KR101832535B1 - 서비스로서 신뢰할 수 있는 장치 클레임 제공 기법 - Google Patents

서비스로서 신뢰할 수 있는 장치 클레임 제공 기법 Download PDF

Info

Publication number
KR101832535B1
KR101832535B1 KR1020137007942A KR20137007942A KR101832535B1 KR 101832535 B1 KR101832535 B1 KR 101832535B1 KR 1020137007942 A KR1020137007942 A KR 1020137007942A KR 20137007942 A KR20137007942 A KR 20137007942A KR 101832535 B1 KR101832535 B1 KR 101832535B1
Authority
KR
South Korea
Prior art keywords
client device
token service
network application
state token
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
KR1020137007942A
Other languages
English (en)
Korean (ko)
Other versions
KR20130114651A (ko
Inventor
유진 네이스타드트 (존)
다니엘 알론
예어 토어
마크 노바크
카자 이 아메드
요아브 야사우어
Original Assignee
마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 filed Critical 마이크로소프트 테크놀로지 라이센싱, 엘엘씨
Publication of KR20130114651A publication Critical patent/KR20130114651A/ko
Application granted granted Critical
Publication of KR101832535B1 publication Critical patent/KR101832535B1/ko
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
KR1020137007942A 2010-09-30 2011-09-14 서비스로서 신뢰할 수 있는 장치 클레임 제공 기법 Expired - Fee Related KR101832535B1 (ko)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US38843310P 2010-09-30 2010-09-30
US61/388,433 2010-09-30
US13/015,180 US9111079B2 (en) 2010-09-30 2011-01-27 Trustworthy device claims as a service
US13/015,180 2011-01-27
PCT/US2011/051655 WO2012050717A1 (en) 2010-09-30 2011-09-14 Trustworthy device claims as a service

Publications (2)

Publication Number Publication Date
KR20130114651A KR20130114651A (ko) 2013-10-18
KR101832535B1 true KR101832535B1 (ko) 2018-02-26

Family

ID=45890974

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020137007942A Expired - Fee Related KR101832535B1 (ko) 2010-09-30 2011-09-14 서비스로서 신뢰할 수 있는 장치 클레임 제공 기법

Country Status (6)

Country Link
US (1) US9111079B2 (enExample)
EP (1) EP2622534B1 (enExample)
JP (1) JP5916737B2 (enExample)
KR (1) KR101832535B1 (enExample)
CA (1) CA2812534A1 (enExample)
WO (1) WO2012050717A1 (enExample)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9659175B2 (en) 2012-05-09 2017-05-23 SunStone Information Defense Inc. Methods and apparatus for identifying and removing malicious applications
CN103117999A (zh) * 2012-11-29 2013-05-22 无锡华御信息技术有限公司 基于云架构的安全计算机系统及方法
CN105991595B (zh) * 2015-02-15 2020-08-07 华为技术有限公司 网络安全防护方法及装置
US10803175B2 (en) * 2015-03-06 2020-10-13 Microsoft Technology Licensing, Llc Device attestation through security hardened management agent
CN104767750A (zh) * 2015-04-01 2015-07-08 青岛大学 一种基于云架构的安全计算机系统
US10523646B2 (en) 2015-08-24 2019-12-31 Virtru Corporation Methods and systems for distributing encrypted cryptographic data
US10595202B2 (en) * 2016-05-23 2020-03-17 Citrix Systems, Inc. Dynamic access to hosted applications
US10218697B2 (en) * 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
US11531777B2 (en) * 2019-01-30 2022-12-20 Virtru Corporation Methods and systems for restricting data access based on properties of at least one of a process and a machine executing the process
CN112069490B (zh) * 2020-08-27 2023-08-15 北京百度网讯科技有限公司 一种提供小程序能力的方法、装置、电子设备及存储介质
US11552943B2 (en) * 2020-11-13 2023-01-10 Cyberark Software Ltd. Native remote access to target resources using secretless connections

