-
11.发明授权Method and apparatus for Migrating from a source domain network controller to a target domain network controller 失效从源域网络控制器迁移到目标域网络控制器的方法和装置
公开(公告)号:US5708812A
公开(公告)日:1998-01-13
申请号:US588344
申请日:1996-01-18
CPC分类号: G06F8/00 , Y10S707/99939 , Y10S707/99953
摘要: A method and apparatus are described for facilitating the migration of accounts from a source domain to a target domain in a computer network without affecting the capability of users and services associated with the source domain to access source domain resources after the users' and services' accounts have been migrated to the target domain. Migrating source domain accounts is facilitated by a dual-identity Domain Controller having simultaneous access to replicating mechanisms of both the source domain and the target domain. When accounts are migrated to a directory service of objects for the target domain, the accounts are modified to include security information defining access rights of the migrated accounts within the target domain. Security information relating to an account's access rights in the source domain is preserved in the migrated account stored in the target domain directory service of objects databases.
摘要翻译: 描述了一种方法和装置,用于促进帐户从计算机网络中的源域迁移到目标域,而不影响用户和服务帐户之后的与源域相关联的用户和服务的访问源域资源的能力 已迁移到目标域。 双域身份域控制器可以同时访问源域和目标域的复制机制来促进迁移源域帐户。 当帐户迁移到目标域的对象的目录服务时,会修改帐户以包括定义目标域中已迁移帐户的访问权限的安全信息。 与存储在对象数据库的目标域目录服务中的迁移帐户中保留与源域中帐户访问权限相关的安全信息。
-
12.发明授权
公开(公告)号:US5968121A
公开(公告)日:1999-10-19
申请号:US910412
申请日:1997-08-13
申请人: Keith W. Logan , Pradyumna K. Misra , Paul J. Leach , Clifford P. Van Dyke , Dave D. Straube , Arnold S. Miller
发明人: Keith W. Logan , Pradyumna K. Misra , Paul J. Leach , Clifford P. Van Dyke , Dave D. Straube , Arnold S. Miller
CPC分类号: H04L29/12047 , H04L29/12009 , H04L41/0893 , H04L41/12 , H04L61/15 , H04L67/1002 , H04L67/1008 , H04L67/101 , H04L67/1021 , H04L67/16 , H04L67/18 , H04L41/0233 , H04L67/1095 , H04L69/329
摘要: A network directory and naming service include fields for identifying instances of network resources and other objects by both logical and topological grouping. This combination of information facilitates automated efficient decision making with regard to replication of resources and updating the replicas in response to changes. The combination of logical and topological identification for resources also facilitates selection of a close replica in instances where a client requests access to a resource, such as a server, for which communicatively local and remote instances exist.
摘要翻译: 网络目录和命名服务包括用于通过逻辑和拓扑分组来标识网络资源和其他对象的实例的字段。 信息的这种组合促进了关于资源的复制和响应于变化来更新副本的自动化的有效决策。 资源的逻辑和拓扑识别的组合还有助于在客户端请求访问诸如服务器的资源的实例中选择紧密副本,对于通信本地和远程实例存在的资源。
-
公开(公告)号:US5757920A
公开(公告)日:1998-05-26
申请号:US816386
申请日:1997-03-13
CPC分类号: H04L63/0823 , G06F21/33 , G06F21/6236 , G06Q20/3821 , H04L63/12 , H04L63/0428
摘要: Logon certificates are provided to support disconnected operation within the distributed system. Each logon certificate is a secure package holding credentials information sufficient to establish the identity and rights and privileges for a user/machine in a domain that is not their home domain. When a user/machine attempts to connect to the system at a domain other than the home domain of the user/machine, the user/machine presents a logon certificate that evidences his credentials. The domain where the user/machine attempts to connect to the system, decrypts and unseals the secure package as required to obtain the credentials information contained therein. If the user/machine has sufficient credentials, the user/machine is permitted to connect to the system. If the user/machine lacks sufficient credentials, the user/machine is not permitted to connect to the system.
