专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US06976164B1 Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session 失效
标题翻译：用于在基于证书的主机会话内处理后续用户标识和密码请求的技术用于身份更改
公开(公告)号：US06976164B1
公开(公告)日：2005-12-13
申请号：US09619912
申请日：2000-07-19
申请人： Julie H. King , Susan D. Kirkman , Daniel J. Labrecque , Linwood H. Overby, Jr. , Steven Wayne Pogue
发明人： Julie H. King , Susan D. Kirkman , Daniel J. Labrecque , Linwood H. Overby, Jr. , Steven Wayne Pogue
IPC分类号： G06F11/30 , H04L9/00 , H04L29/06 , G04K1/00
CPC分类号： H04L63/0815 , G06Q20/202 , G06Q20/367 , H04L63/0823 , Y10S707/99939
摘要： The present invention provides a method, system, and computer program product which enables changing user credentials that are used to access legacy host applications and/or systems which provide legacy host data during a secure host access session which is authenticated using a digital certificate and is protected by a host-based security system, such as RACF (Resource Access Control Facility, a product offered by the IBM Corporation), where these changed credentials are used to authenticate a user after previously-provided credentials have been used for authentication earlier in the same session. The changed credentials may belong to the same user, where that user happens to have a different user ID and/or password for different legacy host applications and wishes to change from accessing one legacy host application to accessing another. Or, the changed credentials may be used to enable a different user to interact with the same legacy host application used by the previously-authenticated user. The disclosed technique may also be used advantageously to authenticate a user for accessing an application, when the user's credentials are not changing.
摘要翻译：本发明提供一种方法，系统和计算机程序产品，其能够改变用于访问传统主机应用的用户凭证和/或在使用数字证书认证的安全主机访问会话期间提供传统主机数据的系统，并且是受基于主机的安全系统的保护，例如RACF（资源访问控制设施，IBM公司提供的产品），其中这些更改的凭据用于在之前提供的凭据在相同的会话已更改的凭据可能属于同一用户，其中该用户恰好具有不同的传统主机应用程序的不同用户ID和/或密码，并希望从访问一个旧主机应用程序改变为访问另一个。或者，更改的凭证可以用于使不同的用户能够与先前认证的用户使用的相同的遗留主机应用交互。当用户的凭证不改变时，所公开的技术也可以有利地用于认证用户访问应用。

12. 发明授权

US08458768B2 Policy-based security certificate filtering 有权
标题翻译：基于策略的安全证书过滤
公开(公告)号：US08458768B2
公开(公告)日：2013-06-04
申请号：US13111907
申请日：2011-05-19
申请人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
发明人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
IPC分类号： H04L29/06
CPC分类号： H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译：策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体相关联的根证书的本地副本。可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

13. 发明授权

US08199916B2 Selectively loading security enforcement points with security association information 有权
标题翻译：选择性地加载具有安全关联信息的安全性强制点
公开(公告)号：US08199916B2
公开(公告)日：2012-06-12
申请号：US11964503
申请日：2007-12-26
申请人： Christopher Meyer , Wuchieh J. Jong , Linwood H. Overby, Jr.
发明人： Christopher Meyer , Wuchieh J. Jong , Linwood H. Overby, Jr.
IPC分类号： H04L9/08
CPC分类号： H04L63/0428 , H04L63/062 , H04L63/164
摘要： A method, network element, and computer storage program product, are provided for selectively loading a communication network security enforcement point (“SEP”) with security association (“SA”) information for inspection of encrypted data in a secure, end-to-end communications path. At least one encrypted data packet is received. It is determined that SA information for decrypting the at least one encrypted data packet fails to exist locally at the SEP. A request is sent to a communication network key server for SA information associated with the at least one encrypted data packet. The SA information associated with the at least one encrypted data packet is received from the communication network key server.
摘要翻译：提供了一种方法，网络元件和计算机存储程序产品，用于选择性地加载具有安全关联（SA））信息的通信网络安全执行点（“SEP”），以便在安全的端对端终端通信路径。至少接收一个加密的数据包。确定在SEP处本地存在用于解密至少一个加密数据分组的SA信息不存在。向通信网络密钥服务器发送与所述至少一个加密数据分组相关联的SA信息的请求。从通信网络密钥服务器接收与该至少一个加密数据分组相关联的SA信息。

