WO2007064171A1 - Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message - Google Patents

Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message Download PDF

Info

Publication number
WO2007064171A1
WO2007064171A1 PCT/KR2006/005153 KR2006005153W WO2007064171A1 WO 2007064171 A1 WO2007064171 A1 WO 2007064171A1 KR 2006005153 W KR2006005153 W KR 2006005153W WO 2007064171 A1 WO2007064171 A1 WO 2007064171A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
transmission message
message
information
external domain
Prior art date
Application number
PCT/KR2006/005153
Other languages
French (fr)
Inventor
Seung-Hyun Kim
Dae-Seon Choi
Jong-Hyouk Noh
Sang-Rae Cho
Yeong-Sub Cho
Seung-Hun Jin
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Publication of WO2007064171A1 publication Critical patent/WO2007064171A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • the present invention relates to a method and apparatus for transmitting a message in a heterogeneous federated environment and a method and apparatus for providing a service using the message, and more particularly, to a service providing method and apparatus in a heterogeneous federated environment, in which two service servers in different domains interpret security information and/or protocol information of a message to be transmitted via at least one trust bridge, and provide a service according to the interpretation result.
  • SSO single sign-on
  • a method of operating federated domains together in a federated environment is disclosed in Korean Patent Application No. 10-2005-7008492, entitled 'Method and System for Native Authentication Protocols in a Heterogeneous Federated Environment', and International Patent Application No. PCT/EP2003/014852, entitled 'Method and System for Authentication in a Heterogeneous Federated Environment, i.e., Single Sign on in Federated Domains'.
  • a server within a domain relies upon a trust proxy and manages trust relationships between domains.
  • the trust proxy creates and interprets authentication assertions.
  • the trust proxy may have a trust relationship with a trust arbiter and rely upon the trust arbiter for assistance in interpreting the authentication assertions.
  • this method is focused on the exchange of authentication assertions, and particularly, establishing of a dynamic trust relationship via the trust arbiter. Also, this method demonstrates that the trust proxy manages authentication information and creates authentication assertions, but does not disclose compatibility between federated protocols. Disclosure of Invention
  • the present invention provides a method and apparatus for transmitting a message in a heterogeneous federated environment having two service servers in different domains that can interpret security information and/or protocol information of a message to be transmitted via at least a trust bridge, and a method and apparatus for providing a service by using the message.
  • a method of transmitting a message in a heterogeneous federated environment in which a domain and an external domain exchange their security information and/or protocol information with each other comprising (a) a service server of the domain creating a transmission message to be transmitted to the external domain, and transmitting the transmission message to a trust bridge which is constructed separately in the domain; (b) the trust bridge detecting protocol information of the external domain; (c) the trust bridge interpreting the transmission message by using the detected protocol information; and (d) the trust bridge transmitting the interpreted transmission message to the external domain.
  • a method of providing a service in which a trust bridge of a domain receives a transmission message from an external domain and provides a service corresponding to the transmission message in a heterogeneous federated environment where the domain and the external domain exchange their security information and/or protocol information with each other comprising (a) the trust bridge determining whether protocol information contained in the transmission message from the external domain is the same as the protocol information of the domain; (b) when it is determined in (a) that the two protocol information are not the same, detecting the protocol information of the domain; (c) interpreting the transmission message by using the detected protocol information; (d) supplying the interpreted transmission message to a service server of the domain; and (e) the service server analyzing the interpreted transmission message and providing a service according to the analysis result.
  • a method of providing a service in which a service server of a domain receives a transmission message from an external domain and provides a service corresponding to the message in a heterogeneous federated environment where the domain and the external domain exchange their security information and/or protocol information with each other comprising (a) the service server of the domain determining whether the transmission message from the external domain is encrypted; (b) if it is determined in (a) that the transmission message is encrypted, decrypting the transmission message by using the security information of the domain; and (c) analyzing the decrypted transmission message and providing a service according to the analysis result.
  • an apparatus for transmitting a message in a heterogeneous federated environment comprising a storage unit storing protocol information of an external domain in the heterogeneous federated environment; a service server creating a message to be transmitted to the external domain, using protocol information stored in the service server; and a trust bridge receiving the message from the service server, loading the protocol information of the external domain from the storage unit, interpreting the received message by using the protocol information of the external domain, and transmitting the interpreted message to the external domain.
  • an apparatus for providing a service by using a message received in a heterogeneous federated environment comprising a storage unit storing protocol information; a trust bridge interpreting a transmission message received from an external domain in a heterogeneous federated environment, using the protocol information loaded from the storage unit; and a service server receiving the interpreted transmission message from the trust bridge, analyzing the interpreted transmission message, and providing a service according to the analysis result.
  • two service servers in different domains can interpret security information and/or protocol information via at least a trust bridge, thereby realizing message compatibility.
  • FlG. 1 is a block diagram of a system including an apparatus that transmits a message in a heterogeneous federated environment and an apparatus that provides a service using the message, according to an embodiment of the present invention
  • FlG. 2 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to an embodiment of the present invention
  • FlG. 3 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to another embodiment of the present invention
  • FlG. 4 is a flowchart illustrating a method of providing a service using a message received in a heterogeneous federated environment according to an embodiment of the present invention.
  • FlG. 5 is a flowchart illustrating a method of providing a service using a message received in a heterogeneous federated environment according to another embodiment of the present invention.
  • FlG. 1 is a block diagram of a system including an apparatus that transmits a message in a heterogeneous federated environment, and an apparatus that provides a service using the message, according to an embodiment of the present invention.
  • the system includes a first domain 100, a client 120, and a second domain 140.
  • first and second domains 100 and 140 are located in a heterogeneous federated environment where different security policies or protocols are present. In the heterogeneous federated environment, a trust relationship must be established between the first and second domains 100 and 140 to provide services from the first domain 100 to the second domain 140 or vice versa.
  • the first domain 100 is a message transmitting apparatus that transmits a message to the second domain 140 in the heterogeneous federated environment
  • the second domain 140 is a service providing apparatus that interprets the message received from the first domain 100 and provides a service corresponding to the interpretation result in the heterogeneous federated environment.
  • the first domain 100 includes a storage unit 102, a service server 104, an interface unit 106, and a trust bridge 108.
  • the trust bridge 108 includes a protocol interpreter 109 and a trust management unit 110.
