-
1.发明授权Policy driven, credential delegation for single sign on and secure access to network resources 有权政策驱动,凭据授权单点登录和安全访问网络资源公开(公告)号:US07913084B2
公开(公告)日:2011-03-22
申请号:US11441588
申请日:2006-05-26
申请人: Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Bahaa El-Din Mahmoud Kamel
发明人: Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Bahaa El-Din Mahmoud Kamel
IPC分类号: H04L9/32
CPC分类号: H04L63/0815 , H04L9/3273 , H04L63/20 , H04L2209/80
摘要: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
摘要翻译: 提供了一种凭证安全支持提供者(Cred SSP),使任何应用程序能够通过客户端安全支持提供商(SSP)软件将客户端的凭据安全地委派给目标服务器,通过网络计算中的服务器端SSP软件 环境。 本发明的Cred SSP提供了一种安全解决方案,该解决方案部分地基于一组策略,包括针对广泛的攻击的安全性的默认策略,其用于控制和限制从客户机委派用户凭证 到服务器。 这些策略可以用于任何类型的用户凭证,并且不同的策略被设计为减轻广泛的攻击,从而可以针对给定的授权情况,网络条件,信任级别等进行适当的委托。此外,只有可信的子系统,例如 ,本地安全机构(LSA)的受信任的子系统可以访问明文凭据,使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权 清除文本凭据。
-
2.发明申请Policy driven, credential delegation for single sign on and secure access to network resources 有权政策驱动,凭据授权单点登录和安全访问网络资源公开(公告)号:US20070277231A1
公开(公告)日:2007-11-29
申请号:US11441588
申请日:2006-05-26
申请人: Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Buhaa El-Din Mahmoud Kamel
发明人: Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Buhaa El-Din Mahmoud Kamel
IPC分类号: H04L9/32
CPC分类号: H04L63/0815 , H04L9/3273 , H04L63/20 , H04L2209/80
摘要: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
摘要翻译: 提供了一种凭证安全支持提供者(Cred SSP),使任何应用程序能够通过客户端安全支持提供商(SSP)软件将客户端的凭据安全地委派给目标服务器,通过网络计算中的服务器端SSP软件 环境。 本发明的Cred SSP提供了一种安全解决方案,该解决方案部分地基于一组策略,包括针对广泛的攻击的安全性的默认策略,其用于控制和限制从客户机委派用户凭证 到服务器。 这些策略可以用于任何类型的用户凭证,并且不同的策略被设计为减轻广泛的攻击,从而可以针对给定的授权情况,网络条件,信任级别等进行适当的委托。此外,只有可信的子系统,例如 ,本地安全机构(LSA)的受信任的子系统可以访问明文凭据,使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权 清除文本凭据。
-
公开(公告)号:US20120266214A1
公开(公告)日:2012-10-18
申请号:US13532593
申请日:2012-06-25
申请人: Costin Hagiu , Elton Saul , Rajneesh Mahajan , Sergey A. Kuzin , Joy Chik , John E. Parsons , Ashwin Palekar , Ara Bernardi
发明人: Costin Hagiu , Elton Saul , Rajneesh Mahajan , Sergey A. Kuzin , Joy Chik , John E. Parsons , Ashwin Palekar , Ara Bernardi
IPC分类号: G06F21/00
CPC分类号: H04L63/0823 , G06F21/42 , G06F21/606 , G06F2221/2107 , H04L67/14 , H04L67/141
摘要: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.
摘要翻译: 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议,并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后,客户端和服务器交换适当的认证信息,然后建立实现所选通信协议的连接会话,并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接,而不必重新承担大量的连接资源开销。
-
公开(公告)号:US09038162B2
公开(公告)日:2015-05-19
申请号:US13532593
申请日:2012-06-25
申请人: Costin Hagiu , Elton Saul , Rajneesh Mahajan , Sergey A. Kuzin , Joy Chik , John E. Parsons , Ashwin Palekar , Ara Bernardi
发明人: Costin Hagiu , Elton Saul , Rajneesh Mahajan , Sergey A. Kuzin , Joy Chik , John E. Parsons , Ashwin Palekar , Ara Bernardi
CPC分类号: H04L63/0823 , G06F21/42 , G06F21/606 , G06F2221/2107 , H04L67/14 , H04L67/141
摘要: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.
