-
公开(公告)号:US20160087797A1
公开(公告)日:2016-03-24
申请号:US14491541
申请日:2014-09-19
Applicant: Bank of America Corporation
Inventor: Abdulkader Barbir , Eileen D. Bridges , Davindar Gill , Lawrence R. LaBella , Craig Worstell
CPC classification number: H04L9/3236 , H04L9/3226 , H04L9/3273 , H04L63/062 , H04L63/126
Abstract: Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor.
Abstract translation: 本公开的方面涉及在计算机处理器处使用虚拟证书来保护移动设备的系统和方法。 一种方法可以包括:向与网络连接的服务器处理器相关联的应用接收对与计算设备相关联的计算机网络的访问请求; 在所述服务器处理器处电子地接收来自所述计算设备的第一安全密钥片段; 所述第一安全密钥片段与所述计算设备未知的验证者密钥片段配对; 在与验证者密钥片段相关联的服务器处理器处生成条件种子密钥片段; 将第一散列参数与所述服务器处理器处的第二散列参数进行比较; 在服务器处理器处发送会话安全密钥,用于启用对与服务器处理器相关联的应用的网络访问。
-
公开(公告)号:US09075791B2
公开(公告)日:2015-07-07
申请号:US13801286
申请日:2013-03-13
Applicant: Bank of America Corporation
Inventor: Radu Marian , Abdulkader Barbir , Cynthia A. Frick , John H. Kling
IPC: G06F17/27
CPC classification number: G06F17/2735
Abstract: A system for managing an enterprise concept dictionary may include an electronic master dictionary and electronic local dictionaries. The master dictionary may include concept entries respectively associated with concept identifiers and with one or more concept definitions. The local dictionaries may include one or more of the concept identifiers of the master dictionary. A dictionary management module may be in signal communication with the master dictionary and the local dictionaries. The dictionary management module may be configured to query the master dictionary for a concept entry that corresponds to a concept associated with a modeling component. If a concept entry is found, the concept identifier may be provided. If a concept entry is not found, a new concept entry may be added to the master dictionary. A notification module may be in signal communication with the master dictionary and automatically provide notification when a concept entry is added or updated.
Abstract translation: 用于管理企业概念词典的系统可以包括电子主词典和电子本地词典。 主字典可以包括分别与概念标识符和一个或多个概念定义相关联的概念条目。 本地字典可以包括主字典的一个或多个概念标识符。 字典管理模块可以与主字典和本地字典进行信号通信。 字典管理模块可以被配置为向主字典查询对应于与建模组件相关联的概念的概念条目。 如果找到概念条目,则可以提供概念标识符。 如果未找到概念条目,则可以将新概念条目添加到主字典。 通知模块可以与主字典进行信号通信,并且在添加或更新概念条目时自动提供通知。
-
公开(公告)号:US08931064B2
公开(公告)日:2015-01-06
申请号:US13718522
申请日:2012-12-18
Applicant: Bank of America Corporation
Inventor: Abdulkader Barbir
CPC classification number: H04L63/0815 , H04L63/102
Abstract: Methods and systems are described herein for performing attribute authentication for use by a relying party in providing access to a resource as requested by a user. Attribute authentication may be performed entirely by a single identity service provider, or by multiple identity service providers each authenticating a subset of a plurality of user attributes, such as name, address, phone, email, and the like. Each attribute may be authenticated with a level of assurance. Levels of assurance may vary from attribute to attribute. Different levels of assurance may be required for different attributes before the relying party may grant access to the user-desired resource. An authentication broker may act as a registry or broker of identity service providers, and may store information usable by relying parties to establish a trust relationship with a particular identity service provider on demand, as needed by a relying party.
Abstract translation: 本文描述了用于执行属性认证的方法和系统,以供依赖方在按照用户请求提供对资源的访问时使用。 属性认证可以完全由单个身份服务提供商执行,或者由多个身份服务提供商进行,每个身份服务提供商每个身份验证多个用户属性的子集,例如姓名,地址,电话,电子邮件等。 每个属性可以通过一定程度的认证来验证。 保证级别因属性而异。 不同的属性可能需要不同级别的保证,在依赖方可以授权访问用户期望的资源之前。 验证代理可以充当身份服务提供商的注册中心或代理商,并且可以存储依赖方可用的信息,以便依赖方根据需要与特定身份服务提供商建立信任关系。
-
公开(公告)号:US09639594B2
公开(公告)日:2017-05-02
申请号:US13801314
申请日:2013-03-13
Applicant: Bank of America Corporation
Inventor: John H. Kling , Abdulkader Barbir , Cynthia A. Frick , Radu Marian , Ronald W. Ritchey
CPC classification number: G06F17/30592 , G06F17/30563
Abstract: A data model for managing identity and access management (IAM) data implemented at an electronic database may include a set of logical resource elements, a set of physical resource elements, and a set of access requests elements that respectively model logical resources, physical resources, and access requests received at an access request manager of an enterprise. The physical resource elements may be respectively associated with the logical resource elements such that access rights for the physical resources may be obtained based on a logical resource specified in the access request. A system for managing IAM may include a mapping module configured to transform heterogeneous IAM data provided by a plurality of IAM data sources into homogeneous IAM data formatted according to the common IAM data format. A data store may implement the IAM data model such that the data store is configured to store the homogeneous IAM data.
