Digests to Identify Elements in a Signature Process
    1.
    发明申请
    Digests to Identify Elements in a Signature Process 有权
    摘要识别签名过程中的元素

    公开(公告)号:US20110078212A1

    公开(公告)日:2011-03-31

    申请号:US12961115

    申请日:2010-12-06

    IPC分类号: G06F17/30

    摘要: A signature system with a mechanism to identify element(s) of a signed document includes a sender having a signature module with a digest generator. The digest generator generates digests for identifying selected elements of the document. The resulting “identifying” digests are then used in generating a signature in which the sender signs the digests rather than the original elements. The receiver can then process the signature and use these digests to distinguish between elements, as needed.

    摘要翻译: 具有识别签名文档的元素的机制的签名系统包括具有带摘要生成器的签名模块的发送者。 摘要生成器生成用于识别文档的所选元素的摘要。 然后,所得到的“识别”摘要用于生成签名,其中发送者签署摘要而不是原始元素。 然后,接收者可以处理签名,并根据需要使用这些摘要来区分元素。

    Digests to identify elements in a signature process
    2.
    发明授权
    Digests to identify elements in a signature process 有权
    摘要识别签名过程中的元素

    公开(公告)号:US08725776B2

    公开(公告)日:2014-05-13

    申请号:US12961115

    申请日:2010-12-06

    IPC分类号: G06F17/30

    摘要: A signature system with a mechanism to identify element(s) of a signed document includes a sender having a signature module with a digest generator. The digest generator generates digests for identifying selected elements of the document. The resulting “identifying” digests are then used in generating a signature in which the sender signs the digests rather than the original elements. The receiver can then process the signature and use these digests to distinguish between elements, as needed.

    摘要翻译: 具有识别签名文档的元素的机制的签名系统包括具有带摘要生成器的签名模块的发送者。 摘要生成器生成用于识别文档的所选元素的摘要。 然后,所得到的“识别”摘要用于生成签名,其中发送者签署摘要而不是原始元素。 然后,接收者可以处理签名,并根据需要使用这些摘要来区分元素。

    Digests to identify elements in a signature process
    3.
    发明授权
    Digests to identify elements in a signature process 有权
    摘要识别签名过程中的元素

    公开(公告)号:US07873831B2

    公开(公告)日:2011-01-18

    申请号:US10788108

    申请日:2004-02-26

    IPC分类号: H04L9/32

    摘要: A signature system with a mechanism to identify element(s) of a signed document includes a sender having a signature module with a digest generator. The digest generator generates digests for identifying selected elements of the document. The resulting “identifying” digests are then used in generating a signature in which the sender signs the digests rather than the original elements. The receiver can then process the signature and use these digests to distinguish between elements, as needed.

    摘要翻译: 具有识别签名文档的元素的机制的签名系统包括具有带摘要生成器的签名模块的发送者。 摘要生成器生成用于识别文档的所选元素的摘要。 然后,所得到的“识别”摘要用于生成签名,其中发送者签署摘要而不是原始元素。 然后,接收者可以处理签名,并根据需要使用这些摘要来区分元素。

    Security scopes and profiles
    4.
    发明授权
    Security scopes and profiles 有权
    安全范围和配置文件

    公开(公告)号:US07716728B2

    公开(公告)日:2010-05-11

    申请号:US10779922

    申请日:2004-02-16

    IPC分类号: G06F12/14 G06F15/16 H04L29/06

    摘要: A security system with a mechanism to identify types of information that need to be secured and another mechanism to specify how the types are to be secured. The system includes a sender having an application and a receiver having a security module and one or more datastores to store information related to types of information that need to be secured (e.g. “scopes”), how information is to be secured (e.g., “profiles”), and a mapping (e.g., “bindings”) between the scopes and profiles. Scopes can be implemented by application developers. Profiles can be implemented by application deployers and/or administrators. The security module determines which scope is appropriate for the message, and then determines the profile that is mapped to the scope. The security module can then make an access control decision using the profile.

    摘要翻译: 一种具有识别需要保护的信息类型的机制的安全系统和另一种机制来指定类型是如何被保护的。 该系统包括具有应用的发送者和具有安全模块和一个或多个数据存储的接收者,用于存储与需要被保护的信息类型(例如“范围”)有关的信息,如何保护信息(例如“ 配置文件“)以及范围和配置文件之间的映射(例如”绑定“)。 范围可以由应用程序开发人员实现。 配置文件可以由应用程序部署人员和/或管理员实现。 安全模块确定哪个范围适合消息,然后确定映射到范围的配置文件。 安全模块然后可以使用配置文件进行访问控制决定。

    Generic security claim processing model
    5.
    发明授权
    Generic security claim processing model 有权
    通用安全声明处理模式

    公开(公告)号:US07640573B2

    公开(公告)日:2009-12-29

    申请号:US10780274

    申请日:2004-02-16

    CPC分类号: G06F21/335

    摘要: A system for processing multiple types of security schemes includes a server having a claims engine that extracts claim(s) from security token(s) and maps extracted claims to other claims. The term claim as used in this context is a statement about a token's subject. The claims engine can extract claim(s) from one or more different types of security tokens corresponding to the multiple security schemes. These extracted claim(s) can then be selectively mapped to other claims using mapping information that is accessible to the server. The security decision can then be based on the extracted and/or derived claim(s) rather than tokens. This system can thereby support multiple security schemes and simplify the security process for the user.