摘要翻译: 提供登录证书以支持分布式系统中的断开连接操作。 每个登录证书都是一个安全的软件包,其中包含足够的证书信息,可以为不是其归属域的域中的用户/计算机建立身份和权限和权限。 当用户/机器尝试在除用户/机器的归属域之外的域连接到系统时,用户/机器呈现证明其凭证的登录证书。 用户/机器尝试连接到系统的域,根据需要解密和解密安全包,以获取其中包含的凭据信息。 如果用户/机器具有足够的凭证,则允许用户/机器连接到系统。 如果用户/机器缺少足够的凭证,则不允许用户/机器连接到系统。
-
公开(公告)号:US06230269B1
公开(公告)日:2001-05-08
申请号:US09036001
申请日:1998-03-04
IPC分类号: H04L932
CPC分类号: H04L9/302 , H04L9/3226 , H04L9/3236
摘要: An authentication system for a distributed network having multiple clients and a server enables a user to log on at any one of the clients with a password and receive his/her associated public/private key pair. The client computes a hash of the user ID to produce a first hash value H(ID) and a hash of the user ID concatenated with the user password P to produce a second hash value H(ID/P). The client constructs a message M containing the hash value H(ID), the hash value H(ID/P), and a randomly generated session key SK. The client encrypts the message M using the server's public key and sends the encrypted message to the server. The server decrypts the message using its private key to recover the message M. The server initially checks to see if the hash values are subject to a hostile cryptographic attack. If the check is negative, the server generates key source material S as a function of the hash value H(ID), the hash value H(ID/P), and a private value that is confidential to the server. The server encrypts the key source material S using the session key SK received in the message M and sends the encrypted key source material S to the client. The client decrypts the key source material using the session key SK to recover the key source material S. The client then constructs a public/private key pair unique to the user from the user ID, the user password, and the key source material S. More particularly, one implementation involves passing the hash value H(ID), the hash value H(ID/P), the raw password P, and the key source material S through a random number generator to produce two large, relatively prime numbers p and q which are used in an RSA public key system to generate a public/private key pair.
摘要翻译: 用于具有多个客户端和服务器的分布式网络的认证系统使得用户能够使用密码在任何一个客户端登录并接收他/她的相关联的公钥/私钥对。 客户端计算用户ID的散列,以产生与用户密码P连接的用户ID的第一哈希值H(ID)和哈希值,以产生第二哈希值H(ID / P)。 客户端构建包含散列值H(ID),散列值H(ID / P)和随机生成的会话密钥SK的消息M. 客户端使用服务器的公钥加密消息M,并将加密的消息发送到服务器。 服务器使用其私钥对消息进行解密以恢复消息M.服务器最初检查哈希值是否受到恶意加密攻击。 如果检查是否定的,则服务器根据哈希值H(ID),散列值H(ID / P)和对服务器保密的专用值产生密钥源材料S. 服务器使用在消息M中接收到的会话密钥SK来加密密钥源材料S,并将加密的密钥源材料S发送给客户端。 客户端使用会话密钥SK解密密钥源资料,以恢复密钥源材料S.然后,客户端从用户ID,用户密码和密钥源材料S构造用户所特有的公钥/私钥对。 更具体地,一个实现包括通过随机数发生器传递散列值H(ID),散列值H(ID / P),原始密码P和密钥源材料S以产生两个较大的相对素数p 和q,其用于RSA公钥系统中以生成公钥/私钥对。
-
公开(公告)号:US06189146B1
公开(公告)日:2001-02-13
申请号:US09040813
申请日:1998-03-18
IPC分类号: G06F1740
CPC分类号: G06Q30/06 , G06F21/105
摘要: A software licensing system includes a license generator located at a licensing clearinghouse and at least one license server and multiple clients located at a company or entity. When a company wants a software license, it sends a purchase request (and appropriate fee) to the licensing clearinghouse. The license generator at the clearinghouse creates a license pack containing a set of one or more individual software licenses. To prevent the license pack from being copied and installed on multiple license servers, the license generator assigns a unique license pack ID to the license pack and associates the license pack ID with the particular license server in a master license database kept at the licensing clearinghouse. The license generator digitally signs the license pack and encrypts it with the license server's public key. The license server is responsible for distributing the software licenses from the license pack to individual clients. When a client needs a license, the license server determines the client's operating system platform and grants the appropriate license. To prevent an issued license from being copied from one client machine to another, the software license is assigned to a specific client by including a client ID within the license. The software license also has a license ID that is associated with the client ID in a database record kept at the license server. The license server digitally signs the software license and encrypts it using the client's public key. The license is stored locally at the client.
