ATE370458T1 - Verfahren und system zur web-basierten cross- domain berechtigung mit einmaliger anmeldung - Google Patents

Verfahren und system zur web-basierten cross- domain berechtigung mit einmaliger anmeldung

Info

Publication number
ATE370458T1
ATE370458T1 AT01980520T AT01980520T ATE370458T1 AT E370458 T1 ATE370458 T1 AT E370458T1 AT 01980520 T AT01980520 T AT 01980520T AT 01980520 T AT01980520 T AT 01980520T AT E370458 T1 ATE370458 T1 AT E370458T1
Authority
AT
Austria
Prior art keywords
domain
token
user
introductory
new
Prior art date
Application number
AT01980520T
Other languages
English (en)
Inventor
Heather Hinton
David Winters
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Application granted granted Critical
Publication of ATE370458T1 publication Critical patent/ATE370458T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1012Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to domains
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2131Lost password, e.g. recovery of lost or forgotten passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Preliminary Treatment Of Fibers (AREA)
  • Aiming, Guidance, Guns With A Light Source, Armor, Camouflage, And Targets (AREA)
  • Computer And Data Communications (AREA)
  • Chemical Or Physical Treatment Of Fibers (AREA)
  • General Factory Administration (AREA)
AT01980520T 2000-11-09 2001-10-25 Verfahren und system zur web-basierten cross- domain berechtigung mit einmaliger anmeldung ATE370458T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US71092600A 2000-11-09 2000-11-09

Publications (1)

Publication Number Publication Date
ATE370458T1 true ATE370458T1 (de) 2007-09-15

Family

ID=24856086

Family Applications (1)

Application Number Title Priority Date Filing Date
AT01980520T ATE370458T1 (de) 2000-11-09 2001-10-25 Verfahren und system zur web-basierten cross- domain berechtigung mit einmaliger anmeldung

Country Status (7)

Country Link
EP (1) EP1368722B1 (de)
KR (1) KR100702421B1 (de)
AT (1) ATE370458T1 (de)
AU (1) AU2002212345A1 (de)
DE (1) DE60130037T2 (de)
TW (1) TW528957B (de)
WO (1) WO2002039237A2 (de)

