Method and apparatus to authenticate a user to a mobile device using mnemonic based digital signatures
    1.
    发明授权
    Method and apparatus to authenticate a user to a mobile device using mnemonic based digital signatures 有权
    使用基于助记码的数字签名向移动设备认证用户的方法和装置

    公开(公告)号:US08769669B2

    公开(公告)日:2014-07-01

    申请号:US13366011

    申请日:2012-02-03

    IPC分类号: G06F21/00 G06F21/36 H04W12/06

    摘要: A user device comprising a processor configured to enable a mnemonic based digital signature scheme for user authentication that is based on a combination of one or more secrets and one or more actions implemented on the user device and associated with the secrets, and a device input system coupled to the processor and configured to detect the actions implemented on the user device. Also disclosed is an apparatus comprising a processor configured to implement a mnemonic based digital signature for authenticating a user, a device input system configured to enable the mnemonic based digital signature, and a memory unit configured to store input data that is used to recognize the mnemonic based digital signature, wherein the mnemonic based digital signature comprises a secret, an action associated with the secret and implemented using the device input system, and a cue associated with the action.

    摘要翻译: 一种用户设备,包括:处理器,被配置为使得基于用户认证的基于助记符的数字签名方案是基于一个或多个秘密的组合以及在所述用户设备上实现并与所述秘密相关联的一个或多个动作的组合,以及设备输入系统 耦合到处理器并且被配置为检测在用户设备上实现的动作。 还公开了一种装置,包括被配置为实现用于认证用户的基于助记符的数字签名的处理器,被配置为启用基于助记符的数字签名的设备输入系统,以及被配置为存储用于识别助记符的输入数据的存储器单元 其中基于助记符的数字签名包括秘密,与秘密相关联并且使用设备输入系统实现的动作以及与该动作相关联的提示。

    Method and Apparatus to Authenticate a User to a Mobile Device Using Mnemonic Based Digital Signatures
    2.
    发明申请
    Method and Apparatus to Authenticate a User to a Mobile Device Using Mnemonic Based Digital Signatures 有权
    使用基于助记符的数字签名向移动设备认证用户的方法和装置

    公开(公告)号:US20130205387A1

    公开(公告)日:2013-08-08

    申请号:US13366011

    申请日:2012-02-03

    IPC分类号: G06F21/00

    摘要: A user device comprising a processor configured to enable a mnemonic based digital signature scheme for user authentication that is based on a combination of one or more secrets and one or more actions implemented on the user device and associated with the secrets, and a device input system coupled to the processor and configured to detect the actions implemented on the user device. Also disclosed is an apparatus comprising a processor configured to implement a mnemonic based digital signature for authenticating a user, a device input system configured to enable the mnemonic based digital signature, and a memory unit configured to store input data that is used to recognize the mnemonic based digital signature, wherein the mnemonic based digital signature comprises a secret, an action associated with the secret and implemented using the device input system, and a cue associated with the action.

    摘要翻译: 一种用户设备,包括:处理器,被配置为使得基于用户认证的基于助记符的数字签名方案是基于一个或多个秘密的组合以及在所述用户设备上实现并与所述秘密相关联的一个或多个动作的组合,以及设备输入系统 耦合到处理器并且被配置为检测在用户设备上实现的动作。 还公开了一种装置,包括被配置为实现用于认证用户的基于助记符的数字签名的处理器,被配置为启用基于助记符的数字签名的设备输入系统,以及被配置为存储用于识别助记符的输入数据的存储器单元 其中基于助记符的数字签名包括秘密,与秘密相关联并且使用设备输入系统实现的动作以及与该动作相关联的提示。

    Method and apparatus for a control plane to manage domain-based security and mobility in an information centric network
    3.
    发明授权
    Method and apparatus for a control plane to manage domain-based security and mobility in an information centric network 有权
    控制平面在信息中心网络中管理基于域的安全性和移动性的方法和装置

    公开(公告)号:US08881236B2

    公开(公告)日:2014-11-04

    申请号:US13352835

    申请日:2012-01-18

    IPC分类号: G06F7/04 H04L29/08 H04W4/08

    摘要: A networking system comprising a virtual group controller in an information centric network configured to enable mobility and security for a plurality of users groups of the information centric network, a plurality of user groups coupled to the virtual group controller and associated with the users, a plurality of agents that are each associated with one of the user groups, and a database for trusted service profile coupled to the virtual group controller, wherein the virtual group controller is configured to interact with the agents to enable mobility for the user groups using a server-less domain-based naming scheme.

