专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06339827B1 Method for securing sensitive data in a LDAP directory service utilizing a client and/or server control 失效
标题翻译：使用客户端和/或服务器控件在LDAP目录服务中保护敏感数据的方法
公开(公告)号：US06339827B1
公开(公告)日：2002-01-15
申请号：US08968100
申请日：1997-11-12
申请人： Ellen Jean Stokes , Ivan Matthew Milman
发明人： Ellen Jean Stokes , Ivan Matthew Milman
IPC分类号： H04L932
CPC分类号： H04L63/0428 , H04L63/123
摘要： The lightweight directory access protocol (LDAP) is extended to include client- and server-based controls for securing sensitive data in the directory service. The set of controls include a client control implemented on a client machine, and/or a server control implemented on a server machine. It is not required that both controls be implemented together, and a client machine may implement the client control irrespective of whether a server involved in the directory operation is running the server control.
摘要翻译：轻量级目录访问协议（LDAP）被扩展为包括基于客户端和服务器的控件，用于保护目录服务中的敏感数据。该组控件包括在客户端机器上实现的客户端控制和/或在服务器机器上实现的服务器控件。不要求两个控件一起实现，客户端机器可以实现客户端控制，而不管目录操作中涉及的服务器是否正在运行服务器控件。

2. 发明授权

US08181225B2 Specializing support for a federation relationship 失效
标题翻译：专门支持联盟关系
公开(公告)号：US08181225B2
公开(公告)日：2012-05-15
申请号：US12481007
申请日：2009-06-09
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F7/04
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.
摘要翻译：本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

3. 发明授权

US5862323A Retrieving plain-text passwords from a main registry by a plurality of foreign registries 失效
标题翻译：从多个外部注册表从主注册表检索纯文本密码
公开(公告)号：US5862323A
公开(公告)日：1999-01-19
申请号：US557754
申请日：1995-11-13
申请人： George Robert Blakley, III , Ivan Matthew Milman , Wayne Dube Sigler
发明人： George Robert Blakley, III , Ivan Matthew Milman , Wayne Dube Sigler
IPC分类号： G06F12/14 , G06F1/00 , G06F13/00 , G06F13/42 , G06F15/16 , G06F15/177 , G06F21/00 , G06F21/20 , G06F21/24 , H04K1/00 , H04L9/00
CPC分类号： G06F21/31 , G06F21/46
摘要： A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network system server includes a security server, which is coupled to the main data store, a plurality of clients, which is coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, a password synchronization server, which is coupled to security server and the plurality of secondary data stores, and a password repository, which is coupled to the password synchronization server, that stores the passwords. One of the secondary data stores can retrieve the passwords via the password synchronization server so that each client is able to maintain a single, unique password among the plurality of secondary data stores. Password retrieval is instigated by at least one of the plurality of secondary data stores regardless of the current password status of the secondary data stores.
摘要翻译：公开了一种在主数据存储和多个辅助数据存储之间提供密码同步的网络系统服务器。网络系统服务器包括耦合到主数据存储的安全服务器，多个客户端，其耦合到安全服务器以访问主数据存储，其中每个客户端维护唯一的可修改密码，密码同步服务器，其耦合到安全服务器和多个辅助数据存储，以及耦合到密码同步服务器的密码存储库，其存储密码。辅助数据存储中的一个可以通过密码同步服务器检索密码，以便每个客户端能够在多个辅助数据存储之间维护一个唯一的密码。密码检索是由多个辅助数据存储器中的至少一个引起的，而不管辅助数据存储器的当前密码状态如何。

