专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070016782A1 User mapping information extension for protocols 有权
标题翻译：协议的用户映射信息扩展
公开(公告)号：US20070016782A1
公开(公告)日：2007-01-18
申请号：US11181525
申请日：2005-07-14
申请人： Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
发明人： Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
IPC分类号： H04L9/00
CPC分类号： H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要： A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译：在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。例如，客户端可以在认证期间向服务器提供用户映射信息。提示（例如，以TLS扩展机制的形式）可以用于发送客户端的域/用户名信息，以帮助服务器将用户的证书映射到帐户。扩展机制提供客户端发送的映射数据的完整性和真实性。用户提供关于在哪里找到正确的帐户或域控制器（指向或以其他方式维护正确的帐户）的提示。根据证书中的提示和其他信息，用户被映射到一个帐户。提示可以由用户在登录时提供。因此，证书被映射到身份以验证用户。发送提示与证书信息一起执行绑定。可以扩展现有协议以传达额外的映射信息（提示）来执行绑定。定义了针对Kerberos的供应商特定扩展，以根据X.509证书和映射用户名提示获取授权数据。

2. 发明授权

US07434253B2 User mapping information extension for protocols 有权
标题翻译：协议的用户映射信息扩展
公开(公告)号：US07434253B2
公开(公告)日：2008-10-07
申请号：US11181525
申请日：2005-07-14
申请人： Christopher J. Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul J. Leach , Liqiang Zhu , David B. Cross
发明人： Christopher J. Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul J. Leach , Liqiang Zhu , David B. Cross
IPC分类号： H04L9/32 , H04L9/00
CPC分类号： H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要： A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译：在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。例如，客户端可以在认证期间向服务器提供用户映射信息。提示（例如，以TLS扩展机制的形式）可以用于发送客户端的域/用户名信息，以帮助服务器将用户的证书映射到帐户。扩展机制提供客户端发送的映射数据的完整性和真实性。用户提供关于在哪里找到正确的帐户或域控制器（指向或以其他方式维护正确的帐户）的提示。根据证书中的提示和其他信息，用户被映射到一个帐户。提示可以由用户在登录时提供。因此，证书被映射到身份以验证用户。发送提示与证书信息一起执行绑定。可以扩展现有协议以传达额外的映射信息（提示）来执行绑定。定义了针对Kerberos的供应商特定扩展，以根据X.509证书和映射用户名提示获取授权数据。

3. 发明申请

US20060288230A1 One time password integration with Kerberos 有权
标题翻译：与Kerberos一次性密码集成
公开(公告)号：US20060288230A1
公开(公告)日：2006-12-21
申请号：US11153631
申请日：2005-06-15
申请人： Christopher Crall , Karthik Jaganathan , Liqiang Zhu , Paul Leach
发明人： Christopher Crall , Karthik Jaganathan , Liqiang Zhu , Paul Leach
IPC分类号： H04L9/00
CPC分类号： H04L9/3247 , H04L9/083 , H04L9/0863 , H04L9/3213 , H04L63/0807 , H04L63/0838
摘要： A domain controller (DC) side plugin supports one time passwords natively in Kerberos, Part of the key material is static and the other part is dynamic, thereby leveraging properties unique to each to securely support one time passwords in an operating system. The user is permitted to type in the one time passcode into a logon user interface. Rather than calling the SAM APIs to get the static passwords, vendors may register callbacks on the DC to plugin their algorithm. These callback functions will return the dynamically calculated passcodes for the user at a specific point in time. This passcode will then be treated as a normal password by the DC.
摘要翻译：域控制器（DC）侧插件在Kerberos中本地支持一次密码，部分密钥材料是静态的，另一部分是动态的，从而利用每个密钥的属性来安全地支持操作系统中的一次密码。允许用户将一次性密码输入登录用户界面。供应商可以在DC上注册回调来插入其算法，而不是调用SAM API来获取静态密码。这些回调函数将在特定时间点返回动态计算的用户密码。然后，该密码将被DC视为正常密码。

