-
公开(公告)号:US20070016782A1
公开(公告)日:2007-01-18
申请号:US11181525
申请日:2005-07-14
申请人: Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
发明人: Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译: 在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。 例如,客户端可以在认证期间向服务器提供用户映射信息。 提示(例如,以TLS扩展机制的形式)可以用于发送客户端的域/用户名信息,以帮助服务器将用户的证书映射到帐户。 扩展机制提供客户端发送的映射数据的完整性和真实性。 用户提供关于在哪里找到正确的帐户或域控制器(指向或以其他方式维护正确的帐户)的提示。 根据证书中的提示和其他信息,用户被映射到一个帐户。 提示可以由用户在登录时提供。因此,证书被映射到身份以验证用户。 发送提示与证书信息一起执行绑定。 可以扩展现有协议以传达额外的映射信息(提示)来执行绑定。 定义了针对Kerberos的供应商特定扩展,以根据X.509证书和映射用户名提示获取授权数据。
-
公开(公告)号:US09270700B2
公开(公告)日:2016-02-23
申请号:US12486946
申请日:2009-06-18
CPC分类号: H04L63/20 , H04L63/0428 , H04L63/0853 , H04W12/02 , H04W12/08 , H04W76/10
摘要: Security protocols for mobile operator networks are described. In embodiments, mobile communication link is established between a mobile phone and a media content provider via a communication service provider with which the mobile phone is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement. The media content provider receives a security policy request from the mobile phone to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile phone for data communication security. The media content provider then communicates a security policy response to the mobile phone to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network.
摘要翻译: 描述了移动运营商网络的安全协议。 在实施例中,移动电话和媒体内容提供商之间通过移动电话与移动电话注册用于移动通信的通信服务提供商建立移动通信链路,并且经由通信服务提供商具有漫游的至少一个漫游节点网络 服务协议。 媒体内容提供商从移动电话接收安全策略请求,以建立用于数据通信安全性的媒体内容提供商和移动电话之间的移动通信链路的端到端安全性的安全策略。 媒体内容提供商然后向移动电话传送安全策略响应,以建立可适应于漫游节点网络的安全限制的移动通信链路的端到端安全性的安全策略。
-
公开(公告)号:US09195810B2
公开(公告)日:2015-11-24
申请号:US12979933
申请日:2010-12-28
申请人: Darko Kirovski , Benjamin Livshits , Gennady Medvinsky , Vijay Gajjala , Kenneth Ray , Jesper Lind
发明人: Darko Kirovski , Benjamin Livshits , Gennady Medvinsky , Vijay Gajjala , Kenneth Ray , Jesper Lind
CPC分类号: G06F21/125 , G06F2221/2115
摘要: Various embodiments are disclosed that relate to the automated identification of one or more computer program functions for potentially placing on a remote computing device in a split-computational computing environment. For example, one disclosed embodiment provides, on a computing device, a method of determining a factorable portion of code to locate remotely from other portions of the code of a program to hinder unauthorized use and/or distribution of the program. The method includes, on a computing device, receiving an input of a representation of the code of the program, performing analysis on the representation of the code, the analysis comprising one or more of static analysis and dynamic analysis, and based upon the analysis of the code, outputting a list of one or more functions determined from the analysis to be candidates for locating remotely.
摘要翻译: 公开了涉及自动识别一个或多个计算机程序功能以用于潜在地放置在分离计算计算环境中的远程计算设备上的各种实施例。 例如,一个公开的实施例在计算设备上提供了一种确定代码的有代数部分以从程序的代码的其他部分远程定位以阻止未经授权的使用和/或分发程序的方法。 该方法包括在计算设备上接收程序代码的表示的输入,对代码的表示执行分析,所述分析包括静态分析和动态分析中的一个或多个,并且基于对 该代码,输出从分析确定的一个或多个功能的列表,以作为远程定位的候选。
-
14.发明授权公开(公告)号:US09055107B2
公开(公告)日:2015-06-09
申请号:US11607720
申请日:2006-12-01
申请人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
发明人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
CPC分类号: H04L63/166 , G06F21/33 , G06F2221/2115 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L29/06965 , H04L63/0823 , H04L2209/38
摘要: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
摘要翻译: 在实体链中委托认证的方法依赖于在网关设备和用户之间记录TLS握手的至少一部分,其中用户需要访问期望的服务器。 然后,该方法依赖于在TLS握手的记录部分中重新验证加密证据,TLS握手被转发到(1)到需要访问的服务器,在这种情况下,服务器重新验证记录部分以确认认证 ,或者(2)到第三方实体,在这种情况下,第三方实体确认认证,并向网关服务器提供凭证,然后网关服务器使用凭证作为用户对服务器进行认证。
-
公开(公告)号:US20120191803A1
公开(公告)日:2012-07-26
申请号:US13013534
申请日:2011-01-25
IPC分类号: G06F15/16
CPC分类号: G06F21/125
摘要: Various embodiments are disclosed that relate to decommissioning factored code of a program on a computing device. For example, one disclosed embodiment provides a method of operating a computing device. The method includes executing a program on the computing device, and while executing the program, identifying a remote location of a factored function via a code map, sending a call to the factored function and receiving a return response. The method further comprises, upon occurrence of a decommissioning event, receiving a copy of the factored function; and updating the code map with a location of the copy of the factored function.
