公开(公告)号：US08458799B2

公开(公告)日：2013-06-04

申请号：US12495071

申请日：2009-06-30

申请人： Yan Fu ,  Ari Vepsäläinen ,  Ari Antero Aarnio ,  Markku Kalevi Vimpari ,  Pekka Laitinen

发明人： Yan Fu ,  Ari Vepsäläinen ,  Ari Antero Aarnio ,  Markku Kalevi Vimpari ,  Pekka Laitinen

IPC分类号： G06F7/04

CPC分类号： H04L9/08 ,  H04L9/0822 ,  H04L2209/60 ,  H04L2209/80

摘要： An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

摘要翻译： 提供了一种通过从公共网络缓存发起加密数据来构建可扩展服务平台的方法。 访问控制服务器平台确定用户的第一授权密钥和用于资源的第二授权密钥，然后用第二授权密钥对资源进行加密，并用第一授权密钥加密第二授权密钥。 访问控制服务器平台通过网络启动加密的第二授权密钥与加密的资源的分发。 访问控制服务器平台进一步发起加密的第二授权密钥与加密资源缓存，该加密的资源满足网络中的高速缓存中的预定阈值（例如，数据大小，访问频率，修改频率或审核要求） 并且启动具有缓存和加密的资源的缓存和加密的第二授权密钥从高速缓存传输到至少一个授权实体。

公开(公告)号：US09485246B2

公开(公告)日：2016-11-01

申请号：US13519438

申请日：2010-12-21

申请人： Ari Vepsäläinen ,  Tapani Lumme ,  Jussi Mäki

发明人： Ari Vepsäläinen ,  Tapani Lumme ,  Jussi Mäki

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0815 ,  H04L9/3228 ,  H04L9/3236 ,  H04L63/08 ,  H04L63/10 ,  H04L63/123

摘要： A method includes, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user. The method further includes receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data.

摘要翻译： 一种方法包括响应于需要访问用户某些存储的需要认证的数据，将存储的数据的请求发送到数据云中，该请求不标识用户。 该方法还包括从数据云接收描述认证领域和一次性随机数的响应信息; 向用户呈现描述认证领域的信息，并向用户提示用户名和密码; 使用具有至少部分地使用所述响应信息生成的用户凭证的认证报头将所述请求重新发送到所述数据云，所述用户凭证包括所述用户名和散列密码; 并且如果用户凭证有效，则从数据云接收所请求的存储数据。

公开(公告)号：US20130019299A1

公开(公告)日：2013-01-17

申请号：US13519438

申请日：2010-12-21

申请人： Ari Vepsäläinen ,  Tapani Lumme ,  Jussi Mäki

发明人： Ari Vepsäläinen ,  Tapani Lumme ,  Jussi Mäki

IPC分类号： G06F21/00

CPC分类号： H04L63/0815 ,  H04L9/3228 ,  H04L9/3236 ,  H04L63/08 ,  H04L63/10 ,  H04L63/123

摘要： A method includes, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user. The method further includes receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data.

摘要翻译： 一种方法包括响应于需要访问用户某些存储的需要认证的数据，将存储的数据的请求发送到数据云中，该请求不标识用户。 该方法还包括从数据云接收描述认证领域和一次性随机数的响应信息; 向用户呈现描述认证领域的信息，并向用户提示用户名和密码; 使用具有至少部分地使用所述响应信息生成的用户凭证的认证报头将所述请求重新发送到所述数据云，所述用户凭证包括所述用户名和散列密码; 并且如果用户凭证有效，则从数据云接收所请求的存储数据。