-
21.发明授权公开(公告)号:US08887250B2
公开(公告)日:2014-11-11
申请号:US12642657
申请日:2009-12-18
申请人: Sergey A. Kuzin , Olga B. Ivanova , Ashwin Palekar , Sriram Sampath , Arun K. Nanda , Lucas R. Melton
发明人: Sergey A. Kuzin , Olga B. Ivanova , Ashwin Palekar , Sriram Sampath , Arun K. Nanda , Lucas R. Melton
CPC分类号: H04L67/08 , H04L63/0815
摘要: Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure.
摘要翻译: 这里描述了用于扩展联合服务以访问桌面应用程序的技术。 除了上述之外,其他方面在形成本公开的一部分的权利要求,附图和文本中描述。
-
公开(公告)号:US08078880B2
公开(公告)日:2011-12-13
申请号:US11495826
申请日:2006-07-28
申请人: Arun K. Nanda , Ruchita Bhargava , Lucas R. Melton
发明人: Arun K. Nanda , Ruchita Bhargava , Lucas R. Melton
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , G06F21/335
摘要: A user interacts with a client containing personal identity information operable to identify the user to a relying party when the relying party is presented with claims comprising a portion of the personal identity information. The personal identity information includes one or more claims, metadata associated with the one or more claims, and backing data associated with the one or more claims. The user may initiate use of another client and seek to be identified by the relying party while interacting with the other client by first porting the personal identity information to the other client. Porting the personal identity information includes binding the personal identity information and sending the bound personal identity information to a receiving client.
摘要翻译: 用户与包含个人身份信息的客户端进行交互,当信任方被呈现包含个人身份信息的一部分的权利要求时,可操作以将用户识别给依赖方。 个人身份信息包括一个或多个权利要求,与一个或多个权利要求相关联的元数据,以及与该一个或多个权利要求相关联的背景数据。 用户可以开始使用另一个客户端,并且通过首先将个人身份信息移植到另一个客户端来寻求由依赖方与另一客户端进行交互的同时识别。 移植个人身份信息包括绑定个人身份信息并将绑定的个人身份信息发送给接收客户端。
-
公开(公告)号:US08078870B2
公开(公告)日:2011-12-13
申请号:US12465725
申请日:2009-05-14
申请人: Arun K. Nanda , Hervey Wilson
发明人: Arun K. Nanda , Hervey Wilson
IPC分类号: H04L9/32
CPC分类号: H04L63/08 , H04L63/0807 , H04L63/168
摘要: A system and method for authenticating an HTTP message. A relying party may respond to a request from a requester by sending an HTTP message with authentication specifications to the requester. The requester responds with a new request that adheres to a scheme specified by the relying party. A framework allows for a security token to be located in an HTTP header or a message body, with various options such as fragmenting the token available. An option allows for cryptographically binding the security token to the body of a message. An authentication framework provides for an implementation by an HTTP stack or by an application.
摘要翻译: 用于认证HTTP消息的系统和方法。 依赖方可以通过向请求者发送具有认证规范的HTTP消息来响应请求者的请求。 请求者响应一个遵守依赖方规定的方案的新请求。 框架允许将安全令牌位于HTTP头或消息体中,具有各种选项,如将可用令牌分段。 一个选项允许将安全令牌加密地绑定到消息正文。 认证框架提供了HTTP堆栈或应用程序的实现。
-
公开(公告)号:US07788499B2
公开(公告)日:2010-08-31
申请号:US11312920
申请日:2005-12-19
申请人: Kim Cameron , Arun K. Nanda
发明人: Kim Cameron , Arun K. Nanda
IPC分类号: G06F21/00
CPC分类号: G06F21/6263 , G06F21/33 , G06Q30/06 , H04L63/08 , H04L63/10
摘要: A system for providing a digital identity includes a claims transformer programmed to generate a security token including a computational token and a display token, the computational token including one or more claims associated with an identity of a principal, and the display token including display information about the claims in the computational token. The display information is configured to allow the principal to view the display token.
