专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090094263A1 ENHANCED UTILIZATION OF NETWORK BANDWIDTH FOR TRANSMISSION OF STRUCTURED DATA 审中-公开
标题翻译：用于传输结构化数据的网络带宽的增强利用
公开(公告)号：US20090094263A1
公开(公告)日：2009-04-09
申请号：US11867100
申请日：2007-10-04
申请人： Tomer Shiran , Nir Nice , Itai Almog , Adar Greenshpon
发明人： Tomer Shiran , Nir Nice , Itai Almog , Adar Greenshpon
IPC分类号： G06F17/30
CPC分类号： H04L69/04 , H04L67/02 , H04L67/28 , H04L67/2828
摘要： Systems and methods are described that improve the efficiency of byte caching mechanisms when transmitting or receiving structured data. Some of these techniques may normalize the structured data before transmission over the network. Other techniques may use templates or semantic differences.
摘要翻译：描述了系统和方法，用于在发送或接收结构化数据时提高字节缓存机制的效率。这些技术中的一些可以在通过网络传输之前规范化结构化数据。其他技术可能使用模板或语义差异。

2. 发明授权

US08091124B2 Caching public objects with private connections 有权
标题翻译：使用私有连接缓存公共对象
公开(公告)号：US08091124B2
公开(公告)日：2012-01-03
申请号：US11710335
申请日：2007-02-23
申请人： Itai Almog , Tomer Shiran
发明人： Itai Almog , Tomer Shiran
IPC分类号： H04L29/06
CPC分类号： H04L63/0281 , H04L63/08
摘要： Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is received in response, the content is public, whereby the web proxy server caches the content and returns the content to the client. If the requested content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.
摘要翻译：描述了一种技术，通过该技术，Web代理服务器通过未认证的连接将客户端对内容的请求转发到Web服务器，包括当客户端已经具有到该Web服务器的认证连接时。如果收到网页内容作为回应，内容是公开的，由此Web代理服务器缓存内容并将内容返回给客户端。如果由于需要验证而未收到所请求的内容，则通过客户端的已认证连接重新请求内容，或者如果还不存在，则将响应返回给客户端以完成认证过程以建立认证连接。可以将学习机制（例如，持续已知的私有URL）耦合到选择机制以维护对私有的对象的引用，从而避免在未经认证的连接上的已知私人对象的冗余检索尝试。

3. 发明申请

US20080209524A1 Caching public objects with private connections 有权
标题翻译：使用私有连接缓存公共对象
公开(公告)号：US20080209524A1
公开(公告)日：2008-08-28
申请号：US11710335
申请日：2007-02-23
申请人： Itai Almog , Tomer Shiran
发明人： Itai Almog , Tomer Shiran
IPC分类号： H04L9/32
CPC分类号： H04L63/0281 , H04L63/08
摘要： Described is a technology by which a web proxy server forwards a client request for content to a web server over an unauthenticated connection, including when the client already has an authenticated connection to that web server. If the web content is not received because of a need for authentication, the content is re-requested over the client's authenticated connection, or if one does not yet exist, returns the response to the client to complete the authentication process to establish an authenticated connection. A learning mechanism (e.g., that persists known private URLs) may be coupled to the selection mechanism to maintain references to objects that are private, and thereby avoid redundant retrieval attempts for known private objects over unauthenticated connections.
摘要翻译：描述了一种技术，通过该技术，Web代理服务器通过未认证的连接将客户端对内容的请求转发到Web服务器，包括当客户端已经具有到该Web服务器的认证连接时。如果由于需要验证而未收到网页内容，则会通过客户端的身份验证的连接重新请求内容，或者如果尚未存在，则将该响应返回给客户端以完成认证过程以建立认证连接。可以将学习机制（例如，持续已知的私有URL）耦合到选择机制以维护对私有的对象的引用，从而避免在未经认证的连接上的已知私人对象的冗余检索尝试。

