-
公开(公告)号:AT343294T
公开(公告)日:2006-11-15
申请号:AT03724957
申请日:2003-04-04
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , HOLTMANNS SILKE , QUINET RAPHAEL , SCHUBA MARKO
IPC: H04L29/06
Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the data requesting entity (IRE) access to data related to the principal identifier according to the access specification.
-
公开(公告)号:DE60309216T2
公开(公告)日:2007-08-23
申请号:DE60309216
申请日:2003-04-04
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , HOLTMANNS SILKE , QUINET RAPHAEL , SCHUBA MARKO
IPC: H04L29/06
Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the data requesting entity (IRE) access to data related to the principal identifier according to the access specification.
-
公开(公告)号:AT367043T
公开(公告)日:2007-08-15
申请号:AT03737969
申请日:2003-05-23
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , QUINET RAPHAEL , SCHUBA MARKO , HOLTMANNS SILKE
Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.
-
公开(公告)号:AT341025T
公开(公告)日:2006-10-15
申请号:AT03708122
申请日:2003-02-21
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL
-
公开(公告)号:DE60309216D1
公开(公告)日:2006-11-30
申请号:DE60309216
申请日:2003-04-04
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , HOLTMANNS SILKE , QUINET RAPHAEL , SCHUBA MARKO
IPC: H04L29/06
Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the data requesting entity (IRE) access to data related to the principal identifier according to the access specification.
-
Patent Agency Ranking
公开(公告)号:CA2526237C
公开(公告)日:2012-10-23
申请号:CA2526237
申请日:2003-04-04
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , HOLTMANNS SILKE , QUINET RAPHAEL , SCHUBA MARKO
IPC: H04L29/06
Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the data requesting entity (IRE) access to data related to the principal identifier according to the access specification.
-
公开(公告)号:DE60314871T2
公开(公告)日:2008-03-13
申请号:DE60314871
申请日:2003-05-23
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , QUINET RAPHAEL , SCHUBA MARKO , HOLTMANNS SILKE
Abstract: Methods, devices, and computer programs for an authentication of a user to a service of a service provider are disclosed. Access for the user to the service of the service provider is requested. One or more authentication security profiles are selected by the service provider for specifying an authentication security requirement of the service provider for the authentication of the user to the service. An indication of the one or more selected authentication security profiles and a user identity identifying the user to an identity provider are sent from the service provider to the identity provider for requesting the authentication of the user by the identity provider. The user is authenticated based on the user identity and one of the one or more selected authentication security profiles. An assertion indicating the authentication of the user to the service provider is sent to the service provider.
-
公开(公告)号:DE60308733T2
公开(公告)日:2007-08-09
申请号:DE60308733
申请日:2003-02-21
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL
Abstract: A method for sign-on in a network based communications environment is described. Authentication of a first entity is requested by a second entity for accessing a service to be provided by the second entity to the first entity. The authentication is provided by a third entity. Data that identify the second entity are blinded towards the third entity. Blinding means that data identifying the second entity are modified such that the blinded data do not provide any information on the basis of which the second entity can be identified preferably except for the entity which has at least initiated data blinding, here the first entity. Examples for blinding include the use of a pseudonym or alias for the data identifying the second entity. According to a preferred embodiment, the method according to the present invention is used for a single sign-on. Referring to the above description of single sign-on, e.g. in line with the LAP specifications, the present invention provides a method for blinding the identity of the service provider SP towards the identity provider IdP.
-
公开(公告)号:DE60308733D1
公开(公告)日:2006-11-09
申请号:DE60308733
申请日:2003-02-21
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL
Abstract: A method for sign-on in a network based communications environment is described. Authentication of a first entity is requested by a second entity for accessing a service to be provided by the second entity to the first entity. The authentication is provided by a third entity. Data that identify the second entity are blinded towards the third entity. Blinding means that data identifying the second entity are modified such that the blinded data do not provide any information on the basis of which the second entity can be identified preferably except for the entity which has at least initiated data blinding, here the first entity. Examples for blinding include the use of a pseudonym or alias for the data identifying the second entity. According to a preferred embodiment, the method according to the present invention is used for a single sign-on. Referring to the above description of single sign-on, e.g. in line with the LAP specifications, the present invention provides a method for blinding the identity of the service provider SP towards the identity provider IdP.
-
公开(公告)号:AU2003227565A1
公开(公告)日:2004-10-25
申请号:AU2003227565
申请日:2003-04-04
Applicant: ERICSSON TELEFON AB L M
Inventor: BUSBOOM AXEL , HOLTMANNS SILKE , QUINET RAPHAEL , SCHUBA MARKO
IPC: H04L29/06
Abstract: A method for provision of access for a data requesting entity (IRE) to data related to a principal is disclosed, comprising the steps of (i) creating an access granting ticket comprising an access specification specifying a permission for an access to data related to the principal, said data being available at a data providing entity (IPE1), and a principal identifier representing the principal towards the data providing entity (IPE1), (ii) encrypting the access granting ticket with an encryption key of the data providing entity (IPE1), (iii) communicating to the data requesting entity (IRE) the encrypted access granting ticket accompanied by an identifier of the data providing entity (IPE1), (iv) communicating from the data requesting entity (IRE) to the data providing entity (IPE1) a request comprising the encrypted access granting ticket, (v) decrypting the encrypted access granting ticket with a decryption key of the data providing entity (IPE1) corresponding to the encryption key, (vi) providing to the data requesting entity (IRE) access to data related to the principal identifier according to the access specification.
-
-
-
-
-
-
-
-
-
Search Results
16
records
(took 0.026 seconds)
