公开(公告)号：US08782752B1

公开(公告)日：2014-07-15

申请号：US13538567

申请日：2012-06-29

申请人： Ari Juels ,  Nirav Mehta

发明人： Ari Juels ,  Nirav Mehta

IPC分类号： H04L29/06

CPC分类号： H04L67/1097 ,  H04L63/08 ,  H04L63/105

摘要： Servers are configured to operate in two or more threshold security planes with each such threshold security plane implementing at least a portion of a corresponding threshold security protocol involving at least a subset of the servers. The servers are implemented on at least one processing device comprising a processor coupled to a memory. Multiple ones of the servers may be implemented on a single processing device, or each of the servers may be implemented on a separate processing device. At least one of the servers may be part of at least two of the threshold security planes. A given request for a protected resource is processed through each of the planes in order for a corresponding user to obtain access to the protected resource. By way of example, the security planes may comprise two or more of an authentication plane, an access control plane and a resource plane.

摘要翻译： 服务器被配置为在两个或更多个阈值安全平面中操作，其中每个这样的阈值安全平面实现涉及服务器的至少一个子集的对应的阈值安全协议的至少一部分。 服务器在至少一个处理设备上实现，该处理设备包括耦合到存储器的处理器。 多个服务器可以在单个处理设备上实现，或者每个服务器可以在单独的处理设备上实现。 至少一个服务器可以是至少两个阈值安全平面的一部分。 通过每个平面处理对受保护资源的给定请求，以使对应的用户获得对受保护资源的访问。 作为示例，安全平面可以包括认证平面，访问控制平面和资源平面中的两个或更多个。

公开(公告)号：US08925053B1

公开(公告)日：2014-12-30

申请号：US13472999

申请日：2012-05-16

申请人： Nirav Mehta

发明人： Nirav Mehta

IPC分类号： G06F21/00 ,  H04L9/32

CPC分类号： G06F21/31 ,  G06F2221/2113 ,  H04L9/3226

摘要： An authentication technique involves receiving an authentication request which includes a set of authentication factors and performing, in response to the authentication request, an authentication operation based on a set of authentication factors. An authentication result of the authentication operation identifies a particular trust category among a set of trust categories. Each trust category of the set defines a unique set of user permissions. The technique further involves providing the authentication result for use by a web application. The particular trust category identified by the authentication result defines a particular set of user permissions to be imposed by the web application. For example, the trust categories may take the form of trust levels such as Low, Med, and High which control access to certain resources. Furthermore, the technique involves providing periodic and/or random authentication requests to the authentication server to detect hijacking of the user session after successful initial authentication.

摘要翻译： 认证技术涉及接收包括一组认证因素的认证请求，并且响应于认证请求，执行基于一组认证因素的认证操作。 认证操作的认证结果识别一组信任类别中的特定信任类别。 该集合的每个信任类别定义了一组唯一的用户权限。 该技术还涉及提供认证结果供Web应用使用。 由认证结果识别的特定信任类别定义了由Web应用程序施加的一组特定的用户权限。 例如，信任类别可以采取信任级别的形式，例如Low，Med和High，其控制对某些资源的访问。 此外，该技术涉及向认证服务器提供周期性和/或随机认证请求，以在成功初始认证之后检测用户会话的劫持。