-
公开(公告)号:US09027101B2
公开(公告)日:2015-05-05
申请号:US13410258
申请日:2012-03-01
申请人: Madjid F. Nakhjiri
发明人: Madjid F. Nakhjiri
摘要: A method and system for providing a record of consent in scenarios in which the user and a device may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user wants to switch services from an “old” operator to a “new” operator. An operator switch without explicit user consent may have legal or business ramifications for both the “old” and “new” operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.
摘要翻译: 用于在用户和设备可能必须执行涉及不相互信任或不需要合作感兴趣的两个实体的功能的场景中提供同意记录的方法和系统。 在一个这样的示例中,用户希望将服务从“旧”运算符切换到“新”运算符。 没有明确的用户同意的操作员切换可能对“旧”和“新”运营商都有法律或业务影响。 如果交换机是例如黑客恶意导致该交换机以对运营商造成货币或其他损害或者拒绝对用户的服务的结果,则后果更为严重。 在这种情况下,如果未来的争议出现,两个运营商都将被记录在案并拥有用户同意的证明档案。
-
公开(公告)号:US20120227097A1
公开(公告)日:2012-09-06
申请号:US13410258
申请日:2012-03-01
申请人: Madjid F. Nakhjiri
发明人: Madjid F. Nakhjiri
摘要: A method and system for providing a record of consent in scenarios in which the user and a device may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user wants to switch services from an “old” operator to a “new” operator. An operator switch without explicit user consent may have legal or business ramifications for both the “old” and “new” operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.
摘要翻译: 用于在用户和设备可能必须执行涉及不相互信任或不需要合作感兴趣的两个实体的功能的场景中提供同意记录的方法和系统。 在一个这样的示例中,用户希望将服务从“旧”运算符切换到“新”运算符。 没有明确的用户同意的操作员切换可能对“旧”和“新”运营商都有法律或业务影响。 如果交换机是例如黑客恶意导致该交换机以对运营商造成货币或其他损害或者拒绝对用户的服务的结果,则后果更为严重。 在这种情况下,如果未来的争议出现,两个运营商都将被记录在案并拥有用户同意的证明档案。
-
3.发明申请公开(公告)号:US20100318791A1
公开(公告)日:2010-12-16
申请号:US12814554
申请日:2010-06-14
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/3268 , H04L63/10 , H04L2209/603 , H04L2209/76
摘要: Systems and methods are disclosed for providing certificate status information about a certificate includes receiving, at a Certificate Status Information Protocol (CSIP) proxy device the certificate identity information about the certificate of the second device. Then determining, using the CSIP proxy device, whether the certificate status information is stored in a CSIP proxy device memory. If the certificate status information is not stored in the CSIP proxy device memory, creating a CSIP request based on the certificate identity information and sending the CSIP request, including the certificate identity information, to a CSIP responder computer outside the local network domain. If the certificate status information is stored in the CSIP proxy device memory, sending the certificate status information to the first device. Also, a system and method are disclosed for using a CSIP responder computer.
摘要翻译: 公开了用于提供关于证书的证书状态信息的系统和方法,包括在证书状态信息协议(CSIP)代理设备处接收关于第二设备的证书的证书身份信息。 然后,使用CSIP代理设备确定证书状态信息是否存储在CSIP代理设备存储器中。 如果证书状态信息未存储在CSIP代理设备存储器中,则根据证书身份信息创建CSIP请求,并将CSIP请求(包括证书身份信息)发送到本地网络域之外的CSIP响应者计算机。 如果证书状态信息存储在CSIP代理设备存储器中,则将证书状态信息发送到第一设备。 此外,公开了一种用于使用CSIP应答计算机的系统和方法。
-
4.发明申请公开(公告)号:US20080127317A1
公开(公告)日:2008-05-29
申请号:US11838377
申请日:2007-08-14
申请人: Madjid F. Nakhjiri
发明人: Madjid F. Nakhjiri
IPC分类号: H04L9/32
CPC分类号: H04L9/3242 , H04L9/321 , H04L63/06 , H04L63/0807 , H04L63/0892
摘要: A novel system for utilizing an authorization token to separate authentication and authorization services. The system authenticates a client to an authenticating server; generates an authorization token with the authenticating server and the client; and authorizes services for the client using the generated authorization token.
摘要翻译: 一种利用授权令牌分离认证和授权服务的新颖系统。 系统认证客户端到认证服务器; 与认证服务器和客户端生成授权令牌; 并使用生成的授权令牌授权客户端的服务。
-
公开(公告)号:US20110119739A1
公开(公告)日:2011-05-19
申请号:US12622016
申请日:2009-11-19
IPC分类号: H04L29/06
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
6.发明申请METHOD AND SYSTEM FOR AUTHENTICATION CONFIRMATION USING EXTENSIBLE AUTHENTICATION PROTOCOL 有权使用可扩展认证协议进行认证确认的方法和系统公开(公告)号:US20090031138A1
公开(公告)日:2009-01-29
申请号:US12113099
申请日:2008-04-30
申请人: Madjid F. Nakhjiri
发明人: Madjid F. Nakhjiri
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , H04L63/162
摘要: A method for secure and reliable authentication in a communication system. In an embodiment, the authentication method includes performing authentication of a user utilizing Extensible Authentication Protocol (EAP), and transmitting a result indication message to the user. The result indication message can include additional information for security and reliability. The method also includes receiving an acknowledgement message from the user. The acknowledgement message is sent by the user for confirming the reception of the result indication. In an embodiment, the method also includes retransmitting the result indication message if the acknowledgement message is not received within a predetermined time. The additional information for security and reliability can include Message Authentication Code (MAC) and time interval information. The additional information for security and reliability can also include a security/reliability flag.
