-
1.发明授权Apparatus and method for inter-program authentication using dynamically-generated public/private key pairs 有权使用动态生成的公钥/私钥对进行程序间认证的装置和方法公开(公告)号:US07350079B2
公开(公告)日:2008-03-25
申请号:US10717749
申请日:2003-11-20
申请人: Patrick S. Botz
发明人: Patrick S. Botz
IPC分类号: G06F9/00
CPC分类号: G06F21/31 , G06F21/445 , G06Q20/3829 , H04L9/3247 , H04L9/3273
摘要: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program. This may continue to any suitable number of tiers, using dynamically-generated public/private key pairs to allow authentication between programs without requiring any user interaction or input from a system administrator.
摘要翻译: 在多层计算环境中,第一程序可以使用动态生成的公共/私有密钥对对第二程序进行认证。 构造了包括用户信息和关于第一程序和第二程序的信息的认证令牌。 然后第一个程序使用动态生成的私钥对认证令牌进行数字签名,并将认证令牌发送到第二个程序。 然后,第二程序使用与第一程序相对应的公钥来验证认证令牌。 一旦验证,第一个程序被认证到第二个程序。 然后,第二程序可以通过构造包括从第一程序接收的认证令牌中的信息的认证令牌来向下一级程序进行认证。 这可以继续任何合适数量的层级,使用动态生成的公钥/私钥对来允许程序之间的认证,而不需要任何用户交互或来自系统管理员的输入。
-
公开(公告)号:US20090178130A1
公开(公告)日:2009-07-09
申请号:US11970642
申请日:2008-01-08
IPC分类号: G06F21/20
CPC分类号: G06F21/335
摘要: In an embodiment, a verifier receives requirements for membership in a group from a service and receives proof of attributes from users. The verifier verifies whether the proof of attributes meets the membership requirements and sends acceptance or rejection to the service. If the proof meets the requirements, the service allows the users to become members of the group and allows the members to transfer data to and from other members. If the proof does not meet the requirements, the service prevents the users from becoming members. In this way, the service and group members know that other group members satisfy the group membership requirements without needing to know the identity of the group members or other information unrelated to the group membership requirements.
摘要翻译: 在一个实施例中,验证者从服务器接收对组中的成员资格的要求,并接收来自用户的属性证明。 验证者验证属性证明是否符合成员资格要求,并向服务发送接受或拒绝。 如果证明符合要求,则该服务允许用户成为该组的成员,并允许成员向其他成员传送数据。 如果证明不符合要求,该服务可防止用户成为会员。 以这种方式,服务和组成员知道其他组成员满足组成员资格要求,而不需要知道组成员的身份或与组成员资格无关的其他信息。
-
3.发明授权Inter-program authentication using dynamically-generated public/private key pairs 有权使用动态生成的公钥/私钥对进行程序间认证公开(公告)号:US08171558B2
公开(公告)日:2012-05-01
申请号:US11953036
申请日:2007-12-08
申请人: Patrick S. Botz
发明人: Patrick S. Botz
IPC分类号: G06F21/00
CPC分类号: G06F21/31 , G06F21/445 , G06Q20/3829 , H04L9/3247 , H04L9/3273
摘要: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program. This may continue to any suitable number of tiers, using dynamically-generated public/private key pairs to allow authentication between programs without requiring any user interaction or input from a system administrator.
摘要翻译: 在多层计算环境中,第一程序可以使用动态生成的公共/私有密钥对对第二程序进行认证。 构造了包括用户信息和关于第一程序和第二程序的信息的认证令牌。 然后第一个程序使用动态生成的私钥对认证令牌进行数字签名,并将认证令牌发送到第二个程序。 然后,第二程序使用与第一程序相对应的公钥来验证认证令牌。 一旦验证,第一个程序被认证到第二个程序。 然后,第二程序可以通过构造包括从第一程序接收的认证令牌中的信息的认证令牌来向下一级程序进行认证。 这可以继续任何合适数量的层级,使用动态生成的公钥/私钥对来允许程序之间的认证,而不需要任何用户交互或来自系统管理员的输入。
-
公开(公告)号:US20080172720A1
公开(公告)日:2008-07-17
申请号:US11623194
申请日:2007-01-15
IPC分类号: G06F21/20
CPC分类号: G06F21/604
摘要: Methods, apparatus, and products for administering access permissions for computer resources that include: establishing, for active access permissions for a computer resource for a user, proposed alternative access permissions for the computer resource for the user; receiving, in an access control module of an operating system from the user, a request for access to the resource; determining, by the access control module, whether to grant access to the resource for the request in accordance with the active access permissions for the computer resource for the user; determining, by the access control module, whether access would have been granted for the request in accordance with the proposed alternative access permissions for the resource for the user; and recording, by the access control module, the result of the determination whether access would have been granted.
