DE112020002343B4 - Verteilung von Sicherheitsberechtigungsnachweisen - Google Patents

Verteilung von Sicherheitsberechtigungsnachweisen Download PDF

Info

Publication number
DE112020002343B4
DE112020002343B4 DE112020002343.5T DE112020002343T DE112020002343B4 DE 112020002343 B4 DE112020002343 B4 DE 112020002343B4 DE 112020002343 T DE112020002343 T DE 112020002343T DE 112020002343 B4 DE112020002343 B4 DE 112020002343B4
Authority
DE
Germany
Prior art keywords
computer
digital identity
identity token
security
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
DE112020002343.5T
Other languages
German (de)
English (en)
Other versions
DE112020002343T5 (de
Inventor
Mariusz Sabath
Jia Jun Brandon Lum
Malgorzata Steinder
Daniel Pittner
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of DE112020002343T5 publication Critical patent/DE112020002343T5/de
Application granted granted Critical
Publication of DE112020002343B4 publication Critical patent/DE112020002343B4/de
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
DE112020002343.5T 2019-06-27 2020-06-24 Verteilung von Sicherheitsberechtigungsnachweisen Active DE112020002343B4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/455,168 2019-06-27
US16/455,168 US11652631B2 (en) 2019-06-27 2019-06-27 Distribution of security credentials
PCT/IB2020/055961 WO2020261134A1 (en) 2019-06-27 2020-06-24 Distribution of security credentials

Publications (2)

Publication Number Publication Date
DE112020002343T5 DE112020002343T5 (de) 2022-01-27
DE112020002343B4 true DE112020002343B4 (de) 2024-12-19

Family

ID=74043344

Family Applications (1)

Application Number Title Priority Date Filing Date
DE112020002343.5T Active DE112020002343B4 (de) 2019-06-27 2020-06-24 Verteilung von Sicherheitsberechtigungsnachweisen

Country Status (6)

Country Link
US (1) US11652631B2 (enExample)
JP (1) JP7549418B2 (enExample)
CN (1) CN113811873B (enExample)
DE (1) DE112020002343B4 (enExample)
GB (1) GB2599331B (enExample)
WO (1) WO2020261134A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11689537B2 (en) * 2020-10-21 2023-06-27 Okta, Inc. Providing flexible service access using identity provider
US11822672B1 (en) * 2021-02-04 2023-11-21 Cisco Technology, Inc. Systems and methods for scanning images for vulnerabilities
US11528140B2 (en) 2021-02-09 2022-12-13 International Business Machines Corporation Compromised access token invalidation in a singleton process
US11989282B2 (en) * 2021-09-10 2024-05-21 International Business Machines Corporation Open-source container data management
US12141263B2 (en) * 2022-06-06 2024-11-12 Dell Products, L.P. Workspace root-of-trust
GB2628571A (en) 2023-03-29 2024-10-02 Ibm Enabling a securing of cryptographic operations
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140208409A1 (en) 2011-06-08 2014-07-24 Monika Maidl Access to data stored in a cloud

