利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

16 条记录 (耗时 0.027 秒)

    Methods and systems for controlling the scope of delegation of authentication credentials
    1.
    发明授权
    Methods and systems for controlling the scope of delegation of authentication credentials 有权
    用于控制授权凭证授权范围的方法和系统

    公开(公告)号:US07698381B2

    公开(公告)日:2010-04-13

    申请号:US09886146

    申请日:2001-06-20

    申请人: John E. Brezak Richard B. Ward Donald E. Schmidt

    发明人: John E. Brezak Richard B. Ward Donald E. Schmidt

    IPC分类号: G06F15/16

    CPC分类号: H04L63/0807 G06F21/31 G06F21/33 G06F2221/2115

    摘要: Methods and systems are provided for controlling the scope of delegation of authentication credentials within a network environment. A server is configured to provide a trusted third-party with a ticket authenticating the server, information about a target service that a server seeks to access on behalf of the client, and a service ticket associated with the client. This service ticket may be provided by the client or may be a previously granted service ticket granted to the server for itself in the name of the client. The trusted third-party grants a new service ticket to access the target service to the server, in the client's name, if such delegation is permitted according to delegation constraints associated with the client.

    摘要翻译: 提供了方法和系统,用于控制网络环境中的认证凭证委派的范围。 服务器被配置为向受信任的第三方提供认证服务器的票据,关于服务器寻求代表客户端访问的目标服务的信息以及与客户端相关联的服务票据。 该服务票可以由客户提供,也可以是以客户名称授予给服务器的以前授予的服务票据。 如果根据与客户端相关联的委托限制允许这种授权,则可信第三方将以客户端的名称授予新的服务票证以访问服务器。

    Enhanced computer intrusion detection methods and systems
    3.
    发明授权
    Enhanced computer intrusion detection methods and systems 有权
    增强的计算机入侵检测方法和系统

    公开(公告)号:US07900257B2

    公开(公告)日:2011-03-01

    申请号:US12475883

    申请日:2009-06-01

    申请人: Bhalchandra S. Pandit Praerit Garg Richard B. Ward Paul J. Leach Scott A. Field Robert P. Reichel John E. Brezak

    发明人: Bhalchandra S. Pandit Praerit Garg Richard B. Ward Paul J. Leach Scott A. Field Robert P. Reichel John E. Brezak

    IPC分类号: G06F11/00 G06F7/04 G06F12/14

    CPC分类号: G06F21/31 G06F2221/2101

    摘要: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

    摘要翻译: 提供了改进的入侵检测和/或跟踪方法和系统,用于跨越各种计算设备和网络。 例如,某些方法在每个认证/登录过程期间形成基本唯一的审计标识符。 一种方法包括识别与认证/登录过程相关联的一个或多个基本上唯一的参数并将其加密以形成至少一个审核标识符,然后可以由认证/登录过程中涉及的每个设备生成和记录。 然后可以将生成的审核日志文件与来自其他设备的类似审核日志文件一起审核,以跨多个平台跟踪用户。

    Methods and arrangements for controlling access to resources based on authentication method
    6.
    发明授权
    Methods and arrangements for controlling access to resources based on authentication method 有权
    基于认证方式控制资源访问的方法和安排

    公开(公告)号:US07305701B2

    公开(公告)日:2007-12-04

    申请号:US09846175

    申请日:2001-04-30

    申请人: John E. Brezak Peter T. Brundrett Richard B. Ward

    发明人: John E. Brezak Peter T. Brundrett Richard B. Ward

    IPC分类号: G06F7/04

    CPC分类号: G06F21/46 G06F21/6218 G06F2221/2107 G06F2221/2141

    摘要: In accordance with certain aspects of the present invention, improved methods and arrangements are provided that improve access control within a computer. The methods and arrangements specifically identify the authentication mechanism/mechanisms, and/or characteristics thereof, that were used in verifying that a user with a unique name is the actual user that the name implies, to subsequently operating security mechanisms. Thus, differentiating user requests based on this additional information provides additional control.

    摘要翻译: 根据本发明的某些方面,提供了改进的计算机中的访问控制的方法和布置。 所述方法和装置专门识别用于验证具有唯一名称的用户是该名称所涉及的实际用户的身份验证机制/ /或其特征,以便随后运行安全机制。 因此,基于该附加信息区分用户请求提供额外的控制。

    Data synchronization policies
    7.
    发明授权
    Data synchronization policies 有权
    数据同步策略

    公开(公告)号:US09449016B2

    公开(公告)日:2016-09-20

    申请号:US13229527

    申请日:2011-09-09

    申请人: Gyorgy K. Schadt John E. Brezak David A. Nichols Oded Y. Shekel Albert Hwang Patrick R. Jakubowski Ronakkumar N. Desai

    发明人: Gyorgy K. Schadt John E. Brezak David A. Nichols Oded Y. Shekel Albert Hwang Patrick R. Jakubowski Ronakkumar N. Desai

    IPC分类号: G06F17/30

    CPC分类号: G06F17/30176

    摘要: Techniques for data synchronization policies are described. In one or more implementations, techniques may be employed to set data synchronization (“sync”) policies for devices in a data sync environment. The sync policies specify parameters for sync operations in the sync environment, such as how frequently data sync operations are performed, what types of data are synced to particular devices, how frequently particular types of data are synced, and so on. In implementations, the sync policies consider the number of devices that are participating in a sync environment and attributes of the devices in specifying parameters for sync operations. Data can be synchronized among devices in the sync environment based on the sync policies.

