861692
申请日：2010-08-23
申请人： Kevin Ross O'Neill , Mark Joseph Cavage , Nathan R. Fitch , Anders Samuelsson , Brian Irl Pratt , Yunong Jeff Xiao , Bradley Jeffery Behm , James E. Scharf, Jr.
发明人： Kevin Ross O'Neill , Mark Joseph Cavage , Nathan R. Fitch , Anders Samuelsson , Brian Irl Pratt , Yunong Jeff Xiao , Bradley Jeffery Behm , James E. Scharf, Jr.
IPC分类号： G06F9/00 , H04L29/06 , H04L29/08 , H04L12/24
CPC分类号： H04L63/0263 , H04L29/08081 , H04L41/28 , H04L63/08 , H04L63/102 , H04L63/20
摘要： Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.
摘要翻译：可以建立虚拟防火墙，执行关于由多租户分布式服务维护的计算资源的策略集。计算资源的特定子集可以与多租户分布式服务的特定租户相关联。租户可以建立由虚拟防火墙为相关联的计算资源子集强制执行的防火墙策略集，而不会影响多租户分布式服务的其他租户。实施多个防火墙策略集的虚拟防火墙可以由多租户分布式服务的通用防火墙组件维护。防火墙策略集可以分布在多租户分布式服务的多个位置。对于针对特定计算资源的请求，常用防火墙组件可以标识相关联的虚拟防火墙，并根据相应的防火墙策略集将请求提交给虚拟防火墙进行评估。

4. 发明授权

US09571481B1 Once only distribution of secrets 有权
标题翻译：一次只分配秘密
公开(公告)号：US09571481B1
公开(公告)日：2017-02-14
申请号：US13308424
申请日：2011-11-30
申请人： Graeme D. Baer , Gregory B. Roth , Nathan R. Fitch
发明人： Graeme D. Baer , Gregory B. Roth , Nathan R. Fitch
IPC分类号： G06F21/31 , H04L29/06 , G06F21/33
CPC分类号： H04L63/0807 , G06F21/33 , G06F21/42 , H04L63/062 , H04L63/0823 , H04L63/0838
摘要： A secret distribution system may disclose a secret once to a client computing resource while maintaining the privacy of the message and allowing for recovery from dropped network messages. A claim code may be given to a client which may be sent to the secret distribution system, causing the secret distribution system to send a pending secret to the client. Until a client successfully confirms receipt of the pending secret or the claim code expires, the client may request new pending secrets to replace the prior unconfirmed secrets from the secret distribution system. Once a last-sent pending secret is confirmed by the client to the secret distribution system, the last-sent pending secret may be activated for use and the claim code invalidated.
摘要翻译：秘密分发系统可以在保持消息的隐私并允许从丢弃的网络消息恢复的同时向客户端计算资源公开一次秘密。可以向可以发送到秘密分发系统的客户端提供索赔代码，导致秘密分发系统向客户端发送等待的秘密。在客户端成功确认接收到待处理的秘密或索赔代码到期之前，客户端可以请求新的等待的秘密来从秘密分发系统中替换以前未确认的秘密。一旦客户端向秘密分发系统确认了最后发送的等待机密，则最后发送的待处理机密可能会被激活以供索赔代码无效。

5. 发明授权

US10070195B1 Computing resource service security method 有权
公开(公告)号：US10070195B1
公开(公告)日：2018-09-04
申请号：US13370214
申请日：2012-02-09
申请人： Eric Jason Brandwine , Nathan R. Fitch
发明人： Eric Jason Brandwine , Nathan R. Fitch
IPC分类号： G06F21/00 , H04N21/488
摘要： Techniques are described for providing users with computing resources, such as to enable users to interact with a remote configurable computing resource service in order to create and configure computing resources that are provided by the configurable computing resource service for use by the users. Computing resources provided by the configurable computing resource service may be configured to be private computing resources that are accessible only by the users who create them. The configurable computing resource service provides one or more interfaces that allow a user to provide to the computing resource service an indication of a security concern related to the provided computing resources, and responds to a received indication of a security concern by taking one or more actions to secure the provided computing resources.

