会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明授权
    • Policy driven, credential delegation for single sign on and secure access to network resources
    • 政策驱动,凭据授权单点登录和安全访问网络资源
    • US07913084B2
    • 2011-03-22
    • US11441588
    • 2006-05-26
    • Gennady MedvinskyCristian IlacCostin HagiuJohn E. ParsonsMohamed Emad El Din FathallaPaul J. LeachTarek Bahaa El-Din Mahmoud Kamel
    • Gennady MedvinskyCristian IlacCostin HagiuJohn E. ParsonsMohamed Emad El Din FathallaPaul J. LeachTarek Bahaa El-Din Mahmoud Kamel
    • H04L9/32
    • H04L63/0815H04L9/3273H04L63/20H04L2209/80
    • A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
    • 提供了一种凭证安全支持提供者(Cred SSP),使任何应用程序能够通过客户端安全支持提供商(SSP)软件将客户端的凭据安全地委派给目标服务器,通过网络计算中的服务器端SSP软件 环境。 本发明的Cred SSP提供了一种安全解决方案,该解决方案部分地基于一组策略,包括针对广泛的攻击的安全性的默认策略,其用于控制​​和限制从客户机委派用户凭证 到服务器。 这些策略可以用于任何类型的用户凭证,并且不同的策略被设计为减轻广泛的攻击,从而可以针对给定的授权情况,网络条件,信任级别等进行适当的委托。此外,只有可信的子系统,例如 ,本地安全机构(LSA)的受信任的子系统可以访问明文凭据,使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权 清除文本凭据。