-
41.发明申请Method and system for identity exchange and recognition for groups and group members 审中-公开群体和团体成员的身份交换和认同方法和系统公开(公告)号:US20050114447A1
公开(公告)日:2005-05-26
申请号:US10692530
申请日:2003-10-24
申请人: Kim Cameron , Don Hacherl
发明人: Kim Cameron , Don Hacherl
CPC分类号: G06F21/6245
摘要: A group certificate is used in a communication system to establish and recognize a group identity at a receiving system. Once a group identity is recognized, members of the group may be recognized based on membership certificates, or they may be recognized based on their own personal certificates separate from the group. In other words a member may be recognized based on trust by the recipient in the group or based on trust by the recipient in the member personally. Group identity information is created for inclusion in the group certificate. A group-signed group certificate is generated, and the certificate has as the group identity information, at least a first key, and a digital signature signed using a second key associated with the first key in the group certificate. The group-signed group certificate is sent to a receiving system to establish the group identity at the receiving system. A group-signed group membership certificate is sent to the receiving system to establish membership of the originator of the membership certificate in the group whose group identity is established at the receiving system. A security protocol is assigned to communications from group members based on the group identity information if the membership certificate is accepted. A security protocol is also assigned to communications from a group member based on a personal identity if a personal certificate is accepted.
摘要翻译: 在通信系统中使用组证书来在接收系统处建立和识别组身份。 一旦识别了组织身份,该组织的成员可以基于会员证书来识别,或者可以基于与该组别分开的他们自己的个人证书来识别。 换句话说,成员可以基于收件人在组中的信任或基于接收者在会员中的信任来识别。 创建组身份信息以包含在组证书中。 生成组签名的组证书,并且证书具有作为组身份信息,至少第一密钥和使用与组证书中的第一密钥相关联的第二密钥签名的数字签名。 组合签名的组证书被发送到接收系统,以在接收系统建立组身份。 组织签名的组成员证书被发送到接收系统,以建立在接收系统中建立组身份的组中的成员证书的发起方成员。 如果会员证书被接受,则基于组身份信息将安全协议分配给组成员的通信。 如果个人证书被接受,则安全协议也被分配给来自组成员的基于个人身份的通信。
-
公开(公告)号:US20050091495A1
公开(公告)日:2005-04-28
申请号:US10693172
申请日:2003-10-23
申请人: Kim Cameron , Arun Nanda , Don Hacherl , Murli Satagopan , Stuart Kwan , Colin Brace , Walter Smith , Melissa Dunn
发明人: Kim Cameron , Arun Nanda , Don Hacherl , Murli Satagopan , Stuart Kwan , Colin Brace , Walter Smith , Melissa Dunn
IPC分类号: G06F20060101 , G06F13/00 , G06F17/00 , G06F19/00 , G06F21/00 , G06K20060101 , H04L9/00 , H04L9/32 , H04L29/06
CPC分类号: H04L63/102 , G06F21/31 , G06F21/64 , H04L63/126
摘要: In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable. If the identity information is determined to be unreliable, an identity recognition number retrieved from the sender is compared to an identity recognition number generated by the recipient based on information in the received identity information document. If the identity recognition number is verified, the identity information is saved in the recognized identity information store.
摘要翻译: 根据各方面,本发明涉及用于发送身份信息文档的方法和系统,包括从自身身份信息存储中选择身份信息以包括在身份信息文档中。 所选择的身份信息从自身身份信息存储器读取。 生成身份信息文档以包括所选择的身份信息和一个或多个密钥,并且使用与包括在身份信息文档中的密钥之一相关联的密钥进行签名。 然后将身份信息文档发送给收件人。 接收身份信息文档包括从发起者接收签名的身份信息文档。 确定身份信息文档中的身份信息是否可靠。 如果身份信息被确定为可靠,则身份信息被保存在识别的身份信息存储器中。 如果身份信息被确定为不可靠,则根据接收到的身份信息文档中的信息,将从发送者检索到的身份识别号码与由接收者产生的身份识别号码进行比较。 如果身份识别号码被验证,身份信息被保存在识别的身份信息存储中。
-
公开(公告)号:US20050091290A1
公开(公告)日:2005-04-28
申请号:US10693175
申请日:2003-10-23
申请人: Kim Cameron , Don Hacherl
发明人: Kim Cameron , Don Hacherl
CPC分类号: G06F17/30575 , G06F17/30569 , Y10S707/922 , Y10S707/959 , Y10S707/99952
摘要: An identity system and method that stores identity information related to different principals and stores the identities on different or disparate systems such that the different systems can use the identities. A synchronization process synchronizes identity information and rules based on identity information between a primary computer system and a disparate secondary computer system. Accordingly, the secondary computer system has a representative database of identity information following receipt of the converted information, wherein the representative database is representative of a primary database of identity information stored on the primary computer system. In order to synchronize a conversion may take place. The conversion process may be performed by a dedicated process designed for the secondary system. Alternatively, the conversion is performed by a generalized process using mapping tables designed to convert identity information into multiple different formats.
