中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

11 records (took 0.007 seconds)

    BIOMETRIC CREDENTIAL VERIFICATION FRAMEWORK
    2.
    发明申请
    BIOMETRIC CREDENTIAL VERIFICATION FRAMEWORK 审中-公开
    生物识别认证框架

    公开(公告)号:WO2008091277A2

    公开(公告)日:2008-07-31

    申请号:PCT/US2007/014718

    申请日:2007-06-25

    Applicant: MICROSOFT CORPORATION

    Inventor: CROSS, David, B. LEACH, Paul, J. SCHUTZ, Klaus, U. YOUNG, Robert, D. SHERMAN, Nathan, C.

    CPC classification number: G06F21/32 G06F21/335 G06Q20/40145 H04L63/0428 H04L63/067 H04L63/0807 H04L63/0823 H04L63/083 H04L63/0861 H04L63/10 H04L63/126

    Abstract: Use of a biometric identification device in a client computer system to subsequently access an authentication system includes receiving biometric sample data which is digitally signed and combining the data with a user ID and PIN. This package of data is then securely transmitted to a biometric matching server to validate the user and the biometric sample. Once validated, the biometric matching server return the data package plus a temporary certificate and a public/private key pair to the client computer. The client computer may then use this information to access an authentication system to subsequently gain access to a secure resource.

    Abstract translation: 在客户端计算机系统中使用生物识别装置随后访问认证系统包括接收数字签名的生物特征样本数据,并将数据与用户ID和PIN组合。 然后将该数据包安全地传输到生物特征匹配服务器以验证用户和生物特征样本。 一旦验证,生物特征匹配服务器将数据包加上临时证书和公钥/私钥对返回给客户端计算机。 然后,客户端计算机可以使用该信息来访问认证系统以随后获得对安全资源的访问。

    IDENTITY-CENTRIC DATA ACCESS
    3.
    发明申请
    IDENTITY-CENTRIC DATA ACCESS 审中-公开
    身份中心数据访问

    公开(公告)号:WO2002073339A2

    公开(公告)日:2002-09-19

    申请号:PCT/US2002/006329

    申请日:2002-03-01

    Applicant: MICROSOFT CORPORATION

    Inventor: LUCOVSKY, Mark PIERCE, Shaun, D. WEINERT, Alexander, T. BURNER, Michael, G. WARD, Richard, B. LEACH, Paul, J. MOORE, George, M. ZWIEGINCEW, Arthur GUNDOTRA, Vivek HYMAN, Robert, M. PINCUS, Jonathan, D. SIMON, Daniel, R.

    IPC: G06F

    CPC classification number: H04L63/101 G06F21/6218 G06F21/6227 G06F21/6245 G06Q10/109 H04L12/1859 H04L12/1863 H04L29/06 H04L63/104 H04L63/123 H04L63/1425 H04L67/02 H04L67/16 H04L67/303 H04L67/306 H04L67/325 H04L67/40 H04L67/42 H04L69/329

    Abstract: A model for accessing data in an identity-centric manner. An identity (310) maybe a user, a group of users, or an organization.Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more data services (511 through 518) accessible by many applications (320). The data is stored in accordance with a schema that is recognized by a number of different applications and hte data service (511 through 518). When a user is to perform an operatio on the identity's (310 data, the corresponding application (320) generates a message (531) that has a structure that is recognized by the data service (511 through 518). The message (531) represents a request to perform an operation on the data structure corresponding to the identity (310). The data service (511 through 518) receives and itnerprets the message. If authorized, the data service (511 through 518) then performs the operation.

    Abstract translation: 用于以身份为中心的方式访问数据的模型。 身份(310)可以是用户,一组用户或组织。 代替在逐个应用程序的基础上维护数据,与特定身份相关联的数据由许多应用可访问的一个或多个数据服务(511至518)存储(320)。 数据根据许多不同应用程序和数据服务识别的架构(511至518)进行存储。 当用户对该身份(310数据)进行操作时,相应的应用程序(320)生成具有被数据服务(511至518)识别的结构的消息(531),消息(531)表示 对所述身份(310)对应的数据结构进行操作的请求,所述数据服务(511〜518)接收并发送所述消息,如果被授权,则所述数据服务(511〜518)进行该操作。