  • the storage unit 102 stores protocol information and security information of the first domain 100, and protocol information and security information of the second domain 140.
  • the service server 104 and the service server 144 are final objects that respectively exchange messages indirectly with the first and second domains 100 and 140. That is, the first domain 100 transmits messages to the trust bridge 148 of the second domain 140 via the service server 104 or to the service server 144 of the second domain 140 via the trust bridge 108. Of course, the second domain 140 may transmit messages to the trust bridge 108 of the first domain 100 via the service server 144, or to the trust bridge 108 or the service server 104 of the first domain 100 via the trust bridge 148.
  • the interface unit 106 receives the original message information, which is input by a user, and second domain information from the client 120.
  • the original message information is used to create a transmission message to be transmitted from the first domain 100 to the second domain 140
  • the second domain information is information regarding an external domain to which the created message is to be transmitted.
  • the service server 104 creates a transmission message to be transmitted, based on the original message information received via the interface unit 106. Then, the service server 104 supplies the created transmission message and the second domain in- formation to the trust bridge 108. Alternatively, the service server 104 may deliver the transmission message directly to the trust bridge 148 of the second domain 140 (S 120).
  • the trust bridge 148 of the second domain 140 transforms the received transmission message into information that can be understood by the service server 144 of the second domain 140, using the protocol information and/or security information, and the service server 144 interprets the transformed information and provides a service corresponding to the interpretation result.
  • the protocol interpreter 109 of the trust bridge 108 loads the protocol information of the second domain 140 from storage unit 102 based on the received second domain information, and interprets the transmission message based on the protocol information of the second domain 140.
  • the trust management unit 110 of the trust bridge 108 determines whether the transmission message interpreted by the protocol interpretation unit 109 will be encrypted and transmitted.
  • the storage unit 102 loads the security information of the second domain 140, and encrypts the interpreted transmission message using the loaded security information.
  • the trust bridge 108 transmits the interpreted transmission message encrypted by the trust management unit 110 to the second domain 140 via a wire/wireless network.
  • the trust bridge 110 may transmit the encrypted transmission message to the service server 144 of the second domain 140 (S 140) or to the trust bridge 148 of the second domain 140 (S 160).
  • the trust management unit 110 determines that the interpreted transmission message is to be transmitted without being encrypted, the trust bridge 108 transmits the transmission message to the second domain 140 via the wire/wireless network.
  • the trust bridge 108 may transmit the transmission message directly to the service server 144 of second domain 140 (S 140) or to the trust bridge 148 of the second domain 140 (S 160).
  • the first domain 100 that transmits a transmission message to an external domain, such as the second domain 140 of FlG. 1, in the heterogeneous federated environment has been described.
  • the second domain 140 that receives transmission information from an external domain, such as the first domain 100 of FlG. 1, and provides a service corresponding to the transmission information in the heterogeneous federated environment will be described.
  • the second domain 140 includes a storage unit 142, the service server 144, an interface unit 146, and the trust bridge 148.
  • the trust bridge 148 includes a protocol interpretation unit 149 and a trust management unit 150.
  • the storage unit 142 stores the protocol information and security information of the first domain 100 and the protocol information and security information of the second domain 140.
  • the service server 104 and the service server 144 are final objects that exchange messages indirectly with the second and first domains 140 and 100, respectively.
  • the service server 144 receives messages directly from the trust bridge 108 of the first domain 100 or via the trust bridge 148 of the second domain 140.
  • the service server 144 determines whether the transmission message from the trust bridge 108 is encrypted. If it is determined that the transmission message is encrypted, the service server 144 decrypts the transmission information using the security information of the second domain 140, analyzes the decrypted message, and provides a corresponding service. If not so, the service server 144 directly analyzes the transmission message and provides a corresponding service.
  • the trust management unit 150 of the trust bridge 148 determines whether the transmission message from the first domain 100 is encrypted. If it is determined that the transmission message is encrypted, the trust management unit 150 loads the security information of the second domain 140 from the storage unit 142 and decrypts the transmission message. If not so, the trust management unit 150 informs the trust bridge 148 that the transmission message is not encrypted.
  • the protocol interpretation unit 149 of the trust bridge 148 determines whether the protocol information contained in the transmission message received from the first domain 100 is the same as the protocol information of the second domain 140. This is accompanied by extracting and comparing the protocol information of the transmission message with the protocol information loaded from the storage unit 142 in order to determine whether they are the same.
  • the protocol interpretation unit 149 interprets the transmission message from the first domain 100 by using the protocol information of the second domain 140. Specifically, the protocol interpretation unit 149 loads the protocol information of the second domain 140 from the storage unit 142 and interprets the transmission message from the first domain 100. If it is determined that the two protocol information are the same, the protocol interpretation unit 149 informs the trust bridge 148 that the protocol information are the same.
  • the trust bridge 148 transmits the received transmission message to the service server 144.
  • the service server 144 analyzes the interpreted transmission message from the protocol interpretation unit 149 and provides a corresponding service.
  • the interface unit 146 of the second domain 140 receives the original message information, which is input by a user, and first domain information from the client 120.
  • the original message information is used to create a transmission message to be transmitted from the second domain 140 to the first domain 100, and the first domain information is information regarding an external domain regarding an external domain to which the created transmission message is to be transmitted.
  • the second domain 140 receives the original message information and the first domain information from the client 120 via the interface unit 146.
  • the first domain 100 is described as a device that transmits a message to the second domain 140 in the heterogeneous federated environment
  • the second domain 140 is described as a device that analyzes the message from the first domain 100 and provides a corresponding service in the heterogeneous federated environment.
  • the first domain 100 can not only transmit a message but also receive a transmission message from an external domain and provide a corresponding service.
  • the second domain 140 can not only provide a service but also receive the original message information and the information regarding the external domain from the client 120 via the interface unit 146 and transmit the transmission message to the external domain.
  • FlG. 2 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to an embodiment of the present invention.
  • FlG. 2 illustrates a method in which a service server of a specific domain transmits a transmission message to a trust bridge of an external domain in a heterogeneous federated environment.
  • the specific domain and the external domain exchange their security information and protocol information with each other (S200).
  • a service server of the specific domain receives the original message information, which is input by a user, and external domain information regarding an external domain to which a transmission message is to be transmitted, from a client via a user interface (S210).
  • the original message information is used to create the transmission message to be transmitted from the service server of the specific domain to a trust bridge of the external domain.
