-
公开(公告)号:US20070016782A1
公开(公告)日:2007-01-18
申请号:US11181525
申请日:2005-07-14
申请人: Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
发明人: Christopher Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul Leach , Liqiang Zhu , David Cross
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译: 在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。 例如,客户端可以在认证期间向服务器提供用户映射信息。 提示(例如,以TLS扩展机制的形式)可以用于发送客户端的域/用户名信息,以帮助服务器将用户的证书映射到帐户。 扩展机制提供客户端发送的映射数据的完整性和真实性。 用户提供关于在哪里找到正确的帐户或域控制器(指向或以其他方式维护正确的帐户)的提示。 根据证书中的提示和其他信息,用户被映射到一个帐户。 提示可以由用户在登录时提供。因此,证书被映射到身份以验证用户。 发送提示与证书信息一起执行绑定。 可以扩展现有协议以传达额外的映射信息(提示)来执行绑定。 定义了针对Kerberos的供应商特定扩展,以根据X.509证书和映射用户名提示获取授权数据。
-
公开(公告)号:US07434253B2
公开(公告)日:2008-10-07
申请号:US11181525
申请日:2005-07-14
申请人: Christopher J. Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul J. Leach , Liqiang Zhu , David B. Cross
发明人: Christopher J. Crall , Gennady Medvinsky , Joshua Ball , Karthik Jaganathan , Paul J. Leach , Liqiang Zhu , David B. Cross
CPC分类号: H04L9/3263 , H04L9/3273 , H04L63/0807 , H04L63/0823 , H04L63/0876 , H04L63/10 , H04L63/166
摘要: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.
摘要翻译: 在认证握手期间可以交换的消息中提供了包含用户映射信息的提示。 例如,客户端可以在认证期间向服务器提供用户映射信息。 提示(例如,以TLS扩展机制的形式)可以用于发送客户端的域/用户名信息,以帮助服务器将用户的证书映射到帐户。 扩展机制提供客户端发送的映射数据的完整性和真实性。 用户提供关于在哪里找到正确的帐户或域控制器(指向或以其他方式维护正确的帐户)的提示。 根据证书中的提示和其他信息,用户被映射到一个帐户。 提示可以由用户在登录时提供。因此,证书被映射到身份以验证用户。 发送提示与证书信息一起执行绑定。 可以扩展现有协议以传达额外的映射信息(提示)来执行绑定。 定义了针对Kerberos的供应商特定扩展,以根据X.509证书和映射用户名提示获取授权数据。
-
3.发明申请公开(公告)号:US20080301784A1
公开(公告)日:2008-12-04
申请号:US11755968
申请日:2007-05-31
申请人: Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P. Shewchuk
发明人: Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P. Shewchuk
IPC分类号: G06F7/04
CPC分类号: H04L63/0823 , H04L63/166 , H04L67/02
摘要: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.
摘要翻译: 通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构,更具体地说,Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。 创建了一个安全支持提供程序(SSP),它使用WS- *协议来至少模拟ws-trust和ws-mex,从而通过HTTP协议栈实现策略交换。 可以通过WWW-Authenticate标头来交换策略,使得遗留应用程序能够使用WS- *系列协议,而无需修改客户端应用程序。 将WS- *协议抽象为通用编程接口,用于本机客户机应用程序的使用。
-
4.发明授权公开(公告)号:US08528058B2
公开(公告)日:2013-09-03
申请号:US11755968
申请日:2007-05-31
申请人: Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P Shewchuk
发明人: Liqiang Zhu , Gennady Medvinsky , Tanmoy Dutta , Cristian Ilac , Andreas Luther , John P Shewchuk
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L63/166 , H04L67/02
摘要: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.
摘要翻译: 通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构,更具体地说,Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。 创建了一个安全支持提供程序(SSP),它使用WS- *协议来至少模拟ws-trust和ws-mex,从而通过HTTP协议栈实现策略交换。 可以通过WWW-Authenticate标头来交换策略,使得遗留应用程序能够使用WS- *系列协议,而无需修改客户端应用程序。 将WS- *协议抽象为通用编程接口,用于本机客户机应用程序的使用。
-
5.发明授权公开(公告)号:US09055107B2
公开(公告)日:2015-06-09
申请号:US11607720
申请日:2006-12-01
申请人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
发明人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
CPC分类号: H04L63/166 , G06F21/33 , G06F2221/2115 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L29/06965 , H04L63/0823 , H04L2209/38
摘要: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
摘要翻译: 在实体链中委托认证的方法依赖于在网关设备和用户之间记录TLS握手的至少一部分,其中用户需要访问期望的服务器。 然后,该方法依赖于在TLS握手的记录部分中重新验证加密证据,TLS握手被转发到(1)到需要访问的服务器,在这种情况下,服务器重新验证记录部分以确认认证 ,或者(2)到第三方实体,在这种情况下,第三方实体确认认证,并向网关服务器提供凭证,然后网关服务器使用凭证作为用户对服务器进行认证。
-
6.发明申请公开(公告)号:US20080134311A1
公开(公告)日:2008-06-05
申请号:US11607720
申请日:2006-12-01
申请人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
发明人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
CPC分类号: H04L63/166 , G06F21/33 , G06F2221/2115 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L29/06965 , H04L63/0823 , H04L2209/38
摘要: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
摘要翻译: 在实体链中委托认证的方法依赖于在网关设备和用户之间的至少一部分TLS握手的记录,其中用户需要访问期望的服务器。 然后,该方法依赖于在TLS握手的记录部分中重新验证加密证据,TLS握手被转发到(1)到需要访问的服务器,在这种情况下,服务器重新验证记录部分以确认认证 ,或者(2)到第三方实体,在这种情况下,第三方实体确认认证,并向网关服务器提供凭证,然后网关服务器使用凭证作为用户对服务器进行认证。
-
公开(公告)号:US08683549B2
公开(公告)日:2014-03-25
申请号:US11690685
申请日:2007-03-23
IPC分类号: H04L29/06
摘要: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.
