公开(公告)号：US06920455B1

公开(公告)日：2005-07-19

申请号：US09315200

申请日：1999-05-19

申请人： Paul Weschler

发明人： Paul Weschler

IPC分类号： G06F17/30

CPC分类号： G06F17/30286 ,  Y10S707/99944

摘要： A profiling service for accessing user data. The profiling service includes a hierarchical structure of profile objects. Each profile object contains true-data attributes and meta-data attributes associated to the true-data attributes. Methods in the profiling service allow a client to access user data according to meta-data attribute settings. The true-data attributes may include the user data, or an external reference to the user data. The profile objects may also include bindings to other profile objects. Meta-data attributes can be identified with a prefix field in a meta-data value field, and methods to read and write the true and meta-data attributes may be included in the profile objects. The methods may also set an owner, an access privilege, a group, a creation time, a update time, expiration time, a trigger location, a binding flag, and an assurance level of true-data attributes. The profile objects can include profile level meta-data attributes.

摘要翻译： 用于访问用户数据的分析服务。 分析服务包括配置文件对象的分层结构。 每个配置文件对象包含与真实数据属性相关联的真实数据属性和元数据属性。 分析服务中的方法允许客户端根据元数据属性设置访问用户数据。 真实数据属性可以包括用户数据或对用户数据的外部引用。 配置文件对象还可以包括与其他配置文件对象的绑定。 可以使用元数据值字段中的前缀字段来标识元数据属性，并且可以在配置文件对象中包含用于读取和写入真实和元数据属性的方法。 方法还可以设置所有者，访问权限，组，创建时间，更新时间，到期时间，触发位置，绑定标志和真实数据属性的保证级别。 配置文件对象可以包括配置文件级元数据属性。

公开(公告)号：US06842903B1

公开(公告)日：2005-01-11

申请号：US09314644

申请日：1999-05-19

申请人： Paul Weschler

发明人： Paul Weschler

IPC分类号： G06F9/00 ,  G06F9/46

CPC分类号： G06F9/465 ,  G06F2209/462 ,  G06F2209/463

摘要： A system and method for providing dynamic references between services in a computer system which allows a first service (e.g. an application program running on a client computer in a local environment) to gain reference to a second service (e.g. a service running on a server computer in a distributed environment) without requiring knowledge of how to find the service or a particular version of the service on a distributed computer network. In a particular embodiment disclosed, when a getService method is called, a reference back to an instance of the service is returned and an implementation of a service connector interface encapsulates the logic necessary to lookup an instance of a specific service and return a reference to that service. In this regard, developers of a service may write, or program, a module that adheres to a service connector interface. Users of a service specify that the service connector provided by the service can be used to dynamically gain a reference to the service in their application. Additional methods can be added to the service connectors to support retrieval of references to specific versions or instances of a service.

摘要翻译： 一种用于在计算机系统中的服务之间提供动态参考的系统和方法，其允许第一服务（例如，在本地环境中的客户端计算机上运行的应用程序）获得对第二服务的引用（例如，在服务器计算机上运行的服务 在分布式环境中），而不需要知道如何在分布式计算机网络上查找服务或特定版本的服务。 在公开的特定实施例中，当调用getService方法时，返回到服务实例的引用，并且服务连接器接口的实现封装了查找特定服务的实例所必需的逻辑，并返回对该服务的引用 服务。 在这方面，服务的开发人员可以编写或编程遵守服务连接器接口的模块。 服务的用户指定服务提供的服务连接可以用于动态地获得对其应用中服务的引用。 可以向服务连接器添加其他方法，以支持检索对​​服务的特定版本或实例的引用。

公开(公告)号：US06470332B1

公开(公告)日：2002-10-22

申请号：US09314690

申请日：1999-05-19

申请人： Paul Weschler

发明人： Paul Weschler

IPC分类号： G06F1730

CPC分类号： G06F17/30483 ,  Y10S707/99933 ,  Y10S707/99944

摘要： A system, method and computer program product for searching for, and retrieving, profile (or directory) attributes based on other attributes of the target profile and that of associated profiles. In a specific implementation, the LDAP RFC 2254 string search syntax may be utilized to allow multiple related search filters to be specified at one time. The first of the sequence of query strings defined is used as a filter to retrieve candidate results and the succeeding filters, or query strings, are used to determine if a specific profile or directory should even be considered.

