公开(公告)号：US09225744B1

公开(公告)日：2015-12-29

申请号：US13461562

申请日：2012-05-01

申请人： Bradley Jeffery Behm ,  Gregory B. Roth ,  Matthew A. Estes ,  Eric Jason Brandwine ,  Patrick J. Ward

发明人： Bradley Jeffery Behm ,  Gregory B. Roth ,  Matthew A. Estes ,  Eric Jason Brandwine ,  Patrick J. Ward

IPC分类号： G06F17/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/102 ,  H04L67/02

摘要： Client impersonation is recognized by an access control service using servicer credentials to allow a servicer to impersonate a user's context while requesting actions be performed on a computing resource. A servicer may be requested to perform an action through impersonation, granting access to the context of a user related to the computing resource. The computing resource receives servicer credentials and impersonation information from the servicer. After verifying the servicer's authorization to perform actions under the context of the user, the servicer may attempt to perform the requested action. The action may be logged as performed by the servicer impersonating the user. The user may also be billed for any costs incurred.

摘要翻译： 使用服务器凭据的访问控制服务识别客户端模拟，以允许服务器模拟用户的上下文，同时请求在计算资源上执行操作。 可能请求服务器通过模拟来执行操作，授予访问与计算资源相关的用户的上下文的权限。 计算资源从服务器接收服务器凭据和模拟信息。 在验证服务器在用户上下文中执行操作的授权之后，服务器可能会尝试执行请求的操作。 该操作可能会记录在服务器模拟用户的情况下。 用户也可能会收取任何费用。

公开(公告)号：US08739308B1

公开(公告)日：2014-05-27

申请号：US13431898

申请日：2012-03-27

申请人： Gregory B. Roth ,  Marc R. Barbour ,  Bradley Jeffery Behm ,  Cristian M. Ilac ,  Eric Jason Brandwine

发明人： Gregory B. Roth ,  Marc R. Barbour ,  Bradley Jeffery Behm ,  Cristian M. Ilac ,  Eric Jason Brandwine

IPC分类号： G06F21/00

CPC分类号： H04N21/44055 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/64 ,  H04L9/0819 ,  H04L9/088 ,  H04L9/3242 ,  H04L2209/24 ,  H04L2209/38 ,  H04N21/4627

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥，使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构，使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备，以使得设备能够解密内容，使得未经授权的内容的源或潜在来源可以从解密的内容中识别。

公开(公告)号：US09197409B2

公开(公告)日：2015-11-24

申请号：US13248973

申请日：2011-09-29

申请人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

发明人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

IPC分类号： H04L9/32 ,  H04L9/08 ,  G06F21/31 ,  H04L29/06

CPC分类号： H04L9/083 ,  G06F21/31 ,  G06F2221/2115 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0884 ,  H04L63/126 ,  H04L2209/38

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。 此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

公开(公告)号：US20130086662A1

公开(公告)日：2013-04-04

申请号：US13248962

申请日：2011-09-29

申请人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

发明人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

IPC分类号： G06F21/00

CPC分类号： H04L9/0891 ,  G06F21/31 ,  G06F2221/2115 ,  H04L9/083 ,  H04L9/088 ,  H04L9/3247 ,  H04L63/08 ,  H04L2209/38 ,  H04L2463/061

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。 此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

公开(公告)号：US09215076B1

公开(公告)日：2015-12-15

申请号：US13431882

申请日：2012-03-27

申请人： Gregory B. Roth ,  Marc R. Barbour ,  Bradley Jeffery Behm ,  Cristian M. Ilac ,  Eric Jason Brandwine

发明人： Gregory B. Roth ,  Marc R. Barbour ,  Bradley Jeffery Behm ,  Cristian M. Ilac ,  Eric Jason Brandwine

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/062 ,  G06F21/64 ,  H04L9/0836 ,  H04L9/321 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/06 ,  H04L63/08 ,  H04L2209/38 ,  H04L2209/60 ,  H04L2463/061

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥，使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构，使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备，以使得设备能够解密内容，使得未经授权的内容的源或潜在来源可以从解密的内容中识别。