摘要翻译: 公开了与计算设备上的程序的退役因子代码有关的各种实施例。 例如,一个公开的实施例提供了一种操作计算设备的方法。 该方法包括在计算设备上执行程序,并且在执行程序的同时,通过代码映射来识别因子函数的远程位置,向因子函数发送呼叫并接收返回响应。 该方法还包括:在发生退役事件时,接收因子函数的副本; 并使用因子函数的副本的位置来更新代码映射。
-
公开(公告)号:US20120036075A1
公开(公告)日:2012-02-09
申请号:US12852803
申请日:2010-08-09
CPC分类号: G06Q20/16 , G06Q20/382 , G06Q30/06 , G06Q30/0613 , H04L9/3234 , H04L2209/56 , H04L2209/80 , H04W12/06
摘要: Identifying a mobile operator account associated with a user to apply charges incurred by the user at a mobile marketplace service. The mobile operator provides an account identifier for the account to a billing token service associated with the mobile marketplace service. The billing token service creates a billing token including the account identifier, and provides the billing token to the user. When subsequently ordering from the mobile marketplace service, the user sends order requests with the billing token to the mobile marketplace service. The mobile marketplace service extracts the account identifier from the billing token and provides the order requests and the extracted account identifier to a mobile operator billing service. The mobile operator billing service applies a charge to the mobile operator account identified by the account identifier. Based on a charge status from the mobile operator billing service (e.g., a successful or unsuccessful charge), the mobile marketplace service allows or denies access by the user to an item identified in the order request.
摘要翻译: 识别与用户相关联的移动运营商帐户,以应用用户在移动市场服务中招致的费用。 移动运营商向帐户提供与移动市场服务相关联的记帐令牌服务的帐户标识符。 记帐令牌服务创建包括帐户标识符的计费令牌,并向用户提供计费令牌。 当随后从移动市场服务订购时,用户将具有记帐令牌的订单请求发送到移动市场服务。 移动市场服务从记帐令牌中提取帐户标识符,并向移动运营商计费服务提供订单请求和提取的帐户标识符。 移动运营商计费服务向由帐户标识符标识的移动运营商帐户应用费用。 基于来自移动运营商记帐服务的收费状态(例如,成功或不成功的收费),移动营销服务允许或拒绝用户对订单请求中识别的项目的访问。
-
公开(公告)号:US20100151822A1
公开(公告)日:2010-06-17
申请号:US12486946
申请日:2009-06-18
CPC分类号: H04L63/20 , H04L63/0428 , H04L63/0853 , H04W12/02 , H04W12/08 , H04W76/10
摘要: Security protocols for mobile operator networks are described. In embodiments, mobile communication link is established between a mobile phone and a media content provider via a communication service provider with which the mobile phone is registered for mobile communications, and via at least one roaming node network with which the communication service provider has a roaming service agreement. The media content provider receives a security policy request from the mobile phone to establish a security policy for end-to-end security of the mobile communication link between the media content provider and the mobile phone for data communication security. The media content provider then communicates a security policy response to the mobile phone to establish the security policy for the end-to-end security of the mobile communication link that is adaptable to security restrictions of the roaming node network.
摘要翻译: 描述了移动运营商网络的安全协议。 在实施例中,移动电话和媒体内容提供商之间通过移动电话与移动电话注册用于移动通信的通信服务提供商建立移动通信链路,并且经由通信服务提供商具有漫游的至少一个漫游节点网络 服务协议。 媒体内容提供商从移动电话接收安全策略请求,以建立用于数据通信安全性的媒体内容提供商和移动电话之间的移动通信链路的端到端安全性的安全策略。 媒体内容提供商然后向移动电话传送安全策略响应,以建立可适应于漫游节点网络的安全限制的移动通信链路的端到端安全性的安全策略。
-
公开(公告)号:US08635635B2
公开(公告)日:2014-01-21
申请号:US13013567
申请日:2011-01-25
CPC分类号: G06F21/121 , G06F2221/2115
摘要: Embodiments are disclosed that relate to hindering unauthorized use or distribution of a middleware program contained within an application. One example embodiment provides a method for hindering unauthorized use or distribution of a middleware program contained within an application. The method comprises acquiring factored middleware code, the factored middleware code having a missing function residing on a remote computing device, and building an application around the factored middleware code such that the application is configured to call to the remote computing device for execution of the missing function during use. The application may be configured to send a call to the remote computing device for execution of the missing function during use.
