-
71.发明授权System and method of user logon in combination with user authentication for network access 有权用户登录的系统和方法与网络访问的用户认证相结合公开(公告)号:US06427209B1
公开(公告)日:2002-07-30
申请号:US09549794
申请日:2000-04-14
IPC分类号: H04L900
CPC分类号: H04L67/306 , G06F21/33 , H04L63/0807 , H04L63/102 , H04L69/329
摘要: A system and method of combined user logon-authentication provides enhanced logon performance by utilizing communications with a network access control server for user authentication to provide user account data required for user logon. When a user logs on a computer, the computer initiates a network access control process with a network access control server for obtaining access to network services, including the computer that the user is logging on. During the access control process, the network access control server authenticates the user and queries a directory service for the account data for the user. The network access control server includes the user account data in one of the communication packets sent to the computer in the network access control process. The computer retrieves the user account data from the communication packet and uses the data to complete the user logon.
摘要翻译: 组合用户登录认证的系统和方法通过利用与网络访问控制服务器的通信进行用户认证来提供增强的登录性能,以提供用户登录所需的用户帐户数据。 当用户登录计算机时,计算机利用网络访问控制服务器启动网络访问控制过程,以获得对网络服务的访问,包括用户正在登录的计算机。 在访问控制过程中,网络访问控制服务器对用户进行身份验证,并向目录服务查询用户的帐户数据。 网络访问控制服务器在网络访问控制过程中包括在发送到计算机的通信分组之一中的用户帐户数据。 计算机从通信包中检索用户帐户数据,并使用数据完成用户登录。
-
公开(公告)号:US06405262B1
公开(公告)日:2002-06-11
申请号:US08502376
申请日:1995-07-14
申请人: Keith R. Vogel , Richard P. Draves , Paul J. Leach
发明人: Keith R. Vogel , Richard P. Draves , Paul J. Leach
IPC分类号: G06F944
CPC分类号: G06F9/54
摘要: A computer system includes a plurality of client processes executing in respective address spaces and at least one server process executing in a different address space than the client processes. The server process has one or more available server objects for potential use by the client processes. The server objects are accessible by the client processes through a plurality of server object interfaces dynamically created in response to demand for said interfaces by the client processes. The server object interfaces are destroyed when there is no further demand for them. Each object interface can be simultaneously held for use during at least a portion of its lifetime by more than one of the client processes. The computer system further includes one or more client-side ping managers and at least one server-side ping manager. Each client process registers interfaces it is holding for use with an associated client-side ping manager. The server-side ping manager is associated with the server process and stores one or more interface lists indicating server object interfaces held for use by client processes. The server-side ping manager has a ping manager object interface available to the client-side ping managers. Each client-side ping manager accesses the server-side ping manager through the ping manager object interface to maintain an interface list with the server-side ping manager indicating server object interfaces which are registered with the client-side ping manager. Each client-side ping manager monitors whether any of its registered client processes have terminated, and automatically unregisters the interfaces of any such client processes which have terminated. The server-side ping manager notifies the server process of any server object interfaces which are no longer included in the interface lists of the server-side ping manager so that those interfaces can be destroyed.
摘要翻译: 计算机系统包括在相应地址空间中执行的多个客户端进程和在与客户机进程不同的地址空间中执行的至少一个服务器进程。 服务器进程有一个或多个可用的服务器对象供客户端进程潜在使用。 服务器对象可以由客户端进程通过响应客户端进程对所述接口的需求动态创建的多个服务器对象接口来访问。 当没有进一步的需求时,服务器对象接口被破坏。 每个对象接口可以在其多于一个客户端进程的至少一段时间内同时保持使用。 计算机系统还包括一个或多个客户端ping管理器和至少一个服务器端ping管理器。 每个客户端进程都会注册它与相关的客户端ping管理器一起使用的接口。 服务器端ping管理器与服务器进程相关联,并存储一个或多个接口列表,指示服务器对象接口保持供客户端进程使用。 服务器端ping管理器具有可用于客户端ping管理器的ping管理器对象接口。 每个客户端ping管理器通过ping管理器对象接口访问服务器端ping管理器,以维护与服务器端ping管理器的接口列表,该管理员指示客户端ping管理器注册的服务器对象接口。 每个客户端ping管理器监视其注册的客户端进程是否终止,并自动注销已终止的任何此类客户端进程的接口。 服务器端ping管理器通知服务器进程任何不再包含在服务器端ping管理器的接口列表中的服务器对象接口,以便这些接口可以被销毁。
-
公开(公告)号:US08640256B2
公开(公告)日:2014-01-28
申请号:US13352038
申请日:2012-01-17
申请人: David B. Cross , Paul J. Leach
发明人: David B. Cross , Paul J. Leach
IPC分类号: H04L9/32
CPC分类号: G06F17/30067
摘要: A file system is configured for use with files protected by digital rights management (DRM) content controls and to interact both with applications that are, and are not, DRM aware. The file system may be configured for use by two applications, in a manner that may provide the second application with protected files if the first application was previously allowed access. In one example, a user context cache of DRM-protected files is created. The files in the cache may have been decrypted in response to a request(s) from the first application. Subsequent requests from the second application may be received for files within the user context cache of DRM-protected files. At least one of the files within the user context cache of DRM-protected files may be provided to the second application if the second application has a joint user context with the first application.
