专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07543147B2 Method, system, and storage medium for creating a proof of possession confirmation for inclusion into an attribute certificate 失效
标题翻译：方法，系统和存储介质，用于创建包含在属性证书中的拥有确认证明
公开(公告)号：US07543147B2
公开(公告)日：2009-06-02
申请号：US10975955
申请日：2004-10-28
申请人： Messaoud B. Benantar , Thomas L. Gindin , James W. Sweeny
发明人： Messaoud B. Benantar , Thomas L. Gindin , James W. Sweeny
IPC分类号： H04L9/00
CPC分类号： H04L63/0823 , G06F21/33 , H04L63/164
摘要： A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.
摘要翻译：一种用于创建属性确认的证明的方法，用于将属性证书颁发机构包含在属性证书中，该属性证书由终端用户使用。该方法包括响应于最终用户的请求，从属性认证机构接收与目标系统相对应的多个数据字段，终端用户的身份以及最终用户的身份证明。该方法还包括准备与属性证书的授权属性对应的数据结构，数据结构包括目标系统名称，最终用户的身份以及最终用户的密钥标识符。使用与目标系统相关联的私钥，该方法包括签署数据结构，从而得到拥有确认证明，并将属性认证机构的证明证明发送给属性证书。

2. 发明授权

US07143285B2 Password exposure elimination for digital signature coupling with a host identity 有权
公开(公告)号：US07143285B2
公开(公告)日：2006-11-28
申请号：US09862797
申请日：2001-05-22
申请人： Thomas L. Gindin , Messaoud Benantar , James W. Sweeny , John C. Dayka
发明人： Thomas L. Gindin , Messaoud Benantar , James W. Sweeny , John C. Dayka
IPC分类号： H04L9/00
CPC分类号： G06F21/33
摘要： A method for creating a proof of possession confirmation for inclusion by a certification authority into a digital certificate, the digital certificate for use by an end user, is disclosed. In an exemplary embodiment of the invention, the method includes receiving from the certification authority, in response to a certificate request by the end user, a plurality of data fields corresponding to a target host system, the end user, and a form of proof of identity possession by the end user. The content of the plurality of data fields is analyzed and the accuracy thereof is verified. If the plurality of data fields is verified as accurate, then a signed object is sent to the certification authority, the signed object comprising the proof of possession confirmation.

3. 发明授权

US07139911B2 Password exposure elimination for digital signature coupling with a host identity 有权
公开(公告)号：US07139911B2
公开(公告)日：2006-11-21
申请号：US09795203
申请日：2001-02-28
申请人： James W. Sweeny , Messaoud Benantar , John J. Petreshock , Thomas L. Gindin , John C. Dayka
发明人： James W. Sweeny , Messaoud Benantar , John J. Petreshock , Thomas L. Gindin , John C. Dayka
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： H04L9/3263
摘要： A method of certifying a host-identification mapping extension included in a digital certificate, the digital certificate issued and signed by a specific certification authority. In an exemplary embodiment of the invention, the method includes assigning a trust value for each certification authority included in a set of certification authorities. A digital certificate containing the host-identification mapping extension therein is received, with the host-identification mapping extension further containing a plurality of identification attributes therein. The plurality of identification attributes are evaluated, along with the trust value assigned to the specific certification authority issuing the digital certificate. A determination is then made, based upon the plurality of identification attributes and the trust value, as to whether the host-mapping extension is to be certified.

4. 发明授权

US06854056B1 Method and system for coupling an X.509 digital certificate with a host identity 有权
标题翻译：将X.509数字证书与主机标识相连接的方法和系统
公开(公告)号：US06854056B1
公开(公告)日：2005-02-08
申请号：US09667090
申请日：2000-09-21
申请人： Messaoud Benantar , Thomas L. Gindin , Ivan Milman
发明人： Messaoud Benantar , Thomas L. Gindin , Ivan Milman
IPC分类号： H04L9/32 , H04L9/00 , G06F11/30
CPC分类号： H04L9/3263 , H04L2209/60 , H04L2209/76
摘要： A method or system is presented for coupling identities through the use of digital certificates, thereby allowing a client to be authenticated for a variety of services without those services having to modify their existing methods of authentication. The client generates a request for a digital certificate containing its host identity for a targeted host and secret data associated with its host identity. The secret data has been encrypted using the public key of the certifying authority that receives the request for the digital certificate. The certifying authority decrypts the secret data using its private key and encrypts the secret data using the public key of the targeted host. The digital certificate is then generated and returned to the client. At some point in time, a host receives the certificate from the client and obtains the client's host identity from the certificate, i.e. the host identity uniquely identifies the client or the user of the client to the host. Encrypted secret data associated with the host identity, such as a password, is also retrieved from the digital certificate. The host decrypts the secret data with its private key, and the host then authenticates the client using the host identity and the decrypted secret data for various services. The digital certificate may be formatted according to the X.509 standard, and the host identity and secret information may be stored in an X.509 extension within the digital certificate.
摘要翻译：呈现一种通过使用数字证书来耦合身份的方法或系统，从而允许客户端针对各种服务进行身份验证，而不需要修改其现有认证方法的那些服务。客户端生成包含其目标主机的主机身份的数字证书的请求以及与其主机身份相关联的秘密数据。秘密数据已使用接收数字证书请求的认证机构的公钥加密。认证机构使用其私钥对秘密数据进行解密，并使用目标主机的公钥对秘密数据进行加密。然后生成数字证书并将其返回给客户端。在某个时间点，主机从客户端接收证书，并从证书中获取客户端的主机标识，即主机标识将主机的客户端或客户端的用户唯一标识。还从数字证书中检索与主机身份相关联的加密秘密数据，例如密码。主机使用其私钥对秘密数据进行解密，然后主机使用主机身份和解密的各种服务的秘密数据来验证客户端。数字证书可以根据X.509标准格式化，并且主机身份和秘密信息可以存储在数字证书中的X.509扩展中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式