摘要翻译: 一种在通信系统中安全可靠认证的方法。 在一个实施例中,认证方法包括使用可扩展认证协议(EAP)来执行用户的认证,以及向用户发送结果指示消息。 结果指示消息可以包括用于安全性和可靠性的附加信息。 该方法还包括从用户接收确认消息。 确认消息由用户发送以确认结果指示的接收。 在一个实施例中,如果在预定时间内没有接收到确认消息,则该方法还包括重传结果指示消息。 用于安全性和可靠性的附加信息可以包括消息认证码(MAC)和时间间隔信息。 安全性和可靠性的附加信息还可以包括安全性/可靠性标志。
-
7.发明申请公开(公告)号:US20080168537A1
公开(公告)日:2008-07-10
申请号:US11849108
申请日:2007-08-31
申请人: Madjid F. Nakhjiri
发明人: Madjid F. Nakhjiri
IPC分类号: H04L9/32
CPC分类号: H04W12/06 , H04L63/0892
摘要: A communications component comprising a processor configured to implement a method comprising acquiring an authentication identifier (Auth ID), and constructing a network service identifier (NSI) comprising the Auth ID and an authentication, authorization, and accounting (AAA) realm. The disclosure includes a system comprising an authorization server in communication with a host, wherein the authorization server is configured to verify a previous authentication of the host using a NSI. Also disclosed is a method comprising receiving a NSI and a service request, wherein the NSI comprises an Auth ID, determining an authentication server associated with the Auth ID, verifying an authentication of a host using the Auth ID, and authorizing the host to receive a service associated with the service request.
摘要翻译: 一种通信部件,包括:处理器,被配置为实现包括获取认证标识符(认证ID)和构建包括认证ID和认证,授权和计费(AAA)领域的网络服务标识符(NSI)的方法。 本公开包括包括与主机通信的授权服务器的系统,其中所述授权服务器被配置为使用NSI来验证所述主机的先前认证。 还公开了一种方法,包括接收NSI和服务请求,其中NSI包括认证ID,确定与认证ID相关联的认证服务器,使用认证ID验证主机的认证,以及授权主机接收 与服务请求相关联的服务。
-
公开(公告)号:US20150186635A1
公开(公告)日:2015-07-02
申请号:US14146099
申请日:2014-01-02
CPC分类号: G06F21/604 , G06F2221/2113 , H04L63/102 , H04L63/105 , H04L67/02 , H04L67/12 , H04L67/42 , H04L69/22
摘要: A method for providing redacted representations of data. The method comprises hosting a resource on a server that comprises data pieces each tagged with a redaction level, generating a plurality of redacted representations of the resource, each redacted representations being designated for one of a plurality of authorization levels that each corresponding to a different range of redaction levels, and the redacted representation for a particular authorization level containing one or more of the data pieces that are tagged with a redaction level that falls within the range of redaction levels for that particular authorization level, receiving a request from a client comprising a claimed authorization level, and providing the client with one of the redacted representations that is designated for the authorization level that matches the claimed authorization level.
摘要翻译: 一种用于提供数据的修改表示的方法。 该方法包括在服务器上托管资源,该资源包括每个被标记有修订级别的数据片段,生成资源的多个修改的表示,每个编码的表示被指定用于多个授权级别中的一个,每个权限级别对应于不同的范围 以及针对特定授权级别的编辑表示,该特定授权级别包含一个或多个标记有针对该特定授权级别的修订级别范围内的编辑级别的数据片段,接收来自客户端的请求,该客户端包括 声明授权级别,并向客户提供指定为与所声明的授权级别匹配的授权级别的编辑表示之一。
-
公开(公告)号:US08856509B2
公开(公告)日:2014-10-07
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
10.发明授权Method and system for authentication confirmation using extensible authentication protocol 有权使用可扩展认证协议进行认证确认的方法和系统公开(公告)号:US08285990B2
公开(公告)日:2012-10-09
申请号:US12113099
申请日:2008-04-30
申请人: Madjid F. Nakhjiri
发明人: Madjid F. Nakhjiri
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/162
摘要: A method for secure and reliable authentication in a communication system. In an embodiment, the authentication method includes performing authentication of a user utilizing Extensible Authentication Protocol (EAP), and transmitting a result indication message to the user. The result indication message can include additional information for security and reliability. The method also includes receiving an acknowledgement message from the user. The acknowledgement message is sent by the user for confirming the reception of the result indication. In an embodiment, the method also includes retransmitting the result indication message if the acknowledgement message is not received within a predetermined time. The additional information for security and reliability can include Message Authentication Code (MAC) and time interval information. The additional information for security and reliability can also include a security/reliability flag.
摘要翻译: 一种在通信系统中安全可靠认证的方法。 在一个实施例中,认证方法包括使用可扩展认证协议(EAP)来执行用户的认证,以及向用户发送结果指示消息。 结果指示消息可以包括用于安全性和可靠性的附加信息。 该方法还包括从用户接收确认消息。 确认消息由用户发送以确认结果指示的接收。 在一个实施例中,如果在预定时间内没有接收到确认消息,则该方法还包括重传结果指示消息。 用于安全性和可靠性的附加信息可以包括消息认证码(MAC)和时间间隔信息。 安全性和可靠性的附加信息还可以包括安全性/可靠性标志。
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.015 秒)