摘要翻译: 计算机相关的安全机制要求人们参与访问验证序列。 在请求访问安全数据时,向请求者提供了一个难题。 拼图的正确解决需要人类参与。 这个难题被选中,使得它的解决方案在人类的能力范围之内,但超越了现有的计算机系统的现状。 困惑的可以视觉和/或听觉地呈现给用户。 在一个配置中,拼图通过可插拔拼图发生器库获得。 随着计算技术的先进水平的提高,图书馆中的拼图发生器可以被替代。
-
公开(公告)号:US20120192209A1
公开(公告)日:2012-07-26
申请号:US13013567
申请日:2011-01-25
IPC分类号: G06F9/46
CPC分类号: G06F21/121 , G06F2221/2115
摘要: Embodiments are disclosed that relate to hindering unauthorized use or distribution of a middleware program contained within an application. One example embodiment provides a method for hindering unauthorized use or distribution of a middleware program contained within an application. The method comprises acquiring factored middleware code, the factored middleware code having a missing function residing on a remote computing device, and building an application around the factored middleware code such that the application is configured to call to the remote computing device for execution of the missing function during use. The application may be configured to send a call to the remote computing device for execution of the missing function during use.
摘要翻译: 公开了涉及阻止未经授权的使用或分发包含在应用程序内的中间件程序的实施例。 一个示例性实施例提供了一种阻止未授权使用或分发包含在应用程序内的中间件程序的方法。 该方法包括获取因子分解的中间件代码,具有驻留在远程计算设备上的缺失功能的因特网中间件代码,以及围绕因子中间件代码构建应用,使得应用被配置为调用远程计算设备来执行丢失的 使用时功能。 该应用可以被配置成在使用期间向远程计算设备发送呼叫以执行丢失的功能。
-
9.发明申请PLATFORM INDEPENDENT ECOSYSTEM FOR CREATION, CONSUMPTION AND TRADE OF USER-GENERATED DIGITAL CONTENT 审中-公开平台独立生态系统,用于创建,消费和贸易用户生成的数字内容公开(公告)号:US20090327094A1
公开(公告)日:2009-12-31
申请号:US12165399
申请日:2008-06-30
申请人: Jean-Emile Elien , Ling Tony Chen , Ryan B. Cooper , Shyam Krishnamoorthy , Gennady Medvinsky , Gregory D. Hartrell , Ramesh Nagarajan
发明人: Jean-Emile Elien , Ling Tony Chen , Ryan B. Cooper , Shyam Krishnamoorthy , Gennady Medvinsky , Gregory D. Hartrell , Ramesh Nagarajan
CPC分类号: G06Q30/0601 , G06F21/10 , G06F21/6218
摘要: A platform (e.g. game console) and application (e.g. game title) independent ecosystem for the creation, consumption and trade of user generated digital content permits any application operating on any platform to participate in a market driven economy for user generated digital objects (UGDOs). The trading system is independent of (i.e. external to) all participating applications. A metadata attribution method for UGDOs in combination with heterogeneous application support through well-defined interfaces facilitates unlimited participation. Attributed metadata may be understood and consumed across platforms and applications. Flexible UGDO rights enforcement techniques in combination with a flexible fair exchange service for those rights support all manner of UGDOs and commercial transactions therefore. Participating application may provide rights enforcement in some instances. The nature of enforcement may rest on the nature of UGDO content, rights in UGDOs or author preferences. The trading system assures that all transactions in the UGDO economy are secure, fault tolerant and atomic, providing integrity and confidence in the UGDO economy.
摘要翻译: 用户生成的数字内容的创建,消费和交易的平台(如游戏控制台)和应用程序(例如游戏标题)独立生态系统允许在任何平台上运行的任何应用程序参与用户生成的数字对象(UGDO)的市场驱动型经济, 。 交易系统独立于(即外部)所有参与的应用程序。 UGDO的元数据归属方法与通过明确界面的异构应用程序支持相结合,有助于无限参与。 归属的元数据可以在平台和应用程序中被理解和使用。 灵活的UGDO权利执法技术结合灵活的公平交换服务,为这些权利提供支持,因此,UGDO的所有形式和商业交易都得到支持。 在某些情况下,参与的应用程序可能会提供权限执行。 执法的性质可能取决于UGDO内容的性质,UGDO的权利或作者偏好。 贸易体系保证,UGDO经济中的所有交易都是安全,容错和原子的,为UGDO经济提供诚信和信心。
-
公开(公告)号:US20080320554A1
公开(公告)日:2008-12-25
申请号:US11690685
申请日:2007-03-23
摘要: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.
摘要翻译: 计算机相关的安全机制要求人们参与访问验证序列。 在请求访问安全数据时,向请求者提供了一个难题。 拼图的正确解决需要人类参与。 这个难题被选中,使得它的解决方案在人类的能力范围之内,但超出了现有的计算机系统的现状。 困惑的可以视觉和/或听觉地呈现给用户。 在一个配置中,拼图通过可插拔拼图发生器库获得。 随着计算技术的先进水平的提高,图书馆中的拼图发生器可以被替代。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.031 秒)
