Delegating right to access resource or the like in access management system
    2.
    发明授权
    Delegating right to access resource or the like in access management system 有权
    在访问管理系统中授权访问资源等

    公开(公告)号:US07770206B2

    公开(公告)日:2010-08-03

    申请号:US11077574

    申请日:2005-03-11

    IPC分类号: G06F7/04

    摘要: A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.

    摘要翻译: 第一组织的资源提供对第二组织的请求者的访问。 第一个组织的第一个管理员向第二个组织的第二个管理员颁发第一个凭据,包括第二个管理员可以代表第一个管理员向请求者发出第二个凭证的策略。 第二个管理员向请求者发出第二个凭证,包括发出的第一个凭证。 请求者请求从资源的访问,并且包括发出的第一和第二凭证。 该资源验证所发出的第一个凭证将第一个管理员与第二个管理员相关联,并且发出的第二个凭证将第二个管理员与请求者联系起来。 因此,该资源知道该请求基于通过第二管理员从第一管理员委派给请求者的权限。

    Distributed knowledge access control
    8.
    发明申请
    Distributed knowledge access control 审中-公开
    分布式知识访问控制

    公开(公告)号:US20080301758A1

    公开(公告)日:2008-12-04

    申请号:US11809856

    申请日:2007-05-31

    IPC分类号: H04L9/00

    CPC分类号: G06F21/604

    摘要: Techniques for distributed knowledge access control are disclosed herein. These techniques may enable access control information to be provided in the form of a statement that includes an assertion and a construct that targets the assertion to one or more intended entities. By targeting the statement to intended entities, the construct may help protect resources from unauthorized use and may also help protect the issuer of the statement from accountability resulting from misuse of the statement.

    摘要翻译: 本文公开了用于分布式知识访问控制的技术。 这些技术可以使访问控制信息能够以声明的形式提供,该语句包括断言和针对一个或多个预期实体的断言的构造。 通过将该声明定位到预期实体,该构造可以帮助保护资源免遭未经授权的使用,并且还可以帮助保护声明的发行者不被滥用声明所导致的问题。

    Flexible licensing architecture in content rights management systems
    10.
    发明申请
    Flexible licensing architecture in content rights management systems 有权
    内容权限管理系统中灵活的许可架构

    公开(公告)号:US20060173788A1

    公开(公告)日:2006-08-03

    申请号:US11048087

    申请日:2005-02-01

    IPC分类号: H04L9/00

    CPC分类号: G06F21/10

    摘要: A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.

    摘要翻译: 向用户颁发许可证作为解密和授权部分。 解密部分仅由该用户访问,并且具有用于解密对应的加密数字内容的解密密钥(KD)以及验证包括根信任授权的标识的信息。 授权部分列出与数字内容和条件相关的权利,该数字内容和条件必须满足以行使所授予的权利,并且具有根据所述解密部分中确定的根信任权限验证的数字签名。 用户发出访问解密部分并在其中采用验证信息来验证授权部分的数字签名。 如果授权部分中的条件允许,则通过使用来自解密部分的解密密钥(KD)解密加密内容并呈现解密内容来执行授权部分中的权限。