公开(公告)号：WO2010076088A3

公开(公告)日：2010-10-14

申请号：PCT/EP2009065736

申请日：2009-11-24

Applicant: IBM ,  IBM FRANCE ,  BORGHETTI STEFANO ,  SGRO' ANTONIO ,  GIANFAGNA LEONIDA ,  DELLA CORTE GIANLUCA ,  HAAG ALESSANDRO

Inventor： BORGHETTI STEFANO ,  SGRO' ANTONIO ,  GIANFAGNA LEONIDA ,  DELLA CORTE GIANLUCA ,  HAAG ALESSANDRO

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/10

Abstract: A mechanism is provided for performing secure system access by a requesting user without sharing a password of a credential owner. A database stores system information for resources. The owner of super user authority for a resource provides system information to the database including a credential for accessing the resource. When a user wishes to access the system, client software of the requestor sends an access request to client software of the owner. The client software of the owner prompts the owner to authorize or deny access. Responsive to the owner authorizing the access, the client software of the owner returns authorization to the client software of the requestor, which then uses the credential in the system information database to access the resource. The client software of the requestor does not cache or store the credential or present the credential to the user.

Abstract translation: 提供了一种用于由请求用户执行安全系统访问而不共享凭证所有者的密码的机制。 数据库存储资源的系统信息。 资源的超级用户权限的所有者向数据库提供系统信息，包括用于访问资源的凭证。 当用户希望访问系统时，请求者的客户端软件向访问者的客户端软件发送访问请求。 所有者的客户端软件提示所有者授权或拒绝访问。 响应所有者授权访问，所有者的客户端软件向请求者的客户端软件返回授权，然后请求者使用系统信息数据库中的凭证来访问资源。 请求者的客户端软件不缓存或存储凭证或将凭证呈现给用户。

公开(公告)号：WO2010076088A2

公开(公告)日：2010-07-08

申请号：PCT/EP2009/065736

申请日：2009-11-24

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  COMPAGNIE IBM FRANCE ,  BORGHETTI, Stefano ,  SGRO', Antonio ,  GIANFAGNA, Leonida ,  DELLA CORTE, Gianluca ,  HAAG, Alessandro

Inventor： BORGHETTI, Stefano ,  SGRO', Antonio ,  GIANFAGNA, Leonida ,  DELLA CORTE, Gianluca ,  HAAG, Alessandro

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/10

Abstract: A mechanism is provided for performing secure system access by a requesting user without sharing a password of a credential owner. A database stores system information for resources. The owner of super user authority for a resource provides system information to the database including a credential for accessing the resource. When a user wishes to access the system, client software of the requestor sends an access request to client software of the owner. The client software of the owner prompts the owner to authorize or deny access. Responsive to the owner authorizing the access, the client software of the owner returns authorization to the client software of the requestor, which then uses the credential in the system information database to access the resource. The client software of the requestor does not cache or store the credential or present the credential to the user.

Abstract translation: 提供了一种用于执行请求用户的安全系统访问而不共享凭证所有者的密码的机制。 数据库存储资源的系统信息。 资源的超级用户权限的所有者向数据库提供系统信息，包括用于访问资源的凭据。 当用户希望访问系统时，请求者的客户端软件向所有者的客户端软件发送访问请求。 所有者的客户端软件提示所有者授权或拒绝访问。 响应于授权访问的所有者，所有者的客户端软件向请求者的客户端软件返回授权，然后使用系统信息数据库中的凭证来访问资源。 请求者的客户端软件不会缓存或存储凭据或将凭据提供给用户。