ELECTRONIC MONEY SYSTEM WITHOUT ORIGIN RECOGNITION

Verifying measurable aspects associated with a module

The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

MESHED NETWORK WITH EXCLUSION ABILITY

PROCEDURE FOR THE REMOTE CONTROLLED CHANGE OF A COMMUNICATION PASSWORD

Mesh networks with end device recognition

NETWORK ACCOUNTABILITY AMONG AUTONOMOUS SYSTEMS

In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS.

Secure end-to-end notification

Providing secure end-to-end notifications from a notification source to a notification sink despite the notification mechanism including one or more message transit points between the notification source and the notification sink. Initially, security information (e.g., the master security, the cryptographic algorithm, and the like) is negotiated out-of-band from the one or more message transit points so that the message transit points are not apprised of the security information. When a designated event occurs, the notification source generates a push message that includes the notification encrypted using the pre-negotiated security information. When the notification sink receives the push message, the notification sink decrypts the notification using the pre-negotiated security information, as well as supplemental information provided in the push message. Thus, the message transit points only have access to the encrypted form of the notification.

Method and system for asymmetric key security

Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.

Efficient and secure authentication of computing systems

The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a limited-use (e.g., a single-use) credential and submits the limited-use credential over a secure link to a server. The server provisions an additional credential (for subsequent authentication) and sends the additional credential to the client over the secure link. In other embodiments, computing systems automatically negotiate authentication methods using an extensible protocol. A mutually deployed authentication method is selected and secure authentication is facilitated with a tunnel key that is used encrypt (and subsequently decrypt) authentication content transferred between a client and a server. The tunnel key is derived from a shared secret (e.g., a session key) and nonces.

Pass-thru for client authentication

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

Methods for remotely changing a communications password

Vermaschtes Netz mit Endgeräteerkennung

MESHED NET WITH TERMINAL RECOGNITION

Strategies for investigating and mitigating vulnerabilities caused by the acquisition of credentials

A strategy is described for assessing and mitigating vulnerabilities within a data processing environment. The strategy collects access data that reflects actual log-in behavior exhibited by users in the environment. The strategy also collects rights data that reflects the rights possessed by one or more administrators within the environment. Based on the access data and rights data, the strategy identifies how a user or other entity that gains access to one part of the environment can potentially compromise additional parts of the environment. The strategy can recommend and implement steps aimed at reducing any identified vulnerabilities.

Discovery of secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

Verfahren zur ferngesteuerten Änderung eines Kommunikationspasswortes

Methods for remotely changing a communications password

Use of hashing in a secure boot loader

Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

Transferring application secrets in a trusted operating system environment

Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

Discovery of secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

STRATEGIES FOR INVESTIGATING AND MITIGATING VULNERABILITIES CAUSED BY THE ACQUISITION OF CREDENTIALS

A strategy is described for assessing and mitigating vulnerabilities with in a data processing environment. The strategy collects access data that ref lects actual log-in behavior exhibited by users in the environment. The stra tegy also collects rights data that reflects the rights possessed by one or more administrators within the environment. Based on the access data and rig hts data, the strategy identifies how a user or other entity that gains acce ss to one part of the environment can potentially compromise additional part s of the environment. The strategy can recommend and implement steps aimed a t reducing any identified vulnerabilities.

Method of negotiating security parameters and authenticating users interconnected to a network

A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.

Messaging infrastructure for identity-centric data access

UNTRACEABLE ELECTRONIC CASH

An electronic cash protocol including the steps of using a one-way function f1(x) to generate an image f1(x1) from a preimage x1; sending the image f1(x1) in an unblinded form to a second party; and receiving from the second party a note including a digital signature, wherein the note represents a commitment by the second party to credit a predetermined amount of money to a first presenter of the preimage x1 to the second party.

SYSTEM FOR TRANSMITTING SUBSCRIPTION INFORMATION AND CONTENT TO A MOBILE DEVICE

A system controls access to broadcast messages (298) received by a plurality of mobile devices (18). Selected mobile devices (18) are provided with a broadcast encryption key (BEK) (268). The broadcast messages (298) are encrypted using the BEK (268) prior to broadcasting so that the selected mobile devices (18) containing the BEK (268) can decrypt the broadcast messages (298). The broadcast messages (298) are then broadcast.

Key management in secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

UNTRACEABLE ELECTRONIC CASH

An electronic cash protocol including the steps of using a one-way function f1(x) to generate an image f1(x1) from a preimage x1; sending the image f1(x1) in an unblinded form to a second party; and receiving from the second party a note including a digital signature, wherein the note represents a commitment by the second party to credit a predetermined amount of money to a first presenter of the preimage x1 to the second party.

