-
公开(公告)号:US6167517A
公开(公告)日:2000-12-26
申请号:US58394
申请日:1998-04-09
申请人: Gary Gilchrist , Steven D. Viavant
发明人: Gary Gilchrist , Steven D. Viavant
CPC分类号: G06F21/32 , G06Q20/4014 , G06Q20/40145
摘要: One embodiment of the present invention provides a method for authenticating an identity of a user in order to secure access to a host system. In this embodiment, the host system receives an identifier for the user from a client system. This identifier is used to retrieve a template containing biometric data associated with the user, and this template is returned to the client. The client then gathers a biometric sample from the user, and compares this biometric sample with the template to produce a comparison result. Next, the client computes a message digest using the template, the comparison result and an encryption key, and sends the message digest to the host system. This computation takes places within a secure hardware module within the client computing system that contains a secure encryption key in order to guard against malicious users on the client system. Next, the host system receives the message digest and authenticates the user by determining whether the message digest was computed using the template, the encryption key, and a comparison result indicating a successful match between the biometric sample and the template. If so, the host has confidence that the client has successfully matched the template with the biometric sample, and the client is allowed to access a service on the host system. By requiring the secure hardware in the client system to include the template in the message digest, the host system can guard against a malicious user who substitutes another template to gain unauthorized access to the host system. In a variation on this embodiment, the host system retrieves the template from a centralized repository for templates.
摘要翻译: 本发明的一个实施例提供了一种用于认证用户的身份以便保护对主机系统的访问的方法。 在该实施例中,主机系统从客户端系统接收用户的标识符。 此标识符用于检索包含与用户相关联的生物特征数据的模板,并将该模板返回给客户端。 然后客户从用户收集生物特征样本,并将该生物特征样本与模板进行比较以产生比较结果。 接下来,客户端使用模板,比较结果和加密密钥计算消息摘要,并将消息摘要发送到主机系统。 该计算发生在包含安全加密密钥的客户端计算系统内的安全硬件模块内,以防止客户端系统上的恶意用户。 接下来,主机系统通过确定消息摘要是否使用模板计算,加密密钥以及指示生物特征样本与模板之间成功匹配的比较结果来接收消息摘要并进行认证。 如果是这样,主机有信心客户端已经将模板与生物特征样本成功匹配,并且允许客户端访问主机系统上的服务。 通过要求客户端系统中的安全硬件将模板包含在消息摘要中,主机系统可以防范代替另一模板的恶意用户获得对主机系统的未经授权的访问。 在该实施例的变型中,主机系统从用于模板的集中式存储库检索模板。
-
公开(公告)号:US08832047B2
公开(公告)日:2014-09-09
申请号:US11191568
申请日:2005-07-27
CPC分类号: H04L67/42 , G06F17/30011 , H04L63/0823
摘要: Systems and techniques to provide distributed document version control. In general, in one implementation, the technique includes: receiving information, in a distributed document control system, specifying a locally saved copy of a first electronic document; determining, in response to the received information, whether the first electronic document should supersede a second electronic document in the distributed document control system; and storing, based on an outcome of the determining, information in the distributed document control system that links the first electronic document with the second electronic document in a superior-subordinate relationship such that when an action is requested with respect to the second, subordinate electronic document, the distributed document control system forces an action to be taken with respect to the first, superior electronic document. Various implementations include those in computer program products and client-server systems.
摘要翻译: 提供分布式文档版本控制的系统和技术。 通常,在一个实现中,该技术包括:在分布式文档控制系统中接收指定本地保存的第一电子文档的副本的信息; 响应于所接收的信息,确定第一电子文档是否应该取代分布式文档控制系统中的第二电子文档; 并且基于所述确定的结果,以分布式文档控制系统中的所述第一电子文档与所述第二电子文档以上下级关系连接的信息来存储,使得当关于所述第二电子文档的从属电子 文件,分发文件控制系统强制采取相对于第一,优越的电子文档的行动。 各种实现包括计算机程序产品和客户端 - 服务器系统中的各种实现。
-
公开(公告)号:US20130212151A1
公开(公告)日:2013-08-15
申请号:US11191568
申请日:2005-07-27
IPC分类号: H04L29/06
CPC分类号: H04L67/42 , G06F17/30011 , H04L63/0823
摘要: Systems and techniques to provide distributed document version control. In general, in one implementation, the technique includes: receiving information, in a distributed document control system, specifying a locally saved copy of a first electronic document; determining, in response to the received information, whether the first electronic document should supersede a second electronic document in the distributed document control system; and storing, based on an outcome of the determining, information in the distributed document control system that links the first electronic document with the second electronic document in a superior-subordinate relationship such that when an action is requested with respect to the second, subordinate electronic document, the distributed document control system forces an action to be taken with respect to the first, superior electronic document. Various implementations include those in computer program products and client-server systems.
