公开(公告)号：US07949787B2

公开(公告)日：2011-05-24

申请号：US10801999

申请日：2004-03-15

申请人： Donald F. Box ,  Christopher G. Kaler ,  David E. Langworthy ,  Steven E. Lucco ,  John Shewchuk ,  Luis Felipe Cabrera ,  Craig A Critchley ,  Geary L. Eppley ,  Bradford H. Lovering ,  Jeffrey C. Schlimmer ,  David Wortendyke ,  Henrik F. Nielsen

发明人： Donald F. Box ,  Christopher G. Kaler ,  David E. Langworthy ,  Steven E. Lucco ,  John Shewchuk ,  Luis Felipe Cabrera ,  Craig A Critchley ,  Geary L. Eppley ,  Bradford H. Lovering ,  Jeffrey C. Schlimmer ,  David Wortendyke ,  Henrik F. Nielsen

IPC分类号： G06F15/16

CPC分类号： G06F9/546 ,  H04L51/066 ,  H04L67/02 ,  H04M1/22

摘要： Systems and methods for open content model Web service messaging in a networked computing environment are described. In one aspect, a transport neutral message is generated that includes message recipient, endpoint addressing information, and one or more reference properties. The reference properties include selectively opaque message context. The transport neutral message is bound to a transport protocol for communication to the message recipient. At least a portion of the selectively opaque message context is not directed to the message recipient.

摘要翻译： 描述了用于开放内容的系统和方法在网络计算环境中的Web服务消息传递。 在一个方面，生成包括消息接收者，端点寻址信息和一个或多个参考属性的传输中性消息。 引用属性包括选择性地不透明的消息上下文。 传输中性消息被绑定到用于与消息接收者通信的传输协议。 选择性地不透明消息上下文的至少一部分不指向消息接收者。

公开(公告)号：US20050204051A1

公开(公告)日：2005-09-15

申请号：US10801999

申请日：2004-03-15

申请人： Donald Box ,  Christopher Kaler ,  David Langworthy ,  Steven Lucco ,  John Shewchuk ,  Luis Cabrera ,  Craig Critchley ,  Geary Eppley ,  Bradford Lovering ,  Jeffrey Schlimmer ,  David Wortendyke ,  Henrik Nielsen

发明人： Donald Box ,  Christopher Kaler ,  David Langworthy ,  Steven Lucco ,  John Shewchuk ,  Luis Cabrera ,  Craig Critchley ,  Geary Eppley ,  Bradford Lovering ,  Jeffrey Schlimmer ,  David Wortendyke ,  Henrik Nielsen

IPC分类号： H04M1/64

CPC分类号： G06F9/546 ,  H04L51/066 ,  H04L67/02 ,  H04M1/22

摘要： Systems and methods for open content model Web service messaging in a networked computing environment are described. In one aspect, a transport neutral message is generated that includes message recipient, endpoint addressing information, and one or more reference properties. The reference properties include selectively opaque message context. The transport neutral message is bound to a transport protocol for communication to the message recipient. At least a portion of the selectively opaque message context is. not directed to the message recipient.

摘要翻译： 描述了用于开放内容的系统和方法在网络计算环境中的Web服务消息传递。 在一个方面，生成包括消息接收者，端点寻址信息和一个或多个参考属性的传输中性消息。 引用属性包括选择性地不透明的消息上下文。 传输中性消息被绑定到用于与消息接收者通信的传输协议。 选择性地不透明的消息上下文的至少一部分是。 没有指向消息收件人。

公开(公告)号：US20060253700A1

公开(公告)日：2006-11-09

申请号：US11254545

申请日：2005-10-20

申请人： Giovanni Della-Libera ,  Christopher Kaler ,  Scott Konersmann ,  Butler Lampson ,  Paul Leach ,  Bradford Lovering ,  Steven Lucco ,  Stephen Millet ,  Richard Rashid ,  John Shewchuk

发明人： Giovanni Della-Libera ,  Christopher Kaler ,  Scott Konersmann ,  Butler Lampson ,  Paul Leach ,  Bradford Lovering ,  Steven Lucco ,  Stephen Millet ,  Richard Rashid ,  John Shewchuk