6. 发明授权

US09197409B2 Key derivation techniques 有权
标题翻译：关键推导技术
公开(公告)号：US09197409B2
公开(公告)日：2015-11-24
申请号：US13248973
申请日：2011-09-29
申请人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
发明人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
IPC分类号： H04L9/32 , H04L9/08 , G06F21/31 , H04L29/06
CPC分类号： H04L9/083 , G06F21/31 , G06F2221/2115 , H04L9/0861 , H04L9/088 , H04L9/3242 , H04L9/3247 , H04L63/0884 , H04L63/126 , H04L2209/38
摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译：用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。生成的密钥可以用作签名密钥来签名消息。取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

7. 发明申请

US20130086662A1 PARAMETER BASED KEY DERIVATION 有权
标题翻译：基于参数的关键衍生
公开(公告)号：US20130086662A1
公开(公告)日：2013-04-04
申请号：US13248962
申请日：2011-09-29
申请人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
发明人： Gregory B. Roth , Bradley Jeffery Behm , Eric D. Crahen , Cristian M. Ilac , Nathan R. Fitch , Eric Jason Brandwine , Kevin Ross O'Neill
IPC分类号： G06F21/00
CPC分类号： H04L9/0891 , G06F21/31 , G06F2221/2115 , H04L9/083 , H04L9/088 , H04L9/3247 , H04L63/08 , H04L2209/38 , H04L2463/061
摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译：用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。生成的密钥可以用作签名密钥来签名消息。取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

8. 发明申请

US20130085880A1 IMPLEMENTATION OF SECURE COMMUNICATIONS IN A SUPPORT SYSTEM 有权
公开(公告)号：US20130085880A1
公开(公告)日：2013-04-04
申请号：US13248980
申请日：2011-09-29
申请人： Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
发明人： Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
IPC分类号： G06Q30/06 , H04L9/32
CPC分类号： G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
摘要： A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.

9. 发明授权

US09628875B1 Provisioning a device to be an authentication device 有权
公开(公告)号：US09628875B1
公开(公告)日：2017-04-18
申请号：US13159711
申请日：2011-06-14
申请人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
发明人： Gregory B. Roth , Nathan R. Fitch , Graeme D. Baer
IPC分类号： H04L9/32 , H04K1/00 , H04B7/00 , H04Q5/22 , G06F15/173
CPC分类号： H04L63/0838 , G06F15/173 , G06F21/35 , G06F21/36 , H04L9/3268 , H04L63/061 , H04L63/08 , H04Q5/22 , H04W12/06 , H04W88/02
摘要： In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

10. 发明授权

US09037511B2 Implementation of secure communications in a support system 有权
标题翻译：在支持系统中实现安全通信
公开(公告)号：US09037511B2
公开(公告)日：2015-05-19
申请号：US13248980
申请日：2011-09-29
申请人： Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
发明人： Gregory B. Roth , Eric D. Crahen , Graeme D. Baer , Eric J. Brandwine , Nathan R. Fitch
IPC分类号： G06F21/00 , G06F21/60 , H04L29/06 , G06Q30/06
CPC分类号： G06F21/602 , G06F9/44505 , G06F9/45558 , G06F21/606 , G06F2009/45587 , G06Q30/06 , H04L63/0209 , H04L63/0428 , H04L63/0471 , H04L63/08 , H04L63/166
摘要： A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
摘要翻译：支持系统使用与guest虚拟机系统相关联的一组凭据代表多个客户系统协商安全连接。安全连接的操作对于客户系统可能是透明的，使得客系统可以发送和接收由诸如管理程序之类的支持系统加密或解密的消息。由于支持系统在客户系统和目的地之间，支持系统可以充当安全连接的本地端点。消息可以由支持系统改变以向客系统指示哪些通信被保护。证书可以由支持系统管理，使得客户机系统不需要访问凭证。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式