CN102812665B - 用于实现跨多个web服务的认证的可插入令牌提供商模型 - Google Patents

用于实现跨多个web服务的认证的可插入令牌提供商模型 Download PDF

Info

Publication number
CN102812665B
CN102812665B CN201180014279.3A CN201180014279A CN102812665B CN 102812665 B CN102812665 B CN 102812665B CN 201180014279 A CN201180014279 A CN 201180014279A CN 102812665 B CN102812665 B CN 102812665B
Authority
CN
China
Prior art keywords
web service
metadata
component
credential
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201180014279.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN102812665A (zh
Inventor
R·纳拉亚南
梁睿
S·斯里尼瓦桑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN102812665A publication Critical patent/CN102812665A/zh
Application granted granted Critical
Publication of CN102812665B publication Critical patent/CN102812665B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
CN201180014279.3A 2010-03-18 2011-03-15 用于实现跨多个web服务的认证的可插入令牌提供商模型 Active CN102812665B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/726,779 US8572710B2 (en) 2010-03-18 2010-03-18 Pluggable token provider model to implement authentication across multiple web services
US12/726,779 2010-03-18
PCT/US2011/028509 WO2011115984A2 (en) 2010-03-18 2011-03-15 Pluggable token provider model to implement authentication across multiple web services

Publications (2)

Publication Number Publication Date
CN102812665A CN102812665A (zh) 2012-12-05
CN102812665B true CN102812665B (zh) 2015-07-08

Family

ID=44648292

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201180014279.3A Active CN102812665B (zh) 2010-03-18 2011-03-15 用于实现跨多个web服务的认证的可插入令牌提供商模型

Country Status (5)