摘要翻译: 文件系统被配置为与受数字权限管理(DRM)内容控制保护的文件一起使用,并且与DRM感知的应用程序进行交互。 文件系统可以被配置为由两个应用程序使用,其方式可以是如果第一应用程序以前被允许访问则可以向第二应用提供受保护的文件。 在一个示例中,创建DRM保护文件的用户上下文高速缓存。 响应于来自第一应用的请求,缓存中的文件可能已被解密。 可以针对受DRM保护的文件的用户上下文高速缓存中的文件接收来自第二应用的后续请求。 如果第二应用具有与第一应用的联合用户上下文,则DRM受保护文件的用户上下文高速缓存内的至少一个文件可以被提供给第二应用。
-
公开(公告)号:US20130061300A1
公开(公告)日:2013-03-07
申请号:US13224255
申请日:2011-09-01
申请人: Mark Novak , Paul J. Leach , Yi Zeng , Saurav Sinha , K. Michiko Short , Gopinathan Kannan
发明人: Mark Novak , Paul J. Leach , Yi Zeng , Saurav Sinha , K. Michiko Short , Gopinathan Kannan
IPC分类号: G06F21/00
CPC分类号: G06F21/00 , G06F21/6218 , H04L9/32 , H04L63/0846
摘要: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.
摘要翻译: 分布式系统,其中根据不同的本地时间操作的控制器提供时间依赖的凭证。 通过识别在过渡间隔期间生成的凭证可以避免控制器因产生时间偏差而产生不一致凭据的错误,其中不同的控制器可能会在同一绝对时间产生不同的凭据。 在转换间隔期间,控制器和其他设备可以基于认证功能的性质差异地使用凭证。 每个控制器可以基于自调度续订或基于来自其他设备的请求来定期更新其凭证,使得更新时间被随机延迟抵消以避免过多的网络流量。 控制器可以基于与该时间相关联的加密安全密钥以及识别与该凭证相关联的实体的信息来确定哪个凭证对于任何给定时间是有效的。
-
公开(公告)号:US08266680B2
公开(公告)日:2012-09-11
申请号:US12415790
申请日:2009-03-31
申请人: Rick James , Jonathan Silvera , Matthew Cox , Paul J. Leach , Anil K. Ruia , Anish V. Desai
发明人: Rick James , Jonathan Silvera , Matthew Cox , Paul J. Leach , Anil K. Ruia , Anish V. Desai
CPC分类号: H04L63/08 , H04L63/168 , H04L67/02 , H04L69/22
摘要: A client system and a server system use a Hypertext Transfer Protocol (HTTP) authentication mode preference header to negotiate an HTTP authentication mode. The client system sends an HTTP request to the server system. In response to the HTTP request, the server system sends an HTTP response to the client system. The HTTP response includes an HTTP authentication mode preference header. The HTTP authentication mode preference header indicates whether a preferred HTTP authentication mode is connection-based HTTP authentication or request-based HTTP authentication. In subsequent HTTP requests to the server system, the client system uses the HTTP authentication mode indicated by the HTTP authentication mode preference header.
摘要翻译: 客户端系统和服务器系统使用超文本传输协议(HTTP)认证模式优先级头来协商HTTP认证模式。 客户端系统向服务器系统发送HTTP请求。 响应于HTTP请求,服务器系统向客户端系统发送HTTP响应。 HTTP响应包括HTTP认证模式首选项头。 HTTP认证方式首选项表示首选HTTP认证方式是否为基于连接的HTTP认证或基于请求的HTTP认证。 在对服务器系统的后续HTTP请求中,客户端系统使用HTTP认证方式首选项指定的HTTP认证方式。
-
公开(公告)号:US08132246B2
公开(公告)日:2012-03-06
申请号:US12038736
申请日:2008-02-27
申请人: Cristian Ilac , Paul J. Leach , Tarek B. Kamel , Liqiang Zhu
发明人: Cristian Ilac , Paul J. Leach , Tarek B. Kamel , Liqiang Zhu
CPC分类号: H04L9/3213 , H04L9/0822 , H04L9/0833
摘要: An exemplary group ticket for a Kerberos protocol includes a service ticket encrypted with a dynamic group key and a plurality of enveloped pairs where each pair includes a name associated with a member of a group and an encrypted the dynamic group key for decryption by a key possessed by the member of the group where decryption of an encrypted dynamic group key allows for decryption of the service ticket. Other exemplary methods, systems, etc., are also disclosed.
