-
公开(公告)号:EP2643766A4
公开(公告)日:2017-08-09
申请号:EP11842889
申请日:2011-11-14
发明人: NOVAK MARK FISHEL , LEACH PAUL J , ZHU LIQIANG , MILLER PAUL J , HANGANU ALEXANDRU , ZENG YI , VIEGAS JEREMY DOMINIC , SHORT K MICHIKO
CPC分类号: H04L63/0884 , H04L9/3213 , H04L63/0807
摘要: A client can communicate with a middle tier, which can then, in turn, communicate with a back end tier to access information and resources on behalf of the client within the context of a system that can scale well. Each individual back end can establish a policy that defines which computing device can delegate to that back end. That policy can be enforced by a domain controller within the same administrative domain as the particular back end. When a middle tier requests to delegate to a back end, the domain controller to which that request was directed can either apply the policy, or, if the domain controller is in a different domain than the targeted back end, it can direct the middle tier to a domain controller in a different domain and can sign relevant information that the middle tier can utilize when communicating with that different domain controller.
摘要翻译: 客户端可以与中间层进行通信,中间层然后可以与后端层进行通信,以代表客户在可以很好扩展的系统环境中访问信息和资源。 每个单独的后端都可以建立一个策略,以定义哪个计算设备可以委托给该后端。 该策略可以由与特定后端相同的管理域内的域控制器强制执行。 当中间层请求委派到后端时,该请求所针对的域控制器可以应用该策略,或者,如果域控制器与目标后端位于不同的域中,则可以指引中间层 到不同域中的域控制器,并且可以签署中间层在与该不同域控制器通信时可以利用的相关信息。
-
2.发明公开BIOMETRIC CREDENTIAL VERIFICATION FRAMEWORK 审中-公开RAHMEN ZUR VERIFIZIERUNG BIOMETRISCHER BERECHTIGUNGEN
公开(公告)号:EP2033359A4
公开(公告)日:2017-05-31
申请号:EP07872535
申请日:2007-06-25
CPC分类号: G06F21/32 , G06F21/335 , G06Q20/40145 , H04L63/0428 , H04L63/067 , H04L63/0807 , H04L63/0823 , H04L63/083 , H04L63/0861 , H04L63/10 , H04L63/126
-
公开(公告)号:EP2238711A4
公开(公告)日:2016-11-16
申请号:EP08869537
申请日:2008-12-09
发明人: CROSS DAVID B , NOVAK MARK F , SHEKEL ODED YE , LEACH PAUL J , LUTHER ANDREAS , JONES THOMAS C
CPC分类号: H04L9/3213 , H04L9/3226 , H04L9/3263 , H04L63/0807
摘要: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.
-
公开(公告)号:EP1902539A4
公开(公告)日:2016-11-23
申请号:EP06800057
申请日:2006-07-12
发明人: JAGANATHAN KARTHIK , BALL JOSHUA , MEDVINSKY GENNADY , CRALL CHRISTOPHER J , CROSS DAVID B , ZHU LIQIANG , LEACH PAUL J
CPC分类号: H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
-
-
-
搜索结果
4 条记录 (耗时 0.009 秒)
