JP4955679B2 - プロトコルのためのユーザ・マッピング情報拡張子 - Google Patents
プロトコルのためのユーザ・マッピング情報拡張子 Download PDFInfo
- Publication number
- JP4955679B2 JP4955679B2 JP2008521601A JP2008521601A JP4955679B2 JP 4955679 B2 JP4955679 B2 JP 4955679B2 JP 2008521601 A JP2008521601 A JP 2008521601A JP 2008521601 A JP2008521601 A JP 2008521601A JP 4955679 B2 JP4955679 B2 JP 4955679B2
- Authority
- JP
- Japan
- Prior art keywords
- certificate
- mapping information
- user
- mapping
- computer device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Description
BOOL fSendMappingExtension
をセットする。デフォルトにより、このフラグはセットされないので、クライアントは拡張子を送出しない。デバッグ・ログはフラグをセットする又はフラグをそのままにする判定を示す。
図4は、本発明が実施される適宜のコンピューティング・システム環境800の例を示している。コンピューティング・システム環境800は適宜のコンピュータ環境の一例にすぎず、発明の用途及び機能の範囲を限定するものではない。コンピュータ環境800を、例示の動作環境800に示す任意の1つの構成要素又は構成要素の組み合わせに関係する依存性又は要件を持つものと解釈してはならない。
Claims (12)
- 第1のコンピュータ装置を第2のコンピュータ装置に対して認証する認証方法であって、
前記第1のコンピュータ装置から前記第2のコンピュータ装置へ、前記第1のコンピュータ装置を前記第2のコンピュータ装置に対して識別する証明書を送出するステップと、
前記第2のコンピュータ装置が、認証サーバにおいて前記証明書を前記第1のコンピュータ装置のアカウントにマッピングすることを少なくとも試みるステップと、
前記証明書を送出するステップとは別に、前記第1のコンピュータ装置から前記第2のコンピュータ装置へマッピング拡張子インジケータを送出するステップであって、前記第2のコンピュータ装置が前記認証サーバにおいて前記第1のコンピュータ装置のアカウントを見出すのを助けるマッピング情報を前記第1のコンピュータ装置が前記第2のコンピュータ装置へ送出することができることを前記マッピング拡張子インジケータにより特定するステップと、
受信した前記マッピング拡張子インジケータに応じて、前記証明書とは別に前記第2のコンピュータ装置が前記マッピング情報を受け入れることができることを前記第2のコンピュータ装置から前記第1のコンピュータ装置へ知らせるステップと、
前記証明書を送出するステップとは別に、前記マッピング情報を前記第1のコンピュータ装置から前記第2のコンピュータ装置へ送出するステップと、
送出された前記マッピング情報に基づいて、前記認証サーバにおける前記第1のコンピュータ装置のアカウントを前記第2のコンピュータ装置により見つけるステップと、
を備える方法。 - 前記認証サーバがドメイン・コントローラを備える、請求項1に記載の方法。
- 前記アカウント又は前記認証サーバを見つけた後にアプリケーション・データを導出し、前記アプリケーション・データを検証するステップを更に備える、請求項1に記載の方法。
- 前記第1のコンピュータ装置から前記第2のコンピュータ装置へ前記証明書を送出するステップを更に備える、請求項1に記載の方法。
- 前記マッピング情報と前記証明書とに基づいてユーザをアカウントへマッピングするステップを更に備える、請求項4に記載の方法。
- 前記マッピング情報を用いて前記証明書をユーザ・アカウントへマッピングするステップを更に備える、請求項4に記載の方法。
- 前記第2のコンピュータ装置が前記マッピング情報をサポートするかどうかを決定するステップと、サポートする場合に、前記第2のコンピュータ装置が前記マッピング情報を受け入れることができることを知らせるステップと、前記マッピング情報を前記第2のコンピュータ装置へ送出するステップとを更に備える、請求項1に記載の方法。
- 前記マッピング情報がドメイン名ヒント又はユーザ名ヒントを備える、請求項1に記載の方法。
- 前記マッピング情報がプロトコル拡張子メカニズムの形式である、請求項9に記載の方法。
- 前記マッピング情報及び前記証明書に基づいてユーザを認証するステップを更に備える、請求項1に記載の方法。
- 前記マッピング情報を前記第2のコンピュータ装置へ送出する前に、前記第2のコンピュータ装置が前記マッピング情報をサポートするかどうかを決定するステップを更に備える、請求項1に記載の方法。
- 前記第1のコンピュータ装置に対して、前記第2のコンピュータ装置が前記マッピング情報を受け入れることができることを知らせるステップを更に備える、請求項11に記載の方法。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/181,525 US7434253B2 (en) | 2005-07-14 | 2005-07-14 | User mapping information extension for protocols |
US11/181,525 | 2005-07-14 | ||
PCT/US2006/027182 WO2007011637A2 (en) | 2005-07-14 | 2006-07-12 | User mapping information extension for protocols |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2009501973A JP2009501973A (ja) | 2009-01-22 |
JP2009501973A5 JP2009501973A5 (ja) | 2009-08-27 |
JP4955679B2 true JP4955679B2 (ja) | 2012-06-20 |
Family
ID=37662964
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2008521601A Expired - Fee Related JP4955679B2 (ja) | 2005-07-14 | 2006-07-12 | プロトコルのためのユーザ・マッピング情報拡張子 |
Country Status (7)
Country | Link |
---|---|
US (1) | US7434253B2 (ja) |
