专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09596122B2 Identity provider discovery service using a publish-subscribe model 有权
标题翻译：使用发布 - 订阅模型的身份提供者发现服务
公开(公告)号：US09596122B2
公开(公告)日：2017-03-14
申请号：US13403565
申请日：2012-02-23
申请人： Heather Maria Hinton , Richard James McCarty , Clifton Steve Looney
发明人： Heather Maria Hinton , Richard James McCarty , Clifton Steve Looney
IPC分类号： G06F15/173 , H04L12/24 , H04L29/08 , H04L29/06
CPC分类号： H04L41/00 , H04L63/0815 , H04L67/02 , H04L67/16 , H04L67/28 , H04L67/2814 , H04L67/2842
摘要： A proxy is integrated within an F-SSO environment and interacts with an external identity provider (IdP) instance discovery service. The proxy proxies IdP instance requests to the discovery service and receives responses that include the IdP instance assignments. The proxy maintains a cache of the instance assignment(s). As new instance requests are received, the cached assignment data is used to provide appropriate responses in lieu of proxying these requests to the discovery service, thereby reducing the time needed to identify the required IdP instance. The proxy dynamically maintains and manages its cache by subscribing to updates from the discovery service. The updates identify IdP instance changes (such as servers being taken offline for maintenance, new services being added, etc.) occurring within the set of geographically-distributed instances that comprise the IdP service. The updates are provided via a publication-subscription model such that the proxy receives change notifications proactively.
摘要翻译：代理被集成在F-SSO环境中，并与外部身份提供者（IdP）实例发现服务进行交互。代理代理发现服务的IdP实例请求，并接收包含IdP实例分配的响应。代理维护实例分配的缓存。当接收到新的实例请求时，缓存的分配数据被用于提供适当的响应来代替将这些请求代理到发现服务，从而减少识别所需的IdP实例所需的时间。代理通过订阅发现服务中的更新来动态地维护和管理其缓存。这些更新标识IdP实例更改（例如服务器正在脱机以进行维护，新增的服务等），这些发生在组成IdP服务的地理分布式实例集中。更新通过发布预订模型提供，以便代理主动地接收更改通知。

2. 发明申请

US20140068732A1 Single tenant audit view in a multi-tenant environment 有权
标题翻译：单租户审核视图在多租户环境中
公开(公告)号：US20140068732A1
公开(公告)日：2014-03-06
申请号：US13604474
申请日：2012-09-05
申请人： Heather Maria Hinton , Neil Ian Readshaw , Katsumi Ohnishi , Naohiko Uramoto
发明人： Heather Maria Hinton , Neil Ian Readshaw , Katsumi Ohnishi , Naohiko Uramoto
IPC分类号： G06F21/00
CPC分类号： G06F21/41
摘要： A method correlates audit information in a multi-tenant computing infrastructure. The method leverages a user's authentication to the infrastructure, such as via federated single sign-on (F-SSO) from an identity provider. Preferably, the user's tenant identifier in the environment is derived based on identity information obtained during the F-SSO exchange. This tenant identifier is propagated to one or more other components in the infrastructure that are accessed by the user. As audit event from multiple components in the computing infrastructure are generated, these audit events are annotated with the tenant identifier and stored in an audit repository. In response to a request to view the tenant's audit data, a collection of tenant-specific audit events are then retrieved from the audit repository and displayed in a single tenant view. This approach ensures that audit event information is not leaked inadvertently between tenants.
摘要翻译：一种方法将多租户计算基础设施中的审计信息相关联。该方法利用用户对基础设施的认证，例如通过来自身份提供商的联合单点登录（F-SSO）。优选地，基于在F-SSO交换期间获得的身份信息来导出用户在环境中的租户标识符。该租户标识符被传播到由用户访问的基础设施中的一个或多个其他组件。由于生成了计算基础设施中多个组件的审计事件，这些审计事件将以租户标识符注释并存储在审计存储库中。为了响应查看租户审计数据的请求，然后从审计存储库中检索特定于租户的审计事件的集合，并显示在单个租户视图中。这种方法确保审计事件信息不会在租户之间无意中泄漏。

3. 发明授权

US08320882B2 Method and apparatus for managing obfuscated mobile device user identities 有权
标题翻译：用于管理混淆的移动设备用户身份的方法和装置
公开(公告)号：US08320882B2
公开(公告)日：2012-11-27
申请号：US11752962
申请日：2007-05-24
申请人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
发明人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
IPC分类号： H04M3/16
CPC分类号： H04L63/0407 , H04L63/0414 , H04W8/26
摘要： A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator. The present invention describes a method and apparatus for use in a home network to manage the generation, storage and use of the unique identifiers.
摘要翻译：通常伴随移动设备请求的移动设备标识符（例如，MSISDN）被暴露于移动设备用户的本地操作者的富集的标识符替换，但是模糊了移动设备（以及因此设备用户的身份）。在一个实施例中，标识符包括第一部分和第二部分。第一部分包括标识（直接地或通过数据库查找）移动设备用户的本地操作员的数据串。然而，第二部分是不透明的数据串，例如一次性使用的唯一标识符（UID）或另外被导出为MSISDN（或类似的）的函数的值）。不透明数据串以优选仅由用户的家庭运营商恢复的方式对移动设备的身份进行编码。本发明描述了一种在家庭网络中用于管理唯一标识符的生成，存储和使用的方法和装置。

