公开(公告)号：US07822988B2

公开(公告)日：2010-10-26

申请号：US10693172

申请日：2003-10-23

申请人： Kim Cameron ,  Arun Nanda ,  Don Hacherl ,  Murli Satagopan ,  Stuart Kwan ,  Colin Brace ,  Walter Smith ,  Melissa Dunn

发明人： Kim Cameron ,  Arun Nanda ,  Don Hacherl ,  Murli Satagopan ,  Stuart Kwan ,  Colin Brace ,  Walter Smith ,  Melissa Dunn

IPC分类号： H04L9/32

CPC分类号： H04L63/102 ,  G06F21/31 ,  G06F21/64 ,  H04L63/126

摘要： In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable. If the identity information is determined to be unreliable, an identity recognition number retrieved from the sender is compared to an identity recognition number generated by the recipient based on information in the received identity information document. If the identity recognition number is verified, the identity information is saved in the recognized identity information store.

摘要翻译： 根据各方面，本发明涉及用于发送身份信息文档的方法和系统，包括从自身身份信息存储中选择身份信息以包括在身份信息文档中。 所选择的身份信息从自身身份信息存储器读取。 生成身份信息文档以包括所选择的身份信息和一个或多个密钥，并且使用与包括在身份信息文档中的密钥之一相关联的密钥进行签名。 然后将身份信息文档发送给收件人。 接收身份信息文档包括从发起者接收签名的身份信息文档。 确定身份信息文档中的身份信息是否可靠。 如果身份信息被确定为可靠，则身份信息被保存在识别的身份信息存储器中。 如果身份信息被确定为不可靠，则根据接收到的身份信息文档中的信息，将从发送者检索到的身份识别号码与由接收者产生的身份识别号码进行比较。 如果身份识别号码被验证，身份信息被保存在识别的身份信息存储中。

公开(公告)号：US07631060B2

公开(公告)日：2009-12-08

申请号：US10693021

申请日：2003-10-23

申请人： Kim Cameron ,  Don Hacherl

发明人： Kim Cameron ,  Don Hacherl

IPC分类号： G06F15/173

CPC分类号： G06F21/31 ,  G06F2221/2149

摘要： A system for identifying principals within a computing environment is disclosed. The system includes principal objects containing identity claims. The principal objects are used by computer processes within the environment to perform tasks related to the association of principals to activated resource objects. Exemplary principals include individuals, a group of individuals, organizations and computer modules and devices. Each identity claim uniquely identifies a specific principal within a particular scheme. To accomplish this, each identity claim includes an assertion that specifies an identification string unique to a principal within the associated scheme. Exemplary schemes for an individual include email accounts, telephone numbers, credit card account numbers and social security numbers. Thus, exemplary identification strings for an individual are specific email addresses, specific telephone numbers, etc. Exemplary schemes for a group of individuals and organizations include telephone numbers and web page addresses. The system also determines whether two principal objects conflict, thereby resulting in an identity fault.

摘要翻译： 公开了一种用于识别计算环境内的主体的系统。 系统包括包含身份声明的主体对象。 主体对象由环境中的计算机进程用于执行与主体与激活的资源对象的关联相关的任务。 示例性主体包括个人，一组个人，组织以及计算机模块和设备。 每个身份声明唯一地标识特定方案中的特定主体。 为了实现这一点，每个身份声明包括一个断言，该断言指定相关联方案中的主体唯一的标识字符串。 个人的示例性方案包括电子邮件帐户，电话号码，信用卡帐号和社会保险号码。 因此，用于个人的示例性识别字符串是特定的电子邮件地址，特定的电话号码等。一组个人和组织的示例性方案包括电话号码和网页地址。 该系统还确定两个主体对象是否冲突，从而导致身份错误。

公开(公告)号：US07200608B2

公开(公告)日：2007-04-03

申请号：US10693097

申请日：2003-10-23

申请人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Don Hacherl ,  Murli Satagopan ,  Nitin Karmarkar

发明人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Don Hacherl ,  Murli Satagopan ,  Nitin Karmarkar

IPC分类号： G06F17/00 ,  G06F15/173

CPC分类号： G06F9/4493 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： In the present invention, data relating to principals known to a computer system is centrally stored and objects having a standardized principal application programming interface (API) for finding, managing and accessing that data is provided to applications in lieu of having the applications independently store the principal data. The present invention eliminates the need for each application to create duplicate principal data. It also ensures that principal data are consistent throughout the applications on the computer system. In addition, the present invention allows any application with objects having the principal API to manage and change the principal data making such principal data easy to update. The principal API includes methods to find principals based on an identity reference to a principal or an identity claim that uniquely identifies the principal on computer system.

