-
公开(公告)号:US07647624B2
公开(公告)日:2010-01-12
申请号:US11290971
申请日:2005-11-30
IPC分类号: H04L9/00
CPC分类号: H04L63/0807 , G06F21/31 , G06F21/552 , G06F21/6263
摘要: Techniques are provided for preserving and managing identities within an audit log. Initial entries into a log do not include an explicit and direct reference to an agent that performs a transaction; rather, the agent acquires a temporary transaction identity for the transaction and an indirect reference to the transaction identity is written to the log while the transaction is pending. Once the transaction completes a direct reference to the transaction identity is written to the log, the identity of agent remains transparent until the identity of the agent expires, if at all.
摘要翻译: 提供了在审核日志中保存和管理身份的技术。 日志中的初始条目不包括对执行事务的代理的显式和直接引用; 相反,代理获取事务的临时事务标识,并且在事务处于待处理状态时,将对事务标识的间接引用写入日志。 一旦事务完成,对事务身份的直接引用将被写入日志,代理的身份将保持透明,直到代理的身份到期为止(如果有的话)。
-
公开(公告)号:US20090217351A1
公开(公告)日:2009-08-27
申请号:US12036523
申请日:2008-02-25
CPC分类号: H04L63/0281 , H04L63/0407
摘要: Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.
摘要翻译: 为匿名上网提供技术。 互联网请求在通过Internet路由到目标站点之前在防火墙环境中被拦截。 根据策略评估每个互联网请求,并根据该评估选择一个或多个匿名器。 然后通过适当的匿名器路由Internet请求,以便处理到目标站点。 与防火墙环境相关联的因特网协议(IP)地址和目的地站点的IP地址之间的关系通过来自互联网观察者的匿名器被屏蔽和隐藏。 此外,保护防火墙环境和匿名者之间的安全通信。
-
公开(公告)号:US07316027B2
公开(公告)日:2008-01-01
申请号:US10770677
申请日:2004-02-03
IPC分类号: H04L9/00
CPC分类号: G06F21/41 , H04L63/0428 , H04L63/08 , H04L63/20
摘要: Techniques are provided for dynamically establishing and managing trust relationships. A first principal initially requests a community list. The community list includes identities of one or more second principals with which the first principal can establish trusted relationships with. The community list is associated with a trust specification. The trust specification defines the policies and access rights associated with interactions between the first principal and the second principals during any active trusted relationships. The first principal can dynamically subdivide, manage, and modify entries of the community list and the trust specification, assuming any such modifications are permissible according to global contracts and policies associated with the first principal.
摘要翻译: 提供了动态建立和管理信任关系的技术。 第一位校长最初要求社区名单。 社区列表包括一个或多个第二主体的身份,第一个主体可以与之建立信任关系。 社区列表与信任规范相关联。 信任规范定义了在任何主动信任关系期间与第一主体和第二主体之间的交互相关联的策略和访问权限。 假设根据与第一主体相关的全球合同和政策允许的任何此类修改,第一委员可以动态细分,管理和修改社区列表和信任规范的条目。
-
4.发明授权Techniques for dynamically establishing and managing authentication and trust relationships 有权用于动态建立和管理身份验证和信任关系的技术公开(公告)号:US07299493B1
公开(公告)日:2007-11-20
申请号:US10765523
申请日:2004-01-27
IPC分类号: G06F7/04 , G06F7/58 , G06F15/16 , G06F17/30 , G06K9/00 , G06K19/00 , G06Q40/00 , H04K1/00 , H04L9/00 , H04L9/28
CPC分类号: H04L63/0815 , G06Q40/04
摘要: Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.
摘要翻译: 提供了动态建立和管理认证和信任关系的技术。 身份服务获取和评估与校长之间关系相关的合同。 合同允许身份服务组合认证信息,聚合属性和聚合策略,以驱动和定义各种关系。 这些组合信息在彼此交互过程中由主体消耗,并限制这些交互。 在一些实施例中,约束在主体之间的持续交互期间被动态修改。
-
公开(公告)号:US07681242B2
公开(公告)日:2010-03-16
申请号:US10927553
申请日:2004-08-26
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , G06F9/50 , G06F9/5044 , H04L47/15 , H04L47/70 , H04L47/808 , H04L47/822 , H04L63/10
摘要: Techniques are provided for allocating resources over a network. A resource consumer requests access to a resource over a network. As part of that request, the resource consumer acquires information that permits it to securely communicate with a resource provider. The resource provider controls the resource and once satisfied with the security of a request from a resource consumer allocates the resource for access by the resource consumer.
