专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20040267670A1 Utilizing LDAP directories for application access control and personalization 有权
标题翻译：利用LDAP目录进行应用程序访问控制和个性化
公开(公告)号：US20040267670A1
公开(公告)日：2004-12-30
申请号：US10876764
申请日：2004-06-28
申请人： WRQ, Inc.
发明人： Vyacheslav Minyailov
IPC分类号： G06F007/00
CPC分类号： H04L63/101 , G06F9/4492 , G06F21/6218 , H04L61/1523 , Y10S707/99933 , Y10S707/99943
摘要： Lightweight LDAP Access Control for authorization and personalization integrates with a directory service for defining sessions for users and groups without requiring read access or modification to directory schemas. In one exemplary illustrative non-limiting implementation, authorization/personalization data is stored in a private data store outside of the LDAP directory (e.g., on a management or other server). When a user attempts to log on to the computer system, the LDAP directory is queried for a list of associated groups and/or organizational units in the normal way. To compute a resulting set of authorization/personalization rules applicable to the user, an entity (e.g., the management or other server) traverses the organizational hierarchy of the directory groups/OU's, overriding the inherited attributes with explicitly associated ones. Integration with existing user/group/organization unit infrastructures is provided while avoiding the need to deploy additional user/group databases. In one example arrangement, an LDAP directory is queried for the list of groups and OUs during user logon. There is no need to replicate user/group directory data in a private data store of the Management Server. This improves performance and eliminates the need to synchronize data between the directory and the private data store of the Management Server. To compute the resulting set of authorization/personalization rules applicable to a user, the Management Server traverses the organizational hierarchy of directory groups/OUs, overriding the inherited attributes with the explicitly mapped ones. This minimizes the amount of administrative work for restricting access to protected resources for individuals. In many cases, users will simply inherit authorization/personalization data from the group/OUs they are members of.
摘要翻译：用于授权和个性化的轻量级LDAP访问控制与目录服务集成，用于定义用户和组的会话，而不需要对目录模式进行读取或修改。在一个示例性说明性的非限制性实现中，授权/个性化数据被存储在LDAP目录之外的专用数据存储器中（例如，在管理服务器或其他服务器上）。当用户尝试登录到计算机系统时，将以正常方式查询LDAP目录以查找关联组和/或组织单元的列表。为了计算适用于用户的最终的授权/个性化规则集，实体（例如，管理或其他服务器）遍历目录组/ OU的组织层次结构，用显式关联的属性覆盖继承的属性。提供与现有用户/组/组织单位基础架构的集成，同时避免部署其他用户/组数据库的需要。在一个示例安排中，在用户登录期间，查询LDAP目录以查看组和OU的列表。无需在管理服务器的私有数据存储中复制用户/组目录数据。这提高了性能，并且消除了在目录和管理服务器的专用数据存储之间同步数据的需要。要计算适用于用户的生成的授权/个性化规则集，管理服务器遍历目录组/ OU的组织层次结构，使用显式映射的属性覆盖继承的属性。这最大限度地减少了限制个人获得受保护资源的行政工作量。在许多情况下，用户将只是从他们所属的组/ OU继承授权/个性化数据。

2. 发明授权

US06983315B1 Applet embedded cross-platform caching 失效
公开(公告)号：US06983315B1
公开(公告)日：2006-01-03
申请号：US09484455
申请日：2000-01-18
申请人： Craig Crutcher
发明人： Craig Crutcher
IPC分类号： G06F13/00
CPC分类号： H04L67/02 , H04L67/28 , H04L67/2842 , H04L67/34
摘要： An applet is used to deliver a persistent caching mechanism. An initial package of the applet incorporates a lightweight caching mechanism into its root set of classes. The remainder of the applet are divided into functional modules that can be subsequently downloaded as needed. The initial applet and caching mechanism is packaged and signed in a package using tools and procedures native to each platform; and each functional module is packaged and signed in a generic, platform-independent fashion for verification and loading by any of the various platform-dependent initial applet packages. In this way, the same functional module portions of the applet (which may comprise the bulk of the applet) are cached and loaded in a platform-independent manner without requiring or relying on any caching mechanism built into a platform such as a web browser or other applet execution environment.