    摘要翻译: 描述了数据同步策略的技术。 在一个或多个实现中,可以采用技术来为数据同步环境中的设备设置数据同步(“同步”)策略。 同步策略指定同步环境中同步操作的参数,例如执行数据同步操作的频率,同步到特定设备的数据类型,特定数据类型的频率同步等等。 在实现中,同步策略考虑参与同步环境的设备的数量和设备的属性指定用于同步操作的参数。 基于同步策略,可以在同步环境中的设备之间同步数据。

    Method and system for controlling access privileges for trusted network nodes
    8.
    发明授权
    Method and system for controlling access privileges for trusted network nodes 失效
    用于控制可信网络节点访问权限的方法和系统

    公开(公告)号:US08230485B2

    公开(公告)日:2012-07-24

    申请号:US10941559

    申请日:2004-09-15

    申请人: Sterling M. Reasor Ramesh Chinta Paul J. Leach John E. Brezak Eric R. Flo

    发明人: Sterling M. Reasor Ramesh Chinta Paul J. Leach John E. Brezak Eric R. Flo

    IPC分类号: G06F7/04

    CPC分类号: H04L63/0272 G06F21/31 G06F21/41 G06F21/57 G06F21/6218 G06F2221/2141 G06F2221/2149 H04L63/0815

    摘要: A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

    摘要翻译: 用于控制对计算机的访问的系统和方法提供本地网络中的松散安全性,同时保持对网络的外部访问的强大的安全性。 在一个实施例中,用户可以访问非托管网络内的安全组中的可信节点,而不需要选择,输入和记住登录密码。 要在计算机上为用户建立一个安全的空白密码或一键登录帐户,将生成并存储一个强大的随机密码,并将该帐户指定为空白密码帐户。 如果设备是安全网络组的一部分,则强大的随机密码将复制到其他可信节点。 当具有空白密码帐户的用户希望登录到计算机时,检索所存储的强随机密码,并对用户进行认证。

    Credential management
    9.
    发明授权
    Credential management 有权
    凭证管理

    公开(公告)号:US07210167B2

    公开(公告)日:2007-04-24

    申请号:US09757058

    申请日:2001-01-08

    申请人: John E. Brezak Clifford P. Van Dyke John M. Hawkins Klaus U. Schutz

    发明人: John E. Brezak Clifford P. Van Dyke John M. Hawkins Klaus U. Schutz

    IPC分类号: G06F3/00

    CPC分类号: H04L63/0815 H04L63/0823 H04L63/083 H04L63/0861

    摘要: Described herein is an implementation of a technology for managing credentials. With an implementation, a credential manager is domain-authentication aware and concurrent authentications with multiple independent networks (e.g., domains) may be established and maintained. Moreover, a credential manager provides a credential model retrofit for legacy applications that only understand the password model. The manager provides a mechanism where the application is only a “blind courier” of credentials between the trusted part of the OS to the network and/or network resource. The manager fully insulates the application from “read” access to the credentials. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

    摘要翻译: 这里描述了用于管理凭证的技术的实现。 通过实现,凭证管理器是域认证感知的,并且可以建立和维护具有多个独立网络(例如域)的并发验证。 此外,凭证管理器为只能理解密码模型的遗留应用程序提供证书模型改造。 管理员提供了一种机制,其中应用程序只是操作系统的受信任部分与网络和/或网络资源之间的凭据的“盲快递”。 管理员完全将应用程序从“读取”访问权限隔离到凭据。 本摘要本身并不旨在限制本专利的范围。 在所附权利要求中指出了本发明的范围。

    Data Synchronization Policies
    10.
    发明申请
    Data Synchronization Policies 有权
    数据同步策略

    公开(公告)号:US20130064336A1

    公开(公告)日:2013-03-14

    申请号:US13229527

    申请日:2011-09-09

    申请人: Gyorgy K. Schadt John E. Brezak David A. Nichols Oded Y. Shekel Albert Hwang Patrick R. Jakubowski Ronakkumar N. Desai

    发明人: Gyorgy K. Schadt John E. Brezak David A. Nichols Oded Y. Shekel Albert Hwang Patrick R. Jakubowski Ronakkumar N. Desai

    IPC分类号: H04L7/00

    CPC分类号: G06F17/30176

    摘要: Techniques for data synchronization policies are described. In one or more implementations, techniques may be employed to set data synchronization (“sync”) policies for devices in a data sync environment. The sync policies specify parameters for sync operations in the sync environment, such as how frequently data sync operations are performed, what types of data are synced to particular devices, how frequently particular types of data are synced, and so on. In implementations, the sync policies consider the number of devices that are participating in a sync environment and attributes of the devices in specifying parameters for sync operations. Data can be synchronized among devices in the sync environment based on the sync policies.

    摘要翻译: 描述了数据同步策略的技术。 在一个或多个实现中,可以采用技术来为数据同步环境中的设备设置数据同步(sync)策略。 同步策略指定同步环境中同步操作的参数,例如执行数据同步操作的频率,同步到特定设备的数据类型,特定数据类型的频率同步等等。 在实现中,同步策略考虑参与同步环境的设备的数量和设备的属性指定用于同步操作的参数。 基于同步策略,可以在同步环境中的设备之间同步数据。