摘要翻译: 用于管理计算机资源的访问许可的方法,装置和产品,包括:为用户为计算机资源建立用于主动访问权限的计算机资源的建议的替代访问权限; 在来自用户的操作系统的访问控制模块中接收对资源的访问请求; 由所述访问控制模块确定是否根据所述用户的所述计算机资源的活动访问权限来授予对所述请求的资源的访问; 由所述访问控制模块确定是否已经根据为所述用户的所述资源的所述备选访问权限为所述请求授予访问权限; 并且由访问控制模块记录确定是否将被授予访问的结果。
-
5.发明授权Authenticated identity propagation and translation within a multiple computing unit environment 有权在多个计算单元环境中的经过身份验证的身份传播和翻译公开(公告)号:US07822980B2
公开(公告)日:2010-10-26
申请号:US11468139
申请日:2006-08-29
申请人: Patrick S. Botz , John C. Dayka , Donna N. Dillenberger , Richard H. Guski , Timothy J. Hahn , Margaret K. LaBelle , Mark A. Nelson
发明人: Patrick S. Botz , John C. Dayka , Donna N. Dillenberger , Richard H. Guski , Timothy J. Hahn , Margaret K. LaBelle , Mark A. Nelson
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F2221/2151
摘要: An authenticated identity propagation and translation technique is provided based on a trust relationship between multiple user identification and authentication services resident on different computing components of a multi-component transaction processing computing environment including distributed and mainframe computing components. The technique includes, in one embodiment, forwarding, in association with transaction requests, identified and authenticated user identification and authentication information from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate run-time security context.
摘要翻译: 基于多个用户识别和驻留在包括分布式和大型计算组件的多组件事务处理计算环境的不同计算组件的认证服务之间的信任关系来提供认证身份传播和翻译技术。 在一个实施例中,该技术包括与事务请求相关联地将已识别和认证的用户标识和认证信息从分布式组件转发到主机组件,便于选择适当的主机用户身份,用于执行主机部分的主机部分 事务,并创建适当的运行时安全上下文。
-
6.发明授权Apparatus and method for managing multiple user identities on a networked computer system 有权用于在联网的计算机系统上管理多个用户身份的装置和方法公开(公告)号:US06981043B2
公开(公告)日:2005-12-27
申请号:US09818064
申请日:2001-03-27
IPC分类号: G06F13/00 , G06F15/16 , G06F15/173 , G06F21/00
CPC分类号: G06F21/41 , Y10S707/99945 , Y10S707/99948
摘要: An apparatus and method allow a system administrator to manage multiple user identities in multiple user registries in different processing environments. An identity mapping mechanism is provided that includes a directory service that includes entries that reference user identities in the multiple registries, and that reference identity mappings between those entries. The identity mapping mechanism includes an interface defined by a plurality of APIs that allow accessing and correlating the multiple user identities and the identity mappings. A programmer can generate an application or tool that uses the identity mapping mechanism by calling the APIs in the interface. In this manner, administration of user identities occurs with the user as the primary focus, rather than the platform. In addition, a common tool can be used to manage the user identities of different environments, making administration of user identities in a heterogenous network more efficient and cost-effective.
摘要翻译: 一种装置和方法允许系统管理员在不同处理环境中管理多个用户注册表中的多个用户身份。 提供了一种身份映射机制,其包括目录服务,其包括引用多个注册表中的用户身份的条目,以及引用这些条目之间的身份映射。 身份映射机制包括由允许访问和关联多个用户身份和身份映射的多个API定义的接口。 程序员可以通过调用接口中的API来生成使用身份映射机制的应用程序或工具。 以这种方式,用户身份的管理发生在用户作为主要焦点,而不是平台。 此外,可以使用通用工具来管理不同环境的用户身份,从而使异构网络中的用户身份管理更加高效和具有成本效益。
-
7.发明授权公开(公告)号:US06898711B1
公开(公告)日:2005-05-24
申请号:US09229733
申请日:1999-01-13
CPC分类号: H04L63/102 , G06F21/31 , G06F2221/2151 , H04L63/083
摘要: A user within a multiple process environment is initially authenticated, such as by verifying the user's identification and password. A first process, such as a client, requests a profile token representative of the user in response to authenticating the user. The profile token has associated with it one or more usage limitations. The profile token is transferred from the first process to a second process, such as a server. The second process, upon receiving a valid profile token, is allowed to perform one or more tasks on behalf of the user within the token's usage limitations. A profile token is invalidated upon violation of a usage limitation, such as a preestablished time-out period. One or more lookup tables are used to manage the profile tokens and to store certain user and profile token information, providing increased processing security.