14. 发明授权

US07992200B2 Secure sharing of transport layer security session keys with trusted enforcement points 失效
标题翻译：传输层安全会话密钥与可信执行点的安全共享
公开(公告)号：US07992200B2
公开(公告)日：2011-08-02
申请号：US11778396
申请日：2007-07-16
申请人： David G. Kuehr-McLaren , Linwood H. Overby, Jr.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, Jr.
IPC分类号： G06F9/00 , G06F15/16
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中的安全执行点可操作性方面本领域的缺陷，并提供了一种新颖且不显眼的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

15. 发明授权

US07702785B2 Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources 有权
标题翻译：用于选择性地允许多用户系统的用户访问网络资源的方法，系统和计算机程序产品
公开(公告)号：US07702785B2
公开(公告)日：2010-04-20
申请号：US09773811
申请日：2001-01-31
申请人： David Aro Bruton, III , Linwood H. Overby, Jr. , Adolfo Francisco Rodriguez
发明人： David Aro Bruton, III , Linwood H. Overby, Jr. , Adolfo Francisco Rodriguez
IPC分类号： G06F15/173
CPC分类号： H04L63/105
摘要： Methods, systems and computer program products are provided for selectively allowing a user of a multi-user system access to a plurality of resources in a network. Pursuant to these methods, systems and computer program products, a request, originated by a user of the multi-user system, may be received to transmit a message over the network to one of the plurality of resources in the network. A security zone associated with this resource may then be identified. Pursuant to the operations of the present invention, if it is determined that the user is authorized access to the identified security zone, the message may be forwarded over the network to the resource.
摘要翻译：提供了方法，系统和计算机程序产品，用于选择性地允许多用户系统的用户访问网络中的多个资源。根据这些方法，可以接收由多用户系统的用户发起的系统和计算机程序产品的请求，以通过网络将消息发送到网络中的多个资源之一。然后可以识别与该资源相关联的安全区域。根据本发明的操作，如果确定用户被授权访问所识别的安全区域，则可以通过网络将消息转发到资源。

16. 发明授权

US07426566B2 Methods, systems and computer program products for security processing inbound communications in a cluster computing environment 有权
标题翻译：用于集群计算环境中安全处理入站通信的方法，系统和计算机程序产品
公开(公告)号：US07426566B2
公开(公告)日：2008-09-16
申请号：US09764613
申请日：2001-01-17
申请人： James Russell Godwin , Linwood H. Overby, Jr.
发明人： James Russell Godwin , Linwood H. Overby, Jr.
IPC分类号： G06F13/00
CPC分类号： H04L63/0272 , H04L29/12009 , H04L29/12047 , H04L29/12783 , H04L29/1282 , H04L61/15 , H04L61/35 , H04L61/6013 , H04L63/06 , H04L63/10 , H04L63/164 , H04L69/16 , H04L69/161
摘要： Methods, systems and computer program products provide Internet Protocol Security (IPSec) to a plurality of target hosts in a cluster of data processing systems which communicate with a network through a routing communication protocol stack utilizing a dynamically routable Virtual Internet Protocol Address (DVIPA) by negotiating security associations (SAs) associated with the DVIPA utilizing an Internet Key Exchange (IKE) component associated with the routing communication protocol stack and distributing information about the negotiated SAs to the target hosts so as to allow the target hosts to perform IPSec processing of communications from the network utilizing the negotiated SAs.
摘要翻译：方法，系统和计算机程序产品向数据处理系统集群中的多个目标主机提供因特网协议安全（IPSec），该集群通过路由通信协议栈通过路由通信协议栈进行通信，利用动态可路由的虚拟因特网协议地址（DVIPA），通过使用与路由通信协议栈相关联的因特网密钥交换（IKE）组件与DVIPA相关联的协商安全关联（SA），并将关于协商的SA的信息分发到目标主机，以便允许目标主机执行通信的IPSec处理从网络利用协商的SA。