EP (1) | EP1902539B1 (ja) |
JP (1) | JP4955679B2 (ja) |
KR (1) | KR101247007B1 (ja) |
CN (1) | CN101218779B (ja) |
RU (1) | RU2411668C2 (ja) |
WO (1) | WO2007011637A2 (ja) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060294366A1 (en) * | 2005-06-23 | 2006-12-28 | International Business Machines Corp. | Method and system for establishing a secure connection based on an attribute certificate having user credentials |
US8701168B2 (en) * | 2005-11-21 | 2014-04-15 | Oracle International Corporation | Method and apparatus for associating a digital certificate with an enterprise profile |
US7958102B1 (en) * | 2007-03-28 | 2011-06-07 | Symantec Corporation | Method and apparatus for searching a storage system for confidential data |
US7877602B2 (en) * | 2007-07-27 | 2011-01-25 | International Business Machines Corporation | Transparent aware data transformation at file system level for efficient encryption and integrity validation of network files |
US8621561B2 (en) * | 2008-01-04 | 2013-12-31 | Microsoft Corporation | Selective authorization based on authentication input attributes |
US8341433B2 (en) * | 2008-01-04 | 2012-12-25 | Dell Products L.P. | Method and system for managing the power consumption of an information handling system |
CA2712242C (en) * | 2008-01-18 | 2017-03-28 | Identrust, Inc. | Binding a digital certificate to multiple trust domains |
US8412932B2 (en) * | 2008-02-28 | 2013-04-02 | Red Hat, Inc. | Collecting account access statistics from information provided by presence of client certificates |
US8713177B2 (en) * | 2008-05-30 | 2014-04-29 | Red Hat, Inc. | Remote management of networked systems using secure modular platform |
US10146926B2 (en) * | 2008-07-18 | 2018-12-04 | Microsoft Technology Licensing, Llc | Differentiated authentication for compartmentalized computing resources |
US9100297B2 (en) | 2008-08-20 | 2015-08-04 | Red Hat, Inc. | Registering new machines in a software provisioning environment |
US8032930B2 (en) | 2008-10-17 | 2011-10-04 | Intuit Inc. | Segregating anonymous access to dynamic content on a web server, with cached logons |
US8782204B2 (en) | 2008-11-28 | 2014-07-15 | Red Hat, Inc. | Monitoring hardware resources in a software provisioning environment |
US8544083B2 (en) * | 2009-02-19 | 2013-09-24 | Microsoft Corporation | Identification security elevation |
US9313105B2 (en) * | 2009-02-27 | 2016-04-12 | Red Hat, Inc. | Network management using secure mesh command and control framework |
US9558195B2 (en) | 2009-02-27 | 2017-01-31 | Red Hat, Inc. | Depopulation of user data from network |
US9134987B2 (en) | 2009-05-29 | 2015-09-15 | Red Hat, Inc. | Retiring target machines by a provisioning server |
US9270471B2 (en) | 2011-08-10 | 2016-02-23 | Microsoft Technology Licensing, Llc | Client-client-server authentication |
US20150149651A1 (en) * | 2012-05-10 | 2015-05-28 | Telefonaktiebolaget L M Ericsson (Publ) | System, method and computer program product for protocol adaptation |
US10659366B1 (en) | 2015-11-04 | 2020-05-19 | Amazon Technologies, Inc. | Load balancer metadata forwarding on secure connections |