摘要翻译: 一种用于提供数字身份的系统包括被编程为生成包括计算令牌和显示令牌的安全令牌的声明变换器,所述计算令牌包括与主体的身份相关联的一个或多个权利要求,并且所述显示令牌包括关于 计算令牌中的声明。 显示信息被配置为允许主体查看显示令牌。
-
公开(公告)号:US07746250B2
公开(公告)日:2010-06-29
申请号:US12023998
申请日:2008-01-31
IPC分类号: H03M7/30
摘要: Communication of a compressed message over a communication channel between message processors. The compressed message may be expressed in terms of an expressed or implicit template identification, and values of one or more parameters. Based on the template identification, the meaning of the one or more parameters may be understood, whereas the meaning of the parameter(s) may not be understood without a knowledge of the template. The template provides semantic context for the one or more parameters. The transmitting message processor may have compressed the message using the identified template. Alternatively or in addition, the receiving message processor may decompress the message using the identified template. The template itself need not be part of the compressed message as transmitted.
摘要翻译: 通过消息处理器之间的通信信道通信压缩消息。 压缩消息可以用表达或隐含的模板标识和一个或多个参数的值表示。 基于模板识别,可以理解一个或多个参数的含义,而在不了解模板的情况下,参数的含义可能不被理解。 模板提供一个或多个参数的语义上下文。 发送消息处理器可以使用所标识的模板来压缩消息。 或者或另外,接收消息处理器可以使用所识别的模板解压缩消息。 模板本身不需要是传输的压缩消息的一部分。
-
公开(公告)号:US07676586B2
公开(公告)日:2010-03-09
申请号:US11538916
申请日:2006-10-05
IPC分类号: G06F7/00
CPC分类号: G06Q10/00
摘要: Shared Federation Metadata. A data structures may be implemented in a networked computing environment including federation. A federation includes two or more organizations coupled in a fashion such that authentication and authorization statements span the organizations in accordance with a pre-defined policy. A computer readable medium may include a data structure. The data structure includes fields including at least one or more grouping of metadata about a first federation or about an organization within the first federation. At least one of the one or more groupings of metadata about the first federation or about an organization within the first federation are included in the data structure by a reference to a block of federation metadata, the block of federation metadata is used for at least one other federation or organization.
摘要翻译: 共享联盟元数据。 数据结构可以在包括联合的联网计算环境中实现。 联合会包括两个或多个组织,以使得认证和授权语句根据预定义的策略跨越组织。 计算机可读介质可以包括数据结构。 数据结构包括包括关于第一联合的关于元数据的至少一个或多个分组或关于第一联合中的组织的字段。 关于第一联合或关于第一联盟内的组织的一个或多个元数据分组中的至少一个通过引用联合元数据块被包括在数据结构中,联合元数据块用于至少一个 其他联合会或组织。
-
27.发明申请公开(公告)号:US20090307744A1
公开(公告)日:2009-12-10
申请号:US12135570
申请日:2008-06-09
申请人: Arun K. Nanda , Matthew F. Steele , Danver W. Hartop , Sriram Vasudevan , Edward P. Johns , Colin H. Brace , Vijay K. Gajjala
发明人: Arun K. Nanda , Matthew F. Steele , Danver W. Hartop , Sriram Vasudevan , Edward P. Johns , Colin H. Brace , Vijay K. Gajjala
IPC分类号: G06F17/00
CPC分类号: H04L63/0807 , G06F21/335 , G06F2221/2101 , H04L63/20
摘要: A federated identity verification system includes an identity provider that provides security tokens ultimately to one or more relying parties for access by the client to services at a relying party. Specifically, the relying party can validate the security token from an identity provider (whether directly or via a client) when verifying that the received security token conforms to security configuration data previously exchanged with the identity provider. To establish the trust relationship, the identity provider and one or more relying parties exchange security configuration information through an agreed-to communication channel. The security configuration information indicates the settings that the other party needs to use for establishing, maintaining, and/or monitoring the trust relationship. The communication channel allows both parties to flexibly and continually synchronize changes to security configurations, and thus maintain, change, or end the trust relationship automatically, as desired.
摘要翻译: 联合身份验证系统包括身份提供者,该身份提供者最终向一个或多个依赖方提供安全令牌,以供客户端访问依赖方的服务。 具体来说,依赖方可以在验证接收到的安全令牌符合先前与身份提供者交换的安全配置数据时,从身份提供者(无论是直接访问还是通过客户端)验证安全令牌。 为了建立信任关系,身份提供商和一个或多个依赖方通过协商的通信渠道交换安全配置信息。 安全配置信息指示对方需要用于建立,维护和/或监视信任关系的设置。 通信通道允许双方灵活地并且连续地将改变同步到安全配置,从而根据需要自动维护,改变或结束信任关系。
-
公开(公告)号:US20090217383A1
公开(公告)日:2009-08-27
申请号:US12037806
申请日:2008-02-26
CPC分类号: H04L63/20 , H04L9/3247 , H04L2209/68 , H04L2209/80
摘要: Well-defined messages may be transmitted from a sending device to a recipient device in order to reduce the processing and resource requirements imposed by the security semantics of general message standards. The well-defined messages may include an expression of a collective intent of the security semantics included in the message. The expression of the security semantics within the message simplifies the discovery process for devices processing the message. The well-defined message may also require that any intermediary devices that process the well-defined message as it is transmitted from the sender device to the receiver device follow the expressed collective intent of the security semantics. If an intermediary device cannot understand or adhere to the expressed intent, the well-defined message must be rejected.
摘要翻译: 良好定义的消息可以从发送设备发送到接收者设备,以便减少由一般消息标准的安全语义强加的处理和资源需求。 明确定义的消息可以包括消息中包括的安全语义的集体意图的表达。 消息内的安全语义表达简化了处理消息的设备的发现过程。 明确定义的消息还可能要求在从发送方设备发送到接收方设备时处理明确定义的消息的任何中间设备遵循安全性语义所表达的集体意图。 如果中介设备无法理解或遵守表达的意图,则明确的消息必须被拒绝。
-
公开(公告)号:US20090198761A1
公开(公告)日:2009-08-06
申请号:US12023998
申请日:2008-01-31
摘要: Communication of a compressed message over a communication channel between message processors. The compressed message may be expressed in terms of an expressed or implicit template identification, and values of one or more parameters. Based on the template identification, the meaning of the one or more parameters may be understood, whereas the meaning of the parameter(s) may not be understood without a knowledge of the template. The template provides semantic context for the one or more parameters. The transmitting message processor may have compressed the message using the identified template. Alternatively or in addition, the receiving message processor may decompress the message using the identified template. The template itself need not be part of the compressed message as transmitted.
摘要翻译: 通过消息处理器之间的通信信道通信压缩消息。 压缩消息可以用表达或隐含的模板标识和一个或多个参数的值表示。 基于模板识别,可以理解一个或多个参数的含义,而在不了解模板的情况下,参数的含义可能不被理解。 模板提供一个或多个参数的语义上下文。 发送消息处理器可以使用所标识的模板来压缩消息。 或者或另外,接收消息处理器可以使用所识别的模板解压缩消息。 模板本身不需要是传输的压缩消息的一部分。
-
公开(公告)号:US20080289020A1
公开(公告)日:2008-11-20
申请号:US11749020
申请日:2007-05-15
申请人: Kim Cameron , Arun K. Nanda
发明人: Kim Cameron , Arun K. Nanda
IPC分类号: H04L9/32
CPC分类号: H04L9/3231 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0861 , H04L2209/56 , H04L2209/60 , H04L2209/80
摘要: An identity system and method uses biometric representation(s) in identity tokens. When a principal requests access to a relying party, the relying party may request an identity token containing a first claim about the principal and a biometric representation of the principal. An identity provider may then create the identity token, including a digital signature. The relying party may receive the identity token through a first channel and decode it. The relying party may also receive and use biometric information about the principal received through a second channel to verify the validity of the first claim at least in part through comparison of the biometric representation to the biometric information.
摘要翻译: 身份系统和方法使用身份令牌中的生物特征表示。 当委托人请求访问依赖方时,依赖方可以请求包含关于主体的第一个声明的身份令牌和主体的生物特征表示。 身份提供者然后可以创建身份令牌,包括数字签名。 依赖方可以通过第一个通道接收身份令牌并对其进行解码。 依赖方还可以接收和使用通过第二信道接收到的主体的生物特征信息,至少部分地通过生物特征表示与生物特征信息的比较来验证第一权利要求的有效性。
-
-
-
-
-
-
-
-
-
搜索结果
78 条记录 (耗时 0.033 秒)
