公开(公告)号：US07412603B2

公开(公告)日：2008-08-12

申请号：US10728396

申请日：2003-12-05

申请人： Anthony Yeates ,  Pavel Dournov ,  Kirk Blackwood

发明人： Anthony Yeates ,  Pavel Dournov ,  Kirk Blackwood

IPC分类号： H04L9/00

CPC分类号： G06F21/6245 ,  H04L9/0863 ,  H04L9/0894 ,  H04L2209/56

摘要： Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

摘要翻译： 公开了用于将敏感数据存储在数据库中的系统和方法，诸如应用数据库或专用应用安全数据库或存储。 根据本发明的一个方面，用户密码不直接存储在数据库中; 相反，当输入密码时，产生密码短语的单向散列用于存储和/或比较目的。 根据另一方面，各个授权的应用程序用户各自与自己的应用程序范围的安全密钥版本对齐，使得不必以原始形式直接存储密钥。 安全密钥用于处理敏感数据。 根据另一方面，应用范围安全性的用户版本反映与用户密码的基于加密的关系。 各种实施例还支持基于用户帐户和/或用户角色信息灵活地访问敏感数据的特定集合。

公开(公告)号：US20050125698A1

公开(公告)日：2005-06-09

申请号：US10728396

申请日：2003-12-05

申请人： Anthony Yeates ,  Pavel Dournov ,  Kirk Blackwood

发明人： Anthony Yeates ,  Pavel Dournov ,  Kirk Blackwood

IPC分类号： G06F21/00 ,  H04L9/08 ,  H04L9/00

CPC分类号： G06F21/6245 ,  H04L9/0863 ,  H04L9/0894 ,  H04L2209/56

摘要： Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

摘要翻译： 公开了用于将敏感数据存储在数据库中的系统和方法，诸如应用数据库或专用应用安全数据库或存储。 根据本发明的一个方面，用户密码不直接存储在数据库中; 相反，当输入密码时，产生密码短语的单向散列用于存储和/或比较目的。 根据另一方面，各个授权的应用程序用户各自与自己的应用程序范围的安全密钥版本对齐，使得不必以原始形式直接存储密钥。 安全密钥用于处理敏感数据。 根据另一方面，应用范围安全性的用户版本反映与用户密码的基于加密的关系。 各种实施例还支持基于用户帐户和/或用户角色信息灵活地访问敏感数据的特定集合。

公开(公告)号：US07568098B2

公开(公告)日：2009-07-28

申请号：US10725881

申请日：2003-12-02

申请人： Anthony Yeates ,  Pavel Dournov ,  Donna Whitlock ,  Timothy Belvin ,  Brendan O'Meara ,  Kirk Blackwood ,  Derrick Bazlen

发明人： Anthony Yeates ,  Pavel Dournov ,  Donna Whitlock ,  Timothy Belvin ,  Brendan O'Meara ,  Kirk Blackwood ,  Derrick Bazlen

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/102

摘要： An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.

摘要翻译： 公开了用于增强软件应用和基于互联网的服务提供商之间的通信的安全性的认证协议。 该协议包含基于认证责任分布的两级认证模型，其中应用认证用户，服务提供商对应用进行认证。 该协议的实施例包括公共密钥基础设施和数字证书技术。 本发明的其他实施例涉及将对应的协议应用于对等通信场景。

公开(公告)号：US20050120214A1

公开(公告)日：2005-06-02

申请号：US10725881

申请日：2003-12-02

申请人： Anthony Yeates ,  Pavel Dournov ,  Donna Whitlock ,  Timothy Belvin ,  Brendan O'Meara ,  Kirk Blackwood ,  Derrick Bazlen

发明人： Anthony Yeates ,  Pavel Dournov ,  Donna Whitlock ,  Timothy Belvin ,  Brendan O'Meara ,  Kirk Blackwood ,  Derrick Bazlen

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/08 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/102

摘要： An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.

