公开(公告)号：JP2014041652A

公开(公告)日：2014-03-06

申请号：JP2013228511

申请日：2013-11-01

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： NIR NICE ,  ANANIEV OLEG ,  WOHLFERT JOHN F ,  FINKELSTEIN AMIT ,  TEPLITSKY ALEXANDER

IPC: G06F21/31

CPC classification number: H04L63/0281 ,  G06F21/31 ,  H04L63/08 ,  H04L63/0884 ,  H04L67/146 ,  H04L67/28

Abstract: PROBLEM TO BE SOLVED: To provide authentication for a distributed secure content management system.SOLUTION: In some aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.

Abstract translation: 要解决的问题：为分布式安全内容管理系统提供认证。解决方案：在某些方面，通过因特网访问可用资源的请求被路由到安全组件。 安全组件是分布在整个互联网上的多个安全组件之一，负责认证与企业相关联的实体。 安全组件确定与实体一起使用的身份验证协议，然后验证实体。 如果实体被认证，则允许实体使用转发代理。

公开(公告)号：WO2008127447A3

公开(公告)日：2009-03-26

申请号：PCT/US2007086122

申请日：2007-11-30

Applicant: MICROSOFT CORP

Inventor： MEDVINSKY GENNADY ,  NICE NIR ,  SHIRAN TOMER ,  TEPLITSKY ALEXANDER

IPC: H04L9/00 ,  H04L12/22

CPC classification number: H04L63/166 ,  G06F21/33 ,  G06F2221/2115 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3271 ,  H04L29/06965 ,  H04L63/0823 ,  H04L2209/38

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portin of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as a user.

Abstract translation: 在实体链中委托认证的方法依赖于在网关设备和用户之间记录TLS握手的至少一部分，其中用户需要访问期望的服务器。 该方法然后依赖于在TLS握手的记录端口中重新验证加密证据，TLS握手被转发到（1）到需要访问的服务器，在这种情况下，服务器重新验证记录部分以确认认证 ，或（2）到第三方实体，在这种情况下，第三方实体确认认证，并向网关服务器提供凭证，然后网关服务器使用凭证作为用户对服务器进行身份验证。

公开(公告)号：WO2009151730A2

公开(公告)日：2009-12-17

申请号：PCT/US2009038673

申请日：2009-03-27

Applicant: MICROSOFT CORP

Inventor： NICE NIR ,  ANANIEV OLEG ,  WOHLFERT JOHN F ,  FINKELSTEIN AMIT ,  TEPLITSKY ALEXANDER

IPC: G06F21/00 ,  G06F21/24

CPC classification number: H04L63/0281 ,  G06F21/31 ,  H04L63/08 ,  H04L63/0884 ,  H04L67/146 ,  H04L67/28

Abstract: Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.

Abstract translation: 本文描述的主题的方面涉及用于分布式安全内容管理系统的认证。 在方面，将访问通过因特网可用的资源的请求路由到安全组件。 安全组件是分布在整个互联网上的多个安全组件之一，负责认证与企业相关联的实体。 安全组件确定与实体一起使用的身份验证协议，然后验证实体。 如果实体被认证，则允许实体使用转发代理。

公开(公告)号：EP2304639A4

公开(公告)日：2014-12-10

申请号：EP09763023

申请日：2009-03-27

Applicant: MICROSOFT CORP

Inventor： NICE NIR ,  ANANIEV OLEG ,  WOHLFERT JOHN F ,  FINKELSTEIN AMIT ,  TEPLITSKY ALEXANDER

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/0281 ,  G06F21/31 ,  H04L63/08 ,  H04L63/0884 ,  H04L67/146 ,  H04L67/28

Abstract: Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.

公开(公告)号：EP2098006A4

公开(公告)日：2012-07-04

申请号：EP07873646

申请日：2007-11-30

Applicant: MICROSOFT CORP

Inventor： MEDVINSKY GENNADY ,  NICE NIR ,  SHIRAN TOMER ,  TEPLITSKY ALEXANDER

IPC: H04L9/00 ,  H04L12/22

CPC classification number: H04L63/166 ,  G06F21/33 ,  G06F2221/2115 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3271 ,  H04L29/06965 ,  H04L63/0823 ,  H04L2209/38

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.