  • the service server of the specific domain creates the transmission message to be transmitted to the trust bridge of the external domain (S220).
  • the service server of the specific domain determines whether the transmission message created in operation S220 will be encrypted and transmitted (S230).
  • the service server After operation S240, the service server encrypts the transmission message using the security information detected in operation S240 (S250).
  • the service server transmits the encrypted transmission message to the trust bridge of the external domain (S260).
  • FlG. 3 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to another embodiment of the present invention.
  • FlG. 3 illustrates a method in which a service server of a specific domain transmits a transmission message to a trust bridge or a service server of an external domain via a trust bridge of the specific domain in the heterogeneous federated environment.
  • the specific domain and the external domain exchange their security information and protocol information with each other (S300).
  • the service server of the specific domain receives the original message information, which is input by a user, and external domain information from a client (S310). The original message information is used to create a transmission message to be transmitted from the specific domain to the trust bridge of the external domain. [72] Next, the service server of the specific domain creates the transmission message to be transmitted to the external domain (S320). The service server of the specific server inserts the external domain information into the created transmission message.
  • the service server of the specific domain supplies the created transmission message to the trust bridge of the external domain (S330).
  • the trust bridge of the specific domain detects protocol information of the external domain (S340). Operation S340 is performed by a protocol interpretation unit included in the trust bridge of the specific domain.
  • the trust bridge of the specific domain interprets the transmission message created in operation S320, using the protocol information of the external domain detected in operation S340 (S350).
  • the trust bridge of the specific domain determines whether the transmission message interpreted in operation S350 is to be encrypted and transmitted (S360).
  • operation S360 If it is determined in operation S360 that the interpreted transmission message is to be transmitted without being encrypted, the method proceeds to operation S395, and the trust bridge of the specific domain transmits the interpreted transmission message to the trust bridge or the service server of the external domain (S395). If it is determined in operation S360 that the interpreted transmission message is to be transmitted in an encrypted form, the method proceeds to operation S370, and the trust bridge of the specific domain detects security information of the external domain (S370). Operation S370 is performed by a trust management unit included in the trust bridge of the specific domain.
  • the trust bridge of the specific domain encrypts the interpreted transmission message, using the security information of the external domain detected in operation S370 (S380).
  • the trust bridge of the specific domain transmits the encrypted transmission message to the trust bridge or the service server of the external domain (S390).
  • FlG. 4 is a flowchart illustrating a method of providing a service by using a message received in a heterogeneous federated environment according to an embodiment of the present invention.
  • FlG. 4 illustrates a method in which a trust bridge of a specific domain receives a transmission message from a service server or a trust bridge of an external domain, and a service server of the specific domain provides a corresponding service by using the transmission message in a heterogeneous federated environment.
  • the trust bridge of the specific domain receives the transmission message from the external domain (S400).
  • the trust bridge of the specific domain receives the transmission message from the trust bridge or the service server of the external domain.
  • the trust bridge of the specific domain determines whether the transmission message has been encrypted (S410).
  • the trust bridge of the specific domain decrypts the transmission message by using security information of the specific domain (S415) and performs operation S420. If it is determined in operation S410 that the transmission message is not encrypted, the trust bridge of the specific domain performs operation S420 without decrypting the transmission message.
  • the trust bridge of the specific domain extracts protocol information from the transmission message (S420).
  • the trust bridge of the specific domain determines whether the protocol information extracted in operation S420 is the same as protocol information of the specific domain (S430). Operation S430 is performed by a protocol interpretation unit included in the trust bridge of the specific domain.
  • the protocol interpretation unit supplies the transmission message to the service server of the specific domain (S450).
  • the service server of the specific domain analyzes the transmission message received in operation S450 and provides a service according to the analysis result (S460).
  • FlG. 5 is a flowchart illustrating a method of providing a service by using a received message in a heterogeneous federated environment according to another embodiment of the present invention.
  • FlG. 5 illustrates a method in which a service server of a specific domain receives a transmission message directly via a service server or a trust bridge of an external domain and provides a corresponding service by using the transmission message in the heterogeneous federated environment.
  • the service server of the specific domain receives the transmission message from the external domain (S500). More specifically, the service server of the specific domain receives the transmission message directly via the trust bridge of the external domain, not a trust bridge of the specific domain.
  • the service server of the specific domain determines whether the transmission message received in operation S500 is encrypted (S510).
  • the service server of the specific domain decrypts the transmission message by using security information of the specific domain (S515) and performs operation S520.
  • the service server of the specific domain analyzes the transmission message and provides a service according to analysis result (S520).
  • a method of transmitting a message in a heterogeneous federated environment in which a domain and an external domain exchange their security information and/or protocol information with each other comprising (a) a service server of the domain creating a transmission message to be transmitted to the external domain, and transmitting the transmission message to a trust bridge which is constructed separately in the domain; (b) the trust bridge detecting protocol information of the external domain; (c) the trust bridge interpreting the transmission message by using the detected protocol information; and (d) the trust bridge transmitting the interpreted transmission message to the external domain.
  • the present invention can be embodied as computer readable code on a computer readable medium.
  • the computer readable medium may be any recording apparatus capable of storing data that is read by a computer system, e.g., read-only memory (ROM), random access memory (RAM), compact disc (CD)-ROM, magnetic tapes, floppy disks, optical data storage devices, and so on.
  • the computer readable medium may be a carrier wave that transmits data via the Internet, for example.
  • the computer readable medium can be distributed among computer systems that are interconnected through a network, and the present invention may be stored and implemented as a computer readable code in the distributed system.
  • a method and apparatus for transmitting a message in a heterogeneous federated environment and a method and apparatus for providing a service by using the message, according to the present invention, has the following advantages.
  • service servers in different domains in the heterogeneous federated environment can interpret security information and/or protocol information via at least a trust bridge for message compatibility.
  • a trust bridge that interprets security information and/or protocol information in the heterogeneous federated environment for message compatibility is used to exchange services between different domains. Also, management of the trust relationship is simplified since a trust relationship between domains is not managed by service servers of each domain but by the trust bridges of each domain that are constructed separately from the service server.