    摘要翻译: 用于处理多种类型的安全方案的系统包括具有从安全令牌提取权利要求并将提取的权利要求映射到其他权利要求的权利要求引擎的服务器。 在这种情况下使用的这个术语是关于令牌主题的声明。 索赔引擎可以从对应于多个安全方案的一个或多个不同类型的安全令牌中提取索赔。 然后可以使用服务器可访问的映射信息将这些提取的权利要求选择性地映射到其他权利要求。 然后,安全性决定可以基于提取的和/或导出的权利要求而不是令牌。 因此,该系统可以支持多种安全方案,并简化用户的安全过程。

    Retail transactions involving digital content in a digital rights management (DRM) system
    7.
    发明授权
    Retail transactions involving digital content in a digital rights management (DRM) system 失效
    涉及数字版权管理(DRM)系统中的数字内容的零售交易

    公开(公告)号:US07925591B2

    公开(公告)日:2011-04-12

    申请号:US11392303

    申请日:2006-03-28

    IPC分类号: G06F21/00

    摘要: A retailer facilitates issuance of a digital license from a licensor to a customer for a corresponding piece of digital content. The retailer receives payment for the license from the customer, where the payment is to be shared with the licensor in a pre-determined manner. The retailer also receives customer-based information from the customer. The retailer then composes an actual license request including the obtained customer-based information, and including retailer-based information identifying the retailer to the licensor and acknowledging to the licensor that the retailer owes a portion of the received payment to the licensor. Thereafter, the retailer forwards the actual license request to the licensor. The licensor notes based on the retailer-based information in the actual license request that the retailer identified thereby owes the licensor at least a portion of the forwarded payment. If an individual sends a license request directly to the licensor and thus fails to forward payment for the license to a retailer, the actual license request as composed by the individual fails to include the retailer-based information. Accordingly, the licensor refuses to issue a license as requested based on the lack of retailer-based information.

    摘要翻译: 零售商有助于从许可方向客户发放数字许可证以获得相应的数字内容。 零售商从客户那里收到许可证的付款,其中付款将以预先确定的方式与许可人共享。 零售商也从客户那里收到客户信息。 零售商然后组成一个实际的许可证请求,包括所获得的基于客户的信息,并将识别零售商的基于零售商的信息包括在许可方中,并且向许可方确认零售商将所收到的一部分付款的一部分欠许可方。 此后,零售商将实际的许可证请求转发给许可方。 许可人根据实际许可证申请中的零售商信息,注意到零售商认定的至少一部分转发付款欠授权许可人。 如果个人直接向许可人发送许可证请求,因此无法向零售商转发许可证的付款,则由个人组成的实际许可证请求不包括基于零售商的信息。 因此,根据零售商信息的不足,许可人拒绝发出许可证。

    SELECTIVELY PROVISIONING CLIENTS WITH DIGITAL IDENTITY REPRESENTATIONS
    10.
    发明申请
    SELECTIVELY PROVISIONING CLIENTS WITH DIGITAL IDENTITY REPRESENTATIONS 审中-公开
    选择具有数字身份认证的客户

    公开(公告)号:US20090217362A1

    公开(公告)日:2009-08-27

    申请号:US12432606

    申请日:2009-04-29

    IPC分类号: G06F21/22 G06F15/16

    摘要: A server provisions a client with digital identity representations such as information cards. A provisioning request to the server includes filtering parameters. The server assembles a provisioning response containing cards that satisfy the filtering parameters, and transmits the response to a client, possibly by way of a proxy. The provisioning response may include provisioning state information to help a server determine in subsequent exchanges which cards are already present on the client. A client may keep track the source of information cards and discard cards which a server has discarded. A proxy may make the provisioning request on behalf of a client, providing the server with the proxy's own authentication and with a copy of the request from the client to the proxy.

    摘要翻译: 服务器为客户端提供数字身份表示,如信息卡。 向服务器的配置请求包括过滤参数。 服务器组装包含满足过滤参数的卡的配置响应,并且可能通过代理将响应发送给客户端。 供应响应可以包括供应状态信息以帮助服务器在随后的交换机中确定哪些卡已经存在于客户端上。 客户端可以跟踪服务器已丢弃的信息卡和丢弃卡的来源。 代理可以代表客户端提供供应请求,为服务器提供代理自己的身份验证,并将客户端的请求副本提供给代理。