摘要翻译: 软件许可系统包括位于许可证券交易所和至少一个许可证服务器和位于公司或实体的多个客户端的许可证生成器。 当公司想要软件许可证时,它会向许可证券交易所发送购买请求(和适当的费用)。 清算所的许可证生成器创建一个包含一个或多个单独软件许可证的许可证包。 为了防止许可证包复制并安装在多个许可证服务器上,许可证生成器将许可证包标识符分配给许可证包,并将许可证包ID与许可证券交易所中的主许可证数据库中的特定许可证服务器相关联。 许可证生成器对许可证包进行数字签名,并使用许可证服务器的公钥进行加密。 许可证服务器负责将许可证包中的软件许可证分发给个人客户端。 当客户端需要许可证时,许可证服务器确定客户端的操作系统平台并授予相应的许可证。 为了防止从一台客户端机器复制已授权的许可证,软件许可证通过在许可证中包含客户端ID分配给特定客户端。 软件许可证还具有与在许可证服务器上保存的数据库记录中的客户端ID相关联的许可证ID。 许可证服务器对软件许可证进行数字签名,并使用客户端的公钥对其进行加密。 许可证本地存储在客户端。
-
16.发明授权Method and apparatus for merging user accounts from a source security domain into a target security domain 失效将用户帐户从源安全域合并到目标安全域中的方法和装置
公开(公告)号:US5768519A
公开(公告)日:1998-06-16
申请号:US587275
申请日:1996-01-18
申请人: Michael M. Swift , Robert Reichel , Pradyumna K. Misra , Michael R.C. Seaman , James William Kelly
发明人: Michael M. Swift , Robert Reichel , Pradyumna K. Misra , Michael R.C. Seaman , James William Kelly
CPC分类号: H04L63/0823 , G06F21/6218 , H04L29/06 , H04L63/101 , H04W12/08 , Y10S707/99939
摘要: A method is provided, in accordance with the present invention, for merging a source domain into a target domain in a network. Merging domains comprises replacing a first account identification for each account associated with the source domain by a second account identification associated with the target domain. Next, in accordance with the present invention, for each account associated with the source domain, the first account identification is added to an account security data structure storing account identifications with which the account has previously been associated when associated with a former, merged domain.
摘要翻译: 根据本发明,提供一种用于将源域合并到网络中的目标域中的方法。 合并域包括通过与目标域相关联的第二帐户标识替换与源域相关联的每个帐户的第一帐户标识。 接下来,根据本发明,对于与源域相关联的每个帐户,将第一帐户标识添加到存储帐户标识的帐户安全数据结构中,该账户标识与前一个合并的域相关联时该帐户先前已经被关联。
-
公开(公告)号:US5761669A
公开(公告)日:1998-06-02
申请号:US534197
申请日:1995-09-26
CPC分类号: H04L29/06 , G06F21/604 , G06F21/6236 , H04L63/101 , H04L63/20 , G06F2221/2101 , G06F2221/2141 , G06F2221/2145 , Y10S707/959 , Y10S707/99944
摘要: A method and system for controlling access to entities on a network on which a plurality of servers are installed that use different operating systems. A request is entered by a user at a workstation on the network to set access permissions to an entity on the network in regard to a trustee. In response to the request, various application programming interfaces (APIs) are called to translate the generic request to set permissions on the entity into a format appropriate for the operating system that controls the entity. Assuming that the user has the appropriate rights to set access permissions to the entity as requested, and assuming that the trustee identified by the user is among those who can have rights set to the entity, the request made by the user is granted. Entities include both "containers" and "objects." Entities are either software, such as directories (containers) and files (objects), or hardware, such as printers (objects).
摘要翻译: 一种用于控制对其上安装有使用不同操作系统的多个服务器的网络上的实体的访问的方法和系统。 用户在网络上的工作站输入请求,以设置关于受信任者对网络上的实体的访问权限。 为响应该请求,调用各种应用程序编程接口(API)来转换通用请求以将该实体的权限设置为适用于控制该实体的操作系统的格式。 假设用户具有根据请求设置对实体的访问许可的适当权限,并且假设用户标识的受信者是可以具有设置到该实体的权限的用户,则授予用户的请求。 实体包括“容器”和“对象”。 实体是软件,如目录(容器)和文件(对象)或硬件,如打印机(对象)。
-
公开(公告)号:US07809648B2
公开(公告)日:2010-10-05
申请号:US11016641
申请日:2004-12-17
IPC分类号: G06F21/00
CPC分类号: G06Q30/06 , G06Q30/0633 , G06Q50/184
摘要: A software licensing system includes a license generator located at a licensing clearinghouse and at least one license server and multiple clients located at a company or entity. When a company wants a software license, it sends a purchase request (and appropriate fee) to the licensing clearinghouse. The license generator at the clearinghouse creates a license pack containing a set of one or more individual software licenses. The license generator digitally signs the license pack and encrypts it with the license server's public key. The license server is responsible for distributing the software licenses from the license pack to individual clients. When a client needs a license, the license server determines the client's operating system platform and grants the appropriate license. The license server digitally signs the software license and encrypts it using the client's public key. The license is stored locally at the client.