4. 发明授权

US5832211A Propagating plain-text passwords from a main registry to a plurality of foreign registries 失效
标题翻译：从主注册表传播明文密码到多个外国注册管理机构
公开(公告)号：US5832211A
公开(公告)日：1998-11-03
申请号：US557755
申请日：1995-11-13
申请人： George Robert Blakley, III , Ivan Matthew Milman , Wayne Dube Sigler
发明人： George Robert Blakley, III , Ivan Matthew Milman , Wayne Dube Sigler
IPC分类号： G06F12/14 , G06F1/00 , G06F12/00 , G06F13/00 , G06F21/00 , G06F21/20 , G06F21/24 , H04K1/00 , H04L9/00
CPC分类号： G06F21/31 , G06F21/46
摘要： A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network server further includes a security server, which is coupled to the main data store, a plurality of clients, coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, and a password synchronization server, coupled to the security server and the plurality of secondary data stores, that provides password propagation synchronization to each of the secondary data stores from a user associated with one of the plurality of clients so that user is able to maintain a single, unique password among plurality of secondary data stores. The password propagation is imposed on the plurality of secondary data stores regardless of the current password status of the secondary data stores.
摘要翻译：公开了一种在主数据存储和多个辅助数据存储之间提供密码同步的网络系统服务器。网络服务器还包括耦合到主数据存储的安全服务器，耦合到安全服务器的多个客户端，用于访问主数据存储，其中每个客户端维护唯一的可修改的密码和密码同步服务器，耦合到安全服务器和多个辅助数据存储，其从与多个客户端中的一个客户端相关联的用户提供与每个次要数据存储的密码传播同步，使得用户能够在多个客户端之间维护单个唯一密码的次要数据存储。密码传播被施加在多个辅助数据存储上，而不管辅助数据存储器的当前密码状态如何。

5. 发明授权

US07631346B2 Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment 有权
标题翻译：在联合计算环境中的单一登录过程中的运行时用户帐户创建操作的方法和系统
公开(公告)号：US07631346B2
公开(公告)日：2009-12-08
申请号：US11097587
申请日：2005-04-01
申请人： Heather Maria Hinton , Ivan Matthew Milman , Venkat Raghavan , Shane Bradley Weeden
发明人： Heather Maria Hinton , Ivan Matthew Milman , Venkat Raghavan , Shane Bradley Weeden
IPC分类号： G06F7/04 , G06F15/16 , G04L9/32 , G06F17/30
CPC分类号： H04L63/0815 , G06F21/41
摘要： A method, system, apparatus, and computer program product are presented to support computing systems of different enterprises that interact within a federated computing environment. Federated single-sign-on operations can be initiated at the computing systems of federation partners on behalf of a user even though the user has not established a user account at a federation partner prior to the initiation of the single-sign-on operation. For example, an identity provider can initiate a single-sign-on operation at a service provider while attempting to obtain access to a controlled resource on behalf of a user. When the service provider recognizes that it does not have a linked user account for the user that allows for a single-sign-on operation with the identity provider, the service provider creates a local user account. The service provider can also pull user attributes from the identity provider as necessary to perform the user account creation operation.
摘要翻译：提出了一种方法，系统，装置和计算机程序产品，以支持在联合计算环境内交互的不同企业的计算系统。即使用户在单点登录操作开始之前尚未在联盟伙伴上建立用户帐户，也可以代表用户在联盟伙伴的计算系统上启动联合单点登录操作。例如，身份提供者可以尝试在代表用户获得受控资源的访问的情况下，在服务提供商处启动单点登录操作。当服务提供商认识到它不具有用于允许与身份提供商进行单点登录操作的用户的链接用户帐户时，服务提供商创建本地用户帐户。服务提供商还可以根据需要从身份提供者提取用户属性，以执行用户帐户创建操作。

6. 发明申请

US20090259753A1 Specializing Support For A Federation Relationship 失效
标题翻译：专业支持联邦关系
公开(公告)号：US20090259753A1
公开(公告)日：2009-10-15
申请号：US12481007
申请日：2009-06-09
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.
摘要翻译：本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