摘要翻译： 一种用于基于目标简档的其他属性和关联简档的其他属性来搜索和检索简档（或目录）属性的系统，方法和计算机程序产品。 在具体实现中，可以使用LDAP RFC 2254字符串搜索语法来允许一次指定多个相关搜索过滤器。 定义的查询字符串序列中的第一个用作检索候选结果的过滤器，并使用后续过滤器或查询字符串来确定是否应该考虑特定的配置文件或目录。

公开(公告)号：US06944761B2

公开(公告)日：2005-09-13

申请号：US10643813

申请日：2003-08-19

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F1/00 ,  G06F21/00 ,  H04L29/06 ,  G06F11/30

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US06892307B1

公开(公告)日：2005-05-10

申请号：US09368507

申请日：1999-08-05

申请人： David L. Wood ,  Derk Norton ,  Paul Weschler ,  Chris Ferris ,  Yvonne Wilson

发明人： David L. Wood ,  Derk Norton ,  Paul Weschler ,  Chris Ferris ,  Yvonne Wilson

IPC分类号： G06F1/00 ,  G06F21/00 ,  H04L29/06 ,  G06F11/30 ,  G06F12/14 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04L63/0815 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L9/3213 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels and a log-on service obtains credentials for an entity commensurate with the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 认证方案（例如，基于密码，证书，生物识别技术，智能卡等）的认证方案与信任级别相关联，并且登录服务获得与信息的信任级要求相称的实体的证书 要访问的资源（或信息资源）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US06807181B1

公开(公告)日：2004-10-19

申请号：US09314804

申请日：1999-05-19

申请人： Paul Weschler

发明人： Paul Weschler

IPC分类号： G06F1516

CPC分类号： H04L61/1576 ,  H04L29/12169 ,  H04L63/04 ,  H04L63/08 ,  H04L63/126 ,  Y10S370/901

摘要： A method, system, and computer program product for accessing server resources by a client communicating control data to a server. A context object is associated to the control data. The context object includes methods for recording within the context object a set of properties identifying the client. A request packet is created from the control data and the context object. The request packet is transmitted to the server. The context object is passed to at least one method on the server. The method uses the context object to access the server resources.

摘要翻译： 一种方法，系统和计算机程序产品，用于通过客户端向服务器传送控制数据来访问服务器资源。 上下文对象与控制数据相关联。 上下文对象包括用于在上下文对象内记录识别客户端的一组属性的方法。 从控制数据和上下文对象创建请求数据包。 请求包被发送到服务器。 将上下文对象传递到服务器上的至少一个方法。 该方法使用上下文对象来访问服务器资源。

公开(公告)号：US06609198B1

公开(公告)日：2003-08-19

申请号：US09368506

申请日：1999-08-05

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F126

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on. An entity (e.g., a user or an application) may initially log-on with a credential suitable for one or more resources in an initial resource set, but then require access to resource requiring authentication at higher trust level. In such case, the log-on service allows additional credentials to be provided to authenticate at the higher trust level. The log-on service allows upgrading and/or downgrading without loss of session continuity (i.e., without loss of identity mappings, authorizations, permissions, and environmental variables, etc.).

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。 安全架构允许升级给定会话的凭据。 在单个企业级登录的上下文中，此功能特别有利。 实体（例如，用户或应用程序）最初可以使用适合于初始资源集中的一个或多个资源的凭证登录，但是然后需要访问需要在较高信任级别进行认证的资源。 在这种情况下，登录服务允许提供额外的凭据以在较高的信任级别进行身份验证。 登录服务允许升级和/或降级而不会丢失会话连续性（即，不会丢失身份映射，授权，许可和环境变量等）。

公开(公告)号：US07325128B2

公开(公告)日：2008-01-29

申请号：US11533296

申请日：2006-09-19

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F9/00

CPC分类号： H04L63/0815 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F21/6209 ,  G06F2221/2113 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US20070101418A1

公开(公告)日：2007-05-03

申请号：US11533296

申请日：2006-09-19

申请人： David Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William Soley

发明人： David Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William Soley

IPC分类号： G06F17/30

CPC分类号： H04L63/0815 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F21/6209 ,  G06F2221/2113 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US07117359B2

公开(公告)日：2006-10-03

申请号：US11224675

申请日：2005-09-12

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F1/24

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. In addition, an entity can be allocated a new session and associated default credential if the entity's access request indicates an invalid session token or does not indicate a token.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。 此外，如果实体的访问请求指示无效的会话令牌或者不指示令牌，则可以向实体分配新的会话和相关的默认凭证。