专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060294366A1 Method and system for establishing a secure connection based on an attribute certificate having user credentials 审中-公开
标题翻译：基于具有用户凭证的属性证书建立安全连接的方法和系统
公开(公告)号：US20060294366A1
公开(公告)日：2006-12-28
申请号：US11165483
申请日：2005-06-23
申请人： Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
发明人： Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3271 , H04L63/061 , H04L63/0823 , H04L63/166 , H04L2209/56
摘要： A method and system is presented for supporting the establishment of a secure communication session within a data processing system. A certificate request command is sent from a server to a client. A certificate command is received at the server from the client in response to the certificate request command, and the certificate command is accompanied by a public key certificate and an attribute certificate that is digitally signed by a private key that is bound to the public key certificate. A secure communication session is established in response to successfully verifying the public key certificate. The attribute certificate contains credential information for an authentication operation or an authorization operation that is performed after establishment of the secure communication session.
摘要翻译：提出了一种用于支持在数据处理系统内建立安全通信会话的方法和系统。证书请求命令从服务器发送到客户端。响应于证书请求命令从客户端接收到证书命令，并且证书命令伴随有公钥证书和属性证书，该密钥证书和属性证书由绑定到公钥证书的私钥进行数字签名。响应成功验证公钥证书，建立安全通信会话。属性证书包含认证操作的证书信息或在建立安全通信会话之后执行的授权操作。

2. 发明申请

US20050278534A1 Method and system for certification path processing 失效
标题翻译：认证路径处理方法和系统
公开(公告)号：US20050278534A1
公开(公告)日：2005-12-15
申请号：US10855728
申请日：2004-05-27
申请人： Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
发明人： Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L9/3263 , H04L2209/56 , H04L2209/60
摘要： A method, an apparatus, a system, and a computer program product are presented for validating certificates. A certificate validation service receives a certificate validation request for a target certificate from a client, thereby allowing the client to offload certificate validation tasks into an online certificate validation service that is accessible and sharable by multiple components within a data processing system. In response to a determination that the target certificate is valid or invalid, the certificate validation service sends a certificate validation response with an indicating status value that the target certificate is valid or invalid. The certificate validation service is able to cache information about previously validated certificates and the associated certificate chains, thereby enhancing the efficiency of the service. Different certificate validation policies may be applied against target certificates based upon information associated with the target certificates.
摘要翻译：提供了验证证书的方法，装置，系统和计算机程序产品。证书验证服务从客户端接收目标证书的证书验证请求，从而允许客户端将证书验证任务卸载到可由数据处理系统内的多个组件访问和共享的在线证书验证服务。响应于目标证书有效或无效的确定，证书验证服务发送具有目标证书有效或无效的指示状态值的证书验证响应。证书验证服务能够缓存有关以前验证的证书和关联的证书链的信息，从而提高服务的效率。可以根据与目标证书相关的信息，针对目标证书应用不同的证书验证策略。

3. 发明申请

US20060004662A1 Method and system for a PKI-based delegation process 失效
标题翻译：基于PKI的委托过程的方法和系统
公开(公告)号：US20060004662A1
公开(公告)日：2006-01-05
申请号：US10881978
申请日：2004-06-30
申请人： Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
发明人： Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
IPC分类号： H04L9/00
CPC分类号： H04L63/02 , H04L9/006 , H04L9/0825 , H04L9/3213 , H04L9/3247 , H04L9/3268 , H04L63/0807 , H04L63/0823 , H04L2209/76 , H04L2463/062
摘要： A client generates a session key and a delegation ticket containing information for a requested delegation operation. The client generates a first copy of the session key and encrypts it using a public key of a proxy. The client generates a second copy of the session key and encrypts it using a public key of a server. The client then puts the encrypted session keys and delegation ticket into a first message that is sent to the proxy. The proxy extracts and decrypts its copy of the session key from the first message. The proxy then encrypts a proof-of-delegation data item with the session key and places it and the delegation ticket along with the encrypted copy of the session key for the server into a second message, which is sent to the server. The server extracts and decrypts its copy of the session key from the second message and uses the session key to obtain the proof-of-delegation data. Authority is successfully delegated to the proxy only if the server can verify the proof-of-delegation data.
摘要翻译：客户端生成会话密钥和包含所请求的委派操作的信息的委托票证。客户端生成会话密钥的第一个副本，并使用代理的公钥对其进行加密。客户端生成会话密钥的第二个副本，并使用服务器的公钥对其进行加密。然后，客户端将加密的会话密钥和委派票证放入发送到代理的第一条消息中。代理从第一条消息中提取并解密会话密钥的副本。然后，代理使用会话密钥对代理证件数据项进行加密，并将其和委托凭证以及服务器的会话密钥的加密副本一起放入发送到服务器的第二个消息中。服务器从第二个消息中提取和解密其会话密钥的副本，并使用会话密钥获取授权证明数据。只有当服务器可以验证授权证明数据时，才将成功委托给代理。

