Invention Grant
- Patent Title: Method and system for proof-of-possession operations associated with authentication assertions in a heterogeneous federated environment
- Patent Title (中): 用于在异构联合环境中与认证断言相关联的证明操作操作的方法和系统
-
Application No.: US10334274Application Date: 2002-12-31
-
Publication No.: US08554930B2Publication Date: 2013-10-08
- Inventor: George Robert Blakley, III , Heather Maria Hinton
- Applicant: George Robert Blakley, III , Heather Maria Hinton
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Jeffrey S. LaBaw; David H. Judson
- Main IPC: G06F15/16
- IPC: G06F15/16 ; G06F9/00 ; G06F21/00
Abstract:
A method, apparatus, system, and computer program product are presented in which federated domains interact within a federated environment. Domains within a federation are able to initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. To enhance security, domains may also require users to re-prove their identity through proof-of-possession challenges that are executed after a user has initiated a single-sign-on operation.
Public/Granted literature
Information query