    摘要翻译: 一种网络系统,包括信息中心网络中的虚拟组控制器,其被配置为实现信息中心网络的多个用户组的移动性和安全性,耦合到虚拟组控制器并与用户相关联的多个用户组,多个 每个与所述用户组中的一个相关联的代理以及耦合到所述虚拟组控制器的可信服务简档的数据库,其中所述虚拟组控制器被配置为与所述代理进行交互以使得能够使用服务器 - 较少的基于域的命名方案。

    Execution allocation cost assessment for computing systems and environments including elastic computing systems and environments
    4.
    发明授权
    Execution allocation cost assessment for computing systems and environments including elastic computing systems and environments 失效
    包括弹性计算系统和环境在内的计算系统和环境的执行分配成本评估

    公开(公告)号:US08775630B2

    公开(公告)日:2014-07-08

    申请号:US13492772

    申请日:2012-06-08

    摘要: Techniques for assessing the cost of allocation of execution and affecting the allocation of execution are disclosed. The cost of allocation of execution between a first computing device (e.g., mobile device) and one or more computing resource providers (e.g., Clouds) can be determined during runtime of the code. A computing system can operate independently of the first computing device and a computing resource provider and provide execution allocation cost assessment. Execution allocation cost can be assessed based on execution allocation data pertaining to the first computing device and computing resource providers. Power consumption of a mobile device can be used as a factor in determining how to allocate individual components of an application program between a mobile phone and a Cloud. In an Elastic computing environment, external computing resources can be used to extend the computing capabilities beyond that which can be provided by internal computing resources.

    摘要翻译: 披露了评估分配成本和影响执行分配的技术。 可以在代码的运行时间期间确定第一计算设备(例如,移动设备)与一个或多个计算资源提供者(例如,云)之间的执行分配成本。 计算系统可以独立于第一计算设备和计算资源提供者操作并提供执行分配成本评估。 可以基于与第一计算设备和计算资源提供者有关的执行分配数据来评估执行分配成本。 可以将移动设备的功耗用作确定如何在移动电话和云之间分配应用程序的各个组件的因素。 在弹性计算环境中,外部计算资源可用于将计算能力扩展到内部计算资源所能提供的计算能力之外。

    Method for flexible data protection with dynamically authorized data receivers in a content network or in cloud storage and content delivery services
    5.
    发明授权
    Method for flexible data protection with dynamically authorized data receivers in a content network or in cloud storage and content delivery services 有权
    在内容网络或云存储和内容传送服务中使用动态授权的数据接收器进行灵活数据保护的方法

    公开(公告)号:US08769705B2

    公开(公告)日:2014-07-01

    申请号:US13371944

    申请日:2012-02-13

    IPC分类号: G06F21/00

    摘要: A networking system comprising an application service that runs on a cloud infrastructure and is configured to receive dual encrypted content from a content provider and re-encrypt the dual encrypted content to enable dynamic user group control for group-based user authorization, and a cloud storage service coupled to the application service and configured to store the dual encrypted content from the content provider and the re-encrypted dual encrypted content from the application service, wherein the application service and the storage service are configured to communicate and operate with a content delivery service that uses a content delivery network (CDN) to deliver the re-encrypted content to one or more users in a group authorized by the content provider.

    摘要翻译: 一种网络系统,包括在云基础设施上运行的应用服务,并且被配置为从内容提供商接收双加密内容,并重新加密双加密内容,以启用基于组的用户授权的动态用户组控制,以及云存储 服务,其被配置为存储来自内容提供商的双加密内容和来自应用服务的重新加密的双加密内容,其中应用服务和存储服务被配置为与内容传递服务进行通信和操作 其使用内容递送网络(CDN)将重新加密的内容递送到由内容提供商授权的组中的一个或多个用户。

    Detecting unauthorized use of computing devices based on behavioral patterns
    6.
    发明授权
    Detecting unauthorized use of computing devices based on behavioral patterns 有权
    根据行为模式检测未经授权使用计算设备

    公开(公告)号:US08595834B2

    公开(公告)日:2013-11-26

    申请号:US12025678

    申请日:2008-02-04

    IPC分类号: G06F21/00 H04L29/06

    摘要: Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.

