CN100534092C - 用于执行认证操作的方法及其装置 - Google Patents

用于执行认证操作的方法及其装置 Download PDF

Info

Publication number
CN100534092C
CN100534092C CNB2004800203123A CN200480020312A CN100534092C CN 100534092 C CN100534092 C CN 100534092C CN B2004800203123 A CNB2004800203123 A CN B2004800203123A CN 200480020312 A CN200480020312 A CN 200480020312A CN 100534092 C CN100534092 C CN 100534092C
Authority
CN
China
Prior art keywords
server
client
certificate
resource
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB2004800203123A
Other languages
English (en)
Chinese (zh)
Other versions
CN1823513A (zh
Inventor
保罗·A.·阿施利
斯里达·穆匹迪
马克·范登瓦尤沃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN1823513A publication Critical patent/CN1823513A/zh
Application granted granted Critical
Publication of CN100534092C publication Critical patent/CN100534092C/zh
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)
  • Treatment And Processing Of Natural Fur Or Leather (AREA)
CNB2004800203123A 2003-07-17 2004-07-09 用于执行认证操作的方法及其装置 Expired - Lifetime CN100534092C (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/621,927 2003-07-17
US10/621,927 US7395424B2 (en) 2003-07-17 2003-07-17 Method and system for stepping up to certificate-based authentication without breaking an existing SSL session

Publications (2)

Publication Number Publication Date
CN1823513A CN1823513A (zh) 2006-08-23
CN100534092C true CN100534092C (zh) 2009-08-26

Family

ID=34063095

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004800203123A Expired - Lifetime CN100534092C (zh) 2003-07-17 2004-07-09 用于执行认证操作的方法及其装置

Country Status (9)

Country Link
US (1) US7395424B2 (enExample)
EP (1) EP1661362B1 (enExample)
JP (1) JP4886508B2 (enExample)
KR (1) KR100946110B1 (enExample)
CN (1) CN100534092C (enExample)
AT (1) ATE446638T1 (enExample)
CA (1) CA2528486C (enExample)
DE (1) DE602004023728D1 (enExample)
WO (1) WO2005015872A1 (enExample)