Family Cites Families (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7275155B1 (en) 2000-09-01 2007-09-25 Northrop Grumman Corporation Chain of trust processing
US7827602B2 (en) 2003-06-30 2010-11-02 At&T Intellectual Property I, L.P. Network firewall host application identification and authentication
JP4559868B2 (ja) 2005-01-24 2010-10-13 日本放送協会 セキュリティモジュール、コンテンツ受信装置、契約情報生成装置及び契約情報検証装置、並びに、契約情報検証方法
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
JP4885683B2 (ja) 2006-10-24 2012-02-29 三菱電機株式会社 認証装置、認証装置の認証方法および認証装置の認証プログラム
US8402519B2 (en) 2008-10-16 2013-03-19 Verisign, Inc. Transparent client authentication
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
KR101702618B1 (ko) 2010-07-09 2017-02-03 삼성전자주식회사 어플리케이션 관련 관리 객체를 제공하는 장치 및 방법
US8769655B2 (en) 2010-12-30 2014-07-01 Verisign, Inc. Shared registration multi-factor authentication tokens
US8839363B2 (en) * 2011-04-18 2014-09-16 Bank Of America Corporation Trusted hardware for attesting to authenticity in a cloud environment
US8850515B2 (en) * 2011-08-15 2014-09-30 Bank Of America Corporation Method and apparatus for subject recognition session validation
JP6044299B2 (ja) 2012-11-26 2016-12-14 富士通株式会社 データ参照システムおよびアプリケーション認証方法
EP3047626B1 (en) 2013-09-20 2017-10-25 Oracle International Corporation Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
US20150281225A1 (en) 2014-03-27 2015-10-01 Microsoft Corporation Techniques to operate a service with machine generated authentication tokens
JP2015201030A (ja) 2014-04-08 2015-11-12 富士通株式会社 端末装置、情報管理サーバ、端末プログラム、情報管理プログラム、及びシステム
CA2945199A1 (en) 2014-05-07 2015-11-12 Visa International Service Association Enhanced data interface for contactless communications
KR101605967B1 (ko) 2014-10-08 2016-03-24 한국과학기술원 어플리케이션 특성을 반영하여 트랜잭션을 관리하는 서비스 방법 및 시스템
US9692699B2 (en) 2014-10-30 2017-06-27 Intel Corporation Apparatus, system and method of protecting a service identifier
US10469477B2 (en) 2015-03-31 2019-11-05 Amazon Technologies, Inc. Key export techniques
US10263898B2 (en) * 2016-07-20 2019-04-16 Cisco Technology, Inc. System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
US10375073B2 (en) 2016-08-29 2019-08-06 International Business Machines Corporation Configuration based client for OAuth authorization with arbitrary services and applications
US10348718B2 (en) * 2016-09-14 2019-07-09 Oracle International Corporation Sharing credentials and other secret data in collaborative environment in a secure manner
US20180101850A1 (en) 2016-10-12 2018-04-12 Microsoft Technology Licensing, Llc User and device authentication for web applications
JP2018081643A (ja) 2016-11-18 2018-05-24 キヤノン株式会社 認可サーバーおよびその制御方法、プログラム、並びに権限委譲システム
CN106452764B (zh) 2016-12-02 2020-02-18 武汉理工大学 一种标识私钥自动更新的方法及密码系统
US10673981B2 (en) * 2017-06-09 2020-06-02 Nutanix, Inc. Workload rebalancing in heterogeneous resource environments
US20180367528A1 (en) * 2017-06-12 2018-12-20 Cyberark Software Ltd. Seamless Provision of Authentication Credential Data to Cloud-Based Assets on Demand
US11019073B2 (en) * 2017-07-23 2021-05-25 AtScale, Inc. Application-agnostic resource access control
US11943368B2 (en) 2017-11-03 2024-03-26 Microsoft Technology Licensing, Llc Provisioning trusted execution environment based on chain of trust including platform
US10554525B2 (en) 2017-11-28 2020-02-04 International Business Machines Corporation Tracking usage of computing resources
US11438168B2 (en) * 2018-04-05 2022-09-06 T-Mobile Usa, Inc. Authentication token request with referred application instance public key
US10673840B2 (en) * 2018-05-10 2020-06-02 Jayant Shukla Cloud-based identity management and authentication system for containers and applications
US11379263B2 (en) * 2018-08-13 2022-07-05 Ares Technologies, Inc. Systems, devices, and methods for selecting a distributed framework
US10785122B2 (en) * 2018-10-05 2020-09-22 Cisco Technology, Inc. Canary release validation mechanisms for a containerized application or service mesh
US11425111B2 (en) * 2018-11-14 2022-08-23 Intel Corporation Attestation token sharing in edge computing environments
US11128482B2 (en) * 2019-04-19 2021-09-21 Microsoft Technology Licensing, Llc Metering cloud workloads at edge computing devices
US11575563B2 (en) * 2019-05-31 2023-02-07 Varmour Networks, Inc. Cloud security management
US11310284B2 (en) * 2019-05-31 2022-04-19 Varmour Networks, Inc. Validation of cloud security policies
US11290493B2 (en) * 2019-05-31 2022-03-29 Varmour Networks, Inc. Template-driven intent-based security