Country Link
US (1) US8572710B2 (enExample)
EP (1) EP2548333A4 (enExample)
JP (1) JP5714690B2 (enExample)
CN (1) CN102812665B (enExample)
WO (1) WO2011115984A2 (enExample)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8973108B1 (en) * 2011-05-31 2015-03-03 Amazon Technologies, Inc. Use of metadata for computing resource access
US8719919B2 (en) 2011-07-12 2014-05-06 Bank Of America Corporation Service mediation framework
US9369307B2 (en) 2011-07-12 2016-06-14 Bank Of America Corporation Optimized service integration
US9015320B2 (en) 2011-07-12 2015-04-21 Bank Of America Corporation Dynamic provisioning of service requests
US9635028B2 (en) * 2011-08-31 2017-04-25 Facebook, Inc. Proxy authentication
US9965614B2 (en) * 2011-09-29 2018-05-08 Oracle International Corporation Mobile application, resource management advice
JP6066586B2 (ja) * 2012-05-22 2017-01-25 キヤノン株式会社 情報処理システム、その制御方法、およびそのプログラム。
WO2014011376A1 (en) * 2012-07-12 2014-01-16 Bank Of America Corporation Optimized service integration
US9954843B2 (en) * 2013-02-28 2018-04-24 Microsoft Technology Licensing, Llc Web ticket based upon a symmetric key usable for user authentication
US20140280494A1 (en) * 2013-03-14 2014-09-18 Microsoft Corporation Relay Service for Different Web Service Architectures
US9158932B2 (en) 2013-05-08 2015-10-13 Sap Se Modeled authorization check implemented with UI framework
US9112851B2 (en) 2013-06-18 2015-08-18 Sap Se Integrating web protocols with applications and services
US9253212B2 (en) * 2013-09-24 2016-02-02 Microsoft Technology Licensing, Llc Automated production of certification controls by translating framework controls
US9313208B1 (en) * 2014-03-19 2016-04-12 Amazon Technologies, Inc. Managing restricted access resources
CN103905201B (zh) * 2014-03-28 2017-02-15 北界无限(北京)软件有限公司 主应用与多个从属应用的交互方法及装置
EP3149889B1 (en) * 2014-06-02 2021-03-31 Datex Inc. Tokenizing network appliance and method
CN104601328A (zh) * 2014-12-18 2015-05-06 中电科华云信息技术有限公司 组件安全调用系统及调用方法
US9888034B2 (en) * 2014-12-24 2018-02-06 Oracle International Corporation Pluggable API firewall filter
CN105847220A (zh) * 2015-01-14 2016-08-10 北京神州泰岳软件股份有限公司 一种认证方法、系统和服务平台
EP3311321B1 (en) * 2015-06-17 2021-08-04 Telefonaktiebolaget LM Ericsson (PUBL) Method for enabling a secure provisioning of a credential, and related wireless devices and servers
CN105791259B (zh) * 2015-10-26 2018-11-16 北京中金国盛认证有限公司 一种个人信息保护的方法
CN106570399B (zh) * 2016-09-30 2019-07-12 西北大学 一种跨App组件间隐私泄露的检测方法
CN107370668B (zh) * 2017-08-25 2020-04-28 北京百度网讯科技有限公司 智能设备远程控制的方法、装置和系统
US11063762B1 (en) * 2018-02-22 2021-07-13 Allscripts Software, Llc Computing system for inter-application communication
US11568039B2 (en) * 2018-06-03 2023-01-31 Apple Inc. Credential manager integration
CN109117609B (zh) * 2018-08-31 2021-01-29 中国农业银行股份有限公司 一种请求拦截方法及装置
US11240030B2 (en) * 2018-12-27 2022-02-01 Paypal, Inc. Token management layer for automating authentication during communication channel interactions
US11676011B2 (en) * 2019-10-24 2023-06-13 International Business Machines Corporation Private transfer learning
US12315620B2 (en) * 2019-11-27 2025-05-27 GE Precision Healthcare LLC Enhanced enterprise image reading with search and direct streaming
US12149516B2 (en) * 2020-06-02 2024-11-19 Flex Integration, LLC System and methods for tokenized hierarchical secured asset distribution
US11770377B1 (en) * 2020-06-29 2023-09-26 Cyral Inc. Non-in line data monitoring and security services
CA3177396A1 (en) * 2020-06-29 2022-01-06 Prabhu PALANISAMY Temporary cloud provider credentials via secure discovery framework
US11303647B1 (en) 2021-04-22 2022-04-12 Netskope, Inc. Synthetic request injection to disambiguate bypassed login events for cloud policy enforcement
US11184403B1 (en) 2021-04-23 2021-11-23 Netskope, Inc. Synthetic request injection to generate metadata at points of presence for cloud security enforcement
US11336698B1 (en) * 2021-04-22 2022-05-17 Netskope, Inc. Synthetic request injection for cloud policy enforcement
US11178188B1 (en) 2021-04-22 2021-11-16 Netskope, Inc. Synthetic request injection to generate metadata for cloud policy enforcement
US11647052B2 (en) 2021-04-22 2023-05-09 Netskope, Inc. Synthetic request injection to retrieve expired metadata for cloud policy enforcement
US11190550B1 (en) 2021-04-22 2021-11-30 Netskope, Inc. Synthetic request injection to improve object security posture for cloud security enforcement
US11271972B1 (en) 2021-04-23 2022-03-08 Netskope, Inc. Data flow logic for synthetic request injection for cloud security enforcement
US11271973B1 (en) 2021-04-23 2022-03-08 Netskope, Inc. Synthetic request injection to retrieve object metadata for cloud policy enforcement
US11943260B2 (en) 2022-02-02 2024-03-26 Netskope, Inc. Synthetic request injection to retrieve metadata for cloud policy enforcement

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060005234A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method and apparatus for handling custom token propagation without Java serialization
US20080301784A1 (en) * 2007-05-31 2008-12-04 Microsoft Corporation Native Use Of Web Service Protocols And Claims In Server Authentication