Families Citing this family (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7403995B2 (en) * 2003-01-08 2008-07-22 Outhink, Inc. Symmetrical bi-directional communication
JP2004334330A (ja) * 2003-04-30 2004-11-25 Sony Corp 端末機器、提供サーバ、電子情報利用方法、電子情報提供方法、端末機器プログラム、提供サーバプログラム、仲介プログラム、及び記憶媒体
US9614772B1 (en) 2003-10-20 2017-04-04 F5 Networks, Inc. System and method for directing network traffic in tunneling applications
US20050228999A1 (en) * 2004-04-09 2005-10-13 Arcot Systems, Inc. Audit records for digitally signed documents
US8185945B1 (en) * 2005-03-02 2012-05-22 Crimson Corporation Systems and methods for selectively requesting certificates during initiation of secure communication sessions
US9692725B2 (en) 2005-05-26 2017-06-27 Citrix Systems, Inc. Systems and methods for using an HTTP-aware client agent
US9621666B2 (en) 2005-05-26 2017-04-11 Citrix Systems, Inc. Systems and methods for enhanced delta compression
US9407608B2 (en) 2005-05-26 2016-08-02 Citrix Systems, Inc. Systems and methods for enhanced client side policy
US8397287B2 (en) * 2006-08-21 2013-03-12 Citrix Systems, Inc. Method and system for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute
US8943304B2 (en) * 2006-08-03 2015-01-27 Citrix Systems, Inc. Systems and methods for using an HTTP-aware client agent
US20060294366A1 (en) * 2005-06-23 2006-12-28 International Business Machines Corp. Method and system for establishing a secure connection based on an attribute certificate having user credentials
NL1030558C2 (nl) * 2005-11-30 2007-05-31 Sdu Identification Bv Systeem en werkwijze voor het aanvragen en verstrekken van een autorisatiedocument.
US8316429B2 (en) * 2006-01-31 2012-11-20 Blue Coat Systems, Inc. Methods and systems for obtaining URL filtering information
FR2897489B1 (fr) * 2006-02-15 2008-04-25 Credit Lyonnais Sa Authentification en toute confiance d'un utilisateur par un serveur
US20070283142A1 (en) * 2006-06-05 2007-12-06 Microsoft Corporation Multimode authentication using VOIP
US20070283143A1 (en) * 2006-06-06 2007-12-06 Kabushiki Kaisha Toshiba System and method for certificate-based client registration via a document processing device
US8566925B2 (en) * 2006-08-03 2013-10-22 Citrix Systems, Inc. Systems and methods for policy based triggering of client-authentication at directory level granularity
US8413229B2 (en) 2006-08-21 2013-04-02 Citrix Systems, Inc. Method and appliance for authenticating, by an appliance, a client to access a virtual private network connection, based on an attribute of a client-side certificate
US8181227B2 (en) * 2006-08-29 2012-05-15 Akamai Technologies, Inc. System and method for client-side authenticaton for secure internet communications
US20080091817A1 (en) * 2006-10-12 2008-04-17 Technology Patents, Llc Systems and methods for locating terrorists
US8051475B2 (en) * 2006-11-01 2011-11-01 The United States Of America As Represented By The Secretary Of The Air Force Collaboration gateway
US20080215675A1 (en) * 2007-02-01 2008-09-04 Worklight Ltd. Method and system for secured syndication of applications and applications' data
JP4494521B2 (ja) * 2007-06-27 2010-06-30 Gmoグローバルサイン株式会社 サーバ証明書発行システム
CN100512313C (zh) * 2007-08-08 2009-07-08 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接系统
CN101388772B (zh) * 2007-09-10 2011-11-30 捷德(中国)信息科技有限公司 一种数字签名方法和系统
CN101388771B (zh) * 2007-09-10 2010-12-15 捷德(中国)信息科技有限公司 一种下载数字证书的方法和系统
US8230435B2 (en) 2008-02-12 2012-07-24 International Business Machines Corporation Authenticating a processing system accessing a resource
US8412932B2 (en) * 2008-02-28 2013-04-02 Red Hat, Inc. Collecting account access statistics from information provided by presence of client certificates
US9832069B1 (en) 2008-05-30 2017-11-28 F5 Networks, Inc. Persistence based on server response in an IP multimedia subsystem (IMS)
US20100031312A1 (en) * 2008-07-29 2010-02-04 International Business Machines Corporation Method for policy based and granular approach to role based access control
JP4252620B1 (ja) * 2008-08-27 2009-04-08 グローバルサイン株式会社 サーバ証明書発行システム
JP2010108237A (ja) * 2008-10-30 2010-05-13 Nec Corp 情報処理システム
US8924707B2 (en) * 2009-04-28 2014-12-30 Hewlett-Packard Development Company, L.P. Communicating confidential information between an application and a database
US8418079B2 (en) 2009-09-01 2013-04-09 James J. Nicholas, III System and method for cursor-based application management
US8887264B2 (en) * 2009-09-21 2014-11-11 Ram International Corporation Multi-identity access control tunnel relay object
JP5105291B2 (ja) * 2009-11-13 2012-12-26 セイコーインスツル株式会社 長期署名用サーバ、長期署名用端末、長期署名用端末プログラム
US10015286B1 (en) 2010-06-23 2018-07-03 F5 Networks, Inc. System and method for proxying HTTP single sign on across network domains
JP2012043154A (ja) * 2010-08-18 2012-03-01 Canon Inc 情報処理装置及びその制御方法
US20120079278A1 (en) * 2010-09-28 2012-03-29 Microsoft Corporation Object security over network
CN101964800B (zh) * 2010-10-21 2015-04-22 神州数码网络(北京)有限公司 一种在ssl vpn中对数字证书用户认证的方法
JP5569440B2 (ja) * 2011-03-11 2014-08-13 ブラザー工業株式会社 通信装置およびコンピュータプログラム
US10110591B2 (en) * 2011-04-01 2018-10-23 Clawd Technologies Inc. System, method, server and computer-readable medium for real-time verification of a status of a member of an organization
JP5417628B2 (ja) * 2011-04-08 2014-02-19 株式会社日立製作所 署名サーバ、署名システム、および、署名処理方法
US8584224B1 (en) * 2011-04-13 2013-11-12 Symantec Corporation Ticket based strong authentication with web service
CN102195781B (zh) * 2011-05-30 2013-07-10 武汉理工大学 一种基于电子记录关联签名的电子证据取证系统
US9047456B2 (en) 2012-03-20 2015-06-02 Canon Information And Imaging Solutions, Inc. System and method for controlling access to a resource
US9165126B1 (en) * 2012-10-30 2015-10-20 Amazon Technologies, Inc. Techniques for reliable network authentication
US10205750B2 (en) * 2013-03-13 2019-02-12 Intel Corporation Policy-based secure web boot
WO2014142857A1 (en) 2013-03-14 2014-09-18 Hewlett-Packard Development Company, L.P. Wireless communication of a user identifier and encrypted time-sensitive data
US9288208B1 (en) * 2013-09-06 2016-03-15 Amazon Technologies, Inc. Cryptographic key escrow
US9130996B1 (en) * 2014-03-26 2015-09-08 Iboss, Inc. Network notifications
US9300656B2 (en) 2014-08-21 2016-03-29 International Business Machines Corporation Secure connection certificate verification
US10250594B2 (en) 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US9690525B2 (en) * 2015-05-06 2017-06-27 Citrix Systems, Inc. Availability of devices based on location
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
US10257205B2 (en) * 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US10164971B2 (en) 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10158489B2 (en) 2015-10-23 2018-12-18 Oracle International Corporation Password-less authentication for access management
JP6108246B2 (ja) * 2015-11-04 2017-04-05 ブラザー工業株式会社 プリンタ
JP6551176B2 (ja) * 2015-11-10 2019-07-31 富士通株式会社 認証制御方法、認証プログラム、エージェントプログラム、サーバ装置、及びクライアント装置
EP3542274B1 (en) * 2016-11-18 2025-01-01 Veritas Technologies LLC Systems and methods for performing secure backup operations
US11107068B2 (en) 2017-08-31 2021-08-31 Bank Of America Corporation Inline authorization structuring for activity data transmission
US10523658B2 (en) * 2017-09-05 2019-12-31 Citrix Systems, Inc. Securing a data connection for communicating between two end-points
EP3544252A1 (en) * 2018-03-19 2019-09-25 Virtual Solution AG Methods and apparatus for controlling application-specific access to a secure network
US11005971B2 (en) * 2018-08-02 2021-05-11 Paul Swengler System and method for user device authentication or identity validation without passwords or matching tokens
CA3108917A1 (en) * 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11288399B2 (en) * 2019-08-05 2022-03-29 Visa International Service Association Cryptographically secure dynamic third party resources
FR3111203B1 (fr) * 2020-06-08 2023-02-10 Evidian Dispositif informatique et procédé pour l’authentification d’un utilisateur
CN111970301B (zh) * 2020-08-27 2022-11-04 北京浪潮数据技术有限公司 一种容器云平台安全通信系统
CN112751825B (zh) * 2020-12-07 2022-09-16 湖南麒麟信安科技股份有限公司 基于ssl证书的软件源发布权限控制方法及系统
US11341796B1 (en) 2021-01-04 2022-05-24 Bank Of America Corporation System for secure access and initiation using a remote terminal
CN113032829B (zh) * 2021-03-26 2022-06-10 山东英信计算机技术有限公司 多通道并发的文件权限管理方法、装置、服务器和介质
CN113347010B (zh) * 2021-08-05 2021-11-05 深圳市财富趋势科技股份有限公司 基于ssl-tls协议的双向认证方法、系统
CN117544318B (zh) * 2023-11-29 2024-10-01 中金金融认证中心有限公司 协同签名增强认证方法及增强认证系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1303049A (zh) * 2000-01-06 2001-07-11 国际商业机器公司 生成与使用无病毒文件证书的方法与系统
CN1350382A (zh) * 2001-11-29 2002-05-22 东南大学 基于pki的vpn密钥交换的实现方法
CN1351789A (zh) * 1999-05-21 2002-05-29 国际商业机器公司 初始化无线设备间安全通信和对其专用配对的方法和装置

