JP5714690B2 - 複数のウェブサービスにわたって認証を実施するプラグ可能なトークンプロバイダモデル - Google Patents

複数のウェブサービスにわたって認証を実施するプラグ可能なトークンプロバイダモデル Download PDF

Info

Publication number
JP5714690B2
JP5714690B2 JP2013500154A JP2013500154A JP5714690B2 JP 5714690 B2 JP5714690 B2 JP 5714690B2 JP 2013500154 A JP2013500154 A JP 2013500154A JP 2013500154 A JP2013500154 A JP 2013500154A JP 5714690 B2 JP5714690 B2 JP 5714690B2
Authority
JP
Japan
Prior art keywords
web service
metadata
component
token
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2013500154A
Other languages
English (en)
Japanese (ja)
Other versions
JP2013522773A (ja
JP2013522773A5 (enExample
Inventor
ナラヤナン ランジス
ナラヤナン ランジス
リアン ルイ
リアン ルイ
スリニバサン スリバトサ
スリニバサン スリバトサ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of JP2013522773A publication Critical patent/JP2013522773A/ja
Publication of JP2013522773A5 publication Critical patent/JP2013522773A5/ja
Application granted granted Critical
Publication of JP5714690B2 publication Critical patent/JP5714690B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
JP2013500154A 2010-03-18 2011-03-15 複数のウェブサービスにわたって認証を実施するプラグ可能なトークンプロバイダモデル Active JP5714690B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/726,779 2010-03-18
US12/726,779 US8572710B2 (en) 2010-03-18 2010-03-18 Pluggable token provider model to implement authentication across multiple web services
PCT/US2011/028509 WO2011115984A2 (en) 2010-03-18 2011-03-15 Pluggable token provider model to implement authentication across multiple web services

Publications (3)

Publication Number Publication Date
JP2013522773A JP2013522773A (ja) 2013-06-13
JP2013522773A5 JP2013522773A5 (enExample) 2014-04-24
JP5714690B2 true JP5714690B2 (ja) 2015-05-07

Family

ID=44648292

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2013500154A Active JP5714690B2 (ja) 2010-03-18 2011-03-15 複数のウェブサービスにわたって認証を実施するプラグ可能なトークンプロバイダモデル

Country Status (5)

