公开(公告)号：US20090328140A1

公开(公告)日：2009-12-31

申请号：US12147054

申请日：2008-06-26

申请人： Dave M. McPherson ,  Tanmoy Dutta ,  Cristian Ilac ,  Liqiang Zhu

发明人： Dave M. McPherson ,  Tanmoy Dutta ,  Cristian Ilac ,  Liqiang Zhu

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  H04L63/08 ,  H04L63/205 ,  H04L69/24

摘要： This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).

摘要翻译： 本公开描述了用于创建高级安全协商包的方法，系统和应用程序编程接口。 本公开描述了在简单和受保护的协商机制（SPNEGO）协议下创建高级安全协商协议以协商认证方案。 该协议描述了在高级安全协商协议期间定义Windows安全类型（WST）库消息以保护协商数据。 该协议发送一个携带多个认证消息的初始消息，以减少冗余往返，并通过小型安全支持提供商（SSP）实现密钥交换。

公开(公告)号：US08799630B2

公开(公告)日：2014-08-05

申请号：US12147054

申请日：2008-06-26

申请人： Dave M. McPherson ,  Tanmoy Dutta ,  Cristian Ilac ,  Liqiang Zhu

发明人： Dave M. McPherson ,  Tanmoy Dutta ,  Cristian Ilac ,  Liqiang Zhu

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  H04L63/08 ,  H04L63/205 ,  H04L69/24

摘要： This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).

摘要翻译： 本公开描述了用于创建高级安全协商包的方法，系统和应用程序编程接口。 本公开描述了在简单和受保护的协商机制（SPNEGO）协议下创建高级安全协商协议以协商认证方案。 该协议描述了在高级安全协商协议期间定义Windows安全类型（WST）库消息以保护协商数据。 该协议发送一个携带多个认证消息的初始消息，以减少冗余往返，并通过小型安全支持提供商（SSP）实现密钥交换。

公开(公告)号：US08533772B2

公开(公告)日：2013-09-10

申请号：US12477747

申请日：2009-06-03

申请人： Praerit Garg ,  Cliff Van Dyke ,  Dave M. McPherson ,  Everett McKay

发明人： Praerit Garg ,  Cliff Van Dyke ,  Dave M. McPherson ,  Everett McKay

IPC分类号： H04L29/06

CPC分类号： G06F21/6218 ,  G06F21/602 ,  G06F21/629 ,  G06F2221/2141 ,  G06F2221/2145 ,  G06F2221/2149 ,  H04L63/102

摘要： A role-based authorization management system maintains an authorization policy store that represents user authorizations to perform operations associated with an application. When a user attempts to perform a function associated with an application, the authorization management system verifies that the user is authorized to perform the requested function. The authorization management system also provides an interface for an application administrator to update role-based user authorization policies associated with one or more applications.

公开(公告)号：US07882539B2

公开(公告)日：2011-02-01

申请号：US11445778

申请日：2006-06-02

申请人： Muthukrishnan Paramasivam ,  Charles F. Rose, III ,  Dave M. McPherson ,  Raja Pazhanivel Perumal ,  Satyajit Nath ,  Paul J. Leach ,  Ravindra Nath Pandya

发明人： Muthukrishnan Paramasivam ,  Charles F. Rose, III ,  Dave M. McPherson ,  Raja Pazhanivel Perumal ,  Satyajit Nath ,  Paul J. Leach ,  Ravindra Nath Pandya

IPC分类号： G06F17/00 ,  H04L29/06

CPC分类号： H04L63/102 ,  G06F21/604 ,  H04L63/20

摘要： Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.

摘要翻译： 来自访问检查机制的抽象访问控制策略允许使用具有语义的声明性模型，而不是访问检查机制允许的策略的更丰富的表达。 此外，抽象访问控制策略允许在多个访问检查机制之间统一表达策略。 提供任何访问查询的类似原因，例如谁可以访问从策略语句本身构建的什么资源，独立于提供访问的访问检查机制。 访问被审计，基于访问控制策略提供基于策略的访问原因。

公开(公告)号：US20070283411A1

公开(公告)日：2007-12-06

申请号：US11445778

申请日：2006-06-02

申请人： Muthukrishnan Paramasivam ,  Charles F. Rose ,  Dave M. McPherson ,  Raja Pazhanivel Perumal ,  Satyajit Nath ,  Paul J. Leach ,  Ravindra Nath Pandya

发明人： Muthukrishnan Paramasivam ,  Charles F. Rose ,  Dave M. McPherson ,  Raja Pazhanivel Perumal ,  Satyajit Nath ,  Paul J. Leach ,  Ravindra Nath Pandya

IPC分类号： H04L9/00

CPC分类号： H04L63/102 ,  G06F21/604 ,  H04L63/20

摘要： Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.

摘要翻译： 来自访问检查机制的抽象访问控制策略允许使用具有语义的声明性模型，而不是访问检查机制允许的策略的更丰富的表达。 此外，抽象访问控制策略允许在多个访问检查机制之间统一表达策略。 提供任何访问查询的类似原因，例如谁可以访问从策略语句本身构建的什么资源，独立于提供访问的访问检查机制。 访问被审计，基于访问控制策略提供基于策略的访问原因。