JP7549418B2 - セキュリティ資格情報の配布 - Google Patents

セキュリティ資格情報の配布 Download PDF

Info

Publication number
JP7549418B2
JP7549418B2 JP2021576774A JP2021576774A JP7549418B2 JP 7549418 B2 JP7549418 B2 JP 7549418B2 JP 2021576774 A JP2021576774 A JP 2021576774A JP 2021576774 A JP2021576774 A JP 2021576774A JP 7549418 B2 JP7549418 B2 JP 7549418B2
Authority
JP
Japan
Prior art keywords
computer
digital identity
identity token
security credentials
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2021576774A
Other languages
English (en)
Japanese (ja)
Other versions
JP2022539055A5 (enExample
JP2022539055A (ja
Inventor
サバス、マリウス
ラム、ジア、ジュン、ブランドン
ステインダー、マルゴザータ
ピットナー、ダニエル
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2022539055A publication Critical patent/JP2022539055A/ja
Publication of JP2022539055A5 publication Critical patent/JP2022539055A5/ja
Application granted granted Critical
Publication of JP7549418B2 publication Critical patent/JP7549418B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
JP2021576774A 2019-06-27 2020-06-24 セキュリティ資格情報の配布 Active JP7549418B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/455,168 2019-06-27
US16/455,168 US11652631B2 (en) 2019-06-27 2019-06-27 Distribution of security credentials
PCT/IB2020/055961 WO2020261134A1 (en) 2019-06-27 2020-06-24 Distribution of security credentials

Publications (3)

Publication Number Publication Date
JP2022539055A JP2022539055A (ja) 2022-09-07
JP2022539055A5 JP2022539055A5 (enExample) 2022-10-25
JP7549418B2 true JP7549418B2 (ja) 2024-09-11

Family

ID=74043344

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2021576774A Active JP7549418B2 (ja) 2019-06-27 2020-06-24 セキュリティ資格情報の配布

Country Status (6)

Country Link
US (1) US11652631B2 (enExample)
JP (1) JP7549418B2 (enExample)
CN (1) CN113811873B (enExample)
DE (1) DE112020002343B4 (enExample)
GB (1) GB2599331B (enExample)
WO (1) WO2020261134A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11689537B2 (en) * 2020-10-21 2023-06-27 Okta, Inc. Providing flexible service access using identity provider
US11822672B1 (en) * 2021-02-04 2023-11-21 Cisco Technology, Inc. Systems and methods for scanning images for vulnerabilities
US11528140B2 (en) 2021-02-09 2022-12-13 International Business Machines Corporation Compromised access token invalidation in a singleton process
US11989282B2 (en) * 2021-09-10 2024-05-21 International Business Machines Corporation Open-source container data management
US12141263B2 (en) * 2022-06-06 2024-11-12 Dell Products, L.P. Workspace root-of-trust
GB2628571A (en) 2023-03-29 2024-10-02 Ibm Enabling a securing of cryptographic operations
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006203819A (ja) 2005-01-24 2006-08-03 Nippon Hoso Kyokai <Nhk> セキュリティモジュール、コンテンツ受信装置、契約情報生成装置及び契約情報検証装置、並びに、契約情報検証方法
JP2008107936A (ja) 2006-10-24 2008-05-08 Mitsubishi Electric Corp 認証装置、認証装置の認証方法および認証装置の認証プログラム
JP2014106652A (ja) 2012-11-26 2014-06-09 Fujitsu Ltd データ参照システムおよびアプリケーション認証方法
JP2015201030A (ja) 2014-04-08 2015-11-12 富士通株式会社 端末装置、情報管理サーバ、端末プログラム、情報管理プログラム、及びシステム
JP2017517823A (ja) 2014-03-27 2017-06-29 マイクロソフト テクノロジー ライセンシング,エルエルシー 機械生成認証トークンによってサービスを運用する技法
JP2018511247A (ja) 2015-03-31 2018-04-19 アマゾン・テクノロジーズ、インコーポレイテッド キーエクスポート技術
JP2018081643A (ja) 2016-11-18 2018-05-24 キヤノン株式会社 認可サーバーおよびその制御方法、プログラム、並びに権限委譲システム
US20190166029A1 (en) 2017-11-28 2019-05-30 International Business Machines Corporation Tracking usage of computing resources

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7275155B1 (en) 2000-09-01 2007-09-25 Northrop Grumman Corporation Chain of trust processing
US7827602B2 (en) 2003-06-30 2010-11-02 At&T Intellectual Property I, L.P. Network firewall host application identification and authentication
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
US8402519B2 (en) 2008-10-16 2013-03-19 Verisign, Inc. Transparent client authentication
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
KR101702618B1 (ko) 2010-07-09 2017-02-03 삼성전자주식회사 어플리케이션 관련 관리 객체를 제공하는 장치 및 방법
US8769655B2 (en) 2010-12-30 2014-07-01 Verisign, Inc. Shared registration multi-factor authentication tokens
US8839363B2 (en) * 2011-04-18 2014-09-16 Bank Of America Corporation Trusted hardware for attesting to authenticity in a cloud environment
DE102011077218B4 (de) 2011-06-08 2023-12-14 Servicenow, Inc. Zugriff auf in einer Cloud gespeicherte Daten
US8850515B2 (en) * 2011-08-15 2014-09-30 Bank Of America Corporation Method and apparatus for subject recognition session validation
EP3047626B1 (en) 2013-09-20 2017-10-25 Oracle International Corporation Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
CA2945199A1 (en) 2014-05-07 2015-11-12 Visa International Service Association Enhanced data interface for contactless communications
KR101605967B1 (ko) 2014-10-08 2016-03-24 한국과학기술원 어플리케이션 특성을 반영하여 트랜잭션을 관리하는 서비스 방법 및 시스템
US9692699B2 (en) 2014-10-30 2017-06-27 Intel Corporation Apparatus, system and method of protecting a service identifier
US10263898B2 (en) * 2016-07-20 2019-04-16 Cisco Technology, Inc. System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
US10375073B2 (en) 2016-08-29 2019-08-06 International Business Machines Corporation Configuration based client for OAuth authorization with arbitrary services and applications
US10348718B2 (en) * 2016-09-14 2019-07-09 Oracle International Corporation Sharing credentials and other secret data in collaborative environment in a secure manner
US20180101850A1 (en) 2016-10-12 2018-04-12 Microsoft Technology Licensing, Llc User and device authentication for web applications
CN106452764B (zh) 2016-12-02 2020-02-18 武汉理工大学 一种标识私钥自动更新的方法及密码系统
US10673981B2 (en) * 2017-06-09 2020-06-02 Nutanix, Inc. Workload rebalancing in heterogeneous resource environments
US20180367528A1 (en) * 2017-06-12 2018-12-20 Cyberark Software Ltd. Seamless Provision of Authentication Credential Data to Cloud-Based Assets on Demand
US11019073B2 (en) * 2017-07-23 2021-05-25 AtScale, Inc. Application-agnostic resource access control
US11943368B2 (en) 2017-11-03 2024-03-26 Microsoft Technology Licensing, Llc Provisioning trusted execution environment based on chain of trust including platform
US11438168B2 (en) * 2018-04-05 2022-09-06 T-Mobile Usa, Inc. Authentication token request with referred application instance public key
US10673840B2 (en) * 2018-05-10 2020-06-02 Jayant Shukla Cloud-based identity management and authentication system for containers and applications
US11379263B2 (en) * 2018-08-13 2022-07-05 Ares Technologies, Inc. Systems, devices, and methods for selecting a distributed framework
US10785122B2 (en) * 2018-10-05 2020-09-22 Cisco Technology, Inc. Canary release validation mechanisms for a containerized application or service mesh
US11425111B2 (en) * 2018-11-14 2022-08-23 Intel Corporation Attestation token sharing in edge computing environments
US11128482B2 (en) * 2019-04-19 2021-09-21 Microsoft Technology Licensing, Llc Metering cloud workloads at edge computing devices
US11575563B2 (en) * 2019-05-31 2023-02-07 Varmour Networks, Inc. Cloud security management
US11310284B2 (en) * 2019-05-31 2022-04-19 Varmour Networks, Inc. Validation of cloud security policies
US11290493B2 (en) * 2019-05-31 2022-03-29 Varmour Networks, Inc. Template-driven intent-based security