摘要翻译: 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议,并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后,客户端和服务器交换适当的认证信息,然后建立实现所选通信协议的连接会话,并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接,而不必重新承担大量的连接资源开销。
-
公开(公告)号:US08220042B2
公开(公告)日:2012-07-10
申请号:US11354456
申请日:2006-02-15
申请人: Costin Hagiu , Elton Saul , Rajneesh Mahajan , Sergey A. Kuzin , Joy Chik , John E. Parsons , Ashwin Palekar , Ara Bernardi
发明人: Costin Hagiu , Elton Saul , Rajneesh Mahajan , Sergey A. Kuzin , Joy Chik , John E. Parsons , Ashwin Palekar , Ara Bernardi
IPC分类号: G06F9/00
CPC分类号: H04L63/0823 , G06F21/42 , G06F21/606 , G06F2221/2107 , H04L67/14 , H04L67/141
摘要: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.
摘要翻译: 本发明的实施方式至少部分地通过在连接建立阶段早期认证客户端和服务器来有效地建立客户端和服务器之间的安全连接。 发起与服务器的连接的客户端识别在客户端启用的安全通信协议,并在发送到服务器的连接请求中识别这些协议。 服务器处理消息并使用其认为适合连接的通信协议进行响应。 然后,客户端和服务器交换适当的认证信息,然后建立实现所选通信协议的连接会话,并使用协商的通信协议加密消息。 其他实现涉及在虚拟因特网协议地址之后重新建立丢弃的连接,而不必重新承担大量的连接资源开销。
-
公开(公告)号:US08683062B2
公开(公告)日:2014-03-25
申请号:US12039732
申请日:2008-02-28
IPC分类号: G06F15/16
CPC分类号: H04L63/101
摘要: Techniques for centralized publishing of network resources within computer networks are described. Publication of and access to the network resources are controlled from a single, centralized location, advantageously improving the uniformity of network administration responsibilities, and overall robustness of the network.
摘要翻译: 描述了计算机网络中网络资源集中发布的技术。 从单个集中的位置控制对网络资源的发布和访问,有利于提高网络管理责任的统一性和网络的整体鲁棒性。
-
公开(公告)号:US08244051B2
公开(公告)日:2012-08-14
申请号:US11375961
申请日:2006-03-15
CPC分类号: H03M7/30 , G06F9/542 , G06F2209/545
摘要: Embodiments provide for efficient encoding and rendering of remote graphic displays by applying one or more of the following: (1) field encoding for identifying fields of a graphics set such that commonalities of various fields across different graphics languages are identified; (2) resource caching, which treats heterogeneous resources in a homogeneous way when it comes to storing them; (3) determining the type of encoding for remoting items within a graphics set based upon the types of compression mechanisms supported by a remote device; (4) improving responsiveness by rendering with partially sent resources; (5) a mechanism for determining what portions (if any) of a graphics set should be sent to a remote device and in what order; and (6) use of dedicated resources already on a remote device in order to eliminate the transfer of a resource between a local device and the remote device when rendering such resource.
摘要翻译: 实施例通过应用以下一个或多个来提供对远程图形显示的有效编码和渲染:(1)用于识别图形集的字段的字段编码,以便识别跨越不同图形语言的各种字段的共同点; (2)资源缓存,在存储它们时以均匀的方式处理异构资源; (3)基于由远程设备支持的压缩机制的类型,确定用于远程处理图形集内的项目的编码类型; (4)通过部分派发资源提高响应能力; (5)用于确定图形组的哪些部分(如果有的话)应该被发送到远程设备并以什么顺序的机制; 和(6)使用已经在远程设备上的专用资源,以便在渲染此类资源时消除本地设备与远程设备之间的资源传输。
-
公开(公告)号:US20090222565A1
公开(公告)日:2009-09-03
申请号:US12039732
申请日:2008-02-28
IPC分类号: G06F15/16
CPC分类号: H04L63/101
摘要: Techniques for centralized publishing of network resources within computer networks are described. Publication of and access to the network resources are controlled from a single, centralized location, advantageously improving the uniformity of network administration responsibilities, and overall robustness of the network.