    摘要翻译: 公开了用于检测计算系统(例如,计算设备)的未经授权的使用(例如,恶意攻击)的技术。 可以基于计算系统的使用模式(例如,通常与人相关联的行为模式)来检测未经授权的使用。 可以通过监视在计算系统上运行的支持系统(例如,操作系统,虚拟环境)的使用来为计算系统生成可接受的行为模式数据。 例如,可以监视支持系统的多个系统支持提供商组件(例如,系统调用,设备驱动程序),以便以有效地定义可接受的使用模式(使用模式)的形式生成可接受的行为模式数据, 用于监视的系统支持提供者组件,从而通过检测与受监视的系统支持提供商组件的可接受的使用模式的任何偏离来允许检测计算系统的未经授权的使用。

    Safe and efficient access control mechanisms for computing environments
    7.
    发明授权
    Safe and efficient access control mechanisms for computing environments 有权
    安全高效的计算环境访问控制机制

    公开(公告)号:US08510805B2

    公开(公告)日:2013-08-13

    申请号:US12108455

    申请日:2008-04-23

    IPC分类号: G06F15/16 H04L29/06 G06F17/30

    CPC分类号: G06F12/1458

    摘要: Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System).

    摘要翻译: 公开了用于控制对计算环境的可访问组件的访问的改进的技术。 这些技术可以用于为移动和嵌入式系统提供强制访问控制(MAC)机制。 确定组件可尝试访问的一个或多个可访问组件(例如,可访问资源),使得可以以如下方式来存储一个或多个访问许可:如果组件尝试访问一个或多个可访问组件 从而允许基于容易获得的访问权限来访问要被确定的一个或多个可访问组件。 通常,可以根据需要识别和存储访问权限。 可以例如基于使用的可能性来识别访问权限,或者可以确定和存储所有可能的访问许可。 安全(例如,受信任的)访问控制(或监视)系统(或组件)可以控制对计算环境的资源的访问。 例如,可以使用安全操作系统(例如,SELinux操作系统)的强制访问控制(MAC)功能在安全和受信任的操作环境中提供可信赖的访问监控系统。

    Seamless Mobility Schemes in Named-Data Networking Using Multi-Path Routing and Content Caching
    8.
    发明申请
    Seamless Mobility Schemes in Named-Data Networking Using Multi-Path Routing and Content Caching 有权
    使用多路径路由和内容缓存的命名数据网络中的无缝移动性方案

    公开(公告)号:US20130039249A1

    公开(公告)日:2013-02-14

    申请号:US13530372

    申请日:2012-06-22

    IPC分类号: H04W4/06 H04W36/08

    摘要: A content-centric-network (CCN)/named-data networking (NDN) system to support seamless mobility for a mobile node (MN) comprising a first point of attachment (PoA) configured to indicate to the MN that attaches to the first PoA one or more neighbor PoAs and to multicast an interest for content from the MN to the neighbor PoAs in a CCN or NDN when the MN starts a handoff procedure, and a second PoA from the one or more neighbor PoAs of the first PoA configured to receive the multicast interest from the first PoA, forward the interest to the CCN or NDN, receive content data from the CCN or NDN, and forward the content data to the MN.

    摘要翻译: 一种用于支持移动节点(MN)的无缝移动性的内容中心网络(CCN)/命名数据网络(NDN)系统,其包括第一附着点(PoA),其被配置为向MN指示附接到第一PoA 一个或多个相邻PoA,并且当MN开始切换过程时,将来自MN的内容的兴趣多播到CCN或NDN中的邻居PoA,并且从配置为接收的第一PoA的一个或多个相邻PoA中的第二PoA 来自第一PoA的组播兴趣,将兴趣转发到CCN或NDN,从CCN或NDN接收内容数据,并将内容数据转发到MN。

    Method and system for securing instruction caches using cache line locking
    9.
    发明授权
    Method and system for securing instruction caches using cache line locking 失效
    使用高速缓存行锁定来保护指令高速缓存的方法和系统

    公开(公告)号:US08019946B2

    公开(公告)日:2011-09-13

    申请号:US12183908

    申请日:2008-07-31

    IPC分类号: G06F12/08

    摘要: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves providing security critical instructions to indicate a security critical code section; and implementing an I-cache locking policy to prevent unauthorized eviction and replacement of security critical instructions in the I-cache. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.

    摘要翻译: 提供了一种用于保护微架构指令高速缓存(I缓存)的方法和系统。 保护I缓存涉及提供安全关键指令来指示安全关键代码段; 并实施I缓存锁定策略,以防止未经授权的驱逐和替换I缓存中的安全关键指令。 保护I缓存还可以包括动态地将I缓存分区成多个逻辑分区,并且通过仅由一个逻辑处理器提供对每个I缓存分区的访问的I缓存映射策略共享对I缓存的访问。