专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07032026B1 Method and apparatus to facilitate individual and global lockouts to network applications 有权
标题翻译：促进网络应用程序的个人和全局锁定的方法和装置
公开(公告)号：US07032026B1
公开(公告)日：2006-04-18
申请号：US10043800
申请日：2002-01-10
申请人： Kamalendu Biswas , Arun Swaminathan , Gaurav Bhatia
发明人： Kamalendu Biswas , Arun Swaminathan , Gaurav Bhatia
IPC分类号： G06F15/16
CPC分类号： H04L63/083 , H04L63/0876
摘要： One embodiment of the present invention provides a system that facilitates locking an adversary out of a network application. The system operates by receiving a request at a server, which includes an authentication credential, to access the network application. This authentication credential includes a user identifier associated with a user and an address of a user device. The system examines an audit log to determine if the user identifier has been locked out from the address of the user device. If so, the system denies access to the network application. Otherwise, the system checks the authentication credential for validity. If the authentication credential is valid, the system allows access to the network application. Otherwise, the system logs a failed attempt in the audit log and denies access to the network application. After a threshold number of failed attempts, the user identifier is locked out from the network address.
摘要翻译：本发明的一个实施例提供了一种便于将对手从网络应用中锁定的系统。该系统通过在包括认证证书的服务器处接收到访问网络应用的请求而进行操作。该认证凭证包括与用户相关联的用户标识符和用户设备的地址。系统检查审核日志以确定用户标识符是否已被从用户设备的地址锁定。如果是这样，系统将拒绝访问网络应用程序。否则，系统检查验证凭据的有效性。如果认证凭据有效，系统允许访问网络应用程序。否则，系统会在审核日志中记录失败的尝试，并拒绝对网络应用程序的访问。在尝试失败的阈值数之后，用户标识符被从网络地址中锁定。

2. 发明授权

US07340525B1 Method and apparatus for single sign-on in a wireless environment 有权
标题翻译：在无线环境中单点登录的方法和装置
公开(公告)号：US07340525B1
公开(公告)日：2008-03-04
申请号：US10351073
申请日：2003-01-24
申请人： Gaurav Bhatia , Kamalendu Biswas , Arun Swaminathan
发明人： Gaurav Bhatia , Kamalendu Biswas , Arun Swaminathan
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L2463/121 , H04W12/06 , H04W12/08
摘要： One embodiment of the present invention provides a system that facilitates single sign-on services in a wireless environment. The system operates by receiving a request at an application server from a wireless gateway to access a partner application on behalf of a user. The system then determines if the wireless gateway holds a token granting access to the partner application on behalf of the user. If the wireless gateway does not hold the token, the system redirects the request to a single sign-on server. The single sign-on server then requests user authentication credentials from the user through the wireless gateway. After receiving the user authentication credentials, the system determines if the user is authorized to access the partner application. If so, the single sign-on server issues a token to the wireless gateway. This token grants wireless gateway access to the partner application on behalf of the user.
摘要翻译：本发明的一个实施例提供一种促进无线环境中的单点登录服务的系统。该系统通过从应用服务器从无线网关接收请求以代表用户访问伙伴应用程序来操作。系统然后确定无线网关是否保存代表用户授予对伙伴应用程序的访问权限的令牌。如果无线网关不持有令牌，系统会将请求重定向到单点登录服务器。单点登录服务器然后通过无线网关从用户请求用户认证凭证。在收到用户认证凭据后，系统确定用户是否被授权访问合作伙伴应用程序。如果是这样，单点登录服务器向无线网关发出令牌。该令牌代表用户授予无线网关对合作伙伴应用程序的访问。

3. 发明授权

US07111323B1 Method and apparatus to facilitate a global timeout in a distributed computing environment 有权
标题翻译：促进分布式计算环境全局超时的方法和装置
公开(公告)号：US07111323B1
公开(公告)日：2006-09-19
申请号：US10072089
申请日：2002-02-08
申请人： Gaurav Bhatia , Kamalendu Biswas , Arun Swaminathan
发明人： Gaurav Bhatia , Kamalendu Biswas , Arun Swaminathan
IPC分类号： G06F7/04 , G06F7/58 , G06F7/00 , H04L9/00
CPC分类号： H04L63/0815 , H04L9/3234 , H04L9/3297 , H04L63/0846 , Y10S707/99939
摘要： One embodiment of the present invention provides a system to facilitate global timeout in a distributed computing environment. The system operates by receiving an access request from a user at an application within the distributed computing environment. The system determines if the distributed computing environment has issued an authentication to a user device through which the user accesses the application and also determines if the authentication has expired because of non-use for a specified period. This authentication is stored within a time-stamped token on the user-device. If the authentication has not been received or has expired, the system redirects the access request to a single sign-on server for the distributed computing environment requiring the user to reauthenticate with the distributed computing environment, otherwise the system grants the user access to the application.
摘要翻译：本发明的一个实施例提供了一种在分布式计算环境中促进全局超时的系统。该系统通过在分布式计算环境中的应用程序处接收来自用户的访问请求来操作。系统确定分布式计算环境是否已经向用户访问应用程序的用户设备发出验证，并且还确定鉴定是否由于在指定时间段内不被使用而过期。该认证存储在用户设备上的时间戳的令牌中。如果认证尚未被接收或已经过期，则系统将访问请求重定向到需要用户使用分布式计算环境重新认证的分布式计算环境的单一登录服务器，否则系统授予用户对应用程序的访问权限。