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6380365A (ja) * 1986-09-24 1988-04-11 Hitachi Ltd 端末装置における不正取引防止方法
JP3505058B2 (ja) * 1997-03-28 2004-03-08 株式会社日立製作所 ネットワークシステムのセキュリティ管理方法
US6094485A (en) 1997-09-18 2000-07-25 Netscape Communications Corporation SSL step-up
GB2337671B (en) 1998-05-16 2003-12-24 Ibm Security mechanisms in a web server
WO2000027089A1 (en) 1998-10-30 2000-05-11 Lockstar, Inc. Secure authentication for access to back-end resources
US6367009B1 (en) 1998-12-17 2002-04-02 International Business Machines Corporation Extending SSL to a multi-tier environment using delegation of authentication and authority
US6584567B1 (en) * 1999-06-30 2003-06-24 International Business Machines Corporation Dynamic connection to multiple origin servers in a transcoding proxy
US6609198B1 (en) 1999-08-05 2003-08-19 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
JP2001202437A (ja) * 2000-01-20 2001-07-27 Kyocera Communication Systems Co Ltd サービスシステム
WO2001060012A2 (en) * 2000-02-11 2001-08-16 Verimatrix, Inc. Web based human services conferencing network
WO2001080479A1 (en) 2000-04-14 2001-10-25 Wu Wen Delayed commitment scheme to prevent attacks based on compromised certificates
JP2002007345A (ja) * 2000-06-16 2002-01-11 Osaka Gas Co Ltd ユーザ認証方法
US7134137B2 (en) * 2000-07-10 2006-11-07 Oracle International Corporation Providing data to applications from an access system
WO2002039237A2 (en) 2000-11-09 2002-05-16 International Business Machines Corporation Method and system for web-based cross-domain single-sign-on authentication
WO2002091662A1 (en) 2001-05-01 2002-11-14 Vasco Data Security, Inc. Use and generation of a session key in a secure socket layer connection
US6920556B2 (en) 2001-07-20 2005-07-19 International Business Machines Corporation Methods, systems and computer program products for multi-packet message authentication for secured SSL-based communication sessions
GB2378010A (en) 2001-07-27 2003-01-29 Hewlett Packard Co Mulit-Domain authorisation and authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1351789A (zh) * 1999-05-21 2002-05-29 国际商业机器公司 初始化无线设备间安全通信和对其专用配对的方法和装置
CN1303049A (zh) * 2000-01-06 2001-07-11 国际商业机器公司 生成与使用无病毒文件证书的方法与系统
CN1350382A (zh) * 2001-11-29 2002-05-22 东南大学 基于pki的vpn密钥交换的实现方法