4. 发明授权

US08136146B2 Secure audit log access for federation compliance 有权
标题翻译：安全审核日志访问，以实现联盟合规性
公开(公告)号：US08136146B2
公开(公告)日：2012-03-13
申请号：US11619728
申请日：2007-01-04
申请人： Timothy James Hahn , Heather Maria Hinton , Patrick Ryan Wardrop
发明人： Timothy James Hahn , Heather Maria Hinton , Patrick Ryan Wardrop
IPC分类号： H04L29/06
CPC分类号： G06F21/6245 , G06F21/6236 , G06F2221/2101
摘要： A computer implemented method, data processing system, and computer program product for allowing limited access to a federation partner's audit logs in a secure, controlled manner, for the purposes of compliance demonstration. A request for audit data is received by a partner in the federated environment. The partner validates the request and requests a local report using local parameters against a local audit log store. The partner then builds a response based on the local report.
摘要翻译：计算机实现的方法，数据处理系统和计算机程序产品，以便以合规性示范的目的，以安全，受控的方式有限地访问联盟合作伙伴的审核日志。审核数据的请求由联合环境中的合作伙伴接收。伙伴验证请求，并使用本地审计日志存储区的本地参数请求本地报告。合作伙伴随后根据本地报告建立回应。

5. 发明申请

US20100287235A1 Method and system for user-determined attribute storage in a federated environment 有权
标题翻译：在联合环境中用户确定的属性存储的方法和系统
公开(公告)号：US20100287235A1
公开(公告)日：2010-11-11
申请号：US12841207
申请日：2010-07-22
申请人： George Robert Blakley, III , Heather Maria Hinton , Birgit Monika Pfitzmann
发明人： George Robert Blakley, III , Heather Maria Hinton , Birgit Monika Pfitzmann
IPC分类号： G06F15/16
CPC分类号： H04L63/101 , G06F21/41 , H04L63/0807
摘要： A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
摘要翻译：提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项和/或在事务期间动态确定。诸如在线银行或商家的电子商务服务提供商（ECSP）也保持与AIP的关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。如果ECSP与用户的AIP之一有关系，则当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

6. 发明申请

US20100030805A1 PROPAGATING INFORMATION FROM A TRUST CHAIN PROCESSING 审中-公开
标题翻译：从信任链处理传播信息
公开(公告)号：US20100030805A1
公开(公告)日：2010-02-04
申请号：US12182654
申请日：2008-07-30
申请人： Heather Maria Hinton , Sridhar R. Muppidi , David Eugene Cox
发明人： Heather Maria Hinton , Sridhar R. Muppidi , David Eugene Cox
IPC分类号： G06F17/30 , H04L9/32
CPC分类号： H04L63/0815 , G06F21/41 , G06F2221/2101 , G06F2221/2115
摘要： A method, system, and computer usable program product for propagating information in a trust chain processing are provided in the illustrative embodiments. Upon a trust client invoking the trust chain processing, a mapped security information is received, the mapped security information being stored in a memory or a data storage associated with a data processing system. A set of security information attributes are located from the mapped security information according to a configuration. The set of security information attributes are packaged to form a packaged security information. The packaged security information is issued to a target system, the target system being distinct from the trust client that invoked the trust chain processing. The locating, the packaging, and the issuing collectively form monitoring the trust chain processing. A next component in the trust chain processing may be invoked. The invoking may occur before, after, or during the monitoring.
摘要翻译：在说明性实施例中提供了用于在信任链处理中传播信息的方法，系统和计算机可用程序产品。在信任客户端调用信任链处理时，接收映射的安全信息，所映射的安全信息被存储在与数据处理系统相关联的存储器或数据存储器中。一组安全信息属性根据配置从映射的安全信息中定位。一组安全信息属性被打包以形成打包的安全信息。打包的安全信息被发布到目标系统，目标系统与调用信任链处理的信任客户端不同。定位，包装和发放集体形成监督信托链处理。可以调用信任链处理中的下一个组件。调用可能发生在监测之前，之后或期间。