IPC分类号： H04L9/00 ,  G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC分类号： H04L63/08 ,  G06Q20/3676 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2823

摘要： A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

公开(公告)号：US20060198517A1

公开(公告)日：2006-09-07

申请号：US11074885

申请日：2005-03-07

申请人： Kim Cameron ,  Arun Nanda ,  Josh Benaloh ,  John Shewchuk ,  Daniel Simon ,  Andrew Bortz

发明人： Kim Cameron ,  Arun Nanda ,  Josh Benaloh ,  John Shewchuk ,  Daniel Simon ,  Andrew Bortz

IPC分类号： H04L9/00

CPC分类号： H04L63/0442 ,  G06F21/445 ,  G06F2221/2129 ,  H04L9/0869 ,  H04L9/3218 ,  H04L63/06 ,  H04L2463/061

摘要： Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.

摘要翻译： 本文公开的示例性实施例可以包括用于创建成对安全密钥的方法和系统，包括从网站接收身份密钥，生成主密钥，通过利用所述密钥对的加密功能创建成对对称密钥或非对称密钥对 身份密钥和主密钥，并将成对的公有或对称密钥存储在客户端和网站上。

公开(公告)号：US20070150741A1

公开(公告)日：2007-06-28

申请号：US11299463

申请日：2005-12-12

申请人： Christopher Kaler ,  John Shewchuk

发明人： Christopher Kaler ,  John Shewchuk

IPC分类号： H04L9/00

CPC分类号： H04L63/123 ,  G06F21/445

摘要： A method of securing communications between an application that includes a macro and a Web Service. The method includes an act of, at the macro, generating a request for data. The request for data comprises generating commands for retrieving data, generating security information, and embedding the commands for retrieving data and the security information in a request. The request for data is sent to the Web Service. The requested data is received from the Web Service if the security information provides appropriate authorization to receive the requested data.

摘要翻译： 一种确保包含宏和Web服务的应用程序之间通信的方法。 该方法包括在宏处产生数据请求的动作。 数据请求包括生成用于检索数据的命令，生成安全信息，以及在请求中嵌入用于检索数据和安全信息的命令。 数据请求被发送到Web服务。 如果安全信息提供适当的授权以接收所请求的数据，则从Web服务接收所请求的数据。

公开(公告)号：US20060200866A1

公开(公告)日：2006-09-07

申请号：US11073404

申请日：2005-03-04

申请人： Kim Cameron ,  Arun Nanda ,  Andy Harjanto ,  Stuart Kwan ,  John Shewchuk ,  Bill Barnes ,  Khushru Irani ,  Charles Reeves

发明人： Kim Cameron ,  Arun Nanda ,  Andy Harjanto ,  Stuart Kwan ,  John Shewchuk ,  Bill Barnes ,  Khushru Irani ,  Charles Reeves

IPC分类号： H04L9/32

CPC分类号： H04L63/126 ,  H04L63/1483

摘要： Exemplary embodiments disclosed herein may include a method and system for providing information to a user and safely disclosing identity information over the Internet comprising receiving information from a server, analyzing the information, presenting the analyzed information to a user for validation in a finite number of configurations controlled by a client, and validating of the information by the user.

摘要翻译： 本文公开的示例性实施例可以包括用于向用户提供信息并且通过因特网安全地公开身份信息的方法和系统，包括从服务器接收信息，分析信息，将分析的信息呈现给用户以在有限数量的配置中进行验证 由客户控制，并由用户验证信息。

公开(公告)号：US20050235150A1

公开(公告)日：2005-10-20

申请号：US10827082

申请日：2004-04-19

申请人： Christopher Kaler ,  John Shewchuk ,  Bradford Lovering ,  Daniel Simon

发明人： Christopher Kaler ,  John Shewchuk ,  Bradford Lovering ,  Daniel Simon

IPC分类号： G06F21/00 ,  H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F2221/2103

