-
公开(公告)号:US08555078B2
公开(公告)日:2013-10-08
申请号:US12040445
申请日:2008-02-29
CPC分类号: H04L63/08 , H04L63/0807 , H04L63/0838
摘要: A security component may be associated with a network-enabled application. The network-enabled application may request access to restricted content from a relying party (e.g., web site). The security component associated with the network-enabled application may receive authentication policy information from the relying party and send a user's authentication credentials to an assertion provider to authenticate the credentials. The relying party may trust the assertion provider to authenticate user credentials. Upon successful authentication, the assertion provider may return an assertion token to the security component and the security component may sign the assertion token as specified in the authentication policy information. Subsequently, the security token may forward the signed assertion token to the relying party and the relying party may grant access to the restricted content.
摘要翻译: 安全组件可能与启用网络的应用程序相关联。 启用网络的应用程序可以请求访问来自依赖方(例如,网站)的受限内容。 与启用网络的应用程序相关联的安全组件可以从依赖方接收认证策略信息,并将用户的认证证书发送到断言提供者以认证证书。 依赖方可以信任断言提供者来验证用户凭据。 在成功认证后,断言提供者可以向安全组件返回断言令牌,并且安全组件可以按照认证策略信息中指定的方式签署断言令牌。 随后,安全令牌可以将签名的断言令牌转发给依赖方,并且依赖方可以授权对受限内容的访问。
-
公开(公告)号:US20130125197A1
公开(公告)日:2013-05-16
申请号:US12040445
申请日:2008-02-29
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/0807 , H04L63/0838
摘要: A security component may be associated with a network-enabled application. The network-enabled application may request access to restricted content from a relying party (e.g., web site). The security component associated with the network-enabled application may receive authentication policy information from the relying party and send a user's authentication credentials to an assertion provider to authenticate the credentials. The relying party may trust the assertion provider to authenticate user credentials. Upon successful authentication, the assertion provider may return an assertion token to the security component and the security component may sign the assertion token as specified in the authentication policy information. Subsequently, the security token may forward the signed assertion token to the relying party and the relying party may grant access to the restricted content.
摘要翻译: 安全组件可能与启用网络的应用程序相关联。 启用网络的应用程序可以请求访问来自依赖方(例如,网站)的受限内容。 与启用网络的应用程序相关联的安全组件可以从依赖方接收认证策略信息,并将用户的认证证书发送到断言提供者以认证证书。 依赖方可以信任断言提供者来验证用户凭据。 在成功认证后,断言提供者可以向安全组件返回断言令牌,并且安全组件可以按照认证策略信息中指定的方式签署断言令牌。 随后,安全令牌可以将签名的断言令牌转发给依赖方,并且依赖方可以授权对受限内容的访问。
-
3.发明授权System and method for establishing a shared secret for communication between different security domains 有权建立不同安全域之间通信的共享密钥的系统和方法公开(公告)号:US09367700B2
公开(公告)日:2016-06-14
申请号:US13029027
申请日:2011-02-16
申请人: Joseph D. Steele
发明人: Joseph D. Steele
CPC分类号: G06F21/606 , G06F2221/2149
摘要: Embodiments may include generating an initial verifier for a first process, the initial verifier generated based on a trusted image of the first process. Embodiments may include, subsequent to generating an untransformed secret associated with the first process, using a reversible transform to transform the untransformed secret with the initial verifier to generate a transformed secret associated with the first process. Embodiments may also include, subsequent to the first process being launched outside of a secure domain, and dependent upon a second verifier generated from a current state of the first process being the same as the initial verifier: using the reversible transform to reverse transform the transformed secret with the second verifier to generate a de-transformed secret equal to the untransformed secret. Embodiments may include performing a secure communication protected with a cryptographic key generated based on the de-transformed secret. The communication may be performed across different security domains.