4. 发明授权

US07540020B1 Method and apparatus for facilitating single sign-on to applications 有权
标题翻译：促进单点登录到应用程序的方法和装置
公开(公告)号：US07540020B1
公开(公告)日：2009-05-26
申请号：US10370970
申请日：2003-02-19
申请人： Kamalendu Biswas , Arun Swaminathan , Gaurav Bhatia
发明人： Kamalendu Biswas , Arun Swaminathan , Gaurav Bhatia
IPC分类号： H04L21/00
CPC分类号： H04L63/0815
摘要： One embodiment of the present invention provides a system that performs single sign-on to web applications using dynamic directives. The system operates by first receiving a request at an application to provide content to a user. In response to the request, the application provides public content to the user. Upon receiving a request from the user to access private content, the application sends a dynamic directive to a web module that can access a single sign-on server on behalf of the application, wherein the dynamic directive specifies that an authentication credential is required from the user. Next, the application allows the web module to request the authentication credential from the single sign-on server on behalf of the application. When the authentication credential is received from the single sign-on server, the application provides the private content to the user.
摘要翻译：本发明的一个实施例提供一种使用动态指令对web应用执行单点登录的系统。该系统通过首先在应用程序处接收请求以向用户提供内容来操作。响应该请求，应用程序向用户提供公共内容。在接收到用户访问私有内容的请求之后，应用程序向可以代表应用访问单一登录服务器的web模块发送动态指令，其中动态指令指定需要从用户。接下来，应用程序允许Web模块代表应用程序从单点登录服务器请求验证凭证。当从单点登录服务器接收到认证凭证时，应用程序向用户提供专用内容。

5. 发明授权

US07174383B1 Method and apparatus to facilitate single sign-on services in a hosting environment 有权
标题翻译：在主机环境中促进单点登录服务的方法和装置
公开(公告)号：US07174383B1
公开(公告)日：2007-02-06
申请号：US10160524
申请日：2002-06-03
申请人： Kamalendu Biswas , Arun Swaminathan , Gaurav Bhatia
发明人： Kamalendu Biswas , Arun Swaminathan , Gaurav Bhatia
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L63/083
摘要： One embodiment of the present invention provides a system that facilitates single sign-on services in a hosting environment. The system operates by first receiving a request from a user to access a partner application at an application server. The system then determines if the user holds a token granting access to this partner application. If the user does not hold this token, the system redirects the request to a single sign-on server. This single sign-on server requests a user authentication credential from the user. Upon receiving the user authentication credential, including an entity identifier, the single sign-on server verifies if the user is authorized to access the partner application based on the entity identifier. If the user is authorized to access the partner application, the single sign-on server issues a token to the user, which grants the user access to the partner application.
摘要翻译：本发明的一个实施例提供一种促进托管环境中的单点登录服务的系统。该系统首先接收来自用户的访问应用服务器上的合作伙伴应用的请求。系统然后确定用户是否持有允许访问此合作伙伴应用程序的令牌。如果用户不持有此令牌，系统会将请求重定向到单一登录服务器。该单一登录服务器从用户请求用户认证凭证。在接收到包括实体标识符的用户认证凭证时，单点登录服务器根据实体标识符来验证用户是否被授权访问对方应用。如果用户被授权访问合作伙伴应用程序，则单一登录服务器向用户发出令牌，该用户授权用户访问合作伙伴应用程序。

6. 发明授权

US07913298B2 Method and apparatus for end-to-end identity propagation 有权
标题翻译：用于端对端身份传播的方法和装置
公开(公告)号：US07913298B2
公开(公告)日：2011-03-22
申请号：US11789746
申请日：2007-04-24
申请人： Gaurav Bhatia , Arun Swaminathan
发明人： Gaurav Bhatia , Arun Swaminathan
IPC分类号： H04L9/32
CPC分类号： G06F21/33 , G06F21/335 , G06F21/41 , H04L63/0815
摘要： One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.
摘要翻译：本发明的一个实施例提供一种便于端到端身份传播到不启用单点登录的后端层应用的系统。在操作期间，系统从中间层应用程序接收来自用户的请求，以从后端层应用程序访问私有数据。在收到此请求后，系统会将用户重定向到验证用户身份验证凭证的单一登录服务器。然后，中间层应用程序从单一登录服务器接收授权访问后端层应用程序的令牌。接下来，中间层应用程序使用令牌从后端层应用程序访问私有数据，然后将私有数据提供给用户。

7. 发明申请

US20070199056A1 Method and apparatus for end-to-end identity propagation 有权
公开(公告)号：US20070199056A1
公开(公告)日：2007-08-23
申请号：US11789746
申请日：2007-04-24
申请人： Gaurav Bhatia , Arun Swaminathan
发明人： Gaurav Bhatia , Arun Swaminathan
IPC分类号： G06F17/30
CPC分类号： G06F21/33 , G06F21/335 , G06F21/41 , H04L63/0815
摘要： One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.

