JP5916737B2 - サービスとして信用できるデバイスクレーム - Google Patents

サービスとして信用できるデバイスクレーム Download PDF

Info

Publication number
JP5916737B2
JP5916737B2 JP2013531624A JP2013531624A JP5916737B2 JP 5916737 B2 JP5916737 B2 JP 5916737B2 JP 2013531624 A JP2013531624 A JP 2013531624A JP 2013531624 A JP2013531624 A JP 2013531624A JP 5916737 B2 JP5916737 B2 JP 5916737B2
Authority
JP
Japan
Prior art keywords
client device
network application
information
access
act
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2013531624A
Other languages
English (en)
Japanese (ja)
Other versions
JP2013541099A5 (enExample
JP2013541099A (ja
Inventor
(ジョン) ネイシュタット ユージーン
(ジョン) ネイシュタット ユージーン
アロン ダニエル
アロン ダニエル
トール ヤイル
トール ヤイル
ノヴァク マーク
ノヴァク マーク
イー.アハメド カジャ
イー.アハメド カジャ
ヤソア ヨアフ
ヤソア ヨアフ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp, Microsoft Technology Licensing LLC filed Critical Microsoft Corp
Publication of JP2013541099A publication Critical patent/JP2013541099A/ja
Publication of JP2013541099A5 publication Critical patent/JP2013541099A5/ja
Application granted granted Critical
Publication of JP5916737B2 publication Critical patent/JP5916737B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
JP2013531624A 2010-09-30 2011-09-14 サービスとして信用できるデバイスクレーム Active JP5916737B2 (ja)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US38843310P 2010-09-30 2010-09-30
US61/388,433 2010-09-30
US13/015,180 US9111079B2 (en) 2010-09-30 2011-01-27 Trustworthy device claims as a service
US13/015,180 2011-01-27
PCT/US2011/051655 WO2012050717A1 (en) 2010-09-30 2011-09-14 Trustworthy device claims as a service

Publications (3)

Publication Number Publication Date
JP2013541099A JP2013541099A (ja) 2013-11-07
JP2013541099A5 JP2013541099A5 (enExample) 2014-10-09
JP5916737B2 true JP5916737B2 (ja) 2016-05-11

Family

ID=45890974

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2013531624A Active JP5916737B2 (ja) 2010-09-30 2011-09-14 サービスとして信用できるデバイスクレーム

Country Status (6)

Country Link
US (1) US9111079B2 (enExample)
EP (1) EP2622534B1 (enExample)
JP (1) JP5916737B2 (enExample)
KR (1) KR101832535B1 (enExample)
CA (1) CA2812534A1 (enExample)
WO (1) WO2012050717A1 (enExample)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2874489A1 (en) 2012-05-09 2013-11-14 SunStone Information Defense Inc. Methods and apparatus for identifying and removing malicious applications
CN103117999A (zh) * 2012-11-29 2013-05-22 无锡华御信息技术有限公司 基于云架构的安全计算机系统及方法
CN105991595B (zh) * 2015-02-15 2020-08-07 华为技术有限公司 网络安全防护方法及装置
US10803175B2 (en) * 2015-03-06 2020-10-13 Microsoft Technology Licensing, Llc Device attestation through security hardened management agent
CN104767750A (zh) * 2015-04-01 2015-07-08 青岛大学 一种基于云架构的安全计算机系统
US10523646B2 (en) 2015-08-24 2019-12-31 Virtru Corporation Methods and systems for distributing encrypted cryptographic data
US10595202B2 (en) * 2016-05-23 2020-03-17 Citrix Systems, Inc. Dynamic access to hosted applications
US10218697B2 (en) * 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
US11531777B2 (en) * 2019-01-30 2022-12-20 Virtru Corporation Methods and systems for restricting data access based on properties of at least one of a process and a machine executing the process
CN112069490B (zh) * 2020-08-27 2023-08-15 北京百度网讯科技有限公司 一种提供小程序能力的方法、装置、电子设备及存储介质
US11552943B2 (en) * 2020-11-13 2023-01-10 Cyberark Software Ltd. Native remote access to target resources using secretless connections