摘要翻译: 存储与不同原则相关的身份信息并将身份存储在不同或不同的系统上的身份系统和方法,使得不同的系统可以使用身份。 同步过程基于主计算机系统和不同的次计算机系统之间的身份信息同步身份信息和规则。 因此,次级计算机系统在接收到转换的信息之后具有代表性身份信息的数据库,其中代表数据库代表存储在主计算机系统上的身份信息的主数据库。 为了同步转换可能会发生。 转换过程可以通过为辅助系统设计的专用过程来执行。 或者,通过广义过程使用被设计为将身份信息转换成多种不同格式的映射表来执行转换。
-
44.发明申请Dynamically generated schema representing multiple hierarchies of inter-object relationships 有权动态生成的模式,表示对象间关系的多个层次公开(公告)号:US20050071355A1
公开(公告)日:2005-03-31
申请号:US10967742
申请日:2004-10-18
申请人: Kim Cameron , Stewart MacLeod , George Robertson , James Booth , Luc Clement
发明人: Kim Cameron , Stewart MacLeod , George Robertson , James Booth , Luc Clement
CPC分类号: G06F17/30911 , Y10S707/956 , Y10S707/99931 , Y10S707/99932 , Y10S707/99933 , Y10S707/99934 , Y10S707/99935 , Y10S707/99943 , Y10S707/99944 , Y10S707/99945 , Y10S707/99947
摘要: Systems and methods for dynamically generating a schema representing multiple hierarchies of inter-object relationships are described. In one aspect, a polyarchical query language data structure includes first, second, and third data fields. The first data field is used to specify a particular schema for presenting or managing a plurality of objects in a data polyarchy based on values of attributes in the objects. The second data field is to indicate an attribute of interest. The third data field indicates how one or more objects that include the attribute of interest are to be presented or managed with respect to one or more participating dimensions of inter-object relationships based on the schema.
摘要翻译: 描述用于动态生成表示对象间关系的多个层次的模式的系统和方法。 在一个方面,多主体查询语言数据结构包括第一,第二和第三数据字段。 第一数据字段用于指定用于基于对象中的属性的值呈现或管理数据多边形中的多个对象的特定模式。 第二个数据字段表示感兴趣的属性。 第三数据字段指示如何相对于基于该模式的对象间关系的一个或多个参与维度呈现或管理包含感兴趣属性的一个或多个对象。
-
公开(公告)号:US20050044103A1
公开(公告)日:2005-02-24
申请号:US10952224
申请日:2004-09-28
申请人: Stewart MacLeod , James Booth , Kim Cameron , Jonathan Fischer , Max Benson , Felix Wong , Robert Thompson , Hilal Al-Hilali
发明人: Stewart MacLeod , James Booth , Kim Cameron , Jonathan Fischer , Max Benson , Felix Wong , Robert Thompson , Hilal Al-Hilali
CPC分类号: G06F17/30607 , Y10S707/99942 , Y10S707/99943 , Y10S707/99944 , Y10S707/99945
摘要: Systems and methods for extending a directory schema independent of schema modification are described. In one aspect, a directory schema data structure includes a flexible attribute data field. The flexible attribute data field identifies a complex data type. The complex data type is used to express one or more operational or data providing properties of a flexible attribute. The one or more operational or data providing properties are independent of the complex data type and independent of directory schema modification. The directory schema data structure also includes a flexible structural object content class to encapsulate the flexible attribute.
摘要翻译: 描述用于扩展独立于模式修改的目录架构的系统和方法。 在一个方面,目录模式数据结构包括灵活的属性数据字段。 灵活的属性数据字段标识复杂的数据类型。 复杂数据类型用于表示提供灵活属性的一个或多个操作或数据提供属性。 一个或多个操作或数据提供属性与复杂数据类型无关,而与目录模式修改无关。 目录模式数据结构还包括一个灵活的结构对象内容类来封装灵活的属性。
-
公开(公告)号:US20050027713A1
公开(公告)日:2005-02-03
申请号:US10632521
申请日:2003-08-01
申请人: Kim Cameron , Ahmad Abdel-Wahed , Matthias Leibmann , Kevin Miller , James Booth , Derek Murman , Max Benson , Felix Wong , Cezar Ungureanasu
发明人: Kim Cameron , Ahmad Abdel-Wahed , Matthias Leibmann , Kevin Miller , James Booth , Derek Murman , Max Benson , Felix Wong , Cezar Ungureanasu
CPC分类号: H04L63/083 , G06F21/41
摘要: Subject matter includes a password management system in which a web application obtains a list of accounts associated with a given user from an identity integration system connected to diverse data sources and in which a password can be updated in each data source, even when the identity integration system does not natively communicate with a data source.
