专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07185359B2 Authentication and authorization across autonomous network systems 有权
标题翻译：跨自治网络系统的认证和授权
公开(公告)号：US07185359B2
公开(公告)日：2007-02-27
申请号：US10029426
申请日：2001-12-21
申请人： Donald E. Schmidt , Clifford P. Van Dyke , Paul J. Leach , Praerit Garg , Murli D. Satagopan
发明人： Donald E. Schmidt , Clifford P. Van Dyke , Paul J. Leach , Praerit Garg , Murli D. Satagopan
IPC分类号： G06F7/04 , G06F17/30 , H04L9/32
CPC分类号： H04L63/0815 , H04L63/083
摘要： An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
摘要翻译：企业网络架构具有建立在两个自主网络系统之间的信任链路，能够实现两个网络系统的网络域之间的传递资源访问。信任链接由相应网络系统中的每一个维护的数据结构来定义。第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器，或者第一网络系统管理员指示是否信任个体命名空间。由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。第一网络系统从信任链路确定将认证请求传送到第二网络系统。当管理员管理组成员身份和访问控制列表时，第一个网络系统还从信任链接确定何处传达授权请求。

2. 发明授权

US07617522B2 Authentication and authorization across autonomous network systems 有权
标题翻译：跨自治网络系统的认证和授权
公开(公告)号：US07617522B2
公开(公告)日：2009-11-10
申请号：US11379998
申请日：2006-04-24
申请人： Donald E. Schmidt , Clifford P. Van Dyke , Paul J. Leach , Praerit Garg , Murli D. Satagopan
发明人： Donald E. Schmidt , Clifford P. Van Dyke , Paul J. Leach , Praerit Garg , Murli D. Satagopan
IPC分类号： G06F17/00 , H04K1/00
CPC分类号： H04L63/0815 , H04L63/083
摘要： An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
摘要翻译：企业网络架构具有建立在两个自主网络系统之间的信任链路，能够实现两个网络系统的网络域之间的传递资源访问。信任链接由相应网络系统中的每一个维护的数据结构来定义。第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器，或者第一网络系统管理员指示是否信任个体命名空间。由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。第一网络系统从信任链路确定将认证请求传送到第二网络系统。当管理员管理组成员身份和访问控制列表时，第一个网络系统还从信任链接确定何处传达授权请求。

3. 发明授权

US07568218B2 Selective cross-realm authentication 有权
标题翻译：选择性跨域认证
公开(公告)号：US07568218B2
公开(公告)日：2009-07-28
申请号：US10285175
申请日：2002-10-31
申请人： Praerit Garg , Cliff Van Dyke , Karthik Jaganathan , Mark Pustilnik , Donald E. Schmidt
发明人： Praerit Garg , Cliff Van Dyke , Karthik Jaganathan , Mark Pustilnik , Donald E. Schmidt
IPC分类号： H04L9/32
CPC分类号： H04L63/10 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/101
摘要： A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.
摘要翻译：选择性跨域认证器将标识符与来自在一个领域中认证的实体的请求相关联，以访问与第二领域相关联的资源。该标识符表示该实体在与所请求的资源相关联的领域以外的领域中被认证。与资源相关联的域控制器执行访问检查，以验证经过身份验证的用户是否被授权对请求的资源进行身份验证。与该资源相关联的权限可用于指定授予由与另一领域相关联的域控制器认证的实体的访问级别。

4. 发明授权

US08510818B2 Selective cross-realm authentication 有权
公开(公告)号：US08510818B2
公开(公告)日：2013-08-13
申请号：US12469245
申请日：2009-05-20
申请人： Praerit Garg , Cliff Van Dyke , Karthik Jaganathan , Mark Pustilnik , Donald E. Schmidt
发明人： Praerit Garg , Cliff Van Dyke , Karthik Jaganathan , Mark Pustilnik , Donald E. Schmidt
IPC分类号： H04L9/32
CPC分类号： H04L63/10 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/101
摘要： A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.