    LICENSING PROTECTED CONTENT TO APPLICATION SETS
    4.
    发明申请
    LICENSING PROTECTED CONTENT TO APPLICATION SETS 审中-公开
    许可保护内容到应用程序集

    公开(公告)号:WO2009158531A2

    公开(公告)日:2009-12-30

    申请号:PCT/US2009/048710

    申请日:2009-06-25

    Applicant: MICROSOFT CORPORATION

    Inventor: RAY, Kenneth, D. KAMAT, Pankaj, M. KAUFMAN, Charles, W. LEACH, Paul, J. TIPTON, William, R. HERRON, Andrew KARAMFILOV, Krassimir, E. BRYCE, Ducan, G. SCHWARTZ, Jonathan, D. SETZER, Matthew, C. MCDOWELL, John

    IPC: G06F21/00 G06F15/16 G06F17/00 H04L9/14 G06F3/00 G11B20/10

    CPC classification number: G06F21/105

    Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.

    Abstract translation: 本发明扩展到用于将受保护内容授权给应用集的方法,系统和计算机程序产品。 本发明的实施例允许本地机器增加其对授权对受保护内容的访问的参与。 例如,允许在适当的计算环境内的操作系统来确定应用程序是否被授权访问受保护的内容。 因此,应用程序不必存储发布许可证。 此外,授权决定部分分配,减轻了保护服务器的资源负担。 因此,当请求访问受保护内容时,本发明的实施例可以促进更强大和有效的授权决定。

    ABSTRACTING SECURITY POLICY FROM, AND TRANSFORMING TO, NATIVE REPRESENTATIONS OF ACCESS CHECK MECHANISMS
    5.
    发明申请
    ABSTRACTING SECURITY POLICY FROM, AND TRANSFORMING TO, NATIVE REPRESENTATIONS OF ACCESS CHECK MECHANISMS 审中-公开
    从安全性政策的角度来看,改变访问机制的本体表述

    公开(公告)号:WO2008018944A2

    公开(公告)日:2008-02-14

    申请号:PCT/US2007/012877

    申请日:2007-05-31

    Applicant: MICROSOFT CORPORATION

    Inventor: PARAMASIVAM, Muthukrishnan ROSE III, Charles, F. MCPHERSON, Dave, M. PERUMAL, Raja, Pashanivel NATH, Satyajit LEACH, Paul, J. PANDYA, Ravindra, Nath

    CPC classification number: H04L63/102 G06F21/604 H04L63/20

    Abstract: Abstracting access control policy from access check mechanisms allows for richer expression of policy, using a declarative model with semantics, than what is permitted by the access check mechanisms. Further, abstracting access control policy allows for uniform expression of policy across multiple access check mechanisms. Proof-like reasons for any access query are provided, such as who has access to what resource, built from the policy statements themselves, independent of the access check mechanism that provide access. Access is audited and policy-based reasons for access are provided based on the access control policy.

    Abstract translation: 来自访问检查机制的抽象访问控制策略允许使用具有语义的声明性模型比访问检查机制允许的更加丰富的策略表达。 此外,抽象访问控制策略允许在多个访问检查机制之间统一表达策略。 提供任何访问查询的类似原因,例如谁可以访问从策略语句本身构建的什么资源,独立于提供访问的访问检查机制。 访问被审计,基于访问控制策略提供基于策略的访问原因。

    FILE ACCESS IN MULTI-PROTOCOL ENVIRONMENT
    6.
    发明申请
    FILE ACCESS IN MULTI-PROTOCOL ENVIRONMENT 审中-公开
    多协议环境中的文件访问

    公开(公告)号:WO2009026027A2

    公开(公告)日:2009-02-26

    申请号:PCT/US2008/072820

    申请日:2008-08-11

    Applicant: MICROSOFT CORPORATION

    Inventor: FIELD, Scott, A. LEACH, Paul, J. BATTEPATI, Roopesh, C. JOHNSON, Michael, C.

    IPC: G06F15/16 G06F21/20

    CPC classification number: G06F21/6236

    Abstract: Aspects of the subject matter described herein relate to providing file access in a multi-protocol environment. In aspects, a file server is operable to receive requests formatted according to two or more file access protocols. If a request is formatted according to a first file access protocol, the file server applies access rights associated with the file to an account associated with a requestor to determine whether to grant access. If the request is formatted according to the second file access protocol, the file server may first attempt to find an account for the requestor. If an account is not found, the file server may then grant access based on access rights associated with the file as applied to information in the request without consulting an account on the file server.

