专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明授权

US08320882B2 Method and apparatus for managing obfuscated mobile device user identities 有权
标题翻译：用于管理混淆的移动设备用户身份的方法和装置
公开(公告)号：US08320882B2
公开(公告)日：2012-11-27
申请号：US11752962
申请日：2007-05-24
申请人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
发明人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
IPC分类号： H04M3/16
CPC分类号： H04L63/0407 , H04L63/0414 , H04W8/26
摘要： A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator. The present invention describes a method and apparatus for use in a home network to manage the generation, storage and use of the unique identifiers.
摘要翻译：通常伴随移动设备请求的移动设备标识符（例如，MSISDN）被暴露于移动设备用户的本地操作者的富集的标识符替换，但是模糊了移动设备（以及因此设备用户的身份）。在一个实施例中，标识符包括第一部分和第二部分。第一部分包括标识（直接地或通过数据库查找）移动设备用户的本地操作员的数据串。然而，第二部分是不透明的数据串，例如一次性使用的唯一标识符（UID）或另外被导出为MSISDN（或类似的）的函数的值）。不透明数据串以优选仅由用户的家庭运营商恢复的方式对移动设备的身份进行编码。本发明描述了一种在家庭网络中用于管理唯一标识符的生成，存储和使用的方法和装置。

32. 发明授权

US08136146B2 Secure audit log access for federation compliance 有权
标题翻译：安全审核日志访问，以实现联盟合规性
公开(公告)号：US08136146B2
公开(公告)日：2012-03-13
申请号：US11619728
申请日：2007-01-04
申请人： Timothy James Hahn , Heather Maria Hinton , Patrick Ryan Wardrop
发明人： Timothy James Hahn , Heather Maria Hinton , Patrick Ryan Wardrop
IPC分类号： H04L29/06
CPC分类号： G06F21/6245 , G06F21/6236 , G06F2221/2101
摘要： A computer implemented method, data processing system, and computer program product for allowing limited access to a federation partner's audit logs in a secure, controlled manner, for the purposes of compliance demonstration. A request for audit data is received by a partner in the federated environment. The partner validates the request and requests a local report using local parameters against a local audit log store. The partner then builds a response based on the local report.
摘要翻译：计算机实现的方法，数据处理系统和计算机程序产品，以便以合规性示范的目的，以安全，受控的方式有限地访问联盟合作伙伴的审核日志。审核数据的请求由联合环境中的合作伙伴接收。伙伴验证请求，并使用本地审计日志存储区的本地参数请求本地报告。合作伙伴随后根据本地报告建立回应。

33. 发明申请

US20100030805A1 PROPAGATING INFORMATION FROM A TRUST CHAIN PROCESSING 审中-公开
标题翻译：从信任链处理传播信息
公开(公告)号：US20100030805A1
公开(公告)日：2010-02-04
申请号：US12182654
申请日：2008-07-30
申请人： Heather Maria Hinton , Sridhar R. Muppidi , David Eugene Cox
发明人： Heather Maria Hinton , Sridhar R. Muppidi , David Eugene Cox
IPC分类号： G06F17/30 , H04L9/32
CPC分类号： H04L63/0815 , G06F21/41 , G06F2221/2101 , G06F2221/2115
摘要： A method, system, and computer usable program product for propagating information in a trust chain processing are provided in the illustrative embodiments. Upon a trust client invoking the trust chain processing, a mapped security information is received, the mapped security information being stored in a memory or a data storage associated with a data processing system. A set of security information attributes are located from the mapped security information according to a configuration. The set of security information attributes are packaged to form a packaged security information. The packaged security information is issued to a target system, the target system being distinct from the trust client that invoked the trust chain processing. The locating, the packaging, and the issuing collectively form monitoring the trust chain processing. A next component in the trust chain processing may be invoked. The invoking may occur before, after, or during the monitoring.
摘要翻译：在说明性实施例中提供了用于在信任链处理中传播信息的方法，系统和计算机可用程序产品。在信任客户端调用信任链处理时，接收映射的安全信息，所映射的安全信息被存储在与数据处理系统相关联的存储器或数据存储器中。一组安全信息属性根据配置从映射的安全信息中定位。一组安全信息属性被打包以形成打包的安全信息。打包的安全信息被发布到目标系统，目标系统与调用信任链处理的信任客户端不同。定位，包装和发放集体形成监督信托链处理。可以调用信任链处理中的下一个组件。调用可能发生在监测之前，之后或期间。