4. 发明授权

US07591012B2 Dynamic negotiation of encryption protocols 有权
标题翻译：加密协议的动态协商
公开(公告)号：US07591012B2
公开(公告)日：2009-09-15
申请号：US10791035
申请日：2004-03-02
申请人： Karthik Jaganathan , Liqiang Zhu
发明人： Karthik Jaganathan , Liqiang Zhu
IPC分类号： H04L9/18 , H04L29/00
CPC分类号： H04L9/3213 , H04L9/06 , H04L63/0807 , H04L63/205
摘要： Systems and methods for negotiating an encryption algorithm may be implemented in the context of encryption-based authentication protocols. The invention has the added benefit of providing a system an method that need not interfere with the standard operation of authentication protocols. A first computer, or client computer, can send a negotiation request to a second computer, or server computer. The negotiation request can specify that the client computer supports a selected encryption algorithm. In response, the server computer can return a subsession key for encryption using the selected encryption algorithm. Both client and server may then switch to encryption in the selected encryption algorithm, using the subsession key to encrypt future communications.
摘要翻译：用于协商加密算法的系统和方法可以在基于加密的认证协议的上下文中实现。本发明还提供了一种不需要干扰认证协议的标准操作的方法。第一计算机或客户端计算机可以向第二计算机或服务器计算机发送协商请求。协商请求可以指定客户端计算机支持选定的加密算法。作为响应，服务器计算机可以使用所选择的加密算法返回用于加密的子会话密钥。客户端和服务器都可以在所选择的加密算法中切换到加密，使用子会话密钥加密未来的通信。

5. 发明申请

US20050198490A1 Dynamic negotiation of encryption protocols 有权
标题翻译：加密协议的动态协商
公开(公告)号：US20050198490A1
公开(公告)日：2005-09-08
申请号：US10791035
申请日：2004-03-02
申请人： Karthik Jaganathan , Liqiang Zhu
发明人： Karthik Jaganathan , Liqiang Zhu
IPC分类号： H04L9/00
CPC分类号： H04L9/3213 , H04L9/06 , H04L63/0807 , H04L63/205
摘要： Systems and methods for negotiating an encryption algorithm may be implemented in the context of encryption-based authentication protocols. The invention has the added benefit of providing a system an method that need not interfere with the standard operation of authentication protocols. A first computer, or client computer, can send a negotiation request to a second computer, or server computer. The negotiation request can specify that the client computer supports a selected encryption algorithm. In response, the server computer can return a subsession key for encryption using the selected encryption algorithm. Both client and server may then switch to encryption in the selected encryption algorithm, using the subsession key to encrypt future communications.
摘要翻译：用于协商加密算法的系统和方法可以在基于加密的认证协议的上下文中实现。本发明还提供了一种不需要干扰认证协议的标准操作的方法。第一计算机或客户端计算机可以向第二计算机或服务器计算机发送协商请求。协商请求可以指定客户端计算机支持选定的加密算法。作为响应，服务器计算机可以使用所选择的加密算法返回用于加密的子会话密钥。客户端和服务器都可以在所选择的加密算法中切换到加密，使用子会话密钥加密未来的通信。

6. 发明授权

US07757275B2 One time password integration with Kerberos 有权
标题翻译：与Kerberos一次性密码集成
公开(公告)号：US07757275B2
公开(公告)日：2010-07-13
申请号：US11153631
申请日：2005-06-15
申请人： Christopher J. Crall , Karthik Jaganathan , Liqiang Zhu , Paul J. Leach
发明人： Christopher J. Crall , Karthik Jaganathan , Liqiang Zhu , Paul J. Leach
IPC分类号： G06F21/00 , H04L29/06
CPC分类号： H04L9/3247 , H04L9/083 , H04L9/0863 , H04L9/3213 , H04L63/0807 , H04L63/0838
摘要： A domain controller (DC) side plugin supports one time passwords natively in Kerberos, Part of the key material is static and the other part is dynamic, thereby leveraging properties unique to each to securely support one time passwords in an operating system. The user is permitted to type in the one time passcode into a logon user interface. Rather than calling the SAM APIs to get the static passwords, vendors may register callbacks on the DC to plugin their algorithm. These callback functions will return the dynamically calculated passcodes for the user at a specific point in time. This passcode will then be treated as a normal password by the DC.
摘要翻译：域控制器（DC）侧插件在Kerberos中本地支持一次密码，部分密钥材料是静态的，另一部分是动态的，从而利用每个密钥的属性来安全地支持操作系统中的一次密码。允许用户将一次性密码输入登录用户界面。供应商可以在DC上注册回调来插入其算法，而不是调用SAM API来获取静态密码。这些回调函数将在特定时间点返回动态计算的用户密码。然后，该密码将被DC视为正常密码。

7. 发明申请

US20080301784A1 Native Use Of Web Service Protocols And Claims In Server Authentication 有权
标题翻译：在服务器认证中本地使用Web服务协议和声明
公开(公告)号：US20080301784A1
公开(公告)日：2008-12-04
申请号：US11755968
申请日：2007-05-31
申请人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P. Shewchuk
发明人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P. Shewchuk
IPC分类号： G06F7/04
CPC分类号： H04L63/0823 , H04L63/166 , H04L67/02
摘要： Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.
摘要翻译：通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构，更具体地说，Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。创建了一个安全支持提供程序（SSP），它使用WS- *协议来至少模拟ws-trust和ws-mex，从而通过HTTP协议栈实现策略交换。可以通过WWW-Authenticate标头来交换策略，使得遗留应用程序能够使用WS- *系列协议，而无需修改客户端应用程序。将WS- *协议抽象为通用编程接口，用于本机客户机应用程序的使用。