摘要翻译: 公开了涉及阻止未经授权的使用或分发包含在应用程序内的中间件程序的实施例。 一个示例性实施例提供了一种阻止未授权使用或分发包含在应用程序内的中间件程序的方法。 该方法包括获取因子分解的中间件代码,具有驻留在远程计算设备上的缺失功能的因特网中间件代码,以及围绕因子中间件代码构建应用,使得应用被配置为调用远程计算设备来执行丢失的 使用时功能。 该应用可以被配置成在使用期间向远程计算设备发送呼叫以执行丢失的功能。
-
公开(公告)号:US20120167061A1
公开(公告)日:2012-06-28
申请号:US12979933
申请日:2010-12-28
申请人: Darko Kirovski , Benjamin Livshits , Gennady Medvinsky , Vijay Gajjala , Kenneth Ray , Jesper Lind
发明人: Darko Kirovski , Benjamin Livshits , Gennady Medvinsky , Vijay Gajjala , Kenneth Ray , Jesper Lind
IPC分类号: G06F9/44
CPC分类号: G06F21/125 , G06F2221/2115
摘要: Various embodiments are disclosed that relate to the automated identification of one or more computer program functions for potentially placing on a remote computing device in a split-computational computing environment. For example, one disclosed embodiment provides, on a computing device, a method of determining a factorable portion of code to locate remotely from other portions of the code of a program to hinder unauthorized use and/or distribution of the program. The method includes, on a computing device, receiving an input of a representation of the code of the program, performing analysis on the representation of the code, the analysis comprising one or more of static analysis and dynamic analysis, and based upon the analysis of the code, outputting a list of one or more functions determined from the analysis to be candidates for locating remotely.
摘要翻译: 公开了涉及自动识别一个或多个计算机程序功能以用于潜在地放置在分离计算计算环境中的远程计算设备上的各种实施例。 例如,一个公开的实施例在计算设备上提供了一种确定代码的有代数部分以从程序的代码的其他部分远程定位以阻止未经授权的使用和/或分发程序的方法。 该方法包括在计算设备上接收程序代码的表示的输入,对代码的表示执行分析,所述分析包括静态分析和动态分析中的一个或多个,并且基于对 该代码,输出从分析确定的一个或多个功能的列表,以作为远程定位的候选。
-
公开(公告)号:US20100153227A1
公开(公告)日:2010-06-17
申请号:US12489068
申请日:2009-06-22
申请人: Gennady Medvinsky , David EW Mercer , Thomas M. Chirichigno , Rahul Dhar , Cid Halloway , Andrew Jenks , Hugh A. Teegan
发明人: Gennady Medvinsky , David EW Mercer , Thomas M. Chirichigno , Rahul Dhar , Cid Halloway , Andrew Jenks , Hugh A. Teegan
CPC分类号: H04N7/17318 , G06Q20/123 , G06Q20/16 , G06Q30/04 , G06Q30/0601 , H04M15/00 , H04M15/68 , H04M2215/0196 , H04N21/2543 , H04N21/25816 , H04N21/41407 , H04N21/47202 , H04W4/24
摘要: Mobile phone billing for content payment is described. In embodiments, a media content provider receives a billing identifier that is associated with a mobile phone. The billing identifier is received from a communication service provider that authenticates the mobile phone for communications, and a network communication link is established between the mobile phone and the media content provider via the communication service provider. The media content provider receives a request from the mobile phone to purchase and download a media asset. The media content provider determines the billing identifier that is associated with the mobile phone for the purchase of the media asset, and communicates a charge for the media asset to the communication service provider that then bills a user associated with the mobile phone. The user that is associated with the mobile phone is billed for the media asset in a mobile phone service bill.
摘要翻译: 描述用于内容支付的移动电话计费。 在实施例中,媒体内容提供商接收与移动电话相关联的记帐标识符。 从通信服务提供商接收计费标识符,该通信服务提供商认证用于通信的移动电话,并且经由通信服务提供商在移动电话和媒体内容提供商之间建立网络通信链路。 媒体内容提供者接收来自移动电话的购买和下载媒体资产的请求。 媒体内容提供商确定与移动电话相关联的用于购买媒体资产的计费标识符,并且向通信服务提供商传送该媒体资产的费用,该通信服务提供商对与移动电话相关联的用户进行开票。 与移动电话相关联的用户在移动电话服务账单中为媒体资产计费。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.034 秒)