摘要翻译： 在本发明中，与计算机系统已知的原理有关的数据被集中存储，并且具有用于查找，管理和访问该数据的标准化主应用编程接口（API）的对象被提供给应用，代替使应用独立地存储 主要资料。 本发明消除了对每个应用程序创建重复主体数据的需要。 它还确保在计算机系统上的整个应用程序中主数据是一致的。 此外，本发明允许具有主要API的对象的任何应用程序来管理和改变使主要数据容易更新的主要数据。 主要API包括基于对主体或身份声明的身份引用来查找主体的方法，唯一标识计算机系统上的主体。

公开(公告)号：US07181472B2

公开(公告)日：2007-02-20

申请号：US10693175

申请日：2003-10-23

申请人： Kim Cameron ,  Don Hacherl

发明人： Kim Cameron ,  Don Hacherl

IPC分类号： G06F17/30

CPC分类号： G06F17/30575 ,  G06F17/30569 ,  Y10S707/922 ,  Y10S707/959 ,  Y10S707/99952

摘要： An identity system and method that stores identity information related to different principals and stores the identities on different or disparate systems such that the different systems can use the identities. A synchronization process synchronizes identity information and rules based on identity information between a primary computer system and a disparate secondary computer system. Accordingly, the secondary computer system has a representative database of identity information following receipt of the converted information, wherein the representative database is representative of a primary database of identity information stored on the primary computer system. In order to synchronize a conversion may take place. The conversion process may be performed by a dedicated process designed for the secondary system. Alternatively, the conversion is performed by a generalized process using mapping tables designed to convert identity information into multiple different formats.

摘要翻译： 存储与不同原则相关的身份信息并将身份存储在不同或不同的系统上的身份系统和方法，使得不同的系统可以使用身份。 同步过程基于主计算机系统和不同的次计算机系统之间的身份信息同步身份信息和规则。 因此，次级计算机系统在接收到转换的信息之后具有代表性身份信息的数据库，其中代表数据库代表存储在主计算机系统上的身份信息的主数据库。 为了同步转换可能会发生。 转换过程可以通过为辅助系统设计的专用过程来执行。 或者，通过广义过程使用被设计为将身份信息转换成多种不同格式的映射表来执行转换。

公开(公告)号：US20050091264A1

公开(公告)日：2005-04-28

申请号：US10693021

申请日：2003-10-23

申请人： Kim Cameron ,  Don Hacherl

发明人： Kim Cameron ,  Don Hacherl

IPC分类号： G06F20060101 ,  G06F15/16 ,  G06F17/00 ,  G06F21/00

CPC分类号： G06F21/31 ,  G06F2221/2149

摘要： A system for identifying principals within a computing environment is disclosed. The system includes principal objects containing identity claims. The principal objects are used by computer processes within the environment to perform tasks related to the association of principals to activated resource objects. Exemplary principals include individuals, a group of individuals, organizations and computer modules and devices. Each identity claim uniquely identifies a specific principal within a particular scheme. To accomplish this, each identity claim includes an assertion that specifies an identification string unique to a principal within the associated scheme. Exemplary schemes for an individual include email accounts, telephone numbers, credit card account numbers and social security numbers. Thus, exemplary identification strings for an individual are specific email addresses, specific telephone numbers, etc. Exemplary schemes for a group of individuals and organizations include telephone numbers and web page addresses. The system also determines whether two principal objects conflict, thereby resulting in an identity fault.