摘要翻译: 描述了计算机网络中网络资源集中发布的技术。 从单个集中的位置控制对网络资源的发布和访问,有利于提高网络管理责任的统一性和网络的整体鲁棒性。
-
9.发明授权公开(公告)号:US07580038B2
公开(公告)日:2009-08-25
申请号:US11275624
申请日:2006-01-19
申请人: Joy Chik , John E. Parsons , Brian M Tallman
发明人: Joy Chik , John E. Parsons , Brian M Tallman
CPC分类号: G06F17/214 , G06T11/203 , G09G5/225
摘要: A method and system of operating a remote terminal by a terminal server caches representation data of glyphs to be displayed on the remote terminal to reduce the amount of glyph data that have to be transmitted to the remote terminal through a network connection. The glyph caching is performed on a level of text fragments each of which includes a plurality of glyphs. The remote terminal stores a fragment cache for caching fragments and glyph caches for caching individual glyphs. Each entry in the fragment cache contains data indicating where the glyph data for the glyphs of the fragment are stored in the glyph caches. When the terminal server receives a request to display a text fragment on the remote terminal, it checks whether that fragment is cached at the remote terminal. If so, the terminal server sends a fragment index to the client identifying the entry in the fragment cache for that fragment. The terminal client retrieves the information in the fragment cache entry and then retrieves the glyph data for the glyphs of the fragment from the glyph cache, and displays them on the remote terminal. A tuning device uses a counter mode encryption cipher to encrypt counters associated with media content in order to protect the media content when it is sent to requesting device or controller. The encrypted counters are decrypted in order to consume the media content. The controller may send particular direction to the tuning device as to how the media content, encrypted counters, and other associated data are sent to the controller.
摘要翻译: 由终端服务器操作远程终端的方法和系统缓存要在远程终端上显示的字形的表示数据,以减少必须通过网络连接发送到远程终端的字形数据量。 字形缓存在文本片段的级别上执行,每个文本片段包括多个字形。 远程终端存储缓存用于缓存单个字形的片段和字形缓存的片段缓存。 片段缓存中的每个条目都包含指示片段的字形的字形数据存储在字形缓存中的位置的数据。 当终端服务器收到在远程终端上显示文本片段的请求时,它检查该片段是否在远端终端缓存。 如果是这样,终端服务器向客户端发送一个片段索引,标识该片段的片段高速缓存中的条目。 终端客户端检索片段缓存条目中的信息,然后从字形缓存检索片段的字形的字形数据,并将其显示在远程终端上。 调谐设备使用计数器模式加密密码来加密与媒体内容相关联的计数器,以便在发送到请求设备或控制器时保护媒体内容。 加密的计数器被解密以便消耗媒体内容。 控制器可以向调谐设备发送关于如何将媒体内容,加密的计数器和其他相关联的数据发送到控制器的特定方向。
-
公开(公告)号:US08210704B1
公开(公告)日:2012-07-03
申请号:US12798760
申请日:2010-04-09
申请人: John E. Parsons
发明人: John E. Parsons
IPC分类号: F21V33/00
CPC分类号: F21L2/00 , F21Y2115/10
摘要: A three-part “C” shaped disc of plastic that is placed on a client's shoulders. Several small light bulbs or light emitting diodes (LEDS) are positioned around the apex of the C-shaped disk. The lights are mounted in the disc at a 45-degree angle facing the head to illuminate the lower portions of the head. The lights are mounted in two rows, and are spaced at a distance of a quarter inch apart. This ensures the maximum level of illumination. The top cover can be removed so the LED's can be changed if a light burns out. The power is supplied by an AC outlet and converted to 12 volt DC. The device also has two wing lights that are used to illuminate the sides of the head.
摘要翻译: 一个三部分的“C”形塑料盘放在客户的肩膀上。 几个小灯泡或发光二极管(LEDS)围绕C形盘的顶点定位。 灯以与头部成45度的角度安装在盘中以照亮头部的下部。 灯安装成两排,间隔四分之一英寸的距离。 这确保了最大程度的照明。 顶盖可以拆下,如果光线烧坏,可以更换LED。 电源由交流电源插座提供,转换为12伏直流电。 该装置还有两个机翼灯,用于照亮头部的两侧。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.038 秒)