4. 发明授权

US08959596B2 One-time password validation in a multi-entity environment 有权
标题翻译：在多实体环境中进行一次性密码验证
公开(公告)号：US08959596B2
公开(公告)日：2015-02-17
申请号：US11454373
申请日：2006-06-15
申请人： Nir Nice , Ron Mondri , Tomer Shiran , Boaz Ein-Gil
发明人： Nir Nice , Ron Mondri , Tomer Shiran , Boaz Ein-Gil
IPC分类号： G06F7/04 , H04L29/06 , H04L9/32 , H04L9/08
CPC分类号： H04L63/0838 , H04L9/0863 , H04L9/3228 , H04L63/083 , H04L63/0853
摘要： A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.
摘要翻译：单个密码可用于系统中的几个实体的用户的验证，而不会影响安全性。在确定有效性时，会考虑提供验证凭证的实体的来源以及密码。如果先前没有使用验证凭证（例如用户的有效密码和凭据来源），则一次性密码系统将验证凭据。在一次性密码系统中，验证处理器从客户端处理器接收验证凭证。如果客户机处理器以前没有将验证凭证发送给验证处理器，并且凭据有效，则验证处理器将验证凭据。否则，凭据无效。其他客户端处理器可以使用相同的密码及其各自的源标识符，只要其他客户端处理器以前没有使用过凭据，凭证就被声明为有效的。

5. 发明申请

US20070294749A1 One-time password validation in a multi-entity environment 有权
标题翻译：在多实体环境中进行一次性密码验证
公开(公告)号：US20070294749A1
公开(公告)日：2007-12-20
申请号：US11454373
申请日：2006-06-15
申请人： Nir Nice , Ron Mondri , Tomer Shiran , Boaz Ein-Gil
发明人： Nir Nice , Ron Mondri , Tomer Shiran , Boaz Ein-Gil
IPC分类号： H04L9/32
CPC分类号： H04L63/0838 , H04L9/0863 , H04L9/3228 , H04L63/083 , H04L63/0853
摘要： A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.
摘要翻译：单个密码可用于系统中的几个实体的用户的验证，而不会影响安全性。在确定有效性时，会考虑提供验证凭证的实体的来源以及密码。如果先前没有使用验证凭证（例如用户的有效密码和凭据来源），则一次性密码系统将验证凭据。在一次性密码系统中，验证处理器从客户端处理器接收验证凭证。如果客户机处理器以前没有将验证凭证发送给验证处理器，并且凭据有效，则验证处理器将验证凭据。否则，凭据无效。其他客户端处理器可以使用相同的密码及其各自的源标识符，只要其他客户端处理器以前没有使用过凭据，凭证就被声明为有效的。

6. 发明申请

US20080134311A1 Authentication delegation based on re-verification of cryptographic evidence 有权
标题翻译：基于重新验证加密证据的认证授权
公开(公告)号：US20080134311A1
公开(公告)日：2008-06-05
申请号：US11607720
申请日：2006-12-01
申请人： Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
发明人： Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/166 , G06F21/33 , G06F2221/2115 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L29/06965 , H04L63/0823 , H04L2209/38
摘要： The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
摘要翻译：在实体链中委托认证的方法依赖于在网关设备和用户之间的至少一部分TLS握手的记录，其中用户需要访问期望的服务器。然后，该方法依赖于在TLS握手的记录部分中重新验证加密证据，TLS握手被转发到（1）到需要访问的服务器，在这种情况下，服务器重新验证记录部分以确认认证，或者（2）到第三方实体，在这种情况下，第三方实体确认认证，并向网关服务器提供凭证，然后网关服务器使用凭证作为用户对服务器进行认证。

7. 发明申请

US20070192836A1 Explicit Delegation With Strong Authentication 有权
标题翻译：具有强认证的明确授权
公开(公告)号：US20070192836A1
公开(公告)日：2007-08-16
申请号：US11276139
申请日：2006-02-15
申请人： Tomer Shiran , Sara Bitan , Nir Nice , Jeroen de Borst , Dave Field , Shai Herzog
发明人： Tomer Shiran , Sara Bitan , Nir Nice , Jeroen de Borst , Dave Field , Shai Herzog
IPC分类号： H04L9/32 , G06K9/00 , G06F15/16 , H04L9/00 , G06F17/30 , G06F17/00 , G06F9/00 , G06F7/04 , G06F7/58 , G06K19/00 , G06F15/173
CPC分类号： H04L9/321 , H04L9/3263 , H04L9/3271 , H04L9/3297
摘要： Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.
摘要翻译：这里描述了用于执行具有强认证的显式授权的系统和方法。系统可以包括一个或多个客户端，一个或多个终端服务器，以及在客户端和终端服务器之间中间或之间的一个或多个网关。客户端可以包括适合于向网关强烈认证客户端的显式强委派组件。显式强委托组件还可以向网关显式地委托代表客户端进行认证的权限，并定义显式授权有效的时间段。在系统不需要访问第三方证书或密钥分发机构的意义上，该系统可以被视为是独立的。最后，客户端代表客户端控制网关可以对其进行身份验证的网关或终端服务器。

8. 发明授权

US09055107B2 Authentication delegation based on re-verification of cryptographic evidence 有权
标题翻译：基于重新验证加密证据的认证授权
公开(公告)号：US09055107B2
公开(公告)日：2015-06-09
申请号：US11607720
申请日：2006-12-01
申请人： Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
发明人： Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
IPC分类号： H04L29/06 , G06F21/33 , H04L9/32
CPC分类号： H04L63/166 , G06F21/33 , G06F2221/2115 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L29/06965 , H04L63/0823 , H04L2209/38
摘要： The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
摘要翻译：在实体链中委托认证的方法依赖于在网关设备和用户之间记录TLS握手的至少一部分，其中用户需要访问期望的服务器。然后，该方法依赖于在TLS握手的记录部分中重新验证加密证据，TLS握手被转发到（1）到需要访问的服务器，在这种情况下，服务器重新验证记录部分以确认认证，或者（2）到第三方实体，在这种情况下，第三方实体确认认证，并向网关服务器提供凭证，然后网关服务器使用凭证作为用户对服务器进行认证。

9. 发明授权

US08020197B2 Explicit delegation with strong authentication 有权
标题翻译：具有强认证的明确授权
公开(公告)号：US08020197B2
公开(公告)日：2011-09-13
申请号：US11276139
申请日：2006-02-15
申请人： Tomer Shiran , Sara Bitan , Nir Nice , Jeroen de Borst , Dave Field , Shai Herzog
发明人： Tomer Shiran , Sara Bitan , Nir Nice , Jeroen de Borst , Dave Field , Shai Herzog
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： H04L9/321 , H04L9/3263 , H04L9/3271 , H04L9/3297
摘要： Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.
摘要翻译：这里描述了用于执行具有强认证的显式授权的系统和方法。系统可以包括一个或多个客户端，一个或多个终端服务器，以及在客户端和终端服务器之间中间或之间的一个或多个网关。客户端可以包括适合于向网关强烈认证客户端的显式强委派组件。显式强委托组件还可以向网关显式地委托代表客户端进行认证的权限，并定义显式授权有效的时间段。在系统不需要访问第三方证书或密钥分发机构的意义上，该系统可以被视为是独立的。最后，客户端代表客户端控制网关可以对其进行身份验证的网关或终端服务器。

10. 发明授权

US07954152B2 Session management by analysis of requests and responses 有权
标题翻译：会话管理通过分析请求和响应
公开(公告)号：US07954152B2
公开(公告)日：2011-05-31
申请号：US11275433
申请日：2005-12-30
申请人： Tomer Shiran
发明人： Tomer Shiran
IPC分类号： G06F21/00 , G06F21/20 , G06F21/22
CPC分类号： H04L67/22 , H04L63/1466 , H04L2463/102
摘要： Session management by analysis of requests and responses is described herein. A gateway receives requests from a client system, forwards the same to a protected resource, and receives responses from the protected resource. The gateway includes a session management module that manages an authenticated session between the client system and the protected resource. In one aspect, the session management module receives responses that are labeled to indicate whether the requests corresponding to the responses are user-initiated or automatically-initiated. In other aspects, the session management module analyzes the requests to identify any periodic patterns appearing therein. The session management module identifies any requests that are part of a periodic pattern as automatically-initiated requests. In either case, the session management module maintains a timer for each session, and resets the timer when a user-initiated request is identified. Any session whose timer expires is terminated.
摘要翻译：本文描述了通过分析请求和响应的会话管理。网关从客户端系统接收请求，将其转发到受保护的资源，并从受保护的资源接收响应。网关包括一个会话管理模块，用于管理客户机系统和受保护资源之间的认证会话。在一个方面，会话管理模块接收被标记以指示与响应相对应的请求是用户发起还是自动启动的响应。在其他方面，会话管理模块分析请求以识别其中出现的任何周期性模式。会话管理模块将作为周期性模式的一部分的任何请求标识为自动发起的请求。在任一情况下，会话管理模块维护每个会话的定时器，并且当识别出用户发起的请求时，重置定时器。定时器到期的任何会话终止。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式