专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080301784A1 Native Use Of Web Service Protocols And Claims In Server Authentication 有权
标题翻译：在服务器认证中本地使用Web服务协议和声明
公开(公告)号：US20080301784A1
公开(公告)日：2008-12-04
申请号：US11755968
申请日：2007-05-31
申请人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P. Shewchuk
发明人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P. Shewchuk
IPC分类号： G06F7/04
CPC分类号： H04L63/0823 , H04L63/166 , H04L67/02
摘要： Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.
摘要翻译：通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构，更具体地说，Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。创建了一个安全支持提供程序（SSP），它使用WS- *协议来至少模拟ws-trust和ws-mex，从而通过HTTP协议栈实现策略交换。可以通过WWW-Authenticate标头来交换策略，使得遗留应用程序能够使用WS- *系列协议，而无需修改客户端应用程序。将WS- *协议抽象为通用编程接口，用于本机客户机应用程序的使用。

2. 发明授权

US08528058B2 Native use of web service protocols and claims in server authentication 有权
标题翻译：在服务器认证中本机使用Web服务协议和声明
公开(公告)号：US08528058B2
公开(公告)日：2013-09-03
申请号：US11755968
申请日：2007-05-31
申请人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P Shewchuk
发明人： Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P Shewchuk
IPC分类号： H04L29/06
CPC分类号： H04L63/0823 , H04L63/166 , H04L67/02
摘要： Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.
摘要翻译：通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构，更具体地说，Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。创建了一个安全支持提供程序（SSP），它使用WS- *协议来至少模拟ws-trust和ws-mex，从而通过HTTP协议栈实现策略交换。可以通过WWW-Authenticate标头来交换策略，使得遗留应用程序能够使用WS- *系列协议，而无需修改客户端应用程序。将WS- *协议抽象为通用编程接口，用于本机客户机应用程序的使用。

3. 发明授权

US08572716B2 Integrating operating systems with content offered by web based entities 有权
公开(公告)号：US08572716B2
公开(公告)日：2013-10-29
申请号：US11789270
申请日：2007-04-23
申请人： Girish Chander , Tanmoy Dutta , Cristian Ilac , Bronislav Kavsan , Ziquan Li , Andreas K. Luther , Gennady Medvinsky , Liquiang Zhu
发明人： Girish Chander , Tanmoy Dutta , Cristian Ilac , Bronislav Kavsan , Ziquan Li , Andreas K. Luther , Gennady Medvinsky , Liquiang Zhu
IPC分类号： H04L29/06
CPC分类号： H04L63/083 , G06F21/335 , H04L63/08 , H04L63/0807 , H04L63/0884 , H04L63/10 , H04L63/123
摘要： Example embodiments are provided for integrating operating systems with content offered by internet based entities.

4. 发明申请

US20080263651A1 Integrating operating systems with content offered by web based entities 有权
标题翻译：将操作系统与基于Web的实体提供的内容集成
公开(公告)号：US20080263651A1
公开(公告)日：2008-10-23
申请号：US11789270
申请日：2007-04-23
申请人： Girish Chander , Tanmoy Dutta , Cristian Ilac , Bronislav Kavsan , Ziquian Li , Andreas K. Luther , Gennady Medvinsky , Liquiang Zhu
发明人： Girish Chander , Tanmoy Dutta , Cristian Ilac , Bronislav Kavsan , Ziquian Li , Andreas K. Luther , Gennady Medvinsky , Liquiang Zhu
IPC分类号： H04L9/32
CPC分类号： H04L63/083 , G06F21/335 , H04L63/08 , H04L63/0807 , H04L63/0884 , H04L63/10 , H04L63/123
摘要： Example embodiments are provided for integrating operating systems with content offered by internet based entities.
摘要翻译：提供了将操作系统与基于因特网的实体提供的内容集成的示例实施例。

5. 发明授权

US08683549B2 Secure data storage and retrieval incorporating human participation 有权
标题翻译：安全的数据存储和检索结合人的参与
公开(公告)号：US08683549B2
公开(公告)日：2014-03-25
申请号：US11690685
申请日：2007-03-23
申请人： Arthur H. Baker , Brian J. Guarraci , Andrew Stewart Tucker , Gennady Medvinsky , Tanmoy Dutta
发明人： Arthur H. Baker , Brian J. Guarraci , Andrew Stewart Tucker , Gennady Medvinsky , Tanmoy Dutta
IPC分类号： H04L29/06
CPC分类号： G06F21/31 , H04L9/32
摘要： A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.
摘要翻译：计算机相关的安全机制要求人们参与访问验证序列。在请求访问安全数据时，向请求者提供了一个难题。拼图的正确解决需要人类参与。这个难题被选中，使得它的解决方案在人类的能力范围之内，但超越了现有的计算机系统的现状。困惑的可以视觉和/或听觉地呈现给用户。在一个配置中，拼图通过可插拔拼图发生器库获得。随着计算技术的先进水平的提高，图书馆中的拼图发生器可以被替代。

6. 发明申请

US20080320554A1 SECURE DATA STORAGE AND RETRIEVAL INCORPORATING HUMAN PARTICIPATION 有权
标题翻译：安全数据存储和检索并入人参与
公开(公告)号：US20080320554A1
公开(公告)日：2008-12-25
申请号：US11690685
申请日：2007-03-23
申请人： Arthur H. Baker , Brian J. Guarraci , Andrew Stewart Tucker , Gennady Medvinsky , Tanmoy Dutta
发明人： Arthur H. Baker , Brian J. Guarraci , Andrew Stewart Tucker , Gennady Medvinsky , Tanmoy Dutta
IPC分类号： G06F21/00 , H04L9/06
CPC分类号： G06F21/31 , H04L9/32
摘要： A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.
摘要翻译：计算机相关的安全机制要求人们参与访问验证序列。在请求访问安全数据时，向请求者提供了一个难题。拼图的正确解决需要人类参与。这个难题被选中，使得它的解决方案在人类的能力范围之内，但超出了现有的计算机系统的现状。困惑的可以视觉和/或听觉地呈现给用户。在一个配置中，拼图通过可插拔拼图发生器库获得。随着计算技术的先进水平的提高，图书馆中的拼图发生器可以被替代。

7. 发明授权

US07913084B2 Policy driven, credential delegation for single sign on and secure access to network resources 有权
标题翻译：政策驱动，凭据授权单点登录和安全访问网络资源
公开(公告)号：US07913084B2
公开(公告)日：2011-03-22
申请号：US11441588
申请日：2006-05-26
申请人： Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Bahaa El-Din Mahmoud Kamel
发明人： Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Bahaa El-Din Mahmoud Kamel
IPC分类号： H04L9/32
CPC分类号： H04L63/0815 , H04L9/3273 , H04L63/20 , H04L2209/80
摘要： A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
摘要翻译：提供了一种凭证安全支持提供者（Cred SSP），使任何应用程序能够通过客户端安全支持提供商（SSP）软件将客户端的凭据安全地委派给目标服务器，通过网络计算中的服务器端SSP软件环境。本发明的Cred SSP提供了一种安全解决方案，该解决方案部分地基于一组策略，包括针对广泛的攻击的安全性的默认策略，其用于控制和限制从客户机委派用户凭证到服务器。这些策略可以用于任何类型的用户凭证，并且不同的策略被设计为减轻广泛的攻击，从而可以针对给定的授权情况，网络条件，信任级别等进行适当的委托。此外，只有可信的子系统，例如，本地安全机构（LSA）的受信任的子系统可以访问明文凭据，使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权清除文本凭据。

8. 发明申请

US20070277231A1 Policy driven, credential delegation for single sign on and secure access to network resources 有权
标题翻译：政策驱动，凭据授权单点登录和安全访问网络资源
公开(公告)号：US20070277231A1
公开(公告)日：2007-11-29
申请号：US11441588
申请日：2006-05-26
申请人： Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Buhaa El-Din Mahmoud Kamel
发明人： Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Buhaa El-Din Mahmoud Kamel
IPC分类号： H04L9/32
CPC分类号： H04L63/0815 , H04L9/3273 , H04L63/20 , H04L2209/80
摘要： A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
摘要翻译：提供了一种凭证安全支持提供者（Cred SSP），使任何应用程序能够通过客户端安全支持提供商（SSP）软件将客户端的凭据安全地委派给目标服务器，通过网络计算中的服务器端SSP软件环境。本发明的Cred SSP提供了一种安全解决方案，该解决方案部分地基于一组策略，包括针对广泛的攻击的安全性的默认策略，其用于控制和限制从客户机委派用户凭证到服务器。这些策略可以用于任何类型的用户凭证，并且不同的策略被设计为减轻广泛的攻击，从而可以针对给定的授权情况，网络条件，信任级别等进行适当的委托。此外，只有可信的子系统，例如，本地安全机构（LSA）的受信任的子系统可以访问明文凭据，使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权清除文本凭据。

9. 发明申请

US20070016782A1 User mapping information extension for protocols 有权
标题翻译：协议的用户映射信息扩展
公开(公告)号：US20070016782A1
公开(公告)日：2007-01-18
申请号：US11181525
申请日：2005-07-14
申请人： Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
发明人： Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
IPC分类号： H04L9/00
CPC分类号： H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要： A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译：在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。例如，客户端可以在认证期间向服务器提供用户映射信息。提示（例如，以TLS扩展机制的形式）可以用于发送客户端的域/用户名信息，以帮助服务器将用户的证书映射到帐户。扩展机制提供客户端发送的映射数据的完整性和真实性。用户提供关于在哪里找到正确的帐户或域控制器（指向或以其他方式维护正确的帐户）的提示。根据证书中的提示和其他信息，用户被映射到一个帐户。提示可以由用户在登录时提供。因此，证书被映射到身份以验证用户。发送提示与证书信息一起执行绑定。可以扩展现有协议以传达额外的映射信息（提示）来执行绑定。定义了针对Kerberos的供应商特定扩展，以根据X.509证书和映射用户名提示获取授权数据。

10. 发明授权

US07434253B2 User mapping information extension for protocols 有权
标题翻译：协议的用户映射信息扩展
公开(公告)号：US07434253B2
公开(公告)日：2008-10-07
申请号：US11181525
申请日：2005-07-14
申请人： Christopher J. Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul J. Leach , Liqiang Zhu , David B. Cross
发明人： Christopher J. Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul J. Leach , Liqiang Zhu , David B. Cross
IPC分类号： H04L9/32 , H04L9/00
CPC分类号： H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要： A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译：在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。例如，客户端可以在认证期间向服务器提供用户映射信息。提示（例如，以TLS扩展机制的形式）可以用于发送客户端的域/用户名信息，以帮助服务器将用户的证书映射到帐户。扩展机制提供客户端发送的映射数据的完整性和真实性。用户提供关于在哪里找到正确的帐户或域控制器（指向或以其他方式维护正确的帐户）的提示。根据证书中的提示和其他信息，用户被映射到一个帐户。提示可以由用户在登录时提供。因此，证书被映射到身份以验证用户。发送提示与证书信息一起执行绑定。可以扩展现有协议以传达额外的映射信息（提示）来执行绑定。定义了针对Kerberos的供应商特定扩展，以根据X.509证书和映射用户名提示获取授权数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式