摘要翻译: 最初对多进程环境中的用户进行身份验证,例如通过验证用户的身份和密码。 响应于认证用户,诸如客户端的第一进程请求表示用户的简档令牌。 配置文件令牌与其关联一个或多个使用限制。 配置文件令牌从第一个进程转移到第二个进程,如服务器。 允许第二进程在接收到有效的简档令牌之后,在令牌的使用限制内代表用户执行一个或多个任务。 配置文件令牌违反使用限制(例如预先建立的超时期限)无效。 一个或多个查找表用于管理配置文件令牌并存储特定用户和配置文件令牌信息,从而提供增加的处理安全性。
-
公开(公告)号:US08220040B2
公开(公告)日:2012-07-10
申请号:US11970642
申请日:2008-01-08
IPC分类号: H04L29/06
CPC分类号: G06F21/335
摘要: In an embodiment, a verifier receives requirements for membership in a group from a service and receives proof of attributes from users. The verifier verifies whether the proof of attributes meets the membership requirements and sends acceptance or rejection to the service. If the proof meets the requirements, the service allows the users to become members of the group and allows the members to transfer data to and from other members. If the proof does not meet the requirements, the service prevents the users from becoming members. In this way, the service and group members know that other group members satisfy the group membership requirements without needing to know the identity of the group members or other information unrelated to the group membership requirements.
摘要翻译: 在一个实施例中,验证者从服务器接收对组中的成员资格的要求,并接收来自用户的属性证明。 验证者验证属性证明是否符合成员资格要求,并向服务发送接受或拒绝。 如果证明符合要求,则该服务允许用户成为该组的成员,并允许成员向其他成员传送数据。 如果证明不符合要求,该服务可防止用户成为会员。 以这种方式,服务和组成员知道其他组成员满足组成员资格要求,而不需要知道组成员的身份或与组成员资格无关的其他信息。
-
9.发明申请METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR IMPLEMENTING POLICY-BASED SECURITY CONTROL FUNCTIONS 审中-公开实施基于政策的安全控制功能的方法,系统和计算机程序产品公开(公告)号:US20080034402A1
公开(公告)日:2008-02-07
申请号:US11462796
申请日:2006-08-07
IPC分类号: H04L9/00
CPC分类号: G06F21/6218
摘要: A method, system, and computer program product for implementing policy-based security control functions is provided. The method includes constructing an organizational domain specifying business assets to be secured and the actors in specific roles requiring access to the business assets. The method also includes constructing a control policy domain including system setting attributes and access control policies for a computer system, the access control policies specifying permissions-based access to specified types of data based upon actor and purpose of use criteria. The method further includes mapping user identifiers to corresponding actors and mapping system artifacts in the computer system or subsystem to business assets defined in the organizational domain to which an access control policy is to be applied. The method also includes applying the access control policies to the system.
摘要翻译: 提供了一种用于实现基于策略的安全控制功能的方法,系统和计算机程序产品。 该方法包括构建指定要保护的业务资产的组织域,以及需要访问业务资产的特定角色的角色。 该方法还包括构建包括计算机系统的系统设置属性和访问控制策略的控制策略域,访问控制策略基于演员和使用标准的目的来指定对指定类型的数据的基于权限的访问。 该方法还包括将用户标识符映射到对应的角色,并将计算机系统或子系统中的系统工件映射到在应用访问控制策略的组织域中定义的业务资产。 该方法还包括将访问控制策略应用于系统。
-
公开(公告)号:US06747676B2
公开(公告)日:2004-06-08
申请号:US09735749
申请日:2000-12-13
申请人: Patrick S. Botz , Brian John Cragun
发明人: Patrick S. Botz , Brian John Cragun
IPC分类号: G09G500
CPC分类号: G06F21/31
摘要: Method for providing at least a portion of a disguised password in an undisguised form is described. More particularly, a program is described having a capability of displaying a single character at a time, more than one character at a time or all of otherwise disguised characters of a password in an undisguised form in response to a successful pre-password check.
摘要翻译: 描述用于以无形形式提供伪装密码的至少一部分的方法。 更具体地,描述了响应于成功的预密码检查,具有一次显示单个字符的能力,一次显示多个字符,或者以一个未被隐藏的形式的一个或多个伪装的密码字符。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.015 秒)