摘要翻译: 提供分布式文档版本控制的系统和技术。 通常,在一个实现中,该技术包括:在分布式文档控制系统中接收指定本地保存的第一电子文档的副本的信息; 响应于所接收的信息,确定第一电子文档是否应该取代分布式文档控制系统中的第二电子文档; 并且基于所述确定的结果,以分布式文档控制系统中的所述第一电子文档与所述第二电子文档以上下级关系连接的信息来存储,使得当关于所述第二电子文档的从属电子 文件,分发文件控制系统强制采取相对于第一,优越的电子文档的行动。 各种实现包括计算机程序产品和客户端 - 服务器系统中的各种实现。
-
公开(公告)号:US20140013444A1
公开(公告)日:2014-01-09
申请号:US11311758
申请日:2005-12-19
摘要: Method and apparatus are provided wherein, in one example embodiment, an authentication scheme may be defined as part of a digital rights management policy. Authentication rules are defined for a unit of digital content whose location can be anywhere. Further, the digital rights management system may support many authentication schemes while permitted schemes can be fine tuned for individual policies and therefore for individual units of digital content. According to other example embodiments, one or more preferred authentication schemes can be added to a rights management policy. They can be either requested or required for authentication. In addition, in other example embodiments, the reader application may be informed of specific authentication schemes being demanded for a document. If none of the authentication schemes are available then the user can be informed without attempting to authenticate unsuccessfully.
摘要翻译: 提供了方法和装置,其中在一个示例性实施例中,认证方案可以被定义为数字版权管理策略的一部分。 认证规则是为数位内容的单位定义的,其位置可以在任何地方。 此外,数字版权管理系统可以支持许多认证方案,而允许的方案可以针对个别策略进行微调,因此可以针对数字内容的各个单元。 根据其他示例实施例,可以将一个或多个优选认证方案添加到权限管理策略。 它们可以被请求或需要进行身份验证。 另外,在其他示例性实施例中,读取器应用可以被通知文档所要求的特定认证方案。 如果没有一个验证方案可用,那么可以通知用户,而不尝试不成功地进行身份验证。
-
公开(公告)号:US08621558B2
公开(公告)日:2013-12-31
申请号:US13398434
申请日:2012-02-16
IPC分类号: H04L29/06
CPC分类号: G06F21/105
摘要: Method and apparatus are described wherein, in one example embodiment, there is provided one or more policy templates that may define a set of policy permissions or other attributes that may be desirable to specify in a policy. One or more policy templates may be specified in a user interface of a policy creation and maintenance program that may run on the policy server and/or run on a workstation computer. Each policy template specified by a user may include permissions for how a user may access and use a document. The maintenance program may, in one embodiment, associate both templates to a policy used for a specific unit of digital content, or, for example, an electronic document. The permissions for the policy are determined by aggregating the permissions associated with each respective templates chosen by the user. According to another example embodiment, a user selects a policy template and defines one or more additional permissions to form an augmented policy.
摘要翻译: 描述了方法和装置,其中在一个示例实施例中,提供了一个或多个策略模板,其可以定义一组策略权限或可能期望在策略中指定的其他属性。 可以在可以在策略服务器上运行和/或在工作站计算机上运行的策略创建和维护程序的用户界面中指定一个或多个策略模板。 用户指定的每个策略模板可以包括用户如何访问和使用文档的权限。 在一个实施例中,维护程序可以将两个模板关联到用于特定数字内容单元的策略,或者例如电子文档。 通过聚合与用户选择的每个相应模板相关联的权限来确定策略的权限。 根据另一示例性实施例,用户选择策略模板并定义一个或多个附加权限以形成扩充策略。
-
公开(公告)号:US20070143855A1
公开(公告)日:2007-06-21
申请号:US11311844
申请日:2005-12-19
IPC分类号: H04L9/00 , H04N7/16 , H04L9/32 , G06F17/00 , G06F17/30 , H04K1/00 , G06F7/04 , G06K9/00 , H03M1/68
CPC分类号: G06F21/105
摘要: Method and apparatus are described wherein, in one example embodiment, there is provided one or more policy templates that may define a set of policy permissions or other attributes that may be desirable to specify in a policy. One or more policy templates may be specified in a user interface of a policy creation and maintenance program that may run oh the policy server and/or run on a workstation computer. Each policy template specified by a user may include permissions for how a user may access and use a document. The maintenance program may, in one embodiment, associate both templates to a policy used for a specific unit of digital content, or, for example, an electronic document. The permissions for the policy are determined by aggregating the permissions associated with each respective templates chosen by the user. According to another example embodiment, a user selects a policy template and defines one or more additional permissions to form an augmented policy.