摘要： The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

摘要翻译： 本发明扩展到验证计算系统的可测量方面。 提供者会向请求者发出一个挑战，质询请求证明请求者被正确地配置为访问资源。 请求者访问指示请求者如何证明访问资源的适当配置的信息。 请求者制定并发送证据，证明请求者配置的一个或多个可衡量的方面是适当的。 提供者收到证据，证明请求者配置的一个或多个可衡量的方面是适当的，并授权请求者访问该资源。 请求者的一个可衡量方面的证明可以与其他类型的认证一起使用，以授权请求者访问提供商的资源。 挑战的解决方案可以预先计算并存储在供应商可访问的位置。

公开(公告)号：US08689296B2

公开(公告)日：2014-04-01

申请号：US11952890

申请日：2007-12-07

申请人： John Shewchuk ,  Kim Cameron ,  Arun Nanda ,  Xiao Xie

发明人： John Shewchuk ,  Kim Cameron ,  Arun Nanda ,  Xiao Xie

IPC分类号： G06F7/04

CPC分类号： H04L63/08 ,  G06F21/33 ,  G06F21/41 ,  H04L63/0853

摘要： A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

摘要翻译： 用于控制数字身份表示（“DIR”）分发和使用的系统和方法提高了DIR使用的安全性，可用性和监督性。 可以通过第二设备获得存储在第一设备上的DIR，以用于满足依赖方的安全策略。 将DIR发布到第二设备需要来自可能与尝试访问依赖方的设备或实体不同的设备或实体的许可。 此外，使用DIR获得身份令牌可以单独要求甚至不同的人或实体的许可，并且可以在接收到与DIR的预期用途有关的令人满意的信息的条件下（例如，依赖方的名称，类型 正在尝试操作等）。 通过控制DIR的分配和使用，主体的身份安全性和对委托人活动的监督控制得到加强。

公开(公告)号：US20060212599A1

公开(公告)日：2006-09-21

申请号：US11422106

申请日：2006-06-05

申请人： Steven Lucco ,  Erik Christensen ,  Andrew Layman ,  David Levin ,  Bradford Lovering ,  Henrik Nielsen ,  John Shewchuk

发明人： Steven Lucco ,  Erik Christensen ,  Andrew Layman ,  David Levin ,  Bradford Lovering ,  Henrik Nielsen ,  John Shewchuk

IPC分类号： G06F15/16

CPC分类号： H04L29/12132 ,  H04L29/12066 ,  H04L45/02 ,  H04L61/1511 ,  H04L61/1552 ,  H04L67/02 ,  H04L67/2814 ,  H04L67/2819

摘要： An apparatus and method is provided for resolving virtual network names using one or more name routers. A conventional Uniform Resource Locator (URL) naming scheme is extended by allowing any component to be mapped to an address. The resolution process occurs recursively through a plurality of name routers. Resolution can be contextual, such that the same virtual network name may be resolved differently depending on the identity of the client or other parameters.

摘要翻译： 提供了一种用于使用一个或多个名称路由器来解析虚拟网络名称的装置和方法。 通过允许任何组件映射到地址来扩展常规的统一资源定位符（URL）命名方案。 解析过程通过多个名称路由器递归地发生。 分辨率可以是上下文的，使得可以根据客户端的身份或其他参数来不同地解析相同的虚拟网络名称。

公开(公告)号：US20060069712A1

公开(公告)日：2006-03-30

申请号：US11272912

申请日：2005-11-14

申请人： Mark Anders ,  Gary Burd ,  Scott Guthrie ,  Satoshi Nakajima ,  Eric Olsen ,  Dmitry Robsman ,  John Shewchuk ,  Michael Toutonghi ,  Manu Vasandani

发明人： Mark Anders ,  Gary Burd ,  Scott Guthrie ,  Satoshi Nakajima ,  Eric Olsen ,  Dmitry Robsman ,  John Shewchuk ,  Michael Toutonghi ,  Manu Vasandani

IPC分类号： G06F15/16

CPC分类号： G06F8/61 ,  G06F9/445 ,  H04L67/10

摘要： A network-based distributed application system is provided in accordance with the present invention for enabling services to be established locally on a client system. The system may include an application and presentation logic, at least a portion of which is interchangeably processed by a server or a client without modification to the portion. The core functionality provided by the application may be preserved between the client and the server wherein improved network performance may provided along with improved offline service capabilities.