3. 发明申请

US20040268152A1 Computer-based dynamic secure non-cached delivery of security credentials such as digitally signed certificates or keys 有权
标题翻译：基于计算机的动态安全非缓存交付安全凭证，如数字签名的证书或密钥
公开(公告)号：US20040268152A1
公开(公告)日：2004-12-30
申请号：US10875606
申请日：2004-06-25
申请人： WRQ, Inc.
发明人： Sharon Xia , Eduardo Munoz , Dan Brombaugh
IPC分类号： H04L009/00
CPC分类号： H04L63/0281 , H04L63/0442 , H04L63/0823 , H04L63/12 , H04L63/126 , H04L63/166
摘要： The technology herein can be used to dynamically deploy secure credentials including but not limited to digital certificates in a secure manner to provide higher levels of security and control than in some other previous arrangements. In one exemplary non-limiting illustrative arrangement, a management server acts as a repository for a plurality of user certificates corresponding to a plurality of users. When a user wishes to access a remote computer such as a secure-enabled host requiring a secure credential, her computer sends a request message to the management server. The management server may perform its own validity checking (e.g., based on password protection, directory information including user authorization, or a variety of other techniques). Once the management server is satisfied that the requesting user is authorized to access the secure host or other remote computer, the management server sends the user the necessary secure credential in a manner that is on demand (in other words, at the time the client certificate or key pair is needed to complete the connection to another server and not before); is secure during transmission; and is provided in a manner which prevents the client from using the client certificate or key pair to commence a new session to the SSL or SSH hosts after the User's session with server A has ended. In one example arrangement, the user's computer does not persistently store the secure credential but rather maintains the secure credential in volatile memory such as for example random access memory or other memory that will be reliable erased (e.g., by overwriting with other information).
摘要翻译：本技术中的技术可用于以安全的方式动态部署安全凭证，包括但不限于数字证书，以提供比一些其他先前安排更高级别的安全性和控制性。在一个示例性的非限制性说明性布置中，管理服务器充当与多个用户对应的多个用户证书的存储库。当用户希望访问诸如需要安全凭证的安全启用主机的远程计算机时，她的计算机向管理服务器发送请求消息。管理服务器可以执行其自己的有效性检查（例如，基于密码保护，包括用户授权的目录信息或各种其他技术）。一旦管理服务器确信请求用户被授权访问安全主机或其他远程计算机，则管理服务器以按需的方式向用户发送必要的安全凭证（换句话说，当客户端证书或密钥对来完成与其他服务器的连接，而不是之前）; 在传输过程中是安全的; 并且以与在服务器A的用户会话结束之后防止客户端使用客户端证书或密钥对开始到SSL或SSH主机的新会话的方式提供。在一个示例性布置中，用户的计算机不会持续存储安全凭证，而是将安全凭证维护在易失性存储器中，例如随机存取存储器或将被可靠擦除的其他存储器（例如，通过用其它信息重写）。

4. 发明授权

US06895501B1 Method and apparatus for distributing, interpreting, and storing heterogeneous certificates in a homogenous public key infrastructure 失效
标题翻译：用于在均匀的公共密钥基础设施中分发，解释和存储异构证书的方法和装置
公开(公告)号：US06895501B1
公开(公告)日：2005-05-17
申请号：US09524272
申请日：2000-03-13
申请人： Joseph A. Salowey
发明人： Joseph A. Salowey
IPC分类号： H04L9/00 , H04L29/06
CPC分类号： H04L63/126
摘要： A connection is established between a server and a web browser having access to a first, trusted public key. The server downloads a digitally signed archive to the browser, the archive including a second public key. The browser verifies the digitally signed archive using the first public key, and stores the second public key in response to the verification. The browser then uses the stored second public key to authenticate the server and establish a secure connection with the server. The second public key and its chain of trust need not be known by the browser beforehand, and the archive may include program fragments that store the key in an area where the browser (or an applet running under the browser) can access and use it. The archive may also include a program fragment that performs certificate validation for the client—enabling the client to handle certificate types it does not know about. Advantages include allowing the archive to be transmitted over any insecure connection since it is integrity protected and authenticated; and allowing the client to make a direct connection to the server without having to access certificate stores on the platform.
摘要翻译：在服务器和具有访问第一可信公钥的web浏览器之间建立连接。服务器将数字签名的存档下载到浏览器，归档包括第二个公钥。浏览器使用第一公钥验证数字签名的归档，并且响应于验证存储第二公钥。然后，浏览器使用存储的第二个公钥来验证服务器，并建立与服务器的安全连接。第二个公共密钥及其信任链不需要由浏览器预先知道，并且归档可以包括将密钥存储在浏览器（或浏览器下运行的小程序）可以访问和使用的区域中的程序片段。存档还可以包括为客户机执行证书验证的程序片段，使得客户端能够处理它不知道的证书类型。优点包括允许通过任何不安全的连接传输存档，因为它是完整性保护和认证的; 并允许客户端直接连接到服务器，而无需访问平台上的证书存储。