摘要翻译: 软件许可系统包括位于许可证券交易所和至少一个许可证服务器和位于公司或实体的多个客户端的许可证生成器。 当公司想要软件许可证时,它会向许可证券交易所发送购买请求(和适当的费用)。 清算所的许可证生成器创建一个包含一个或多个单独软件许可证的许可证包。 许可证生成器对许可证包进行数字签名,并使用许可证服务器的公钥进行加密。 许可证服务器负责将许可证包中的软件许可证分发给个人客户端。 当客户端需要许可证时,许可证服务器确定客户端的操作系统平台并授予相应的许可证。 许可证服务器对软件许可证进行数字签名,并使用客户端的公钥对其进行加密。 许可证本地存储在客户端。
-
公开(公告)号:US07171662B1
公开(公告)日:2007-01-30
申请号:US09724703
申请日:2000-11-28
CPC分类号: G06Q30/06 , G06Q30/0633 , G06Q50/184
摘要: A software licensing system includes a license generator located at a licensing clearinghouse and at least one license server and multiple clients located at a company or entity. When a company wants a software license, it sends a purchase request (and appropriate fee) to the licensing clearinghouse. The license generator at the clearinghouse creates a license pack containing a set of one or more individual software licenses. To prevent the license pack from being copied and installed on multiple license servers, the license generator assigns a unique license pack ID to the license pack and associates the license pack ID with the particular license server in a master license database kept at the licensing clearinghouse. The license generator digitally signs the license pack and encrypts it with the license server's public key. The license server is responsible for distributing the software licenses from the license pack to individual clients. When a client needs a license, the license server determines the client's operating system platform and grants the appropriate license. To prevent an issued license from being copied from one client machine to another, the software license is assigned to a specific client by including a client ID within the license. The software license also has a license ID that is associated with the client ID in a database record kept at the license server. The license server digitally signs the software license and encrypts it using the client's public key. The license is stored locally at the client.
摘要翻译: 软件许可系统包括位于许可证券交易所和至少一个许可证服务器和位于公司或实体的多个客户端的许可证生成器。 当公司想要软件许可证时,它会向许可证券交易所发送购买请求(和适当的费用)。 清算所的许可证生成器创建一个包含一个或多个单独软件许可证的许可证包。 为了防止许可证包复制并安装在多个许可证服务器上,许可证生成器将许可证包标识符分配给许可证包,并将许可证包ID与许可证券交易所中的主许可证数据库中的特定许可证服务器相关联。 许可证生成器对许可证包进行数字签名,并使用许可证服务器的公钥对其进行加密。 许可证服务器负责将许可证包中的软件许可证分发给个人客户端。 当客户端需要许可证时,许可证服务器确定客户端的操作系统平台并授予相应的许可证。 为了防止从一台客户端机器复制已授权的许可证,软件许可证通过在许可证中包含客户端ID分配给特定客户端。 软件许可证还具有与在许可证服务器上保存的数据库记录中的客户端ID相关联的许可证ID。 许可证服务器对软件许可证进行数字签名,并使用客户端的公钥对其进行加密。 许可证本地存储在客户端。
-
20.发明授权Method and system for providing certificates holding authentication and authorization information for users/machines 失效提供持有用户/机器的认证和授权信息的证书的方法和系统
公开(公告)号:US5999711A
公开(公告)日:1999-12-07
申请号:US277144
申请日:1994-07-18
CPC分类号: H04L63/0823 , G06F21/33 , G06F21/6236 , G06Q20/3821 , H04L63/12 , H04L63/0428
摘要: Logon certificates are provided to support disconnected operation within the distributed system. Each logon certificate is a secure package holding credentials information sufficient to establish the identity and rights and privileges for a user/machine in a domain that is not their home domain. When a user/machine attempts to connect to the system at a domain other than the home domain of the user/machine, the user/machine presents a logon certificate that evidences his credentials. The domain where the user/machine attempts to connect to the system, decrypts and unseals the secure package as required to obtain the credentials information contained therein. If the user/machine has sufficient credentials, the user/machine is permitted to connect to the system. If the user/machine lacks sufficient credentials, the user/machine is not permitted to connect to the system.
摘要翻译: 提供登录证书以支持分布式系统中的断开连接操作。 每个登录证书都是一个安全的软件包,其中包含足够的证书信息,可以为不是其归属域的域中的用户/计算机建立身份和权限和权限。 当用户/机器尝试在除用户/机器的归属域之外的域连接到系统时,用户/机器呈现证明其凭证的登录证书。 用户/机器尝试连接到系统的域,根据需要解密和解密安全包,以获取其中包含的凭据信息。 如果用户/机器具有足够的凭证,则允许用户/机器连接到系统。 如果用户/机器缺少足够的凭证,则不允许用户/机器连接到系统。
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.038 秒)