Families Citing this family (72)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030135734A1 (en) * 2002-01-14 2003-07-17 Fagan Robert H. Secure mutual authentication system
NO318842B1 (no) * 2002-03-18 2005-05-09 Telenor Asa Autentisering og tilgangskontroll
US20040002878A1 (en) * 2002-06-28 2004-01-01 International Business Machines Corporation Method and system for user-determined authentication in a federated environment
US7770212B2 (en) * 2002-08-15 2010-08-03 Activcard System and method for privilege delegation and control
WO2004017592A1 (en) 2002-08-19 2004-02-26 Research In Motion Limited System and method for secure control of resources of wireless mobile communication device
US8825928B2 (en) 2002-10-17 2014-09-02 Vodafone Group Plc Facilitating and authenticating transactions through the use of a dongle interfacing a security card and a data processing apparatus
US8561161B2 (en) * 2002-12-31 2013-10-15 International Business Machines Corporation Method and system for authentication in a heterogeneous federated environment
US20040128542A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for native authentication protocols in a heterogeneous federated environment
US7536714B2 (en) 2003-07-11 2009-05-19 Computer Associates Think, Inc. System and method for synchronizing login processes
US7395424B2 (en) 2003-07-17 2008-07-01 International Business Machines Corporation Method and system for stepping up to certificate-based authentication without breaking an existing SSL session
JP4701172B2 (ja) * 2003-07-29 2011-06-15 トムソン ライセンシング リダイレクトを使用してネットワークへのアクセスを制御するシステム及び方法
GB2406925B (en) 2003-10-09 2007-01-03 Vodafone Plc Facilitating and authenticating transactions
CN101032142B (zh) * 2003-12-29 2011-05-18 艾利森电话股份有限公司 通过接入网单一登录访问服务网络的装置和方法
DE10361840A1 (de) * 2003-12-30 2005-08-04 Net&Works Netzwerke Und Service Gmbh Verfahren zum Single sign-On an webbasierten Anwendungen über ein gemeinsames Auswahlmenü
EP1721459A4 (de) 2004-02-10 2013-07-31 Thomson Licensing Speicherung von parametersätzen der erweiterten videocodierung (avc) im avc-dateiformat
KR100661737B1 (ko) * 2004-08-05 2006-12-27 주식회사 네비웨이 이동통신 단말기를 이용한 도청 및 몰래 카메라 탐지장치
EP1641208B1 (de) * 2004-09-22 2011-11-09 Research In Motion Limited Vorrichtung und Verfahren zum Integrieren Authentisierungsprotokolle in den Aufbau von Verbindungen zwischen Rechnergeräten
US7469291B2 (en) 2004-09-22 2008-12-23 Research In Motion Limited Apparatus and method for integrating authentication protocols in the establishment of connections between computing devices
KR20060063348A (ko) * 2004-12-07 2006-06-12 한국전자통신연구원 인터넷에서 인증 assertion을 이용한 접속시간제어 방법
US8351419B2 (en) 2005-01-19 2013-01-08 Qualcomm Iskoot, Inc. Local access to a mobile network
US8856359B2 (en) 2005-06-29 2014-10-07 Qualcomm Connected Experiences, Inc. Caller-callee association of a plurality of networked devices
US8756328B2 (en) 2005-01-19 2014-06-17 Qualcomm Connected Experiences, Inc. Caller-callee association of a plurality of networked devices with direct dial through thin client
US7631346B2 (en) 2005-04-01 2009-12-08 International Business Machines Corporation Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment
EP1891821A2 (de) * 2005-06-15 2008-02-27 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Verfahren und vorrichtung zur bereitstellung eines telekommunikationsdienstes
US8245270B2 (en) 2005-09-01 2012-08-14 Microsoft Corporation Resource based dynamic security authorization
WO2007047798A1 (en) * 2005-10-21 2007-04-26 Sensis Corporation Method and apparatus for providing secure access control for protected information
KR100759800B1 (ko) * 2005-12-01 2007-09-20 한국전자통신연구원 이종 연방 환경에서 메시지 전송 방법 및 장치와 이를이용한 서비스 제공 방법 및 장치
FI20065288L (fi) * 2006-05-03 2007-11-04 Emillion Oy Autentikointi
US8799639B2 (en) 2006-07-25 2014-08-05 Intuit Inc. Method and apparatus for converting authentication-tokens to facilitate interactions between applications
US8458775B2 (en) 2006-08-11 2013-06-04 Microsoft Corporation Multiuser web service sign-in client side components
JP2008052371A (ja) 2006-08-22 2008-03-06 Fujitsu Ltd アウトバンド認証を伴うネットワークシステム
GB0621684D0 (en) 2006-10-31 2006-12-06 British Telecomm Secure access
US8391848B2 (en) 2007-06-07 2013-03-05 Qualcomm Iskoot, Inc. Telecommunication call support for mobile devices with presence features
US10019570B2 (en) 2007-06-14 2018-07-10 Microsoft Technology Licensing, Llc Protection and communication abstractions for web browsers
