公开(公告)号：US20070101418A1

公开(公告)日：2007-05-03

申请号：US11533296

申请日：2006-09-19

申请人： David Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William Soley

发明人： David Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William Soley

IPC分类号： G06F17/30

CPC分类号： H04L63/0815 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F21/6209 ,  G06F2221/2113 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US20060070114A1

公开(公告)日：2006-03-30

申请号：US11224675

申请日：2005-09-12

申请人： David Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William Soley

发明人： David Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William Soley

IPC分类号： H04L9/32

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US06944761B2

公开(公告)日：2005-09-13

申请号：US10643813

申请日：2003-08-19

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F1/00 ,  G06F21/00 ,  H04L29/06 ,  G06F11/30

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US06892307B1

公开(公告)日：2005-05-10

申请号：US09368507

申请日：1999-08-05

申请人： David L. Wood ,  Derk Norton ,  Paul Weschler ,  Chris Ferris ,  Yvonne Wilson

发明人： David L. Wood ,  Derk Norton ,  Paul Weschler ,  Chris Ferris ,  Yvonne Wilson

IPC分类号： G06F1/00 ,  G06F21/00 ,  H04L29/06 ,  G06F11/30 ,  G06F12/14 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04L63/0815 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L9/3213 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels and a log-on service obtains credentials for an entity commensurate with the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 认证方案（例如，基于密码，证书，生物识别技术，智能卡等）的认证方案与信任级别相关联，并且登录服务获得与信息的信任级要求相称的实体的证书 要访问的资源（或信息资源）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US06609198B1

公开(公告)日：2003-08-19

申请号：US09368506

申请日：1999-08-05

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F126

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on. An entity (e.g., a user or an application) may initially log-on with a credential suitable for one or more resources in an initial resource set, but then require access to resource requiring authentication at higher trust level. In such case, the log-on service allows additional credentials to be provided to authenticate at the higher trust level. The log-on service allows upgrading and/or downgrading without loss of session continuity (i.e., without loss of identity mappings, authorizations, permissions, and environmental variables, etc.).

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。 安全架构允许升级给定会话的凭据。 在单个企业级登录的上下文中，此功能特别有利。 实体（例如，用户或应用程序）最初可以使用适合于初始资源集中的一个或多个资源的凭证登录，但是然后需要访问需要在较高信任级别进行认证的资源。 在这种情况下，登录服务允许提供额外的凭据以在较高的信任级别进行身份验证。 登录服务允许升级和/或降级而不会丢失会话连续性（即，不会丢失身份映射，授权，许可和环境变量等）。

公开(公告)号：US07325128B2

公开(公告)日：2008-01-29

申请号：US11533296

申请日：2006-09-19

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F9/00

CPC分类号： H04L63/0815 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F21/6209 ,  G06F2221/2113 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。

公开(公告)号：US07117359B2

公开(公告)日：2006-10-03

申请号：US11224675

申请日：2005-09-12

申请人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

发明人： David L. Wood ,  Paul Weschler ,  Derk Norton ,  Chris Ferris ,  Yvonne Wilson ,  William R. Soley

IPC分类号： G06F1/24

CPC分类号： G06F21/6209 ,  G06F21/31 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F2211/009 ,  G06F2221/2113 ,  H04L63/0815 ,  H04L63/105

摘要： A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. In addition, an entity can be allocated a new session and associated default credential if the entity's access request indicates an invalid session token or does not indicate a token.

摘要翻译： 已经开发了一种安全架构，其中为多个信息资源提供单一登录。 安全架构不是为所有信息资源指定单一认证方案，而是将信任级别的需求与信息资源相关联。 取决于要访问的信息资源（或信息资源）的信任级别要求来采用认证方案（例如基于密码，证书，生物识别技术，智能卡等）。 一旦获得了实体的凭证，并且该实体已经被认证到给定的信任级别，则不需要进一步的凭证和身份验证就允许访问被认证的信任级别足够的信息资源。 此外，如果实体的访问请求指示无效的会话令牌或者不指示令牌，则可以向实体分配新的会话和相关的默认凭证。

公开(公告)号：US06338138B1

公开(公告)日：2002-01-08

申请号：US09106304

申请日：1998-06-29

申请人： William J. Raduchel ,  Abhay Gupta ,  Yvonne Wilson

发明人： William J. Raduchel ,  Abhay Gupta ,  Yvonne Wilson

IPC分类号： H04L900

CPC分类号： G06F21/6218 ,  G06F17/30067 ,  G06F2221/2141 ,  G06Q20/367 ,  G06Q20/3674 ,  G06Q20/382 ,  G06Q20/4012 ,  G11B27/034 ,  G11B27/34 ,  G11B2220/2562

摘要： A network-based authentication scheme is provided that performs authentication in a centralized manner for the stand-alone computers of a particular organization. Since authentication is centralized, the individual computers do not need to store authentication information, and control over all of the computers rests in a single location, enabling the system administrator to manage access and utilization of the computers from this location. The network-based authentication scheme includes an authentication manager, remotely located with respect to a local computer, that performs authentication for the local computer. The authentication manager receives login information from the local computer, verifies this information against an authentication file, and returns indications of the services on the local computer that the user is able to utilize. The local computer receives these indications and displays icons representing the services available to that user. The user may then select an icon, causing an applet to be downloaded from the authentication manager onto the local computer to facilitate the user's utilization of the corresponding service.

摘要翻译： 提供了基于网络的认证方案，其以集中的方式对特定组织的独立计算机进行认证。 由于认证是集中的，因此各个计算机不需要存储认证信息，并且所有计算机的控制都在一个位置上，使得系统管理员可以从该位置管理计算机的访问和利用。 基于网络的认证方案包括相对于本地计算机远程定位的认证管理器，其为本地计算机执行认证。 验证管理器从本地计算机接收登录信息，根据认证文件验证该信息，并返回用户能够利用的本地计算机上的服务指示。 本地计算机接收这些指示并显示表示该用户可用的服务的图标。 然后，用户可以选择一个图标，导致小程序从认证管理器下载到本地计算机上，以便于用户对相应服务的利用。