DISCOVERY OF SECURE NETWORK ENCLAVES

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located. 1. A device for providing secure communications , comprising: receive a control packet during an exchange, between the device and a second device, to establish a security association with the second device;', 'determine an identity of an enclave in which the second device is located based at least on two or more markers indicative of enclaves associated with intermediary devices that processed the control packet;', 'determine an identity of another enclave; and', 'selecting a key based at least on the determined identity of the enclave and the determined identity of the other enclave.', 'employ the determined identity of the enclave to establish a security association with the second device, including], 'a memory and a processor that are respectively configured to store and execute instructions, including instructions for causing the device to2. The device of claim 1 , wherein the instructions are also for causing the device to:determine the identity of the other enclave based at least on the two or more markers.3. The device of claim 2 , wherein the device is located in the other enclave.4. The device of claim 1 , ...

System and method for evaluating and enhancing source anonymity for encrypted web traffic

A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

Pass-Thru for Client Authentication

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

Efficient and secure authentication of computing systems

The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a limited-use (e.g., a single-use) credential and submits the limited-use credential over a secure link to a server. The server provisions an additional credential (for subsequent authentication) and sends the additional credential to the client over the secure link. In other embodiments, computing systems automatically negotiate authentication methods using an extensible protocol. A mutually deployed authentication method is selected and secure authentication is facilitated with a tunnel key that is used encrypt (and subsequently decrypt) authentication content transferred between a client and a server. The tunnel key is derived from a shared secret (e.g., a session key) and nonces.

SYSTEM AND METHOD FOR PROVIDING PROGRAM CREDENTIALS

A system for providing a client's credentials to a computer program comprises a database remote from the client and a single signon server module. The single signon server module can receive a request for the client's credentials from the computer program, determine whether the client's credentials are stored in the database, and send the client's credentials from the database to the computer program in response to a determination that the client's credentials are stored in the database. The single signon server module can store the client's credentials in the database in response to a determination that the client's credentials are not stored in the database. The single signon server module can encrypt the client's credentials prior to storing the client's credentials in the database and can decrypt the client's credentials prior to sending the client's credentials to the computer program.

Identity-centric data access

Strategies for investigating and mitigating vulnerabilities caused by the acquisition of credentials

Controlled-content recoverable blinded certificates

In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server can readily verify security attributes of the client device and make decisions regarding the delivery of electronic content to the client device based on those security attributes.

Transferring application secrets in a trusted operating system environment

Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

TLS TUNNELING

An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.

NETWORK ACCOUNTABILITY AMONG AUTONOMOUS SYSTEMS

In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS. 120.-. (canceled)21. A method comprising:receiving a filter request from a receiving customer to filter data packets sent from a sending customer to the receiving customer;receiving a dispute filed by the sending customer with respect to the filter request of the receiving customer after receiving the filter request from the receiving customer;logging one or more destination addresses of new data packets that are sent from the sending customer after receiving the dispute filed by the sending customer;determining whether the receiving customer is associated with any one of the one or more destination addresses of the new data packets that are sent from the sending customer; anddetermining whether to filter the data packets sent from the sending customer to the receiving customer or to ignore the filter request of the receiving customer based at least in part on a result of determining whether the receiving customer is associated with any one of the one or more destination addresses of the new data packets that are sent from the sending customer.22. The method of claim 21 , wherein determining whether to filter the data packets sent from the sending customer to the receiving customer or to ignore the filter request of the receiving customer comprises filtering the new data packets sent from the sending customer to the receiving customer in ...

METHOD OF NEGOTIATING SECURITY PARAMETERS AND AUTHENTICATING USERS INTERCONNECTED TO A NETWORK

A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Key management in secure network enclaves

Method and system for filtering communications to prevent exploitation of a software vulnerability

A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the ...

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

METHOD FOR CHANGING COMMUNICATION PASSWORD BY REMOTE CONTROL

PROBLEM TO BE SOLVED: To provide a method by which an authentication client which is authenticated by an authentication server enhances security of authentication and use a new communication password. SOLUTION: The authentication client obtains a new password from the user. A "password verifier" is guided from information provided from the new password and by the authentication server. The password verifier is shared with the authentication server. The new password itself is not transmitted to the authentication server and introduction of the new password from the password verifier is basically impossible. Each of the authentication client and the authentication server guides a set of new authentication and an encryption security key simultaneously. This process is repeated for controlling data amount to be transmitted by using a set of security key having specific security. COPYRIGHT: (C)2004,JPO ...

Maschennetz mit Ausschlussfähigkeit

Key management in secure network enclaves

Mesh networks with end device recognition

An exemplary router performs actions including: receiving at least one certificate from an end device, the at least one certificate issued by another router; ascertaining if the other router is a member of a predetermined neighborhood; determining if the at least one certificate is valid; and if the other router is ascertained to be a member of the predetermined neighborhood and the at least one certificate is determined to be valid, recognizing the end device as privileged. An exemplary mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to grant privileged status to a particular end device associated with a particular certificate issued by a particular mesh router when the particular mesh router is a member of a neighborhood of the designated neighborhood administrator mesh router.

