利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

18 条记录 (耗时 0.018 秒)

    Scheme for sub-realms within an authentication protocol
    1.
    发明申请
    Scheme for sub-realms within an authentication protocol 有权

    公开(公告)号:US20060224891A1

    公开(公告)日:2006-10-05

    申请号:US11096829

    申请日:2005-04-01

    申请人: Cristian Ilac Karthik Jaganathan Murli Satagopan Tarek Bahna Mahmoud Kamel Todd Stecher

    发明人: Cristian Ilac Karthik Jaganathan Murli Satagopan Tarek Bahna Mahmoud Kamel Todd Stecher

    IPC分类号: H04L9/00

    CPC分类号: H04L9/3213 H04L9/0833

    摘要: Branch domain controllers (DCs) contain read only replicas of the data in a normal domain DC. This includes information about the groups a user belongs to so it can be used to determine authorization information. Password information, however, is desirably replicated to the branch DCs only for users and services (including machines) designated for that particular branch. Moreover, all write operations are desirably handled by hub DCs, the primary domain controller (PDC), or other DCs trusted by the corporate office. Rapid authentication and authorization in branch offices is supported using Kerberos sub-realms in which each branch office operates as a virtual realm. The Kerberos protocol employs different key version numbers to distinguish between the virtual realms of the head and branch key distribution centers (KDCs). Accounts may be named krbtgt_ where is carried in the kvno field of the ticket granting ticket (TGT) to indicate to the hub KDC which krbtgt′ key was used to encrypt the TGT.

    Native use of web service protocols and claims in server authentication
    2.
    发明授权
    Native use of web service protocols and claims in server authentication 有权
    在服务器认证中本机使用Web服务协议和声明

    公开(公告)号:US08528058B2

    公开(公告)日:2013-09-03

    申请号:US11755968

    申请日:2007-05-31

    申请人: Liqiang Zhu Gennady Medvinsky Tanmoy Dutta Cristian Ilac Andreas Luther John P Shewchuk

    发明人: Liqiang Zhu Gennady Medvinsky Tanmoy Dutta Cristian Ilac Andreas Luther John P Shewchuk

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0823 H04L63/166 H04L67/02

    摘要: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

    摘要翻译: 通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构,更具体地说,Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。 创建了一个安全支持提供程序(SSP),它使用WS- *协议来至少模拟ws-trust和ws-mex,从而通过HTTP协议栈实现策略交换。 可以通过WWW-Authenticate标头来交换策略,使得遗留应用程序能够使用WS- *系列协议,而无需修改客户端应用程序。 将WS- *协议抽象为通用编程接口,用于本机客户机应用程序的使用。

    ADVANCED SECURITY NEGOTIATION PROTOCOL
    3.
    发明申请
    ADVANCED SECURITY NEGOTIATION PROTOCOL 有权
    高级安全谈判协议

    公开(公告)号:US20090328140A1

    公开(公告)日:2009-12-31

    申请号:US12147054

    申请日:2008-06-26

    申请人: Dave M. McPherson Tanmoy Dutta Cristian Ilac Liqiang Zhu

    发明人: Dave M. McPherson Tanmoy Dutta Cristian Ilac Liqiang Zhu

    IPC分类号: G06F21/00

    CPC分类号: H04L63/20 H04L63/08 H04L63/205 H04L69/24

    摘要: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).

    摘要翻译: 本公开描述了用于创建高级安全协商包的方法,系统和应用程序编程接口。 本公开描述了在简单和受保护的协商机制(SPNEGO)协议下创建高级安全协商协议以协商认证方案。 该协议描述了在高级安全协商协议期间定义Windows安全类型(WST)库消息以保护协商数据。 该协议发送一个携带多个认证消息的初始消息,以减少冗余往返,并通过小型安全支持提供商(SSP)实现密钥交换。

    Interoperable credential gathering and access modularity
    4.
    发明授权
    Interoperable credential gathering and access modularity 有权
    可互操作的凭证采集和访问模块化

    公开(公告)号:US07577659B2

    公开(公告)日:2009-08-18

    申请号:US10693585

    申请日:2003-10-24

    申请人: Klaus U. Schutz Stefan Richards Eric C. Perlin Cristian Ilac Sterling M. Reasor Eric Flo John Stephens Benjamin A. Hutz

    发明人: Klaus U. Schutz Stefan Richards Eric C. Perlin Cristian Ilac Sterling M. Reasor Eric Flo John Stephens Benjamin A. Hutz

    IPC分类号: G06F7/00 G06F17/30

    CPC分类号: G06F21/31 Y10S707/99938 Y10S707/99939

    摘要: A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from the logon UI module via a corresponding one of different pre-log access provider (PLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected PLAP module when the credential is authenticated with the credential database.

    摘要翻译: 用不同凭证提供者模块之一翻译凭证,每个凭证提供者模块将相应的不同类型的凭证翻译成公共协议。 翻译的凭证通过API传送到登录UI模块到本地机器的操作系统(OS)。 登录UI模块调用操作系统登录模块,以根据凭据数据库验证转换的凭据。 当认证成功时,由登录的凭证登录的用户访问本地计算机。 证书还可以与从登录UI模块通过每个与API进行通信的不同预登录访问提供程序(PLAP)模块中的相应一个模块接收到的选择一起使用。 当凭证凭证凭证数据库进行身份验证时,API与所选择的PLAP模块指定的访问服务建立网络会话。

    Native Use Of Web Service Protocols And Claims In Server Authentication
    5.
    发明申请
    Native Use Of Web Service Protocols And Claims In Server Authentication 有权
    在服务器认证中本地使用Web服务协议和声明

    公开(公告)号:US20080301784A1

    公开(公告)日:2008-12-04

    申请号:US11755968

    申请日:2007-05-31

    申请人: Liqiang Zhu Gennady Medvinsky Tanmoy Dutta Cristian Ilac Andreas Luther John P. Shewchuk

    发明人: Liqiang Zhu Gennady Medvinsky Tanmoy Dutta Cristian Ilac Andreas Luther John P. Shewchuk

    IPC分类号: G06F7/04

    CPC分类号: H04L63/0823 H04L63/166 H04L67/02

    摘要: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

    摘要翻译: 通过HTTP认证将客户端应用程序本地验证到Web服务器的体系结构。 Web服务体系结构,更具体地说,Web服务安全性是有利于使传统应用程序能够透明地访问现有的遗留应用程序的Web服务。 创建了一个安全支持提供程序(SSP),它使用WS- *协议来至少模拟ws-trust和ws-mex,从而通过HTTP协议栈实现策略交换。 可以通过WWW-Authenticate标头来交换策略,使得遗留应用程序能够使用WS- *系列协议,而无需修改客户端应用程序。 将WS- *协议抽象为通用编程接口,用于本机客户机应用程序的使用。

    Policy driven, credential delegation for single sign on and secure access to network resources
    8.
    发明授权
    Policy driven, credential delegation for single sign on and secure access to network resources 有权
    政策驱动,凭据授权单点登录和安全访问网络资源

    公开(公告)号:US07913084B2

    公开(公告)日:2011-03-22

    申请号:US11441588

    申请日:2006-05-26

    申请人: Gennady Medvinsky Cristian Ilac Costin Hagiu John E. Parsons Mohamed Emad El Din Fathalla Paul J. Leach Tarek Bahaa El-Din Mahmoud Kamel

    发明人: Gennady Medvinsky Cristian Ilac Costin Hagiu John E. Parsons Mohamed Emad El Din Fathalla Paul J. Leach Tarek Bahaa El-Din Mahmoud Kamel

    IPC分类号: H04L9/32

    CPC分类号: H04L63/0815 H04L9/3273 H04L63/20 H04L2209/80

    摘要: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.

    摘要翻译: 提供了一种凭证安全支持提供者(Cred SSP),使任何应用程序能够通过客户端安全支持提供商(SSP)软件将客户端的凭据安全地委派给目标服务器,通过网络计算中的服务器端SSP软件 环境。 本发明的Cred SSP提供了一种安全解决方案,该解决方案部分地基于一组策略,包括针对广泛的攻击的安全性的默认策略,其用于控制​​和限制从客户机委派用户凭证 到服务器。 这些策略可以用于任何类型的用户凭证,并且不同的策略被设计为减轻广泛的攻击,从而可以针对给定的授权情况,网络条件,信任级别等进行适当的委托。此外,只有可信的子系统,例如 ,本地安全机构(LSA)的受信任的子系统可以访问明文凭据,使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权 清除文本凭据。

    Update at shutdown
    9.
    发明申请
    Update at shutdown 有权
    关机时更新

    公开(公告)号:US20060053417A1

    公开(公告)日:2006-03-09

    申请号:US10934343

    申请日:2004-09-03

    申请人: Gary Henderson David Switzer Chung Chow Cristian Ilac Cathelijne Bertels Richard Swaney

    发明人: Gary Henderson David Switzer Chung Chow Cristian Ilac Cathelijne Bertels Richard Swaney

    IPC分类号: G06F9/44

    CPC分类号: G06F9/442 G06F8/65

    摘要: An update at shutdown process is disclosed that installs software updates on a computer during the computer's shutdown procedures. On a computing device with an automated shutdown procedure, during the shutdown procedure an update at shutdown process is executed. The update at shutdown process evaluates whether any software updates are currently stored, or are locally available, on the computing device. If there are software updates to be installed, a further evaluation determines whether any of the software updates may be installed without any user interaction. Accordingly, each downloaded/locally available software update that is identified as being installable without user interaction, is installed during the shutdown procedure, thus minimizing the impact that the software updates have on the computer user's use time.

    摘要翻译: 披露了在关机过程中的更新,在计算机关机过程中,在计算机上安装软件更新。 在具有自动关机过程的计算设备上,在关机过程中,执行关机过程中的更新。 关机过程中的更新会评估计算设备上是否存在任何软件更新或本地可用。 如果要安装软件更新,则进一步的评估可确定是否可以在没有任何用户交互的情况下安装任何软件更新。 因此,在关闭过程期间安装被识别为可安装而无用户交互的每个下载/本地可用的软件更新,从而最小化软件更新对计算机用户的使用时间的影响。

    Communicating a password securely
    10.
    发明授权
    Communicating a password securely 有权
    安全地通信密码

    公开(公告)号:US08281368B2

    公开(公告)日:2012-10-02

    申请号:US12038815

    申请日:2008-02-28

    申请人: Raghavendra Malpani Cristian Ilac Tanmoy Dutta Klaus Schultz

    发明人: Raghavendra Malpani Cristian Ilac Tanmoy Dutta Klaus Schultz

    IPC分类号: G06F7/04 G06F15/16 G06F17/30 H04L29/06

    CPC分类号: G06F21/556

    摘要: A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.

    摘要翻译: 在客户端和服务器之间建立安全(例如HTTPS)连接。 通过连接的通信可以利用不是客户机的可信计算基础的一部分的应用(例如,Web浏览器)。 密码通过连接从客户端发送到服务器,使得明文密码对应用程序不可用。 例如,密码可以被加密并直接从客户端的可信计算基础插入到HTTPS流中。