Country Link
US (1) US8572710B2 (enExample)
EP (1) EP2548333A4 (enExample)
JP (1) JP5714690B2 (enExample)
CN (1) CN102812665B (enExample)
WO (1) WO2011115984A2 (enExample)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8973108B1 (en) * 2011-05-31 2015-03-03 Amazon Technologies, Inc. Use of metadata for computing resource access
US8719919B2 (en) 2011-07-12 2014-05-06 Bank Of America Corporation Service mediation framework
US9015320B2 (en) 2011-07-12 2015-04-21 Bank Of America Corporation Dynamic provisioning of service requests
US9369307B2 (en) 2011-07-12 2016-06-14 Bank Of America Corporation Optimized service integration
US9635028B2 (en) * 2011-08-31 2017-04-25 Facebook, Inc. Proxy authentication
US20130086669A1 (en) 2011-09-29 2013-04-04 Oracle International Corporation Mobile application, single sign-on management
JP6066586B2 (ja) * 2012-05-22 2017-01-25 キヤノン株式会社 情報処理システム、その制御方法、およびそのプログラム。
WO2014011376A1 (en) * 2012-07-12 2014-01-16 Bank Of America Corporation Optimized service integration
US9838375B2 (en) * 2013-02-28 2017-12-05 Microsoft Technology Licensing, Llc RESTlike API that supports a resilient and scalable distributed application
US20140280494A1 (en) * 2013-03-14 2014-09-18 Microsoft Corporation Relay Service for Different Web Service Architectures
US9158932B2 (en) 2013-05-08 2015-10-13 Sap Se Modeled authorization check implemented with UI framework
US9112851B2 (en) 2013-06-18 2015-08-18 Sap Se Integrating web protocols with applications and services
US9253212B2 (en) * 2013-09-24 2016-02-02 Microsoft Technology Licensing, Llc Automated production of certification controls by translating framework controls
US9313208B1 (en) * 2014-03-19 2016-04-12 Amazon Technologies, Inc. Managing restricted access resources
CN103905201B (zh) * 2014-03-28 2017-02-15 北界无限(北京)软件有限公司 主应用与多个从属应用的交互方法及装置
CA2951052C (en) * 2014-06-02 2023-09-26 Datex, Inc. Tokenizing network appliance and method
CN104601328A (zh) * 2014-12-18 2015-05-06 中电科华云信息技术有限公司 组件安全调用系统及调用方法
US9888034B2 (en) 2014-12-24 2018-02-06 Oracle International Corporation Pluggable API firewall filter
CN105847220A (zh) * 2015-01-14 2016-08-10 北京神州泰岳软件股份有限公司 一种认证方法、系统和服务平台
US9565172B2 (en) * 2015-06-17 2017-02-07 Telefonaktiebolaget Lm Ericsson (Publ) Method for enabling a secure provisioning of a credential, and related wireless devices and servers
CN105791259B (zh) * 2015-10-26 2018-11-16 北京中金国盛认证有限公司 一种个人信息保护的方法
CN106570399B (zh) * 2016-09-30 2019-07-12 西北大学 一种跨App组件间隐私泄露的检测方法
CN107370668B (zh) * 2017-08-25 2020-04-28 北京百度网讯科技有限公司 智能设备远程控制的方法、装置和系统
US11063762B1 (en) * 2018-02-22 2021-07-13 Allscripts Software, Llc Computing system for inter-application communication
US11568039B2 (en) * 2018-06-03 2023-01-31 Apple Inc. Credential manager integration
CN109117609B (zh) * 2018-08-31 2021-01-29 中国农业银行股份有限公司 一种请求拦截方法及装置
US11240030B2 (en) * 2018-12-27 2022-02-01 Paypal, Inc. Token management layer for automating authentication during communication channel interactions
US11676011B2 (en) * 2019-10-24 2023-06-13 International Business Machines Corporation Private transfer learning
US12315620B2 (en) * 2019-11-27 2025-05-27 GE Precision Healthcare LLC Enhanced enterprise image reading with search and direct streaming
US12149516B2 (en) * 2020-06-02 2024-11-19 Flex Integration, LLC System and methods for tokenized hierarchical secured asset distribution
JP7738586B2 (ja) * 2020-06-29 2025-09-12 イルミナ インコーポレイテッド セキュアな発見フレームワークを介した一時的なクラウドプロバイダクレデンシャル
US11770377B1 (en) * 2020-06-29 2023-09-26 Cyral Inc. Non-in line data monitoring and security services
US11336698B1 (en) * 2021-04-22 2022-05-17 Netskope, Inc. Synthetic request injection for cloud policy enforcement
US11303647B1 (en) 2021-04-22 2022-04-12 Netskope, Inc. Synthetic request injection to disambiguate bypassed login events for cloud policy enforcement
US11184403B1 (en) 2021-04-23 2021-11-23 Netskope, Inc. Synthetic request injection to generate metadata at points of presence for cloud security enforcement
US11190550B1 (en) 2021-04-22 2021-11-30 Netskope, Inc. Synthetic request injection to improve object security posture for cloud security enforcement
US11178188B1 (en) 2021-04-22 2021-11-16 Netskope, Inc. Synthetic request injection to generate metadata for cloud policy enforcement
US11647052B2 (en) 2021-04-22 2023-05-09 Netskope, Inc. Synthetic request injection to retrieve expired metadata for cloud policy enforcement
US11271972B1 (en) 2021-04-23 2022-03-08 Netskope, Inc. Data flow logic for synthetic request injection for cloud security enforcement
US11271973B1 (en) 2021-04-23 2022-03-08 Netskope, Inc. Synthetic request injection to retrieve object metadata for cloud policy enforcement
US11943260B2 (en) 2022-02-02 2024-03-26 Netskope, Inc. Synthetic request injection to retrieve metadata for cloud policy enforcement