Strategies for investigating and mitigating vulnerabilities caused by the acquisition of credentials

A strategy is described for assessing and mitigating vulnerabilities within a data processing environment. The strategy collects access data that reflects actual log-in behavior exhibited by users in the environment. The strategy also collects rights data that reflects the rights possessed by one or more administrators within the environment. Based on the access data and rights data, the strategy identifies how a user or other entity that gains access to one part of the environment can potentially compromise additional parts of the environment. The strategy can recommend and implement steps aimed at reducing any identified vulnerabilities.

Transferring application secrets in a trusted operating system environment

Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

System and method of inkblot authentication

A system and method that uses authentication inkblots to help computer system users first select and later recall authentication information from high entropy information spaces. An inkblot authentication module generates authentication inkblots from authentication inkblot seeds. On request, a security authority generates, stores and supplies an authentication inkblot seed set for a user. In response to an authentication inkblot, a user inputs one or more alphanumeric characters. The responses to one or more authentication inkblots serve as authentication information. A user-computable hash of the natural language description of the authentication inkblot is utilized to speed authentication information entry and provide for compatibility with conventional password-based authentication. Authentication with an authentication information match ratio of less than 100% is possible. Authentication inkblot generation methods are disclosed, as well as a detailed inkblot authentication protocol ...

System and method for evaluating and enhancing source anonymity for encrypted web traffic

A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

AUTOMATION-RESISTANT, ADVERTISING-MERGED INTERACTIVE SERVICES

Systems and methodologies for implementing automation-resistant interactive computing services are provided herein. Function invocation mechanisms can be utilized as described herein to facilitate invocation and/or activation of one or more functions of an interactive service upon performance of an interaction falling within a predefined class of interaction with selected multimedia content. The described functionality invocation mechanisms can operate similarly to a traditional captcha image by requiring interaction that is easily understandable and performable by a human user but is prohibitively difficult for an automated program to carry out. Techniques such as masking relationships between user interaction and function invocation and varying elements of the selected multimedia content for respective accesses can be utilized to provide additional resistance to automation. Described invocation mechanisms can additionally be merged with advertising, which can optionally be targeted to ...

Automated generator of input-validation filters

An implementation of a technology, described herein, for facilitating the automated generation of input-validation software filters. The implementation of the invention provides an easy graphical user interface (GUI). With this GUI, a user (such as a system administrator) is able to quickly enter a set of parameters defining what valid inputs constitute—in particular, when such inputs come from a computing component. Consequently, the user does not have to manually generate filtering instructions on how to filter input from a computing component. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

Methods for remotely changing a communications password

Disclosed are methods for an authentication client, having been authenticated by an authentication server, to leverage the effects of that authentication to implement a new communications password. The authentication client gets a new password from its user. From the new password and from information provided by the authentication server, the authentication client derives a "password verifier." The password verifier is then shared with the authentication server. The new password itself is never sent to the authentication server, and it is essentially impossible to derive the new password from the password verifier. The authentication client and the authentication server, in parallel, derive a new set of authentication and encryption security keys from the new password and from the password verifier, respectively. This process may be repeated to limit the amount of data sent using any one particular set of security keys and thus to limit the effectiveness of any statistical attacker.

Verifying measurable aspects associated with a module

The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

Bi-directionally verifying measurable aspects associated with modules, pre-computing solutions to configuration challenges, and using configuration challenges along with other authentication mechanisms

The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Use of hashing in a secure boot loader

Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash values maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

METHOD AND SYSTEM FOR ID CREDITING OF PRIVACY

【課題】プライバシーのあるＩＤ認識のための方法およびシステムを提供する。 【解決手段】本明細書で開示される例示的な実施形態は、ウェブサイトからＩＤキーを受け取ることと、マスターキーを作成することと、ＩＤキーおよびマスターキーの暗号化関数を利用することによってペアワイズの対称キーまたは非対称キーのペアを作成することと、ペアワイズの公開または対称キーをクライアントおよびウェブサイトに格納することとを備える、ペアワイズのセキュリティキーを作成するための方法およびシステムを含むことができる。 【選択図】図１

System and method for protecting privacy and anonymity of parties of network communications

A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Verfahren zur ferngesteuerten Änderung eines Kommunikationspasswortes

Accessing heterogeneous data in a standardized manner

Directly operating on data structures in a generic manner regardless of the type of data structure being operated upon and without requiring dedicated executable code for manipulating data structures of the particular data type. A common set of commands (e.g., insert, delete, replace, update, query) are recognized that may be used to operate on data structures of a number of different data types. A navigation module accesses a request to execute one of the common command methods on at least an identified portion of an identified data structure. Then, the navigation module accesses a navigation assistance module to access a set of rules associated with the particular data type, the set of rules allowing the navigation module to find the portion of the data structure that is to be operated on. If appropriate, the command operation is then executed on the identified portion of the data structure.

Pass-thru for client authentication

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

Method of negotiating security parameters and authenticating users interconnected to a network

A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.

Network accountability among autonomous systems

In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS.

Manifest-Based Trusted Agent Management in a Trusted Operating System Environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Controlled-content recoverable blinded certificates

In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server can readily verify security attributes of the client device and make decisions regarding the delivery of electronic content to the client device based on those security attributes.