摘要翻译: 实施例可以包括生成用于第一进程的初始验证器,所述初始验证器基于第一进程的可信图像生成。 实施例可以包括在生成与第一进程相关联的未转换的秘密之后,使用可逆变换来用初始验证器来转换未转换的秘密,以生成与第一进程相关联的转换的秘密。 实施例还可以包括在第一进程在安全域之外发起并且依赖于从第一进程的当前状态产生的与初始验证程序相同的第二验证器:使用可逆变换来反转变换的 与第二个验证者秘密地产生与未转换的秘密相等的解转换的秘密。 实施例可以包括执行由基于去转换的秘密产生的加密密钥保护的安全通信。 可以在不同安全域之间执行通信。
-
4.发明申请System And Method For Establishing A Shared Secret For Communication Between Different Security Domains 有权建立不同安全域之间通信的共享秘密的系统和方法公开(公告)号:US20130132736A1
公开(公告)日:2013-05-23
申请号:US13029027
申请日:2011-02-16
申请人: Joseph D. Steele
发明人: Joseph D. Steele
IPC分类号: G06F21/22
CPC分类号: G06F21/606 , G06F2221/2149
摘要: Embodiments may include generating an initial verifier for a first process, the initial verifier generated based on a trusted image of the first process. Embodiments may include, subsequent to generating an untransformed secret associated with the first process, using a reversible transform to transform the untransformed secret with the initial verifier to generate a transformed secret associated with the first process. Embodiments may also include, subsequent to the first process being launched outside of a secure domain, and dependent upon a second verifier generated from a current state of the first process being the same as the initial verifier: using the reversible transform to reverse transform the transformed secret with the second verifier to generate a de-transformed secret equal to the untransformed secret. Embodiments may include performing a secure communication protected with a cryptographic key generated based on the de-transformed secret. The communication may be performed across different security domains.
摘要翻译: 实施例可以包括生成用于第一进程的初始验证器,所述初始验证器基于第一进程的可信图像生成。 实施例可以包括在生成与第一进程相关联的未转换的秘密之后,使用可逆变换来用初始验证器来转换未转换的秘密,以生成与第一进程相关联的转换的秘密。 实施例还可以包括在第一进程在安全域之外发起并且依赖于从第一进程的当前状态产生的与初始验证程序相同的第二验证器:使用可逆变换来反转变换的 与第二个验证者秘密地产生与未转换的秘密相等的解转换的秘密。 实施例可以包括执行由基于去转换的秘密产生的加密密钥保护的安全通信。 可以在不同安全域之间执行通信。
-
公开(公告)号:US07555769B1
公开(公告)日:2009-06-30
申请号:US11016258
申请日:2004-12-16
CPC分类号: G06F21/604
摘要: Methods and apparatus, including computer systems and program products, that relate to a security policy user interface. The methods feature a machine-implemented method that includes presenting labels of multiple security policies, receiving input specifying a selected security policy, and securing a first document according to the selected security policy. In that method, each security policy specifies criteria that governs use of an electronic document and has an associated security mechanism. Moreover, security mechanisms of a number of the multiple security policies distinctly enforce security of a document, and presenting labels of multiple security policies includes presenting at least two labels of two respective security policies such that a detailed description of a respective, associated security mechanism is left out. The security policies can be declarative security policies. At least one of the labels can include an abstract of a corresponding security mechanism.
摘要翻译: 涉及安全策略用户界面的方法和设备,包括计算机系统和程序产品。 该方法具有机器实现的方法,其包括呈现多个安全策略的标签,接收指定所选择的安全策略的输入,以及根据所选择的安全策略保护第一文档。 在该方法中,每个安全策略指定管理电子文档的使用并具有关联的安全机制的标准。 此外,多个安全策略的安全机制明显地执行文档的安全性,并且呈现多个安全策略的标签包括呈现两个相应的安全策略的至少两个标签,使得相应的相关联的安全机制的详细描述是 离开了 安全策略可以是声明式安全策略。 至少一个标签可以包括对应的安全机制的摘要。
-
公开(公告)号:US09027143B1
公开(公告)日:2015-05-05
申请号:US12548310
申请日:2009-08-26
申请人: Sunil C. Agrawal , Joseph D. Steele
发明人: Sunil C. Agrawal , Joseph D. Steele
CPC分类号: G06F21/6218 , G06F21/10 , G06F21/105 , G06F21/44 , G06F21/51 , H04L63/08 , H04L2463/101 , H04N21/25 , H04N21/4405 , H04N21/4627
摘要: Various embodiments of a system and method for multipronged authentication are described. Embodiments may include a client system that implements a runtime component configured to consume content. The client system may be configured to implement a digital rights management component configured to perform one or more cryptographic operations and also authenticate the runtime component. The client system may receive encrypted content from a remote computer system and receive a given authentication component from a remote computer system; that authentication component may be configured to authenticate the runtime component. The client system may, based on authentication of the runtime component by both the digital rights management component and the given authentication component, decrypt at least a portion of the encrypted content. In this way, the client system may ensure that decryption of the encrypted content may occur only if multiple components authenticate the runtime component, according to some embodiments.
