公开(公告)号：US20090320107A1

公开(公告)日：2009-12-24

申请号：US12138409

申请日：2008-06-12

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： G06F7/04

CPC分类号： G06F21/31 ,  H04L63/083 ,  H04L63/20

摘要： A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account. Access is granted upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account. The method includes granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.

摘要翻译： 一种控制对应用的交互环境的访问的方法，包括接收与访问帐户有关的登录请求，每个登录请求包括要与访问帐户相关联的访问密码进行匹配的登录密码。 数据库包括至少一个帐户记录，其包括指示访问密码是临时密码还是永久密码的密码状态字段，以及指示管理员是否已将安全保留置于访问帐户上的安全保持字段。 当登录密码与访问密码匹配失败时，在收到登录请求后，访问被拒绝。 当登录密码与访问密码匹配时，访问被拒绝，密码状态字段表示访问密码是永久密码，安全保留字段表示访问帐户上有安全保护。 当登录密码与访问密码相匹配时，在接收到登录请求时，访问被授予，密码状态字段指示访问密码是永久密码，并且安全保持字段指示访问帐户没有安全保持。 该方法包括授权访问，其被限制为允许更改访问密码，并且当登录密码与访问密码匹配并且访问密码是临时密码时，在接收到登录请求时提示访问密码的改变。

公开(公告)号：US07340600B1

公开(公告)日：2008-03-04

申请号：US09483185

申请日：2000-01-14

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： H04L9/00 ,  G06F7/04 ,  G06F7/58 ,  G06F15/16

CPC分类号： H04L63/0823 ,  H04L9/3268 ,  H04L63/10 ,  H04L2209/56 ,  H04L2209/60

摘要： A public key authorization infrastructure includes a client program accessible by a user and an application program. A certificate authority issues a long-term certificate that binds a public key of the user to long-term identification information related to the user. A directory stores the issued long-term certificate and short-term authorization information related to the user. A credentials server issues a short-term certificate to the client. The short-term certificate binds the public key to the long-term identification information and to the short-term authorization information. The client presents the short-term certificate to the application program for authorization and demonstrates that the user has knowledge of a private key corresponding to the public key in the short-term certificate. The short-term certificate includes an expiration date, and is not subject to revocation.

摘要翻译： 公共密钥授权基础设施包括用户可访问的客户端程序和应用程序。 证书颁发机构颁发长期证书，将用户的公钥绑定到与用户相关的长期识别信息。 一个目录存储与用户相关的已颁发的长期证书和短期授权信息。 凭证服务器向客户端发出短期证书。 短期证书将公钥绑定到长期身份信息和短期授权信息。 客户端向应用程序提供短期证书以进行授权，并且证明用户具有与短期证书中的公钥对应的私钥的知识。 短期证书包括到期日，不得撤销。

公开(公告)号：US6157977A

公开(公告)日：2000-12-05

申请号：US198833

申请日：1998-11-24

申请人： Derek A Sherlock ,  Thomas V Spencer ,  Francisco Corella

发明人： Derek A Sherlock ,  Thomas V Spencer ,  Francisco Corella

IPC分类号： G06F12/08 ,  G06F13/36 ,  G06F13/00 ,  G06F12/00

CPC分类号： G06F12/0835 ,  G06F2212/306

摘要： A bus bridge is disclosed that provides an interface between two computer buses and guarantees the proper ordering of write operations mastered from one bus relative to read operations mastered from the other bus where the presence of write posting storage in the bus bridge could cause ordering violations. The bus bridge includes a first mechanism for counting the number of write operations that are received by the bus bridge and queued in the write posting storage. In addition, the bus bridge includes a second mechanism for counting the number of write operations completed on the second bus. A mechanism for measuring the age of data held in each cache line of a coherent cache is also included as part of the bus bridge. Finally, the bus bridge includes a mechanism for delaying the completion of a read operation from the cache until all writes that were accepted by the bus bridge on the first bus before the cache data was fetched have been completed on the second bus. This is determined by comparing the age of the data held in a cache line to be read with the difference between the number of write operations received by the bus bridge and the number of write operations that have completed on the second bus.

摘要翻译： 公开了一种总线桥，其提供两个计算机总线之间的接口，并且确保从一个总线相对于从另一个总线掌握的读取操作掌握的写入操作的正确排序，其中在总线桥中存在写入过帐存储可能导致排序违规。 总线桥包括第一机制，用于对由总线桥接收并在写过帐存储中排队的写入操作的数量进行计数。 此外，总线桥包括用于对在第二总线上完成的写入操作的数量进行计数的第二机制。 用于测量保持在相干高速缓存的每个高速缓存行中的数据的年龄的机制也被包括在总线桥的一部分中。 最后，总线桥包括用于延迟从高速缓存读取操作的完成的机制，直到在第二总线上已经完成在缓存数据被取出之前由第一总线上的总线桥接受的所有写入。 这通过将要读取的高速缓存行中保存的数据的年龄与总线桥接收到的写入操作的数量与在第二总线上完成的写入操作的数量之间的差进行比较来确定。

公开(公告)号：US20210004805A1

公开(公告)日：2021-01-07

申请号：US17025786

申请日：2020-09-18

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： G06Q20/40 ,  G06Q20/38

摘要： A method is provided for cryptographically authenticating a cardholder in an online transaction by sending an authentication request to the issuing bank that is intercepted by a service worker and handled within the cardholder's computing device. The service worker signs a description of the transaction with a private key or forwards the request to a bank app that authenticates the cardholder biometrically in addition to signing the transaction.