US9379895B2 (en) 2008-07-24 2016-06-28 Zscaler, Inc. HTTP authentication and authorization management
US8656462B2 (en) * 2008-07-24 2014-02-18 Zscaler, Inc. HTTP authentication and authorization management
US8495719B2 (en) 2008-10-02 2013-07-23 International Business Machines Corporation Cross-domain access prevention
KR101039975B1 (ko) * 2009-02-18 2011-06-09 성균관대학교산학협력단 교차도메인 상에서의 정보전송 추적 방법 및 이를 위한 통신 시스템
KR101044125B1 (ko) * 2009-02-27 2011-06-24 주식회사 케이티 인터페이스 서버의 사용자 단말 인증 방법과 그 인터페이스 서버 및 사용자 단말
KR101094577B1 (ko) 2009-02-27 2011-12-19 주식회사 케이티 인터페이스 서버의 사용자 단말 인증 방법과 그 인터페이스 서버 및 사용자 단말
CN101572888B (zh) * 2009-06-18 2012-03-28 浙江大学 移动终端中多服务引擎交叉验证方法
CN101695164A (zh) * 2009-09-28 2010-04-14 华为技术有限公司 一种控制资源访问的校验方法、装置和系统
EP2339492A1 (de) 2009-12-10 2011-06-29 Schneider Electric Buildings AB Authentifizierung in einem Gebäudeüberwachungssystem
DE102010052324A1 (de) * 2010-11-25 2012-05-31 Ps4B-Professional Solutions For Business Gmbh Verfahren und Vorrichtung zur Verhinderung eines unberechtigte Erspähens von Zugangsdaten
CN102546570B (zh) * 2010-12-31 2014-12-24 国际商业机器公司 用于单点登录的处理方法和系统
WO2012106726A1 (en) 2011-02-04 2012-08-09 Nextplane Method and system for federation of proxy-based and proxy-free communications systems
US9716619B2 (en) 2011-03-31 2017-07-25 NextPlane, Inc. System and method of processing media traffic for a hub-based system federating disparate unified communications systems
US9077726B2 (en) 2011-03-31 2015-07-07 NextPlane, Inc. Hub based clearing house for interoperability of distinct unified communication systems
US9203799B2 (en) 2011-03-31 2015-12-01 NextPlane, Inc. Method and system for advanced alias domain routing
DE102011111698A1 (de) * 2011-08-24 2013-02-28 Fujitsu Technology Solutions Intellectual Property Gmbh Verfahren zum Log-in an einem Computersystem sowie Computerprogramm zum Ablauf auf einem Computersystem
US8898765B2 (en) 2012-02-15 2014-11-25 Oracle International Corporation Signing off from multiple domains accessible using single sign-on
CN103546432B (zh) 2012-07-12 2015-12-16 腾讯科技(深圳)有限公司 实现跨域跳转的方法和系统以及浏览器、域名服务器
US9053304B2 (en) * 2012-07-13 2015-06-09 Securekey Technologies Inc. Methods and systems for using derived credentials to authenticate a device across multiple platforms
CN103581120B (zh) * 2012-07-24 2018-04-20 阿里巴巴集团控股有限公司 一种识别用户风险的方法和装置
US8769651B2 (en) 2012-09-19 2014-07-01 Secureauth Corporation Mobile multifactor single-sign-on authentication
US9210145B2 (en) 2012-10-02 2015-12-08 Blackberry Limited Method and system for hypertext transfer protocol digest authentication
US9705840B2 (en) * 2013-06-03 2017-07-11 NextPlane, Inc. Automation platform for hub-based system federating disparate unified communications systems
US9819636B2 (en) 2013-06-10 2017-11-14 NextPlane, Inc. User directory system for a hub-based system federating disparate unified communications systems
CN103634316A (zh) * 2013-11-26 2014-03-12 乐视网信息技术(北京)股份有限公司 一种账号登录方法及电子设备
US10129243B2 (en) 2013-12-27 2018-11-13 Avaya Inc. Controlling access to traversal using relays around network address translation (TURN) servers using trusted single-use credentials
US9781097B2 (en) 2014-02-18 2017-10-03 Secureauth Corporation Device fingerprint updating for single sign on authentication
US9386006B1 (en) * 2015-03-02 2016-07-05 Citrix Systems, Inc. Authentication mechanism for domain redirection of a representational state transfer (REST)-compliant client
US9485244B2 (en) 2015-03-02 2016-11-01 Citrix Systems, Inc. Executing an operation over file repositories located in different authentication domains using a representational state transfer (REST)-compliant client
CN107196892B (zh) 2016-03-15 2020-03-06 阿里巴巴集团控股有限公司 一种网站登录方法和装置
CN107359996B (zh) * 2016-05-09 2020-05-05 阿里巴巴集团控股有限公司 多网站间的自动登录方法及装置
CN108989276B (zh) * 2018-03-27 2021-09-28 深圳市小赢信息技术有限责任公司 一种系统间安全伪登陆方法
US11159511B1 (en) 2019-01-10 2021-10-26 Microstrategy Incorporated Authentication protocol management
US11323431B2 (en) 2019-01-31 2022-05-03 Citrix Systems, Inc. Secure sign-on using personal authentication tag
CN112688773A (zh) * 2019-10-17 2021-04-20 浙江大搜车软件技术有限公司 一种令牌的生成和校验方法及装置
CN112333198B (zh) * 2020-11-17 2023-09-05 中国银联股份有限公司 安全跨域登录方法、系统及服务器
KR102714370B1 (ko) * 2023-11-30 2024-10-11 알파카네트웍스 주식회사 웹쉘 인터페이스 기반의 서버 관리 프레임 워크에서 컨피덴셜 컴퓨팅 기술 기반의 원격 인증 및 이를 위한 토큰 발급 및 관리 방법
CN119210869A (zh) * 2024-09-30 2024-12-27 山东大学 一种卫星网络零信任安全防护方法及系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0940960A1 (de) * 1998-03-02 1999-09-08 Hewlett-Packard Company Authentifizierung zwischen Anbietern

