公开(公告)号：US5862323A

公开(公告)日：1999-01-19

申请号：US557754

申请日：1995-11-13

申请人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

发明人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

IPC分类号： G06F12/14 ,  G06F1/00 ,  G06F13/00 ,  G06F13/42 ,  G06F15/16 ,  G06F15/177 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06F21/31 ,  G06F21/46

摘要： A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network system server includes a security server, which is coupled to the main data store, a plurality of clients, which is coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, a password synchronization server, which is coupled to security server and the plurality of secondary data stores, and a password repository, which is coupled to the password synchronization server, that stores the passwords. One of the secondary data stores can retrieve the passwords via the password synchronization server so that each client is able to maintain a single, unique password among the plurality of secondary data stores. Password retrieval is instigated by at least one of the plurality of secondary data stores regardless of the current password status of the secondary data stores.

摘要翻译： 公开了一种在主数据存储和多个辅助数据存储之间提供密码同步的网络系统服务器。 网络系统服务器包括耦合到主数据存储的安全服务器，多个客户端，其耦合到安全服务器以访问主数据存储，其中每个客户端维护唯一的可修改密码，密码同步服务器 ，其耦合到安全服务器和多个辅助数据存储，以及耦合到密码同步服务器的密码存储库，其存储密码。 辅助数据存储中的一个可以通过密码同步服务器检索密码，以便每个客户端能够在多个辅助数据存储之间维护一个唯一的密码。 密码检索是由多个辅助数据存储器中的至少一个引起的，而不管辅助数据存储器的当前密码状态如何。

公开(公告)号：US5832211A

公开(公告)日：1998-11-03

申请号：US557755

申请日：1995-11-13

申请人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

发明人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

IPC分类号： G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F13/00 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06F21/31 ,  G06F21/46

摘要： A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network server further includes a security server, which is coupled to the main data store, a plurality of clients, coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, and a password synchronization server, coupled to the security server and the plurality of secondary data stores, that provides password propagation synchronization to each of the secondary data stores from a user associated with one of the plurality of clients so that user is able to maintain a single, unique password among plurality of secondary data stores. The password propagation is imposed on the plurality of secondary data stores regardless of the current password status of the secondary data stores.

摘要翻译： 公开了一种在主数据存储和多个辅助数据存储之间提供密码同步的网络系统服务器。 网络服务器还包括耦合到主数据存储的安全服务器，耦合到安全服务器的多个客户端，用于访问主数据存储，其中每个客户端维护唯一的可修改的密码和密码同步服务器， 耦合到安全服务器和多个辅助数据存储，其从与多个客户端中的一个客户端相关联的用户提供与每个次要数据存储的密码传播同步，使得用户能够在多个客户端之间维护单个唯一密码 的次要数据存储。 密码传播被施加在多个辅助数据存储上，而不管辅助数据存储器的当前密码状态如何。

公开(公告)号：US06067623A

公开(公告)日：2000-05-23

申请号：US976400

申请日：1997-11-21

申请人： George Robert Blakley, III ,  Richard Jay Cohen ,  Ivan Matthew Milman

发明人： George Robert Blakley, III ,  Richard Jay Cohen ,  Ivan Matthew Milman

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F13/14

CPC分类号： H04L63/0815 ,  G06F21/6236 ,  H04L63/10 ,  Y10S707/99939

摘要： A system and method for controlling client access to enterprise resources through a middle tier server. Enterprise resource authorizations are maintained in a middle tier server. Users authenticate with the server causing it to map and transform the client access authorization into enterprise resource credentials. Enterprise resources are accessed after authorizing using the transformed credentials.

摘要翻译： 一种用于通过中间层服务器控制客户端访问企业资源的系统和方法。 企业资源授权在中间层服务器中进行维护。 用户与服务器进行身份验证，使其将客户端访问授权映射并转换为企业资源凭据。 在使用转换的凭据进行授权后，将访问企业资源。

公开(公告)号：US08122138B2

公开(公告)日：2012-02-21

申请号：US12841207

申请日：2010-07-22

申请人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

发明人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC分类号： G06F15/16 ,  G06F15/173 ,  G06F21/00

CPC分类号： H04L63/101 ,  G06F21/41 ,  H04L63/0807

摘要： A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

摘要翻译： 提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项 和/或在事务期间动态确定。 诸如在线银行或商家的电子商务服务提供商（ECSP）也与AIP保持关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。 用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。 如果ECSP与用户的AIP之一有关系，则当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

公开(公告)号：US20100287291A1

公开(公告)日：2010-11-11

申请号：US12841197

申请日：2010-07-22

申请人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

发明人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC分类号： G06F15/16

CPC分类号： H04L63/101 ,  G06F21/41 ,  H04L63/0807

摘要： A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

公开(公告)号：US07797434B2

公开(公告)日：2010-09-14

申请号：US10334605

申请日：2002-12-31

申请人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

发明人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC分类号： G06F15/16 ,  G06F15/173 ,  G06F21/00

CPC分类号： H04L63/101 ,  G06F21/41 ,  H04L63/0807

摘要： A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPS, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

摘要翻译： 提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项 和/或在事务期间动态确定。 诸如在线银行或商家的电子商务服务提供商（ECSP）也保持与AIP的关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。 用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。 如果ECSP与用户的AIPS之一有关系，那么当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