    Abstract translation: 本文描述的主题的方面涉及在多协议环境中提供文件访问。 在方面中,文件服务器可操作以接收根据两个或多个文件访问协议格式化的请求。 如果根据第一文件访问协议格式化请求,则文件服务器将与文件相关联的访问权限应用于与请求者相关联的帐户,以确定是否授予访问权限。 如果根据第二文件访问协议格式化请求,则文件服务器可以首先尝试找到请求者的帐户。 如果没有找到一个帐户,则文件服务器可能会根据应用于请求中的信息的与该文件相关联的访问权限来授予访问权限,而不咨询文件服务器上的一个帐户。

    MODEL-BASED ACCESS CONTROL
    7.
    发明申请
    MODEL-BASED ACCESS CONTROL 审中-公开
    基于模型的访问控制

    公开(公告)号:WO2008121471A1

    公开(公告)日:2008-10-09

    申请号:PCT/US2008/055299

    申请日:2008-02-28

    Applicant: MICROSOFT CORPORATION

    Inventor: LAMPSON, Butler PANDYA, Ravindra, Nath LEACH, Paul, J. PARAMASIVAM, Muthukrishnan ELLISON, Carl, M. KAUFMAN, Charles, William

    IPC: G06F15/16 G06F17/00

    CPC classification number: G06F21/604 G06F21/6218

    Abstract: Access control as it relates to policies or permissions is provided based on a created model. A security policy is abstracted and can be independent of a mechanism used to protect resources. An asbstract model of a potential user, user role and/or resource is created without associating a specific individual and/or resource with a model. These abstract user models and abstract resource models can be used across applications or within disparate applications. The abstracted security policies can be selectively applied to the model. Specific users and/or resources can be associated with one or more abstract user model or abstract resource model. The models can be nested to provide configurations for larger systems.

    Abstract translation: 基于创建的模型提供与策略或权限相关的访问控制。 安全策略被抽象出来,可以独立于用于保护资源的机制。 创建潜在用户,用户角色和/或资源的抽象模型,而不将特定个人和/或资源与模型相关联。 这些抽象用户模型和抽象资源模型可以跨应用程序或不同的应用程序使用。 抽象的安全策略可以选择性地应用于模型。 特定用户和/或资源可以与一个或多个抽象用户模型或抽象资源模型相关联。 这些型号可以嵌套,以提供更大系统的配置。

    USER MAPPING INFORMATION EXTENSION FOR PROTOCOLS
    9.
    发明申请
    USER MAPPING INFORMATION EXTENSION FOR PROTOCOLS 审中-公开
    用户映射协议的信息扩展

    公开(公告)号:WO2007011637A2

    公开(公告)日:2007-01-25

    申请号:PCT/US2006/027182

    申请日:2006-07-12

    Applicant: MICROSOFT CORPORATION

    Inventor: CRALL, Christopher, J. MEDVINSKY, Gennady BALL, Joshua JAGANATHAN, Karthik LEACH, Paul, J. ZHU, Liqiang CROSS, David, B.

    IPC: H04L9/00

    CPC classification number: H04L9/3263 H04L9/3273 H04L63/0807 H04L63/0823 H04L63/0876 H04L63/10 H04L63/166

    Abstract: A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.

    Abstract translation: 在认证握手期间可以交换的消息中提供包含用户映射信息的提示。 例如,客户端可以在认证期间向服务器提供用户映射信息。 该提示(例如,以TLS扩展机制的形式)可用于发送客户端的域/用户名信息以帮助服务器将用户的证书映射到帐户。 扩展机制提供了客户端发送的映射数据的完整性和真实性。 用户提供关于在哪里找到正确的帐户或域控制器(指向或维护正确的帐户)的提示。 根据证书中的提示和其他信息,用户被映射到一个帐户。 提示可以由用户在他登录时提供。因此,证书被映射到身份以认证用户。 与证书信息一起发送提示以执行绑定。 现有的协议可能会扩展以传递额外的映射信息(提示)来执行绑定。 定义了供应商特定的Kerberos扩展,以基于X.509证书和映射用户名称提示获取授权数据。

Patent Agency Ranking