-
1.发明申请System and method for secure network state management and single sign-on 审中-公开用于安全网络状态管理和单点登录的系统和方法公开(公告)号:US20050154887A1
公开(公告)日:2005-07-14
申请号:US10755835
申请日:2004-01-12
申请人: Peter Birk , Ching-Yun Chao , Hyen Chung , Carlton Mason , Karkala Reddy , Vishwanath Venkataramappa , Dennis Riddlemoser
发明人: Peter Birk , Ching-Yun Chao , Hyen Chung , Carlton Mason , Karkala Reddy , Vishwanath Venkataramappa , Dennis Riddlemoser
CPC分类号: G06F21/41 , G06F2221/2151
摘要: State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.
摘要翻译: 状态管理(cookie)数据被加密,使得包含在cookie中的访问控制数据不能被用户修改。 使用Cookie数据中的各种字段执行散列算法,并且哈希值被加密。 哈希值与诸如用户标识符和时间戳的其他数据组合,并被加密以形成cookie值。 收到请求后,将检查Cookie数据。 如果令牌值不在服务器的缓存中,那么令牌被认证便于客户端在服务器之间移动。 如果cookie不存在或超时,那么用户将使用传统手段进行身份验证。
-
2.发明申请Declarative trust model between reverse proxy server and websphere application server 审中-公开反向代理服务器和Websphere应用服务器之间的声明信任模型公开(公告)号:US20050154886A1
公开(公告)日:2005-07-14
申请号:US10755828
申请日:2004-01-12
申请人: Peter Birk , Ching-Yun Chao , Hyen Chung , Ajay Karkala , Carlton Mason , Nataraj Nagaratnam , Brian Smith , Vishwanath Venkataramappa
发明人: Peter Birk , Ching-Yun Chao , Hyen Chung , Ajay Karkala , Carlton Mason , Nataraj Nagaratnam , Brian Smith , Vishwanath Venkataramappa
CPC分类号: H04L63/0815 , H04L63/0209 , H04L63/105
摘要: A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.
摘要翻译: 一种用于提供声明性信任关联模型的方法和系统,其形式化信任建立的方式,并且需要以标准格式呈现相应的认证信息。 因此,应用服务器可以提供有保证的保护级别。 本发明的机制提供了一种框架,其允许应用服务器执行信任评估,并允许反向代理安全服务器断言客户端的安全身份以及其他客户端安全凭证信息。 扩展了一个已知的信任关联拦截器模型,以允许反向代理安全服务器断言经过身份验证的用户的安全属性。 这样的安全属性包括例如组信息,认证强度和位置(即,用户进入请求,内联网与互联网,IP地址等在哪里)。 安全属性可用于作出授权决定。
-
3.发明授权公开(公告)号:US07810132B2
公开(公告)日:2010-10-05
申请号:US12123693
申请日:2008-05-20
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
CPC分类号: G06F21/31
摘要: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.
摘要翻译: 应用程序服务器上的对象分发到一个或多个应用程序服务器; 允许用户在列表中声明哪些驻留在每个应用服务器上的对象将被保护; 列表由拦截器读取; 响应于为列出的对象导出通用对象请求代理体系结构(“CORBA”)兼容的可互操作对象引用(“IOR”),拦截器通过标记所列对象的组件将一个或多个应用程序服务器安全标志与列出的对象的接口相关联 IOR带有一个或多个安全标志; 并且当客户端访问应用服务器存储的对象时,应用服务器根据标记为IOR的安全标志执行一个或多个安全操作,该安全操作包括除客户端进程和服务器端之间建立安全通信之外的操作, 存储对象。
-
4.发明申请公开(公告)号:US20080222697A1
公开(公告)日:2008-09-11
申请号:US12123693
申请日:2008-05-20
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
IPC分类号: G06F21/00
CPC分类号: G06F21/31
摘要: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要翻译: 应用服务器上的对象可以被定义为接收不同级别的安全保护的类,例如用户对象和管理对象的定义。 可以在管理对象上实施全域安全性,可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。 在CORBA体系结构中,IOR对于在域范围内进行安全保护的共享对象(如管理对象)在IOR创建和导出到名称服务器期间提供了已标记组件。 之后,当客户端使用IOR时,客户机根据标记的组件调用必要的安全措施,如认证,授权和传输保护。
-
5.发明授权公开(公告)号:US07448066B2
公开(公告)日:2008-11-04
申请号:US10246909
申请日:2002-09-19
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
CPC分类号: G06F21/31
摘要: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要翻译: 应用服务器上的对象可以被定义为接收不同级别的安全保护的类,例如用户对象和管理对象的定义。 可以在管理对象上实施全域安全性,可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。 在CORBA体系结构中,IOR对于在域范围内进行安全保护的共享对象(如管理对象)在IOR创建和导出到名称服务器期间提供了已标记组件。 之后,当客户端使用IOR时,客户机根据标记的组件调用必要的安全措施,如认证,授权和传输保护。
-
公开(公告)号:US20080196097A1
公开(公告)日:2008-08-14
申请号:US12105257
申请日:2008-04-17
CPC分类号: H04L63/0807 , H04L63/205
摘要: Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.