Abstract

Provided are a method and apparatus for transmitting a message in a heterogeneous federated environment, and a method and apparatus for providing a service by using the message. In the message transmission method, in a heterogeneous federated environment a domain and an external domain exchange their security information and/or protocol information with each other, a service server of the domain creates a transmission message to be transmitted to the external domain, and transmits the transmission message to a trust bridge which is constructed separately in the domain; the trust bridge detects protocol information of the external domain; the trust bridge interprets the transmission message by using the detected protocol information; and the trust bridge transmits the interpreted transmission message to the external domain. Accordingly, two service servers in different domains can interpret security information and/or protocol information via at least a trust bridge, thereby realizing message compatibility.

Description

Description
METHOD AND APPARATUS FOR TRANSMITTING MESSAGE
IN HETEROGENEOUS FEDERATED ENVIRONMENT, AND
METHOD AND APPARATUS FOR PROVIDING SERVICE
USING THE MESSAGE
Technical Field
[1] The present invention relates to a method and apparatus for transmitting a message in a heterogeneous federated environment and a method and apparatus for providing a service using the message, and more particularly, to a service providing method and apparatus in a heterogeneous federated environment, in which two service servers in different domains interpret security information and/or protocol information of a message to be transmitted via at least one trust bridge, and provide a service according to the interpretation result.
Background Art
[2] Various techniques have been introduced to reduce authentication burdens between a user and a computer device administrator. These techniques are generally referred to as 'single sign-on (SSO)' processes because they have a common purpose: after a user has completed a sign-on operation, i.e., the user has been authenticated, the user is not subsequently needed to perform another authentication operation. The SSO processes are designed so that users need to complete an authentication process only once during a specific user session.
[3] SSO solutions have been successful when implemented within a given enterprise.
However, the more enterprises participating in electronic commerce marketplaces or other collaborative endeavors, the more barriers are set by a plurality of authentication processes or systems.
[4] Previous SSO solutions between enterprises have been limited to homogeneous environments in which there are pre-established business agreements between participating enterprises. Each individual enterprise knows how to create and interpret authentication assertions that can be understood by other enterprises that have exchanged similar agreements, such as enterprises within an electronic commerce marketplace. The homogeneous environments are tightly coupled since there is a deterministic relationship disclosed by enterprises mapping the identity of users over the system.
[5] Enterprises participating in the SSO solutions may cooperate within homogeneous environments by using previous SSO solutions. However, in an external federated domain using a different security policy or a different federated protocol, the enterprises must establish a trust relationship, and create and interpret an understandable federated protocol message so as to cooperate with servers in the domain. If a plurality of devices have the trust relationship, there is a need for a method and apparatus for providing a solution to complicated mapping between different federated protocols.
[6] A method of operating federated domains together in a federated environment is disclosed in Korean Patent Application No. 10-2005-7008492, entitled 'Method and System for Native Authentication Protocols in a Heterogeneous Federated Environment', and International Patent Application No. PCT/EP2003/014852, entitled 'Method and System for Authentication in a Heterogeneous Federated Environment, i.e., Single Sign on in Federated Domains'. In this case, a server within a domain relies upon a trust proxy and manages trust relationships between domains. The trust proxy creates and interprets authentication assertions. The trust proxy may have a trust relationship with a trust arbiter and rely upon the trust arbiter for assistance in interpreting the authentication assertions.
[7] However, this method is focused on the exchange of authentication assertions, and particularly, establishing of a dynamic trust relationship via the trust arbiter. Also, this method demonstrates that the trust proxy manages authentication information and creates authentication assertions, but does not disclose compatibility between federated protocols. Disclosure of Invention
Technical Problem
[8] The present invention provides a method and apparatus for transmitting a message in a heterogeneous federated environment having two service servers in different domains that can interpret security information and/or protocol information of a message to be transmitted via at least a trust bridge, and a method and apparatus for providing a service by using the message.
Technical Solution
[9] According to an aspect of the present invention, there is provided a method of transmitting a message in a heterogeneous federated environment in which a domain and an external domain exchange their security information and/or protocol information with each other, the method comprising (a) a service server of the domain creating a transmission message to be transmitted to the external domain, and transmitting the transmission message to a trust bridge which is constructed separately in the domain; (b) the trust bridge detecting protocol information of the external domain; (c) the trust bridge interpreting the transmission message by using the detected protocol information; and (d) the trust bridge transmitting the interpreted transmission message to the external domain.
[10] According to another aspect of the present invention, there is provided a method of providing a service in which a trust bridge of a domain receives a transmission message from an external domain and provides a service corresponding to the transmission message in a heterogeneous federated environment where the domain and the external domain exchange their security information and/or protocol information with each other, the method comprising (a) the trust bridge determining whether protocol information contained in the transmission message from the external domain is the same as the protocol information of the domain; (b) when it is determined in (a) that the two protocol information are not the same, detecting the protocol information of the domain; (c) interpreting the transmission message by using the detected protocol information; (d) supplying the interpreted transmission message to a service server of the domain; and (e) the service server analyzing the interpreted transmission message and providing a service according to the analysis result.
[11] According to another aspect of the present invention, there is provided a method of providing a service in which a service server of a domain receives a transmission message from an external domain and provides a service corresponding to the message in a heterogeneous federated environment where the domain and the external domain exchange their security information and/or protocol information with each other, the method comprising (a) the service server of the domain determining whether the transmission message from the external domain is encrypted; (b) if it is determined in (a) that the transmission message is encrypted, decrypting the transmission message by using the security information of the domain; and (c) analyzing the decrypted transmission message and providing a service according to the analysis result.
[12] According to another aspect of the present invention, there is provided an apparatus for transmitting a message in a heterogeneous federated environment, the apparatus comprising a storage unit storing protocol information of an external domain in the heterogeneous federated environment; a service server creating a message to be transmitted to the external domain, using protocol information stored in the service server; and a trust bridge receiving the message from the service server, loading the protocol information of the external domain from the storage unit, interpreting the received message by using the protocol information of the external domain, and transmitting the interpreted message to the external domain.
[13] According to another aspect of the present invention, there is provided an apparatus for providing a service by using a message received in a heterogeneous federated environment, the apparatus comprising a storage unit storing protocol information; a trust bridge interpreting a transmission message received from an external domain in a heterogeneous federated environment, using the protocol information loaded from the storage unit; and a service server receiving the interpreted transmission message from the trust bridge, analyzing the interpreted transmission message, and providing a service according to the analysis result.
Advantageous Effects
[14] Accordingly, two service servers in different domains can interpret security information and/or protocol information via at least a trust bridge, thereby realizing message compatibility.
Description of Drawings
[15] FlG. 1 is a block diagram of a system including an apparatus that transmits a message in a heterogeneous federated environment and an apparatus that provides a service using the message, according to an embodiment of the present invention;
[16] FlG. 2 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to an embodiment of the present invention;
[17] FlG. 3 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to another embodiment of the present invention;
[18] FlG. 4 is a flowchart illustrating a method of providing a service using a message received in a heterogeneous federated environment according to an embodiment of the present invention; and
[19] FlG. 5 is a flowchart illustrating a method of providing a service using a message received in a heterogeneous federated environment according to another embodiment of the present invention.
Best Mode
[20] A method of transmitting a message in a heterogeneous federated environment in which a domain and an external domain exchange their security information and/or protocol information with each other, the method comprising:
[21] (a) a service server of the domain creating a transmission message to be transmitted to the external domain, and transmitting the transmission message to a trust bridge which is constructed separately in the domain;
[22] (b) the trust bridge detecting protocol information of the external domain;
[23] (c) the trust bridge interpreting the transmission message by using the detected protocol information; and
[24] (d) the trust bridge transmitting the interpreted transmission message to the external domain.
Mode for Invention
[25] FlG. 1 is a block diagram of a system including an apparatus that transmits a message in a heterogeneous federated environment, and an apparatus that provides a service using the message, according to an embodiment of the present invention. Referring to FlG. 1, the system includes a first domain 100, a client 120, and a second domain 140.