公开(公告)号：US20100287235A1

公开(公告)日：2010-11-11

申请号：US12841207

申请日：2010-07-22

申请人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

发明人： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC分类号： G06F15/16

CPC分类号： H04L63/101 ,  G06F21/41 ,  H04L63/0807

摘要： A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

摘要翻译： 提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项 和/或在事务期间动态确定。 诸如在线银行或商家的电子商务服务提供商（ECSP）也保持与AIP的关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。 用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。 如果ECSP与用户的AIP之一有关系，则当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

公开(公告)号：US20090094383A1

公开(公告)日：2009-04-09

申请号：US12274869

申请日：2008-11-20

申请人： Heather Maria Hinton ,  George Robert Blakley, III ,  Greg Clark

发明人： Heather Maria Hinton ,  George Robert Blakley, III ,  Greg Clark

IPC分类号： G06F15/16

CPC分类号： H04L63/08 ,  G06F21/41 ,  H04L63/06 ,  H04L63/0815 ,  H04L63/20

摘要： An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user's home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user's browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user's browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.

摘要翻译： 互联网用户直接转移到电子社区中的域，而不返回到本地域或重新认证。 用户的归属域服务器准备并转发具有注册请求的归属域身份cookie（DIDC）到用户的浏览器，注册请求被重定向到电子社区中的附属域服务器。 附属域名服务器准备并向用户浏览器发送附属DIDC注册确认，将注册确认重定向到本地域服务器。 家庭域服务器修改家庭DIDC以包括在附属站点上指示成功登记的符号。 可以为多个附属域重复该过程以实现一部分或整个电子社区的自动注册。

公开(公告)号：US07219154B2

公开(公告)日：2007-05-15

申请号：US10334325

申请日：2002-12-31

申请人： George Robert Blakley, III ,  Heather Maria Hinton ,  Anthony Joseph Nadalin ,  Ajamu Akinwunmi Wesley

发明人： George Robert Blakley, III ,  Heather Maria Hinton ,  Anthony Joseph Nadalin ,  Ajamu Akinwunmi Wesley

IPC分类号： G06F15/16

CPC分类号： H04L63/0815 ,  H04L63/0807 ,  H04L63/104 ,  H04L67/10

摘要： A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.

摘要翻译： 提出了一种方法，其中联合域在联合环境中相互作用。 联盟内的域可以为其他联盟域的用户启动联合单点登录操作。 域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。 信任代理根据需要解释其他联盟域的断言。 信托代理可能与一个或多个信托经纪人有信任关系，信托代理可以依赖信托经纪人来解释断言。 当用户请求从其他联盟域的用户启动了联合单点登录操作的域注销时，域通过请求在其他联盟域的注销操作来启动合并注销操作，这些操作也可以启动注销操作 以级联方式发布到已启动联合单点登录操作的域。

公开(公告)号：US06253251B1

公开(公告)日：2001-06-26

申请号：US08582550

申请日：1996-01-03

申请人： Messaoud Benantar ,  George Robert Blakley, III ,  Anthony Joseph Nadalin

发明人： Messaoud Benantar ,  George Robert Blakley, III ,  Anthony Joseph Nadalin

IPC分类号： G06F954

CPC分类号： G06F21/6218

摘要： A system, method and article of manufacture for integrating object security service authorization in a distributed computing environment, includes one or more processors, a storage system, a system bus, a display sub-system controlling a display device, a cursor control device, an I/O controller for controlling I/O devices, all connected by system bus an operating system such as the OS/2* operating system program (OS/2 is a registered trademark of International Business Machines Corporation), one or more application programs for executing user tasks and an object oriented control program, such as, DSOM Objects program, which is a commercially available product of International Business Machines Corporation, the object oriented control program including mapping a set of methods defined by a given class to a finite and a fixed set of access rights from which a method required access rights set is assigned, and selecting the access rights set by examining two components, first, a family right type and, second, a set of permissions pertaining to each such family, where the rights type is the component which dictates semantics of its set of permissions. Two family types may be employed, operation rights and role rights. Scalability of embodiments of the invention may be demonstrated by the ability of adding new families of rights types along with a corresponding set of permissions for each family.

摘要翻译： 一种用于在分布式计算环境中集成对象安全服务授权的系统，方法和制品，包括一个或多个处理器，存储系统，系统总线，控制显示设备的显示子系统，光标控制设备， 用于控制I / O设备的I / O控制器，全部由系统总线连接诸如OS / 2 *操作系统程序（OS / 2是国际商业机器公司的注册商标）的操作系统，一个或多个应用程序 执行用户任务和面向对象的控制程序，例如作为国际商业机器公司的商业产品的DSOM对象程序，面向对象的控制程序包括将由给定类定义的一组方法映射到有限和 一组固定的访问权限，从中分配一个需要访问权限集的方法，并通过检查两个组件来选择所设置的访问权限，首先， ight类型，其次是与每个这样的家族有关的一组权限，其中权限类型是指定其权限集的语义的组件。 可以雇用两种家庭类型，经营权和角色权。 本发明的实施例的可扩展性可以通过添加新的权限类型的家族以及每个家庭的相应权限集合的能力来证明。