摘要翻译: 主题包括密码管理系统,其中Web应用程序从连接到不同数据源的身份集成系统获取与给定用户相关联的帐户列表,并且其中可以在每个数据源中更新密码,即使身份集成 系统本身不与数据源进行通信。
-
公开(公告)号:US08590021B2
公开(公告)日:2013-11-19
申请号:US12359220
申请日:2009-01-23
IPC分类号: H04L29/06
CPC分类号: H04L63/0861 , G06F21/316 , G06F21/32 , H04L63/0492 , H04L63/08 , H04L67/10 , H04L2463/082 , H04W12/06
摘要: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
摘要翻译: 技术被描述为能够在计算系统上实现被动执行安全性。 计算系统的组件可以基于用户与计算系统的交互作用的观察来被动地认证或授权用户。 该技术可以根据观察结果增加或减少认证或授权级别。 该级别可以指示应该授予用户的访问级别。 当用户或计算设备的组件启动请求时,应用或服务可以确定该级别是否足以满足该请求。 如果级别不足,则应用程序或服务可以提示用户凭据,以便用户被主动认证。 该技术可以使计算系统“信任”认证,使得两个邻近的设备可以共享认证级别。
-
公开(公告)号:US08473634B2
公开(公告)日:2013-06-25
申请号:US10693516
申请日:2003-10-23
申请人: Murli Satagopan , Kim Cameron
发明人: Murli Satagopan , Kim Cameron
IPC分类号: H04L29/12066
CPC分类号: H04L63/102 , G06F17/3089 , H04L29/12122 , H04L29/12896 , H04L61/1547 , H04L61/307 , H04L61/605 , H04L67/02 , H04L67/104 , H04L67/1061 , H04L69/329
摘要: In accordance with various aspects, the present invention relates to accessing and publishing documents between two computer systems or nodes that are connected together in a network environment. The system and method for name resolution stores an identity information document containing a user-friendly handle signifying identity, such as an email address, and a machine location, such as an IP address, for the publishing computer system where the documents are stored. Next, the system and method intercepts an initial request for access to documents when the initial request includes a user-friendly handle and replaces the user-friendly handle with the machine location, so that network users may easily access these documents through knowledge only of the user-friendly handle.
摘要翻译: 根据各方面,本发明涉及在网络环境中连接在一起的两个计算机系统或节点之间访问和发布文档。 用于名称解析的系统和方法存储包含用户友好句柄表示身份的身份信息文档,例如电子邮件地址,以及用于存储文档的发布计算机系统的诸如IP地址的机器位置。 接下来,当初始请求包括用户友好的句柄并且将用户友好的句柄替换为机器位置时,系统和方法拦截对文档的访问的初始请求,使得网络用户可以通过仅知道 用户友好的句柄。
-
公开(公告)号:US08171057B2
公开(公告)日:2012-05-01
申请号:US12410680
申请日:2009-03-25
申请人: Keith W. Short , Kim Cameron
发明人: Keith W. Short , Kim Cameron
IPC分类号: G06F17/30
CPC分类号: G06F21/6245 , G06F21/33 , G06F21/45 , G06F2221/2111 , G06F2221/2145
摘要: The present invention extends to methods, systems, and computer program products for modeling party identities in computer storage systems. A federated identity fabric models identity data and relationships between portions of indentify data in computer storage systems in accordance with a uniform schema. The federated identity fabric can federate distributed identity and identity relationship data from computer storage systems within the variety of different computing environments. Code and metadata at computing environments associated with the federated identity fabric can interoperate to facilitate uniformly storing, accessing, modifying, deleting, and securing identity and identity relationship data within the federated identify fabric. Embodiments of the invention include utilizing an identity key table entry to locate party identity information and performing key transformations between different types of identity keys.
摘要翻译: 本发明扩展到用于在计算机存储系统中建模方身份的方法,系统和计算机程序产品。 联合身份结构根据统一模式在身份数据和计算机存储系统中识别数据的部分之间建立身份数据和关系。 联合身份结构可以在各种不同计算环境中的计算机存储系统中联合分布式身份和身份关系数据。 与联合身份结构相关联的计算环境中的代码和元数据可以互操作,以便在联合标识结构内统一存储,访问,修改,删除和保护身份和身份关系数据。 本发明的实施例包括利用身份密钥表条目来定位方身份信息并在不同类型的身份密钥之间执行密钥转换。
-
公开(公告)号:US08104074B2
公开(公告)日:2012-01-24
申请号:US11361281
申请日:2006-02-24
申请人: Kim Cameron , Arun K. Nanda
发明人: Kim Cameron , Arun K. Nanda
IPC分类号: H04L29/00
CPC分类号: G06F21/33 , G06F2221/2115
摘要: A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.
摘要翻译: 一种数字身份识别系统包括一个主体,包括被编程为从依赖方接收安全策略的身份选择器,审查与主体相关联的多个数字身份,并从身份提供者请求与主体的身份有关的一个或多个权利要求 。 校长进一步被编程为接收一个或多个安全令牌,包括来自身份提供者的权利要求,并将安全令牌转发给依赖方。
-
-
-
-
-
-
-
-
-
搜索结果
95 条记录 (耗时 0.029 秒)