34. 发明授权

US07631346B2 Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment 有权
标题翻译：在联合计算环境中的单一登录过程中的运行时用户帐户创建操作的方法和系统
公开(公告)号：US07631346B2
公开(公告)日：2009-12-08
申请号：US11097587
申请日：2005-04-01
申请人： Heather Maria Hinton , Ivan Matthew Milman , Venkat Raghavan , Shane Bradley Weeden
发明人： Heather Maria Hinton , Ivan Matthew Milman , Venkat Raghavan , Shane Bradley Weeden
IPC分类号： G06F7/04 , G06F15/16 , G04L9/32 , G06F17/30
CPC分类号： H04L63/0815 , G06F21/41
摘要： A method, system, apparatus, and computer program product are presented to support computing systems of different enterprises that interact within a federated computing environment. Federated single-sign-on operations can be initiated at the computing systems of federation partners on behalf of a user even though the user has not established a user account at a federation partner prior to the initiation of the single-sign-on operation. For example, an identity provider can initiate a single-sign-on operation at a service provider while attempting to obtain access to a controlled resource on behalf of a user. When the service provider recognizes that it does not have a linked user account for the user that allows for a single-sign-on operation with the identity provider, the service provider creates a local user account. The service provider can also pull user attributes from the identity provider as necessary to perform the user account creation operation.
摘要翻译：提出了一种方法，系统，装置和计算机程序产品，以支持在联合计算环境内交互的不同企业的计算系统。即使用户在单点登录操作开始之前尚未在联盟伙伴上建立用户帐户，也可以代表用户在联盟伙伴的计算系统上启动联合单点登录操作。例如，身份提供者可以尝试在代表用户获得受控资源的访问的情况下，在服务提供商处启动单点登录操作。当服务提供商认识到它不具有用于允许与身份提供商进行单点登录操作的用户的链接用户帐户时，服务提供商创建本地用户帐户。服务提供商还可以根据需要从身份提供者提取用户属性，以执行用户帐户创建操作。

35. 发明申请

US20090259753A1 Specializing Support For A Federation Relationship 失效
标题翻译：专业支持联邦关系
公开(公告)号：US20090259753A1
公开(公告)日：2009-10-15
申请号：US12481007
申请日：2009-06-09
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.
摘要翻译：本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

36. 发明申请

US20080293378A1 MOBILE DEVICE WITH AN OBFUSCATED MOBILE DEVICE USER IDENTITY 有权
标题翻译：移动设备与移动设备的用户身份
公开(公告)号：US20080293378A1
公开(公告)日：2008-11-27
申请号：US11752944
申请日：2007-05-24
申请人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
发明人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
IPC分类号： H04M1/66
CPC分类号： H04L63/0407 , H04W12/02 , H04W88/02
摘要： A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator (or an entity authorized thereby). When the mobile device user roams into a foreign network, that network receives the enriched identifier in lieu of an MSISDN. The foreign network uses the first part to identify the mobile device user's home network, e.g., to determine whether to permit the requested access (or to provide some other value-added service). The foreign network, however, cannot decode the second part; thus, the mobile device's identity (as well as the identity of the mobile device user) remains obscured. This ensures that the user's privacy is maintained, while preventing third parties from building a profile of the device based on the requests that include the MSISDN or similar identifier.
摘要翻译：通常伴随移动设备请求的移动设备标识符（例如，MSISDN）被暴露于移动设备用户的本地操作员但是模糊移动设备（以及因此设备用户的身份）的“丰富”标识符所替代。在一个实施例中，标识符包括第一部分和第二部分。第一部分包括标识（直接地或通过数据库查找）移动设备用户的本地操作员的数据串。然而，第二部分是不透明的数据串，例如一次性使用的唯一标识符（UID）或另外被导出为MSISDN（或类似的）的函数的值）。不透明数据串以优选仅由用户的家庭运营商（或由其授权的实体）恢复的方式对移动设备的身份进行编码。当移动设备用户漫游到外部网络时，该网络接收到代替MSISDN的富集标识符。外部网络使用第一部分来识别移动设备用户的家庭网络，例如，以确定是否允许所请求的访问（或提供一些其他增值服务）。然而，外部网络无法解码第二部分; 因此，移动设备的身份（以及移动设备用户的身份）仍然被遮蔽。这确保了用户的隐私被维护，同时防止第三方基于包括MSISDN或类似标识符的请求构建设备的配置文件。