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140208409A1 (en) 2011-06-08 2014-07-24 Monika Maidl Access to data stored in a cloud

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Hardware security module. In: Wikipedia, the free encyclopedia. Bearbeitungsstand: 04.06.2019. URL: https://en.wikipedia.org/w/index.php?title=Hardware_security_module&oldid=900229769 [abgerufen am 28.09.2023] *
https://en.wikipedia.org/w/index.php?title=Hardware security module&oldid=9002 29769
https://en.wikipedia.org/w/index.php?title=Public-key cryptography&oldid=901437054
Public-key cryptography. In: Wikipedia, the free encyclopedia. Bearbeitungsstand: 11.06.2019. URL: https://en.wikipedia.org/w/index.php?title=Public-key_cryptography&oldid=901437054 [abgerufen am 28.09.2023] *

Also Published As

Publication number Publication date
US20200412540A1 (en) 2020-12-31
US11652631B2 (en) 2023-05-16
CN113811873A (zh) 2021-12-17
GB2599331B (en) 2022-11-23
GB2599331A (en) 2022-03-30
DE112020002343T5 (de) 2022-01-27
JP7549418B2 (ja) 2024-09-11
WO2020261134A1 (en) 2020-12-30
JP2022539055A (ja) 2022-09-07
CN113811873B (zh) 2025-03-14

Similar Documents

Publication Publication Date Title
DE112020002343B4 (de) Verteilung von Sicherheitsberechtigungsnachweisen
DE112017007963B4 (de) Identitätsüberprüfung unter verwendung von biometrischen daten und nicht umkehrbaren funktionen über eine blockchain
DE112021001766B4 (de) Inhaltskontrolle durch datenaggregationsdienste dritter
DE112020005620B4 (de) Sichere föderation verteilter stochastischer gradientenabstiege
DE112021004937B4 (de) Sicheres erneutes verschlüsseln von homomorph verschlüsselten daten
DE112018004390B4 (de) Sichere zugriffsverwaltung für werkzeuge innerhalb einer sicheren umgebung
DE112021006229B4 (de) Hybride schlüsselableitung zum sichern von daten
DE112011101729B4 (de) Verwaltung von Ressourcenzugriff
DE112022000340T5 (de) Attributgestützte verschlüsselungsschlüssel als schlüsselmaterial zum authentifizieren und berechtigen von benutzern mit schlüssel-hash-nachrichtenauthentifizierungscode
DE102016100494B4 (de) Sichere Identitätsauthentifizierung in einer elektronischen Transaktion
DE112021002245T5 (de) Verhindern einer unberechtigten bereitstellung von paketen in clustern
DE112021004344B4 (de) Konsensdienst für Blockchain-Netzwerke
DE102019123253A1 (de) System und einrichtung für datenvertraulichkeit im distributed ledger
DE102021129514A1 (de) Binden von post-quanten-zertifikaten
DE102011077218B4 (de) Zugriff auf in einer Cloud gespeicherte Daten
US20160156671A1 (en) Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones
DE102015122518A1 (de) Authentifizierung von Datenkommunikationen
DE112017007510T5 (de) Blockchain für offene wissenschaftliche forschung
DE102017126706A1 (de) System von Enklaven
DE112022000963T5 (de) Verbindungsbeständige mehrfaktorauthentifizierung
DE112020005625T5 (de) Binden sicherer objekte eines sicherheitsmoduls an einen sicheren gast
DE112021006372T5 (de) Sichere bereitstellung einer datenverarbeitungsressource unter verwendung einer homomorphen verschlüsselung
DE112021000340B4 (de) Sichere private schlüsselverteilung zwischen endpunktinstanzen
DE112021002747T5 (de) Sicheres wiederherstellen von geheimen schlüsseln
DE112021005862T5 (de) Selbstprüfende blockchain

Legal Events

Date Code Title Description
R012 Request for examination validly filed
R016 Response to examination communication
R016 Response to examination communication
R018 Grant decision by examination section/examining division
R084 Declaration of willingness to licence
R020 Patent grant now final