5. 发明申请

US20060047772A1 Applet embedded cross-platform caching 有权
标题翻译： Applet嵌入式跨平台缓存
公开(公告)号：US20060047772A1
公开(公告)日：2006-03-02
申请号：US11183738
申请日：2005-07-19
申请人： Craig Crutcher
发明人： Craig Crutcher
IPC分类号： G06F15/167
CPC分类号： H04L67/02 , H04L67/28 , H04L67/2842 , H04L67/34
摘要： An applet is used to deliver a persistent caching mechanism. An initial package of the applet incorporates a lightweight caching mechanism into its root set of classes. The remainder of the applet are divided into functional modules that can be subsequently downloaded as needed. The initial applet and caching mechanism is packaged and signed in a package using tools and procedures native to each platform; and each functional module is packaged and signed in a generic, platform-independent fashion for verification and loading by any of the various platform-dependent initial applet packages. In this way, the same functional module portions of the applet (which may comprise the bulk of the applet) are cached and loaded in a platform-independent manner without requiring or relying on any caching mechanism built into a platform such as a web browser or other applet execution environment.
摘要翻译：一个小程序用于提供持久的缓存机制。小程序的初始包将一个轻量级的缓存机制结合到它的一组类中。小程序的其余部分分为功能模块，随后可以根据需要下载。初始的小程序和缓存机制使用每个平台原生的工具和过程进行打包和签名; 并且每个功能模块以通用，独立于平台的方式打包和签名，以便通过任何依赖平台的初始小程序包进行验证和加载。以这种方式，小程序（可以包括小程序的大部分）的相同的功能模块部分被缓存并以平台无关的方式加载，而不需要或依赖内置于平台中的任何缓存机制，诸如web浏览器或其他小程序执行环境。

6. 发明授权

US5845065A Network license compliance apparatus and method 失效
标题翻译：网络许可证合规装置和方法
公开(公告)号：US5845065A
公开(公告)日：1998-12-01
申请号：US340263
申请日：1994-11-15
申请人： Brian Conte , Christine Hui , Roger Key
发明人： Brian Conte , Christine Hui , Roger Key
IPC分类号： G06F1/00 , G06F21/00 , G06F11/00
CPC分类号： G06F21/105 , Y10S707/99945 , Y10S707/99948
摘要： A method and apparatus for controlling operation of remote networked devices, such as computers, in compliance with licensed restrictions is provided. In one embodiment, licenses are assigned to users in the order of application requests that are made. When a request is made and no licenses are available, an analysis is performed to determined whether licenses may be swapped in such a fashion so as to free up a license for the requested application. In another embodiment, whenever a new request is made, an analysis performed by considering the needs of users. Information needed to perform the analysis is stored in the database which is updated when a new program launch occurs.
摘要翻译：提供了一种用于根据许可限制来控制诸如计算机的远程联网设备的操作的方法和装置。在一个实施例中，许可证按照进行的应用请求的顺序分配给用户。当提出请求并且没有许可证可用时，执行分析以确定是否可以以这种方式交换许可证，以释放所请求的应用的许可证。在另一个实施例中，每当做出新的请求时，通过考虑用户的需要进行分析。执行分析所需的信息存储在数据库中，该数据库在新的程序启动发生时被更新。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式