专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US09825916B2 Method and apparatus for accessing a foreign network with an obfuscated mobile device user identity 有权
公开(公告)号：US09825916B2
公开(公告)日：2017-11-21
申请号：US11752988
申请日：2007-05-24
申请人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
发明人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
IPC分类号： H04L29/06 , H04W12/02 , H04W84/04 , H04W88/02 , H04W88/16
CPC分类号： H04L63/0414 , H04W12/02 , H04W84/042 , H04W88/02 , H04W88/16
摘要： A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator (or an entity authorized thereby). When the mobile device user roams into a foreign network, that network receives the enriched identifier in lieu of an MSISDN. The foreign network uses the first part to identify the mobile device user's home network, e.g., to determine whether to permit the requested access (or to provide some other value-added service). The foreign network, however, cannot decode the second part; thus, the mobile device's identity (as well as the identity of the mobile device user) remains obscured. This ensures that the user's privacy is maintained, while preventing third parties from building a profile of the device based on the requests that include the MSISDN or similar identifier.

22. 发明授权

US09800614B2 Method and system for global logoff from a web-based point of contact server 有权
公开(公告)号：US09800614B2
公开(公告)日：2017-10-24
申请号：US11752576
申请日：2007-05-23
申请人： Heather Maria Hinton , Anthony Scott Moran , Benjamin Brewer Harmon
发明人： Heather Maria Hinton , Anthony Scott Moran , Benjamin Brewer Harmon
IPC分类号： G06F15/173 , H04L29/06 , H04L9/32 , G06F17/30
CPC分类号： H04L63/20 , G06F17/30371 , G06F17/3048 , G06F17/30575 , H04L9/3213 , H04L63/08 , H04L63/0807
摘要： A method carried out at a point of contact (e.g., reverse proxy, a web server plug-in, or the like) that serves as an intermediary between a client browser and one or more back-end applications (or application component), wherein each back-end application has the capability to set its own server-side session management data with respect to the point of contact that is independent of any client-side session management data set by the point of contact and used by the point of contact to manage a user session. The method begins as a given back-end application returns a response to a first request that has been issued from the client browser (the first request having been received at the point of contact and passed to a back end application or component for processing). The point of contact intercepts the out-going response, augments server-side session management data associated therewith with a “stamp,” and forwards to the client browser the response together with the server-side session management data as augmented to include the stamp. The stamp provides a way for the point of contact to later determine whether the server-side session management data, if received with another user request, is valid for that request. Later, upon receipt at the point of contact of a new user request that includes the server-side session management data (and stamp), the point of contact uses the stamp to determine whether the new request is valid. If so, the point of contact removes the stamp from the server-side session management data and forwards the new request (and the management data) to the back-end application for handling.

23. 发明授权

US09143502B2 Method and system for secure binding register name identifier profile 有权
标题翻译：安全绑定注册名称标识符配置文件的方法和系统
公开(公告)号：US09143502B2
公开(公告)日：2015-09-22
申请号：US11010228
申请日：2004-12-10
申请人： Heather Maria Hinton
发明人： Heather Maria Hinton
IPC分类号： H04L29/06 , G06F21/41
CPC分类号： H04L63/0815 , G06F21/41
摘要： A method, a system, an apparatus, and a computer program product are presented for improving a register name identifier profile within a federated computing environment such that the register name identifier profile is enhanced to be more securely binding between two federated entities within the federated computing environment, such as an identity provider and a service provider. After the first federated entity sends a register name identifier request for a principal to the second federated entity, the second federated entity performs an authentication operation for the principal. In response to successfully completing the authentication operation, the second federated entity registers or modifies a name identifier for the principal that has been extracted from the received register name identifier request.
摘要翻译：提出了一种方法，系统，装置和计算机程序产品，用于改善联合计算环境内的注册名称标识符简档，使得注册名称标识符简档被增强以在联合计算中的两个联合实体之间更安全地绑定环境，如身份提供商和服务提供商。在第一联合实体向第二联合实体发送主体的注册名称标识符请求之后，第二联合实体对主体执行认证操作。响应于成功完成认证操作，第二联合实体注册或修改已从接收到的注册名称标识符请求中提取的主体的名称标识符。