-
公开(公告)号:US09531542B2
公开(公告)日:2016-12-27
申请号:US14491541
申请日:2014-09-19
Applicant: Bank of America Corporation
Inventor: Abdulkader Barbir , Eileen D. Bridges , Davindar Gill , Lawrence R. LaBella , Craig Worstell
CPC classification number: H04L9/3236 , H04L9/3226 , H04L9/3273 , H04L63/062 , H04L63/126
Abstract: Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor.
Abstract translation: 本公开的方面涉及在计算机处理器处使用虚拟证书来保护移动设备的系统和方法。 一种方法可以包括:向与网络连接的服务器处理器相关联的应用接收对与计算设备相关联的计算机网络的访问请求; 在所述服务器处理器处电子地接收来自所述计算设备的第一安全密钥片段; 所述第一安全密钥片段与所述计算设备未知的验证者密钥片段配对; 在与验证者密钥片段相关联的服务器处理器处生成条件种子密钥片段; 将第一散列参数与所述服务器处理器处的第二散列参数进行比较; 在服务器处理器处发送会话安全密钥,用于启用对与服务器处理器相关联的应用的网络访问。
-
Patent Agency Ranking
公开(公告)号:US20140180678A1
公开(公告)日:2014-06-26
申请号:US13801286
申请日:2013-03-13
Applicant: BANK OF AMERICA CORPORATION
Inventor: Radu Marian , Abdulkader Barbir , Cynthia A. Frick , John H. Kling
IPC: G06F17/27
CPC classification number: G06F17/2735
Abstract: A system for managing an enterprise concept dictionary may include an electronic master dictionary and electronic local dictionaries. The master dictionary may include concept entries respectively associated with concept identifiers and with one or more concept definitions. The local dictionaries may include one or more of the concept identifiers of the master dictionary. A dictionary management module may be in signal communication with the master dictionary and the local dictionaries. The dictionary management module may be configured to query the master dictionary for a concept entry that corresponds to a concept associated with a modeling component. If a concept entry is found, the concept identifier may be provided. If a concept entry is not found, a new concept entry may be added to the master dictionary. A notification module may be in signal communication with the master dictionary and automatically provide notification when a concept entry is added or updated.
Abstract translation: 用于管理企业概念词典的系统可以包括电子主词典和电子本地词典。 主字典可以包括分别与概念标识符和一个或多个概念定义相关联的概念条目。 本地字典可以包括主字典的一个或多个概念标识符。 字典管理模块可以与主字典和本地字典进行信号通信。 字典管理模块可以被配置为向主字典查询对应于与建模组件相关联的概念的概念条目。 如果找到概念条目,则可以提供概念标识符。 如果未找到概念条目,则可以将新概念条目添加到主字典。 通知模块可以与主字典进行信号通信,并且在添加或更新概念条目时自动提供通知。
-
公开(公告)号:US09531692B2
公开(公告)日:2016-12-27
申请号:US14491526
申请日:2014-09-19
Applicant: Bank of America Corporation
Inventor: Abdulkader Barbir , Eileen D. Bridges , Davindar Gill , Lawrence R. LaBella , Craig Worstell
CPC classification number: H04L63/062 , H04L9/085
Abstract: Aspects of the present disclosure are directed to methods and systems for securing mobile computing applications with distributed keys. In one aspect, a computer implemented method or computer readable media include steps electronically receiving, at a computer processor of a computing device, a first security key fragment based on a user input to the computing device; electronically receiving, at the computer processor, a second security key fragment from a network connected storage entity; and electronically concatenating, at the computer processor, the first security key fragment and the second security key fragment to generate a third security key.