7. 发明授权

US07631346B2 Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment 有权
标题翻译：在联合计算环境中的单一登录过程中的运行时用户帐户创建操作的方法和系统
公开(公告)号：US07631346B2
公开(公告)日：2009-12-08
申请号：US11097587
申请日：2005-04-01
申请人： Heather Maria Hinton , Ivan Matthew Milman , Venkat Raghavan , Shane Bradley Weeden
发明人： Heather Maria Hinton , Ivan Matthew Milman , Venkat Raghavan , Shane Bradley Weeden
IPC分类号： G06F7/04 , G06F15/16 , G04L9/32 , G06F17/30
CPC分类号： H04L63/0815 , G06F21/41
摘要： A method, system, apparatus, and computer program product are presented to support computing systems of different enterprises that interact within a federated computing environment. Federated single-sign-on operations can be initiated at the computing systems of federation partners on behalf of a user even though the user has not established a user account at a federation partner prior to the initiation of the single-sign-on operation. For example, an identity provider can initiate a single-sign-on operation at a service provider while attempting to obtain access to a controlled resource on behalf of a user. When the service provider recognizes that it does not have a linked user account for the user that allows for a single-sign-on operation with the identity provider, the service provider creates a local user account. The service provider can also pull user attributes from the identity provider as necessary to perform the user account creation operation.
摘要翻译：提出了一种方法，系统，装置和计算机程序产品，以支持在联合计算环境内交互的不同企业的计算系统。即使用户在单点登录操作开始之前尚未在联盟伙伴上建立用户帐户，也可以代表用户在联盟伙伴的计算系统上启动联合单点登录操作。例如，身份提供者可以尝试在代表用户获得受控资源的访问的情况下，在服务提供商处启动单点登录操作。当服务提供商认识到它不具有用于允许与身份提供商进行单点登录操作的用户的链接用户帐户时，服务提供商创建本地用户帐户。服务提供商还可以根据需要从身份提供者提取用户属性，以执行用户帐户创建操作。

8. 发明申请

US20090259753A1 Specializing Support For A Federation Relationship 失效
标题翻译：专业支持联邦关系
公开(公告)号：US20090259753A1
公开(公告)日：2009-10-15
申请号：US12481007
申请日：2009-06-09
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.
摘要翻译：本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

9. 发明申请

US20090094383A1 User Enrollment in an E-Community 有权
标题翻译：用户注册在电子社区
公开(公告)号：US20090094383A1
公开(公告)日：2009-04-09
申请号：US12274869
申请日：2008-11-20
申请人： Heather Maria Hinton , George Robert Blakley, III , Greg Clark
发明人： Heather Maria Hinton , George Robert Blakley, III , Greg Clark
IPC分类号： G06F15/16
CPC分类号： H04L63/08 , G06F21/41 , H04L63/06 , H04L63/0815 , H04L63/20
摘要： An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.
摘要翻译：互联网用户直接转移到电子社区中的域，而不返回到本地域或重新认证。用户的归属域服务器准备并转发具有注册请求的归属域身份cookie（DIDC）到用户的浏览器，注册请求被重定向到电子社区中的附属域服务器。附属域名服务器准备并向用户浏览器发送附属DIDC注册确认，将注册确认重定向到本地域服务器。家庭域服务器修改家庭DIDC以包括在附属站点上指示成功登记的符号。可以为多个附属域重复该过程以实现一部分或整个电子社区的自动注册。

10. 发明申请

US20080293378A1 MOBILE DEVICE WITH AN OBFUSCATED MOBILE DEVICE USER IDENTITY 有权
标题翻译：移动设备与移动设备的用户身份
公开(公告)号：US20080293378A1
公开(公告)日：2008-11-27
申请号：US11752944
申请日：2007-05-24
申请人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
发明人： Heather Maria Hinton , Alastair John Angwin , Mark Pozefsky
IPC分类号： H04M1/66
CPC分类号： H04L63/0407 , H04W12/02 , H04W88/02
摘要： A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator (or an entity authorized thereby). When the mobile device user roams into a foreign network, that network receives the enriched identifier in lieu of an MSISDN. The foreign network uses the first part to identify the mobile device user's home network, e.g., to determine whether to permit the requested access (or to provide some other value-added service). The foreign network, however, cannot decode the second part; thus, the mobile device's identity (as well as the identity of the mobile device user) remains obscured. This ensures that the user's privacy is maintained, while preventing third parties from building a profile of the device based on the requests that include the MSISDN or similar identifier.
摘要翻译：通常伴随移动设备请求的移动设备标识符（例如，MSISDN）被暴露于移动设备用户的本地操作员但是模糊移动设备（以及因此设备用户的身份）的“丰富”标识符所替代。在一个实施例中，标识符包括第一部分和第二部分。第一部分包括标识（直接地或通过数据库查找）移动设备用户的本地操作员的数据串。然而，第二部分是不透明的数据串，例如一次性使用的唯一标识符（UID）或另外被导出为MSISDN（或类似的）的函数的值）。不透明数据串以优选仅由用户的家庭运营商（或由其授权的实体）恢复的方式对移动设备的身份进行编码。当移动设备用户漫游到外部网络时，该网络接收到代替MSISDN的富集标识符。外部网络使用第一部分来识别移动设备用户的家庭网络，例如，以确定是否允许所请求的访问（或提供一些其他增值服务）。然而，外部网络无法解码第二部分; 因此，移动设备的身份（以及移动设备用户的身份）仍然被遮蔽。这确保了用户的隐私被维护，同时防止第三方基于包括MSISDN或类似标识符的请求构建设备的配置文件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式