摘要:
Described herein is an implementation of a technology for managing credentials. With an implementation, a credential manager is domain-authentication aware and concurrent authentications with multiple independent networks (e.g., domains) may be established and maintained. Moreover, a credential manager provides a credential model retrofit for legacy applications that only understand the password model. The manager provides a mechanism where the application is only a “blind courier” of credentials between the trusted part of the OS to the network and/or network resource. The manager fully insulates the application from “read” access to the credentials. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.
摘要:
Techniques for data synchronization policies are described. In one or more implementations, techniques may be employed to set data synchronization (“sync”) policies for devices in a data sync environment. The sync policies specify parameters for sync operations in the sync environment, such as how frequently data sync operations are performed, what types of data are synced to particular devices, how frequently particular types of data are synced, and so on. In implementations, the sync policies consider the number of devices that are participating in a sync environment and attributes of the devices in specifying parameters for sync operations. Data can be synchronized among devices in the sync environment based on the sync policies.
摘要:
A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.
摘要:
Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
摘要:
Methods and systems are provided for controlling the scope of delegation of authentication credentials within a network environment. A server is configured to provide a trusted third-party with a ticket authenticating the server, information about a target service that a server seeks to access on behalf of the client, and a service ticket associated with the client. This service ticket may be provided by the client or may be a previously granted service ticket granted to the server for itself in the name of the client. The trusted third-party grants a new service ticket to access the target service to the server, in the client's name, if such delegation is permitted according to delegation constraints associated with the client.
摘要:
Techniques for data synchronization policies are described. In one or more implementations, techniques may be employed to set data synchronization (“sync”) policies for devices in a data sync environment. The sync policies specify parameters for sync operations in the sync environment, such as how frequently data sync operations are performed, what types of data are synced to particular devices, how frequently particular types of data are synced, and so on. In implementations, the sync policies consider the number of devices that are participating in a sync environment and attributes of the devices in specifying parameters for sync operations. Data can be synchronized among devices in the sync environment based on the sync policies.
摘要:
Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
摘要:
Methods and systems are provided to allow users that are authenticated by a trusted external service to gain controlled levels of access to selected local computing resources without requiring the user to also have conventional access control capabilities for the resources.
摘要:
A method and data structure for separating application data from user data in a namespace. The data structure provides an intuitive profile layout for developers or users while supporting legacy applications. The namespace utilizes a hierarchical structure allowing access by developers or users over a network to information contained in identified public folders and/or a user's profile.
摘要:
System(s), method(s), and/or technique(s) (“tools”) are described that enable a user to permit multiple tasks requiring elevated rights with as little as one rights elevation. For example, the tools may enable an installation wizard operating within a limited-rights context to perform multiple tasks that require a higher-rights context with a single rights elevation by the user. The tools may do so using an object agent, an instance of which may be created by the installation wizard following a single rights elevation. This instance of the object agent then creates instances of other objects without requiring that the user elevate his or her rights. These other objects' instances may then run the tasks that require the higher-rights context.