公开(公告)号：US08726358B2

公开(公告)日：2014-05-13

申请号：US12102541

申请日：2008-04-14

申请人： Yordan I. Rouskov ,  Tore Sundelin ,  Mrigankka Fotedar ,  Sarah Faulkner ,  Pui-Yin Winfred Wong ,  Wei-Quiang Michael Guo ,  Lynn Ayres

发明人： Yordan I. Rouskov ,  Tore Sundelin ,  Mrigankka Fotedar ,  Sarah Faulkner ,  Pui-Yin Winfred Wong ,  Wei-Quiang Michael Guo ,  Lynn Ayres

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  G06F21/00

CPC分类号： H04L63/0807 ,  G06F21/335

摘要： Systems, computer-implemented methods, and computer-readable media for establishing an online account with a resource provider are provided. An authentication token including identification of a user from an authentication server is received. The identification of the user from the authentication token is utilized to establish an online account for the user with the resource provider. Additional credentialing information from the user for the online account is received. The additional information received from the user is associated with the online account for the user with the resource provider.

摘要翻译： 提供了用于与资源提供者建立在线帐户的系统，计算机实现的方法和计算机可读介质。 接收到包括来自认证服务器的用户标识的认证令牌。 来自认证令牌的用户的识别用于利用资源提供者为用户建立在线帐户。 收到来自用户的在线帐户的附加凭证信息。 从用户接收到的附加信息与资源提供者的用户的在线帐户相关联。

公开(公告)号：US07890634B2

公开(公告)日：2011-02-15

申请号：US11084051

申请日：2005-03-18

申请人： Wei Jiang ,  Ismail Cem Paya ,  John D Whited ,  Wei-Quiang Michael Guo ,  Yordan Rouskov ,  Adam Back

发明人： Wei Jiang ,  Ismail Cem Paya ,  John D Whited ,  Wei-Quiang Michael Guo ,  Yordan Rouskov ,  Adam Back

IPC分类号： G06F15/16

CPC分类号： H04L9/3247 ,  G06F21/6218 ,  H04L9/0825 ,  H04L9/3242 ,  H04L63/045

摘要： Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

摘要翻译： 可扩展会话管理通过生成包含加密的会话密钥和加密的cookie数据的cookie来实现。 Cookie数据使用会话密钥进行加密。 会话密钥然后使用一个或多个公钥/私钥对进行签名和加密。 加密的会话密钥可以使用相同的私钥/公钥对进行解密和验证。 一旦被验证，则解密的会话密钥然后可以用于解密和验证加密的cookie数据。 具有私钥/公钥对的第一服务器可以使用随机生成的会话密钥来生成cookie。 具有相同私钥/公钥对的第二服务器可以解密和验证cookie，即使会话密钥最初没有安装在第二服务器上。 可以使用会话密钥缓存来提供会话密钥查找以在服务器上保存公钥/私钥操作。

公开(公告)号：US20100042735A1

公开(公告)日：2010-02-18

申请号：US12581355

申请日：2009-10-19

申请人： Arnold Blinn ,  Wei-Quiang Michael Guo ,  Wei Jiang ,  Raja Pazhanivel Perumal ,  Iulian D. Calinov

发明人： Arnold Blinn ,  Wei-Quiang Michael Guo ,  Wei Jiang ,  Raja Pazhanivel Perumal ,  Iulian D. Calinov

IPC分类号： G06F15/16

CPC分类号： H04L63/08 ,  G06F21/41 ,  H04L63/0815 ,  H04L63/168 ,  H04L63/20

摘要： Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.

摘要翻译： 在服务提供商的网络内提供共享认证服务和一组业务规则的服务。 中央服务器从第一服务器接收第一请求，以经由客户端向用户提供第一服务，而不强制用户呈现凭证。 响应于接收到的第一请求，中央服务器将识别第一服务的数据存储在客户机上。 中央服务器还在第二服务器接收第二请求之后，在用户向第二服务呈现证书之后，经由客户端向用户提供第二服务。 在接收到第二请求和所提供的凭证之后，中央服务器允许用户访问第二服务。 响应于允许用户访问第二服务，中央服务器还允许用户作为存储的数据的结果访问第一服务。

公开(公告)号：US08626929B2

公开(公告)日：2014-01-07

申请号：US13026793

申请日：2011-02-14

申请人： Wei Jiang ,  Ismail Cem Paya ,  John D. Whited ,  Wei-Quiang Michael Guo ,  Yordan Rouskov ,  Adam Back

发明人： Wei Jiang ,  Ismail Cem Paya ,  John D. Whited ,  Wei-Quiang Michael Guo ,  Yordan Rouskov ,  Adam Back

