中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

19 records (took 0.02 seconds)

    POLICY DRIVEN, CREDENTIAL DELEGATION FOR SINGLE SIGN ON AND SECURE ACCESS TO NETWORK RESOURCES
    1.
    发明申请
    POLICY DRIVEN, CREDENTIAL DELEGATION FOR SINGLE SIGN ON AND SECURE ACCESS TO NETWORK RESOURCES 审中-公开
    政策驱动,单一登录和安全访问网络资源的认证代表

    公开(公告)号:WO2007139944A3

    公开(公告)日:2008-02-14

    申请号:PCT/US2007012512

    申请日:2007-05-25

    Applicant: MICROSOFT CORP

    Inventor: MEDVINSKY GENNADY ILAC CRISTIAN HAGIU COSTIN PARSONS JOHN E FATHALLA MOHAMED EMAD EL DIN LEACH PAUL J KAMEL TAREK BUHAA EL-DIN MAHMO

    IPC: G06F15/00 H04L9/32

    CPC classification number: H04L63/0815 H04L9/3273 H04L63/20 H04L2209/80

    Abstract: A credential security support provider (Cred SSP) enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software. The Cred SSP provides a secure solution based in part upon a set of policies. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.

    Abstract translation: 凭证安全支持提供商(Cred SSP)使任何应用程序能够通过客户端安全支持提供商(SSP)软件将用户的凭据安全地委派给目标服务器,通过服务器端SSP软件。 Cred SSP提供了一部分基于一组策略的安全解决方案。 这些策略可以用于任何类型的用户凭证,并且不同的策略被设计为减轻广泛的攻击,从而可以针对给定的授权情况,网络条件,信任级别等进行适当的委托。此外,只有可信的子系统,例如 ,本地安全机构(LSA)的受信任的子系统可以访问明文凭据,使得服务器端的Cred SSP API的呼叫应用程序和客户端的Cred SSP API的呼叫应用都不具有访问权限 清除文本凭据。

    Credential interface
    2.
    发明专利
    Credential interface 未知

    公开(公告)号:NZ562675A

    公开(公告)日:2010-05-28

    申请号:NZ56267505

    申请日:2005-07-28

    Applicant: MICROSOFT CORP

    Inventor: RUZYSKI DAVID M HONG JAMES H MCNEIL BRIAN K GUZAK CHRIS J WENTZ BRIAN D SCHUTZ KLAUS U RICHARDS STEFAN PERLIN ERIC C ILAC CRISTIAN REASOR STERLING M FLO ERIC R STEPHENS JOHN HUTZ BENJAMIN A

    IPC: H04L9/32 G06F21/00

    Abstract: A method of authenticating a user is disclosed. Multiple sets of credential information for multiple credentials and from multiple credential providers are received. Each set of credential information to enable tailoring of a portion of a graphical user interface to present one of the multiple credentials and to specify an acceptable credential type for the one of the multiple credentials. A request to authenticate the user is received. The multiple credentials are presented on the graphical user interface. The graphical user interface includes a corresponding portion for each of the multiple credentials that is tailored based on its set of credential information. An authenticator for one of the multiple credentials that is of the acceptable credential type is received. The authenticator is capable of authenticating the user. Alternatively a method of authenticating a user comprises gathering sets of information associated with two or more credentials. Each of the credentials capable of authenticating users and the sets of information are associated with the each of the credentials including instructions for submitting an authenticator for the each of the credentials to an authenticating entity. A graphical user interface to display the sets of information associated with the two or more credentials is tailored and the graphical user interface is presented. The graphical user interface enables selection of at least one of the two credentials.

    5.
    发明专利
    未知

    公开(公告)号:BRPI0711702A2

    公开(公告)日:2011-11-29

    申请号:BRPI0711702

    申请日:2007-05-25

    Applicant: MICROSOFT CORP

    Inventor: MEDVINSKY GENNADY ILAC CRISTIAN HAGIUS COSTIN PARSONS JOHN E EL DIN FATHALLA MOHAMED EMAD LEACH PAUL J EL-DIN MAHMOUD KAMEL TAREK BUHAA

    IPC: G06F15/00 H04L9/32

    Abstract: A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.

    7.
    发明专利
    未知

    公开(公告)号:BRPI0403559A

    公开(公告)日:2005-06-21

    申请号:BRPI0403559

    申请日:2004-08-26

    Applicant: MICROSOFT CORP

    Inventor: SCHUTZ KLAUS U RICHARDS STEFAN PERLIN ERIC C ILAC CRISTIAN REASOR STERLING M FLO ERIC STEPHENS JOHN HUTZ BENJAMIN A

    IPC: G06F21/20 G06F21/00 G09C1/00 H04L9/32 G07F7/08

    Abstract: A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from the logon UI module via a corresponding one of different pre-log access provider (FLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected FLAP module when the credential is authenticated with the credential database.

    INTEROPERABLE CREDENTIAL GATHERING AND ACCESS MODULARITY
    10.
    发明专利
    INTEROPERABLE CREDENTIAL GATHERING AND ACCESS MODULARITY 未知

    公开(公告)号:CA2482081A1

    公开(公告)日:2005-04-24

    申请号:CA2482081

    申请日:2004-09-16

    Applicant: MICROSOFT CORP

    Inventor: STEPHENS JOHN FLO ERIC R ILAC CRISTIAN PERLIN ERIC C REASOR STERLING M RICHARDS STEFAN HUTZ BENJAMIN A SCHUTZ KLAUS U

    IPC: G06F21/20 G06F21/00 G09C1/00 H04L9/32

    Abstract: A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from t he logon UI module via a corresponding one of different pre-log access provider (PLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected PLAP module when the credential is authenticated with the credential database.

Patent Agency Ranking