公开(公告)号：WO2005006703A3

公开(公告)日：2005-03-24

申请号：PCT/EP2004050864

申请日：2004-05-19

Applicant: IBM ,  HAGMEIER JOACHIM ,  BRUCHLOS JOACHIM ,  KUSSMAUL TIMO

Inventor： HAGMEIER JOACHIM ,  BRUCHLOS JOACHIM ,  KUSSMAUL TIMO

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0823 ,  H04L63/0884 ,  H04L67/02 ,  H04L69/22

Abstract: The idea of the present invention is to replace the existing password/user ID based authentication process by a new digital signature authentication process in which preferably the first HTTP-request header is extended by the client authentication information independently of the authentication process used by the destination server and without server requesting authentication information. The authentication information preferably includes the client certificate containing the client public key, signed by certification authority, and preferably a hash value calculated over the HTTP-request header data being sent in the request, and encrypted with the Client's private key. The certificate and digital signature may be added during the creation of the HTTP-request header in the client system itself, or may be added later in a server acting as a gateway, proxy, or tunnel. A destination server that does not support the new digital signature authentication process will simply ignore the certificate and digital signature in the HTTP-request header and will automatically initiate its own authentication process. The present invention simplifies the existing digital signature authentication process and concurrently allows the coexistence of different authentication processes without changing the HTTP-protocol or causing unnecessary network traffic.

Abstract translation: 本发明的思想是通过新的数字签名认证过程替换现有的基于密码/用户ID的认证过程，其中优选地，第一HTTP请求报头由客户端认证信息扩展，独立于目的地使用的认证过程 服务器，无服务器请求认证信息。 认证信息优选地包括包含由认证机构签名的客户端公钥的客户端证书，并且优选地包括在请求中发送的HTTP请求报头数据上计算的散列值，并且用客户端的私钥加密。 可以在客户端系统本身的HTTP请求头部的创建过程中添加证书和数字签名，或者可以在作为网关，代理或隧道的服务器中稍后添加。 不支持新的数字签名认证过程的目标服务器将简单地忽略HTTP请求头中的证书和数字签名，并自动启动自己的认证过程。 本发明简化了现有的数字签名认证过程，并且同时允许不同认证过程的共存而不改变HTTP协议或引起不必要的网络流量。

公开(公告)号：DE602004012870T2

公开(公告)日：2009-05-14

申请号：DE602004012870

申请日：2004-05-19

Applicant: IBM

Inventor： HAGMEIER JOACHIM ,  BRUCHLOS JOACHIM ,  KUSSMAUL TIMO

IPC: H04L29/06 ,  H04L29/08

Abstract: The idea of the present invention is to replace the existing password/user ID based authentication process by a new digital signature authentication process in which preferably the first HTTP-request header is extended by the client authentication information independently of the authentication process used by the destination server and without server requesting authentication information. The authentication information preferably includes the client certificate containing the client public key, signed by certification authority, and preferably a hash value calculated over the HTTP-request header data being sent in the request, and encrypted with the Client's private key. The certificate and digital signature may be added during the creation of the HTTP-request header in the client system itself, or may be added later in a server acting as a gateway, proxy, or tunnel. A destination server that does not support the new digital signature authentication process will simply ignore the certificate and digital signature in the HTTP-request header and will automatically initiate its own authentication process. The present invention simplifies the existing digital signature authentication process and concurrently allows the coexistence of different authentication processes without changing the HTTP-protocol or causing unnecessary network traffic.

公开(公告)号：DE602004012870D1

公开(公告)日：2008-05-15

申请号：DE602004012870

申请日：2004-05-19

Applicant: IBM

Inventor： HAGMEIER JOACHIM ,  BRUCHLOS JOACHIM ,  KUSSMAUL TIMO

IPC: H04L29/06 ,  H04L29/08

Abstract: The idea of the present invention is to replace the existing password/user ID based authentication process by a new digital signature authentication process in which preferably the first HTTP-request header is extended by the client authentication information independently of the authentication process used by the destination server and without server requesting authentication information. The authentication information preferably includes the client certificate containing the client public key, signed by certification authority, and preferably a hash value calculated over the HTTP-request header data being sent in the request, and encrypted with the Client's private key. The certificate and digital signature may be added during the creation of the HTTP-request header in the client system itself, or may be added later in a server acting as a gateway, proxy, or tunnel. A destination server that does not support the new digital signature authentication process will simply ignore the certificate and digital signature in the HTTP-request header and will automatically initiate its own authentication process. The present invention simplifies the existing digital signature authentication process and concurrently allows the coexistence of different authentication processes without changing the HTTP-protocol or causing unnecessary network traffic.

