-
公开(公告)号:US20100192209A1
公开(公告)日:2010-07-29
申请号:US12359220
申请日:2009-01-23
CPC分类号: H04L63/0861 , G06F21/316 , G06F21/32 , H04L63/0492 , H04L63/08 , H04L67/10 , H04L2463/082 , H04W12/06
摘要: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
摘要翻译: 技术被描述为能够在计算系统上实现被动执行安全性。 计算系统的组件可以基于用户与计算系统的交互作用的观察来被动地认证或授权用户。 该技术可以根据观察结果增加或减少认证或授权级别。 该级别可以指示应该授予用户的访问级别。 当用户或计算设备的组件启动请求时,应用或服务可以确定该级别是否足以满足该请求。 如果级别不足,则应用程序或服务可以提示用户凭据,以便用户被主动认证。 该技术可以使计算系统“信任”认证,使得两个邻近的设备可以共享认证级别。
-
公开(公告)号:US09065812B2
公开(公告)日:2015-06-23
申请号:US12359215
申请日:2009-01-23
申请人: David J. Steeves , Kim Cameron , Todd L. Carpenter , David Foster , Quentin S. Miller , Gregory D. Hartrell
发明人: David J. Steeves , Kim Cameron , Todd L. Carpenter , David Foster , Quentin S. Miller , Gregory D. Hartrell
CPC分类号: G06Q20/027 , G06F21/74 , G06Q20/40 , H04L63/08 , H04L2463/102
摘要: Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.
摘要翻译: 技术描述为保护交易。 该技术可以包括用户可以使用的切换组件来将相关联的移动设备切换到安全模式,使得用户可以确认交易。 在启动交易请求之后,用户可以通过激活交换组件来确认交易请求,这可以使移动设备切换到安全模式。 在安全模式下,移动设备可以防止移动设备进行各种正常的活动,例如执行应用,接收输入,提供输出等等。 切换组件可能暂时禁用其他处理。 在接收到来自用户的确认之后,交换组件可以发送确认通信来完成交易。
-
公开(公告)号:US20100192230A1
公开(公告)日:2010-07-29
申请号:US12359215
申请日:2009-01-23
申请人: David J. Steeves , Kim Cameron , Todd L. Carpenter , David Foster , Quentin S. Miller , Gregory D. Hartrell
发明人: David J. Steeves , Kim Cameron , Todd L. Carpenter , David Foster , Quentin S. Miller , Gregory D. Hartrell
IPC分类号: H04L9/00
CPC分类号: G06Q20/027 , G06F21/74 , G06Q20/40 , H04L63/08 , H04L2463/102
摘要: Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.
摘要翻译: 技术描述为保护交易。 该技术可以包括用户可以使用的切换组件来将相关联的移动设备切换到安全模式,使得用户可以确认交易。 在启动交易请求之后,用户可以通过激活交换组件来确认交易请求,这可以使移动设备切换到安全模式。 在安全模式下,移动设备可以防止移动设备进行各种正常的活动,例如执行应用,接收输入,提供输出等等。 切换组件可能暂时禁用其他处理。 在接收到来自用户的确认之后,交换组件可以发送确认通信来完成交易。
-
公开(公告)号:US08590021B2
公开(公告)日:2013-11-19
申请号:US12359220
申请日:2009-01-23
IPC分类号: H04L29/06
CPC分类号: H04L63/0861 , G06F21/316 , G06F21/32 , H04L63/0492 , H04L63/08 , H04L67/10 , H04L2463/082 , H04W12/06
摘要: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.