MESH NETWORK PROVIDED WITH EXCLUDING FUNCTION

PROBLEM TO BE SOLVED: To enable excluding a bad mesh router from a mesh network. SOLUTION: In an exemplary method embodiment, the method comprises a step of designating neighborhood administrator, receiving notification of a bad router from the designated neighborhood administrator, and excluding the bad router in response to the notification. In an exemplary embodiment of the mesh router, a mesh router can establish a radio mesh network with other mesh routers, the mesh router further designates a mesh router as the neighborhood administrator, and the mesh router is adapted to exclude another mesh router correlated to a specific certificate when a specific certificate is identified to be bad by the mesh router as the designated neighborhood administrator. COPYRIGHT: (C)2005,JPO&NCIPI ...

Secure peer-to-peer cache sharing

A system, apparatus, method, and computer-readable medium are provided for secure P2P caching. In one method, a requesting peer obtains a hash of requested data from a server. The requesting peer then transmits a request for the data to other peers. The request proves that the requesting peer has the hash. If a caching peer has the data, it generates a reply to the request that proves that it has the requested data. If the requesting peer receives a reply from a caching peer, the requesting peer establishes a connection to the caching peer and retrieves the data from the caching peer. If the requesting peer does not receive a reply to the request from any other peer, the requesting peer establishes a connection to the server and retrieves the data from the server. The requesting peer stores the data for use in responding to requests from other peers.

Methods for iteratively deriving security keys for communications sessions

Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates "liveness" information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.

Authorizing a requesting entity to operate upon data structures

Authorizing a requesting entity to have a service perform a particular action in a manner that is at least partially independent of the underlying target data structure. An authorization station maintains a number of role templates that each define basic access permissions with respect to a number of command methods. The authorization station also maintains a number of role definitions that each define access permissions for specific requesting entities by using one or more of the role templates. When the authorization station receives a request from the requesting entity, the authorization station then identifies the appropriate role definition. Using this role definition, the authorization station determines access permissions for the requesting entity with respect to the requested action.

System and method for protecting privacy and anonymity of parties of network communications

A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an "onion encryption" scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Supporting DNS security in a multi-master environment

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

Enhancing computer system security via multiple user desktops

Users can create multiple different desktops for themselves and easily switch between these desktops. These multiple desktops are "walled off" from one another, limiting the ability of processes and other subjects in one desktop from accessing objects, such as data files or other processes, in another desktop. According to one aspect, each time a process is launched it is associated with the desktop that it is launched in. Similarly, objects, such as data files or resources, are associated with the same desktop as the process that created them. The operating system allows a process to access only those objects that are either associated with the same desktop as the process or associated with no desktop.

TLS tunneling

An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.

PassThru for Client Authentication

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

EFFICIENT AND SECURE AUTHENTICATION OF COMPUTING SYSTEM

PROBLEM TO BE SOLVED: To provide a system for more efficiently and securely authenticating a computing system. SOLUTION: A client receives a limited usage (for example, single usage) certificate and transmits the limited usage certificate to a server through a secure link. The server provides an additional certificate (for subsequent authentication) and transmits the additional certificate to the client through the secure link. In another embodiment, the computing system uses an expandable protocol to automatically negotiate an authenticating method. An authenticating method to be mutually arranged is selected, and secure authentication is performed by a tunnel key to be used to encrypt (and later decrypt) authentication contents to be transferred between the client and the server. The tunnel key is derived from a shared secret key (e.g., session key) and a nansu. COPYRIGHT: (C)2005,JPO&NCIPI ...

Efficient and secure authentication of computing systems

The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a limited-use (e.g., a single-use) credential and submits the limited-use credential over a secure link to a server. Theserver provisions an additional credential (for subsequent authentication) and sends the additional credential to the client over the secure link. In other embodiments, computing systems automatically negotiate authentication methods using an extensible protocol. A mutually deployed authentication method is selected and secure authentication is facilitated with a tunnel key that is used encrypt (and subsequently decrypt) authentication content transferred between a client and a server. The tunnel key is derived from a shared secret (e.g.., a session key) and nonces.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Network Accountability Among Autonomous Systems

Accountability among Autonomous Systems (ASs) in a network ensures reliable identification of various customers within the ASs and provides defensibility against malicious customers within the ASs. In one implementation, reliable identification is achieved by implementing ingress filtering on data packets originating within individual ASs and defensibility is provided by filtering data packets on request. To facilitate on-request filtering, individual ASs are equipped with a Filter Request Server (FRS) to filter data packets from certain customers identified in a filter request. Thus, when a requesting customer makes a filter request against an offending customer, the FRS within the AS to which the offending customer belongs conducts on-request filtering and installs an on-request filter on a first-hop network infrastructure device for the offending customer. Consequently, the first-hop network infrastructure device filters any data packet sent from the offending customer to the requesting ...

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Identity based network policy enablement

Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.

TLS tunneling

An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.