IPC分类号： G06F15/16

CPC分类号： H04L9/3247 ,  G06F21/6218 ,  H04L9/0825 ,  H04L9/3242 ,  H04L63/045

摘要： Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

摘要翻译： 可扩展会话管理通过生成包含加密的会话密钥和加密的cookie数据的cookie来实现。 Cookie数据使用会话密钥进行加密。 会话密钥然后使用一个或多个公钥/私钥对进行签名和加密。 加密的会话密钥可以使用相同的私钥/公钥对进行解密和验证。 一旦被验证，则解密的会话密钥然后可以用于解密和验证加密的cookie数据。 具有私钥/公钥对的第一服务器可以使用随机生成的会话密钥来生成cookie。 具有相同私钥/公钥对的第二服务器可以解密和验证cookie，即使会话密钥最初没有安装在第二服务器上。 可以使用会话密钥缓存来提供会话密钥查找以在服务器上保存公钥/私钥操作。

公开(公告)号：US20110179469A1

公开(公告)日：2011-07-21

申请号：US13076164

申请日：2011-03-30

申请人： Arnold Blinn ,  Wei-Quiang Michael Guo ,  Wei Jiang ,  Raja Pazhanivel Perumal ,  Iulian D. Calinov

发明人： Arnold Blinn ,  Wei-Quiang Michael Guo ,  Wei Jiang ,  Raja Pazhanivel Perumal ,  Iulian D. Calinov

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30

CPC分类号： H04L63/08 ,  G06F21/41 ,  H04L63/0815 ,  H04L63/168 ,  H04L63/20

摘要： Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.

摘要翻译： 在服务提供商的网络内提供共享认证服务和一组业务规则的服务。 中央服务器从第一服务器接收第一请求，以经由客户端向用户提供第一服务，而不强制用户呈现凭证。 响应于接收到的第一请求，中央服务器将识别第一服务的数据存储在客户机上。 中央服务器还在第二服务器接收第二请求之后，在用户向第二服务呈现证书之后，经由客户端向用户提供第二服务。 在接收到第二请求和所提供的凭证之后，中央服务器允许用户访问第二服务。 响应于允许用户访问第二服务，中央服务器还允许用户作为存储的数据的结果访问第一服务。

公开(公告)号：US07810136B2

公开(公告)日：2010-10-05

申请号：US11032409

申请日：2005-01-10

申请人： Wei-Quiang Michael Guo ,  Baskaran Dharmarajan ,  Ryan W. Battle

发明人： Wei-Quiang Michael Guo ,  Baskaran Dharmarajan ,  Ryan W. Battle

IPC分类号： G06F17/30 ,  H04L29/06 ,  G06F15/16

CPC分类号： H04L63/08 ,  H04L63/083

摘要： A computerized method and system for routing between network servers. A central database coupled to a central server on a data communication network stores information for identifying locations of a plurality of network servers on the network. Each network server provides at least one service via the network. The central server receives a request from the user for a selected service including a carry through keyword for controlling routing of the user to the selected service. The central server retrieves location information from the central database to identify the location of the network server providing the selected service and attaches the carry through keyword to the retrieved location information. The central server then routes the user with the carry through keyword to the network server, which directs the user to the selected service based on the carry through keyword.

摘要翻译： 网络服务器间路由选择的计算机化方法和系统。 耦合到数据通信网络上的中央服务器的中央数据库存储用于识别网络上的多个网络服务器的位置的信息。 每个网络服务器通过网络提供至少一个服务。 中央服务器从用户接收针对所选服务的请求，所述服务包括用于控制用户到选定服务的路由的进位到关键字。 中央服务器从中央数据库检索位置信息，以识别提供所选服务的网络服务器的位置，并将进位关键字附加到检索到的位置信息。 然后，中央服务器将具有进位到关键字的用户路由到网络服务器，该网络服务器基于进位关键字将用户引导到所选择的服务。

公开(公告)号：US20090204808A1

公开(公告)日：2009-08-13

申请号：US12426726

申请日：2009-04-20

申请人： Wei-Quiang Michael Guo ,  John Hal Howard ,  Kok Wai Chan

发明人： Wei-Quiang Michael Guo ,  John Hal Howard ,  Kok Wai Chan

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L63/0807 ,  G06F21/33 ,  G06F21/41 ,  H04L9/0844 ,  H04L9/3213 ,  H04L9/3247 ,  H04L63/045 ,  H04L63/0815 ,  H04L2209/60

摘要： Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.