CN109547400A (zh) | 2017-09-22 | 2019-03-29 | 三星电子株式会社 | 通信方法、完整性验证方法和客户端的服务器注册方法 |
CN113596795B (zh) * | 2021-07-22 | 2023-08-15 | 中移(杭州)信息技术有限公司 | 设备绑定方法、装置及计算机可读存储介质 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5712914A (en) * | 1995-09-29 | 1998-01-27 | Intel Corporation | Digital certificates containing multimedia data extensions |
US6615347B1 (en) * | 1998-06-30 | 2003-09-02 | Verisign, Inc. | Digital certificate cross-referencing |
EP2043375B1 (en) * | 1999-05-17 | 2011-10-26 | Telefonaktiebolaget LM Ericsson (publ) | Capability negotiation in a telecommunications network |
US6754829B1 (en) * | 1999-12-14 | 2004-06-22 | Intel Corporation | Certificate-based authentication system for heterogeneous environments |
JP4689788B2 (ja) * | 2000-03-02 | 2011-05-25 | 株式会社アニモ | 電子認証システム、電子認証方法及び記録媒体 |
US6854056B1 (en) * | 2000-09-21 | 2005-02-08 | International Business Machines Corporation | Method and system for coupling an X.509 digital certificate with a host identity |
US7139911B2 (en) * | 2001-02-28 | 2006-11-21 | International Business Machines Corporation | Password exposure elimination for digital signature coupling with a host identity |
US6871279B2 (en) * | 2001-03-20 | 2005-03-22 | Networks Associates Technology, Inc. | Method and apparatus for securely and dynamically managing user roles in a distributed system |
US7143285B2 (en) * | 2001-05-22 | 2006-11-28 | International Business Machines Corporation | Password exposure elimination for digital signature coupling with a host identity |
FR2825209A1 (fr) * | 2001-05-23 | 2002-11-29 | Thomson Licensing Sa | Dispositifs et procede de securisation et d'identification de messages |
JP3724564B2 (ja) * | 2001-05-30 | 2005-12-07 | 日本電気株式会社 | 認証システム及び認証方法並びに認証用プログラム |
JP2003085321A (ja) * | 2001-09-11 | 2003-03-20 | Sony Corp | コンテンツ利用権限管理システム、コンテンツ利用権限管理方法、および情報処理装置、並びにコンピュータ・プログラム |
JP2003233586A (ja) * | 2002-02-13 | 2003-08-22 | Advanced Telecommunication Research Institute International | 制御サーバ、サービス機能へのアクセス制御をコンピュータに実行させるためのプログラム、サービス機能の取得をコンピュータに実行させるためのプログラム、およびプログラムを記録したコンピュータ読取り可能な記録媒体 |
US20040098615A1 (en) * | 2002-11-16 | 2004-05-20 | Mowers David R. | Mapping from a single sign-in service to a directory service |
CN1477552A (zh) * | 2003-06-12 | 2004-02-25 | 上海格尔软件股份有限公司 | 数字证书认证系统中实体证书跨应用互通方法 |
US20050257045A1 (en) * | 2004-04-12 | 2005-11-17 | Bushman M B | Secure messaging system |
US20060095767A1 (en) * | 2004-11-04 | 2006-05-04 | Nokia Corporation | Method for negotiating multiple security associations in advance for usage in future secure communication |
-
2005
- 2005-07-14 US US11/181,525 patent/US7434253B2/en active Active
-
2006
- 2006-07-12 RU RU2008101461/09A patent/RU2411668C2/ru active
- 2006-07-12 EP EP06800057.9A patent/EP1902539B1/en active Active
- 2006-07-12 KR KR1020087001065A patent/KR101247007B1/ko active IP Right Grant
- 2006-07-12 WO PCT/US2006/027182 patent/WO2007011637A2/en active Application Filing
- 2006-07-12 CN CN200680025299XA patent/CN101218779B/zh active Active