37. 发明授权

US09836702B2 Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment 有权
公开(公告)号：US09836702B2
公开(公告)日：2017-12-05
申请号：US12252404
申请日：2008-10-16
申请人： Heather Maria Hinton
发明人： Heather Maria Hinton
IPC分类号： G06Q10/00 , G06F21/10 , G06F21/33 , G06F21/41
CPC分类号： G06Q10/00 , G06F21/10 , G06F21/33 , G06F21/41
摘要： A method operative at an identity provider enforces a digital rights management (DRM) scheme associated with a piece of content. The identity provider is an entity that participates in a “federation” with one or more other entities including, for example, an service provider (e.g., a content provider), a DRM privileges provider, and a DRM policy provider. In one embodiment, the method begins by having the identity provider obtain and evaluate against a DRM policy a set of DRM privileges associated with the end user requesting access to the piece of content. Based on the evaluation, the identity provider generates a single sign on (SSO) message that includes a reference to the set of DRM privileges. The message is then forward to the service provider entity, which provides the end user a response.

38. 发明授权

US09397981B2 Method and system for secure document exchange 有权
标题翻译：安全文件交换的方法和系统
公开(公告)号：US09397981B2
公开(公告)日：2016-07-19
申请号：US12426752
申请日：2009-04-20
申请人： Heather Maria Hinton , Ivan Matthew Milman
发明人： Heather Maria Hinton , Ivan Matthew Milman
IPC分类号： H04L29/06
CPC分类号： H04L63/0428 , H04L9/0863 , H04L63/06
摘要： A document management (DM), data leak prevention (DLP) or similar application in a data processing system is instrumented with a document protection service provider interface (SPI). The service provider interface is used to call an external function, such as an encryption utility, that is used to facilitate secure document exchange between a sending entity and a receiving entity. The encryption utility may be configured for local download to and installation in the machine on which the SPI is invoked, but a preferred approach is to use the SPI to invoke an external encryption utility as a “service.” In such case, the external encryption utility is implemented by a service provider. When the calling program invokes the SPI, preferably the user is provided with a display panel. Using that panel, the end user provides a password that is used for encryption key generation, together with an indication of the desired encryption strength. The service provider uses the password to generate the encryption key. In one embodiment, the service provider provides the key to the service provider interface, which then uses the key to encrypt the document and to complete the file transfer operation. In the alternative, the service provider itself performs the document or file encryption. The service provider interface also preferably generates and sends an email or other message to the receiving entity that includes the key or a link to enable the receiving entity to retrieve the key. This approach obviates the sending and receiving entity having to install and manage matched or other special-purpose encryption utilities.
摘要翻译：数据处理系统中的文档管理（DM），数据泄漏预防（DLP）或类似应用程序具有文档保护服务提供者接口（SPI）。服务提供商接口用于调用外部功能，例如加密实用程序，用于促进发送实体和接收实体之间的安全文档交换。加密实用程序可以被配置为用于本地下载并安装在调用SPI的机器中，但优选的方法是使用SPI来将外部加密实用程序作为“服务”来调用。在这种情况下，外部加密实用程序由服务提供商实现。当调用程序调用SPI时，优选地，用户被提供有显示面板。使用该面板，最终用户提供用于加密密钥生成的密码以及所需加密强度的指示。服务提供商使用密码来生成加密密钥。在一个实施例中，服务提供商向服务提供商接口提供密钥，然后使用密钥对文档进行加密并完成文件传输操作。在替代方案中，服务提供商本身执行文档或文件加密。服务提供商接口还优选地生成并发送包括密钥或链接的接收实体的电子邮件或其他消息，以使接收实体能够检索密钥。这种方法避免了发送和接收实体必须安装和管理匹配或其他专用加密实用程序。

