JP5865386B2 - バックエンド制約委譲モデル - Google Patents

バックエンド制約委譲モデル Download PDF

Info

Publication number
JP5865386B2
JP5865386B2 JP2013540969A JP2013540969A JP5865386B2 JP 5865386 B2 JP5865386 B2 JP 5865386B2 JP 2013540969 A JP2013540969 A JP 2013540969A JP 2013540969 A JP2013540969 A JP 2013540969A JP 5865386 B2 JP5865386 B2 JP 5865386B2
Authority
JP
Japan
Prior art keywords
computer device
computer
domain
domain controller
middle tier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2013540969A
Other languages
English (en)
Japanese (ja)
Other versions
JP2014511511A5 (enExample
JP2014511511A (ja
Inventor
ノヴァク,マーク・フィッシェル
リーチ,ポール・ジェイ
チュー,リーチャン
ミラー,ポール・ジェイ
ハンガヌ,アレキサンドル
ゼン,イー
ヴィーガス,ジェレミー・ドミニク
ショート,ケイ・ミチコ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp, Microsoft Technology Licensing LLC filed Critical Microsoft Corp
Publication of JP2014511511A publication Critical patent/JP2014511511A/ja
Publication of JP2014511511A5 publication Critical patent/JP2014511511A5/ja
Application granted granted Critical
Publication of JP5865386B2 publication Critical patent/JP5865386B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)
JP2013540969A 2010-11-22 2011-11-14 バックエンド制約委譲モデル Active JP5865386B2 (ja)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
AU2010246354 2010-11-22
AU2010246354A AU2010246354B1 (en) 2010-11-22 2010-11-22 Back-end constrained delegation model
US12/965,445 US9118672B2 (en) 2010-11-22 2010-12-10 Back-end constrained delegation model
US12/965,445 2010-12-10
PCT/US2011/060614 WO2012071207A2 (en) 2010-11-22 2011-11-14 Back-end constrained delegation model

Publications (3)

Publication Number Publication Date
JP2014511511A JP2014511511A (ja) 2014-05-15
JP2014511511A5 JP2014511511A5 (enExample) 2014-11-13
JP5865386B2 true JP5865386B2 (ja) 2016-02-17

Family

ID=45465361

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2013540969A Active JP5865386B2 (ja) 2010-11-22 2011-11-14 バックエンド制約委譲モデル

Country Status (9)

Country Link
US (1) US9118672B2 (enExample)
EP (1) EP2643766B1 (enExample)
JP (1) JP5865386B2 (enExample)
KR (1) KR20140003426A (enExample)
AU (2) AU2010246354B1 (enExample)
BR (1) BR112013012537A2 (enExample)
CA (1) CA2815690A1 (enExample)
RU (1) RU2589333C2 (enExample)
WO (1) WO2012071207A2 (enExample)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9148285B2 (en) 2013-01-21 2015-09-29 International Business Machines Corporation Controlling exposure of sensitive data and operation using process bound security tokens in cloud computing environment
GB2512062A (en) 2013-03-18 2014-09-24 Ibm A method for secure user authentication in a dynamic network
US8745394B1 (en) 2013-08-22 2014-06-03 Citibank, N.A. Methods and systems for secure electronic communication
US11770377B1 (en) * 2020-06-29 2023-09-26 Cyral Inc. Non-in line data monitoring and security services
US12470536B2 (en) * 2023-04-04 2025-11-11 Dell Products L.P. Inter-domain access using identity provider