METHOD AND SYSTEM FOR FILTERING COMMUNICATION TO PREVENT EXPLOITATION OF SOFTWARE VULNERABILITY

PROBLEM TO BE SOLVED: To provide a method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability. SOLUTION: A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system can specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability. COPYRIGHT: (C)2006,JPO&NCIPI ...

Establishing secure mutual trust using an insecure password

A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.

Mesh networks with end device recognition

An exemplary router performs actions including: receiving at least one certificate from an end device, the at least one certificate issued by another router; ascertaining if the other router is a member of a predetermined neighborhood; determining if the at least one certificate is valid; and if the other router is ascertained to be a member of the predetermined neighborhood and the at least one certificate is determined to be valid, recognizing the end device as privileged. An exemplary mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to grant privileged status to a particular end device associated with a particular certificate issued by a particular mesh router when the particular mesh router is a member of a neighborhood of the designated neighborhood administrator mesh router.

Method and system for filtering communications to prevent exploitation of a software vulnerability

A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the ...

Network accountability among autonomous systems

In one kind of DoS attack, malicious customers may try to send a large number of filter requests against an innocent customer. In one implementation, a Filter Request Server (FRS) may allow a customer against who a filter request is made to dispute the implicit accusation of the filter request or stop sending malicious traffic. If the customer claims innocence, the FRS may log destination addresses of data packets sent by the customer and identify and ignore false filter requests if these filter requests come from customers who do not correspond to one or more of the destination addresses that have previously been logged by the FRS.

System and method for protecting privacy and anonymity of parties of network communications

A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an "onion encryption" scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Manifest-based trusted agent management in a trusted operating system environment

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

Pass-Thru for Client Authentication

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

Use of hashing in a secure boot loader

Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

Automation-resistant, advertising-merged interactive services

Systems and methodologies for implementing automation-resistant interactive computing services are provided herein. Function invocation mechanisms can be utilized as described herein to facilitate invocation and/or activation of one or more functions of an interactive service upon performance of an interaction falling within a predefined class of interaction with selected multimedia content. The described functionality invocation mechanisms can operate similarly to a traditional captcha image by requiring interaction that is easily understandable and performable by a human user but is prohibitively difficult for an automated program to carry out. Techniques such as masking relationships between user interaction and function invocation and varying elements of the selected multimedia content for respective accesses can be utilized to provide additional resistance to automation. Described invocation mechanisms can additionally be merged with advertising, which can optionally be targeted to ...

Use of hashing in a secure boot loader

Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

Operating system upgrades in a trusted operating system environment

Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the current trusted core only if it can be verified that the new trusted core is the new trusted core expected by the current trusted core. In accordance with one implementation, the new trusted core is allowed to access only selected application data previously securely stored by the current trusted core.

System and method for providing program credentials

A system for providing a client's credentials to a computer program comprises a database remote from the client and a single signon server module. The single signon server module can receive a request for the client's credentials from the computer program, determine whether the client's credentials are stored in the database, and send the client's credentials from the database to the computer program in response to a determination that the client's credentials are stored in the database. The single signon server module can store the client's credentials in the database in response to a determination that the client's credentials are not stored in the database. The single signon server module can encrypt the client's credentials prior to storing the client's credentials in the database and can decrypt the client's credentials prior to sending the client's credentials to the computer program.

SUPPORTING DNS SECURITY IN A MULTI-MASTER ENVIRONMENT

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

DISCOVERY OF SECURE NETWORK ENCLAVES

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located. 1. A device for providing secure communications , comprising: receive a control packet during an exchange, between the device and a second device, to establish a security association;', 'identify a chain of one or more markers in the control packet, each marker of the chain of one or more markers indicating an enclave;', 'determine an identity of an enclave in which the second device is located based at least on the chain of one or more markers; and', 'employ the determined identity of the enclave to establish a security association with the second device., 'a memory and a processor that are respectively configured to store and execute instructions, including instructions that enable the device to2. The device of claim 1 , wherein the instructions include additional instructions that enable the device to:determine an identity of another enclave based at least on the chain of one or more markers, wherein the device is located in the other enclave.3. The device of claim 2 , wherein at least one marker of the chain of one or more markers includes a value associated an intermediary device that processed the control packet ...

Systems, Methods and Devices for the Rapid Assessment and Deployment of Appropriate Modular Aid Solutions in Response to Disasters

An embodiment of a disaster response system is disclosed that includes a communication and monitoring environment (CME). The CME includes an incident command infrastructure, and a communication infrastructure configured to exchange data with the incident command infrastructure. The communication infrastructure includes a network comprising a plurality of sensor assemblies that are configured to wirelessly communicate with the communication infrastructure. The sensor assemblies are configured to acquire data that includes at least one of environmental conditions, motion, position, chemical detection, and medical information. One or more of the sensors are configured to aggregate data from a subset of the plurality of sensors. The CME is configured to detect an incident based on at least the data acquired by the sensor assemblies. 1. A disaster response system , comprising: an incident command infrastructure;', 'a communication infrastructure configured to exchange data with the incident command infrastructure, wherein the communication infrastructure includes a network comprising a plurality of sensor assemblies that are configured to wirelessly communicate with the communication infrastructure;', 'wherein the sensor assemblies are configured to acquire data that includes at least one of environmental conditions, motion, position, chemical detection, and medical information;', 'wherein one or more of the sensors are configured to aggregate data from a subset of the plurality of sensors; and, 'a communication and monitoring environment (CME) includingwherein the CME is configured to detect an incident based on at least the data acquired by the sensor assemblies.2. The disaster response system of claim 1 , further comprising a physical deployment system configured to deliver a modular aid solution in response to the detected incident.3. The disaster response system of claim 2 , wherein the physical deployment system includes an unmanned aerial vehicle (UAV).4. The ...

