-
公开(公告)号:US09450758B1
公开(公告)日:2016-09-20
申请号:US13418270
申请日:2012-03-12
CPC分类号: H04L9/3202 , H04L9/321 , H04L9/3268 , H04L9/3297 , H04L63/0823 , H04L63/166
摘要: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.
摘要翻译: 来自使用第一协议的客户端的第一请求由服务器使用第一协议通过虚拟请求使用第二协议转换成一个或多个第二请求。 客户端可以使用第一协议的参数将虚拟请求组件传递给服务器。 客户端,服务器和/或认证服务之间的格式协议可以允许服务器和/或认证服务使用第二协议将第一协议上的虚拟请求组件转换成一个或多个第二请求。 虚拟请求组件可以证明服务器接收到的认证服务的虚拟请求的真实性。 一旦满足虚拟请求是有效的,则认证服务可以向服务器发出凭证以将一个或多个第二请求发送到独立服务。 虚拟请求可以包括在各种协议中,包括基于证书的协议和基于证书交换的协议。
-
公开(公告)号:US08656471B1
公开(公告)日:2014-02-18
申请号:US13418230
申请日:2012-03-12
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L67/2823
摘要: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.
摘要翻译: 来自使用第一协议的客户端的第一请求由服务器使用第一协议通过虚拟请求使用第二协议转换成一个或多个第二请求。 客户端可以使用第一协议的参数将虚拟请求组件传递给服务器。 客户机,服务器和/或认证服务之间的格式协议可以允许服务器和/或认证服务通过第一协议将虚拟请求组件转换成使用第二协议的一个或多个第二请求。 虚拟请求组件也可以证明服务器接收到的认证服务的虚拟请求的真实性。 一旦满足虚拟请求是有效的,则认证服务可以向服务器发出凭证以将一个或多个第二请求发送到独立服务。 虚拟请求可以包括在各种协议中,包括基于证书的协议和基于证书交换的协议。
-
公开(公告)号:US09240886B1
公开(公告)日:2016-01-19
申请号:US13590038
申请日:2012-08-20
CPC分类号: H04L9/32 , H04L9/3213 , H04L9/3234 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/0884
摘要: A system and method are provided to allow access to one or more computing resources using a single authentication scheme even though some of the computing resources may support different authentication schemes. In various embodiments, upon receiving a user request to access one or more computing resources, a first authentication credential according to a first authentication scheme is generated subsequent to successful authentication of the user. If processing of the request requires a second authentication credential according to a second authentication scheme, the second credential may be encapsulated in the first authentication credential and later extracted and combined with additional information, if necessary, for providing the requested access to the one or more computing resources.
摘要翻译: 提供了一种系统和方法,以允许使用单一认证方案访问一个或多个计算资源,即使一些计算资源可以支持不同的认证方案。 在各种实施例中,在接收到访问一个或多个计算资源的用户请求之后,在用户的成功认证之后生成根据第一认证方案的第一认证证书。 如果处理请求需要根据第二认证方案的第二认证证书,则可以将第二证书封装在第一认证证书中,并且随后被提取并与附加信息组合,如果需要,用于提供对所述一个或多个认证凭证的所请求的访问 计算资源。
-
公开(公告)号:US09203818B1
公开(公告)日:2015-12-01
申请号:US13593274
申请日:2012-08-23
CPC分类号: H04L63/083 , H04L43/106 , H04L63/08 , H04L63/0807 , H04L63/0846 , H04L63/108 , H04L63/168 , H04L63/20 , H04L67/14 , H04L67/146 , H04L67/42 , H04L2463/121
摘要: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
摘要翻译: 存储到cookie或其他安全令牌的会话专用信息可以被选择和/或导致随时间变化,使得较旧的副本随着时间变得不那么有用。 这种方法降低了获取cookie副本的实体在会话中执行未授权任务的能力。 使用请求收到的cookie可以包含可能需要落在当前值的可接受范围内的会话的时间戳和操作计数,以便请求被处理。 返回响应的cookie可以根据各种因素设置为正确的值或从先前值递增。 允许的频带可以随着会话的年龄而减小,并且可以基于会话的事件来连续地更新诸如会话的不良因素的各种参数值。
-
公开(公告)号:US09038148B1
公开(公告)日:2015-05-19
申请号:US13593257
申请日:2012-08-23
CPC分类号: H04L67/14 , G06F21/00 , G06F21/33 , H04L9/00 , H04L29/08621 , H04L63/00 , H04L63/0807 , H04L63/0876 , H04L63/108 , H04L67/146
摘要: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
摘要翻译: 存储到cookie或其他安全令牌的会话专用信息可以被选择和/或导致随时间变化,使得较旧的副本随着时间变得不那么有用。 这种方法降低了获取cookie副本的实体在会话中执行未授权任务的能力。 使用请求收到的cookie可以包含可能需要落在当前值的可接受范围内的会话的时间戳和操作计数,以便请求被处理。 返回响应的cookie可以根据各种因素设置为正确的值或从先前值递增。 允许的频带可以随着会话的年龄而减小,并且可以基于会话的事件来连续地更新诸如会话的不良因素的各种参数值。