Abstract translation: 本公开的方面针对用于使用分布式密钥来保护移动计算应用的方法和系统。 在一个方面,计算机实现的方法或计算机可读介质包括在计算设备的计算机处理器处基于对计算设备的用户输入来电接收第一安全密钥片段的步骤; 在计算机处理器处电子地从网络连接的存储实体接收第二安全密钥片段; 以及在所述计算机处理器处电子连接所述第一安全密钥片段和所述第二安全密钥片段以生成第三安全密钥。
-
公开(公告)号:US20140173697A1
公开(公告)日:2014-06-19
申请号:US13718522
申请日:2012-12-18
Applicant: BANK OF AMERICA CORPORATION
Inventor: Abdulkader Barbir
IPC: H04L29/06
CPC classification number: H04L63/0815 , H04L63/102
Abstract: Methods and systems are described herein for performing attribute authentication for use by a relying party in providing access to a resource as requested by a user. Attribute authentication may be performed entirely by a single identity service provider, or by multiple identity service providers each authenticating a subset of a plurality of user attributes, such as name, address, phone, email, and the like. Each attribute may be authenticated with a level of assurance. Levels of assurance may vary from attribute to attribute. Different levels of assurance may be required for different attributes before the relying party may grant access to the user-desired resource. An authentication broker may act as a registry or broker of identity service providers, and may store information usable by relying parties to establish a trust relationship with a particular identity service provider on demand, as needed by a relying party.
Abstract translation: 本文描述了用于执行属性认证的方法和系统,以供依赖方在按照用户请求提供对资源的访问时使用。 属性认证可以完全由单个身份服务提供商执行,或者由多个身份服务提供商进行,每个身份服务提供商每个身份验证多个用户属性的子集,例如姓名,地址,电话,电子邮件等。 每个属性可以通过一定程度的认证来验证。 保证级别因属性而异。 不同的属性可能需要不同级别的保证,在依赖方可以授权访问用户期望的资源之前。 验证代理可以充当身份服务提供商的注册中心或代理商,并且可以存储依赖方可用的信息,以便依赖方根据需要与特定身份服务提供商建立信任关系。
-
公开(公告)号:US20160087950A1
公开(公告)日:2016-03-24
申请号:US14491526
申请日:2014-09-19
Applicant: Bank of America Corporation
Inventor: Abdulkader Barbir , Eileen D. Bridges , Davindar Gill , Lawrence R. LaBella , Craig Worstell
IPC: H04L29/06
CPC classification number: H04L63/062 , H04L9/085
Abstract: Aspects of the present disclosure are directed to methods and systems for securing mobile computing applications with distributed keys. In one aspect, a computer implemented method or computer readable media include steps electronically receiving, at a computer processor of a computing device, a first security key fragment based on a user input to the computing device; electronically receiving, at the computer processor, a second security key fragment from a network connected storage entity; and electronically concatenating, at the computer processor, the first security key fragment and the second security key fragment to generate a third security key.
Abstract translation: 本公开的方面针对用于使用分布式密钥来保护移动计算应用的方法和系统。 在一个方面,计算机实现的方法或计算机可读介质包括在计算设备的计算机处理器处基于对计算设备的用户输入来电接收第一安全密钥片段的步骤; 在计算机处理器处电子地从网络连接的存储实体接收第二安全密钥片段; 以及在所述计算机处理器处电子连接所述第一安全密钥片段和所述第二安全密钥片段以生成第三安全密钥。
-
公开(公告)号:US08935808B2
公开(公告)日:2015-01-13
申请号:US13718602
申请日:2012-12-18
Applicant: Bank of America Corporation
Inventor: Abdulkader Barbir
CPC classification number: H04L63/0815
Abstract: Methods and systems are described herein for performing attribute authentication for use by a relying party in providing access to a resource as requested by a user. Attribute authentication may be performed entirely by a single identity service provider, or by multiple identity service providers each authenticating a subset of a plurality of user attributes, such as name, address, phone, email, and the like. Each attribute may be authenticated with a level of assurance. Levels of assurance may vary from attribute to attribute. Different levels of assurance may be required for different attributes before the relying party may grant access to the user-desired resource. An authentication broker may act as a registry or broker of identity service providers, and may store information usable by relying parties to establish a trust relationship with a particular identity service provider on demand, as needed by a relying party.
Abstract translation: 本文描述了用于执行属性认证的方法和系统,以供依赖方在按照用户请求提供对资源的访问时使用。 属性认证可以完全由单个身份服务提供商执行,或者由多个身份服务提供商进行,每个身份服务提供商每个身份验证多个用户属性的子集,例如姓名,地址,电话,电子邮件等。 每个属性可以通过一定程度的认证来验证。 保证级别因属性而异。 不同的属性可能需要不同级别的保证,在依赖方可以授权访问用户期望的资源之前。 验证代理可以充当身份服务提供商的注册中心或代理商,并且可以存储依赖方可用的信息,以便依赖方根据需要与特定身份服务提供商建立信任关系。
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.017 seconds)