[26] It is assumed that the first and second domains 100 and 140 are located in a heterogeneous federated environment where different security policies or protocols are present. In the heterogeneous federated environment, a trust relationship must be established between the first and second domains 100 and 140 to provide services from the first domain 100 to the second domain 140 or vice versa.
[27] The establishment of a trust relationship between the first and second domains 100 and 140 means that messages can be directly exchanged therebetween with guaranteed security by using encryption/decryption and protocol interpretation techniques, not via an additional constituent element.
[28] In this disclosure, the first domain 100 is a message transmitting apparatus that transmits a message to the second domain 140 in the heterogeneous federated environment, and the second domain 140 is a service providing apparatus that interprets the message received from the first domain 100 and provides a service corresponding to the interpretation result in the heterogeneous federated environment.
[29] The first domain 100 includes a storage unit 102, a service server 104, an interface unit 106, and a trust bridge 108. The trust bridge 108 includes a protocol interpreter 109 and a trust management unit 110.
[30] The storage unit 102 stores protocol information and security information of the first domain 100, and protocol information and security information of the second domain 140.
[31] The service server 104 and the service server 144 are final objects that respectively exchange messages indirectly with the first and second domains 100 and 140. That is, the first domain 100 transmits messages to the trust bridge 148 of the second domain 140 via the service server 104 or to the service server 144 of the second domain 140 via the trust bridge 108. Of course, the second domain 140 may transmit messages to the trust bridge 108 of the first domain 100 via the service server 144, or to the trust bridge 108 or the service server 104 of the first domain 100 via the trust bridge 148.
[32] The interface unit 106 receives the original message information, which is input by a user, and second domain information from the client 120. The original message information is used to create a transmission message to be transmitted from the first domain 100 to the second domain 140, and the second domain information is information regarding an external domain to which the created message is to be transmitted.
[33] The service server 104 creates a transmission message to be transmitted, based on the original message information received via the interface unit 106. Then, the service server 104 supplies the created transmission message and the second domain in- formation to the trust bridge 108. Alternatively, the service server 104 may deliver the transmission message directly to the trust bridge 148 of the second domain 140 (S 120).
[34] If the transmission message is transmitted directly to the second domain 140 from the service server 104 of the first domain 100 (S 120), the trust bridge 148 of the second domain 140 transforms the received transmission message into information that can be understood by the service server 144 of the second domain 140, using the protocol information and/or security information, and the service server 144 interprets the transformed information and provides a service corresponding to the interpretation result.
[35] Hereinafter, a case where the first domain 100 transmits the transmission message and the second domain information to the second domain 140 via the trust bridge 108 in the heterogeneous federated environment (SlOO), will now be described in greater detail.
[36] The protocol interpreter 109 of the trust bridge 108 loads the protocol information of the second domain 140 from storage unit 102 based on the received second domain information, and interprets the transmission message based on the protocol information of the second domain 140.
[37] The trust management unit 110 of the trust bridge 108 determines whether the transmission message interpreted by the protocol interpretation unit 109 will be encrypted and transmitted.
[38] If the trust management unit 110 determines that the interpreted transmission message will be encrypted and transmitted, the storage unit 102 loads the security information of the second domain 140, and encrypts the interpreted transmission message using the loaded security information.
[39] The trust bridge 108 transmits the interpreted transmission message encrypted by the trust management unit 110 to the second domain 140 via a wire/wireless network. The trust bridge 110 may transmit the encrypted transmission message to the service server 144 of the second domain 140 (S 140) or to the trust bridge 148 of the second domain 140 (S 160).
[40] If the trust management unit 110 determines that the interpreted transmission message is to be transmitted without being encrypted, the trust bridge 108 transmits the transmission message to the second domain 140 via the wire/wireless network. Here, the trust bridge 108 may transmit the transmission message directly to the service server 144 of second domain 140 (S 140) or to the trust bridge 148 of the second domain 140 (S 160).
[41] The first domain 100 that transmits a transmission message to an external domain, such as the second domain 140 of FlG. 1, in the heterogeneous federated environment has been described. [42] Now, the second domain 140 that receives transmission information from an external domain, such as the first domain 100 of FlG. 1, and provides a service corresponding to the transmission information in the heterogeneous federated environment will be described.
[43] The second domain 140 includes a storage unit 142, the service server 144, an interface unit 146, and the trust bridge 148. The trust bridge 148 includes a protocol interpretation unit 149 and a trust management unit 150.
[44] The storage unit 142 stores the protocol information and security information of the first domain 100 and the protocol information and security information of the second domain 140.
[45] The service server 104 and the service server 144 are final objects that exchange messages indirectly with the second and first domains 140 and 100, respectively. The service server 144 receives messages directly from the trust bridge 108 of the first domain 100 or via the trust bridge 148 of the second domain 140.
[46] A case where the service server 144 of the second domain 140 receives the transmission message directly from the trust bridge 108 of the first domain 100 via a wire/wireless network will be described.
[47] The service server 144 determines whether the transmission message from the trust bridge 108 is encrypted. If it is determined that the transmission message is encrypted, the service server 144 decrypts the transmission information using the security information of the second domain 140, analyzes the decrypted message, and provides a corresponding service. If not so, the service server 144 directly analyzes the transmission message and provides a corresponding service.
[48] Next, a case where the trust bridge 148 of the second domain 140 receives the transmission message from the service server 104 or the trust bridge 108 of the first domain 100 via a wire/wireless network and provides a corresponding service will be described.
[49] The trust management unit 150 of the trust bridge 148 determines whether the transmission message from the first domain 100 is encrypted. If it is determined that the transmission message is encrypted, the trust management unit 150 loads the security information of the second domain 140 from the storage unit 142 and decrypts the transmission message. If not so, the trust management unit 150 informs the trust bridge 148 that the transmission message is not encrypted.
[50] Also, the protocol interpretation unit 149 of the trust bridge 148 determines whether the protocol information contained in the transmission message received from the first domain 100 is the same as the protocol information of the second domain 140. This is accompanied by extracting and comparing the protocol information of the transmission message with the protocol information loaded from the storage unit 142 in order to determine whether they are the same.
[51] If it is determined that the two protocol information are not the same, the protocol interpretation unit 149 interprets the transmission message from the first domain 100 by using the protocol information of the second domain 140. Specifically, the protocol interpretation unit 149 loads the protocol information of the second domain 140 from the storage unit 142 and interprets the transmission message from the first domain 100. If it is determined that the two protocol information are the same, the protocol interpretation unit 149 informs the trust bridge 148 that the protocol information are the same.
[52] The trust bridge 148 transmits the received transmission message to the service server 144.
[53] The service server 144 analyzes the interpreted transmission message from the protocol interpretation unit 149 and provides a corresponding service.
[54] The interface unit 146 of the second domain 140 receives the original message information, which is input by a user, and first domain information from the client 120.
[55] The original message information is used to create a transmission message to be transmitted from the second domain 140 to the first domain 100, and the first domain information is information regarding an external domain regarding an external domain to which the created transmission message is to be transmitted.
[56] Similar to the first domain 100, the second domain 140 receives the original message information and the first domain information from the client 120 via the interface unit 146.
[57] In this disclosure, the first domain 100 is described as a device that transmits a message to the second domain 140 in the heterogeneous federated environment, and the second domain 140 is described as a device that analyzes the message from the first domain 100 and provides a corresponding service in the heterogeneous federated environment.
[58] However, the first domain 100 can not only transmit a message but also receive a transmission message from an external domain and provide a corresponding service. Also, the second domain 140 can not only provide a service but also receive the original message information and the information regarding the external domain from the client 120 via the interface unit 146 and transmit the transmission message to the external domain.
[59] FlG. 2 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to an embodiment of the present invention. In detail, FlG. 2 illustrates a method in which a service server of a specific domain transmits a transmission message to a trust bridge of an external domain in a heterogeneous federated environment. [60] Referring to FlG. 2, first, the specific domain and the external domain exchange their security information and protocol information with each other (S200).
