-
1.发明申请公开(公告)号:US20100235637A1
公开(公告)日:2010-09-16
申请号:US12666276
申请日:2008-06-23
申请人: H.Karen Lu , Asad Mahboob Ali , Kapil Sachdeva
发明人: H.Karen Lu , Asad Mahboob Ali , Kapil Sachdeva
CPC分类号: H04L63/0853 , G06F21/6263 , H04L63/1441 , H04L63/18
摘要: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser.The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.
摘要翻译: 本发明涉及包括用于连接到计算机的连接装置的便携式认证令牌,用于与在计算机上运行的浏览器进行通信的浏览器通信装置以及用于将令牌的用户认证到服务器的用户认证装置。 当用户从计算机的浏览器连接到服务器时,通过浏览器通信装置触发用户认证装置。 用户认证装置设置为通过浏览器与服务器通信来认证用户。 令牌包括带外令牌通信装置,设置为通过在令牌和服务器之间建立通信信道来验证用户认证,通信信道绕过浏览器。 本发明还涉及一种认证方法以及一种系统,该系统包括令牌,计算机和服务器,用户使用令牌进行认证。
-
2.发明授权公开(公告)号:US08527757B2
公开(公告)日:2013-09-03
申请号:US12666276
申请日:2008-06-23
IPC分类号: H04L29/06
CPC分类号: H04L63/0853 , G06F21/6263 , H04L63/1441 , H04L63/18
摘要: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser.The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.
摘要翻译: 本发明涉及包括用于连接到计算机的连接装置的便携式认证令牌,用于与在计算机上运行的浏览器进行通信的浏览器通信装置以及用于将令牌的用户认证到服务器的用户认证装置。 当用户从计算机的浏览器连接到服务器时,通过浏览器通信装置触发用户认证装置。 用户认证装置设置为通过浏览器与服务器通信来认证用户。 令牌包括带外令牌通信装置,设置为通过在令牌和服务器之间建立通信信道来验证用户认证,通信信道绕过浏览器。 本发明还涉及一种认证方法以及一种系统,该系统包括令牌,计算机和服务器,用户使用令牌进行认证。
-
3.发明授权Enforcing time-based transaction policies on devices lacking independent clocks 有权对缺乏独立时钟的设备执行基于时间的交易策略公开(公告)号:US07926096B2
公开(公告)日:2011-04-12
申请号:US11216363
申请日:2005-08-31
IPC分类号: H04L29/06
CPC分类号: G06F1/14 , H04J3/0638 , H04L9/3234 , H04L9/3271 , H04L9/3297 , H04L63/0846 , H04L63/166 , H04L2209/56
摘要: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.
摘要翻译: 一种用于操作不能独立地维护本地时钟的设备的系统和方法,以执行需要可靠时间参考的基于时间的事务策略。 设备建立到一个或多个网络连接的时间源的安全通信信道,并且使用安全通信信道查询关于当前时间的网络连接的时间源中的每一个。 设备从网络连接的时间源接收当前时间,并使用接收到的当前时间来估计当前日历时间,并计算与估计的当前日历时间相关联的可靠性指标。 该设备使用估计的当前日历时间和可靠性指数来执行基于时间的交易策略。
-
4.发明授权Method for secure delegation of trust from a security device to a host computer application for enabling secure access to a resource on the web 有权将信任从安全设备安全地委派给主计算机应用程序以实现对网络上的资源的安全访问的方法公开(公告)号:US07565536B2
公开(公告)日:2009-07-21
申请号:US11219466
申请日:2005-09-02
申请人: Apostol Vassilev , Kapil Sachdeva
发明人: Apostol Vassilev , Kapil Sachdeva
CPC分类号: H04L9/3234 , H04L9/3263 , H04L63/0823 , H04L63/0853
摘要: Secure authentication of a user on a host computer to a web server including a security device acquiring trust or a security context from the web server. The security device is operable of providing an X.509 certificate to a browser plug-in on the host computer. The browser plug-in on the host computer performing authentication of the security device and in response providing user credentials to the security device. The security device performing authentication of the user and requests a security context from the web server. In response, the web server provides a security context to the security device. The security device delegates the web server trust by transmitting the context to the host computer and enabling the user to securely access resources on the web server.
