CN113811873B - 安全凭证的分配 - Google Patents

安全凭证的分配 Download PDF

Info

Publication number
CN113811873B
CN113811873B CN202080035161.8A CN202080035161A CN113811873B CN 113811873 B CN113811873 B CN 113811873B CN 202080035161 A CN202080035161 A CN 202080035161A CN 113811873 B CN113811873 B CN 113811873B
Authority
CN
China
Prior art keywords
computer
digital identity
application process
identity token
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202080035161.8A
Other languages
English (en)
Chinese (zh)
Other versions
CN113811873A (zh
Inventor
M·萨巴斯
J·J·B·卢姆
M·斯坦德
D·皮特纳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN113811873A publication Critical patent/CN113811873A/zh
Application granted granted Critical
Publication of CN113811873B publication Critical patent/CN113811873B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
CN202080035161.8A 2019-06-27 2020-06-24 安全凭证的分配 Active CN113811873B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/455,168 2019-06-27
US16/455,168 US11652631B2 (en) 2019-06-27 2019-06-27 Distribution of security credentials
PCT/IB2020/055961 WO2020261134A1 (en) 2019-06-27 2020-06-24 Distribution of security credentials

Publications (2)

Publication Number Publication Date
CN113811873A CN113811873A (zh) 2021-12-17
CN113811873B true CN113811873B (zh) 2025-03-14

Family

ID=74043344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080035161.8A Active CN113811873B (zh) 2019-06-27 2020-06-24 安全凭证的分配

Country Status (6)

Country Link
US (1) US11652631B2 (enExample)
JP (1) JP7549418B2 (enExample)
CN (1) CN113811873B (enExample)
DE (1) DE112020002343B4 (enExample)
GB (1) GB2599331B (enExample)
WO (1) WO2020261134A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11689537B2 (en) * 2020-10-21 2023-06-27 Okta, Inc. Providing flexible service access using identity provider
US11822672B1 (en) * 2021-02-04 2023-11-21 Cisco Technology, Inc. Systems and methods for scanning images for vulnerabilities
US11528140B2 (en) 2021-02-09 2022-12-13 International Business Machines Corporation Compromised access token invalidation in a singleton process
US11989282B2 (en) * 2021-09-10 2024-05-21 International Business Machines Corporation Open-source container data management
US12141263B2 (en) * 2022-06-06 2024-11-12 Dell Products, L.P. Workspace root-of-trust
GB2628571A (en) 2023-03-29 2024-10-02 Ibm Enabling a securing of cryptographic operations
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager

Family Cites Families (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7275155B1 (en) 2000-09-01 2007-09-25 Northrop Grumman Corporation Chain of trust processing
US7827602B2 (en) 2003-06-30 2010-11-02 At&T Intellectual Property I, L.P. Network firewall host application identification and authentication
JP4559868B2 (ja) 2005-01-24 2010-10-13 日本放送協会 セキュリティモジュール、コンテンツ受信装置、契約情報生成装置及び契約情報検証装置、並びに、契約情報検証方法
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
JP4885683B2 (ja) 2006-10-24 2012-02-29 三菱電機株式会社 認証装置、認証装置の認証方法および認証装置の認証プログラム
US8402519B2 (en) 2008-10-16 2013-03-19 Verisign, Inc. Transparent client authentication
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
KR101702618B1 (ko) 2010-07-09 2017-02-03 삼성전자주식회사 어플리케이션 관련 관리 객체를 제공하는 장치 및 방법
US8769655B2 (en) 2010-12-30 2014-07-01 Verisign, Inc. Shared registration multi-factor authentication tokens
US8839363B2 (en) * 2011-04-18 2014-09-16 Bank Of America Corporation Trusted hardware for attesting to authenticity in a cloud environment
DE102011077218B4 (de) 2011-06-08 2023-12-14 Servicenow, Inc. Zugriff auf in einer Cloud gespeicherte Daten
US8850515B2 (en) * 2011-08-15 2014-09-30 Bank Of America Corporation Method and apparatus for subject recognition session validation
JP6044299B2 (ja) 2012-11-26 2016-12-14 富士通株式会社 データ参照システムおよびアプリケーション認証方法
EP3047626B1 (en) 2013-09-20 2017-10-25 Oracle International Corporation Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
US20150281225A1 (en) 2014-03-27 2015-10-01 Microsoft Corporation Techniques to operate a service with machine generated authentication tokens
JP2015201030A (ja) 2014-04-08 2015-11-12 富士通株式会社 端末装置、情報管理サーバ、端末プログラム、情報管理プログラム、及びシステム
CA2945199A1 (en) 2014-05-07 2015-11-12 Visa International Service Association Enhanced data interface for contactless communications
KR101605967B1 (ko) 2014-10-08 2016-03-24 한국과학기술원 어플리케이션 특성을 반영하여 트랜잭션을 관리하는 서비스 방법 및 시스템
US9692699B2 (en) 2014-10-30 2017-06-27 Intel Corporation Apparatus, system and method of protecting a service identifier
US10469477B2 (en) 2015-03-31 2019-11-05 Amazon Technologies, Inc. Key export techniques
US10263898B2 (en) * 2016-07-20 2019-04-16 Cisco Technology, Inc. System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
US10375073B2 (en) 2016-08-29 2019-08-06 International Business Machines Corporation Configuration based client for OAuth authorization with arbitrary services and applications
US10348718B2 (en) * 2016-09-14 2019-07-09 Oracle International Corporation Sharing credentials and other secret data in collaborative environment in a secure manner
US20180101850A1 (en) 2016-10-12 2018-04-12 Microsoft Technology Licensing, Llc User and device authentication for web applications
JP2018081643A (ja) 2016-11-18 2018-05-24 キヤノン株式会社 認可サーバーおよびその制御方法、プログラム、並びに権限委譲システム
CN106452764B (zh) 2016-12-02 2020-02-18 武汉理工大学 一种标识私钥自动更新的方法及密码系统
US10673981B2 (en) * 2017-06-09 2020-06-02 Nutanix, Inc. Workload rebalancing in heterogeneous resource environments
US20180367528A1 (en) * 2017-06-12 2018-12-20 Cyberark Software Ltd. Seamless Provision of Authentication Credential Data to Cloud-Based Assets on Demand
US11019073B2 (en) * 2017-07-23 2021-05-25 AtScale, Inc. Application-agnostic resource access control
US11943368B2 (en) 2017-11-03 2024-03-26 Microsoft Technology Licensing, Llc Provisioning trusted execution environment based on chain of trust including platform
US10554525B2 (en) 2017-11-28 2020-02-04 International Business Machines Corporation Tracking usage of computing resources
US11438168B2 (en) * 2018-04-05 2022-09-06 T-Mobile Usa, Inc. Authentication token request with referred application instance public key
US10673840B2 (en) * 2018-05-10 2020-06-02 Jayant Shukla Cloud-based identity management and authentication system for containers and applications
US11379263B2 (en) * 2018-08-13 2022-07-05 Ares Technologies, Inc. Systems, devices, and methods for selecting a distributed framework
US10785122B2 (en) * 2018-10-05 2020-09-22 Cisco Technology, Inc. Canary release validation mechanisms for a containerized application or service mesh
US11425111B2 (en) * 2018-11-14 2022-08-23 Intel Corporation Attestation token sharing in edge computing environments
US11128482B2 (en) * 2019-04-19 2021-09-21 Microsoft Technology Licensing, Llc Metering cloud workloads at edge computing devices
US11575563B2 (en) * 2019-05-31 2023-02-07 Varmour Networks, Inc. Cloud security management
US11310284B2 (en) * 2019-05-31 2022-04-19 Varmour Networks, Inc. Validation of cloud security policies
US11290493B2 (en) * 2019-05-31 2022-03-29 Varmour Networks, Inc. Template-driven intent-based security

Also Published As

Publication number Publication date
US20200412540A1 (en) 2020-12-31
US11652631B2 (en) 2023-05-16
DE112020002343B4 (de) 2024-12-19
CN113811873A (zh) 2021-12-17
GB2599331B (en) 2022-11-23
GB2599331A (en) 2022-03-30
DE112020002343T5 (de) 2022-01-27
JP7549418B2 (ja) 2024-09-11
WO2020261134A1 (en) 2020-12-30
JP2022539055A (ja) 2022-09-07

Similar Documents

Publication Publication Date Title
CN113811873B (zh) 安全凭证的分配
US11750609B2 (en) Dynamic computing resource access authorization
US10833859B2 (en) Automating verification using secure encrypted phone verification
US8769622B2 (en) Authentication and authorization methods for cloud computing security
US9560080B2 (en) Extending organizational boundaries throughout a cloud architecture
US11082413B2 (en) Secure network connections
US12107961B2 (en) Connection resilient multi-factor authentication
US20200296089A1 (en) Validating containers on a microservice framework
US10542048B2 (en) Security compliance framework usage
JP7762473B2 (ja) 複数の非集中ポリシにおいて機密性を維持すること(複数の非集中ポリシにおいてメタデータの機密性を維持する方法、システム及びコンピュータプログラム)
Lomotey et al. Saas authentication middleware for mobile consumers of iaas cloud
JP2025505934A (ja) モノのインターネット(IoT)ネットワークにおける権限管理
Barati et al. Privacy‐aware cloud ecosystems: Architecture and performance
KR20220134572A (ko) 엔드포인트 인스턴스들 간의 안전한 개인 키 분산
US20250184320A1 (en) Consortium-based infrastructure and platform for user authentication
Dongiovanni Zero Trust Network Security Model in Containerized Environments
US11153299B2 (en) Secure data transport using trusted identities
AU2024203136B2 (en) Decentralized system for identification, authentication, data encryption, cloud and distributed cluster computing
Santangelo Cloud-native Kubernetes application to efficiently and securely stream and collect real-time data
Thakur et al. Dynamic Auditing Services for Integrity Verification of Outsourced Storages on Cloud
Mehrabi Versioning History

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant