-
公开(公告)号:US20090217383A1
公开(公告)日:2009-08-27
申请号:US12037806
申请日:2008-02-26
CPC分类号: H04L63/20 , H04L9/3247 , H04L2209/68 , H04L2209/80
摘要: Well-defined messages may be transmitted from a sending device to a recipient device in order to reduce the processing and resource requirements imposed by the security semantics of general message standards. The well-defined messages may include an expression of a collective intent of the security semantics included in the message. The expression of the security semantics within the message simplifies the discovery process for devices processing the message. The well-defined message may also require that any intermediary devices that process the well-defined message as it is transmitted from the sender device to the receiver device follow the expressed collective intent of the security semantics. If an intermediary device cannot understand or adhere to the expressed intent, the well-defined message must be rejected.
摘要翻译: 良好定义的消息可以从发送设备发送到接收者设备,以便减少由一般消息标准的安全语义强加的处理和资源需求。 明确定义的消息可以包括消息中包括的安全语义的集体意图的表达。 消息内的安全语义表达简化了处理消息的设备的发现过程。 明确定义的消息还可能要求在从发送方设备发送到接收方设备时处理明确定义的消息的任何中间设备遵循安全性语义所表达的集体意图。 如果中介设备无法理解或遵守表达的意图,则明确的消息必须被拒绝。
-
公开(公告)号:US20090198761A1
公开(公告)日:2009-08-06
申请号:US12023998
申请日:2008-01-31
摘要: Communication of a compressed message over a communication channel between message processors. The compressed message may be expressed in terms of an expressed or implicit template identification, and values of one or more parameters. Based on the template identification, the meaning of the one or more parameters may be understood, whereas the meaning of the parameter(s) may not be understood without a knowledge of the template. The template provides semantic context for the one or more parameters. The transmitting message processor may have compressed the message using the identified template. Alternatively or in addition, the receiving message processor may decompress the message using the identified template. The template itself need not be part of the compressed message as transmitted.
摘要翻译: 通过消息处理器之间的通信信道通信压缩消息。 压缩消息可以用表达或隐含的模板标识和一个或多个参数的值表示。 基于模板识别,可以理解一个或多个参数的含义,而在不了解模板的情况下,参数的含义可能不被理解。 模板提供一个或多个参数的语义上下文。 发送消息处理器可以使用所标识的模板来压缩消息。 或者或另外,接收消息处理器可以使用所识别的模板解压缩消息。 模板本身不需要是传输的压缩消息的一部分。
-
公开(公告)号:US20080289020A1
公开(公告)日:2008-11-20
申请号:US11749020
申请日:2007-05-15
申请人: Kim Cameron , Arun K. Nanda
发明人: Kim Cameron , Arun K. Nanda
IPC分类号: H04L9/32
CPC分类号: H04L9/3231 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0861 , H04L2209/56 , H04L2209/60 , H04L2209/80
摘要: An identity system and method uses biometric representation(s) in identity tokens. When a principal requests access to a relying party, the relying party may request an identity token containing a first claim about the principal and a biometric representation of the principal. An identity provider may then create the identity token, including a digital signature. The relying party may receive the identity token through a first channel and decode it. The relying party may also receive and use biometric information about the principal received through a second channel to verify the validity of the first claim at least in part through comparison of the biometric representation to the biometric information.