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006264A (en) * 1997-08-01 1999-12-21 Arrowpoint Communications, Inc. Method and system for directing a flow between a client and a server
AU2002234258A1 (en) * 2001-01-22 2002-07-30 Sun Microsystems, Inc. Peer-to-peer network computing platform
US7987501B2 (en) * 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7222148B2 (en) * 2002-05-02 2007-05-22 Bea Systems, Inc. System and method for providing highly available processing of asynchronous service requests
US20040059590A1 (en) * 2002-09-13 2004-03-25 Dwayne Mercredi Credential promotion
US8346929B1 (en) * 2003-08-18 2013-01-01 Oracle America, Inc. System and method for generating secure Web service architectures using a Web Services security assessment methodology
US8112103B2 (en) * 2004-01-16 2012-02-07 Kuang-Chao Eric Yeh Methods and systems for mobile device messaging
US20050268326A1 (en) * 2004-05-04 2005-12-01 Microsoft Corporation Checking the security of web services configurations
US7788716B2 (en) * 2004-05-21 2010-08-31 Bea Systems, Inc. Token handler API
US7603555B2 (en) * 2004-12-07 2009-10-13 Microsoft Corporation Providing tokens to access extranet resources
US7562382B2 (en) * 2004-12-16 2009-07-14 International Business Machines Corporation Specializing support for a federation relationship
US20070174429A1 (en) * 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
EP1895440A1 (en) 2006-09-01 2008-03-05 Nokia Siemens Networks Gmbh & Co. Kg Token-based service access
US20080086766A1 (en) * 2006-10-06 2008-04-10 Microsoft Corporation Client-based pseudonyms
US8347403B2 (en) * 2006-12-19 2013-01-01 Canon Kabushiki Kaisha Single point authentication for web service policy definition
WO2008085204A2 (en) * 2006-12-29 2008-07-17 Prodea Systems, Inc. Demarcation between application service provider and user in multi-services gateway device at user premises
US8656472B2 (en) * 2007-04-20 2014-02-18 Microsoft Corporation Request-specific authentication for accessing web service resources
US20080263644A1 (en) * 2007-04-23 2008-10-23 Doron Grinstein Federated authorization for distributed computing
US20090057396A1 (en) * 2007-08-27 2009-03-05 Eric Barbour Method and system for multiple account, token-based single transactions
US20090099860A1 (en) * 2007-10-15 2009-04-16 Sap Ag Composite Application Using Security Annotations
JP5018536B2 (ja) * 2008-02-15 2012-09-05 日本電気株式会社 情報サービス検索システム、巡回収集方法、及び情報サービス巡回収集プログラム
US8296828B2 (en) * 2008-12-16 2012-10-23 Microsoft Corporation Transforming claim based identities to credential based identities

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060005234A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method and apparatus for handling custom token propagation without Java serialization
US20080301784A1 (en) * 2007-05-31 2008-12-04 Microsoft Corporation Native Use Of Web Service Protocols And Claims In Server Authentication

Also Published As

Publication number Publication date
WO2011115984A3 (en) 2011-12-15
WO2011115984A2 (en) 2011-09-22
CN102812665A (zh) 2012-12-05
US20110231921A1 (en) 2011-09-22
EP2548333A4 (en) 2017-04-19
JP5714690B2 (ja) 2015-05-07
JP2013522773A (ja) 2013-06-13
EP2548333A2 (en) 2013-01-23
US8572710B2 (en) 2013-10-29

Similar Documents

Publication Publication Date Title
CN102812665B (zh) 用于实现跨多个web服务的认证的可插入令牌提供商模型
US12170695B2 (en) System and method for connecting a communication to a client
US9648006B2 (en) System and method for communicating with a client application
US8695074B2 (en) Pre-authenticated calling for voice applications
US8627076B2 (en) System and method for facilitating communications based on trusted relationships
CN104350719B (zh) 联合数据服务装置和方法
US9247008B2 (en) Unified web service discovery
US10263855B2 (en) Authenticating connections and program identity in a messaging system
US8978100B2 (en) Policy-based authentication
CN102308548A (zh) 在发布和定制引擎中引入加密、认证和授权
EP3020179B1 (en) Distributed programmable connection method to establish peer-to-peer multimedia interactions
US12284284B2 (en) System and method of authenticating devices for secure data exchange
US9979722B2 (en) Method and apparatus for processing a RTCWEB authentication
JP2015505626A (ja) サーバー・アプリケーションと多数の認証プロバイダーとの統合
KR20150038459A (ko) 다이렉트 전자 메일
WO2021082945A1 (zh) 一种远程管理方法、系统、终端设备及服务器
US9836311B2 (en) System and method for management of reboot parameters

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150729

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150729

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.