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009518762A (ja) * 2005-12-09 2009-05-07 シグナサート, インコーポレイテッド インテグリティデータベースサービスを用いた、トラステッドプラットフォーム上のコンポーンテントのインテグリティの検証方法
JP2009123154A (ja) * 2007-11-19 2009-06-04 Hitachi Ltd 属性証明書管理方法及び装置

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1018494C2 (nl) 2001-07-09 2003-01-10 Koninkl Kpn Nv Methode en systeem voor het door een dienstproces aan een client leveren van een dienst.
US7076797B2 (en) 2001-10-05 2006-07-11 Microsoft Corporation Granular authorization for network user sessions
US8910241B2 (en) 2002-04-25 2014-12-09 Citrix Systems, Inc. Computer security system
US7591017B2 (en) * 2003-06-24 2009-09-15 Nokia Inc. Apparatus, and method for implementing remote client integrity verification
US20050076201A1 (en) * 2003-08-15 2005-04-07 Imcentric, Inc. System for discovering SSL-enabled network devices and certificates
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method
US7747862B2 (en) 2004-06-28 2010-06-29 Intel Corporation Method and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks
US8266676B2 (en) * 2004-11-29 2012-09-11 Harris Corporation Method to verify the integrity of components on a trusted platform using integrity database services
US20110179477A1 (en) * 2005-12-09 2011-07-21 Harris Corporation System including property-based weighted trust score application tokens for access control and related methods
US7870399B2 (en) * 2006-02-10 2011-01-11 Arxan Defense Systems Software trusted platform module and application security wrapper
CA2676450C (en) * 2007-01-26 2014-09-09 Interdigital Technology Corporation Method and apparatus for securing location information and access control using the location information
US8185740B2 (en) * 2007-03-26 2012-05-22 Microsoft Corporation Consumer computer health validation
EP1990750A1 (en) 2007-05-09 2008-11-12 Nokia Siemens Networks Oy Method and device for data processing and communication system comprising such device
CN100566251C (zh) 2007-08-01 2009-12-02 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接方法
CN100559763C (zh) 2007-08-28 2009-11-11 中国科学院软件研究所 一种远程网络服务的完整性检验方法
CN100553212C (zh) * 2007-11-16 2009-10-21 西安西电捷通无线网络通信有限公司 一种基于三元对等鉴别的可信网络接入控制系统
JP5132378B2 (ja) * 2008-03-21 2013-01-30 日本電信電話株式会社 サービス管理方法及びサービス管理システム
US20100043066A1 (en) * 2008-05-21 2010-02-18 Miliefsky Gary S Multiple security layers for time-based network admission control
US8074258B2 (en) * 2008-06-18 2011-12-06 Microsoft Corporation Obtaining digital identities or tokens through independent endpoint resolution
US10116580B2 (en) 2008-06-27 2018-10-30 Microsoft Technology Licensing, Llc Seamless location aware network connectivity
US8954897B2 (en) 2008-08-28 2015-02-10 Microsoft Corporation Protecting a virtual guest machine from attacks by an infected host
US9495538B2 (en) * 2008-09-25 2016-11-15 Symantec Corporation Graduated enforcement of restrictions according to an application's reputation
US9443084B2 (en) * 2008-11-03 2016-09-13 Microsoft Technology Licensing, Llc Authentication in a network using client health enforcement framework
CN102763111B (zh) * 2010-01-22 2015-08-05 交互数字专利控股公司 用于可信联合身份管理和数据接入授权的方法和设备
US8832811B2 (en) * 2010-08-27 2014-09-09 Red Hat, Inc. Network access control for trusted platforms

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009518762A (ja) * 2005-12-09 2009-05-07 シグナサート, インコーポレイテッド インテグリティデータベースサービスを用いた、トラステッドプラットフォーム上のコンポーンテントのインテグリティの検証方法
JP2009123154A (ja) * 2007-11-19 2009-06-04 Hitachi Ltd 属性証明書管理方法及び装置