摘要翻译: 身份系统和方法使用身份令牌中的生物特征表示。 当委托人请求访问依赖方时,依赖方可以请求包含关于主体的第一个声明的身份令牌和主体的生物特征表示。 身份提供者然后可以创建身份令牌,包括数字签名。 依赖方可以通过第一个通道接收身份令牌并对其进行解码。 依赖方还可以接收和使用通过第二信道接收到的主体的生物特征信息,至少部分地通过生物特征表示与生物特征信息的比较来验证第一权利要求的有效性。
-
公开(公告)号:US20080178271A1
公开(公告)日:2008-07-24
申请号:US11856617
申请日:2007-09-17
申请人: Vijay K Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
IPC分类号: G06F7/04
CPC分类号: G06F21/33 , H04L9/3213 , H04L63/08 , H04L63/102 , H04L2209/56 , H04L2209/80
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(“DIR”)的系统和方法使用各种技术和结构来简化管理,增加准确性并减少数字身份提供系统的不一致性。 使用公共标识数据存储来提供系统以用于DIR发行和身份令牌发行,从而减少同步问题。 提供了各种方法来创建新的DIR,通知可用DIR的主体,并批准发布新的DIR。
-
公开(公告)号:US20080086486A1
公开(公告)日:2008-04-10
申请号:US11538916
申请日:2006-10-05
IPC分类号: G06F7/00
CPC分类号: G06Q10/00
摘要: Shared Federation Metadata. A data structures may be implemented in a networked computing environment including federation. A federation includes two or more organizations coupled in a fashion such that authentication and authorization statements span the organizations in accordance with a pre-defined policy. A computer readable medium may include a data structure. The data structure includes fields including at least one or more grouping of metadata about a first federation or about an organization within the first federation. At least one of the one or more groupings of metadata about the first federation or about an organization within the first federation are included in the data structure by a reference to a block of federation metadata, the block of federation metadata is used for at least one other federation or organization.
摘要翻译: 共享联盟元数据。 数据结构可以在包括联合的联网计算环境中实现。 联合会包括两个或多个组织,以使得认证和授权语句根据预定义的策略跨越组织。 计算机可读介质可以包括数据结构。 数据结构包括包括关于第一联合的关于元数据的至少一个或多个分组或关于第一联合中的组织的字段。 关于第一联合或关于第一联盟内的组织的一个或多个元数据分组中的至少一个通过引用联合元数据块被包括在数据结构中,联合元数据块用于至少一个 其他联合会或组织。
-
公开(公告)号:US20080028215A1
公开(公告)日:2008-01-31
申请号:US11495826
申请日:2006-07-28
申请人: Arun K. Nanda , Ruchita Bhargava , Lucas R. Melton
发明人: Arun K. Nanda , Ruchita Bhargava , Lucas R. Melton
IPC分类号: H04L9/00
CPC分类号: H04L63/102 , G06F21/335
摘要: A user interacts with a client containing personal identity information operable to identify the user to a relying party when the relying party is presented with claims comprising a portion of the personal identity information. The personal identity information includes one or more claims, metadata associated with the one or more claims, and backing data associated with the one or more claims. The user may initiate use of another client and seek to be identified by the relying party while interacting with the other client by first porting the personal identity information to the other client. Porting the personal identity information includes binding the personal identity information and sending the bound personal identity information to a receiving client.
摘要翻译: 用户与包含个人身份信息的客户端进行交互,当信任方被呈现包含个人身份信息的一部分的权利要求时,可操作以将用户识别给依赖方。 个人身份信息包括一个或多个权利要求,与一个或多个权利要求相关联的元数据,以及与该一个或多个权利要求相关联的背景数据。 用户可以开始使用另一个客户端,并且通过首先将个人身份信息移植到另一个客户端来寻求由依赖方与另一客户端进行交互的同时识别。 移植个人身份信息包括绑定个人身份信息并将绑定的个人身份信息发送给接收客户端。
-
公开(公告)号:US5489552A
公开(公告)日:1996-02-06
申请号:US366529
申请日:1994-12-30
IPC分类号: C23C4/06 , C23C26/00 , H01L21/203 , H01L21/28 , H01L21/285 , H01L21/768 , H01L21/44 , H01L21/443
CPC分类号: H01L21/76838 , H01L21/28556
摘要: Tungsten plugs are formed in a manner which avoids the formation of unwanted tungsten volcanoes by depositing at least three and preferably five to seven layers of tungsten within a contact hole to form a layered plug. In particularly useful embodiments, the layers are deposited at alternating fast and slow rates of deposition.
摘要翻译: 通过在接触孔内沉积至少三个,优选五至七层的钨以形成分层塞,避免形成不需要的钨火山的钨塞。 在特别有用的实施方案中,以交替的快速和慢速沉积速率沉积这些层。
-
公开(公告)号:US09208332B2
公开(公告)日:2015-12-08
申请号:US12978451
申请日:2010-12-24
申请人: Paul Leach , David McPherson , Vishal Agarwal , Mark Fishel Novak , Ming Tang , Ramaswamy Ranganathan , Pranav Kukreja , Andrey Popov , Nir Ben Zvi , Arun K. Nanda
发明人: Paul Leach , David McPherson , Vishal Agarwal , Mark Fishel Novak , Ming Tang , Ramaswamy Ranganathan , Pranav Kukreja , Andrey Popov , Nir Ben Zvi , Arun K. Nanda
CPC分类号: G06F21/604 , G06Q10/06
摘要: Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled “Y”, etc.). Policies describe what can be done with a resource (e.g., “read-only,” “read/write,” “delete, if requestor is a member of the admin group,” etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted.
摘要翻译: 可以单独定义资源授权策略和资源作用域,从而将一组授权规则与这些规则适用的资源范围分离。 在一个示例中,资源包括可以在计算环境(例如,文件,设备等)中使用的任何内容。 范围描述一组资源(例如,文件夹X中的所有文件,标记为“Y”的所有文件等)。 策略描述了资源可以做什么(例如,“只读”,“读/写”,“删除,如果请求者是管理组的成员”等)。 当定义了范围和策略时,可以链接它们,从而指示策略适用于范围内的任何资源。 当对资源进行请求时,会根据与包含资源的范围相关联的所有策略来评估该请求。 如果策略中指定的条件适用,则可以授予请求。
-
公开(公告)号:US08973099B2
公开(公告)日:2015-03-03
申请号:US12815413
申请日:2010-06-15
申请人: Charles Ronald Reeves, Jr. , Oren J. Melzer , Michael Blair Jones , Ariel N. Gordon , Arun K. Nanda
发明人: Charles Ronald Reeves, Jr. , Oren J. Melzer , Michael Blair Jones , Ariel N. Gordon , Arun K. Nanda
CPC分类号: H04L63/08 , H04L63/0823 , H04L63/101 , H04L63/1483
摘要: Described is using a client-side account selector in a passive authentication protocol environment (such as OpenID) in which a relying party website trusts the authentication response from an identity provider website. The account selector may access and maintain historical information so as to provide user-specific identity provider selection options (rather than only general identity provider selection options). The account selector is invoked based upon an object tag in the page, e.g., as invoked by a browser extension associated with that particular object tag. The account selector may communicate with a reputation service to obtain reputation information corresponding to the identity providers, and vary its operation based upon the reputation information.
摘要翻译: 描述的是在被动认证协议环境(例如OpenID)中使用客户端帐户选择器,其中依赖方网站信任来自身份提供商网站的认证响应。 帐户选择器可以访问和维护历史信息,以便提供用户特定的身份提供者选择选项(而不仅仅是一般的身份提供者选择选项)。 基于页面中的对象标签来调用帐户选择器,例如由与该特定对象标签相关联的浏览器扩展调用的。 帐户选择器可以与信誉服务通信以获得与身份提供者相对应的信誉信息,并且基于信誉信息改变其操作。
-
公开(公告)号:US08087072B2
公开(公告)日:2011-12-27
申请号:US11856617
申请日:2007-09-17
申请人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L. S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L. S. Kwan , Rashmi Raj , Vijayavani Nori
CPC分类号: G06F21/33 , H04L9/3213 , H04L63/08 , H04L63/102 , H04L2209/56 , H04L2209/80
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(“DIR”)的系统和方法使用各种技术和结构来简化管理,增加准确性并减少数字身份提供系统的不一致性。 使用公共标识数据存储来提供系统以用于DIR发行和身份令牌发行,从而减少同步问题。 提供了各种方法来创建新的DIR,通知可用DIR的主体,并批准发布新的DIR。
-
-
-
-
-
-
-
-
-
搜索结果
78 条记录 (耗时 0.198 秒)