Also Published As

Publication number Publication date
ATE446638T1 (de) 2009-11-15
DE602004023728D1 (de) 2009-12-03
EP1661362B1 (en) 2009-10-21
US20050015594A1 (en) 2005-01-20
JP2009514262A (ja) 2009-04-02
CN1823513A (zh) 2006-08-23
CA2528486A1 (en) 2005-02-17
KR100946110B1 (ko) 2010-03-10
KR20060032625A (ko) 2006-04-17
CA2528486C (en) 2012-07-24
JP4886508B2 (ja) 2012-02-29
US7395424B2 (en) 2008-07-01
EP1661362A1 (en) 2006-05-31
WO2005015872A1 (en) 2005-02-17

Similar Documents

Publication Publication Date Title
CN100534092C (zh) 用于执行认证操作的方法及其装置
AU2021206913B2 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
US7496755B2 (en) Method and system for a single-sign-on operation providing grid access and network access
CN101331735B (zh) 用于扩展验证方法的方法和系统
US8185938B2 (en) Method and system for network single-sign-on using a public key certificate and an associated attribute certificate
CN1653781B (zh) 用于在联合环境中进行用户确定的身份验证的方法和系统
CN1885771B (zh) 用于建立安全通信会话的方法与装置
US7356690B2 (en) Method and system for managing a distributed trust path locator for public key certificates relating to the trust path of an X.509 attribute certificate
US20020144109A1 (en) Method and system for facilitating public key credentials acquisition
JPH1141230A (ja) ユーザ認証方法及びユーザ認証システム
CN101341492B (zh) 提供和接收身份相关的信息的方法和系统
WO2007026228A2 (en) Secure delegation of trust
US20030163694A1 (en) Method and system to deliver authentication authority web services using non-reusable and non-reversible one-time identity codes
WO2021107755A1 (en) A system and method for digital identity data change between proof of possession to proof of identity
JP2012181662A (ja) アカウント情報連携システム
JP4730518B2 (ja) 通信管理装置、通信システム及び通信管理方法

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20090826