[61] Next, a service server of the specific domain receives the original message information, which is input by a user, and external domain information regarding an external domain to which a transmission message is to be transmitted, from a client via a user interface (S210). The original message information is used to create the transmission message to be transmitted from the service server of the specific domain to a trust bridge of the external domain.
[62] Next, the service server of the specific domain creates the transmission message to be transmitted to the trust bridge of the external domain (S220).
[63] Next, the service server of the specific domain determines whether the transmission message created in operation S220 will be encrypted and transmitted (S230).
[64] If it is determined in operation S230 that the transmission message will be transmitted without being encrypted, the method proceeds to operation S265, and the service server of the specific domain transmits the transmission message to the trust bridge of the external domain (S265). If it is determined in operation S230 that the transmission message is to be encrypted and transmitted, the method proceeds to operation S240, and the service server of the specific domain detects security information of the external domain (S240).
[65] After operation S240, the service server encrypts the transmission message using the security information detected in operation S240 (S250).
[66] Next, the service server transmits the encrypted transmission message to the trust bridge of the external domain (S260).
[67] After operation S260 or S265 is performed, the method is terminated.
[68] Although not described here, the operation of the system of FlG. 1 is also applied to the method of FlG. 2.
[69] FlG. 3 is a flowchart illustrating a method of transmitting a message in a heterogeneous federated environment according to another embodiment of the present invention. In detail, FlG. 3 illustrates a method in which a service server of a specific domain transmits a transmission message to a trust bridge or a service server of an external domain via a trust bridge of the specific domain in the heterogeneous federated environment.
[70] Referring to FlG. 3, the specific domain and the external domain exchange their security information and protocol information with each other (S300).
[71] Next, the service server of the specific domain receives the original message information, which is input by a user, and external domain information from a client (S310). The original message information is used to create a transmission message to be transmitted from the specific domain to the trust bridge of the external domain. [72] Next, the service server of the specific domain creates the transmission message to be transmitted to the external domain (S320). The service server of the specific server inserts the external domain information into the created transmission message.
[73] Next, the service server of the specific domain supplies the created transmission message to the trust bridge of the external domain (S330).
[74] Next, the trust bridge of the specific domain detects protocol information of the external domain (S340). Operation S340 is performed by a protocol interpretation unit included in the trust bridge of the specific domain.
[75] Next, the trust bridge of the specific domain interprets the transmission message created in operation S320, using the protocol information of the external domain detected in operation S340 (S350).
[76] Next, the trust bridge of the specific domain determines whether the transmission message interpreted in operation S350 is to be encrypted and transmitted (S360).
[77] If it is determined in operation S360 that the interpreted transmission message is to be transmitted without being encrypted, the method proceeds to operation S395, and the trust bridge of the specific domain transmits the interpreted transmission message to the trust bridge or the service server of the external domain (S395). If it is determined in operation S360 that the interpreted transmission message is to be transmitted in an encrypted form, the method proceeds to operation S370, and the trust bridge of the specific domain detects security information of the external domain (S370). Operation S370 is performed by a trust management unit included in the trust bridge of the specific domain.
[78] After operation S370, the trust bridge of the specific domain encrypts the interpreted transmission message, using the security information of the external domain detected in operation S370 (S380).
[79] Next, the trust bridge of the specific domain transmits the encrypted transmission message to the trust bridge or the service server of the external domain (S390).
[80] After operations S390 or S395 is performed, the method is terminated.
[81] Although not described here, the operation of the system of FlG. 1 is also applied to the method of FlG. 3.
[82] FlG. 4 is a flowchart illustrating a method of providing a service by using a message received in a heterogeneous federated environment according to an embodiment of the present invention. In detail, FlG. 4 illustrates a method in which a trust bridge of a specific domain receives a transmission message from a service server or a trust bridge of an external domain, and a service server of the specific domain provides a corresponding service by using the transmission message in a heterogeneous federated environment.
[83] Referring to FlG. 4, first, the trust bridge of the specific domain receives the transmission message from the external domain (S400). In detail, the trust bridge of the specific domain receives the transmission message from the trust bridge or the service server of the external domain.
[84] Next, the trust bridge of the specific domain determines whether the transmission message has been encrypted (S410).
[85] If it is determined in operation S410 that the transmission message is encrypted, the trust bridge of the specific domain decrypts the transmission message by using security information of the specific domain (S415) and performs operation S420. If it is determined in operation S410 that the transmission message is not encrypted, the trust bridge of the specific domain performs operation S420 without decrypting the transmission message.
[86] Next, the trust bridge of the specific domain extracts protocol information from the transmission message (S420).
[87] Next, the trust bridge of the specific domain determines whether the protocol information extracted in operation S420 is the same as protocol information of the specific domain (S430). Operation S430 is performed by a protocol interpretation unit included in the trust bridge of the specific domain.
[88] If it is determined in operation S430 that the two protocol information are the same, the method proceeds to operation S450. If not so, the trust bridge of the specific domain interprets the transmission message by using the protocol information of the specific domain (S440) and performs operation S450.
[89] Next, the protocol interpretation unit supplies the transmission message to the service server of the specific domain (S450).
[90] Next, the service server of the specific domain analyzes the transmission message received in operation S450 and provides a service according to the analysis result (S460).
[91] After operation S460 is performed, the method is terminated.
[92] FlG. 5 is a flowchart illustrating a method of providing a service by using a received message in a heterogeneous federated environment according to another embodiment of the present invention. In detail, FlG. 5 illustrates a method in which a service server of a specific domain receives a transmission message directly via a service server or a trust bridge of an external domain and provides a corresponding service by using the transmission message in the heterogeneous federated environment.
[93] Referring to FlG. 5, first, the service server of the specific domain receives the transmission message from the external domain (S500). More specifically, the service server of the specific domain receives the transmission message directly via the trust bridge of the external domain, not a trust bridge of the specific domain.
[94] Next, the service server of the specific domain determines whether the transmission message received in operation S500 is encrypted (S510).
[95] If it is determined in is operation S510 that the transmission message is encrypted, the service server of the specific domain decrypts the transmission message by using security information of the specific domain (S515) and performs operation S520.
[96] If it is determined in is operation S510 that the transmission message is not encrypted, the service server performs operation S520.
[97] Next, the service server of the specific domain analyzes the transmission message and provides a service according to analysis result (S520).
[98] After operation S520 is performed, the method is terminated.
Industrial Applicability
[99] According to an aspect of the present invention, there is provided a method of transmitting a message in a heterogeneous federated environment in which a domain and an external domain exchange their security information and/or protocol information with each other, the method comprising (a) a service server of the domain creating a transmission message to be transmitted to the external domain, and transmitting the transmission message to a trust bridge which is constructed separately in the domain; (b) the trust bridge detecting protocol information of the external domain; (c) the trust bridge interpreting the transmission message by using the detected protocol information; and (d) the trust bridge transmitting the interpreted transmission message to the external domain.
[100] The present invention can be embodied as computer readable code on a computer readable medium. Here, the computer readable medium may be any recording apparatus capable of storing data that is read by a computer system, e.g., read-only memory (ROM), random access memory (RAM), compact disc (CD)-ROM, magnetic tapes, floppy disks, optical data storage devices, and so on. Also, the computer readable medium may be a carrier wave that transmits data via the Internet, for example. The computer readable medium can be distributed among computer systems that are interconnected through a network, and the present invention may be stored and implemented as a computer readable code in the distributed system.
[101] A method and apparatus for transmitting a message in a heterogeneous federated environment and a method and apparatus for providing a service by using the message, according to the present invention, has the following advantages.
[102] First, service servers in different domains in the heterogeneous federated environment can interpret security information and/or protocol information via at least a trust bridge for message compatibility.
[103] Second, a trust bridge that interprets security information and/or protocol information in the heterogeneous federated environment for message compatibility is used to exchange services between different domains. Also, management of the trust relationship is simplified since a trust relationship between domains is not managed by service servers of each domain but by the trust bridges of each domain that are constructed separately from the service server. While this invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