17. 发明授权

US06941366B2 Methods, systems and computer program products for transferring security processing between processors in a cluster computing environment 有权
标题翻译：用于在集群计算环境中的处理器之间转移安全处理的方法，系统和计算机程序产品
公开(公告)号：US06941366B2
公开(公告)日：2005-09-06
申请号：US09764500
申请日：2001-01-17
申请人： Mark L. Antes , James Russell Godwin , David Anthony Herr , Linwood H. Overby, Jr. , David J. Wierbowski
发明人： Mark L. Antes , James Russell Godwin , David Anthony Herr , Linwood H. Overby, Jr. , David J. Wierbowski
IPC分类号： H04L29/06 , H04L29/08 , G06F15/173
CPC分类号： H04L63/0272 , H04L63/10 , H04L63/16 , H04L67/10 , H04L69/16 , H04L69/161 , H04L69/162 , H04L69/166
摘要： Methods, systems and computer program products provide for transferring network security based communications from a first distribution processor, which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the first distribution processor by a common network address, to a second distribution processor. Information sufficient to restart the transferred network security based communications at the second distribution processor is provided. Takeover of the common address by the second distribution processor is detected and existing network security based communications to the first distribution processor are terminated. The transferred communications are restarted at the second distribution processor utilizing the provided information. Both inbound and outbound network security based communications with target hosts utilizing the common network address are routed through the second distribution processor. Network security processing for both the inbound and the outbound network security based communications utilizing the common network address is performed at the second distribution processor.
摘要翻译：方法，系统和计算机程序产品提供用于从第一分发处理器传送基于网络安全的通信，第一分发处理器通过分布式工作环境中的网络提供安全通信，所述分布式工作环境具有通过公共网络地址通过第一分发处理器访问的目标主机，第二个分发处理器。提供了足以在第二分配处理器上重启基于传输网络安全性的通信的信息。检测由第二分发处理器接管公共地址，并终止与第一分发处理器的基于网络安全的通信。利用所提供的信息，在第二分发处理器重新启动转移的通信。与使用公共网络地址的目标主机的入站和出站网络安全性通信通过第二分发处理器进行路由。在第二分发处理器处执行利用公共网络地址的入站和出站网络安全性通信的网络安全处理。

18. 发明授权

US08752162B2 Secure sharing of transport layer security session keys with trusted enforcement points 有权
标题翻译：传输层安全会话密钥与可信执行点的安全共享
公开(公告)号：US08752162B2
公开(公告)日：2014-06-10
申请号：US13158388
申请日：2011-06-11
申请人： David G. Kuehr-McLaren , Linwood H. Overby, Jr.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, Jr.
IPC分类号： G06F9/00
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中关于安全执行点可操作性的本领域的缺陷，并提供了一种新颖且非显而易见的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

19. 发明授权

US08195806B2 Managing remote host visibility in a proxy server environment 有权
标题翻译：在代理服务器环境中管理远程主机可见性
公开(公告)号：US08195806B2
公开(公告)日：2012-06-05
申请号：US11778406
申请日：2007-07-16
申请人： Linwood H. Overby, Jr. , Jeffery L. Smith
发明人： Linwood H. Overby, Jr. , Jeffery L. Smith
IPC分类号： G06F15/16
CPC分类号： H04L29/12547 , H04L29/12509 , H04L61/2567 , H04L61/2582 , H04L63/0281 , H04L63/0407 , H04L67/2814
摘要： Embodiments of the present invention address deficiencies of the art in respect to the visibility of an IP address for a remote resource behind a proxy server and provide a novel and non-obvious method, system and computer program product for managing remote host visibility in a proxy server environment. In one embodiment of the invention, a method for managing remote resource visibility in a proxy server environment can be provided. The method can include establishing a secure connection between a proxy server and a destination server, proxying different connections between different remote hosts and the destination server through the proxy server, providing remote host information for each of the different remote hosts, including IP address, port and protocol, for example, to the destination server over the secure connection, and mapping each provided IP address to an IP address for a corresponding one of the proxied different connections.
摘要翻译：本发明的实施例解决了关于代理服务器后面的远程资源的IP地址的可见性的本领域的缺点，并且提供了一种用于管理代理中的远程主机可见性的新颖且非显而易见的方法，系统和计算机程序产品服务器环境。在本发明的一个实施例中，可以提供用于在代理服务器环境中管理远程资源可见性的方法。该方法可以包括在代理服务器和目标服务器之间建立安全连接，通过代理服务器代理不同远程主机和目标服务器之间的不同连接，为每个不同的远程主机提供远程主机信息，包括IP地址，端口和协议，例如通过安全连接到目的地服务器，并将每个提供的IP地址映射到代理的不同连接中的相应一个的IP地址。

20. 发明授权

US07984479B2 Policy-based security certificate filtering 失效
标题翻译：基于策略的安全证书过滤
公开(公告)号：US07984479B2
公开(公告)日：2011-07-19
申请号：US11405069
申请日：2006-04-17
申请人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
发明人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
IPC分类号： G06F17/00 , H04L29/06 , H04L9/32
CPC分类号： H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译：策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体关联的根证书的本地副本。可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式