公开(公告)号：US08341200B2

公开(公告)日：2012-12-25

申请号：US12356350

申请日：2009-01-20

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： G06F17/30 ,  G08B23/00

CPC分类号： H04L67/06 ,  H04L63/08 ,  H04L67/02

摘要： A method of downloading a file from a Web application to a client computer equipped with a Web browser including: the Web browser sending an original request to download the file to a first front server, the original request being addressed to a URL comprising a hostname portion that is independent of the file, the first front server sending a redirection response to the original request, the response specifying a URL comprising a hostname portion that is dependent on the file, the Web browser sending a follow-up request to download the file to a second front server, the follow-up request being addressed to the URL specified in the redirection response, and the second front server downloading the requested file in response to the follow-up request.

摘要翻译： 一种从Web应用程序将文件下载到配备有Web浏览器的客户端计算机的方法，包括：Web浏览器发送原始请求以将文件下载到第一前台服务器，原始请求被寻址到包括主机名部分的URL 独立于文件，第一前端服务器向原始请求发送重定向响应，响应指定包含依赖于该文件的主机名部分的URL，Web浏览器发送下载该文件的后续请求 第二前端服务器，所述后续请求被发送到所述重定向响应中指定的URL，并且所述第二前端服务器响应于后续请求而下载所请求的文件。

公开(公告)号：US20090313261A1

公开(公告)日：2009-12-17

申请号：US12356350

申请日：2009-01-20

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： G06F17/30 ,  G06F15/16

CPC分类号： H04L67/06 ,  H04L63/08 ,  H04L67/02

摘要： A method of downloading a file from a Web application to a client computer equipped with a Web browser including: the Web browser sending an original request to download the file to a first front server, the original request being addressed to a URL comprising a hostname portion that is independent of the file, the first front server sending a redirection response to the original request, the response specifying a URL comprising a hostname portion that is dependent on the file, the Web browser sending a follow-up request to download the file to a second front server, the follow-up request being addressed to the URL specified in the redirection response, and the second front server downloading the requested file in response to the follow-up request.

摘要翻译： 一种从Web应用程序将文件下载到配备有Web浏览器的客户端计算机的方法，包括：Web浏览器发送原始请求以将文件下载到第一前台服务器，原始请求被寻址到包括主机名部分的URL 独立于文件，第一前端服务器向原始请求发送重定向响应，响应指定包含依赖于该文件的主机名部分的URL，Web浏览器发送下载该文件的后续请求 第二前端服务器，所述后续请求被发送到所述重定向响应中指定的URL，并且所述第二前端服务器响应于后续请求而下载所请求的文件。

公开(公告)号：US07010683B2

公开(公告)日：2006-03-07

申请号：US09759443

申请日：2001-01-13

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： H04L9/00 ,  H04K1/00 ,  G06F12/24

CPC分类号： H04L9/3239 ,  H04L9/002 ,  H04L9/006 ,  H04L9/3268 ,  H04L2209/805

摘要： A public key validation agent (PKVA) includes a registration authority which issues a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN). The registration authority maintains a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC. A credentials server issues a disposable public key validation certificate (disposable PKVC) on-line to the subject. The disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC. The credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database. The PKVA can be employed in a public key validation service to validate the public key of the subject before a private/public key pair of the subject is used for authentication purposes.

摘要翻译： 公共密钥验证代理（PKVA）包括注册机构，其将离开主体的第一个未签名的公共密钥验证证书（无签名PKVC）离线发送到将主体的公共密钥绑定到第一个公钥序列号（PKVN）的主体。 注册机构维护一个未签名PKVC的证书数据库，其中存储第一个无符号PKVC。 凭证服务器在线发布一次性公钥验证证书（一次性PKVC）。 一次性PKVC将主体的公钥从第一个无符号PKVC绑定到第一个无符号PKVC的第一个PKVN。 凭证服务器维护一个表，其中包含与存储在证书数据库中的有效未签名PKVC相对应的条目。 PKVA可以用于公开密钥验证服务中，以在主体的私钥/公钥对用于认证目的之前验证主题的公开密钥。

公开(公告)号：US06802002B1

公开(公告)日：2004-10-05

申请号：US09483189

申请日：2000-01-14

申请人： Francisco Corella

发明人： Francisco Corella

IPC分类号： H04L900

CPC分类号： G06F21/33 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/60

摘要： A structured digital certificate is adapted to be certified by a digital signature of a certificate authority in an unprotected form, a first protected form, and a second protected form of the digital certificate. The digital certificate includes a first type field of authorization information relevant to a first recipient and being readable in the unprotected form and the first protected form of the digital certificate, and a first cryptographic folder containing a second type field of authorization information relevant to a second recipient and being readable in the unprotected form and the second protected form of the digital certificate, but not readable in the first protected form of the digital certificate. The digital certificate is configured to permit the subject to convert the structured digital certificate from the unprotected form to at least one of the first protected form and the second protected form. The digital certificate is convertible into the first protected form to permit the first recipient to authorize the subject of the structured digital certificate, into the second protected form to permit the second recipient to authorize the subject of the structured digital certificate.

摘要翻译： 结构化数字证书适用于通过无保护形式的证书颁发机构的数字签名，第一保护形式和第二受保护形式的数字证书进行认证。 数字证书包括与第一接收者相关并且以未受保护的形式和数字证书的第一受保护形式可读的第一类型的授权信息字段，以及第一密码文件夹，其包含第二类型的与第二类型有关的授权信息字段 收件人并且在数字证书的未受保护的形式和第二受保护形式中可读取，但在数字证书的第一保护形式中不可读。 数字证书被配置为允许主体将结构化数字证书从未保护的形式转换为第一保护形式和第二保护形式中的至少一个。 数字证书可转换为第一个受保护的表单，以允许第一个接收方将结构化数字证书的主体授权到第二个受保护的表单中，以允许第二个接收方授权结构化数字证书的主题。