摘要翻译: 技术被描述为能够在计算系统上实现被动执行安全性。 计算系统的组件可以基于用户与计算系统的交互作用的观察来被动地认证或授权用户。 该技术可以根据观察结果增加或减少认证或授权级别。 该级别可以指示应该授予用户的访问级别。 当用户或计算设备的组件启动请求时,应用或服务可以确定该级别是否足以满足该请求。 如果级别不足,则应用程序或服务可以提示用户凭据,以便用户被主动认证。 该技术可以使计算系统“信任”认证,使得两个邻近的设备可以共享认证级别。
-
公开(公告)号:US08479006B2
公开(公告)日:2013-07-02
申请号:US12143392
申请日:2008-06-20
申请人: Tariq Sharif , Arun K. Nanda , Craig H. Wittenberg , Lucas R. Melton , Richard Randall , Kim Cameron , Hervey O. Wilson
发明人: Tariq Sharif , Arun K. Nanda , Craig H. Wittenberg , Lucas R. Melton , Richard Randall , Kim Cameron , Hervey O. Wilson
IPC分类号: H04L9/32
CPC分类号: G06F21/64 , G06F2221/2117 , H04L63/0823 , H04L63/123
摘要: Creating a token for use by an entity when digitally signing documents. In a computing environment, a digital identity representation for an entity is accessed. The digital identity representation includes information identifying identity attributes about the entity and capabilities of an identity provider that provides tokens for use by the entity. Context information is accessed. The context information includes information about one or more of which, how or where the attributes for the entity identified in the digital identity representation will be used. A security token is created from the information in the digital identity representation and the context information. The security token makes assertions by the identity provider. The assertions are based on the information in the digital identity representation. The token further includes information related to at least a portion of the context information.
摘要翻译: 创建一个令牌供实体在数字签署文档时使用。 在计算环境中,访问实体的数字身份表示。 数字身份表示包括识别关于实体的身份属性的信息以及提供令牌以供实体使用的身份提供者的能力。 访问上下文信息。 上下文信息包括关于在数字身份表示中识别的实体的属性的一个或多个,如何或何处被使用的信息。 根据数字身份表示和上下文信息中的信息创建安全令牌。 安全令牌由身份提供者进行断言。 断言是基于数字身份表示中的信息。 令牌还包括与上下文信息的至少一部分相关的信息。
-
公开(公告)号:US07822988B2
公开(公告)日:2010-10-26
申请号:US10693172
申请日:2003-10-23
申请人: Kim Cameron , Arun Nanda , Don Hacherl , Murli Satagopan , Stuart Kwan , Colin Brace , Walter Smith , Melissa Dunn
发明人: Kim Cameron , Arun Nanda , Don Hacherl , Murli Satagopan , Stuart Kwan , Colin Brace , Walter Smith , Melissa Dunn
IPC分类号: H04L9/32
CPC分类号: H04L63/102 , G06F21/31 , G06F21/64 , H04L63/126
摘要: In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable. If the identity information is determined to be unreliable, an identity recognition number retrieved from the sender is compared to an identity recognition number generated by the recipient based on information in the received identity information document. If the identity recognition number is verified, the identity information is saved in the recognized identity information store.
摘要翻译: 根据各方面,本发明涉及用于发送身份信息文档的方法和系统,包括从自身身份信息存储中选择身份信息以包括在身份信息文档中。 所选择的身份信息从自身身份信息存储器读取。 生成身份信息文档以包括所选择的身份信息和一个或多个密钥,并且使用与包括在身份信息文档中的密钥之一相关联的密钥进行签名。 然后将身份信息文档发送给收件人。 接收身份信息文档包括从发起者接收签名的身份信息文档。 确定身份信息文档中的身份信息是否可靠。 如果身份信息被确定为可靠,则身份信息被保存在识别的身份信息存储器中。 如果身份信息被确定为不可靠,则根据接收到的身份信息文档中的信息,将从发送者检索到的身份识别号码与由接收者产生的身份识别号码进行比较。 如果身份识别号码被验证,身份信息被保存在识别的身份信息存储中。
-
公开(公告)号:US07788499B2
公开(公告)日:2010-08-31
申请号:US11312920
申请日:2005-12-19
申请人: Kim Cameron , Arun K. Nanda
发明人: Kim Cameron , Arun K. Nanda
IPC分类号: G06F21/00
CPC分类号: G06F21/6263 , G06F21/33 , G06Q30/06 , H04L63/08 , H04L63/10
摘要: A system for providing a digital identity includes a claims transformer programmed to generate a security token including a computational token and a display token, the computational token including one or more claims associated with an identity of a principal, and the display token including display information about the claims in the computational token. The display information is configured to allow the principal to view the display token.
摘要翻译: 一种用于提供数字身份的系统包括被编程为生成包括计算令牌和显示令牌的安全令牌的声明变换器,所述计算令牌包括与主体的身份相关联的一个或多个权利要求,并且所述显示令牌包括关于 计算令牌中的声明。 显示信息被配置为允许主体查看显示令牌。
-
公开(公告)号:US20080289020A1
公开(公告)日:2008-11-20
申请号:US11749020
申请日:2007-05-15
申请人: Kim Cameron , Arun K. Nanda
发明人: Kim Cameron , Arun K. Nanda
IPC分类号: H04L9/32
CPC分类号: H04L9/3231 , H04L9/3213 , H04L9/3247 , H04L63/0807 , H04L63/0861 , H04L2209/56 , H04L2209/60 , H04L2209/80
摘要: An identity system and method uses biometric representation(s) in identity tokens. When a principal requests access to a relying party, the relying party may request an identity token containing a first claim about the principal and a biometric representation of the principal. An identity provider may then create the identity token, including a digital signature. The relying party may receive the identity token through a first channel and decode it. The relying party may also receive and use biometric information about the principal received through a second channel to verify the validity of the first claim at least in part through comparison of the biometric representation to the biometric information.
摘要翻译: 身份系统和方法使用身份令牌中的生物特征表示。 当委托人请求访问依赖方时,依赖方可以请求包含关于主体的第一个声明的身份令牌和主体的生物特征表示。 身份提供者然后可以创建身份令牌,包括数字签名。 依赖方可以通过第一个通道接收身份令牌并对其进行解码。 依赖方还可以接收和使用通过第二信道接收到的主体的生物特征信息,至少部分地通过生物特征表示与生物特征信息的比较来验证第一权利要求的有效性。
-
公开(公告)号:US20080178271A1
公开(公告)日:2008-07-24
申请号:US11856617
申请日:2007-09-17
申请人: Vijay K Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
IPC分类号: G06F7/04
CPC分类号: G06F21/33 , H04L9/3213 , H04L63/08 , H04L63/102 , H04L2209/56 , H04L2209/80
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(“DIR”)的系统和方法使用各种技术和结构来简化管理,增加准确性并减少数字身份提供系统的不一致性。 使用公共标识数据存储来提供系统以用于DIR发行和身份令牌发行,从而减少同步问题。 提供了各种方法来创建新的DIR,通知可用DIR的主体,并批准发布新的DIR。
-
公开(公告)号:US07389335B2
公开(公告)日:2008-06-17
申请号:US09995004
申请日:2001-11-26
IPC分类号: G06F15/173
CPC分类号: G06Q10/10
摘要: The described arrangements and procedures use a directory, with its integrated view of resource identity across a distributed system to dynamically execute and manage workflow solutions responsive to changes in the directory. Specifically, a state change to an object in a directory is detected. Responsive to detecting the state change, the state change is mapped to a corresponding workflow, which includes sequences of tasks. The identified sequences of tasks are then executed to achieve a desired state in the directory. The desired state is based on the detected state change.
摘要翻译: 所描述的安排和过程使用一个目录,并在分布式系统中集成了资源标识视图,以便根据目录的变化来动态地执行和管理工作流程解决方案。 具体地,检测到对目录中的对象的状态改变。 响应于检测状态变化,状态变化被映射到相应的工作流,其中包括任务序列。 然后执行所识别的任务序列以在目录中实现期望的状态。 所需状态基于检测到的状态变化。
-
-
-
-
-
-
-
-
-
搜索结果
95 条记录 (耗时 0.042 秒)