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006203819A (ja) 2005-01-24 2006-08-03 Nippon Hoso Kyokai <Nhk> セキュリティモジュール、コンテンツ受信装置、契約情報生成装置及び契約情報検証装置、並びに、契約情報検証方法
JP2008107936A (ja) 2006-10-24 2008-05-08 Mitsubishi Electric Corp 認証装置、認証装置の認証方法および認証装置の認証プログラム
JP2014106652A (ja) 2012-11-26 2014-06-09 Fujitsu Ltd データ参照システムおよびアプリケーション認証方法
JP2017517823A (ja) 2014-03-27 2017-06-29 マイクロソフト テクノロジー ライセンシング,エルエルシー 機械生成認証トークンによってサービスを運用する技法
JP2015201030A (ja) 2014-04-08 2015-11-12 富士通株式会社 端末装置、情報管理サーバ、端末プログラム、情報管理プログラム、及びシステム
JP2018511247A (ja) 2015-03-31 2018-04-19 アマゾン・テクノロジーズ、インコーポレイテッド キーエクスポート技術
JP2018081643A (ja) 2016-11-18 2018-05-24 キヤノン株式会社 認可サーバーおよびその制御方法、プログラム、並びに権限委譲システム
US20180145967A1 (en) 2016-11-18 2018-05-24 Canon Kabushiki Kaisha Authorization server, non-transitory computer-readable medium, and authority delegating system
US20190166029A1 (en) 2017-11-28 2019-05-30 International Business Machines Corporation Tracking usage of computing resources

Also Published As

Publication number Publication date
US20200412540A1 (en) 2020-12-31
US11652631B2 (en) 2023-05-16
DE112020002343B4 (de) 2024-12-19
CN113811873A (zh) 2021-12-17
GB2599331B (en) 2022-11-23
GB2599331A (en) 2022-03-30
DE112020002343T5 (de) 2022-01-27
WO2020261134A1 (en) 2020-12-30
JP2022539055A (ja) 2022-09-07
CN113811873B (zh) 2025-03-14

Similar Documents

Publication Publication Date Title
JP7549418B2 (ja) セキュリティ資格情報の配布
JP7572132B2 (ja) プライベート転移学習
US10944560B2 (en) Privacy-preserving identity asset exchange
US10833859B2 (en) Automating verification using secure encrypted phone verification
CN114586032B (zh) 安全的工作负载配置
US11082413B2 (en) Secure network connections
US11082219B2 (en) Detection and protection of data in API calls
US20200296089A1 (en) Validating containers on a microservice framework
US10812463B2 (en) Secure access to an enterprise computing environment
US10542048B2 (en) Security compliance framework usage
JP7762473B2 (ja) 複数の非集中ポリシにおいて機密性を維持すること(複数の非集中ポリシにおいてメタデータの機密性を維持する方法、システム及びコンピュータプログラム)
JP2025505934A (ja) モノのインターネット(IoT)ネットワークにおける権限管理
US20230188531A1 (en) Authorization of service requests in a multi-cluster system
JP7843837B2 (ja) コンテナ・システムのデータ管理方法、およびシステム
WO2022001879A1 (en) Management of computing secrets
US10411892B2 (en) Providing encrypted personal data to applications based on established policies for release of the personal data
US20230127956A1 (en) Building and deploying an application
Sung et al. A distributed mobile cloud computing model for secure big data

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20220512

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20221014

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20221121

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20231124

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20240109

RD12 Notification of acceptance of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7432

Effective date: 20240216

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20240405

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240730

RD14 Notification of resignation of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7434

Effective date: 20240731

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240827

R150 Certificate of patent or registration of utility model

Ref document number: 7549418

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150