公开(公告)号：US20130061301A1

公开(公告)日：2013-03-07

申请号：US13224257

申请日：2011-09-01

申请人： Mark Novak ,  Paul J. Leach ,  Yi Zeng ,  Saurav Sinha ,  K. Michiko Short ,  Gopinathan Kannan

发明人： Mark Novak ,  Paul J. Leach ,  Yi Zeng ,  Saurav Sinha ,  K. Michiko Short ,  Gopinathan Kannan

IPC分类号： G06F21/00

CPC分类号： H04L63/0846

摘要： A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

公开(公告)号：US20130061300A1

公开(公告)日：2013-03-07

申请号：US13224255

申请日：2011-09-01

申请人： Mark Novak ,  Paul J. Leach ,  Yi Zeng ,  Saurav Sinha ,  K. Michiko Short ,  Gopinathan Kannan

发明人： Mark Novak ,  Paul J. Leach ,  Yi Zeng ,  Saurav Sinha ,  K. Michiko Short ,  Gopinathan Kannan

IPC分类号： G06F21/00

CPC分类号： G06F21/00 ,  G06F21/6218 ,  H04L9/32 ,  H04L63/0846

摘要： A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

摘要翻译： 分布式系统，其中根据不同的本地时间操作的控制器提供时间依赖的凭证。 通过识别在过渡间隔期间生成的凭证可以避免控制器因产生时间偏差而产生不一致凭据的错误，其中不同的控制器可能会在同一绝对时间产生不同的凭据。 在转换间隔期间，控制器和其他设备可以基于认证功能的性质差异地使用凭证。 每个控制器可以基于自调度续订或基于来自其他设备的请求来定期更新其凭证，使得更新时间被随机延迟抵消以避免过多的网络流量。 控制器可以基于与该时间相关联的加密安全密钥以及识别与该凭证相关联的实体的信息来确定哪个凭证对于任何给定时间是有效的。

公开(公告)号：US20130061299A1

公开(公告)日：2013-03-07

申请号：US13224246

申请日：2011-09-01

申请人： Mark Novak ,  Paul J. Leach ,  Yi Zeng ,  Saurav Sinha ,  K. Michiko Short ,  Gopinathan Kannan

发明人： Mark Novak ,  Paul J. Leach ,  Yi Zeng ,  Saurav Sinha ,  K. Michiko Short ,  Gopinathan Kannan

IPC分类号： G06F21/00

CPC分类号： G06F21/00 ,  G06F21/34 ,  H04L63/065 ,  H04L63/068 ,  H04L67/10 ,  H04L2463/121 ,  H04W12/06

摘要： A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

公开(公告)号：US09118672B2

公开(公告)日：2015-08-25

申请号：US12965445

申请日：2010-12-10

申请人： Mark Fishel Novak ,  Paul J. Leach ,  Liqiang Zhu ,  Paul J. Miller ,  Alexandru Hanganu ,  Yi Zeng ,  Jeremy Dominic Viegas ,  K. Michiko Short

发明人： Mark Fishel Novak ,  Paul J. Leach ,  Liqiang Zhu ,  Paul J. Miller ,  Alexandru Hanganu ,  Yi Zeng ,  Jeremy Dominic Viegas ,  K. Michiko Short

IPC分类号： G06F7/04 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0884 ,  H04L9/3213 ,  H04L63/0807

摘要： A client can communicate with a middle tier, which can then, in turn, communicate with a back end tier to access information and resources on behalf of the client within the context of a system that can scale well. Each individual back end can establish a policy that defines which computing device can delegate to that back end. That policy can be enforced by a domain controller within the same administrative domain as the particular back end. When a middle tier requests to delegate to a back end, the domain controller to which that request was directed can either apply the policy, or, if the domain controller is in a different domain than the targeted back end, it can direct the middle tier to a domain controller in a different domain and can sign relevant information that the middle tier can utilize when communicating with that different domain controller.

摘要翻译： 客户端可以与中间层进行通信，然后可以与后端层进行通信，以便在可以扩展的系统的上下文中代表客户端访问信息和资源。 每个单独的后端可以建立一个策略，定义哪个计算设备可以委托给该后端。 该策略可以由与特定后端相同的管理域中的域控制器实施。 当中间层请求委托给后端时，该请求所针对的域控制器可以应用策略，或者如果域控制器位于与目标后端不同的域中，则可以将中间层 到不同域中的域控制器，并且可以签署中间层在与该不同域控制器通信时可以利用的相关信息。

公开(公告)号：US20120131661A1

公开(公告)日：2012-05-24

申请号：US12965445

申请日：2010-12-10

申请人： Mark Fishel Novak ,  Paul J. Leach ,  Liqiang Zhu ,  Paul J. Miller ,  Alexandru Hanganu ,  Yi Zeng ,  Jeremy Dominic Viegas ,  K. Michiko Short

发明人： Mark Fishel Novak ,  Paul J. Leach ,  Liqiang Zhu ,  Paul J. Miller ,  Alexandru Hanganu ,  Yi Zeng ,  Jeremy Dominic Viegas ,  K. Michiko Short

IPC分类号： G06F15/16

CPC分类号： H04L63/0884 ,  H04L9/3213 ,  H04L63/0807

摘要： A client can communicate with a middle tier, which can then, in turn, communicate with a back end tier to access information and resources on behalf of the client within the context of a system that can scale well. Each individual back end can establish a policy that defines which computing device can delegate to that back end. That policy can be enforced by a domain controller within the same administrative domain as the particular back end. When a middle tier requests to delegate to a back end, the domain controller to which that request was directed can either apply the policy, or, if the domain controller is in a different domain than the targeted back end, it can direct the middle tier to a domain controller in a different domain and can sign relevant information that the middle tier can utilize when communicating with that different domain controller.

摘要翻译： 客户端可以与中间层进行通信，然后可以与后端层进行通信，以便在可以扩展的系统的上下文中代表客户端访问信息和资源。 每个单独的后端可以建立一个策略，定义哪个计算设备可以委托给该后端。 该策略可以由与特定后端相同的管理域中的域控制器实施。 当中间层请求委托给后端时，该请求所针对的域控制器可以应用策略，或者如果域控制器位于与目标后端不同的域中，则可以将中间层 到不同域中的域控制器，并且可以签署中间层在与该不同域控制器通信时可以利用的相关信息。