摘要翻译： 公开了用于增强软件应用和基于互联网的服务提供商之间的通信的安全性的认证协议。 该协议包含基于认证责任分布的两级认证模型，其中应用认证用户，服务提供商对应用进行认证。 该协议的实施例包括公共密钥基础设施和数字证书技术。 本发明的其他实施例涉及将对应的协议应用于对等通信场景。

公开(公告)号：US20050198348A1

公开(公告)日：2005-09-08

申请号：US10744920

申请日：2003-12-23

申请人： Anthony Yeates ,  Pavel Dournov ,  Sumeet Shrivastava ,  Vaidyanathan Arunachalam ,  Donna Whitlock

发明人： Anthony Yeates ,  Pavel Dournov ,  Sumeet Shrivastava ,  Vaidyanathan Arunachalam ,  Donna Whitlock

IPC分类号： G06F15/16

CPC分类号： G06Q20/206 ,  H04L12/6418 ,  H04L63/083 ,  H04L63/102 ,  H04L67/22 ,  H04L67/42

摘要： The present invention discloses methods and systems for providing secure user access to services offered by a service provider to a client application over a network. One embodiment includes receiving an application cookie from the client application and populating a service cookie based on information in the application cookie. Information in the service cookie is utilized as a basis for regulating a provision of services to the client application.

摘要翻译： 本发明公开了用于向网络上的客户端应用提供安全用户访问由服务提供商提供的服务的方法和系统。 一个实施例包括从客户端应用程序接收应用程序cookie，并根据应用程序cookie中的信息填充服务cookie。 使用服务cookie中的信息作为规范向客户端应用提供服务的基础。

公开(公告)号：US20050137895A1

公开(公告)日：2005-06-23

申请号：US10742463

申请日：2003-12-19

申请人： Donna Whitlock ,  Anthony Yeates ,  Pavel Dournov ,  Eric Hawthorne ,  Sylvester La Blanc

发明人： Donna Whitlock ,  Anthony Yeates ,  Pavel Dournov ,  Eric Hawthorne ,  Sylvester La Blanc

IPC分类号： G06Q10/00 ,  G06Q30/00 ,  G06F17/60

CPC分类号： G06Q10/10 ,  G06Q30/06 ,  Y10S707/99953 ,  Y10S707/99954

摘要： Data replication between a headquarters application and one or more client applications is provided. The client applications are generally located remote from the headquarters application and communicate therewith via known methods. A pair of classes is used to generically transfer data selected for replication. New entity types and/or data types can be synchronized without having to rewrite the synchronization application by simply deploying an appropriate data class and manager class for the new entity. Moreover, the prior art worksheet is abstracted, in some aspects, to a simpler form that is more user friendly.

摘要翻译： 提供总部应用程序与一个或多个客户端应用程序之间的数据复制。 客户端应用程序通常位于远离总部应用程序并通过已知方法与其通信。 一对类用于一般性地传输选择进行复制的数据。 可以同步新的实体类型和/或数据类型，而无需通过简单地为新实体部署适当的数据类和管理器类来重写同步应用程序。 而且，现有技术的工作表在一些方面被抽象成更为简单的形式，其更加用户友好。

公开(公告)号：US20050015336A1

公开(公告)日：2005-01-20

申请号：US10620293

申请日：2003-07-15

申请人： Anthony Yeates ,  Pavel Dournov ,  Balaji Balasubramanian ,  Vaidyanathan Arunachalam ,  Donna Whitlock ,  Timothy Belvin

发明人： Anthony Yeates ,  Pavel Dournov ,  Balaji Balasubramanian ,  Vaidyanathan Arunachalam ,  Donna Whitlock ,  Timothy Belvin

IPC分类号： G06Q20/00 ,  G06F17/60

CPC分类号： G06Q20/02 ,  G06Q20/027 ,  G06Q20/04 ,  G06Q20/10 ,  G06Q20/102 ,  G06Q20/20 ,  G06Q20/40 ,  G06Q40/00

摘要： A gateway server, point of sale device and protocol are provided for processing financial transactions. A public network interface is configured to couple to a public network and communicate financial authorization requests. The financial authorization requests can include, for example, transaction specific data, a merchant store or location invariant and a supplemental header. A gateway processor processes the financial transaction authorization requests and couples to a financial network interface configured to couple to at least one financial network. The gateway provides a response to the point of sale device based upon data received from the financial network and the authorization request.

摘要翻译： 网关服务器，销售点设备和协议被提供用于处理金融交易。 公共网络接口被配置为耦合到公共网络并传达财务授权请求。 财务授权请求可以包括例如交易特定数据，商店存储或位置不变量和补充标题。 网关处理器处理金融交易授权请求并且耦合到被配置为耦合到至少一个金融网络的金融网络接口。 网关根据从金融网络接收的数据和授权请求，提供对销售点设备的响应。