Systems, Methods and Devices for the Rapid Assessment and Deployment of Appropriate Modular Aid Solutions in Response to Disasters

An embodiment of a disaster response system is disclosed that includes a communication and monitoring environment (CME). The CME includes an incident command infrastructure, and a communication infrastructure configured to exchange data with the incident command infrastructure. The communication infrastructure includes a network comprising a plurality of sensor assemblies that are configured to wirelessly communicate with the communication infrastructure. The sensor assemblies are configured to acquire data that includes at least one of environmental conditions, motion, position, chemical detection, and medical information. One or more of the sensors are configured to aggregate data from a subset of the plurality of sensors. The CME is configured to detect an incident based on at least the data acquired by the sensor assemblies.

Systems, Methods and Devices for the Rapid Assessment and Deployment of Appropriate Modular Aid Solutions in Response to Disasters

An embodiment of a disaster response system is disclosed that includes a communication and monitoring environment (CME). The CME includes an incident command infrastructure, and a communication infrastructure configured to exchange data with the incident command infrastructure. The communication infrastructure includes a network comprising a plurality of sensor assemblies that are configured to wirelessly communicate with the communication infrastructure. The sensor assemblies are configured to acquire data that includes at least one of environmental conditions, motion, position, chemical detection, and medical information. One or more of the sensors are configured to aggregate data from a subset of the plurality of sensors. The CME is configured to detect an incident based on at least the data acquired by the sensor assemblies. 1. A disaster response system , comprising: an incident command infrastructure;', 'a communication infrastructure configured to exchange data with the incident command infrastructure, wherein the communication infrastructure includes a network comprising a plurality of sensor assemblies that are configured to wirelessly communicate with the communication infrastructure;', 'wherein the sensor assemblies are configured to acquire data that includes at least one of environmental conditions, motion, position, chemical detection, and medical information;', 'wherein one or more of the sensors are configured to aggregate data from a subset of the plurality of sensors; and, 'a communication and monitoring environment (CME) includingwherein the CME is configured to detect an incident based on at least the data acquired by the sensor assemblies.2. The disaster response system of claim 1 , further comprising a physical deployment system configured to deliver a modular aid solution in response to the detected incident.3. The disaster response system of claim 2 , wherein the physical deployment system includes an unmanned aerial vehicle (UAV).4. The ...

Authentication system and method for smart card transactions

An authentication system includes a portable information device, such as a smart card, that is configured to store and process multiple different applications. The smart card is assigned its own digital certificate which contains a digital signature from a trusted certifying authority and a unique public key. Each of the applications stored on the smart card is also assigned an associated certificate having the digital signature of the certifying authority. The system further includes a terminal that is capable of accessing the smart card. The terminal has at least one compatible application which operates in conjunction with an application on the smart card. The terminal is assigned its own certificate which also contains the digital signature from the trusted certifying authority and a unique public key. Similarly, the application on the terminal is given an associated digital certificate. During a transactional session, the smart card and terminal exchange their certificates to authenticate one another. Thereafter, a smart card application is selected and the related certificates for both the smart card application and the terminal application are exchanged between the smart card and terminal to authenticate the applications. Additionally, the cardholder enters a unique PIN into the terminal. The PIN is passed to the smart card for use in authenticating the cardholder. The three-tiered authentication system promotes security in smart card transactions.

Electronic online commerce card with customer generated transaction proxy number for online transactions

An online commerce system facilitates online commerce over a public network using an online commerce card. The "card" does not exist in physical form, but instead exists in digital form. It is assigned a customer account number that includes digits for a prefix number for bank-handling information, digits for a customer identification number, digits reserved for an embedded code number, and a digit for check sum. The bank also gives the customer a private key. During an online transaction, the customer computer retrieves the private key and customer account number from storage. The customer computer generates a code number as a function of the private key, customer-specific data (e.g, card-holder's name, account number, etc.) and transaction-specific data (e.g., transaction amount, merchant ID, goods ID, time, transaction date, etc.). The customer computer embeds the code number in the reserved digits of the customer account number to create a transaction number specific to the transaction. The customer submits that transaction number to the merchant as a proxy for a regular card number. When the merchant submits the number for approval, the issuing institution recognizes it as a proxy transaction number, indexes the customer account record, and looks up the associated private key and customer-specific data. The institution computes a test code number using the same function and input parameters as the customer computer. The issuing institution compares the test code number with the code number embedded in the transaction number. If the two numbers match, the issuing institution accepts the transaction number as valid.