7. 发明授权

US06510236B1 Authentication framework for managing authentication requests from multiple authentication devices 失效
标题翻译：用于管理来自多个认证设备的认证请求的认证框架
公开(公告)号：US06510236B1
公开(公告)日：2003-01-21
申请号：US09210093
申请日：1998-12-11
申请人： Michael A. Crane , Ivan Matthew Milman
发明人： Michael A. Crane , Ivan Matthew Milman
IPC分类号： G06K900
CPC分类号： G06F21/32 , G06F21/34 , G07C9/00158 , G07C9/00166 , H04L63/0876
摘要： An authentication framework for authenticating clients, each of which is coupled to an authentication device of one of a plurality of permitted authentication device types. An authentication method begins by having a client pass to an application server a request for authentication. The request includes a user id and device id identifying a client and an authentication device coupled thereto. The application server determines which device authentication server the request is intended for, and then forwards authentication data in the request to that server. If the device authentication server verifies that the authentication data is acceptable, an authorization token is returned to the client.
摘要翻译：用于认证客户端的认证框架，每个客户端耦合到多个允许认证设备类型之一的认证设备。认证方法从客户端向应用服务器传递认证请求开始。该请求包括标识客户端的用户ID和设备ID以及与其相连的认证设备。应用服务器确定请求所针对的设备认证服务器，然后将请求中的认证数据转发给该服务器。如果设备认证服务器验证认证数据是否可以接受，则向客户端返回授权令牌。

8. 发明授权

US09397981B2 Method and system for secure document exchange 有权
标题翻译：安全文件交换的方法和系统
公开(公告)号：US09397981B2
公开(公告)日：2016-07-19
申请号：US12426752
申请日：2009-04-20
申请人： Heather Maria Hinton , Ivan Matthew Milman
发明人： Heather Maria Hinton , Ivan Matthew Milman
IPC分类号： H04L29/06
CPC分类号： H04L63/0428 , H04L9/0863 , H04L63/06
摘要： A document management (DM), data leak prevention (DLP) or similar application in a data processing system is instrumented with a document protection service provider interface (SPI). The service provider interface is used to call an external function, such as an encryption utility, that is used to facilitate secure document exchange between a sending entity and a receiving entity. The encryption utility may be configured for local download to and installation in the machine on which the SPI is invoked, but a preferred approach is to use the SPI to invoke an external encryption utility as a “service.” In such case, the external encryption utility is implemented by a service provider. When the calling program invokes the SPI, preferably the user is provided with a display panel. Using that panel, the end user provides a password that is used for encryption key generation, together with an indication of the desired encryption strength. The service provider uses the password to generate the encryption key. In one embodiment, the service provider provides the key to the service provider interface, which then uses the key to encrypt the document and to complete the file transfer operation. In the alternative, the service provider itself performs the document or file encryption. The service provider interface also preferably generates and sends an email or other message to the receiving entity that includes the key or a link to enable the receiving entity to retrieve the key. This approach obviates the sending and receiving entity having to install and manage matched or other special-purpose encryption utilities.
摘要翻译：数据处理系统中的文档管理（DM），数据泄漏预防（DLP）或类似应用程序具有文档保护服务提供者接口（SPI）。服务提供商接口用于调用外部功能，例如加密实用程序，用于促进发送实体和接收实体之间的安全文档交换。加密实用程序可以被配置为用于本地下载并安装在调用SPI的机器中，但优选的方法是使用SPI来将外部加密实用程序作为“服务”来调用。在这种情况下，外部加密实用程序由服务提供商实现。当调用程序调用SPI时，优选地，用户被提供有显示面板。使用该面板，最终用户提供用于加密密钥生成的密码以及所需加密强度的指示。服务提供商使用密码来生成加密密钥。在一个实施例中，服务提供商向服务提供商接口提供密钥，然后使用密钥对文档进行加密并完成文件传输操作。在替代方案中，服务提供商本身执行文档或文件加密。服务提供商接口还优选地生成并发送包括密钥或链接的接收实体的电子邮件或其他消息，以使接收实体能够检索密钥。这种方法避免了发送和接收实体必须安装和管理匹配或其他专用加密实用程序。