24. 发明授权

US08561161B2 Method and system for authentication in a heterogeneous federated environment 有权
标题翻译：异构联盟环境中的认证方法和系统
公开(公告)号：US08561161B2
公开(公告)日：2013-10-15
申请号：US10334284
申请日：2002-12-31
申请人： George Robert Blakley, III , Heather Maria Hinton , Anthony Joseph Nadalin , Ajamu Akinwunmi Wesley
发明人： George Robert Blakley, III , Heather Maria Hinton , Anthony Joseph Nadalin , Ajamu Akinwunmi Wesley
IPC分类号： H04L9/32 , H04L29/06 , G06F15/16
CPC分类号： H04L63/0815 , H04L63/0807
摘要： A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
摘要翻译：提出了一种方法，其中联合域在联合环境中相互作用。联盟内的域可以为其他联盟域的用户启动联合单点登录操作。域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。信任代理根据需要解释其他联盟域的断言。信托代理可能与一个或多个信托经纪人有信任关系，信托代理可以依赖信托经纪人来解释断言。

25. 发明授权

US08042162B2 Method and system for native authentication protocols in a heterogeneous federated environment 失效
标题翻译：异构联盟环境中本地认证协议的方法和系统
公开(公告)号：US08042162B2
公开(公告)日：2011-10-18
申请号：US11761818
申请日：2007-06-12
申请人： George Robert Blakley, III , Heather Maria Hinton , Anthony Joseph Nadalin
发明人： George Robert Blakley, III , Heather Maria Hinton , Anthony Joseph Nadalin
IPC分类号： H04L9/32 , H04L29/06
CPC分类号： H04L63/0281 , H04L63/0807 , H04L63/0815 , H04L63/0823 , H04L2463/102
摘要： A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
摘要翻译：提出了一种方法，其中联合域在联合环境中相互作用。联盟内的域可以为其他联盟域的用户启动联合单点登录操作。域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。信任代理根据需要解释其他联盟域的断言。信托代理可能与一个或多个信托经纪人有信任关系，信托代理可以依赖信托经纪人来解释断言。

26. 发明申请

US20090205032A1 IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT 失效
标题翻译：用户在不连续模式环境中的识别和访问控制
公开(公告)号：US20090205032A1
公开(公告)日：2009-08-13
申请号：US12029006
申请日：2008-02-11
申请人： Heather Maria Hinton , Anthony Joseph Nadalin
发明人： Heather Maria Hinton , Anthony Joseph Nadalin
IPC分类号： H04L9/32
CPC分类号： H04W12/06 , H04L63/0815 , H04W12/08 , H04W12/12
摘要： The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.
摘要翻译：本发明提供了在断开连接的模式环境中的终端用户移动设备的识别和访问控制，其通常涉及在移动环境中移动设备与无线网络断开连接或以其他方式不能连接到无线网络的情况。本发明的方法为移动设备提供了从耦合到网络的身份提供者获得的“长期”令牌。令牌可能在给定时间段内有效。在该时间段期间，移动设备可以进入断开连接的模式，但是通过向认证提供长期令牌，仍然获得移动设备辅助功能（例如，访问资源）。在给定的发生（例如，移动设备的丢失或盗窃）时，长期令牌被取消以限制在断开连接模式下未经授权的进一步使用移动设备。