Methods for remotely changing a communications password

Disclosed are methods for an authentication client, having been authenticated by an authentication server, to leverage the effects of that authentication to implement a new communications password. The authentication client gets a new password from its user. From the new password and from information provided by the authentication server, the authentication client derives a "password verifier." The password verifier is then shared with the authentication server. The new password itself is never sent to the authentication server, and it is essentially impossible to derive the new password from the password verifier. The authentication client and the authentication server, in parallel, derive a new set of authentication and encryption security keys from the new password and from the password verifier, respectively. This process may be repeated to limit the amount of data sent using any one particular set of security keys and thus to limit the effectiveness of any statistical attacker.

A system of battery assemblies

There is provided a system comprising a plurality of battery assemblies. Each battery assembly comprises power storage that can be charged and control electronics and communication means. Each battery assembly is configured to act as a local hub for local DC power demand monitoring; and a local DC power supply for DC loads. A method is provided for installing the system by co-locating a battery assembly near an energy meter and consumer unit and connecting the battery assembly to re-use existing lighting circuit wiring. A battery assembly for use in a distributed battery system of further battery assemblies is also provided. The battery system can receive electrical power from a power source and comprises electrical power storage, power electronics, control electronics and communication means. The control and communication means is configured to receive data and charge the electrical power storage. A method for installing the battery assembly is also provided.

Identity-centric data access

A model for accessing data in an identity-centric manner. An identity (310) maybe a user, a group of users, or an organization. Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more data services (511 through 518) accessible by many applications (320). The data is stored in accordance with a schema that is recognized by a number of different applications and hte data service (511 through 518). When a user is to perform an operatio on the identity's (310 data, the corresponding application (320) generates a message (531) that has a structure that is recognized by the data service (511 through 518). The message (531) represents a request to perform an operation on the data structure corresponding to the identity (310). The data service (511 through 518) receives and itnerprets the message. If authorized, the data service (511 through 518) then performs the operation.

Untraceable electronic cash

Method and system for detecting a communication problem in a computer network

A computer in a network runs a verification procedure in which it sends data packets to another computer in the network. Some or all of the data packets contain, either individually or collectively, a secret piece of information, such as a secret code. The computer then makes a determination regarding the network links between it and the other computer. If, for example, the other computer is able to respond by providing the secret piece of information back, then the computer sending the data packets concludes that the devices along the network links en route to the other computer are properly forwarding data packets.

Methods for remotely changing a communications password

Disclosed are methods for an authentication client, having been authenticated by an authentication server, to leverage the effects of that authentication to implement a new communications password. The authentication client gets a new password from its user. From the new password and from information provided by the authentication server, the authentication client derives a "password verifier." The password verifier is then shared with the authentication server. The new password itself is never sent to the authentication server, and it is essentially impossible to derive the new password from the password verifier. The authentication client and the authentication server, in parallel, derive a new set of authentication and encryption security keys from the new password and from the password verifier, respectively. This process may be repeated to limit the amount of data sent using any one particular set of security keys and thus to limit the effectiveness of any statistical attacker.

A system of battery assemblies

There is provided a system comprising a plurality of battery assemblies. Each battery assembly comprises power storage that can be charged and control electronics and communication means. Each battery assembly is configured to act as a local hub for local DC power demand monitoring; and a local DC power supply for DC loads. A method is provided for installing the system by co-locating a battery assembly near an energy meter and consumer unit and connecting the battery assembly to re-use existing lighting circuit wiring. A battery assembly for use in a distributed battery system of further battery assemblies is also provided. The battery system can receive electrical power from a power source and comprises electrical power storage, power electronics, control electronics and communication means. The control and communication means is configured to receive data and charge the electrical power storage. A method for installing the battery assembly is also provided.

Mesh networks with exclusion capability

In an exemplary method implementation, a method includes: designating a neighborhood administrator; receiving notification of a delinquent router from the designated neighborhood administrator; and excluding the delinquent router responsive to the notification. In an exemplary mesh router implementation, a mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to exclude another mesh router that is associated with a particular certificate when the particular certificate has been identified as delinquent by the designated neighborhood administrator. mesh router.

Establishing secure mutual trust using an insecure password

A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.

Identity based network policy enablement

Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.

Mesh networks with end device recognition

An exemplary router performs actions including: receiving at least one certificate from an end device, the at least one certificate issued by another router; ascertaining if the other router is a member of a predetermined neighborhood; determining if the at least one certificate is valid; and if the other router is ascertained to be a member of the predetermined neighborhood and the at least one certificate is determined to be valid, recognizing the end device as privileged. An exemplary mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to grant privileged status to a particular end device associated with a particular certificate issued by a particular mesh router when the particular mesh router is a member of a neighborhood of the designated neighborhood administrator mesh router.

Method of negotiating security parameters and authenticating users interconnected to a network

A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.