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6367009B1 (en) 1998-12-17 2002-04-02 International Business Machines Corporation Extending SSL to a multi-tier environment using delegation of authentication and authority
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7185359B2 (en) 2001-12-21 2007-02-27 Microsoft Corporation Authentication and authorization across autonomous network systems
US7401235B2 (en) * 2002-05-10 2008-07-15 Microsoft Corporation Persistent authorization context based on external authentication
US20040073668A1 (en) 2002-10-10 2004-04-15 Shivaram Bhat Policy delegation for access control
GB2394388B (en) * 2002-10-14 2005-10-19 Toshiba Res Europ Ltd Methods and systems for flexible delegation
JP2004272380A (ja) * 2003-03-05 2004-09-30 Nippon Telegr & Teleph Corp <Ntt> グループ認証方法及びシステム、サービス提供装置、認証装置、サービス提供プログラム及びそれを記録した記録媒体、認証プログラム及びそれを記録した記録媒体
US7644275B2 (en) * 2003-04-15 2010-01-05 Microsoft Corporation Pass-thru for client authentication
US7546640B2 (en) 2003-12-10 2009-06-09 International Business Machines Corporation Fine-grained authorization by authorization table associated with a resource
US7555569B1 (en) * 2004-02-02 2009-06-30 Emc Corporation Quick configuration status
US7805527B2 (en) 2005-06-29 2010-09-28 Microsoft Corporation Using a variable identity pipe for constrained delegation and connection pooling
US7984493B2 (en) * 2005-07-22 2011-07-19 Alcatel-Lucent DNS based enforcement for confinement and detection of network malicious activities
US20090119504A1 (en) 2005-08-10 2009-05-07 Riverbed Technology, Inc. Intercepting and split-terminating authenticated communication connections
US7627593B2 (en) * 2005-08-25 2009-12-01 International Business Machines Corporation Method and system for unified support of multiple system management information models in a multiple host environment
US8200971B2 (en) 2005-09-23 2012-06-12 Cisco Technology, Inc. Method for the provision of a network service
WO2007047183A2 (en) * 2005-10-11 2007-04-26 Citrix Systems, Inc. Systems and methods for facilitating distributed authentication
US7913084B2 (en) * 2006-05-26 2011-03-22 Microsoft Corporation Policy driven, credential delegation for single sign on and secure access to network resources
US8381306B2 (en) 2006-05-30 2013-02-19 Microsoft Corporation Translating role-based access control policy to resource authorization policy
US20070294404A1 (en) 2006-06-15 2007-12-20 International Business Machines Corporation Method and system for authorization and access control delegation in an on demand grid environment
JP4882546B2 (ja) * 2006-06-28 2012-02-22 富士ゼロックス株式会社 情報処理システムおよび制御プログラム
US8201215B2 (en) * 2006-09-08 2012-06-12 Microsoft Corporation Controlling the delegation of rights
US20080066147A1 (en) 2006-09-11 2008-03-13 Microsoft Corporation Composable Security Policies
JP2008071226A (ja) * 2006-09-15 2008-03-27 Nec Corp クレデンシャルコンバージョンシステムと方法、コンピュータ装置、及びプログラム
US7853987B2 (en) 2006-10-10 2010-12-14 Honeywell International Inc. Policy language and state machine model for dynamic authorization in physical access control
JP4314267B2 (ja) * 2006-11-30 2009-08-12 キヤノン株式会社 アクセス制御装置およびアクセス制御方法及び印刷システム
US8190755B1 (en) * 2006-12-27 2012-05-29 Symantec Corporation Method and apparatus for host authentication in a network implementing network access control
CN101262342A (zh) 2007-03-05 2008-09-10 松下电器产业株式会社 分布式授权与验证方法、装置及系统
US8386776B2 (en) * 2007-09-25 2013-02-26 Nec Corporation Certificate generating/distributing system, certificate generating/distributing method and certificate generating/distributing program
US20090158407A1 (en) * 2007-12-13 2009-06-18 Fiberlink Communications Corporation Api translation for network access control (nac) agent
US8166516B2 (en) 2008-03-27 2012-04-24 Microsoft Corporation Determining effective policy
US8364970B2 (en) * 2009-02-18 2013-01-29 Nokia Corporation Method and apparatus for providing enhanced service authorization

Also Published As

Publication number Publication date
WO2012071207A3 (en) 2012-07-19
EP2643766A2 (en) 2013-10-02
AU2011332150B2 (en) 2015-04-30
RU2589333C2 (ru) 2016-07-10
US9118672B2 (en) 2015-08-25
KR20140003426A (ko) 2014-01-09
AU2011332150A1 (en) 2013-05-02
EP2643766B1 (en) 2019-07-31
WO2012071207A2 (en) 2012-05-31
AU2010246354B1 (en) 2011-11-03
BR112013012537A2 (pt) 2016-09-06
HK1168697A1 (zh) 2013-01-04
EP2643766A4 (en) 2017-08-09
CA2815690A1 (en) 2012-05-31
JP2014511511A (ja) 2014-05-15
RU2013123353A (ru) 2014-11-27
US20120131661A1 (en) 2012-05-24

Similar Documents

Publication Publication Date Title
US8918856B2 (en) Trusted intermediary for network layer claims-enabled access control
US7774824B2 (en) Multifactor device authentication
US8990550B1 (en) Methods and apparatus for securing communications between a node and a server based on hardware metadata gathered by an in-memory process
US20220294646A1 (en) Identity management for software components
EP3570517B1 (en) Authentication technique making use of emergency credential
US11196733B2 (en) System and method for group of groups single sign-on demarcation based on first user login
US20220311777A1 (en) Hardening remote administrator access
US12407667B2 (en) Location aware trusted cloud resource provisioning
JP5865386B2 (ja) バックエンド制約委譲モデル
US9323911B1 (en) Verifying requests to remove applications from a device
US20170093844A1 (en) Data Theft Deterrence
US11792184B2 (en) Autopilot re-enrollment of managed devices
CN101939748A (zh) 通过信任委托的激活
US20060248578A1 (en) Method, system, and program product for connecting a client to a network
CN102438014B (zh) 后端受限委托模型
TW201237639A (en) Back-end constrained delegation model
WO2023069062A1 (en) Blockchain-based certificate lifecycle management
US20250330323A1 (en) Techniques for binding tokens to a device and collecting device posture signals
CN119483978B (zh) 基于可信执行环境的隐私增强方法、装置、设备及介质
US20250365159A1 (en) Systems and methods for improved security in hybrid infrastructure
HK1168697B (en) Back-end constrained delegation model
JP2023031804A (ja) 機器制御装置、管理装置、機器管理システム、機器制御方法、及びプログラム
JP2018036801A (ja) 情報処理装置、情報処理方法、およびコンピュータプログラム

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20140925

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20140925

A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20150522

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20150819

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20150826

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20151110

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20151201

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20151225

R150 Certificate of patent or registration of utility model

Ref document number: 5865386

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: R3D02