4. 发明申请

US20050039158A1 Method and apparatus for adopting authorizations 失效
标题翻译：采用授权的方法和装置
公开(公告)号：US20050039158A1
公开(公告)日：2005-02-17
申请号：US10639862
申请日：2003-08-13
申请人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
发明人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
IPC分类号： G06F9/44
CPC分类号： G06F21/53
摘要： A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译：提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。该方法和设备提供了一个AdoptPermission权限类型，允许一种方法传递Java 2授权测试，而不会明确授予该方法的特定所需权限，而不授予其授予AllPermission权限的方法。使用设备和方法，定义了一个AdoptPermission权限类型，该类型用于允许ProtectionDomain“采用”所需的权限。但是，只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时，才能执行所需的权限。因此，AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制，并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。

5. 发明申请

US20080104698A1 METHOD AND APPARATUS FOR ADOPTING AUTHORIZATIONS 失效
标题翻译：通过授权的方法和装置
公开(公告)号：US20080104698A1
公开(公告)日：2008-05-01
申请号：US11968673
申请日：2008-01-03
申请人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
发明人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译：提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。该方法和设备提供了一个AdoptPermission权限类型，允许一种方法传递Java 2授权测试，而不会明确授予该方法的特定所需权限，而不授予其授予AllPermission权限的方法。使用设备和方法，定义了一个AdoptPermission权限类型，该类型用于允许ProtectionDomain“采用”所需的权限。但是，只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时，才能执行所需的权限。因此，AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制，并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。

6. 发明申请

US20070234417A1 Method and system for native authentication protocols in a heterogeneous federated environment 失效
标题翻译：异构联盟环境中本地认证协议的方法和系统
公开(公告)号：US20070234417A1
公开(公告)日：2007-10-04
申请号：US11761818
申请日：2007-06-12
申请人： George Blakley III , Heather Hinton , Anthony Nadalin
发明人： George Blakley III , Heather Hinton , Anthony Nadalin
IPC分类号： H04L9/32
CPC分类号： H04L63/0281 , H04L63/0807 , H04L63/0815 , H04L63/0823 , H04L2463/102
摘要： A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.
摘要翻译：提出了一种方法，其中联合域在联合环境中相互作用。联盟内的域可以为其他联盟域的用户启动联合单点登录操作。域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。信任代理根据需要解释其他联盟域的断言。信托代理可能与一个或多个信托经纪人有信任关系，信托代理可以依赖信托经纪人来解释断言。

7. 发明申请

US20060168132A1 Business messaging standards to web services 审中-公开
标题翻译： Web服务的商业消息标准
公开(公告)号：US20060168132A1
公开(公告)日：2006-07-27
申请号：US11264355
申请日：2005-10-31
申请人： Paul Bunter , Ralph Hertlein , Sreedhar Janaswamy , Rania Khalaf , Keeranoor Kumar , Michael Mcntosh , Anthony Nadalin , Shishir Saxena , Ralph Williams
发明人： Paul Bunter , Ralph Hertlein , Sreedhar Janaswamy , Rania Khalaf , Keeranoor Kumar , Michael Mcntosh , Anthony Nadalin , Shishir Saxena , Ralph Williams
IPC分类号： G06F15/16
CPC分类号： G06F9/547 , G06Q10/10 , H04L67/02
摘要： A web services framework consists of a modular, extensible stack of XML specifications and standards targeting the emerging infrastructure in which distributed, heterogeneous applications are exposed by different organizations as services on the Internet. These services have their capabilities described and published in a machine readable format.
摘要翻译： Web服务框架包括一个模块化的，可扩展的XML规范和标准栈，针对新兴基础架构，其中分布式异构应用程序由不同组织作为互联网上的服务公开。这些服务具有以机器可读格式描述和发布的功能。