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006264A (en) * 1997-08-01 1999-12-21 Arrowpoint Communications, Inc. Method and system for directing a flow between a client and a server
WO2002057917A2 (en) * 2001-01-22 2002-07-25 Sun Microsystems, Inc. Peer-to-peer network computing platform
US7987501B2 (en) * 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7222148B2 (en) * 2002-05-02 2007-05-22 Bea Systems, Inc. System and method for providing highly available processing of asynchronous service requests
US20040059590A1 (en) * 2002-09-13 2004-03-25 Dwayne Mercredi Credential promotion
US8346929B1 (en) * 2003-08-18 2013-01-01 Oracle America, Inc. System and method for generating secure Web service architectures using a Web Services security assessment methodology
US8112103B2 (en) * 2004-01-16 2012-02-07 Kuang-Chao Eric Yeh Methods and systems for mobile device messaging
US20050268326A1 (en) * 2004-05-04 2005-12-01 Microsoft Corporation Checking the security of web services configurations
US7788716B2 (en) 2004-05-21 2010-08-31 Bea Systems, Inc. Token handler API
US20060005234A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method and apparatus for handling custom token propagation without Java serialization
US7603555B2 (en) 2004-12-07 2009-10-13 Microsoft Corporation Providing tokens to access extranet resources
US7562382B2 (en) 2004-12-16 2009-07-14 International Business Machines Corporation Specializing support for a federation relationship
US20070174429A1 (en) * 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
EP1895440A1 (en) 2006-09-01 2008-03-05 Nokia Siemens Networks Gmbh & Co. Kg Token-based service access
US20080086766A1 (en) * 2006-10-06 2008-04-10 Microsoft Corporation Client-based pseudonyms
US8347403B2 (en) 2006-12-19 2013-01-01 Canon Kabushiki Kaisha Single point authentication for web service policy definition
WO2008085202A1 (en) * 2006-12-29 2008-07-17 Prodea Systems, Inc. File sharing through multi-services gateway device at user premises
US8656472B2 (en) * 2007-04-20 2014-02-18 Microsoft Corporation Request-specific authentication for accessing web service resources
US20080263644A1 (en) * 2007-04-23 2008-10-23 Doron Grinstein Federated authorization for distributed computing
US8528058B2 (en) * 2007-05-31 2013-09-03 Microsoft Corporation Native use of web service protocols and claims in server authentication
US20090057396A1 (en) 2007-08-27 2009-03-05 Eric Barbour Method and system for multiple account, token-based single transactions
US20090099860A1 (en) * 2007-10-15 2009-04-16 Sap Ag Composite Application Using Security Annotations
JP5018536B2 (ja) * 2008-02-15 2012-09-05 日本電気株式会社 情報サービス検索システム、巡回収集方法、及び情報サービス巡回収集プログラム
US8296828B2 (en) * 2008-12-16 2012-10-23 Microsoft Corporation Transforming claim based identities to credential based identities

Also Published As

Publication number Publication date
US20110231921A1 (en) 2011-09-22
EP2548333A4 (en) 2017-04-19
JP2013522773A (ja) 2013-06-13
US8572710B2 (en) 2013-10-29
CN102812665B (zh) 2015-07-08
WO2011115984A3 (en) 2011-12-15
EP2548333A2 (en) 2013-01-23
WO2011115984A2 (en) 2011-09-22
CN102812665A (zh) 2012-12-05

Similar Documents

Publication Publication Date Title
JP5714690B2 (ja) 複数のウェブサービスにわたって認証を実施するプラグ可能なトークンプロバイダモデル
US12170695B2 (en) System and method for connecting a communication to a client
US8978100B2 (en) Policy-based authentication
US9247008B2 (en) Unified web service discovery
CN109639687B (zh) 用于提供基于云的身份和访问管理的系统、方法和介质
US9648006B2 (en) System and method for communicating with a client application
CN104580137B (zh) 使能用于不同通信协议的通信特征的应用编程接口
US10148522B2 (en) Extension of authorization framework
US20140245411A1 (en) Method and apparatus for providing account-less access via an account connector platform
US20090199276A1 (en) Proxy authentication
US20130086380A1 (en) System and method for facilitating communications based on trusted relationships
US10601831B2 (en) Accessing local information based on a browser session
US9401908B1 (en) Authentication interworking in communications networks
US12284284B2 (en) System and method of authenticating devices for secure data exchange
US12476964B2 (en) Securing identity token forwarding
US9979722B2 (en) Method and apparatus for processing a RTCWEB authentication
KR20150038459A (ko) 다이렉트 전자 메일
Lakshmiraghavan OAuth 2.0 Using Live Connect API
Lakshmiraghavan OAuth 2.0 from the Ground Up

Legal Events

Date Code Title Description
RD03 Notification of appointment of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7423

Effective date: 20130712

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20130719

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20140305

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20140305

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20150128

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20150210

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20150311

R150 Certificate of patent or registration of utility model

Ref document number: 5714690

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250