-
公开(公告)号:US08996860B1
公开(公告)日:2015-03-31
申请号:US13593288
申请日:2012-08-23
IPC分类号: H04L15/16
CPC分类号: H04L67/14 , H04L63/08 , H04L63/108 , H04L63/205 , H04L67/142
摘要: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.
摘要翻译: 存储到cookie或其他安全令牌的会话专用信息可以被选择和/或导致随时间变化,使得较旧的副本随着时间变得不那么有用。 这种方法降低了获取cookie副本的实体在会话中执行未授权任务的能力。 使用请求收到的cookie可以包含可能需要落在当前值的可接受范围内的会话的时间戳和操作计数,以便请求被处理。 返回响应的cookie可以根据各种因素设置为正确的值或从先前值递增。 允许的频带可以随着会话的年龄而减小,并且可以基于会话的事件来连续地更新诸如会话的不良因素的各种参数值。
-
公开(公告)号:US08705529B2
公开(公告)日:2014-04-22
申请号:US13562254
申请日:2012-07-30
IPC分类号: H04L12/28
CPC分类号: H04L69/08 , H04L51/066 , H04L63/0227 , H04L63/0281 , H04L63/168 , H04L67/10
摘要: A message processing engine may intercept outgoing and incoming messages by bridging an interface between a virtual network interface and a physical network interface. The message processing engine may have a raw packet analyzer that may determine if a packet is to be processed based on a policy, and then may decode the packet using a first set of protocols, perform a translation in the decoded state, then encode the packet using the same or a different set of protocols. The message processing engine may be used to perform translations to enable two otherwise incompatible devices to communicate as well as apply various protocols including security protocols to communications with another device similarly configured. In many embodiments, the raw packet analyzer may be a service with administrative privileges, but the decoder, encoder, and translator may be operated with user privileges.
摘要翻译: 消息处理引擎可以通过桥接虚拟网络接口和物理网络接口之间的接口来截取传出和传入的消息。 消息处理引擎可以具有可以基于策略来确定分组是否被处理的原始分组分析器,然后可以使用第一组协议对分组进行解码,在解码状态下执行翻译,然后对分组进行编码 使用相同或不同的协议集。 消息处理引擎可以用于执行转换以使得两个否则不兼容的设备进行通信,并且将包括安全协议的各种协议应用于与类似配置的另一个设备的通信。 在许多实施例中,原始分组分析器可以是具有管理特权的服务,但是解码器,编码器和翻译器可以用用户权限来操作。
-
公开(公告)号:US20110145685A1
公开(公告)日:2011-06-16
申请号:US13032446
申请日:2011-02-22
申请人: Nicholas Alexander Allen , Erik Bo Christensen , Stephen Maine , Stephen James Millet , Kenneth David Wolf
发明人: Nicholas Alexander Allen , Erik Bo Christensen , Stephen Maine , Stephen James Millet , Kenneth David Wolf
CPC分类号: H03M7/30
摘要: Transforming portions of a message to a destination via a communication protocol. A message is received. It is detected whether the received message includes an encoded envelope. The encoded envelope includes a stack defining parameters including information for handling the received message in an original format. If the received message includes the encoded envelope, the defined parameters are transformed to coded parameters in a common format. The coded parameters express the same information for handling the received message in the communication protocol. The encoded envelope is encapsulated in the received message, and the received message in the common format is delivered to the destination. If the received message does not include an encoded envelope, coded parameters are generated in the common format for the received message by encoding addressing information from the received message. The received message having the coded parameters in the common format is delivered to the destination.