摘要翻译: 提供了通过网络分配资源的技术。 资源消费者请求通过网络访问资源。 作为该请求的一部分,资源消费者获取允许其与资源提供商安全通信的信息。 资源提供者控制资源,一旦满足来自资源消费者的请求的安全性,就分配资源以供资源消费者访问。
-
6.发明授权公开(公告)号:US07647256B2
公开(公告)日:2010-01-12
申请号:US10767884
申请日:2004-01-29
IPC分类号: A01K5/02
CPC分类号: H04L63/0815 , G06F17/30575 , G06Q10/0875 , H04L67/10 , H04L67/1095
摘要: Techniques are provided for establishing and managing a distributed credential store. An identity service aggregates identity information from one or more identity stores and maintains the information as a remote credential store. Initially, the remote credential store, or portions thereof, is transmitted to a principal service as an initial configuration of a local credential store. A principal interacts with the principal service for defining or modifying a policy that identifies portions of the remote credential store which are to be synchronized with the local credential store. In some embodiments, the principal interacts with the principal service for defining a local policy that identifies portions of the local credential store which are not synchronized with the remote credential store. The interactions between the credential stores are trusted and secured.
摘要翻译: 提供了用于建立和管理分布式凭证存储的技术。 身份服务聚合来自一个或多个身份存储的身份信息,并将信息维护为远程证书存储。 最初,远程凭证存储或其部分作为本地凭证存储的初始配置被发送到主服务。 主体与主体服务进行交互以定义或修改标识将与本地凭据存储同步的远程凭证存储的部分的策略。 在一些实施例中,主体与主服务交互以定义本地策略,该局部策略标识不与远程凭证存储同步的本地凭证存储的部分。 证书存储之间的交互是受信任和安全的。
-
7.发明授权Techniques for dynamically establishing and managing authentication and trust relationships 有权用于动态建立和管理身份验证和信任关系的技术公开(公告)号:US07552468B2
公开(公告)日:2009-06-23
申请号:US11844532
申请日:2007-08-24
CPC分类号: H04L63/0815 , G06Q40/04
摘要: Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.
摘要翻译: 提供了动态建立和管理认证和信任关系的技术。 身份服务获取和评估与校长之间关系相关的合同。 合同允许身份服务组合认证信息,聚合属性和聚合策略,以驱动和定义各种关系。 这些组合信息在彼此交互过程中由主体消耗,并限制这些交互。 在一些实施例中,约束在主体之间的持续交互期间被动态修改。
-
公开(公告)号:US08302161B2
公开(公告)日:2012-10-30
申请号:US12036523
申请日:2008-02-25
CPC分类号: H04L63/0281 , H04L63/0407
摘要: Techniques are presented for anonymous Internet access. Internet requests are intercepted within a firewalled environment before being routed over the Internet to destination sites. Each Internet requests is evaluated in view of policy and one or more anonymizers are selected in response to that evaluation. The Internet requests are then routed through the appropriate anonymizers for processing to the destination sites. A relationship between an Internet Protocol (IP) address associated with the firewalled environment and IP addresses of the destination sites is masked and hidden via the anonymizers from Internet observers. Moreover, a secure communication between the firewalled environment and the anonymizers is maintained.
摘要翻译: 为匿名上网提供技术。 互联网请求在通过Internet路由到目标站点之前在防火墙环境中被拦截。 根据策略评估每个互联网请求,并根据该评估选择一个或多个匿名器。 然后通过适当的匿名器路由Internet请求,以便处理到目标站点。 与防火墙环境相关联的因特网协议(IP)地址和目的地站点的IP地址之间的关系通过来自互联网观察者的匿名器被屏蔽和隐藏。 此外,保护防火墙环境和匿名者之间的安全通信。
-
公开(公告)号:US20080114987A1
公开(公告)日:2008-05-15
申请号:US11590360
申请日:2006-10-31
IPC分类号: H04L9/32 , G06K9/00 , H04L9/00 , G06F17/30 , H04K1/00 , G06F15/16 , G06F7/04 , G06F7/58 , G06K19/00
CPC分类号: H04L63/0815 , G06F21/31 , G06F21/606 , G06F2221/2141
摘要: Techniques for using multiple security access mechanisms for a single identifier are presented. A single identifier is permitted to be associated with multiple authentication secrets. The single identifier resolves to a particular identity in response to the particular authentication secret presented with the single identifier. Moreover, in an embodiment, any resolved identity may have a variety of attributes automatically set for a particular communication session, such as role, access rights, etc.
摘要翻译: 介绍了为单个标识符使用多个安全访问机制的技术。 允许单个标识符与多个认证秘密相关联。 单个标识符响应于用单个标识符呈现的特定认证秘密来解析为特定身份。 此外,在一个实施例中,任何解析的身份可以具有为特定通信会话自动设置的各种属性,诸如角色,访问权限等。
-
公开(公告)号:US10063523B2
公开(公告)日:2018-08-28
申请号:US11225993
申请日:2005-09-14
IPC分类号: H04L29/06
CPC分类号: H04L63/0421 , H04L63/0807 , H04L63/102 , H04L63/20
摘要: Crafted identities are provided. A statement is provided to the principal for using a crafted identity. The statement includes an identifier that provides access to a resource when presented by the principal to the resource. The statement also includes one or more roles and permissions for the crafted identity when accessing the resource.
-
-
-
-
-
-
-
-
-
搜索结果
146 条记录 (耗时 0.025 秒)
