公开(公告)号：US10104084B2

公开(公告)日：2018-10-16

申请号：US14942195

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Hua Cui ,  Ian Remmel

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/33

Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.

公开(公告)号：US09871775B2

公开(公告)日：2018-01-16

申请号：US14943184

申请日：2015-11-17

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L12/58

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

公开(公告)号：US10021080B2

公开(公告)日：2018-07-10

申请号：US15830291

申请日：2017-12-04

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L12/58 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

公开(公告)号：US20180091489A1

公开(公告)日：2018-03-29

申请号：US15830291

申请日：2017-12-04

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L12/58

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

公开(公告)号：US20170048217A1

公开(公告)日：2017-02-16

申请号：US14943184

申请日：2015-11-17

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Sean Whitsell

IPC: H04L29/06 ,  H04L9/32 ,  H04L12/58

CPC classification number: H04L63/065 ,  H04L9/0833 ,  H04L9/3242 ,  H04L9/3255 ,  H04L51/04 ,  H04L63/0435 ,  H04L63/123

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

Abstract translation: 关于代表组成员更新的防篡改时间表的数据块的有序列表，在机密组通信中实现授权的系统和方法。 这种方法允许临时和分散的组定义，动态和分散的成员资格更新，公开分享，篡改阻力和跟踪成员资格历史。 这些技术有很多应用。 一种这样的应用是实现即时消息，内容共享和流媒体的端到端加密。

公开(公告)号：US20170034172A1

公开(公告)日：2017-02-02

申请号：US14942195

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Hua Cui ,  Ian Remmel

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F21/33 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815

Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.

Abstract translation: 提供了用于增强标准OAuth2授权框架的能力的技术，以便允许客户端消耗驻留在不相交的安全域中的多个资源服务器的服务，同时仅需要一次一次的用户认证。 提供对跨越多个安全域分发的资源服务的访问的访问令牌被划分成多个缩小范围的访问令牌。 每个缩小范围的访问令牌仅限于访问令牌的授权范围的子集，基于该子集提供对特定安全域中的资源服务的访问。