39. 发明授权

US09325695B2 Token caching in trust chain processing 有权
标题翻译：令牌缓存在信任链处理中
公开(公告)号：US09325695B2
公开(公告)日：2016-04-26
申请号：US12327899
申请日：2008-12-04
申请人： David Werner Bachmann , Nicholas George Harlow , Heather Maria Hinton , Patrick Ryan Wardrop
发明人： David Werner Bachmann , Nicholas George Harlow , Heather Maria Hinton , Patrick Ryan Wardrop
IPC分类号： H04L29/06
CPC分类号： H04L63/0815 , H04L63/0823
摘要： A method, system, and computer usable program product for token caching in a trust chain processing are provided in the illustrative embodiments. An information in a token associated with a first request is mapped. A determination is made whether a requester of the first request has provided a constraint in the first request, the constraint concerning the token, the constraint forming a client constraint. The client constraint is stored. The information and the mapped information is stored, forming stored information. The token is received in a second request. The stored information is reused if the client constraint allows reusing the stored information. A further determination may be made whether a target system receiving the mapped information has provided a server constraint, the second constraint concerning the mapped information, the second constraint forming a server constraint. The stored information may be reused if the server constraint allows reusing the stored information.
摘要翻译：在说明性实施例中提供了用于信任链处理中的令牌缓存的方法，系统和计算机可用程序产品。与第一个请求相关联的令牌中的信息被映射。确定第一请求的请求者是否在第一请求中提供约束，关于令牌的约束，形成客户约束的约束。客户端约束被存储。存储信息和映射信息，形成存储的信息。令牌在第二个请求中被接收。如果客户端约束允许重用存储的信息，则存储的信息被重新使用。可以进一步确定接收映射信息的目标系统是否提供了服务器约束，关于映射信息的第二约束，形成服务器约束的第二约束。如果服务器约束允许重用存储的信息，则可以重新使用所存储的信息。

40. 发明授权

US08141139B2 Federated single sign-on (F-SSO) request processing using a trust chain having a custom module 有权
标题翻译：使用具有自定义模块的信任链的联合单点登录（F-SSO）请求处理
公开(公告)号：US08141139B2
公开(公告)日：2012-03-20
申请号：US11939749
申请日：2007-11-14
申请人： Heather Maria Hinton , Patrick Ryan Wardrop , Parley Avery Salmon
发明人： Heather Maria Hinton , Patrick Ryan Wardrop , Parley Avery Salmon
IPC分类号： H04L29/06 , G06F7/04 , G06F17/30 , H04L9/32
CPC分类号： H04L63/126 , G06F21/41 , H04L63/0815
摘要： Federated single sign on (F-SSO) uses a token service that fulfills requests by executing a module chain comprising a set of modules. F-SSO runtime processing is enhanced by enabling a federated entity user to define a custom module to include in the chain. The custom module includes one or more name-value pairs, wherein a given name-value pair has a value that may be validated against an entity-defined rule. The rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain. In a runtime operation, F-SSO begins in response to receipt of a token. In response, the processing of the module chain that includes the custom module is initiated. During processing of the custom module, an attempt is made to validate the value of a name-value pair based on the rule. If the value of the name-value pair based on the rule can be validated, processing of the module chain continues. This approach enables finer granularity on the information that can be asserted or required as part of an F-SSO flow.
摘要翻译：联合单点登录（F-SSO）使用通过执行包括一组模块的模块链来满足请求的令牌服务。通过使联合实体用户能够定义要包含在链中的自定义模块来增强F-SSO运行时处理。自定义模块包括一个或多个名称 - 值对，其中给定的名称 - 值对具有可以根据实体定义的规则被验证的值。在根据模块链的一个或多个调用参数处理自定义模块期间确定规则。在运行时操作中，F-SSO响应于令牌的接收而开始。作为响应，启动了包含定制模块的模块链的处理。在自定义模块的处理期间，尝试根据规则验证名称 - 值对的值。如果可以验证基于规则的名称 - 值对的值，则模块链的处理将继续进行。这种方法可以在作为F-SSO流程的一部分可以被断言或需要的信息上实现更精细的粒度。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式