-
公开(公告)号:US07581248B2
公开(公告)日:2009-08-25
申请号:US10878855
申请日:2004-06-28
CPC分类号: H04L63/0823 , H04L29/06
摘要: A method, system and apparatus for federated identity brokering. In accordance with the present invention, a credential processing gateway can be disposed between one or more logical services and one or more service requesting clients in a computer communications network. Acting as a proxy and a trusted authority to the logical services, the credential processing gateway can map the credentials of the service requesting clients to the certification requirements of the logical services. In this way, the credential processing gateway can act as a federated identity broker in providing identity certification services for a multitude of different service requesting clients without requiring the logical services to include a pre-configuration for specifically processing the credentials of particular service requesting clients.
摘要翻译: 用于联合身份代理的方法,系统和装置。 根据本发明,可以在一个或多个逻辑服务与计算机通信网络中的一个或多个服务请求客户端之间设置凭证处理网关。 作为逻辑服务的代理和信任机构,凭证处理网关可以将请求客户端的服务的凭证映射到逻辑服务的认证要求。 以这种方式,证书处理网关可以充当联合身份代理,为多个不同服务请求客户端提供身份认证服务,而不需要逻辑服务包括特定处理特定服务请求客户端的凭证的预配置。
-
公开(公告)号:US20060004662A1
公开(公告)日:2006-01-05
申请号:US10881978
申请日:2004-06-30
申请人: Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
发明人: Anthony Nadalin , Bruce Rich , Xiaoyan Zhang
IPC分类号: H04L9/00
CPC分类号: H04L63/02 , H04L9/006 , H04L9/0825 , H04L9/3213 , H04L9/3247 , H04L9/3268 , H04L63/0807 , H04L63/0823 , H04L2209/76 , H04L2463/062
摘要: A client generates a session key and a delegation ticket containing information for a requested delegation operation. The client generates a first copy of the session key and encrypts it using a public key of a proxy. The client generates a second copy of the session key and encrypts it using a public key of a server. The client then puts the encrypted session keys and delegation ticket into a first message that is sent to the proxy. The proxy extracts and decrypts its copy of the session key from the first message. The proxy then encrypts a proof-of-delegation data item with the session key and places it and the delegation ticket along with the encrypted copy of the session key for the server into a second message, which is sent to the server. The server extracts and decrypts its copy of the session key from the second message and uses the session key to obtain the proof-of-delegation data. Authority is successfully delegated to the proxy only if the server can verify the proof-of-delegation data.
摘要翻译: 客户端生成会话密钥和包含所请求的委派操作的信息的委托票证。 客户端生成会话密钥的第一个副本,并使用代理的公钥对其进行加密。 客户端生成会话密钥的第二个副本,并使用服务器的公钥对其进行加密。 然后,客户端将加密的会话密钥和委派票证放入发送到代理的第一条消息中。 代理从第一条消息中提取并解密会话密钥的副本。 然后,代理使用会话密钥对代理证件数据项进行加密,并将其和委托凭证以及服务器的会话密钥的加密副本一起放入发送到服务器的第二个消息中。 服务器从第二个消息中提取和解密其会话密钥的副本,并使用会话密钥获取授权证明数据。 只有当服务器可以验证授权证明数据时,才将成功委托给代理。
-
公开(公告)号:US20050223412A1
公开(公告)日:2005-10-06
申请号:US10814090
申请日:2004-03-31
申请人: Anthony Nadalin , Ajamu Wesley
发明人: Anthony Nadalin , Ajamu Wesley
CPC分类号: H04L63/0428 , G06F21/6209 , H04L63/126
摘要: Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.
摘要翻译: 披露技术用于在分布式Web门户(或类似的聚合框架)内聚合内容的联合环境中实现上下文敏感的机密性,确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域,并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术,可以在跨域联合(不管路由路径)内安全地路由消息,从而确保机密信息不会暴露给无意的第三方,并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。
-
公开(公告)号:US08261330B2
公开(公告)日:2012-09-04
申请号:US12547081
申请日:2009-08-25
CPC分类号: H04L63/0823 , H04L29/06
摘要: A method, system and apparatus for federated identity brokering. In accordance with the present invention, a credential processing gateway can be disposed between one or more logical services and one or more service requesting clients in a computer communications network. Acting as a proxy and a trusted authority to the logical services, the credential processing gateway can map the credentials of the service requesting clients to the certification requirements of the logical services. In this way, the credential processing gateway can act as a federated identity broker in providing identity certification services for a multitude of different service requesting clients without requiring the logical services to include a pre-configuration for specifically processing the credentials of particular service requesting clients.
摘要翻译: 用于联合身份代理的方法,系统和装置。 根据本发明,可以在一个或多个逻辑服务与计算机通信网络中的一个或多个服务请求客户端之间设置凭证处理网关。 作为逻辑服务的代理和信任机构,凭证处理网关可以将请求客户端的服务的凭证映射到逻辑服务的认证要求。 以这种方式,证书处理网关可以充当联合身份代理,为多个不同服务请求客户端提供身份认证服务,而不需要逻辑服务包括特定处理特定服务请求客户端的凭证的预配置。
-
公开(公告)号:US20090313467A1
公开(公告)日:2009-12-17
申请号:US12547081
申请日:2009-08-25
CPC分类号: H04L63/0823 , H04L29/06
摘要: A method, system and apparatus for federated identity brokering. In accordance with the present invention, a credential processing gateway can be disposed between one or more logical services and one or more service requesting clients in a computer communications network. Acting as a proxy and a trusted authority to the logical services, the credential processing gateway can map the credentials of the service requesting clients to the certification requirements of the logical services. In this way, the credential processing gateway can act as a federated identity broker in providing identity certification services for a multitude of different service requesting clients without requiring the logical services to include a pre-configuration for specifically processing the credentials of particular service requesting clients.
