专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10225258B2 Anonymously sharing resources based on social network user data 有权
公开(公告)号：US10225258B2
公开(公告)日：2019-03-05
申请号：US15033128
申请日：2014-10-31
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION
发明人： Jan Camenisch , Guenter Karjoth , Gregory Neven , Franz-Stefan Preiss
IPC分类号： G06F7/04 , H04L29/06
摘要： A method for controlling access to a resource of an owner of the resource is provided. The owner can be a user of a resource computer system. The access control can be based on social network data of a social network system and/or on an owner token relating to the owner or a requester token relating to a requester requesting access to the resource and an access control policy. The owner token and the requester token can be received by the system to determine by the social networking system whether access to the resource is to be granted based on the content of the owner token and the requester token. A social network identity of the owner and a social network identity of the requester may only be determinable by the social network system.

2. 发明授权

US10164965B2 Distributed single sign-on 有权
公开(公告)号：US10164965B2
公开(公告)日：2018-12-25
申请号：US16007393
申请日：2018-06-13
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
IPC分类号： H04L29/06 , G06F21/41 , H04L9/32 , H04L9/30 , H04L9/08
摘要： Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

3. 发明授权

US09860237B2 Password-based authentication in server systems 有权
公开(公告)号：US09860237B2
公开(公告)日：2018-01-02
申请号：US14878933
申请日：2015-10-08
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Anja Lehmann , Gregory Neven
IPC分类号： H04L29/00 , H04L29/06 , H04L9/32
CPC分类号： H04L63/083 , H04L9/085 , H04L9/0891 , H04L9/3218 , H04L9/3221 , H04L9/3226 , H04L9/3239 , H04L63/061 , H04L63/0876 , H04L63/101
摘要： A system of λ≧2 servers is provided. The server system comprises an access control server for communication with user computers via a network and controlling access by the user computers to a resource in dependence on authentication of user passwords associated with respective user IDs, and a set of authentication servers for communication with the access control server via the network. In this system, at least each authentication server stores a respective key-share Ki of a secret key K which is shared between a plurality of the λ servers. The access control server is adapted, in response to receipt from a user computer of a user ID and an input password, to produce a hash value h via a first hash function operating on the input password. The access control server blinds the hash value h to produce a blinded hash value u, and sends the blinded hash value u via the network to at least a subset of the set of authentication servers. Each authentication server is adapted, in response to receipt of the blinded hash value u, to produce a hash response vi from the blinded hash value u and that server's key-share Ki, and to send the hash response vi via the network to the access control server. The access control server is further adapted to produce, using the hash response vi from each authentication server, an input password hash comprising a predetermined function of said hash value h and said secret key K. The access control server compares the input password hash with a corresponding user password hash, produced from the user password for the received user ID and pre-stored by the access control server, to determine whether the input password equals the user password, if so permitting access to the resource by the user computer.

4. 发明申请

US20170207912A1 DISTRIBUTED SINGLE SIGN-ON 有权
公开(公告)号：US20170207912A1
公开(公告)日：2017-07-20
申请号：US15475405
申请日：2017-03-31
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
IPC分类号： H04L9/08 , H04L29/06 , H04L9/30
CPC分类号： H04L9/085 , G06F21/41 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247 , H04L63/0815
摘要： Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≦n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≦t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≦t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

5. 发明授权

US09705872B2 Distributed single sign-on 有权
公开(公告)号：US09705872B2
公开(公告)日：2017-07-11
申请号：US14865287
申请日：2015-09-25
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
IPC分类号： H04L29/06 , H04L9/08 , H04L9/32 , G06F21/41
CPC分类号： H04L9/085 , G06F21/41 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247 , H04L63/0815
摘要： Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≦n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≦t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≦t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

6. 发明授权

US10833873B2 Credential-based authorization 有权
公开(公告)号：US10833873B2
公开(公告)日：2020-11-10
申请号：US16666539
申请日：2019-10-29
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Daniel Kovacs , Kai Samelin , Dieter M. Sommer
IPC分类号： H04L29/06 , H04L9/32 , H04L9/30 , H04L9/14
摘要： Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

7. 发明申请

US20180295123A1 DISTRIBUTED SINGLE SIGN-ON 审中-公开
公开(公告)号：US20180295123A1
公开(公告)日：2018-10-11
申请号：US16007393
申请日：2018-06-13
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
IPC分类号： H04L29/06 , G06F21/41 , H04L9/32 , H04L9/30 , H04L9/08
CPC分类号： H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要： Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

8. 发明申请

US20180295122A1 DISTRIBUTED SINGLE SIGN-ON 审中-公开
公开(公告)号：US20180295122A1
公开(公告)日：2018-10-11
申请号：US16007353
申请日：2018-06-13
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
IPC分类号： H04L29/06 , G06F21/41 , H04L9/32 , H04L9/30 , H04L9/08
CPC分类号： H04L63/0815 , G06F21/41 , H04L9/085 , H04L9/30 , H04L9/3213 , H04L9/3236 , H04L9/3247
摘要： Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

9. 发明授权

US10027477B2 Distributed single sign-on 有权
公开(公告)号：US10027477B2
公开(公告)日：2018-07-17
申请号：US15475405
申请日：2017-03-31
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Yossi Gilad , Anja Lehmann , Zoltan A. Nagy , Gregory Neven
IPC分类号： H04L9/08 , H04L9/30 , H04L29/06 , G06F21/41 , H04L9/32
摘要： Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

10. 发明授权

US09882890B2 Reissue of cryptographic credentials 有权
公开(公告)号：US09882890B2
公开(公告)日：2018-01-30
申请号：US15165277
申请日：2016-05-26
申请人： International Business Machines Corporation
发明人： Jan Camenisch , Anja Lehmann , Gregory Neven
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L63/0823 , H04L9/0897 , H04L9/3221 , H04L9/3234 , H04L9/3257 , H04L63/061 , H04L63/0807 , H04L2209/42
摘要： Effecting reissue in a data processing system of a cryptographic credential certifying a set of attributes, the credential being initially bound to a first secret key stored in a first processing device. A backup token is produced using the first device and comprises a commitment to said set of attributes and proof data permitting verification that the set of attributes in said commitment corresponds to the set of attributes certified by said credential. At a second processing device, a second secret key is stored and blinded to produce a blinded key. A credential template token produced from the backup token and the blinded key is sent to a credential issuer where said verification is performed using the proof data and the credential template token is used to provide a reissued credential, certifying said set of attributes, to the second device, the reissued credential being bound to the second secret key.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式