5. 发明申请

US20090228969A1 Selective Cross-Realm Authentication 有权
标题翻译：选择性跨域认证
公开(公告)号：US20090228969A1
公开(公告)日：2009-09-10
申请号：US12469245
申请日：2009-05-20
申请人： Praerit Garg , Cliff Van Dyke , Karthik Jaganathan , Mark Pustilnik , Donald E. Schmidt
发明人： Praerit Garg , Cliff Van Dyke , Karthik Jaganathan , Mark Pustilnik , Donald E. Schmidt
IPC分类号： H04L29/06 , G06F15/173
CPC分类号： H04L63/10 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/101
摘要： A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.
摘要翻译：选择性跨域认证器将标识符与来自在一个领域中认证的实体的请求相关联，以访问与第二领域相关联的资源。该标识符表示该实体在与所请求的资源相关联的领域以外的领域中被认证。与资源相关联的域控制器执行访问检查，以验证经过身份验证的用户是否被授权对请求的资源进行身份验证。与该资源相关联的权限可用于指定授予由与另一领域相关联的域控制器认证的实体的访问级别。

6. 发明授权

US07401235B2 Persistent authorization context based on external authentication 有权
标题翻译：基于外部认证的持久授权上下文
公开(公告)号：US07401235B2
公开(公告)日：2008-07-15
申请号：US10144059
申请日：2002-05-10
申请人： David R. Mowers , Daniel Doubrovkine , Roy Leban , Donald E. Schmidt , Ram Viswanathan , John E. Brezak , Richard B. Ward
发明人： David R. Mowers , Daniel Doubrovkine , Roy Leban , Donald E. Schmidt , Ram Viswanathan , John E. Brezak , Richard B. Ward
IPC分类号： G06F7/04 , G06F17/30 , G06F15/173 , G06K9/00 , H04L9/32
CPC分类号： G06F21/31 , G06F21/33 , G06F2221/2141
摘要： Methods and systems are provided to allow users that are authenticated by a trusted external service to gain controlled levels of access to selected local computing resources without requiring the user to also have conventional access control capabilities for the resources.
摘要翻译：提供了方法和系统，以允许由受信任的外部服务认证的用户获得对所选择的本地计算资源的受控级别的访问，而不需要用户也具有资源的常规访问控制能力。

7. 发明授权

US07748046B2 Security claim transformation with intermediate claims 有权
标题翻译：具有中级索赔的安全索赔变革
公开(公告)号：US07748046B2
公开(公告)日：2010-06-29
申请号：US11119236
申请日：2005-04-29
申请人： Ryan D. Johnson , Donald E. Schmidt , Jeffrey F. Spelman , Kahren Tevosyan , Vijayavani Nori
发明人： Ryan D. Johnson , Donald E. Schmidt , Jeffrey F. Spelman , Kahren Tevosyan , Vijayavani Nori
IPC分类号： G06F21/00
CPC分类号： H04L63/0815 , G06F21/33 , G06F21/6236 , H04L63/0807
摘要： Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider. A similar two step transformation process using intermediate claims can also be implemented by the resource provider to transform security claims provided by an identity provider from a federated format to formats recognized by the applications.
摘要翻译：针对在联合认证系统中使用中间格式转换安全声明的系统和方法。本文描述的系统和方法涉及使用中间格式在联合认证系统中转换安全权利要求。联合认证系统包括身份提供者和资源提供者。身份提供者接收来自资源提供者的信息的请求，以通过与资源提供者相关联的应用来认证帐户。与帐户存储相关联的安全声明被检索，其中帐户存储以特定于帐户存储的格式提供安全声明。安全声明从帐户商店特定格式转换为中间格式。然后将安全声明从中间格式转换为由资源提供者识别的联合格式。转换的安全声明在安全令牌中提供给资源提供者。使用中间权利要求的类似的两步转换过程也可以由资源提供者来实现，以将由身份提供者提供的安全声明从联合格式转换为应用程序识别的格式。

