-
公开(公告)号:US08613043B2
公开(公告)日:2013-12-17
申请号:US13413638
申请日:2012-03-06
申请人: Dmitriy Fot , Ivan Milman , Martin Oberhofer
发明人: Dmitriy Fot , Ivan Milman , Martin Oberhofer
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , H04L63/20
摘要: A method for identity mediation in an enterprise service bus is provided in the illustrative embodiments. A security information is received at the enterprise service bus from a first application executing in a first data processing system. The security information is a part of a request for service from a second application executing in a second data processing system. A part of the security information is identified to be transformed such that the part upon transformation is usable for handling the request by the second application. A security policy applicable to the identified part is selected and the identified part is transformed according to the security policy. The transforming results in a transformed security information. The transformed security information is sent to the second application.
摘要翻译: 在说明性实施例中提供了企业服务总线中的身份中介的方法。 从在第一数据处理系统中执行的第一应用程序在企业服务总线接收安全信息。 安全信息是来自在第二数据处理系统中执行的第二应用程序的服务请求的一部分。 识别安全信息的一部分被变换,使得转换后的部分可用于处理第二应用的请求。 选择适用于识别的部分的安全策略,并根据安全策略转换已识别的部分。 转型导致转换的安全信息。 已转换的安全信息被发送到第二个应用程序。
-
公开(公告)号:US20110154435A1
公开(公告)日:2011-06-23
申请号:US12644072
申请日:2009-12-22
申请人: Dimitriy Fot , Ivan Milman , Martin Oberhofer
发明人: Dimitriy Fot , Ivan Milman , Martin Oberhofer
IPC分类号: G06F17/00
CPC分类号: H04L63/102 , H04L63/20
摘要: A method, system, and computer usable program product for identity mediation in an enterprise service bus are provided in the illustrative embodiments. A security information is received at the enterprise service bus from a first application executing in a first data processing system. The security information is a part of a request for service from a second application executing in a second data processing system. A part of the security information is identified to be transformed such that the part upon transformation is usable for handling the request by the second application. A security policy applicable to the identified part is selected and the identified part is transformed according to the security policy. The transforming results in a transformed security information. The transformed security information is sent to the second application.
摘要翻译: 在说明性实施例中提供了用于企业服务总线中的身份中介的方法,系统和计算机可用程序产品。 从在第一数据处理系统中执行的第一应用程序在企业服务总线接收安全信息。 安全信息是来自在第二数据处理系统中执行的第二应用程序的服务请求的一部分。 识别安全信息的一部分被变换,使得转换后的部分可用于处理第二应用的请求。 选择适用于识别的部分的安全策略,并根据安全策略转换已识别的部分。 转型导致转换的安全信息。 已转换的安全信息被发送到第二个应用程序。
-
3.发明授权Method and system for coupling an X.509 digital certificate with a host identity 有权将X.509数字证书与主机标识相连接的方法和系统公开(公告)号:US06854056B1
公开(公告)日:2005-02-08
申请号:US09667090
申请日:2000-09-21
申请人: Messaoud Benantar , Thomas L. Gindin , Ivan Milman
发明人: Messaoud Benantar , Thomas L. Gindin , Ivan Milman
CPC分类号: H04L9/3263 , H04L2209/60 , H04L2209/76
摘要: A method or system is presented for coupling identities through the use of digital certificates, thereby allowing a client to be authenticated for a variety of services without those services having to modify their existing methods of authentication. The client generates a request for a digital certificate containing its host identity for a targeted host and secret data associated with its host identity. The secret data has been encrypted using the public key of the certifying authority that receives the request for the digital certificate. The certifying authority decrypts the secret data using its private key and encrypts the secret data using the public key of the targeted host. The digital certificate is then generated and returned to the client. At some point in time, a host receives the certificate from the client and obtains the client's host identity from the certificate, i.e. the host identity uniquely identifies the client or the user of the client to the host. Encrypted secret data associated with the host identity, such as a password, is also retrieved from the digital certificate. The host decrypts the secret data with its private key, and the host then authenticates the client using the host identity and the decrypted secret data for various services. The digital certificate may be formatted according to the X.509 standard, and the host identity and secret information may be stored in an X.509 extension within the digital certificate.
摘要翻译: 呈现一种通过使用数字证书来耦合身份的方法或系统,从而允许客户端针对各种服务进行身份验证,而不需要修改其现有认证方法的那些服务。 客户端生成包含其目标主机的主机身份的数字证书的请求以及与其主机身份相关联的秘密数据。 秘密数据已使用接收数字证书请求的认证机构的公钥加密。 认证机构使用其私钥对秘密数据进行解密,并使用目标主机的公钥对秘密数据进行加密。 然后生成数字证书并将其返回给客户端。 在某个时间点,主机从客户端接收证书,并从证书中获取客户端的主机标识,即主机标识将主机的客户端或客户端的用户唯一标识。 还从数字证书中检索与主机身份相关联的加密秘密数据,例如密码。 主机使用其私钥对秘密数据进行解密,然后主机使用主机身份和解密的各种服务的秘密数据来验证客户端。 数字证书可以根据X.509标准格式化,并且主机身份和秘密信息可以存储在数字证书中的X.509扩展中。
-
公开(公告)号:US20060236382A1
公开(公告)日:2006-10-19
申请号:US11097587
申请日:2005-04-01
申请人: Heather Hinton , Ivan Milman , Venkat Raghavan , Shane Weeden
发明人: Heather Hinton , Ivan Milman , Venkat Raghavan , Shane Weeden
IPC分类号: G06F17/30
CPC分类号: H04L63/0815 , G06F21/41
摘要: A method, system, apparatus, and computer program product are presented to support computing systems of different enterprises that interact within a federated computing environment. Federated single-sign-on operations can be initiated at the computing systems of federation partners on behalf of a user even though the user has not established a user account at a federation partner prior to the initiation of the single-sign-on operation. For example, an identity provider can initiate a single-sign-on operation at a service provider while attempting to obtain access to a controlled resource on behalf of a user. When the service provider recognizes that it does not have a linked user account for the user that allows for a single-sign-on operation with the identity provider, the service provider creates a local user account. The service provider can also pull user attributes from the identity provider as necessary to perform the user account creation operation.
