-
公开(公告)号:US07747647B2
公开(公告)日:2010-06-29
申请号:US11322846
申请日:2005-12-30
摘要: A permission information system and method are provided. The system facilitates management of permissions across a wide variety of systems and applications in a network environment. The system includes a data store which is a central repository that maintains permissions (e.g., in a user readable format). The permissions can, optionally, be translated into a format that is useable by endpoint system(s).The system further includes a metadirectory component which notices change(s) that are created in the data store and sends the security information to the endpoint system(s). The new security policy can then installed and enforced on the endpoint systems. The system can thus employ the capabilities of a metadirectory to distribute security policy(ies) to these end-point systems. The system can, optionally, include one or more translator(s) which transform the user readable format into a format that is consumable by the endpoint system(s).
摘要翻译: 提供了许可信息系统和方法。 该系统便于管理网络环境中各种系统和应用程序的权限。 该系统包括数据存储器,其是维护许可(例如,以用户可读格式)的中央存储库。 可以选择地将权限转换为可由端点系统使用的格式。 系统还包括元目录组件,其识别在数据存储中创建的变化并将安全信息发送到端点系统。 然后可以在端点系统上安装和实施新的安全策略。 因此,系统可以采用元目录的功能来将安全策略分发给这些端点系统。 系统可以可选地包括一个或多个转换器,其将用户可读格式转换成端点系统可消耗的格式。
-
公开(公告)号:US07603555B2
公开(公告)日:2009-10-13
申请号:US11173004
申请日:2005-06-30
申请人: Donald E. Schmidt , Ryan D. Johnson , Kahren Tevosyan , Jeffrey F. Spelman , Krishnanand Shenoy , Harini Raghavan , David R. Mowers , Matthew Hur
发明人: Donald E. Schmidt , Ryan D. Johnson , Kahren Tevosyan , Jeffrey F. Spelman , Krishnanand Shenoy , Harini Raghavan , David R. Mowers , Matthew Hur
IPC分类号: H04L9/00
CPC分类号: H04L63/0209 , H04L63/0815 , H04L63/168
摘要: A system for authenticating computer users comprising a single active directory disposed in an intranet, a web server disposed in a DMZ associated with the intranet, and a web client coupled to the web server through an internet connection that is capable of signing on to the web server.
摘要翻译: 一种用于认证计算机用户的系统,包括设置在内联网中的单个活动目录,布置在与内联网相关联的DMZ中的web服务器,以及通过互联网连接耦合到web服务器的web客户端,该互联网连接能够登录到web 服务器。
-
公开(公告)号:US07401235B2
公开(公告)日:2008-07-15
申请号:US10144059
申请日:2002-05-10
申请人: David R. Mowers , Daniel Doubrovkine , Roy Leban , Donald E. Schmidt , Ram Viswanathan , John E. Brezak , Richard B. Ward
发明人: David R. Mowers , Daniel Doubrovkine , Roy Leban , Donald E. Schmidt , Ram Viswanathan , John E. Brezak , Richard B. Ward
IPC分类号: G06F7/04 , G06F17/30 , G06F15/173 , G06K9/00 , H04L9/32
CPC分类号: G06F21/31 , G06F21/33 , G06F2221/2141
摘要: Methods and systems are provided to allow users that are authenticated by a trusted external service to gain controlled levels of access to selected local computing resources without requiring the user to also have conventional access control capabilities for the resources.
摘要翻译: 提供了方法和系统,以允许由受信任的外部服务认证的用户获得对所选择的本地计算资源的受控级别的访问,而不需要用户也具有资源的常规访问控制能力。
-
公开(公告)号:US08918525B2
公开(公告)日:2014-12-23
申请号:US12976819
申请日:2010-12-22
申请人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
发明人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
CPC分类号: H04L29/06 , H04L29/06197 , H04L29/06319 , H04L29/06326 , H04L29/08252 , H04L29/08576 , H04L67/14 , H04L67/146 , H04L67/327
摘要: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.
摘要翻译: 示例性网络网关能够接受具有会话标识符字段的会话相关消息; 网络网关适于从填充会话标识符字段的值中提取主机标识符,并且使用主机标识符执行与会话相关消息的路由操作。 对于示例性媒体实现,处理器可执行指令指示设备执行动作,包括:从会话消息的会话标识符字段中确定主机标识符; 以及响应于所确定的主机标识符来路由会话消息。 示例性装置包括:至少一个处理器; 以及一个或多个媒体,包括能够由所述至少一个处理器执行以指导所述设备执行动作的处理器可执行指令,包括:接收具有包括主机标识符的会话标识符的会话消息; 以及响应于所述主机标识符路由所述会话消息。
-
公开(公告)号:US08627440B2
公开(公告)日:2014-01-07
申请号:US12647327
申请日:2009-12-24
申请人: David R. Mowers , Daniel R. Simon , Paul J. Leach , John A. Banes
发明人: David R. Mowers , Daniel R. Simon , Paul J. Leach , John A. Banes
IPC分类号: G06F15/16
CPC分类号: H04L63/08 , H04L63/0442 , H04L63/0807 , H04L63/0869 , H04L63/10 , H04L63/12 , H04L63/166 , H04L67/42
摘要: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
摘要翻译: 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器(DC)呈现证据的第一服务器,该第一认证上下文从客户端提交到第一服务器以获得可委托的证书,其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文,它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。
-
公开(公告)号:US08266294B2
公开(公告)日:2012-09-11
申请号:US10639727
申请日:2003-08-13
申请人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
发明人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
IPC分类号: G06F15/16
CPC分类号: H04L67/2804 , H04L29/06 , H04L67/1002 , H04L67/1008 , H04L67/1017 , H04L67/1019 , H04L67/1023 , H04L67/1027 , H04L67/14 , H04L67/2819 , H04L69/329 , H04L2029/06054
摘要: A first exemplary media implementation includes processor-executable instructions that direct a device to perform actions including: creating a session identifier using a host identifier; and formulating a host session initiation message with the created session identifier. A first exemplary device implementation includes: at least one processor; and one or more media including processor-executable instructions that direct the device to perform actions including: formulating a host session message with a session identifier that is created responsive to a host identifier; and sending the formulated host session message that includes the session identifier from the device. A second exemplary media implementation includes a data structure that has a message including a session identifier field, at least part of the session identifier field including a host identifier. A second exemplary device implementation includes: a host identifier; and a session identifier creator that is adapted to create a session identifier using the host identifier.