-
公开(公告)号:US20100318654A1
公开(公告)日:2010-12-16
申请号:US12484741
申请日:2009-06-15
申请人: Kartik Paramasivam , James E. Johnson , Nicholas Alexander Allen , John Anthony Taylor , Margaret J. Lye
发明人: Kartik Paramasivam , James E. Johnson , Nicholas Alexander Allen , John Anthony Taylor , Margaret J. Lye
IPC分类号: G06F15/173
CPC分类号: G06Q10/06
摘要: Message intermediation for multiple service instances, while allowing the service instance to control whether messages are processed under a transaction. The message intermediator chooses to dispatch messages among different backend service instances based on any routing rules. The message intermediator performs a peek-lock of message from a forward-end queue, and assigns the message to a service instance. The message is provided into a backward-end queue specific to the assigned service instance. The service instance may then process the message, perhaps under a transaction created at the service instance. Upon completion of processing, the message is deleted in the back-end queue, which causes the forward-end queue to delete the message under the same transaction created by the service instance. Whether or not this deletion at the forward-end is committed or rolled back depends on whether the transaction created at the service instance is committed or rolled back.
摘要翻译: 消息中介为多个服务实例,同时允许服务实例来控制是否在事务处理消息。 消息中介器根据任何路由规则选择在不同的后端服务实例之间分派消息。 消息中介器从前端队列执行消息锁定,并将消息分配给服务实例。 该消息被提供给特定于所分配的服务实例的后端队列。 服务实例然后可以在服务实例创建的事务处理该消息。 完成处理后,消息在后端队列中被删除,这导致前端队列在由服务实例创建的相同事务下删除消息。 是否提交或回滚前端的此删除取决于是否提交或回滚在服务实例创建的事务。
-
公开(公告)号:US20100162264A1
公开(公告)日:2010-06-24
申请号:US12342492
申请日:2008-12-23
申请人: Nicholas Alexander Allen , Raul Guillermo Camacho , Alexander E. Nosov , William Leo Oellermann, JR. , Kartik Paramasivam , Ramasubramaniam Poornalingam , John Anthony Taylor
发明人: Nicholas Alexander Allen , Raul Guillermo Camacho , Alexander E. Nosov , William Leo Oellermann, JR. , Kartik Paramasivam , Ramasubramaniam Poornalingam , John Anthony Taylor
CPC分类号: G06F9/5038 , H04L67/10 , H04L67/2838
摘要: Service virtualization containers to aggregate service functionality from a plurality of services into an apparent service exhibiting the aggregated functionality. A plurality of service implementations is assigned to a service virtualization container. The container selects some of the service operations from the service implementations. One or more message characteristics are assigned to the service operations in one or more routing tables. A message is received at a service endpoint different from the service endpoints of any of the service implementations. A determination is made of one or more message characteristics. The one or more routing tables are consulted to select a determined service operation based on the message characteristics. The message is routed to the selected service implementation. Embodiments may also include functionality for aggregating metadata from service implementations and providing metadata based on the aggregated metadata to clients requesting metadata from a service virtualization container.
摘要翻译: 服务虚拟化容器将服务功能从多个服务聚合成具有聚合功能的明显服务。 多个服务实现被分配给服务虚拟化容器。 容器从服务实现中选择一些服务操作。 一个或多个消息特征被分配给一个或多个路由表中的服务操作。 在与任何服务实现的服务端点不同的服务端点处接收到消息。 确定一个或多个消息特征。 参考一个或多个路由表以基于消息特征来选择确定的服务操作。 消息被路由到所选择的服务实现。 实施例还可以包括用于从服务实现聚合元数据的功能,并且基于聚合的元数据向从服务虚拟化容器请求元数据的客户端提供元数据。
-
-
-
-
-
-
-
-
-
搜索结果
46 条记录 (耗时 0.034 秒)