Identity based network policy enablement

System for transmitting subscription information and content to a mobile device

A system controls access to broadcast messages (298) received by a plurality of mobile devices (18). Selected mobile devices (18) are provided with a broadcast encryption key (BEK) (268). The broadcast messages (298) are encrypted using the BEK (268) prior to broadcasting so that the selected mobile devices (18) containing the BEK (268) can decrypt the broadcast messages (298). The broadcast messages (298) are then broadcast.

Secure peer-to-peer cache sharing

Flat and collapsible mouse

A mouse ( 1 ) suitable for use as a computer input device that is collapsible between a flat configuration in which the mouse ( 1 ) is generally planar, and an optional popped configuration in which the mouse ( 1 ) has increased volume and forms a generally curved ergonomic profile, where said mouse ( 1 ) can be used for wireless data input and control and is operable in either configuration, and can be conveniently attached when flat with a docking cradle or tray ( 3 ) that slides into a card-shaped recess ( 13 ), such as a PCMCIA or CardBus interface slot within a host device ( 12 ) for the purposes of storage, battery recharging, and where said docking cradle ( 3 ) can directly provide wireless connectivity and control information between the mouse ( 1 ) and host device ( 12 ). The mouse ( 1 ) may support a combination of buttons ( 4 ) and capacitance panels ( 41 ) for increased control.

System and method for evaluating and enhancing source anonymity for encrypted web traffic

A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

Authorizing requesting entity to operate upon data structures

Authorizing a requesting entity to have a server perform a particular action in a manner that is at least partially independent of the underlying target data structure. An authorization station maintains a number of role templates (310) that each define basic access permissions with respect to a number of command methods. The authorization station also maintains a number of role definitions (350) that each define access permissions for specific requesting entities by using one or more of the role templates (310). When the authorization station receives a request from the requesting entity, the authorization station then identifies the appropriate role definition (350). Using this role definition (350), the authorization station determines access permissions for the requesting entity with respect to the requested action.

Elektronisches geldsystem ohne ursprungserkennung

Authorizing requesting entity to operate upon data structures

Authorizing a requesting entity to have a server perform a particular action in a manner that is at least partially independent of the underlying target data structure. An authorization station maintains a number of role templates (310) that each define basic access permissions with respect to a number of command methods. The authorization station also maintains a number of role definitions (350) that each define access permissions for specific requesting entities by using one or more of the role templates (310). When the authorization station receives a request from the requesting entity, the authorization station then identifies the appropriate role definition (350). Using this role definition (350), the authorization station determines access permissions for the requesting entity with respect to the requested action.

Verfahren zur ferngesteuerten änderung eines kommunikationspasswortes

Vermaschtes netz mit endgeräteerkennung

Messaging infrastructure for identity-centric data access

A messaging data structure (700) for accessing data in an identity-centric manner, An identity may be a user, a group of users, or an organization. Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more data services accessible by many applications. The data is stored in accordance with a schema that is recognized by number of different applications and the data service. The messaging data structure (700) includes fields that identify the target data object to be operated upon using an identity field (701), a schema field (703), and an instance identifier field (704). In addition, the desired operation (707) is specified. Thus, the target data objet is operated on in an identity-centric manner.

Method and System for Asymmetric Key Security

Discovery of secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

Key management in secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

Maschennetz mit ausschlussfähigkeit

Discovery of secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

Discovery of secure network enclaves

System for transmitting subscription information and content to a mobile device

A system controls access to broadcast messages (298) received by a plurality of mobile devices (18). Selected mobile devices (18) are provided with a broadcast encryption key (BEK) (268). The broadcast messages (298) are encrypted using the BEK (268) prior to broadcasting so that the selected mobile devices (18) containing the BEK (268) can decrypt the broadcast messages (298). The broadcast messages (298) are then broadcast.

Discovery of secure network enclaves

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

Ipsec Encapsulation Mode

Described are embodiments directed to negotiating an encapsulation mode between an initiator and a responder. As part of the negotiation of the security association, an encapsulation mode is negotiated that allows packets to be sent between the initiator and responder without encapsulation. The ability to send packets without encapsulation allows intermediaries, such as a firewall, at the responder to easily inspect the packets and implement additional features such as security filtering.

Pass-thru for client authentication

This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.

Accessing heterogeneous data in a standardized manner

Directly operating on data structures in a generic manner regardless of the type of data structure being operated upon and without requiring dedicated executable code for manipulating data structures of the particular data type. A common set of commands (e.g -. insert, delete, replace, update, query) are recognized that may be used to operate on data structures (210, 220, 230, 240) of a number of different data types. A navigation module (250) accesses a request to execute one of the common command methods on at least an identified portion of an identified data structure (210, 220, 230, 240). Then, the navigation module (250) accesses a navigation assistance module (260) to access a set of rules associated with the particular data type, the set of rules allowing the navigation module (250) to find the portion of the data structure (210, 220, 230, 240) that is to be operated on. If appropriate, the command operation is then executed on the identified portion of the data structure (210, 220, 230, 240).