9. 发明申请

US20100268934A1 METHOD AND SYSTEM FOR SECURE DOCUMENT EXCHANGE 有权
标题翻译：用于安全文件交换的方法和系统
公开(公告)号：US20100268934A1
公开(公告)日：2010-10-21
申请号：US12426752
申请日：2009-04-20
申请人： Heather Maria Hinton , Ivan Matthew Milman
发明人： Heather Maria Hinton , Ivan Matthew Milman
IPC分类号： H04L29/06
CPC分类号： H04L63/0428 , H04L9/0863 , H04L63/06
摘要： A document management (DM), data leak prevention (DLP) or similar application in a data processing system is instrumented with a document protection service provider interface (SPI). The service provider interface is used to call an external function, such as an encryption utility, that is used to facilitate secure document exchange between a sending entity and a receiving entity. The encryption utility may be configured for local download to and installation in the machine on which the SPI is invoked, but a preferred approach is to use the SPI to invoke an external encryption utility as a “service.” In such case, the external encryption utility is implemented by a service provider. When the calling program invokes the SPI, preferably the user is provided with a display panel. Using that panel, the end user provides a password that is used for encryption key generation, together with an indication of the desired encryption strength. The service provider uses the password to generate the encryption key. In one embodiment, the service provider provides the key to the service provider interface, which then uses the key to encrypt the document and to complete the file transfer operation. In the alternative, the service provider itself performs the document or file encryption. The service provider interface also preferably generates and sends an email or other message to the receiving entity that includes the key or a link to enable the receiving entity to retrieve the key. This approach obviates the sending and receiving entity having to install and manage matched or other special-purpose encryption utilities.
摘要翻译：数据处理系统中的文档管理（DM），数据泄漏预防（DLP）或类似应用程序具有文档保护服务提供者接口（SPI）。服务提供商接口用于调用外部功能，例如加密实用程序，用于促进发送实体和接收实体之间的安全文档交换。加密实用程序可以被配置为用于本地下载并安装在调用SPI的机器中，但优选的方法是使用SPI来将外部加密实用程序作为“服务”来调用。在这种情况下，外部加密实用程序由服务提供商实现。当调用程序调用SPI时，优选地，用户被提供有显示面板。使用该面板，最终用户提供用于加密密钥生成的密码以及所需加密强度的指示。服务提供商使用密码来生成加密密钥。在一个实施例中，服务提供商向服务提供商接口提供密钥，然后使用密钥对文档进行加密并完成文件传输操作。在替代方案中，服务提供商本身执行文档或文件加密。服务提供商接口还优选地生成并发送包括密钥或链接的接收实体的电子邮件或其他消息，以使接收实体能够检索密钥。这种方法避免了发送和接收实体必须安装和管理匹配或其他专用加密实用程序。

10. 发明申请

US20100107244A1 Trust Event Notification and Actions Based on Thresholds and Associated Trust Metadata Scores 有权
标题翻译：基于阈值和相关信任元信息的信任事件通知和操作
公开(公告)号：US20100107244A1
公开(公告)日：2010-04-29
申请号：US12257878
申请日：2008-10-24
申请人： Chung-Sheng Li , Ivan Matthew Milman , Guenter Anton Sauter , Harald Clyde Smith , Charles Daniel Wolfson
发明人： Chung-Sheng Li , Ivan Matthew Milman , Guenter Anton Sauter , Harald Clyde Smith , Charles Daniel Wolfson
IPC分类号： G06F21/00
CPC分类号： G06F21/577
摘要： An approach is provided for selecting one or more trust factors from trust factors included in a trust index repository. Thresholds are identified corresponding to one or more of the selected trust factors. Actions are identified to perform when the selected trust factors reach the corresponding threshold values. The identified thresholds, identified actions, and selected trust factors are stored in a data store. The selected trust factors are monitored by comparing one or more trust metadata scores with the stored identified thresholds. The stored identified actions that correspond to the selected trust factors are performed when one or more of the trust metadata scores reach the identified thresholds. At least one of the actions includes an event notification that is provided to a trust data consumer.
摘要翻译：提供了一种用于从包括在信任指数存储库中的信任因子中选择一个或多个信任因子的方法。对应于一个或多个所选择的信任因子来识别阈值。当所选择的信任因素达到相应的阈值时，确定动作被执行。所识别的阈值，识别的动作和所选择的信任因子被存储在数据存储器中。通过将一个或多个信任元数据分数与存储的已确定的阈值进行比较来监视所选择的信任因子。当信任元数据分数中的一个或多个达到所识别的阈值时，执行对应于所选信任因子的所存储的已识别动作。至少一个动作包括提供给信任数据消费者的事件通知。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式