摘要翻译: 将主机上的用户安全认证到Web服务器,包括从Web服务器获取信任或安全上下文的安全设备。 安全设备可操作以向主机上的浏览器插件提供X.509证书。 主机上的浏览器插件执行安全设备的认证,并响应向安全设备提供用户凭证。 所述安全设备执行所述用户的认证并从所述Web服务器请求安全上下文。 作为响应,Web服务器向安全设备提供安全上下文。 安全设备通过将上下文传送到主计算机来委托Web服务器信任,并使得用户能够安全地访问web服务器上的资源。
-
5.发明申请SYSTEM AND METHOD FOR PROVIDING SECURITY IN BROWSER-BASED ACCESS TO SMART CARDS 有权基于浏览器的智能卡访问安全的系统和方法公开(公告)号:US20110320818A1
公开(公告)日:2011-12-29
申请号:US13255106
申请日:2010-03-05
IPC分类号: H04L9/32
CPC分类号: H04L63/126 , G06F21/34 , H04L67/02 , H04L67/34 , H04W8/205
摘要: A method of operating a host computer having a web-browser with the capability of executing at least one web-browser add-on to provide a web application access to a smart card to protect the smart card from security threats associated with being connected to the Internet. Prior to establishing a connection between a web application executing in the web browser, verifying that the web application has been authorized to connect to a smart care using the web-browser add-on to provide a web application access to a smart card.
摘要翻译: 一种操作具有网络浏览器的主计算机的方法,所述主机具有执行至少一个网络浏览器附件的能力,以提供对智能卡的web应用访问,以保护智能卡免受与连接到智能卡相关联的安全威胁 互联网。 在建立在web浏览器中执行的web应用程序之间的连接之后,验证Web应用程序是否被授权使用web浏览器附件来连接到智能护理以提供web应用程序访问智能卡。
-
6.发明授权Imparting digital uniqueness to the types of a programming language using a unique digital sequence 失效使用独特的数字序列,将数字唯一性传递给编程语言的类型公开(公告)号:US07698703B2
公开(公告)日:2010-04-13
申请号:US11170572
申请日:2005-06-29
申请人: Kapil Sachdeva , Sylvain Prevost
发明人: Kapil Sachdeva , Sylvain Prevost
IPC分类号: G06F9/45
CPC分类号: G06F9/44521 , G06F9/44552
摘要: A system and method for establishing uniqueness in type definition names. Each application vendor has associated therewith a unique data sequence. The data sequence is combined with the type definition name and then a digital operation is performed to produce a unique digital identifier that is used in place of the type name.
摘要翻译: 一种用于在类型定义名称中建立唯一性的系统和方法。 每个应用程序供应商都与其相关联的唯一数据序列。 将数据序列与类型定义名称组合,然后执行数字操作以产生用于代替类型名称的唯一数字标识符。
-
7.发明申请Enforcing time-based transaction policies on devices lacking independent clocks 有权对缺乏独立时钟的设备执行基于时间的交易策略公开(公告)号:US20070058812A1
公开(公告)日:2007-03-15
申请号:US11216363
申请日:2005-08-31
IPC分类号: H04K1/00
CPC分类号: G06F1/14 , H04J3/0638 , H04L9/3234 , H04L9/3271 , H04L9/3297 , H04L63/0846 , H04L63/166 , H04L2209/56
摘要: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.
摘要翻译: 一种用于操作不能独立地维护本地时钟的设备的系统和方法,以执行需要可靠时间参考的基于时间的事务策略。 设备建立到一个或多个网络连接的时间源的安全通信信道,并且使用安全通信信道查询关于当前时间的网络连接的时间源中的每一个。 设备从网络连接的时间源接收当前时间,并使用接收到的当前时间来估计当前日历时间,并计算与估计的当前日历时间相关联的可靠性指标。 该设备使用估计的当前日历时间和可靠性指数来执行基于时间的交易策略。
-
8.发明授权User to user delegation service in a federated identity management environment 有权联合身份管理环境中的用户到用户委派服务公开(公告)号:US09401918B2
公开(公告)日:2016-07-26
申请号:US14007328
申请日:2012-03-26
CPC分类号: H04L63/10 , G06F21/00 , G06F21/6218 , G06F2221/2137 , H04L9/32 , H04L29/06
摘要: Method for providing user-to-user delegation service in federated identity environment, characterized in that it comprises a delegation or assignment step wherein a delegator specifies said delegation at an identity provider for delegating a privilege or task to a delegatee to be performed at a service provider.
