| Patent application number | Description | Published |
|---|
| 20090172418 | Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value ν | 07-02-2009 |
| 20100122329 | AUTHENTICATION BASED ON USER BEHAVIOR - One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity. | 05-13-2010 |
| 20100122340 | ENTERPRISE PASSWORD RESET - One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user. | 05-13-2010 |
| 20100122341 | AUTHENTICATING USERS WITH MEMORABLE PERSONAL QUESTIONS - One embodiment provides a system that verifies a user's identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user's password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester's response with the stored user response. | 05-13-2010 |
| 20100125906 | RESETTING A FORGOTTEN PASSWORD USING THE PASSWORD ITSELF AS AUTHENTICATION - One embodiment of the present invention provides a system for resetting a user's forgotten password. During operation, the system receives a user's request for resetting the user's forgotten password and derives one or more challenges from the user's forgotten password. The system then presents the derived challenges to the user and receives a response from the user to the challenges. The system further compares the user's response to the one or more challenges with the user's forgotten password, thereby facilitating password resetting. | 05-20-2010 |
| 20100153274 | METHOD AND APPARATUS FOR MUTUAL AUTHENTICATION USING SMALL PAYMENTS - One embodiment provides a system for mutual authentication. During operation, a first entity receives an access request from a second entity. In response, the first entity requests information about the second entity's account with a financial service provider (FSP) and transfers a fund to the account. The first entity sends first and second messages through the FSP to the second entity with the fund. Subsequently, the first entity receives from the second entity a first input corresponding to the first message and determines that a first condition is met based on the received first input and the first message. The first entity sends a second input to the second entity based on the second message, thereby allowing the second entity to verify that a second condition is met based on the second input and the second message. The system then produces a result indicating that both the first and second entities are mutually authenticated. | 06-17-2010 |
| 20100153275 | METHOD AND APPARATUS FOR THROTTLING ACCESS USING SMALL PAYMENTS - One embodiment of the present invention provides a system for controlling access to resources using small payments. The system receives a request from an entity to access a resource. In response, the system requests the entity to submit information about the entity's account with a financial service provider (FSP). The system then transfers a fund to the entity's account and sends a message through the FSP to the entity with the fund transfer. The system receives from the entity an input corresponding to the message and determines that a first condition is met based on the received input and the message. As a result, the system grants the entity access to the resource. | 06-17-2010 |
| 20110016534 | IMPLICIT AUTHENTICATION - Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource. | 01-20-2011 |
| 20110035505 | CAPTCHA-FREE THROTTLING - One embodiment provides a system that throttles access to a web resource. During operation, a throttle server receives a request to access the web resource. The request is associated with a computing device used by a user and is redirected from a server providing the web resource. The throttle server then determines whether the computing device has previously accessed a restricted resource different from the web resource corresponding to the request based on the presence or absence of a unique mark associated with the computing device. Based on the determination, the throttle server subsequently generates a response indicating whether the computing device meets a predetermined requirement for accessing the web resource, and sends the response to the server providing the web resource, thereby facilitating access throttling to the web resource. | 02-10-2011 |
| 20110035784 | METHOD AND APPARATUS FOR DETECTING CYBER THREATS - A method and apparatus for detecting cyber threats using reinforced cookies, which include HTTP cookies, history cookies, cache cookies and/or other types. A history cookie comprises an entry for a particular web page in a browser's navigation history. A cache cookie comprises an entry for a particular object (e.g., an image file) within a browser's cache. Upon a client's first visit to a web server, an identifier record is generated comprising data such as a user ID, a client device ID, an age (e.g., a counter), a cookie type, an authentication field, etc. From the unique identifier, one or more types of reinforced cookies are generated and stored with the client browser. On a subsequent visit, the client's cookie configuration is examined to determine whether the client may be the perpetrator or victim of a cyber attack. Cookies may be updated or replaced on some or all visits. | 02-10-2011 |
| 20110041178 | AUDITING A DEVICE - The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively read and at least one result is determined. The result is provided to a verifier. | 02-17-2011 |
| 20110041180 | AUDITING A DEVICE - Auditing a device is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. A sequence of modifications to the physical memory is performed. Results are provided to a verifier. Optionally, once it is determined that no evasive software is active in the physical memory, a scan is performed. | 02-17-2011 |
| 20110055925 | PATTERN-BASED APPLICATION CLASSIFICATION - Embodiments of present disclosure provide a method and system for remotely auditing a security posture of a client machine at a centralized server. The system receives an integrity-protected report from the client machine, or other devices related to the client machine, the report comprising entries associated with security events or security states or both related to the client machine. The report entries comprise characteristics of the security events or security states to facilitate identification of a probable security attack at the client machine. The system also detects a pattern among one or more reports. Finally, the system classifies the security posture of the client machine based on the detected pattern, which could indicate a probable security attack at the client machine. | 03-03-2011 |
| 20110119488 | METHOD AND SYSTEM FOR FACILITATING THROTTLING OF INTERPOLATION-BASED AUTHENTICATION - One embodiment provides a system that facilitates throttling of interpolation-based authentication at a client. During operation, the system receives data points encrypted with a public key associated with a throttle server. The system then applies offsets to the data points, wherein a respective offset for a data point is associated with a user input. The system blinds the offset data points, and sends to the throttle server the blinded offset data points, thereby allowing the throttle server to perform an interpolation on the blinded offset data points and maintain a count of interpolation attempts from the client. Subsequently, the system receives from the throttle server an evaluation point based at least on the interpolation. In response, the system unblinds the evaluation point, and uses the unblinded evaluation point as a secret for a subsequent authentication process. | 05-19-2011 |