摘要翻译: 用于联合身份代理的方法,系统和装置。 根据本发明,可以在一个或多个逻辑服务与计算机通信网络中的一个或多个服务请求客户端之间设置凭证处理网关。 作为逻辑服务的代理和信任机构,凭证处理网关可以将请求客户端的服务的凭证映射到逻辑服务的认证要求。 以这种方式,证书处理网关可以充当联合身份代理,为多个不同服务请求客户端提供身份认证服务,而不需要逻辑服务包括特定处理特定服务请求客户端的凭证的预配置。
-
公开(公告)号:US20080022409A1
公开(公告)日:2008-01-24
申请号:US11867291
申请日:2007-10-04
申请人: Maryann Hondo , Anthony Nadalin , Ajamu Wesley
发明人: Maryann Hondo , Anthony Nadalin , Ajamu Wesley
IPC分类号: G06F7/04
CPC分类号: H04L63/20 , H04L29/06 , H04L63/0478 , H04L63/104 , H04L67/322 , H04L69/329
摘要: A method, system, apparatus, or computer program product is presented for routing event messages between data processing systems based on privacy policies associated with the data processing systems and based on event policies associated with event types for the event messages. When a system attempts to publish an event message for a particular type of event or to subscribe to those event messages, an event policy is checked to determine whether the system may publish messages for that type of event or may subscribe to those messages. Moreover, if a publishing system publishes an event message that contains personally identifiable information for a user of a data processing system, and a subscribing system has subscribed to event messages having the same event type, then the privacy policies associated with the systems are compared to determine compatibility or incompatibility between the privacy policies before routing a message between the systems.
摘要翻译: 呈现方法,系统,装置或计算机程序产品,用于基于与数据处理系统相关联的隐私策略并且基于与事件消息的事件类型相关联的事件策略在数据处理系统之间路由事件消息。 当系统尝试为特定类型的事件发布事件消息或订阅这些事件消息时,将检查事件策略以确定系统是否可以为该类型的事件发布消息或者可以订阅这些消息。 此外,如果发布系统发布包含用于数据处理系统的用户的个人身份信息的事件消息,并且订阅系统已订阅具有相同事件类型的事件消息,则将与系统相关联的隐私策略与 在系统之间路由消息之前确定隐私策略之间的兼容性或不兼容性。
-
17.发明申请公开(公告)号:US20060230430A1
公开(公告)日:2006-10-12
申请号:US10907577
申请日:2005-04-06
IPC分类号: H04L9/00
CPC分类号: H04L63/102 , H04L63/08
摘要: A method, system and computer program product for implementing authorization policies for web services may include defining an authorization policy for access to a web service. The method, system and computer program product may also include attaching the authorization policy to a service definition for the web service.
摘要翻译: 用于实现web服务的授权策略的方法,系统和计算机程序产品可以包括定义用于访问web服务的授权策略。 方法,系统和计算机程序产品还可以包括将授权策略附加到web服务的服务定义。
-
18.发明授权System, apparatus and method for presentation and manipulation of personal information syntax objects 失效用于呈现和操纵个人信息语法对象的系统,装置和方法公开(公告)号:US07000108B1
公开(公告)日:2006-02-14
申请号:US09562162
申请日:2000-05-02
CPC分类号: G06F21/6236 , G06F9/451 , G06F21/604
摘要: A system, apparatus and method for processing Personal InFormation EXchange Syntax (PFX) objects in a data processing system is presented. The PFX object may be formatted, i.e. may maintain a syntax, as defined by PKCS (Public Key Cryptography Standard) standards, and in particular PKCS #12. A PFX object utility allows a user to view and edit the contents of data objects embedded within a PFX object via a graphical user interface. Graphical objects represent the data objects embedded within a PFX object. A user may drag and drop objects onto other objects within the PFX object, and the PFX object utility automatically performs the necessary operations.
摘要翻译: 提出了一种用于处理数据处理系统中个人InFormation EXchange语法(PFX)对象的系统,设备和方法。 PFX对象可以被格式化,即可以保持由PKCS(公共密钥加密标准)标准定义的语法,特别是PKCS#12。 PFX对象实用程序允许用户通过图形用户界面查看和编辑嵌入在PFX对象内的数据对象的内容。 图形对象表示嵌入在PFX对象中的数据对象。 用户可以将对象拖放到PFX对象中的其他对象上,PFX对象实用程序会自动执行必要的操作。
-
公开(公告)号:US20050114701A1
公开(公告)日:2005-05-26
申请号:US10719490
申请日:2003-11-21
申请人: Barry Atkins , David Melgar , Anthony Nadalin , Ajamu Wesley
发明人: Barry Atkins , David Melgar , Anthony Nadalin , Ajamu Wesley
CPC分类号: H04L63/08 , H04L9/3226 , H04L9/3247 , H04L2209/56 , H04L2209/60 , H04L2209/76
摘要: Techniques are disclosed for federating identity management within a distributed portal server, leveraging Web services techniques and a number of industry standards. Identities are managed across autonomous security domains which may be comprised of independent trust models, authentication services, and user enrollment services. The disclosed techniques enable integrating third-party Web services-based portlets, which rely on various potentially-different security mechanisms, within a common portal page.
摘要翻译: 披露了在分布式门户服务器内联合身份管理的技术,利用Web服务技术和许多行业标准。 身份在跨独立的安全域管理,可以由独立的信任模型,认证服务和用户注册服务组成。 所公开的技术使得能够在通用门户页面内集成依赖各种潜在不同的安全机制的第三方基于Web服务的portlet。
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.03 秒)