Claims
[ 1 ] L A method of transmitting a message in a heterogeneous federated environment in which a domain and an external domain exchange their security information and/or protocol information with each other, the method comprising:
(a) a service server of the domain creating a transmission message to be transmitted to the external domain, and transmitting the transmission message to a trust bridge which is constructed separately in the domain;
(b) the trust bridge detecting protocol information of the external domain;
(c) the trust bridge interpreting the transmission message by using the detected protocol information; and
(d) the trust bridge transmitting the interpreted transmission message to the external domain.
[2] 2. The method of claim 1, between (c) and (d), further comprising: the trust bridge detecting security information of the external domain; and the trust bridge encrypting the interpreted message with the security information of the external domain, wherein during (d), the trust bridge transmits the encrypted transmission message to the external domain.
[3] 3. A method of providing a service in which a trust bridge of a domain receives a transmission message from an external domain and provides a service corresponding to the transmission message in a heterogeneous federated environment where the domain and the external domain exchange their security information and/or protocol information with each other, the method comprising:
(a) the trust bridge determining whether protocol information contained in the transmission message from the external domain is the same as the protocol information of the domain;
(b) when it is determined in (a) that the two protocol information are not the same, detecting the protocol information of the domain;
(c) interpreting the transmission message by using the detected protocol information;
(d) supplying the interpreted transmission message to a service server of the domain; and
(e) the service server analyzing the interpreted transmission message and providing a service according to the analysis result.
[4] 4. The method of claim 3, before (a), further comprising: the trust bridge determining whether the transmission message received from the external domain is encrypted; and if it is determined that the transmission message is encrypted, the trust bridge decrypting the transmission message by using the security information of the domain.
[5] 5. The method of claim 4, further comprising:
(b1) if it is determined in (a) that the two protocol information are the same, the trust bridge supplying the transmission message received from the external domain to the service server of the domain; and
(c1) the service server analyzing the transmission message and providing a service according to the analysis result.
[6] 6. A method of providing a service in which a service server of a domain receives a transmission message from an external domain and provides a service corresponding to the message in a heterogeneous federated environment where the domain and the external domain exchange their security information and/or protocol information with each other, the method comprising:
(a) the service server of the domain determining whether the transmission message from the external domain is encrypted;
(b) if it is determined in (a) that the transmission message is encrypted, decrypting the transmission message by using the security information of the domain; and
(c) analyzing the decrypted transmission message and providing a service according to the analysis result.
[7] 7. The method of claim 6, further comprising (b1) analyzing the transmission message from the external domain and providing a service according to the analysis result when it is determined in (a) that the transmission message is not encrypted.
[8] 8. An apparatus for transmitting a message in a heterogeneous federated environment, comprising: a storage unit storing protocol information of an external domain in the heterogeneous federated environment; a service server creating a message to be transmitted to the external domain, using protocol information stored in the service server; and a trust bridge receiving the message from the service server, loading the protocol information of the external domain from the storage unit, interpreting the received message by using the protocol information of the external domain, and transmitting the interpreted message to the external domain.
[9] 9. The apparatus of claim 8, further comprising an interface unit receiving information input by a user from a client and transmitting the received information to the service server, the received information being used to create the message to be transmitted to the external domain.
[10] 10. The apparatus of claim 8, wherein the storage unit further stores security information of the external domain in the heterogeneous federated environment.
[11] 11. The apparatus of claim 10, wherein the trust bridge further loads the security information of the external domain from the storage unit, encrypts the interpreted transmission message, and transmits the encrypted transmission message to the external domain.
[12] 12. An apparatus for providing a service by using a message received in a heterogeneous federated environment, comprising: a storage unit storing protocol information; a trust bridge interpreting a transmission message received from an external domain in a heterogeneous federated environment, using the protocol information loaded from the storage unit; and a service server receiving the interpreted transmission message from the trust bridge, analyzing the interpreted transmission message, and providing a service according to the analysis result.
[13] 13. The apparatus of claim 12, wherein the storage unit further stores security information.
[14] 14. The apparatus of claim 13, wherein the trust bridge further determines whether the transmission message from the external domain is encrypted by using the security information, loads the security information when it is determined that the transmission message is encrypted by using the security information, decrypts the transmission message, and interprets the decrypted transmission message by using the protocol information.
PCT/KR2006/005153 2005-12-01 2006-12-01 Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message WO2007064171A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2005-0116592 2005-12-01
KR1020050116592A KR20070096072A (en) 2005-12-01 2005-12-01 Method and apparatus for transmitting of message in a heterogeneous federated environment and method and apparatus for providing service using therefor