8. 发明授权

US07015307B2 Process for purifying glycopeptide phosphonate derivatives 有权
公开(公告)号：US07015307B2
公开(公告)日：2006-03-21
申请号：US10226676
申请日：2002-08-23
申请人： Donald E. Schmidt , Jeanmarie Donovan Sganga
发明人： Donald E. Schmidt , Jeanmarie Donovan Sganga
IPC分类号： A61K38/04
CPC分类号： C07K9/00 , C07K9/008
摘要： Disclosed are methods of purifying glycopeptides that are substituted with one or more substituents each comprising one or more phosphono groups that are useful as antibacterial agents. The methods include contacting a solution of the glycopeptide derivatives with a polystyrene-containing resin, eluting the resin with an aqueous solution, and isolating the purified glycopeptide derivative.

9. 发明授权

US08245051B2 Extensible account authentication system 有权
标题翻译：可扩展帐户认证系统
公开(公告)号：US08245051B2
公开(公告)日：2012-08-14
申请号：US11129711
申请日：2005-05-13
申请人： Ryan D. Johnson , Donald E. Schmidt , Jeffrey F. Spelman , Kahren Tevosyan , Vijayavani Nori
发明人： Ryan D. Johnson , Donald E. Schmidt , Jeffrey F. Spelman , Kahren Tevosyan , Vijayavani Nori
IPC分类号： H04L29/06
CPC分类号： H04L63/0815 , G06F21/335 , G06F21/604
摘要： Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation. Each custom claim transformation module is further configured to interact with the STS through at least one of the extensibility points. The STS may be configured to provide extensibility points for interacting with account stores that the STS does not explicitly recognize.
摘要翻译：系统和方法旨在通过配置具有用于添加新帐户存储和定制声明转换的扩展点的系统来增强联合身份验证系统的能力。联合认证系统包括帐户存储，安全令牌服务（STS）和自定义索赔变换模块。帐户存储被配置为维护与帐户相关联的数据，并以中间格式提供安全声明。 STS配置为检索由帐户存储提供的安全声明，并且包括用于将每个安全声明从中间格式转换为与资源提供者相关联的格式的内置转换。 STS进一步配置为为内置转换不可用的自定义索引转换提供可扩展点。自定义索赔转换模块被配置为执行至少一个自定义索赔转换。每个自定义权利要求转换模块还被配置为通过至少一个可扩展点与STS交互。 STS可以配置为提供与STS未明确识别的帐户存储交互的可扩展点。

10. 发明授权

US07698381B2 Methods and systems for controlling the scope of delegation of authentication credentials 有权
标题翻译：用于控制授权凭证授权范围的方法和系统
公开(公告)号：US07698381B2
公开(公告)日：2010-04-13
申请号：US09886146
申请日：2001-06-20
申请人： John E. Brezak , Richard B. Ward , Donald E. Schmidt
发明人： John E. Brezak , Richard B. Ward , Donald E. Schmidt
IPC分类号： G06F15/16
CPC分类号： H04L63/0807 , G06F21/31 , G06F21/33 , G06F2221/2115
摘要： Methods and systems are provided for controlling the scope of delegation of authentication credentials within a network environment. A server is configured to provide a trusted third-party with a ticket authenticating the server, information about a target service that a server seeks to access on behalf of the client, and a service ticket associated with the client. This service ticket may be provided by the client or may be a previously granted service ticket granted to the server for itself in the name of the client. The trusted third-party grants a new service ticket to access the target service to the server, in the client's name, if such delegation is permitted according to delegation constraints associated with the client.
摘要翻译：提供了方法和系统，用于控制网络环境中的认证凭证委派的范围。服务器被配置为向受信任的第三方提供认证服务器的票据，关于服务器寻求代表客户端访问的目标服务的信息以及与客户端相关联的服务票据。该服务票可以由客户提供，也可以是以客户名称授予给服务器的以前授予的服务票据。如果根据与客户端相关联的委托限制允许这种授权，则可信第三方将以客户端的名称授予新的服务票证以访问服务器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式