Also Published As

Publication number Publication date
KR20130114651A (ko) 2013-10-18
CA2812534A1 (en) 2012-04-19
JP2013541099A (ja) 2013-11-07
EP2622534A1 (en) 2013-08-07
EP2622534B1 (en) 2020-02-26
US20120084851A1 (en) 2012-04-05
US9111079B2 (en) 2015-08-18
JP5916737B2 (ja) 2016-05-11
WO2012050717A1 (en) 2012-04-19
EP2622534A4 (en) 2017-06-21

Similar Documents

Publication Publication Date Title
KR101832535B1 (ko) 서비스로서 신뢰할 수 있는 장치 클레임 제공 기법
CN102685089B (zh) 用于企业应用的可信设备声明的方法和客户机设备
US8918856B2 (en) Trusted intermediary for network layer claims-enabled access control
KR102459199B1 (ko) 멀티-테넌트 컴퓨팅 시스템의 보안 및 허가 아키텍처
JP5522307B2 (ja) 仮想機械によるソフトウェアテストを用いた電子ネットワークにおけるクライアントシステムの遠隔保守のためのシステム及び方法
CN101816006B (zh) 用于web服务的安全性策略验证
CN103620615B (zh) 访问控制体系架构
US20160321464A1 (en) Secure Data Synchronization
US9210159B2 (en) Information processing system, information processing device, and authentication method
US20110321130A1 (en) Network layer claims based access control
US8560851B1 (en) Managing digital certificates
KR20140056005A (ko) 보안 관점의 분산 시스템 간의 데이터 전송 제어
US20170041504A1 (en) Service providing system, information processing apparatus, program, and method for generating service usage information
EP3195551B1 (en) Method and system for managing fine-grained policies for requiring user approval of device management operations
US11979411B2 (en) Control of access to computing resources implemented in isolated environments
US11170080B2 (en) Enforcing primary and secondary authorization controls using change control record identifier and information
CN113297595A (zh) 提权处理方法、装置、存储介质与电子设备
US12052224B2 (en) Client browser to endpoint peer to peer redirection from cloud control pane
US11997073B2 (en) Secure certificate storage when a connectivity management system client is running on an operating system
CN102404315B (zh) 作为服务的可信设备声明
US20090077615A1 (en) Security Policy Validation For Web Services
US12003963B2 (en) Mobile provisioning of a data center asset in a data center connectivity management environment
US20240195800A1 (en) Data Center Monitoring And Management Operation Including Interaction With A Monitoring And Management Console
HK1174446B (en) Method and client device of trustworthy device claims for enterprise applications

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

PN2301 Change of applicant

St.27 status event code: A-3-3-R10-R13-asn-PN2301

St.27 status event code: A-3-3-R10-R11-asn-PN2301

N231 Notification of change of applicant
PN2301 Change of applicant

St.27 status event code: A-3-3-R10-R13-asn-PN2301

St.27 status event code: A-3-3-R10-R11-asn-PN2301

A201 Request for examination
P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

D13-X000 Search requested

St.27 status event code: A-1-2-D10-D13-srh-X000

D14-X000 Search report completed

St.27 status event code: A-1-2-D10-D14-srh-X000

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

GRNT Written decision to grant
PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 4

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 5

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 6

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 7

PC1903 Unpaid annual fee

St.27 status event code: A-4-4-U10-U13-oth-PC1903

Not in force date: 20250221

Payment event data comment text: Termination Category : DEFAULT_OF_REGISTRATION_FEE

H13 Ip right lapsed

Free format text: ST27 STATUS EVENT CODE: N-4-6-H10-H13-OTH-PC1903 (AS PROVIDED BY THE NATIONAL OFFICE); TERMINATION CATEGORY : DEFAULT_OF_REGISTRATION_FEE

Effective date: 20250221

PC1903 Unpaid annual fee

St.27 status event code: N-4-6-H10-H13-oth-PC1903

Ip right cessation event data comment text: Termination Category : DEFAULT_OF_REGISTRATION_FEE

Not in force date: 20250221