Also Published As

Publication number Publication date
KR20030048118A (ko) 2003-06-18
DE60130037D1 (de) 2007-09-27
KR100702421B1 (ko) 2007-04-04
TW528957B (en) 2003-04-21
DE60130037T2 (de) 2008-05-08
EP1368722B1 (de) 2007-08-15
WO2002039237A2 (en) 2002-05-16
AU2002212345A1 (en) 2002-05-21
WO2002039237A3 (en) 2003-10-09
EP1368722A2 (de) 2003-12-10

Similar Documents

Publication Publication Date Title
ATE370458T1 (de) Verfahren und system zur web-basierten cross- domain berechtigung mit einmaliger anmeldung
ATE406726T1 (de) Verfahren und vorrichtung zur speicherung kryptographischer schlüssel, wobei schlüsselserver durch besitz und sichere verteilung gespeicherter schlüssel authentifiziert werden
JP4668524B2 (ja) コンテンツの権利管理のための領域ベース信用モデル
KR100912276B1 (ko) 하드웨어 식별에 기초한 디지털권 관리 방법을 이용한 전자소프트웨어 배포 방법 및 시스템
CN103914901B (zh) 一种开锁方法及开锁系统
WO1999016031A3 (en) Method and apparatus for asymmetric key management in a cryptographic system
WO2007125486A3 (en) Improved access to authorized domains
ATE400108T1 (de) Authentifizierungsverfahren und vorrichtung zur verschlüsselung eines tickets mit einem symmetrischen schlüssel, wobei der symmetrische schlüssel mit einem asymmetrischen schlüssel verschlüsselt ist
WO2003065169A3 (en) Access system utilizing multiple factor identification and authentication
WO2005006629A3 (en) Terminal authentication in a wireless network
JP2006260538A5 (de)
WO1998010611A3 (en) System for preventing electronic memory tampering
ZA200302773B (en) Methods for remotely changing a communications password.
EP1521423A3 (de) Verfahren zur Erstellung einer Domäne, die mit einem öffentlichen Schlüssel erreicht werden kann, über Universal Plug and Play (UPnP) Installation
SG143962A1 (en) Validating an authentication chip using a secret key
ATE268925T1 (de) Sichere systeme zum drucken von authentifizierenden digitalen unterschriften
EP1544780A4 (de) Authentifikationssystem
JP2014508456A5 (de)
JP2004030326A5 (de)
JP2007527056A5 (de)
CN101694685A (zh) 采用基于xml加密和数字证书的安全产品许可证管理方法
JP2011012511A (ja) 電気錠制御システム
DE602004032313D1 (de) Datenauthentifizierungsverfahren und Agent basiertes System
FR2826811B1 (fr) Procede d'authentification cryptographique
KR20090024482A (ko) 컨텐츠를 이용하기 위한 키 관리 시스템 및 그 방법

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties