专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20050240763A9 Web based applications single sign on system and method 审中-公开
标题翻译：基于Web的应用程序单点登录系统和方法
公开(公告)号：US20050240763A9
公开(公告)日：2005-10-27
申请号：US10128415
申请日：2002-04-22
申请人： Shivaram Bhat , Aravindan Ranganathan , Sai Allavarpu
发明人： Shivaram Bhat , Aravindan Ranganathan , Sai Allavarpu
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L63/0815
摘要： In an enterprise server system having a server, a web-base applications single sign-on method and system. The single sign-on system includes logic for assigning and retrieving uniquely identifying tokens that are assigned to a user attempting to access one of many applications in the server. The token is assigned after the user has successfully logged into the server. The assigned token enables the user to access different applications in the server without having to authenticate every time the user goes from one application to the other. In one embodiment of the present invention, the single sign-on system includes a token that provides a listening mechanism for the applications that need to be notified when a token expires in order to deny access to the particular user identified with the expired token.
摘要翻译：在具有服务器，基于Web的应用程序单点登录方法和系统的企业服务器系统中。单点登录系统包括用于分配和检索分配给尝试访问服务器中的许多应用程序之一的用户的唯一标识令牌的逻辑。在用户成功登录到服务器之后，会分配令牌。分配的令牌使用户能够访问服务器中的不同应用程序，而无需每次用户从一个应用程序到另一个应用程序进行身份验证。在本发明的一个实施例中，单点登录系统包括令牌，该令牌为令牌期满时需要被通知的应用提供侦听机制，以便拒绝访问由过期令牌识别的特定用户。

2. 发明授权

US07237256B2 Method and system for providing an open and interoperable system 有权
标题翻译：提供开放和可互操作的系统的方法和系统
公开(公告)号：US07237256B2
公开(公告)日：2007-06-26
申请号：US10619657
申请日：2003-07-14
申请人： Qingwen Cheng , Bhavna Bhatnagar , Hong Xu , Wei Sun , Ping Luo , Shivaram Bhat , Aravindan Ranganathan
发明人： Qingwen Cheng , Bhavna Bhatnagar , Hong Xu , Wei Sun , Ping Luo , Shivaram Bhat , Aravindan Ranganathan
IPC分类号： H04L9/32
CPC分类号： H04L63/0815
摘要： Embodiments of the present invention provide an open and interoperable single sign-on session in a heterogeneous communication network. The open and interoperable single sign-on system is configured by exchanging an entity identifier, an account mapping, an attribute mapping, a site attribute list, an action mapping and/or the like. The entity identifier, account mapping, attribute mapping, site attribute list, action mapping and the like for each partner entity is stored in a partner list accessable to the particular entity. Thereafter, the open and interoperable single sign-on session may be provided upon receipt of a SAML request or assertion containing an entity identifier. The entity identifier contained in the SAML request or assertion is looked-up in the partner list of the particular entity which received the SAML request or assertion. A record containing a matching entity identifier provides the applicable account mapping, attribute mapping, site attribute list, and/or action mapping. The one or more mappings are then utilized to process the SAML request or assertion.
摘要翻译：本发明的实施例提供了在异构通信网络中的开放和可互操作的单点登录会话。通过交换实体标识符，帐号映射，属性映射，站点属性列表，动作映射等来配置开放和可互操作的单点登录系统。每个伙伴实体的实体标识符，帐户映射，属性映射，站点属性列表，操作映射等存储在可访问特定实体的合作伙伴列表中。此后，可以在接收到包含实体标识符的SAML请求或断言时提供开放和可互操作的单点登录会话。包含在SAML请求或断言中的实体标识符在接收到SAML请求或断言的特定实体的合作伙伴列表中查找。包含匹配实体标识符的记录提供适用的帐户映射，属性映射，站点属性列表和/或动作映射。然后利用一个或多个映射来处理SAML请求或断言。

3. 发明授权

US07296235B2 Plugin architecture for extending polices 有权
标题翻译：扩展策略的插件架构
公开(公告)号：US07296235B2
公开(公告)日：2007-11-13
申请号：US10269152
申请日：2002-10-10
申请人： Shivaram Bhat , Hua Cui , Ping Luo , Dilli Dorai Minnal Arumugam , Aravindan Ranganathan
发明人： Shivaram Bhat , Hua Cui , Ping Luo , Dilli Dorai Minnal Arumugam , Aravindan Ranganathan
IPC分类号： G06F3/00
CPC分类号： G06F21/6218 , G06T11/001
摘要： An architecture for allowing extensibility to policies. The architecture has a policy component program that is able to evaluate and enforce polices. The architecture also has plugin modules for allowing a user to customize the polices. The policy component program is able to present interfaces to the user for customizing the polices. The policy component program is further able to integrate customized polices into a framework of the policy component program in response to user input that is based on the interfaces presented to the user. The presented interfaces may be for defining subjects in the policy program, defining conditions in the policy program, defining referrals in the policy program, defining resource names in the policy program, and defining how conflicts will be resolved in the policy program. The interfaces may be compliant with the JAVA programming language.
摘要翻译：允许扩展策略的架构。该架构具有能够评估和执行策略的策略组件程序。该架构还具有允许用户自定义策略的插件模块。策略组件程序能够向用户呈现用于定制策略的界面。策略组件程序还能够将定制策略集成到策略组件程序的框架中，以响应基于呈现给用户的界面的用户输入。所呈现的接口可以用于定义策略程序中的主题，在策略程序中定义条件，在策略程序中定义转介，在策略程序中定义资源名称，以及定义策略程序中的冲突如何被解决。接口可能符合JAVA编程语言。

4. 发明授权

US07716469B2 Method and system for providing a circle of trust on a network 有权
标题翻译：在网络上提供信任圈的方法和系统
公开(公告)号：US07716469B2
公开(公告)日：2010-05-11
申请号：US10627019
申请日：2003-07-25
申请人： Bhavna Bhatnagar , Ping Luo , Qingwen Cheng , Shivaram Bhat , Hong Xu , Wei Sun , Aravindan Ranganathan
发明人： Bhavna Bhatnagar , Ping Luo , Qingwen Cheng , Shivaram Bhat , Hong Xu , Wei Sun , Aravindan Ranganathan
IPC分类号： H04L29/06 , H04L9/32 , G06F7/04
CPC分类号： H04L63/0815 , H04L9/3263 , H04L63/0823
摘要： Embodiments of the present invention provide a circle of trust on a network. The circle of trust is configured by exchanging credential of a first and a second affiliated entity. The credentials of the first affiliated entity is stored in a trusted partner list of the second affiliated entity. The credentials of the second affiliated entity is stored in a trusted partner list of the first affiliated entity. Thereafter, a circle of trust session may be provided when a client device initiates use of a resource on a relying party device by providing an authentication assertion reference. The identity of the issuing party of the authentication is determined as a function of the authentication assertion reference. The relying party sends an authentication query containing its credential to the issuing party. The issuing party determines if the relying party is a trusted entity based upon whether the relying party's credential is contained in the trusted partner list of the issuing party.
摘要翻译：本发明的实施例提供了一种网络上的信任圈。通过交换第一个和第二个附属实体的凭证来配置信任圈。第一个关联实体的凭证存储在第二个关联实体的可信合作伙伴列表中。第二个关联实体的凭证存储在第一个关联实体的可信赖的合作伙伴列表中。此后，当客户端设备通过提供认证断言引用来在依赖方设备上启动资源的使用时，可以提供一个信任圈。认证的发行方的身份被确定为认证断言参考的函数。依赖方向发卡方发送包含其凭据的认证查询。发行方基于信任方的凭证是否包含在发行方的受信任的合作伙伴列表中来确定依赖方是否是可信赖的实体。

5. 发明申请

US20050015593A1 Method and system for providing an open and interoperable system 有权
标题翻译：提供开放和可互操作的系统的方法和系统
公开(公告)号：US20050015593A1
公开(公告)日：2005-01-20
申请号：US10619657
申请日：2003-07-14
申请人： Qingwen Cheng , Bhavna Bhatnagar , Hong Xu , Wei Sun , Ping Luo , Shivaram Bhat , Aravindan Ranganathan
发明人： Qingwen Cheng , Bhavna Bhatnagar , Hong Xu , Wei Sun , Ping Luo , Shivaram Bhat , Aravindan Ranganathan
IPC分类号： H04L9/00 , H04L29/06
CPC分类号： H04L63/0815
摘要： Embodiments of the present invention provide an open and interoperable single sign-on session in a heterogeneous communication network. The open and interoperable single sign-on system is configured by exchanging an entity identifier, an account mapping, an attribute mapping, a site attribute list, an action mapping and/or the like. The entity identifier, account mapping, attribute mapping, site attribute list, action mapping and the like for each partner entity is stored in a partner list accessable to the particular entity. Thereafter, the open and interoperable single sign-on session may be provided upon receipt of a SAML request or assertion containing an entity identifier. The entity identifier contained in the SAML request or assertion is looked-up in the partner list of the particular entity which received the SAML request or assertion. A record containing a matching entity identifier provides the applicable account mapping, attribute mapping, site attribute list, and/or action mapping. The one or more mappings are then utilized to process the SAML request or assertion.
摘要翻译：本发明的实施例提供了在异构通信网络中的开放和可互操作的单点登录会话。通过交换实体标识符，帐户映射，属性映射，站点属性列表，动作映射等来配置开放和可互操作的单点登录系统。每个伙伴实体的实体标识符，帐户映射，属性映射，站点属性列表，操作映射等存储在可访问特定实体的合作伙伴列表中。此后，可以在接收到包含实体标识符的SAML请求或断言时提供开放和可互操作的单点登录会话。包含在SAML请求或断言中的实体标识符在接收到SAML请求或断言的特定实体的合作伙伴列表中查找。包含匹配实体标识符的记录提供适用的帐户映射，属性映射，站点属性列表和/或动作映射。然后利用一个或多个映射来处理SAML请求或断言。

6. 发明授权

US07788711B1 Method and system for transferring identity assertion information between trusted partner sites in a network using artifacts 有权
标题翻译：用于在网络中的信任伙伴站点之间传送身份断言信息的方法和系统，使用工件
公开(公告)号：US07788711B1
公开(公告)日：2010-08-31
申请号：US10683728
申请日：2003-10-09
申请人： Wei Sun , Aravindan Ranganathan , Ping Luo , Qingwen Cheng , Shivaram Bhat , Hong Xu , Bhavna Bhatnagar
发明人： Wei Sun , Aravindan Ranganathan , Ping Luo , Qingwen Cheng , Shivaram Bhat , Hong Xu , Bhavna Bhatnagar
IPC分类号： G06F7/04
CPC分类号： H04L63/0815
摘要： A method for managing access to multiple applications using a central server. The method includes receiving a user name and password from an application for a user, generating identity assertion information using the user name and password, generating an artifact associated with the identity assertion information, sending the artifact to the application, receiving the artifact and a request for the identity assertion information from a second application, verifying the validity of the artifact, and sending the identity assertion information to the second application. The second application uses the identity assertion information to authorize the user to access the second application.
摘要翻译：使用中央服务器管理对多个应用程序的访问的方法。该方法包括从用户的应用程序接收用户名和密码，使用用户名和密码生成身份断言信息，生成与身份断言信息相关联的工件，将工件发送到应用程序，接收工件和请求用于来自第二应用的身份断言信息，验证伪像的有效性，以及将身份断言信息发送到第二应用。第二个应用程序使用身份断言信息来授权用户访问第二个应用程序。

7. 发明授权

US07594256B2 Remote interface for policy decisions governing access control 有权
标题翻译：远程接口用于管理访问控制的策略决策
公开(公告)号：US07594256B2
公开(公告)日：2009-09-22
申请号：US10608882
申请日：2003-06-26
申请人： Shivaram Bhat , Hua Cui , Ping Luo , Dilli Dorai Minnal Arumugam , Aravindan Ranganathan
发明人： Shivaram Bhat , Hua Cui , Ping Luo , Dilli Dorai Minnal Arumugam , Aravindan Ranganathan
IPC分类号： H04L9/00
CPC分类号： H04L63/102 , G06F21/6227
摘要： Methods and systems thereof for controlling access to resources are described. When a user attempts to access a resource via a remote interface such as a Web server, the request is initially evaluated by a source of policy definitions such as a policy server. This source returns a policy decision to the remote interface. The policy decision is stored in memory by the remote interface. The remote interface can then evaluate subsequent requests from the user for the resource using the stored policy decision instead of having to communicate again with the source for the policy decision. Enhancements to this approach are also described. Accordingly, policy definitions and decisions are more efficiently implemented.
摘要翻译：描述了用于控制资源访问的方法和系统。当用户尝试通过远程接口（如Web服务器）访问资源时，请求最初由策略定义的来源（如策略服务器）进行评估。该源返回到远程接口的策略决定。策略决定由远程接口存储在内存中。然后，远程接口可以使用存储的策略决定来评估来自用户对于资源的后续请求，而不必再次与策略决定的源进行通信。还描述了对该方法的增强。因此，政策定义和决策更有效地实施。

8. 发明申请

US20050021978A1 Remote interface for policy decisions governing access control 有权
标题翻译：远程接口用于管理访问控制的策略决策
公开(公告)号：US20050021978A1
公开(公告)日：2005-01-27
申请号：US10608882
申请日：2003-06-26
申请人： Shivaram Bhat , Hua Cui , Ping Luo , Dilli Arumugam , Aravindan Ranganathan
发明人： Shivaram Bhat , Hua Cui , Ping Luo , Dilli Arumugam , Aravindan Ranganathan
IPC分类号： G06F21/00 , H04K1/00 , H04L29/06
CPC分类号： H04L63/102 , G06F21/6227
摘要： Methods and systems thereof for controlling access to resources are described. When a user attempts to access a resource via a remote interface such as a Web server, the request is initially evaluated by a source of policy definitions such as a policy server. This source returns a policy decision to the remote interface. The policy decision is stored in memory by the remote interface. The remote interface can then evaluate subsequent requests from the user for the resource using the stored policy decision instead of having to communicate again with the source for the policy decision. Enhancements to this approach are also described. Accordingly, policy definitions and decisions are more efficiently implemented.
摘要翻译：描述了用于控制资源访问的方法和系统。当用户尝试通过远程接口（如Web服务器）访问资源时，请求最初由策略定义的来源（如策略服务器）进行评估。该源返回到远程接口的策略决定。策略决定由远程接口存储在内存中。然后，远程接口可以使用存储的策略决定来评估来自用户对于资源的后续请求，而不必再次与策略决定的源进行通信。还描述了对该方法的增强。因此，政策定义和决策更有效地实施。

9. 发明申请

US20050021964A1 Method and system for providing a circle of trust on a network 有权
标题翻译：在网络上提供信任圈的方法和系统
公开(公告)号：US20050021964A1
公开(公告)日：2005-01-27
申请号：US10627019
申请日：2003-07-25
申请人： Bhavna Bhatnagar , Ping Luo , Qingwen Cheng , Shivaram Bhat , Hong Xu , Wei Sun , Aravindan Ranganathan
发明人： Bhavna Bhatnagar , Ping Luo , Qingwen Cheng , Shivaram Bhat , Hong Xu , Wei Sun , Aravindan Ranganathan
IPC分类号： H04L9/32 , H04L29/06 , H04L9/00
CPC分类号： H04L63/0815 , H04L9/3263 , H04L63/0823
摘要： Embodiments of the present invention provide a circle of trust on a network. The circle of trust is configured by exchanging credential of a first and a second affiliated entity. The credentials of the first affiliated entity is stored in a trusted partner list of the second affiliated entity. The credentials of the second affiliated entity is stored in a trusted partner list of the first affiliated entity. Thereafter, a circle of trust session may be provided when a client device initiates use of a resource on a relying party device by providing an authentication assertion reference. The identity of the issuing party of the authentication is determined as a function of the authentication assertion reference. The relying party sends an authentication query containing its credential to the issuing party. The issuing party determines if the relying party is a trusted entity based upon whether the relying party's credential is contained in the trusted partner list of the issuing party.
摘要翻译：本发明的实施例提供了一种网络上的信任圈。通过交换第一个和第二个附属实体的凭证来配置信任圈。第一个关联实体的凭证存储在第二个关联实体的可信合作伙伴列表中。第二个关联实体的凭证存储在第一个关联实体的可信赖的合作伙伴列表中。此后，当客户端设备通过提供认证断言引用来在依赖方设备上启动资源的使用时，可以提供一个信任圈。认证的发行方的身份被确定为认证断言参考的函数。依赖方向发卡方发送包含其凭据的认证查询。发行方基于信任方的凭证是否包含在发行方的受信任的合作伙伴列表中来确定依赖方是否是可信赖的实体。

10. 发明申请

US20060095779A9 Uniform resource locator access management and control system and method 有权
公开(公告)号：US20060095779A9
公开(公告)日：2006-05-04
申请号：US10127898
申请日：2002-04-22
申请人： Shivaram Bhat , James Nelson
发明人： Shivaram Bhat , James Nelson
IPC分类号： H04L9/00
CPC分类号： H04L63/102 , H04L67/02
摘要： In an enterprise server environment having a uniform resource locator (URL) access management and control system. The server includes a user authentication logic to authenticate users attempting to connect to the server to access URL file and directories residing in the server. In one embodiment of the present invention, the user is provided with an identification token and a user URL access policy which allows the user's credentials to be validated and permitted access to a list of URLs in the directory server. In one embodiment of the present invention, a URL access enforcement logic uses the user's URL access policy to determine which URLs in the directory server a user may or may not access. The user's URL access policy may include an access deny or an access allow value which respectively denies or allows the user access to particular URL.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式