公开(公告)号：US08973108B1

公开(公告)日：2015-03-03

申请号：US13149619

申请日：2011-05-31

申请人： Gregory B. Roth ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Brian Irl Pratt ,  Bradley Jeffery Behm ,  Nathan R. Fitch

发明人： Gregory B. Roth ,  Kevin Ross O'Neill ,  Eric Jason Brandwine ,  Brian Irl Pratt ,  Bradley Jeffery Behm ,  Nathan R. Fitch

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0807 ,  G06F21/00 ,  H04L9/3213 ,  H04L63/20

摘要： Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

摘要翻译： 用于控制对一个或多个计算资源的访问的系统和方法涉及生成可用于访问所述一个或多个计算资源的会话凭证。 对计算资源的访问可以由一组策略来管理，并且可以根据它们是否被该策略集合允许而使用会话凭证进行访问的请求来实现。 会话凭证本身可以包括可用于确定是否实现访问一个或多个计算资源的请求的元数据。 元数据可以包括会话证书的用户的权限，与一个或多个用户相关的声明以及其他信息。

公开(公告)号：US09178701B2

公开(公告)日：2015-11-03

申请号：US13248962

申请日：2011-09-29

申请人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

发明人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

IPC分类号： H04L9/32 ,  H04L9/08 ,  G06F21/31 ,  H04L29/06

CPC分类号： H04L9/0891 ,  G06F21/31 ,  G06F2221/2115 ,  H04L9/083 ,  H04L9/088 ,  H04L9/3247 ,  H04L63/08 ,  H04L2209/38 ,  H04L2463/061

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。 此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

公开(公告)号：US20130086663A1

公开(公告)日：2013-04-04

申请号：US13248973

申请日：2011-09-29

申请人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

发明人： Gregory B. Roth ,  Bradley Jeffery Behm ,  Eric D. Crahen ,  Cristian M. Ilac ,  Nathan R. Fitch ,  Eric Jason Brandwine ,  Kevin Ross O'Neill

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L9/083 ,  G06F21/31 ,  G06F2221/2115 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0884 ,  H04L63/126 ,  H04L2209/38

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息，作为用于生成密钥的结果，使生成的密钥可用于比秘密凭证更小的使用范围。 此外，密钥生成可以涉及函数的多次调用，其中函数的调用的至少一个子集中的每一个导致具有比从先前调用函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制，可以采取一个或多个动作。

公开(公告)号：US08892865B1

公开(公告)日：2014-11-18

申请号：US13431760

申请日：2012-03-27

申请人： Gregory B. Roth ,  Marc R. Barbour ,  Bradley Jeffery Behm ,  Cristian M. Ilac ,  Eric Jason Brandwine

发明人： Gregory B. Roth ,  Marc R. Barbour ,  Bradley Jeffery Behm ,  Cristian M. Ilac ,  Eric Jason Brandwine

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F21/60

CPC分类号： H04L9/0822 ,  G06F21/602 ,  H04L9/0836 ,  H04L9/14 ,  H04L63/064 ,  H04L2209/24

摘要： Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

摘要翻译： 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥，使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构，使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备，以使得设备能够解密内容，使得未经授权的内容的源或潜在来源可以从解密的内容中识别。

公开(公告)号：US08769642B1

公开(公告)日：2014-07-01

申请号：US13149718

申请日：2011-05-31

申请人： Kevin Ross O'Neill ,  Gregory B. Roth ,  Eric Jason Brandwine ,  Brian Irl Pratt ,  Bradley Jeffery Behm ,  Nathan R. Fitch

发明人： Kevin Ross O'Neill ,  Gregory B. Roth ,  Eric Jason Brandwine ,  Brian Irl Pratt ,  Bradley Jeffery Behm ,  Nathan R. Fitch

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  H04L63/0815 ,  H04L63/102 ,  H04L63/108

摘要： Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

摘要翻译： 用于控制对一个或多个计算资源的访问的系统和方法涉及生成可用于访问所述一个或多个计算资源的会话凭证。 对计算资源的访问可以由一组策略来管理，并且可以根据它们是否被该策略集合允许而使用会话凭证进行访问的请求来实现。 会话凭证本身可以包括可用于确定是否实现访问一个或多个计算资源的请求的元数据。 元数据可以包括会话证书的用户的权限，与一个或多个用户相关的声明以及其他信息。