27. 发明申请

US20080294781A1 METHOD AND SYSTEM FOR GLOBAL LOGOFF FROM A WEB-BASED POINT OF CONTACT SERVER 有权
标题翻译：从基于WEB的联系人服务器的全球标志的方法和系统
公开(公告)号：US20080294781A1
公开(公告)日：2008-11-27
申请号：US11752576
申请日：2007-05-23
申请人： Heather Maria Hinton , Anthony Scott Moran , Benjamin Brewer Harmon
发明人： Heather Maria Hinton , Anthony Scott Moran , Benjamin Brewer Harmon
IPC分类号： G06F15/16
CPC分类号： H04L63/20 , G06F17/30371 , G06F17/3048 , G06F17/30575 , H04L9/3213 , H04L63/08 , H04L63/0807
摘要： A method carried out at a point of contact (e.g., reverse proxy, a web server plug-in, or the like) that serves as an intermediary between a client browser and one or more back-end applications (or application component), wherein each back-end application has the capability to set its own server-side session management data with respect to the point of contact that is independent of any client-side session management data set by the point of contact and used by the point of contact to manage a user session. The method begins as a given back-end application returns a response to a first request that has been issued from the client browser (the first request having been received at the point of contact and passed to a back end application or component for processing). The point of contact intercepts the out-going response, augments server-side session management data associated therewith with a “stamp,” and forwards to the client browser the response together with the server-side session management data as augmented to include the stamp. The stamp provides a way for the point of contact to later determine whether the server-side session management data, if received with another user request, is valid for that request. Later, upon receipt at the point of contact of a new user request that includes the server-side session management data (and stamp), the point of contact uses the stamp to determine whether the new request is valid. If so, the point of contact removes the stamp from the server-side session management data and forwards the new request (and the management data) to the back-end application for handling.
摘要翻译：一种在客户端浏览器和一个或多个后端应用程序（或应用程序组件）之间作为中介的接触点（例如，反向代理，Web服务器插件等）执行的方法，其中每个后端应用程序都有能力设置自己的服务器端会话管理数据，这个联系点独立于由接触点所设定的任何客户端会话管理数据，并由接触点使用管理用户会话。该方法开始于给定的后端应用程序返回对从客户机浏览器发出的第一请求的响应（第一请求已经在接触点处被接收并被传递给后端应用程序或组件进行处理）。接触点拦截正在进行的响应，用“印记”来增加与其相关联的服务器端会话管理数据，并将该响应连同服务器端会话管理数据一起转发到客户端浏览器，以增加以包括该印记。邮票提供了一种联系方式，以便稍后确定服务器端会话管理数据（如果是否与其他用户请求一起收到）是否对该请求有效。稍后，在包含服务器端会话管理数据（和印记）的新用户请求的接触点接收时，联络点使用该戳来确定新请求是否有效。如果是这样，联络点会从服务器端会话管理数据中删除邮票，并将新请求（和管理数据）转发到后端应用程序进行处理。

28. 发明授权

US09596122B2 Identity provider discovery service using a publish-subscribe model 有权
标题翻译：使用发布 - 订阅模型的身份提供者发现服务
公开(公告)号：US09596122B2
公开(公告)日：2017-03-14
申请号：US13403565
申请日：2012-02-23
申请人： Heather Maria Hinton , Richard James McCarty , Clifton Steve Looney
发明人： Heather Maria Hinton , Richard James McCarty , Clifton Steve Looney
IPC分类号： G06F15/173 , H04L12/24 , H04L29/08 , H04L29/06
CPC分类号： H04L41/00 , H04L63/0815 , H04L67/02 , H04L67/16 , H04L67/28 , H04L67/2814 , H04L67/2842
摘要： A proxy is integrated within an F-SSO environment and interacts with an external identity provider (IdP) instance discovery service. The proxy proxies IdP instance requests to the discovery service and receives responses that include the IdP instance assignments. The proxy maintains a cache of the instance assignment(s). As new instance requests are received, the cached assignment data is used to provide appropriate responses in lieu of proxying these requests to the discovery service, thereby reducing the time needed to identify the required IdP instance. The proxy dynamically maintains and manages its cache by subscribing to updates from the discovery service. The updates identify IdP instance changes (such as servers being taken offline for maintenance, new services being added, etc.) occurring within the set of geographically-distributed instances that comprise the IdP service. The updates are provided via a publication-subscription model such that the proxy receives change notifications proactively.
摘要翻译：代理被集成在F-SSO环境中，并与外部身份提供者（IdP）实例发现服务进行交互。代理代理发现服务的IdP实例请求，并接收包含IdP实例分配的响应。代理维护实例分配的缓存。当接收到新的实例请求时，缓存的分配数据被用于提供适当的响应来代替将这些请求代理到发现服务，从而减少识别所需的IdP实例所需的时间。代理通过订阅发现服务中的更新来动态地维护和管理其缓存。这些更新标识IdP实例更改（例如服务器正在脱机以进行维护，新增的服务等），这些发生在组成IdP服务的地理分布式实例集中。更新通过发布预订模型提供，以便代理主动地接收更改通知。