摘要翻译: 描述用于多重认证的系统和方法的各种实施例。 实施例可以包括实现被配置为消费内容的运行时组件的客户端系统。 客户端系统可以被配置为实现被配置为执行一个或多个密码操作并且还验证运行时组件的数字版权管理组件。 客户端系统可以从远程计算机系统接收加密的内容并从远程计算机系统接收给定的认证组件; 该认证组件可以被配置为认证运行时组件。 客户端系统可以基于数字版权管理组件和给定认证组件的运行时组件的认证来解密加密内容的至少一部分。 以这种方式,根据一些实施例,客户端系统可以确保只有在多个组件认证运行时组件时才可能发生加密内容的解密。
-
公开(公告)号:US20140032909A1
公开(公告)日:2014-01-30
申请号:US13423858
申请日:2012-03-19
申请人: Joseph D. Steele , Sunil Agrawal
发明人: Joseph D. Steele , Sunil Agrawal
IPC分类号: H04L9/00
CPC分类号: H04L9/0869 , H04L9/321 , H04L9/3263
摘要: Method and apparatus are described wherein, in one example embodiment, a first entity shares a digital file such as a digital image with a second entity, and the first entity and the second entity each use the digital file as a seed to generate identical public/private key pairs using the same key generation procedure, such that both entities hold identical key pairs. The first and second entities may use the key pairs to encrypt, decrypt, or sign and authenticate communications between the entities.
摘要翻译: 描述了方法和装置,其中在一个示例实施例中,第一实体与第二实体共享诸如数字图像的数字文件,并且第一实体和第二实体各自使用数字文件作为种子来生成相同的公共/ 使用相同密钥生成过程的私钥对,使得两个实体保持相同的密钥对。 第一和第二实体可以使用密钥对来加密,解密或签名并且认证实体之间的通信。
-
公开(公告)号:US20140032899A1
公开(公告)日:2014-01-30
申请号:US11594467
申请日:2006-11-08
IPC分类号: G06F21/62
CPC分类号: G06F21/6209 , G06F21/64 , G06F2221/2107
摘要: A system, for secure form delivery, may include a detector to detect a request to submit an electronic form that includes associated application data; an encryption module to respond to the request to submit the electronic form by automatically accessing an encryption key, determining destination information, and encrypting the associated application data, utilizing the encryption key; and a submit module to submit the electronic form to a destination, utilizing the destination information.
摘要翻译: 用于安全表单传递的系统可以包括检测器,用于检测提交包括相关联的应用数据的电子表单的请求; 加密模块,通过利用加密密钥自动访问加密密钥,确定目的地信息和加密相关联的应用数据来响应提交电子表单的请求; 以及提交模块,使用目的地信息将电子表格提交到目的地。
-
公开(公告)号:US08687812B2
公开(公告)日:2014-04-01
申请号:US13423858
申请日:2012-03-19
申请人: Joseph D. Steele , Sunil Agrawal
发明人: Joseph D. Steele , Sunil Agrawal
CPC分类号: H04L9/0869 , H04L9/321 , H04L9/3263
摘要: Method and apparatus are described wherein, in one example embodiment, a first entity shares a digital file such as a digital image with a second entity, and the first entity and the second entity each use the digital file as a seed to generate identical public/private key pairs using the same key generation procedure, such that both entities hold identical key pairs. The first and second entities may use the key pairs to encrypt, decrypt, or sign and authenticate communications between the entities.
摘要翻译: 描述了方法和装置,其中在一个示例实施例中,第一实体与第二实体共享诸如数字图像的数字文件,并且第一实体和第二实体各自使用数字文件作为种子来生成相同的公共/ 使用相同密钥生成过程的私钥对,使得两个实体保持相同的密钥对。 第一和第二实体可以使用密钥对来加密,解密或签名并且认证实体之间的通信。
-
公开(公告)号:US20130124849A1
公开(公告)日:2013-05-16
申请号:US12548126
申请日:2009-08-26
申请人: Joseph D. Steele , James L. Lester
发明人: Joseph D. Steele , James L. Lester
CPC分类号: H04L9/14 , H04L2209/603
摘要: Protected content that has been encrypted according to an encryption algorithm is individualized for a consumer according to pseudorandomly-generated individualization data values and individualization indexes. When different instances of individualized protected content are generated from the same protected content for different consumers, the different instances differ in content. To generate the individualized protected content, a packaging component is configured to identify pseudorandom intervals within the protected content using the individualization indexes, and for each given one of the intervals, to combine the protected content included within the given interval with a respective one of the individualization values according to a reversible data transform operation. The data transform operation is less computationally expensive than the given encryption algorithm.
摘要翻译: 根据加密算法加密的受保护内容根据伪随机生成的个性化数据值和个性化索引为消费者个性化。 当针对不同的消费者从相同的受保护内容中生成个别化受保护内容的不同实例时,不同的实例的内容不同。 为了生成个性化的受保护内容,打包组件被配置为使用个性化索引来识别受保护内容中的伪随机间隔,并且对于每个给定的一个间隔,将包含在给定间隔内的受保护内容与 根据可逆数据变换操作的个性化值。 数据变换操作比给定的加密算法计算成本更低。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.016 秒)