摘要翻译: 用于Kerberos协议的示例性组票包括用动态组密钥和多个包络对加密的服务票据,其中每对包括与组的成员相关联的名称,以及加密的动态组密钥,用于通过所拥有的密钥进行解密 由加密的动态组密钥的解密允许解密服务票据的组的成员。 还公开了其它示例性方法,系统等。
-
公开(公告)号:US07809938B2
公开(公告)日:2010-10-05
申请号:US11254545
申请日:2005-10-20
申请人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
发明人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
摘要翻译: 提供分布式安全系统。 分布式安全系统使用以政策语言编写的安全策略,该策略语言是传输和安全协议独立的,而与密码技术无关。 该安全策略可以用语言来表示,以创建不同的安全组件,从而实现更大的可扩展性和灵活性。 通过抽象底层协议和技术,可以支持多个环境和平台。
-
公开(公告)号:US20100251338A1
公开(公告)日:2010-09-30
申请号:US12415790
申请日:2009-03-31
申请人: Rick James , Jonathan Silvera , Matthew Cox , Paul J. Leach , Anil K. Ruia , Anish V. Desai
发明人: Rick James , Jonathan Silvera , Matthew Cox , Paul J. Leach , Anil K. Ruia , Anish V. Desai
CPC分类号: H04L63/08 , H04L63/168 , H04L67/02 , H04L69/22
摘要: A client system and a server system use a Hypertext Transfer Protocol (HTTP) authentication mode preference header to negotiate an HTTP authentication mode. The client system sends an HTTP request to the server system. In response to the HTTP request, the server system sends an HTTP response to the client system. The HTTP response includes an HTTP authentication mode preference header. The HTTP authentication mode preference header indicates whether a preferred HTTP authentication mode is connection-based HTTP authentication or request-based HTTP authentication. In subsequent HTTP requests to the server system, the client system uses the HTTP authentication mode indicated by the HTTP authentication mode preference header.
摘要翻译: 客户端系统和服务器系统使用超文本传输协议(HTTP)认证模式优先级头来协商HTTP认证模式。 客户端系统向服务器系统发送HTTP请求。 响应于HTTP请求,服务器系统向客户端系统发送HTTP响应。 HTTP响应包括HTTP认证模式首选项头。 HTTP认证方式首选项表示首选HTTP认证方式是否为基于连接的HTTP认证或基于请求的HTTP认证。 在对服务器系统的后续HTTP请求中,客户端系统使用HTTP认证方式首选项指定的HTTP认证方式。
-
公开(公告)号:US20100242102A1
公开(公告)日:2010-09-23
申请号:US11477160
申请日:2006-06-27
CPC分类号: G06F21/32 , G06F21/335 , G06Q20/40145 , H04L63/0428 , H04L63/067 , H04L63/0807 , H04L63/0823 , H04L63/083 , H04L63/0861 , H04L63/10 , H04L63/126
摘要: Use of a biometric identification device in a client computer system to subsequently access an authentication system includes receiving biometric sample data which is digitally signed and combining the data with a user ID and PIN. This package of data is then securely transmitted to a biometric matching server to validate the user and the biometric sample. Once validated, the biometric matching server return the data package plus a temporary certificate and a public/private key pair to the client computer. The client computer may then use this information to access an authentication system to subsequently gain access to a secure resource.
摘要翻译: 在客户端计算机系统中使用生物识别装置随后访问认证系统包括接收数字签名的生物特征样本数据,并将数据与用户ID和PIN组合。 然后将该数据包安全地传输到生物特征匹配服务器以验证用户和生物特征样本。 一旦验证,生物特征匹配服务器将数据包加上临时证书和公钥/私钥对返回给客户端计算机。 然后,客户端计算机可以使用该信息来访问认证系统以随后获得对安全资源的访问。
-
公开(公告)号:US20100228982A1
公开(公告)日:2010-09-09
申请号:US12399615
申请日:2009-03-06
IPC分类号: H04L9/32
CPC分类号: H04L9/3271 , H04L9/3234 , H04L63/0428 , H04W12/06
摘要: Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.
摘要翻译: 现代网络通信通常需要客户端应用程序请求数据对提供数据的应用程序进行身份验证。 这种认证请求可以是冗余的,特别是在无状态网络协议的情况下。 当执行完整认证时,可以同意会话标识符和一个或多个加密密钥。 随后的认证请求可以用包括会话标识符的快速重新连接令牌和使用该一个或多个加密密钥的加密签名版本来应答。 如果需要额外的安全性,则可以以预定或随机的方式建立和递增序列号,以便能够检测重放的快速重新连接令牌。 如果收件人可以验证快速重新连接令牌,则可以认为提供商已经根据先前的身份验证进行了身份验证。 如果快速重新认证的一个方面应该失败,则可能需要对原始的完整身份验证过程进行追索。
-
-
-
-
-
-
-
-
-
搜索结果
98 条记录 (耗时 0.023 秒)