专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2005114946A1 AN APPARATUS, COMPUTER-READABLE MEMORY AND METHOD FOR AUTHENTICATING AND AUTHORIZING A SERVICE REQUEST SENT FROM A SERVICE CLIENT TO A SERVICE PROVIDER 审中-公开
标题翻译：一种装置，计算机可读存储器和用于从服务客户端向服务提供者进行认证和授权服务请求的方法
公开(公告)号：WO2005114946A1
公开(公告)日：2005-12-01
申请号：PCT/EP2005/052280
申请日：2005-05-18
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION , IBM UNITED KINGDOM LIMITED , BENANTAR, Messaoud , CHEN, Yen-Fu , DUNSMOIR, John , FORLENZA, Randolph, Michael , LIU, Wei , SCHLOSSER, Sandra, Juni
发明人： BENANTAR, Messaoud , CHEN, Yen-Fu , DUNSMOIR, John , FORLENZA, Randolph, Michael , LIU, Wei , SCHLOSSER, Sandra, Juni
IPC分类号： H04L29/06
CPC分类号： H04L63/0823 , H04L63/0407 , H04L63/14
摘要： A Centralized Authentication & Authorization (CAA) system that prevents unauthorized access to client data using a secure global hashtable residing in the application server in a web services environment. CAA comprises a Service Request Filter (SRF) and Security Program (SP). The SRF intercepts service requests, extracts the service client's identifier from a digital certificate attached to the request, and stores the identifier in memory accessible to service providers. The client identifier is secured by the SP using a key unique to the client identifier. When the web services manager requests the client identifier, the web services manager must present the key to the SP in order to access the client identifier. Thus, the present invention prevents a malicious user from attempting to obtain sensitive data within the application server once the malicious user has gained access past the firewall.
摘要翻译：集中式身份验证和授权（CAA）系统，可以防止使用位于Web服务环境中的应用程序服务器中的安全全局散列表来对客户端数据进行未经授权的访问。 CAA包括服务请求过滤器（SRF）和安全程序（SP）。 SRF拦截服务请求，从附加到请求的数字证书中提取服务客户端的标识符，并将该标识符存储在服务提供商可访问的存储器中。客户端标识符由SP使用客户端标识符唯一的密钥保护。当Web服务管理器请求客户端标识符时，Web服务管理器必须向SP呈现密钥以访问客户端标识符。因此，本发明防止恶意用户一旦恶意用户已经通过防火墙访问，就试图获取应用服务器内的敏感数据。

2. 发明申请

WO2013000080A1 AUTHENTICATION AND AUTHORIZATION METHODS FOR CLOUD COMPUTING PLATFORM SECURITY 审中-公开
标题翻译：云计算平台安全的认证和授权方法
公开(公告)号：WO2013000080A1
公开(公告)日：2013-01-03
申请号：PCT/CA2012/050422
申请日：2012-06-26
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION , IBM CANADA LIMITED-IBM CANADA LIMITEE , CHANG, David Yu , BENANTAR, Messaoud , CHANG, John Yow-Chun , VENKATARAMAPPA, Vishwanath
发明人： CHANG, David Yu , BENANTAR, Messaoud , CHANG, John Yow-Chun , VENKATARAMAPPA, Vishwanath
IPC分类号： H04L9/32 , H04L12/24
CPC分类号： H04L63/104 , G06F21/62 , G06F21/6218 , G06F21/78 , G06F2221/2115 , H04L63/08 , H04L63/0815 , H04L67/10 , H04L67/34 , H04L67/42
摘要： An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.
摘要翻译：云计算环境的认证和授权插件模型使云客户在将应用程序部署在云中时能够保留对其企业信息的控制。云服务提供商为客户安全模块提供可插拔的界面。当客户部署应用程序时，云环境管理员为客户的应用程序和数据分配资源组（例如，处理器，存储和内存）。客户将其自己的认证和授权安全模块注册到云安全服务，然后该安全模块用于控制哪些人员或实体可以访问与部署的应用程序相关的信息。然而，云环境管理员通常没有在客户的安全模块中注册（作为允许的用户）; 因此，云环境管理员无法访问（或向其他人或云的一般资源池）访问分配给云客户的资源（即使管理员自己分配了这些资源）或相关联的业务信息。为了进一步平衡各方的权利，第三方公证服务在将应用程序和信息部署在云中时保护客户的隐私和访问权限。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式