摘要翻译: 呈现使用身份断言的运行凭证委派。 服务器从客户端收到包含客户端用户标识和密码的请求。 服务器对客户端进行身份验证,并将客户端的用户标识符存储在客户端凭证存储区域中,而没有相应的密码。 服务器确定是否指定了run-as命令来与下游服务器进行通信。 如果指定了run-as命令,则服务器将检索相应的运行身份,该身份标识在run-as命令中是否应使用客户端凭据类型,服务器凭据类型或特定标识符凭据类型。 服务器检索与所识别的证书类型相对应的已识别证书,并且将识别的身份认证令牌发送到下游服务器。
-
公开(公告)号:US07765585B2
公开(公告)日:2010-07-27
申请号:US12105257
申请日:2008-04-17
CPC分类号: H04L63/0807 , H04L63/205
摘要: Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.
摘要翻译: 呈现使用身份断言的运行凭证委派。 服务器从客户端收到包含客户端用户标识和密码的请求。 服务器对客户端进行身份验证,并将客户端的用户标识符存储在客户端凭证存储区域中,而没有相应的密码。 服务器确定是否指定了run-as命令来与下游服务器进行通信。 如果指定了run-as命令,则服务器检索相应的运行身份,该身份标识在run-as命令中是否应使用客户端凭据类型,服务器凭据类型或特定标识符凭据类型。 服务器检索与所识别的证书类型相对应的已识别证书,并且将识别的身份认证令牌发送到下游服务器。
-
公开(公告)号:US06950825B2
公开(公告)日:2005-09-27
申请号:US10159482
申请日:2002-05-30
申请人: David Yu Chang , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Vishwanath Venkataramappa , Leigh Allen Williamson
发明人: David Yu Chang , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Vishwanath Venkataramappa , Leigh Allen Williamson
CPC分类号: H04L63/102 , G06F21/6218 , H04L63/08 , Y10S707/99939
摘要: A security policy process which provides role-based permissions for hierarchically organized system resources such as domains, clusters, application servers, and resources, as well as topic structures for messaging services. Groups of permissions are assigned to roles, and each user is assigned a role and a level of access within the hierarchy of system resources or topics. Forward or reverse inheritance is applied to each user level-role assignment such that each user is allowed all permissions for ancestors to the assigned level or descendants to the assigned level. This allows simplified security policy definition and maintenance of user permissions as each user's permission list must only be configured and managed at one hierarchical level with one role.
摘要翻译: 为分层组织的系统资源(如域,集群,应用服务器和资源)以及消息传递服务的主题结构提供基于角色的权限的安全策略流程。 将权限组分配给角色,并为系统资源或主题的层次结构中的每个用户分配角色和级别的访问权限。 将向前或反向继承应用于每个用户级别角色分配,以便允许每个用户将祖先的所有权限分配给所分配的级别或后代到所分配的级别。 这允许简化的安全策略定义和维护用户权限,因为每个用户的权限列表只能在一个层次上配置和管理一个角色。
-
公开(公告)号:US07526798B2
公开(公告)日:2009-04-28
申请号:US10286609
申请日:2002-10-31
CPC分类号: H04L63/0807 , H04L63/205
摘要: Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.
摘要翻译: 呈现使用身份断言的运行凭证委派。 服务器从客户端收到包含客户端用户标识和密码的请求。 服务器对客户端进行身份验证,并将客户端的用户标识符存储在客户端凭证存储区域中,而没有相应的密码。 服务器确定是否指定了run-as命令来与下游服务器进行通信。 如果指定了run-as命令,则服务器检索相应的运行身份,该身份标识在run-as命令中是否应使用客户端凭据类型,服务器凭据类型或特定标识符凭据类型。 服务器检索与所识别的证书类型相对应的已识别证书,并且将识别的身份认证令牌发送到下游服务器。
-
公开(公告)号:US08290163B2
公开(公告)日:2012-10-16
申请号:US12049294
申请日:2008-03-15
IPC分类号: H04L29/06
CPC分类号: H04L63/0846 , H04L63/0428 , H04W12/02 , H04W12/06
摘要: An approach is provided that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.
摘要翻译: 提供了一种允许管理员在无线接入点(例如传统WAP或无线路由器)设置新密码的方法。 无线接入点创建一个包含新密码的消息。 该消息是使用之前为无线网络设置的旧密码加密的。 加密的消息从无线接入点无线地发送到活动客户端设备(当前正在接入无线网络的那些客户端)。 客户端使用之前提供给客户端的旧密码解密邮件。 客户端从邮件中检索新密码。 客户端构造使用新密码加密的新消息。 新消息从客户端无线传输到无线接入设备,并作为确认。
-
-
-
-
-
-
-
-
-
搜索结果
47 条记录 (耗时 0.028 秒)