摘要翻译: 第一示例性媒体实现包括指导设备执行动作的处理器可执行指令,包括:使用主机标识符创建会话标识符; 以及使用所创建的会话标识符来制定主机会话发起消息。 第一示例性设备实现包括:至少一个处理器; 以及一个或多个媒体,包括指导设备执行动作的处理器可执行指令,包括:使用响应于主机标识符创建的会话标识符来制定主机会话消息; 并且从设备发送包括会话标识符的配制主机会话消息。 第二示例性媒体实现包括具有包括会话标识符字段的消息的数据结构,该会话标识符字段的至少一部分包括主机标识符。 第二示例性设备实现包括:主机标识符; 以及适于使用主机标识符创建会话标识符的会话标识符创建器。
-
公开(公告)号:US20110093613A1
公开(公告)日:2011-04-21
申请号:US12976819
申请日:2010-12-22
申请人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
发明人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
IPC分类号: G06F15/173
CPC分类号: H04L29/06 , H04L29/06197 , H04L29/06319 , H04L29/06326 , H04L29/08252 , H04L29/08576 , H04L67/14 , H04L67/146 , H04L67/327
摘要: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.
摘要翻译: 示例性网络网关能够接受具有会话标识符字段的会话相关消息; 网络网关适于从填充会话标识符字段的值中提取主机标识符,并且使用主机标识符执行与会话相关消息的路由操作。 对于示例性媒体实现,处理器可执行指令指示设备执行动作,包括:从会话消息的会话标识符字段中确定主机标识符; 以及响应于所确定的主机标识符来路由会话消息。 示例性装置包括:至少一个处理器; 以及一个或多个媒体,包括能够由所述至少一个处理器执行以指导所述设备执行动作的处理器可执行指令,包括:接收具有包括主机标识符的会话标识符的会话消息; 以及响应于所述主机标识符路由所述会话消息。
-
公开(公告)号:US07882251B2
公开(公告)日:2011-02-01
申请号:US10639516
申请日:2003-08-13
申请人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
发明人: John A. Banes , Joseph M. Joy , David R. Mowers , Cem Paya , Feng Sun
CPC分类号: H04L29/06 , H04L29/06197 , H04L29/06319 , H04L29/06326 , H04L29/08252 , H04L29/08576 , H04L67/14 , H04L67/146 , H04L67/327
摘要: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.
摘要翻译: 示例性网络网关能够接受具有会话标识符字段的会话相关消息; 网络网关适于从填充会话标识符字段的值中提取主机标识符,并且使用主机标识符执行与会话相关消息的路由操作。 对于示例性媒体实现,处理器可执行指令指示设备执行动作,包括:从会话消息的会话标识符字段中确定主机标识符; 以及响应于所确定的主机标识符来路由所述会话消息。 示例性装置包括:至少一个处理器; 以及一个或多个媒体,包括能够由所述至少一个处理器执行以指导所述设备执行动作的处理器可执行指令,包括:接收具有包括主机标识符的会话标识符的会话消息; 以及响应于所述主机标识符路由所述会话消息。
-
公开(公告)号:US07644275B2
公开(公告)日:2010-01-05
申请号:US10413799
申请日:2003-04-15
申请人: David R. Mowers , John Banes , Daniel R. Simon , Paul J. Leach
发明人: David R. Mowers , John Banes , Daniel R. Simon , Paul J. Leach
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , H04L63/0442 , H04L63/0807 , H04L63/0869 , H04L63/10 , H04L63/12 , H04L63/166 , H04L67/42
摘要: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
摘要翻译: 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器(DC)呈现证据的第一服务器,该第一认证上下文从客户端提交到第一服务器以获得可委托的证书,其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文,它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。
-
公开(公告)号:US20080027940A1
公开(公告)日:2008-01-31
申请号:US11494064
申请日:2006-07-27
IPC分类号: G06F17/30
CPC分类号: G06F16/164 , G06F16/168
摘要: An operating system automatically classifies a new file by instructing the application that generated the file to modify the file by applying one or more settings for data usage attributes to the file prior to the application saving the file in a folder.
摘要翻译: 操作系统通过在应用程序将文件保存在文件夹中之前,通过在文件中应用一个或多个数据使用属性设置来指定生成文件的应用程序来自动对文件进行分类。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.025 秒)