摘要翻译： 公开了一种用于识别计算环境内的主体的系统。 系统包括包含身份声明的主体对象。 主体对象由环境中的计算机进程用于执行与主体与激活的资源对象的关联相关的任务。 示例性主体包括个人，一组个人，组织以及计算机模块和设备。 每个身份声明唯一地标识特定方案中的特定主体。 为了实现这一点，每个身份声明包括一个断言，该断言指定相关联方案中的主体唯一的标识字符串。 个人的示例性方案包括电子邮件帐户，电话号码，信用卡帐号和社会保险号码。 因此，用于个人的示例性识别字符串是特定的电子邮件地址，特定的电话号码等。一组个人和组织的示例性方案包括电话号码和网页地址。 该系统还确定两个主体对象是否冲突，从而导致身份错误。

公开(公告)号：US07593951B2

公开(公告)日：2009-09-22

申请号：US11444643

申请日：2006-05-30

申请人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Murli Satagopan ,  Nitin Karmarkar ,  Don Hacherl

发明人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Murli Satagopan ,  Nitin Karmarkar ,  Don Hacherl

IPC分类号： G06F17/00

CPC分类号： G06F9/4493 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： In the present invention, data relating to principals known to a computer system is centrally stored and objects having a standardized principal application programming interface (API) for finding, managing and accessing that data is provided to applications in lieu of having the applications independently store the principal data. The present invention eliminates the need for each application to create duplicate principal data. It also ensures that principal data are consistent throughout the applications on the computer system. In addition, the present invention allows any application with objects having the principal API to manage and change the principal data making such principal data easy to update. The principal API includes methods to find principals based on an identity reference to a principal or an identity claim that uniquely identifies the principal on computer system.

摘要翻译： 在本发明中，与计算机系统已知的原理有关的数据被集中存储，并且具有用于查找，管理和访问该数据的标准化主应用编程接口（API）的对象被提供给应用，代替使应用独立地存储 主要资料。 本发明消除了对每个应用程序创建重复主体数据的需要。 它还确保在计算机系统上的整个应用程序中主数据是一致的。 此外，本发明允许具有主要API的对象的任何应用程序来管理和改变使主要数据容易更新的主要数据。 主要API包括基于对主体或身份声明的身份引用来查找主体的方法，唯一标识计算机系统上的主体。

公开(公告)号：US20070094301A1

公开(公告)日：2007-04-26

申请号：US11444643

申请日：2006-05-30

申请人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Don Hacherl ,  Murli Satagopan ,  Nitin Karmarkar

发明人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Don Hacherl ,  Murli Satagopan ,  Nitin Karmarkar

IPC分类号： G06F7/00

CPC分类号： G06F9/4493 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： In the present invention, data relating to principals known to a computer system is centrally stored and objects having a standardized principal application programming interface (API) for finding, managing and accessing that data is provided to applications in lieu of having the applications independently store the principal data. The present invention eliminates the need for each application to create duplicate principal data. It also ensures that principal data are consistent throughout the applications on the computer system. In addition, the present invention allows any application with objects having the principal API to manage and change the principal data making such principal data easy to update. The principal API includes methods to find principals based on an identity reference to a principal or an identity claim that uniquely identifies the principal on computer system.

公开(公告)号：US20050091265A1

公开(公告)日：2005-04-28

申请号：US10693097

申请日：2003-10-23

申请人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Don Hacherl ,  Murli Satagopan ,  Nitin Karmarkar

发明人： Matthew Rimer ,  Andy Harjanto ,  Kim Cameron ,  Don Hacherl ,  Murli Satagopan ,  Nitin Karmarkar

IPC分类号： G06F7/00 ,  G06F9/44

CPC分类号： G06F9/4493 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： In the present invention, data relating to principals known to a computer system is centrally stored and objects having a standardized principal application programming interface (API) for finding, managing and accessing that data is provided to applications in lieu of having the applications independently store the principal data. The present invention eliminates the need for each application to create duplicate principal data. It also ensures that principal data are consistent throughout the applications on the computer system. In addition, the present invention allows any application with objects having the principal API to manage and change the principal data making such principal data easy to update. The principal API includes methods to find principals based on an identity reference to a principal or an identity claim that uniquely identifies the principal on computer system.