摘要翻译： 在多站点认证系统中交换信息。 网络服务器从认证服务器接收由客户端计算设备对网络服务器提供的服务以及认证券的请求。 认证券包括：通过与网络服务器相关联的公开密钥加密的会话密钥，由会话密钥加密的消息内容以及加密会话密钥和加密消息内容的签名。 签名包括网络服务器的地址信息。 网络服务器在签名中识别其自己的地址信息，以验证认证券中包含的签名，并根据认证券中包含的签名验证认证券内容。 网络服务器通过与第二网络服务器相关联的专用密钥解密加密的会话密钥，并通过解密的会话密钥解密加密的消息内容。

公开(公告)号：US07571466B2

公开(公告)日：2009-08-04

申请号：US09792170

申请日：2001-02-23

申请人： Christopher E. Mitchell ,  Sylvia K. Mollerstrom ,  Jonathan P. Horton ,  Wei-Quiang Michael Guo ,  Steven M. Cellini

发明人： Christopher E. Mitchell ,  Sylvia K. Mollerstrom ,  Jonathan P. Horton ,  Wei-Quiang Michael Guo ,  Steven M. Cellini

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F21/00 ,  H04N7/167 ,  H04L9/00

CPC分类号： H04L63/102 ,  G06F21/31 ,  G06F2221/2149 ,  H04L63/20

摘要： A user profile having consent information regarding a network server for a second party is created. Such consent information is received from a first party and stored in the user profile of the second party. The second party may access the network server if the consent information stored in the user profile of the second party shows that the first party has provided consent. The second party may not access the network server if the consent information stored in the user profile of the second party shows that the first party has denied consent.

公开(公告)号：US20110314540A1

公开(公告)日：2011-12-22

申请号：US12821117

申请日：2010-06-22

申请人： Ravi Kiran R. Poluri ,  Weisheng Li ,  Usman A. Shami ,  Wei-Quiang Michael Guo

发明人： Ravi Kiran R. Poluri ,  Weisheng Li ,  Usman A. Shami ,  Wei-Quiang Michael Guo

IPC分类号： G06F21/00

CPC分类号： G06F21/31 ,  G06F2221/2117 ,  G06F2221/2133

摘要： Spammers, and other abusers of web services, may be deterred in their attempts to sign up for these services at large scale by making changes to the service registration procedure, where the changes are designed to break the spammer's infrastructure. In one example, a procedure to register for a web service involves presenting a Human Interaction Proof (HIP, or “captcha”) to the user, and gating access to the service upon receipt of a correct solution. If spammers use botnets and/or image capture techniques to initiate registration processes and to transport the HIPs to human or automated solvers, then the registration procedure can be changed in a way that is incompatible with capturing these images, or in a way that is incompatible with receiving HIP solutions from someplace other than the location at which registration was initiated.

摘要翻译： 垃圾邮件发送者和网络服务的其他滥用者可能会通过更改服务注册程序来阻止大规模注册这些服务，其中的更改旨在打破垃圾邮件发送者的基础设施。 在一个示例中，注册Web服务的过程涉及向用户呈现人交互证明（HIP或“验证码”），以及在接收到正确的解决方案时门控对服务的访问。 如果垃圾邮件发送者使用僵尸网络和/或图像捕获技术来启动注册过程并将HIP传输到人或自动解算器，则注册过程可以以与捕获这些图像不兼容的方式进行更改，或以不兼容的方式进行更改 从除了注册开始的位置之外的某个地方接收HIP解决方案。

公开(公告)号：US08001582B2

公开(公告)日：2011-08-16

申请号：US12016336

申请日：2008-01-18

申请人： Geoffrey John Hulten ,  Kristofer Noel Iverson ,  Wei-Quiang Michael Guo

发明人： Geoffrey John Hulten ,  Kristofer Noel Iverson ,  Wei-Quiang Michael Guo

IPC分类号： G06F7/04

CPC分类号： H04L63/102 ,  H04L63/1441 ,  H04L67/306

摘要： A reputation server associates feedback from previous network transactions with an account of a user in a network. A reputation score for the user is calculated based on the feedback to indicate the probability the user will abuse the network. When an online service receives a request to perform a transaction from the user, the online service performs the transaction based on the user's reputation score. Additionally, a server generates a reputation packet including the reputation score for a user for use by an online service when the user requests the online service to perform a transaction. The online service may authenticate the reputation packet with the server and, if the reputation packet is authenticated, the online service performs the transaction based on the user's reputation score.

摘要翻译： 信誉服务器将来自先前网络事务的反馈与网络中的用户的帐户相关联。 基于反馈计算用户的声誉分数，以指示用户滥用网络的概率。 当在线服务收到用户执行交易的请求时，在线服务将根据用户的信誉得分进行交易。 此外，当用户请求在线服务执行交易时，服务器生成包括用户在线服务使用的信誉分数的信誉分组。 在线服务可以使用服务器认证信誉包，并且如果信誉包被认证，则在线服务基于用户的信誉得分执行交易。