8. 发明申请

US20050039008A1 Method and apparatus for end-to-end identity propagation 有权
标题翻译：用于端对端身份传播的方法和装置
公开(公告)号：US20050039008A1
公开(公告)日：2005-02-17
申请号：US10682947
申请日：2003-10-09
申请人： Gaurav Bhatia , Arun Swaminathan
发明人： Gaurav Bhatia , Arun Swaminathan
IPC分类号： G06F21/00 , H04L9/00 , H04L29/06
CPC分类号： G06F21/33 , G06F21/335 , G06F21/41 , H04L63/0815
摘要： One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.
摘要翻译：本发明的一个实施例提供一种便于端到端身份传播到不启用单点登录的后端层应用的系统。在操作期间，系统从中间层应用程序接收来自用户的请求，以从后端层应用程序访问私有数据。在收到此请求后，系统会将用户重定向到验证用户身份验证凭证的单一登录服务器。然后，中间层应用程序从单一登录服务器接收授权访问后端层应用程序的令牌。接下来，中间层应用程序使用令牌从后端层应用程序访问私有数据，然后将私有数据提供给用户。

9. 发明授权

US08108939B2 Method and apparatus to facilitate security-enabled content caching 有权
标题翻译：促进安全性内容缓存的方法和装置
公开(公告)号：US08108939B2
公开(公告)日：2012-01-31
申请号：US10449202
申请日：2003-05-29
申请人： Gaurav Bhatia , Arun Swaminathan , Ajay Desai
发明人： Gaurav Bhatia , Arun Swaminathan , Ajay Desai
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/10 , G06F17/30902 , G06F21/6218 , G06F2221/2149 , H04L67/2852 , H04L69/329
摘要： One embodiment of the present invention provides a system that facilitates security-enabled content caching. The system operates by first receiving a request from a user at a cache server for restricted content, wherein the cache server stores content for an application server. Next, the system determines if the restricted content is located on the cache server. If so, the system determines if the user is authorized to access the restricted content. If the user is authorized to access the restricted content, the system provides the restricted content to the user from the cache server. Providing the restricted content from the cache server eliminates the time consuming operations involved in requesting and receiving the restricted content from the application server.
摘要翻译：本发明的一个实施例提供了一种促进安全性内容缓存的系统。该系统通过首先从用于受限内容的缓存服务器处的用户接收请求，其中高速缓存服务器存储用于应用服务器的内容。接下来，系统确定受限内容是否位于缓存服务器上。如果是这样，系统确定用户是否被授权访问受限制的内容。如果用户被授权访问受限内容，则系统从缓存服务器向用户提供受限制的内容。从缓存服务器提供受限制的内容消除了从应用服务器请求和接收受限内容所涉及的耗时的操作。

10. 发明授权

US07249375B2 Method and apparatus for end-to-end identity propagation 有权
标题翻译：用于端对端身份传播的方法和装置
公开(公告)号：US07249375B2
公开(公告)日：2007-07-24
申请号：US10682947
申请日：2003-10-09
申请人： Gaurav Bhatia , Arun Swaminathan
发明人： Gaurav Bhatia , Arun Swaminathan
IPC分类号： H04L9/32
CPC分类号： G06F21/33 , G06F21/335 , G06F21/41 , H04L63/0815
摘要： One embodiment of the present invention provides a system that facilitates end-to-end identity propagation to a backend-tier application that is not single sign-on enabled. During operation, the system receives request from a user at a middle-tier application to access private data from the backend-tier application. Upon receiving this request, the system redirects the user to a single sign-on server that verifies authentication credentials of the user. The middle-tier application then receives a token from the single sign-on server authorizing access to a backend-tier application. Next, the middle-tier application uses the token to access the private data from the backend-tier application, and then provides the private data to the user.
摘要翻译：本发明的一个实施例提供一种便于端到端身份传播到不启用单点登录的后端层应用的系统。在操作期间，系统从中间层应用程序接收来自用户的请求，以从后端层应用程序访问私有数据。在收到此请求后，系统会将用户重定向到验证用户身份验证凭证的单一登录服务器。然后，中间层应用程序从单一登录服务器接收授权访问后端层应用程序的令牌。接下来，中间层应用程序使用令牌从后端层应用程序访问私有数据，然后将私有数据提供给用户。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式