-
公开(公告)号:US20120227082A1
公开(公告)日:2012-09-06
申请号:US13413638
申请日:2012-03-06
申请人: Dmitriy Fot , Ivan Milman , Martin Oberhofer
发明人: Dmitriy Fot , Ivan Milman , Martin Oberhofer
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , H04L63/20
摘要: A method for identity mediation in an enterprise service bus is provided in the illustrative embodiments. A security information is received at the enterprise service bus from a first application executing in a first data processing system. The security information is a part of a request for service from a second application executing in a second data processing system. A part of the security information is identified to be transformed such that the part upon transformation is usable for handling the request by the second application. A security policy applicable to the identified part is selected and the identified part is transformed according to the security policy. The transforming results in a transformed security information. The transformed security information is sent to the second application.
摘要翻译: 在说明性实施例中提供了企业服务总线中的身份中介的方法。 从在第一数据处理系统中执行的第一应用程序在企业服务总线接收安全信息。 安全信息是来自在第二数据处理系统中执行的第二应用程序的服务请求的一部分。 识别安全信息的一部分被变换,使得转换后的部分可用于处理第二应用的请求。 选择适用于识别的部分的安全策略,并根据安全策略转换已识别的部分。 转型导致转换的安全信息。 已转换的安全信息被发送到第二个应用程序。
-
公开(公告)号:US08321909B2
公开(公告)日:2012-11-27
申请号:US12644072
申请日:2009-12-22
申请人: Dmitriy Fot , Ivan Milman , Martin Oberhofer
发明人: Dmitriy Fot , Ivan Milman , Martin Oberhofer
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , H04L63/20
摘要: A system, and computer usable program product for identity mediation in an enterprise service bus are provided in the illustrative embodiments. A security information is received at the enterprise service bus from a first application executing in a first data processing system. The security information is a part of a request for service from a second application executing in a second data processing system. A part of the security information is identified to be transformed such that the part upon transformation is usable for handling the request by the second application. A security policy applicable to the identified part is selected and the identified part is transformed according to the security policy. The transforming results in a transformed security information. The transformed security information is sent to the second application.
摘要翻译: 在说明性实施例中提供了用于企业服务总线中的身份中介的系统和计算机可用程序产品。 从在第一数据处理系统中执行的第一应用程序在企业服务总线接收安全信息。 安全信息是来自在第二数据处理系统中执行的第二应用程序的服务请求的一部分。 识别安全信息的一部分被变换,使得转换后的部分可用于处理第二应用的请求。 选择适用于识别的部分的安全策略,并根据安全策略转换已识别的部分。 转型导致转换的安全信息。 已转换的安全信息被发送到第二个应用程序。
-
公开(公告)号:US20060136990A1
公开(公告)日:2006-06-22
申请号:US11014553
申请日:2004-12-16
申请人: Heather Hinton , Anthony Moran , Dolapo Falola , Ivan Milman , Patrick Wardrop
发明人: Heather Hinton , Anthony Moran , Dolapo Falola , Ivan Milman , Patrick Wardrop
IPC分类号: H04L9/32
CPC分类号: H04L63/0815 , H04L67/30
摘要: The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requesters is configured prior to initialization of the runtimes. Configuration data is structured into global specified data, federation relationship data and requestor specific data to minimize data change, making the addition or deletion of requesters very scalable.
摘要翻译: 本发明通过一组专用的运行时提供数据处理系统内的联合功能。 多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据,为选择的请求者提供所请求的联合服务。 在运行时的初始化期间动态地检索配置数据,这允许相应的运行时间针对给定的联合关系专门化。 请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。 在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。 配置数据被构建为全局指定数据,联合关系数据和请求者特定数据,以最小化数据更改,从而使请求者的添加或删除非常可扩展。
-
公开(公告)号:US20050154264A1
公开(公告)日:2005-07-14
申请号:US10753853
申请日:2004-01-08
CPC分类号: A61B5/486 , A61B5/0002 , A61B5/02 , A61B5/024 , A61B5/0533 , A61B5/4884
摘要: A mechanism to monitor an individual's level of stress in his or her home or workplace is provided. Unobtrusive physiologic stress senses are used in combination with a wireless link and a personal computer or other intelligent device to monitor the user's stress level. Based on a user profile and the user's baseline stress indicators, one or more stress-reducing activities are presented to the user. Additionally, if a user is in a stress-sensitive population, for example, persons with a pre-existing hypertension, the user may selectively enable additional alerts.
摘要翻译: 提供了监测个人在家中或工作场所的压力水平的机制。 不引人注意的生理应激感与无线链路和个人计算机或其他智能设备结合使用以监视用户的压力水平。 基于用户简档和用户的基准压力指标,向用户呈现一个或多个减轻压力的活动。 此外,如果用户处于压力敏感的人群中,例如,具有预先存在的高血压的人,则用户可以选择性地启用附加警报。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.011 秒)