摘要翻译： 在本发明中，与计算机系统已知的原理有关的数据被集中存储，并且具有用于查找，管理和访问该数据的标准化主应用编程接口（API）的对象被提供给应用，代替使应用独立地存储 主要资料。 本发明消除了对每个应用程序创建重复主体数据的需要。 它还确保在计算机系统上的整个应用程序中主数据是一致的。 此外，本发明允许具有主要API的对象的任何应用程序来管理和改变使主要数据容易更新的主要数据。 主要API包括基于对主体或身份声明的身份引用来查找主体的方法，唯一标识计算机系统上的主体。

公开(公告)号：US20050114447A1

公开(公告)日：2005-05-26

申请号：US10692530

申请日：2003-10-24

申请人： Kim Cameron ,  Don Hacherl

发明人： Kim Cameron ,  Don Hacherl

IPC分类号： G06F15/16 ,  G06F21/00

CPC分类号： G06F21/6245

摘要： A group certificate is used in a communication system to establish and recognize a group identity at a receiving system. Once a group identity is recognized, members of the group may be recognized based on membership certificates, or they may be recognized based on their own personal certificates separate from the group. In other words a member may be recognized based on trust by the recipient in the group or based on trust by the recipient in the member personally. Group identity information is created for inclusion in the group certificate. A group-signed group certificate is generated, and the certificate has as the group identity information, at least a first key, and a digital signature signed using a second key associated with the first key in the group certificate. The group-signed group certificate is sent to a receiving system to establish the group identity at the receiving system. A group-signed group membership certificate is sent to the receiving system to establish membership of the originator of the membership certificate in the group whose group identity is established at the receiving system. A security protocol is assigned to communications from group members based on the group identity information if the membership certificate is accepted. A security protocol is also assigned to communications from a group member based on a personal identity if a personal certificate is accepted.

摘要翻译： 在通信系统中使用组证书来在接收系统处建立和识别组身份。 一旦识别了组织身份，该组织的成员可以基于会员证书来识别，或者可以基于与该组别分开的他们自己的个人证书来识别。 换句话说，成员可以基于收件人在组中的信任或基于接收者在会员中的信任来识别。 创建组身份信息以包含在组证书中。 生成组签名的组证书，并且证书具有作为组身份信息，至少第一密钥和使用与组证书中的第一密钥相关联的第二密钥签名的数字签名。 组合签名的组证书被发送到接收系统，以在接收系统建立组身份。 组织签名的组成员证书被发送到接收系统，以建立在接收系统中建立组身份的组中的成员证书的发起方成员。 如果会员证书被接受，则基于组身份信息将安全协议分配给组成员的通信。 如果个人证书被接受，则安全协议也被分配给来自组成员的基于个人身份的通信。

公开(公告)号：US20050091495A1

公开(公告)日：2005-04-28

申请号：US10693172

申请日：2003-10-23

申请人： Kim Cameron ,  Arun Nanda ,  Don Hacherl ,  Murli Satagopan ,  Stuart Kwan ,  Colin Brace ,  Walter Smith ,  Melissa Dunn

发明人： Kim Cameron ,  Arun Nanda ,  Don Hacherl ,  Murli Satagopan ,  Stuart Kwan ,  Colin Brace ,  Walter Smith ,  Melissa Dunn

IPC分类号： G06F20060101 ,  G06F13/00 ,  G06F17/00 ,  G06F19/00 ,  G06F21/00 ,  G06K20060101 ,  H04L9/00 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/102 ,  G06F21/31 ,  G06F21/64 ,  H04L63/126

摘要： In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable. If the identity information is determined to be unreliable, an identity recognition number retrieved from the sender is compared to an identity recognition number generated by the recipient based on information in the received identity information document. If the identity recognition number is verified, the identity information is saved in the recognized identity information store.

摘要翻译： 根据各方面，本发明涉及用于发送身份信息文档的方法和系统，包括从自身身份信息存储中选择身份信息以包括在身份信息文档中。 所选择的身份信息从自身身份信息存储器读取。 生成身份信息文档以包括所选择的身份信息和一个或多个密钥，并且使用与包括在身份信息文档中的密钥之一相关联的密钥进行签名。 然后将身份信息文档发送给收件人。 接收身份信息文档包括从发起者接收签名的身份信息文档。 确定身份信息文档中的身份信息是否可靠。 如果身份信息被确定为可靠，则身份信息被保存在识别的身份信息存储器中。 如果身份信息被确定为不可靠，则根据接收到的身份信息文档中的信息，将从发送者检索到的身份识别号码与由接收者产生的身份识别号码进行比较。 如果身份识别号码被验证，身份信息被保存在识别的身份信息存储中。