8. 发明授权

US08528058B2 Native use of web service protocols and claims in server authentication 有权
标题翻译：在服务器认证中本机使用Web服务协议和声明
公开(公告)号：US08528058B2
公开(公告)日：2013-09-03
申请号：US11755968
申请日：2007-05-31
申请人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P Shewchuk
发明人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P Shewchuk
IPC分类号： H04L29/06
CPC分类号： H04L63/0823 , H04L63/166 , H04L67/02
摘要： Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.
摘要翻译：通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构，更具体地说，Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。创建了一个安全支持提供程序（SSP），它使用WS- *协议来至少模拟ws-trust和ws-mex，从而通过HTTP协议栈实现策略交换。可以通过WWW-Authenticate标头来交换策略，使得遗留应用程序能够使用WS- *系列协议，而无需修改客户端应用程序。将WS- *协议抽象为通用编程接口，用于本机客户机应用程序的使用。

9. 发明授权

US07944314B2 Low frequency oscillator for burst-mode dimming control for CCFL driver system 有权
标题翻译：用于CCFL驱动器系统的突发模式调光控制的低频振荡器
公开(公告)号：US07944314B2
公开(公告)日：2011-05-17
申请号：US12537964
申请日：2009-08-07
申请人： Liqiang Zhu , Lieyi Fang
发明人： Liqiang Zhu , Lieyi Fang
IPC分类号： H03L7/00
CPC分类号： H03K3/01 , H03K5/1565 , H03K7/08 , H03M1/56 , H05B33/0815
摘要： Oscillator system and method thereof. The oscillator system includes a first voltage-to-current converter configured to receive a first voltage and generate a first current based on at least information associated with the first voltage, and a second voltage-to-current converter configured to receive a second voltage and generate a second current based on at least information associated with the second voltage. Additionally, the oscillator system further includes a current-mode N-bit digital-to-analog converter configured to receive at least the second current and a first clock signal and to generate a third current based on at least information associated with the second current and the first clock signal. N is a first integer. The first clock signal is associated with a first clock frequency corresponding to a first clock period. Moreover, the oscillator system further includes a current comparator coupled to the first voltage-to-current converter and the current-mode N-bit digital-to-analog converter.
摘要翻译：振荡器系统及其方法。振荡器系统包括第一电压 - 电流转换器，其被配置为接收第一电压并基于至少与第一电压相关联的信息产生第一电流，以及第二电压 - 电流转换器，被配置为接收第二电压和至少基于与第二电压相关联的信息生成第二电流。此外，振荡器系统还包括电流模式N位数模转换器，其被配置为至少接收第二电流和第一时钟信号，并且至少基于与第二电流相关联的信息产生第三电流，以及第一个时钟信号。 N是第一个整数。第一时钟信号与对应于第一时钟周期的第一时钟频率相关联。此外，振荡器系统还包括耦合到第一电压 - 电流转换器和电流模式N位数模转换器的电流比较器。

10. 发明授权

US07827405B2 Mechanism for utilizing kerberos features by an NTLM compliant entity 有权
标题翻译：由NTLM兼容实体利用Kerberos功能的机制
公开(公告)号：US07827405B2
公开(公告)日：2010-11-02
申请号：US11624909
申请日：2007-01-19
申请人： David Christiansen , Liqiang Zhu
发明人： David Christiansen , Liqiang Zhu
IPC分类号： H04L29/06 , H04L9/32 , G06F7/04 , G06F15/16 , G06F17/30
CPC分类号： H04L63/0807 , H04L9/3213 , H04L63/0869 , H04L63/205
摘要： NTLM compliant clients and servers are mutually authenticated in accordance with the Kerberos authentication protocol without migrating the clients or servers to Kerberos. With an RPC framework, a target name is generated from the server host name. The target name includes an indication that mutual authentication is to be accomplished. During the initial stages of the RPC session, the target name is sent to the server. If the server recognizes the target name, the client and server are mutually authenticated in accordance with the Kerberos protocol. If the server does not recognize the target name, the client is authenticated in accordance with the NTLM authentication protocol.
摘要翻译： NTLM兼容客户端和服务器根据Kerberos身份验证协议进行相互验证，而不会将客户端或服务器迁移到Kerberos。使用RPC框架，从服务器主机名生成目标名称。目标名称包括要实现相互认证的指示。在RPC会话的初始阶段，将目标名称发送到服务器。如果服务器识别目标名称，则客户端和服务器将根据Kerberos协议相互验证。如果服务器无法识别目标名称，则客户端将按照NTLM身份验证协议进行身份验证。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式