公开(公告)号：DE602004006648T2

公开(公告)日：2008-01-31

申请号：DE602004006648

申请日：2004-12-01

Applicant: IBM

Inventor： BRUCHLOS JOACHIM ,  HAGMEIER JOACHIM ,  KUEBLER DIETMAR ,  KUSSMAUL TIMO

IPC: H04L12/26 ,  G06Q30/00 ,  G07F19/00 ,  H04L12/14

Abstract: A utilization method and system within a communication network comprises at least one service provider and at least one service consumer. In particular, a there is license contract method and system for validating web services during runtime. At least one parameter is provided to define, if and how many meter event requests associated with service requests may be stored in a cache memory. The parameter is predefined and may be contained in the license contract. Further, a counter may be provided for counting the service requests. The actual status of the counter is sent to the service consumer and/or the service provider.

公开(公告)号：AT391385T

公开(公告)日：2008-04-15

申请号：AT04741609

申请日：2004-05-19

Applicant: IBM

Inventor： HAGMEIER JOACHIM ,  BRUCHLOS JOACHIM ,  KUSSMAUL TIMO

IPC: H04L29/06 ,  H04L29/08

Abstract: The idea of the present invention is to replace the existing password/user ID based authentication process by a new digital signature authentication process in which preferably the first HTTP-request header is extended by the client authentication information independently of the authentication process used by the destination server and without server requesting authentication information. The authentication information preferably includes the client certificate containing the client public key, signed by certification authority, and preferably a hash value calculated over the HTTP-request header data being sent in the request, and encrypted with the Client's private key. The certificate and digital signature may be added during the creation of the HTTP-request header in the client system itself, or may be added later in a server acting as a gateway, proxy, or tunnel. A destination server that does not support the new digital signature authentication process will simply ignore the certificate and digital signature in the HTTP-request header and will automatically initiate its own authentication process. The present invention simplifies the existing digital signature authentication process and concurrently allows the coexistence of different authentication processes without changing the HTTP-protocol or causing unnecessary network traffic.

公开(公告)号：AT363169T

公开(公告)日：2007-06-15

申请号：AT04804639

申请日：2004-12-01

Applicant: IBM

Inventor： BRUCHLOS JOACHIM ,  HAGMEIER JOACHIM ,  KUEBLER DIETMAR ,  KUSSMAUL TIMO

IPC: H04L12/26 ,  G06Q30/00 ,  G07F19/00 ,  H04L12/14

Abstract: A utilization method and system within a communication network comprises at least one service provider and at least one service consumer. In particular, a there is license contract method and system for validating web services during runtime. At least one parameter is provided to define, if and how many meter event requests associated with service requests may be stored in a cache memory. The parameter is predefined and may be contained in the license contract. Further, a counter may be provided for counting the service requests. The actual status of the counter is sent to the service consumer and/or the service provider.

公开(公告)号：ES2284075T3

公开(公告)日：2007-11-01

申请号：ES04804639

申请日：2004-12-01

Applicant: IBM

Inventor： BRUCHLOS JOACHIM ,  HAGMEIER JOACHIM ,  KUEBLER DIETMAR ,  KUSSMAUL TIMO

IPC: H04L12/26 ,  G06Q30/00 ,  G07F19/00 ,  H04L12/14

Abstract: Un método de utilización dentro de una red de comunicación que comprende al menos un proveedor (36; 38) del servicio y al menos un consumidor (32) del servicio, en el que el proveedor (36; 38) del servicio proporciona servicios al consumidor (32) del servicio, comprendiendo dicho método los pasos de: a) recibir un mensaje de solicitud de servicio del consumidor (32) del servicio; b) generar una solicitud de suceso de medida asociada con la solicitud del servicio; c) comparar el contenido real de una memoria oculta (70) con al menos un parámetro (CEP, CFP); d) almacenar la solicitud de suceso de medida en la memoria oculta (70), si esto está permitido dependiendo de dicha comparación; o e) enviar la solicitud de suceso de medida y el contenido de la memoria oculta (70) a un servicio (52) de tarificación con el fin de procesar las solicitudes de suceso de medida, si la solicitud de suceso de medida no puede ser almacenada en la memoria oculta (70) dependiendo de dicha comparación; caracterizado porque dicho al menos un parámetro (CEP, CFP) está asociado con la solicitud del servicio y con un convenio predefinido, y dicho parámetro (CEP, CFP) define, si y cuántas solicitudes de suceso de medida pueden ser almacenadas en la memoria oculta (70).

公开(公告)号：DE602004006648D1

公开(公告)日：2007-07-05

申请号：DE602004006648

申请日：2004-12-01

Applicant: IBM

Inventor： BRUCHLOS JOACHIM ,  HAGMEIER JOACHIM ,  KUEBLER DIETMAR ,  KUSSMAUL TIMO

IPC: G06Q30/00 ,  H04L12/26 ,  G07F19/00 ,  H04L12/14

Abstract: A utilization method and system within a communication network comprises at least one service provider and at least one service consumer. In particular, a there is license contract method and system for validating web services during runtime. At least one parameter is provided to define, if and how many meter event requests associated with service requests may be stored in a cache memory. The parameter is predefined and may be contained in the license contract. Further, a counter may be provided for counting the service requests. The actual status of the counter is sent to the service consumer and/or the service provider.