29. 发明申请

US20140068732A1 Single tenant audit view in a multi-tenant environment 有权
标题翻译：单租户审核视图在多租户环境中
公开(公告)号：US20140068732A1
公开(公告)日：2014-03-06
申请号：US13604474
申请日：2012-09-05
申请人： Heather Maria Hinton , Neil Ian Readshaw , Katsumi Ohnishi , Naohiko Uramoto
发明人： Heather Maria Hinton , Neil Ian Readshaw , Katsumi Ohnishi , Naohiko Uramoto
IPC分类号： G06F21/00
CPC分类号： G06F21/41
摘要： A method correlates audit information in a multi-tenant computing infrastructure. The method leverages a user's authentication to the infrastructure, such as via federated single sign-on (F-SSO) from an identity provider. Preferably, the user's tenant identifier in the environment is derived based on identity information obtained during the F-SSO exchange. This tenant identifier is propagated to one or more other components in the infrastructure that are accessed by the user. As audit event from multiple components in the computing infrastructure are generated, these audit events are annotated with the tenant identifier and stored in an audit repository. In response to a request to view the tenant's audit data, a collection of tenant-specific audit events are then retrieved from the audit repository and displayed in a single tenant view. This approach ensures that audit event information is not leaked inadvertently between tenants.
摘要翻译：一种方法将多租户计算基础设施中的审计信息相关联。该方法利用用户对基础设施的认证，例如通过来自身份提供商的联合单点登录（F-SSO）。优选地，基于在F-SSO交换期间获得的身份信息来导出用户在环境中的租户标识符。该租户标识符被传播到由用户访问的基础设施中的一个或多个其他组件。由于生成了计算基础设施中多个组件的审计事件，这些审计事件将以租户标识符注释并存储在审计存储库中。为了响应查看租户审计数据的请求，然后从审计存储库中检索特定于租户的审计事件的集合，并显示在单个租户视图中。这种方法确保审计事件信息不会在租户之间无意中泄漏。

30. 发明授权

US08320882B2 Method and apparatus for managing obfuscated mobile device user identities 有权
标题翻译：用于管理混淆的移动设备用户身份的方法和装置
公开(公告)号：US08320882B2
公开(公告)日：2012-11-27
申请号：US11752962
申请日：2007-05-24
申请人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
发明人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
IPC分类号： H04M3/16
CPC分类号： H04L63/0407 , H04L63/0414 , H04W8/26
摘要： A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator. The present invention describes a method and apparatus for use in a home network to manage the generation, storage and use of the unique identifiers.
摘要翻译：通常伴随移动设备请求的移动设备标识符（例如，MSISDN）被暴露于移动设备用户的本地操作者的富集的标识符替换，但是模糊了移动设备（以及因此设备用户的身份）。在一个实施例中，标识符包括第一部分和第二部分。第一部分包括标识（直接地或通过数据库查找）移动设备用户的本地操作员的数据串。然而，第二部分是不透明的数据串，例如一次性使用的唯一标识符（UID）或另外被导出为MSISDN（或类似的）的函数的值）。不透明数据串以优选仅由用户的家庭运营商恢复的方式对移动设备的身份进行编码。本发明描述了一种在家庭网络中用于管理唯一标识符的生成，存储和使用的方法和装置。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式