Publications (1)

Publication Number Publication Date
WO2007064171A1 true WO2007064171A1 (en) 2007-06-07

Family

ID=38092461

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/005153 WO2007064171A1 (en) 2005-12-01 2006-12-01 Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message

Country Status (2)

Country Link
KR (1) KR20070096072A (en)
WO (1) WO2007064171A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0555997A2 (en) * 1992-02-10 1993-08-18 AT&T Corp. Apparatus and methods for implementing protocols
WO2004059415A2 (en) * 2002-12-31 2004-07-15 International Business Machines Corporation Method and system for authentification in a heterogeneous federated environment, i.e. single sign on in federated domains

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0555997A2 (en) * 1992-02-10 1993-08-18 AT&T Corp. Apparatus and methods for implementing protocols
WO2004059415A2 (en) * 2002-12-31 2004-07-15 International Business Machines Corporation Method and system for authentification in a heterogeneous federated environment, i.e. single sign on in federated domains

Also Published As

Publication number Publication date
KR20070096072A (en) 2007-10-02

Similar Documents

Publication Publication Date Title
US20100191954A1 (en) Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message
US10554420B2 (en) Wireless connections to a wireless access point
JP5978759B2 (en) Service request apparatus, service providing system, service request method, and service request program
US11134069B2 (en) Method for authorizing access and apparatus using the method
TW480862B (en) Dynamic connection to multiple origin servers in a transcoding proxy
EP0940960A1 (en) Authentication between servers
US20030070069A1 (en) Authentication module for an enterprise access management system
JP2020080530A (en) Data processing method, device, terminal, and access point computer
CN109936529B (en) Method, device and system for secure communication
CN111740966B (en) Data processing method based on block chain network and related equipment
US20090158035A1 (en) Public Key Encryption For Web Browsers
WO2019178942A1 (en) Method and system for performing ssl handshake
US20030016819A1 (en) Secure socket layer (SSL) load generation with handshake replay
US20170070486A1 (en) Server public key pinning by url
CN111131416A (en) Business service providing method and device, storage medium and electronic device
US20080306875A1 (en) Method and system for secure network connection
CN105871805A (en) Anti-stealing-link method and device
TW201926943A (en) Data transmission method and system
JP2000036809A (en) Method for simply authenticating user and record medium with its program stored therein
CN113992427B (en) Data encryption sending method and device based on adjacent nodes
CN108989302B (en) OPC proxy connection system and connection method based on secret key
US7640580B1 (en) Method and apparatus for accessing a computer behind a firewall
WO2007064171A1 (en) Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message
KR100243657B1 (en) Method for maintaining security in information retrievals
CN117294540B (en) Method, device and system for acquiring private data across chains based on role authorization

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06823861

Country of ref document: EP

Kind code of ref document: A1