8. 发明申请

US20070056026A1 Role-based access control management for multiple heterogeneous application components 失效
标题翻译：基于角色的多个异构应用程序组件的访问控制管理
公开(公告)号：US20070056026A1
公开(公告)日：2007-03-08
申请号：US11221630
申请日：2005-09-08
申请人： Kathryn Britton , Dieter Buehler , Ching-Yun Chao , Timothy Hahn , Anthony Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , Chun Yang
发明人： Kathryn Britton , Dieter Buehler , Ching-Yun Chao , Timothy Hahn , Anthony Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , Chun Yang
IPC分类号： H04L9/32
CPC分类号： G06F21/6236
摘要： Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.
摘要翻译：本发明的实施例解决了本领域在访问控制方面的缺陷，并提供了用于异构应用组件的集合的访问控制管理的方法，系统和计算机程序产品。在第一实施例中，用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。系统还可以包括将用户与业务角色相关联的至少一个访问策略。最后，系统可以包括策略部署逻辑，包括能够处理访问策略的程序代码，以将用户分配给不同应用程序组件中的不同应用程序角色。

9. 发明申请

US20060294383A1 Secure data communications in web services 审中-公开
标题翻译：在Web服务中安全的数据通信
公开(公告)号：US20060294383A1
公开(公告)日：2006-12-28
申请号：US11168716
申请日：2005-06-28
申请人： Paula Austel , Maryann Hondo , Michael McIntosh , Anthony Nadalin , Nataraj Nagaratnam
发明人： Paula Austel , Maryann Hondo , Michael McIntosh , Anthony Nadalin , Nataraj Nagaratnam
IPC分类号： H04L9/00
CPC分类号： G06F21/606 , G06F21/629 , H04L63/12
摘要： Methods, systems, and products are disclosed in which secure data communications in web services are provided generally by receiving in a web service from a client a request containing an element bearing a first signature, the signature having a value; signing the value of the first signature, thereby creating a second signature; and sending a response from the web service to the client, the response including the second signature. The requester may verify that the response includes the second signature. The request may be encrypted, and the response may be encrypted. The first signature may be encrypted, and the web service may encrypt the value of the first signature and include the encrypted value of the first signature in the response. The web service may receive a request encoded in SOAP and may send a response also encoded in SOAP.
摘要翻译：公开了一种方法，系统和产品，其中Web服务中的安全数据通信通常通过从客户端接收web服务来提供包含具有第一签名的元素的请求，该签名具有值; 签署第一签名的价值，从而创建第二个签名; 以及将所述web服务的响应发送到所述客户端，所述响应包括所述第二签名。请求者可以验证响应包括第二个签名。该请求可以被加密，并且响应可以被加密。可以对第一签名进行加密，并且web服务可以加密第一签名的值并将第一签名的加密值包括在响应中。 Web服务可以接收以SOAP编码的请求，并且可以发送也以SOAP编码的响应。

10. 发明申请

US20060021010A1 Federated identity brokering 失效
公开(公告)号：US20060021010A1
公开(公告)日：2006-01-26
申请号：US10878855
申请日：2004-06-28
申请人： Barry Atkins , David Melgar , Anthony Nadalin , Ajamu Wesley
发明人： Barry Atkins , David Melgar , Anthony Nadalin , Ajamu Wesley
IPC分类号： H04L9/32
CPC分类号： H04L63/0823 , H04L29/06
摘要： A method, system and apparatus for federated identity brokering. In accordance with the present invention, a credential processing gateway can be disposed between one or more logical services and one or more service requesting clients in a computer communications network. Acting as a proxy and a trusted authority to the logical services, the credential processing gateway can map the credentials of the service requesting clients to the certification requirements of the logical services. In this way, the credential processing gateway can act as a federated identity broker in providing identity certification services for a multitude of different service requesting clients without requiring the logical services to include a pre-configuration for specifically processing the credentials of particular service requesting clients.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式