公开(公告)号：US20090193508A1

公开(公告)日：2009-07-30

申请号：US12021559

申请日：2008-01-29

申请人： Robert J. Brenneman ,  Michael E. Browne ,  William J. Huie ,  Sarah J. Sheppard ,  Kyle M. Smith

发明人： Robert J. Brenneman ,  Michael E. Browne ,  William J. Huie ,  Sarah J. Sheppard ,  Kyle M. Smith

IPC分类号： H04L9/32

CPC分类号： H04L67/16 ,  G06Q20/367 ,  G06Q20/382 ,  H04L63/08 ,  H04L63/126

摘要： Using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers. The authentication server searches for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspects an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm. Once the authentication server determines a newly discovered realm to be trustworthy, the authentication server receives a directory schema from the newly discovered realm and compares the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema. The authentication server uses the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.

摘要翻译： 使用认证服务器来发现一个或多个附加认证服务器，并与一个或多个附加认证服务器动态建立信任关系。 认证服务器搜索一个或多个附加认证服务器以发现一个或多个认证令牌源，并且检查来自一个或多个附加认证服务器的传入认证请求，以确定该请求是否携带来自一个或多个认证令牌的一个或多个认证令牌 新发现的境界。 一旦认证服务器将新发现的领域确定为可信赖的，认证服务器从新发现的领域接收目录模式，并将接收到的目录模式与由认证服务器检索的已知目录模式进行比较，以识别所接收的目录模式 和已知的目录模式。 身份验证服务器使用交集来标识主键，并识别特定于认证服务器或新发现的领域的任何唯一信息。

公开(公告)号：US08220032B2

公开(公告)日：2012-07-10

申请号：US12021559

申请日：2008-01-29

申请人： Robert J. Brenneman ,  Michael E. Browne ,  William J. Huie ,  Sarah J. Sheppard ,  Kyle M. Smith

发明人： Robert J. Brenneman ,  Michael E. Browne ,  William J. Huie ,  Sarah J. Sheppard ,  Kyle M. Smith

IPC分类号： H04L29/06

CPC分类号： H04L67/16 ,  G06Q20/367 ,  G06Q20/382 ,  H04L63/08 ,  H04L63/126

摘要： Using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers. The authentication server searches for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspects an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm. Once the authentication server determines a newly discovered realm to be trustworthy, the authentication server receives a directory schema from the newly discovered realm and compares the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema. The authentication server uses the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.

摘要翻译： 使用认证服务器来发现一个或多个附加认证服务器，并与一个或多个附加认证服务器动态建立信任关系。 认证服务器搜索一个或多个附加认证服务器以发现一个或多个认证令牌来源，并且检查来自一个或多个附加认证服务器的传入认证请求，以确定该请求是否携带来自一个或多个认证令牌的一个或多个认证令牌 新发现的境界。 一旦认证服务器将新发现的领域确定为可信赖的，认证服务器从新发现的领域接收目录模式，并将接收到的目录模式与由认证服务器检索的已知目录模式进行比较，以识别所接收的目录模式 和已知的目录模式。 身份验证服务器使用交集来标识主键，并识别特定于认证服务器或新发现的领域的任何唯一信息。

公开(公告)号：US20090187962A1

公开(公告)日：2009-07-23

申请号：US12015587

申请日：2008-01-17

申请人： Robert J. Brenneman ,  Michael E. Browne ,  William J. Huie ,  Sarah J. Sheppard ,  Kyle M. Smith

发明人： Robert J. Brenneman ,  Michael E. Browne ,  William J. Huie ,  Sarah J. Sheppard ,  Kyle M. Smith

IPC分类号： G06F21/00 ,  H04L9/32 ,  G06F17/00

CPC分类号： G06F21/316

摘要： Embodiments of the invention include methods for providing policy-driven, adaptive, multi-factor authentication procedures. A pool of potential authentication challenges is defined. Each of the potential authentication challenges is assigned a category and a weighted difficulty level. One or more authentication challenges are selected from the pool of potential authentication challenges using one or more security policies that are based upon the assigned category and the assigned weighted difficulty level, wherein a quantity of authentication challenges is determined using the one or more security policies. One or more historical access patterns are utilized in conjunction with the selected one or more authentication challenges to authenticate a user, wherein the historical access patterns include at least one of an access time or an access location. One or more dummy challenges are used to authenticate the user.

摘要翻译： 本发明的实施例包括用于提供策略驱动的自适应多因素认证过程的方法。 定义了潜在的认证挑战池。 每个潜在的认证挑战都被分配一个类别和加权难度级别。 使用基于所分配的类别和分配的加权难度级别的一个或多个安全策略，从潜在的认证挑战池中选择一个或多个认证挑战，其中使用所述一个或多个安全策略来确定一定数量的认证挑战。 一个或多个历史访问模式与所选择的一个或多个认证挑战结合使用以认证用户，其中历史访问模式包括访问时间或访问位置中的至少一个。 使用一个或多个虚拟挑战来验证用户。