- 2006-07-12 JP JP2008521601A patent/JP4955679B2/ja not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN101218779B (zh) | 2011-09-07 |
RU2008101461A (ru) | 2009-07-20 |
US7434253B2 (en) | 2008-10-07 |
EP1902539B1 (en) | 2018-01-24 |
EP1902539A2 (en) | 2008-03-26 |
WO2007011637A3 (en) | 2007-07-12 |
RU2411668C2 (ru) | 2011-02-10 |
WO2007011637A2 (en) | 2007-01-25 |
EP1902539A4 (en) | 2016-11-23 |
CN101218779A (zh) | 2008-07-09 |
KR20080023737A (ko) | 2008-03-14 |
KR101247007B1 (ko) | 2013-03-25 |
JP2009501973A (ja) | 2009-01-22 |
US20070016782A1 (en) | 2007-01-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4955679B2 (ja) | プロトコルのためのユーザ・マッピング情報拡張子 | |
EP1872502B1 (en) | Peer-to-peer authentication and authorization | |
US9565180B2 (en) | Exchange of digital certificates in a client-proxy-server network configuration | |
JP4600851B2 (ja) | コンピュータシステム間でメッセージを通信するための安全なコンテキストの確立 | |
US7496755B2 (en) | Method and system for a single-sign-on operation providing grid access and network access | |
US8578167B2 (en) | System, apparatus, method, and program product for authenticating communication partner using electronic certificate containing personal information | |
EP1498800B1 (en) | Security link management in dynamic networks | |
US8340283B2 (en) | Method and system for a PKI-based delegation process | |
US8220032B2 (en) | Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith | |
US9065823B2 (en) | System and method for using a portable security device to cryptograhically sign a document in response to signature requests from a relying party to a digital signature service | |
US20060294366A1 (en) | Method and system for establishing a secure connection based on an attribute certificate having user credentials | |
US20050154886A1 (en) | Declarative trust model between reverse proxy server and websphere application server | |
US7246238B2 (en) | System and method for providing integration via a dial-up interface | |
CA2436385C (en) | A system and method for providing integration via a dial-up interface | |
Berbecaru et al. | Efficient Attribute Management in a Federated Identity Management Infrastructure | |
US9378349B2 (en) | Enabling secure transactions between spoken web sites | |
Carrel et al. | Operations T. Dahm Internet-Draft A. Ota Intended status: Standards Track Google Inc Expires: December 14, 2015 D. Medway Gash Cisco Systems, Inc. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20090707 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20090707 |
|
RD04 | Notification of resignation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7424 Effective date: 20110908 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20120125 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20120215 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20120315 |
|
R150 | Certificate of patent or registration of utility model |
Free format text: JAPANESE INTERMEDIATE CODE: R150 Ref document number: 4955679 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20150323 Year of fee payment: 3 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |