-
公开(公告)号:US20130061301A1
公开(公告)日:2013-03-07
申请号:US13224257
申请日:2011-09-01
申请人: Mark Novak , Paul J. Leach , Yi Zeng , Saurav Sinha , K. Michiko Short , Gopinathan Kannan
发明人: Mark Novak , Paul J. Leach , Yi Zeng , Saurav Sinha , K. Michiko Short , Gopinathan Kannan
IPC分类号: G06F21/00
CPC分类号: H04L63/0846
摘要: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.
-
公开(公告)号:US08302149B2
公开(公告)日:2012-10-30
申请号:US11254519
申请日:2005-10-20
申请人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
发明人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
摘要翻译: 提供分布式安全系统。 分布式安全系统使用以政策语言编写的安全策略,该策略语言是传输和安全协议独立的,而与密码技术无关。 该安全策略可以用语言来表示,以创建不同的安全组件,从而实现更大的可扩展性和灵活性。 通过抽象底层协议和技术,可以支持多个环境和平台。
-
公开(公告)号:US07971230B2
公开(公告)日:2011-06-28
申请号:US11830680
申请日:2007-07-30
IPC分类号: G06F17/30
CPC分类号: G06F21/6218 , G06F2221/2141 , G06F2221/2145 , Y10S707/99931 , Y10S707/99939
摘要: The present invention relates to a system and methodology to facilitate security for data items residing within (or associated with) a hierarchical database or storage structure. A database security system is provided having a hierarchical data structure associated with one or more data items. The system includes a security component that applies a security policy to the data items from a global location or region associated with a database. Various components and processes are employed to enable explicit and/or inherited security properties to be received by and propagated to the data items depending on the type of data structure encountered or processed.
摘要翻译: 本发明涉及一种促进位于分层数据库或存储结构内(或与之相关联的)数据项的安全性的系统和方法。 提供了具有与一个或多个数据项相关联的分层数据结构的数据库安全系统。 该系统包括将安全策略应用于与数据库相关联的全球位置或区域的数据项的安全组件。 采用各种组件和过程来使显式和/或继承的安全属性由数据项接收和传播到数据项,这取决于遇到或处理的数据结构的类型。
-
公开(公告)号:US07752442B2
公开(公告)日:2010-07-06
申请号:US11254539
申请日:2005-10-20
申请人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Luocco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
发明人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Luocco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
IPC分类号: H04L9/32
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
-
公开(公告)号:US07752431B2
公开(公告)日:2010-07-06
申请号:US11254264
申请日:2005-10-20
申请人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
发明人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
-
公开(公告)号:US07644275B2
公开(公告)日:2010-01-05
申请号:US10413799
申请日:2003-04-15
申请人: David R. Mowers , John Banes , Daniel R. Simon , Paul J. Leach
发明人: David R. Mowers , John Banes , Daniel R. Simon , Paul J. Leach
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , H04L63/0442 , H04L63/0807 , H04L63/0869 , H04L63/10 , H04L63/12 , H04L63/166 , H04L67/42
摘要: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
摘要翻译: 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器(DC)呈现证据的第一服务器,该第一认证上下文从客户端提交到第一服务器以获得可委托的证书,其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文,它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。
-
公开(公告)号:US20090328134A1
公开(公告)日:2009-12-31
申请号:US12163548
申请日:2008-06-27
申请人: Kenneth D. Ray , Pankaj M. Kamat , Charles W. Kaufman , Paul J. Leach , William R. Tipton , Andrew Herron , Krassimir E. Karamifilov , Duncan G. Bryce , Jonathan D. Schwartz , Matthew C. Setzer , John McDowell
发明人: Kenneth D. Ray , Pankaj M. Kamat , Charles W. Kaufman , Paul J. Leach , William R. Tipton , Andrew Herron , Krassimir E. Karamifilov , Duncan G. Bryce , Jonathan D. Schwartz , Matthew C. Setzer , John McDowell
IPC分类号: G06F17/00
CPC分类号: G06F21/105
摘要: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译: 本发明扩展到用于将受保护内容授权给应用集的方法,系统和计算机程序产品。 本发明的实施例允许本地机器增加其对授权对受保护内容的访问的参与。 例如,允许在适当的计算环境内的操作系统来确定应用程序是否被授权访问受保护的内容。 因此,应用程序不必存储发布许可证。 此外,授权决定部分分配,减轻了保护服务器的资源负担。 因此,当请求访问受保护内容时,本发明的实施例可以促进更强大和有效的授权决定。
-
公开(公告)号:US20090178129A1
公开(公告)日:2009-07-09
申请号:US11969456
申请日:2008-01-04
申请人: David B. Cross , Mark F. Novak , Oded Ye Shekel , Paul J. Leach , Andreas Luther , Thomas C. Jones
发明人: David B. Cross , Mark F. Novak , Oded Ye Shekel , Paul J. Leach , Andreas Luther , Thomas C. Jones
IPC分类号: H04L9/32
CPC分类号: H04L9/3213 , H04L9/3226 , H04L9/3263 , H04L63/0807
摘要: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.
摘要翻译: 公开了基于认证输入属性提供差分访问的实施例。 根据一个实施例,一种方法包括使用认证协议在认证机构处接收认证输入。 认证输入与客户端相关联。 该方法还包括为认证输入提供一个或多个表示,其中每个表示代表认证输入的属性。
-
公开(公告)号:US20080301780A1
公开(公告)日:2008-12-04
申请号:US11756393
申请日:2007-05-31
申请人: Carl Melvin Ellison , Paul J. Leach , Butler Wright Lampson , Melissa W. Dunn , Ravindra Nath Pandya , Charles William Kaufman
发明人: Carl Melvin Ellison , Paul J. Leach , Butler Wright Lampson , Melissa W. Dunn , Ravindra Nath Pandya , Charles William Kaufman
IPC分类号: G06F17/00
CPC分类号: G06F21/6218
摘要: The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.
摘要翻译: 本发明涉及便于管理组实体以进行访问控制的系统和方法。 使用基组定义负组,其中与基组关联的负组包括未包括在基组中的任何实体。 负组可以使用证书而不是负组成员的显式列表来实现。 证书可以提供负组织成员的证据,并可以提供评估以获得资源。 减法组也可用于管理对资源的访问。 减法组可以定义为第一组的成员,不包括第二组的任何成员。
-
50.发明申请公开(公告)号:US20070283411A1
公开(公告)日:2007-12-06
申请号:US11445778
申请日:2006-06-02
申请人: Muthukrishnan Paramasivam , Charles F. Rose , Dave M. McPherson , Raja Pazhanivel Perumal , Satyajit Nath , Paul J. Leach , Ravindra Nath Pandya
发明人: Muthukrishnan Paramasivam , Charles F. Rose , Dave M. McPherson , Raja Pazhanivel Perumal , Satyajit Nath , Paul J. Leach , Ravindra Nath Pandya
IPC分类号: H04L9/00
CPC分类号: H04L63/102 , G06F21/604 , H04L63/20
摘要: Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.
摘要翻译: 来自访问检查机制的抽象访问控制策略允许使用具有语义的声明性模型,而不是访问检查机制允许的策略的更丰富的表达。 此外,抽象访问控制策略允许在多个访问检查机制之间统一表达策略。 提供任何访问查询的类似原因,例如谁可以访问从策略语句本身构建的什么资源,独立于提供访问的访问检查机制。 访问被审计,基于访问控制策略提供基于策略的访问原因。
-
-
-
-
-
-
-
-
-
搜索结果
98 条记录 (耗时 0.038 秒)