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1018494C2 (nl) 2001-07-09 2003-01-10 Koninkl Kpn Nv Methode en systeem voor het door een dienstproces aan een client leveren van een dienst.
US7076797B2 (en) 2001-10-05 2006-07-11 Microsoft Corporation Granular authorization for network user sessions
US8910241B2 (en) 2002-04-25 2014-12-09 Citrix Systems, Inc. Computer security system
US7591017B2 (en) * 2003-06-24 2009-09-15 Nokia Inc. Apparatus, and method for implementing remote client integrity verification
US20060015716A1 (en) * 2003-08-15 2006-01-19 Imcentric, Inc. Program product for maintaining certificate on client network devices1
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method
US7747862B2 (en) 2004-06-28 2010-06-29 Intel Corporation Method and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks
US8266676B2 (en) * 2004-11-29 2012-09-11 Harris Corporation Method to verify the integrity of components on a trusted platform using integrity database services
WO2008024135A2 (en) * 2005-12-09 2008-02-28 Signacert, Inc. Method to verify the integrity of components on a trusted platform using integrity database services
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
US7870399B2 (en) * 2006-02-10 2011-01-11 Arxan Defense Systems Software trusted platform module and application security wrapper
CN101589596B (zh) * 2007-01-26 2013-02-27 交互数字技术公司 用于保护位置信息和使用该位置信息来访问控制的方法和装置
US8185740B2 (en) * 2007-03-26 2012-05-22 Microsoft Corporation Consumer computer health validation
EP1990750A1 (en) 2007-05-09 2008-11-12 Nokia Siemens Networks Oy Method and device for data processing and communication system comprising such device
CN100566251C (zh) * 2007-08-01 2009-12-02 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接方法
CN100559763C (zh) 2007-08-28 2009-11-11 中国科学院软件研究所 一种远程网络服务的完整性检验方法
CN100553212C (zh) * 2007-11-16 2009-10-21 西安西电捷通无线网络通信有限公司 一种基于三元对等鉴别的可信网络接入控制系统
JP5036500B2 (ja) * 2007-11-19 2012-09-26 株式会社日立製作所 属性証明書管理方法及び装置
JP5132378B2 (ja) * 2008-03-21 2013-01-30 日本電信電話株式会社 サービス管理方法及びサービス管理システム
US20100043066A1 (en) * 2008-05-21 2010-02-18 Miliefsky Gary S Multiple security layers for time-based network admission control
US8074258B2 (en) * 2008-06-18 2011-12-06 Microsoft Corporation Obtaining digital identities or tokens through independent endpoint resolution
US10116580B2 (en) 2008-06-27 2018-10-30 Microsoft Technology Licensing, Llc Seamless location aware network connectivity
US8954897B2 (en) 2008-08-28 2015-02-10 Microsoft Corporation Protecting a virtual guest machine from attacks by an infected host
US9495538B2 (en) * 2008-09-25 2016-11-15 Symantec Corporation Graduated enforcement of restrictions according to an application's reputation
US9443084B2 (en) * 2008-11-03 2016-09-13 Microsoft Technology Licensing, Llc Authentication in a network using client health enforcement framework
EP2526504A1 (en) * 2010-01-22 2012-11-28 InterDigital Patent Holdings, Inc. Method and apparatus for trusted federated identity management and data access authorization
US8832811B2 (en) * 2010-08-27 2014-09-09 Red Hat, Inc. Network access control for trusted platforms

Also Published As

Publication number Publication date
WO2012050717A1 (en) 2012-04-19
KR101832535B1 (ko) 2018-02-26
US9111079B2 (en) 2015-08-18
EP2622534A4 (en) 2017-06-21
EP2622534B1 (en) 2020-02-26
KR20130114651A (ko) 2013-10-18
JP2013541099A (ja) 2013-11-07
US20120084851A1 (en) 2012-04-05
CA2812534A1 (en) 2012-04-19
EP2622534A1 (en) 2013-08-07

Similar Documents

Publication Publication Date Title
JP5916737B2 (ja) サービスとして信用できるデバイスクレーム
CN102685089B (zh) 用于企业应用的可信设备声明的方法和客户机设备
US10735472B2 (en) Container authorization policies for network trust
US11301575B2 (en) Secure data synchronization
TWI794872B (zh) 資訊處置系統、記憶體儲存裝置及用於操作工作區之方法
KR102110273B1 (ko) 체인 보안 시스템들
US8918856B2 (en) Trusted intermediary for network layer claims-enabled access control
US10097350B2 (en) Privacy enhanced key management for a web service provider using a converged security engine
JP6402198B2 (ja) デジタル証明書を用いた仮想マシンイメージの認証
US8589691B1 (en) Self-signed certificates for computer application signatures
US8131997B2 (en) Method of mutually authenticating between software mobility device and local host and a method of forming input/output (I/O) channel
US20110321130A1 (en) Network layer claims based access control
JP2013522794A (ja) 仮想化及び認証を用いた電子ネットワークにおける複数のクライアントの遠隔保守のためのシステム及び方法
CN111526111A (zh) 登录轻应用的控制方法、装置和设备及计算机存储介质
JP2024539854A (ja) 隔離された環境において実装されたコンピューティングリソースへのアクセスの制御
US12450400B2 (en) Out of band component validation
CN102404315B (zh) 作为服务的可信设备声明
CN119278448A (zh) 用于提供安全相关信息的技术
US8788681B1 (en) Method and apparatus for autonomously managing a computer resource using a security certificate
CN108604279B (zh) 应用批准
CN102438014B (zh) 后端受限委托模型
CN119203181A (zh) 数据访问方法、装置、设备和可读存储介质
HK1174446B (en) Method and client device of trustworthy device claims for enterprise applications

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20140820

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20140820

A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20150521

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20150724

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20150819

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20151118

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20160307

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20160405

R150 Certificate of patent or registration of utility model

Ref document number: 5916737

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: R3D02