摘要翻译: 描述了方法和装置,其中在一个示例实施例中,提供了一个或多个策略模板,其可以定义一组策略权限或可能期望在策略中指定的其他属性。 可以在可以在策略服务器上运行和/或在工作站计算机上运行的策略创建和维护程序的用户界面中指定一个或多个策略模板。 用户指定的每个策略模板可以包括用户如何访问和使用文档的权限。 在一个实施例中,维护程序可以将两个模板关联到用于特定数字内容单元的策略,或者例如电子文档。 通过聚合与用户选择的每个相应模板相关联的权限来确定策略的权限。 根据另一示例性实施例,用户选择策略模板并定义一个或多个附加权限以形成扩充策略。
-
公开(公告)号:US20120151556A1
公开(公告)日:2012-06-14
申请号:US13398434
申请日:2012-02-16
IPC分类号: G06F21/00
CPC分类号: G06F21/105
摘要: Method and apparatus are described wherein, in one example embodiment, there is provided one or more policy templates that may define a set of policy permissions or other attributes that may be desirable to specify in a policy. One or more policy templates may be specified in a user interface of a policy creation and maintenance program that may run on the policy server and/or run on a workstation computer. Each policy template specified by a user may include permissions for how a user may access and use a document. The maintenance program may, in one embodiment, associate both templates to a policy used for a specific unit of digital content, or, for example, an electronic document. The permissions for the policy are determined by aggregating the permissions associated with each respective templates chosen by the user. According to another example embodiment, a user selects a policy template and defines one or more additional permissions to form an augmented policy.
摘要翻译: 描述了方法和装置,其中在一个示例实施例中,提供了一个或多个策略模板,其可以定义一组策略权限或可能期望在策略中指定的其他属性。 可以在可以在策略服务器上运行和/或在工作站计算机上运行的策略创建和维护程序的用户界面中指定一个或多个策略模板。 用户指定的每个策略模板可以包括用户如何访问和使用文档的权限。 在一个实施例中,维护程序可以将两个模板关联到用于特定数字内容单元的策略,或者例如电子文档。 通过聚合与用户选择的每个相应模板相关联的权限来确定策略的权限。 根据另一示例性实施例,用户选择策略模板并定义一个或多个附加权限以形成扩充策略。
-
公开(公告)号:US08181220B2
公开(公告)日:2012-05-15
申请号:US11311844
申请日:2005-12-19
IPC分类号: H04L29/06
CPC分类号: G06F21/105
摘要: Method and apparatus are described wherein, in one example embodiment, there is provided one or more policy templates that may define a set of policy permissions or other attributes that may be desirable to specify in a policy. One or more policy templates may be specified in a user interface of a policy creation and maintenance program that may run oh the policy server and/or run on a workstation computer. Each policy template specified by a user may include permissions for how a user may access and use a document. The maintenance program may, in one embodiment, associate both templates to a policy used for a specific unit of digital content, or, for example, an electronic document. The permissions for the policy are determined by aggregating the permissions associated with each respective templates chosen by the user. According to another example embodiment, a user selects a policy template and defines one or more additional permissions to form an augmented policy.
摘要翻译: 描述了方法和装置,其中在一个示例实施例中,提供了一个或多个策略模板,其可以定义一组策略权限或可能期望在策略中指定的其他属性。 可以在可以在策略服务器上运行和/或在工作站计算机上运行的策略创建和维护程序的用户界面中指定一个或多个策略模板。 用户指定的每个策略模板可以包括用户如何访问和使用文档的权限。 在一个实施例中,维护程序可以将两个模板关联到用于特定数字内容单元的策略,或者例如电子文档。 通过聚合与用户选择的每个相应模板相关联的权限来确定策略的权限。 根据另一示例性实施例,用户选择策略模板并定义一个或多个附加权限以形成扩充策略。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.018 秒)