摘要翻译: 用于在联合身份环境中提供用户到用户委托服务的方法,其特征在于,其包括委托或分配步骤,其中委托者在身份提供者处指定所述委托以将特权或任务委托给在服务中执行的委托人 提供者
-
公开(公告)号:US20090064301A1
公开(公告)日:2009-03-05
申请号:US11849117
申请日:2007-08-31
IPC分类号: G06F7/04
CPC分类号: G06F17/30896 , G06F9/468 , G06F21/33 , G06F21/34 , G06F2221/2119
摘要: A client-side application extension executable on a host computer from within a web-browser having the capability of executing at least one web-browser add-on to provide a user access to a smart card, connected to the host computer having a smart card resource manager, via the web-browser. The web-browser extension has instructions to direct the central processing unit to access data on the smart card via a web-browser and platform independent interface module and a web-browser and platform dependent wrapper module connected to the web-browser and platform independent interface module and to the smart card resource manager having a function processing module operable to receive a call to the at least one function for accessing data on the smart card and for transforming the function call into a corresponding call to the smart card resource manager.
摘要翻译: 客户端应用扩展在主机计算机上可在网络浏览器内执行,该网络浏览器具有执行至少一个网络浏览器附件的功能,以向用户提供连接到具有智能卡的主计算机的智能卡的用户访问 资源管理器,通过网络浏览器。 网络浏览器扩展具有指示中央处理单元通过网络浏览器和独立于平台的接口模块访问智能卡上的数据,以及连接到网络浏览器和平台独立接口的网络浏览器和平台依赖的包装器模块 模块和具有功能处理模块的智能卡资源管理器,所述功能处理模块可操作以接收对所述至少一个功能的呼叫以访问所述智能卡上的数据,并用于将所述功能呼叫转换为对所述智能卡资源管理器的对应呼叫。
-
公开(公告)号:US20070101145A1
公开(公告)日:2007-05-03
申请号:US11263324
申请日:2005-10-31
IPC分类号: H04L9/00
CPC分类号: H04L9/3271 , H04L9/3247 , H04L63/0815 , H04L63/12 , H04L2209/68
摘要: A consent service on a host computer providing cryptographically signed consent for user attributes by a user on a host computer to a web service provider. The consent service is operable to provide decryption of the user attributes acquired by the web service provider from an identity provider. The consent service displaying and acquiring user consent to one or more user attributes displayed in a browser web page to the user on the host computer. The consent service is operable to provide encryption of the user consented attributes and to generate cryptographically signed consent of the user. The consent service conveying and transmitting the user consented attribute and cryptographically signed user consent to the web service provider. The web service provider is operable to provide decryption of the user consented attributes and storing the user consented attributes and signed user consent. The web service provider sharing user consented attributes and user signed consent with other web service providers so the user on the host computer can access resources on the other web service providers without multiple authentication or any further interaction with the identity provider.
摘要翻译: 主机上的同意服务,由主机上的用户向Web服务提供商提供加密签名的用户属性同意。 同意服务可操作以从身份提供者提供由web服务提供商获取的用户属性的解密。 同意服务向主机上的用户显示并获取在浏览器网页中显示的一个或多个用户属性的用户同意。 同意服务可操作地提供用户同意的属性的加密并且生成用户的加密签名的同意。 同意服务传达和传送用户同意的属性,并加密地签署用户同意Web服务提供商。 网络服务提供者可操作地提供用户同意属性的解密并存储用户同意的属性和签名的用户同意。 Web服务提供商与其他Web服务提供商共享用户同意的属性和用户签名的同意,因此主计算机上的用户可以访问其他Web服务提供商上的资源,而无需多次身份验证或与身份提供者的任何进一步交互。
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.02 秒)
