WO2006116103A3 - Supporting statements for credential based access control - Google Patents

Supporting statements for credential based access control Download PDF

Info

Publication number
WO2006116103A3
WO2006116103A3 PCT/US2006/015116 US2006015116W WO2006116103A3 WO 2006116103 A3 WO2006116103 A3 WO 2006116103A3 US 2006015116 W US2006015116 W US 2006015116W WO 2006116103 A3 WO2006116103 A3 WO 2006116103A3
Authority
WO
WIPO (PCT)
Prior art keywords
access control
based access
credential based
supporting statements
statements
Prior art date
Application number
PCT/US2006/015116
Other languages
French (fr)
Other versions
WO2006116103A2 (en
Inventor
Muthukrishnan Paramasivam
Iii Charles F Rose
Nicolas Payette
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to EP06750984A priority Critical patent/EP1872519A2/en
Priority to JP2008507919A priority patent/JP2008538641A/en
Publication of WO2006116103A2 publication Critical patent/WO2006116103A2/en
Publication of WO2006116103A3 publication Critical patent/WO2006116103A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

Supporting statements are provided to help safely and efficiently construct and verify proofs necessary for deciding whether to grant a request from one entity for accessing a resource owned or administered by another entity.
PCT/US2006/015116 2005-04-22 2006-04-20 Supporting statements for credential based access control WO2006116103A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP06750984A EP1872519A2 (en) 2005-04-22 2006-04-20 Supporting statements for credential based access control
JP2008507919A JP2008538641A (en) 2005-04-22 2006-04-20 Support description of access control based on credentials

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/112,993 2005-04-22
US11/112,993 US7657746B2 (en) 2005-04-22 2005-04-22 Supporting statements for credential based access control

Publications (2)

Publication Number Publication Date
WO2006116103A2 WO2006116103A2 (en) 2006-11-02
WO2006116103A3 true WO2006116103A3 (en) 2006-12-28

Family

ID=37188638

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/015116 WO2006116103A2 (en) 2005-04-22 2006-04-20 Supporting statements for credential based access control

Country Status (6)

Country Link
US (1) US7657746B2 (en)
EP (1) EP1872519A2 (en)
JP (1) JP2008538641A (en)
KR (1) KR20080008335A (en)
CN (1) CN101164277A (en)
WO (1) WO2006116103A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8938783B2 (en) 2006-09-11 2015-01-20 Microsoft Corporation Security language expressions for logic resolution

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9614772B1 (en) 2003-10-20 2017-04-04 F5 Networks, Inc. System and method for directing network traffic in tunneling applications
JP4791760B2 (en) * 2005-05-17 2011-10-12 株式会社リコー Access control apparatus, access control method, and access control program
US8418233B1 (en) * 2005-07-29 2013-04-09 F5 Networks, Inc. Rule based extensible authentication
US8533308B1 (en) 2005-08-12 2013-09-10 F5 Networks, Inc. Network traffic management through protocol-configurable transaction processing
US20070294404A1 (en) * 2006-06-15 2007-12-20 International Business Machines Corporation Method and system for authorization and access control delegation in an on demand grid environment
US8201215B2 (en) * 2006-09-08 2012-06-12 Microsoft Corporation Controlling the delegation of rights
US20080066158A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Authorization Decisions with Principal Attributes
US8095969B2 (en) * 2006-09-08 2012-01-10 Microsoft Corporation Security assertion revocation
US20080066169A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Fact Qualifiers in Security Scenarios
US7814534B2 (en) * 2006-09-08 2010-10-12 Microsoft Corporation Auditing authorization decisions
US20080065899A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Variable Expressions in Security Assertions
US8060931B2 (en) * 2006-09-08 2011-11-15 Microsoft Corporation Security authorization queries
US20080066147A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Composable Security Policies
US8656503B2 (en) * 2006-09-11 2014-02-18 Microsoft Corporation Security language translations with logic resolution
US8136146B2 (en) * 2007-01-04 2012-03-13 International Business Machines Corporation Secure audit log access for federation compliance
US9832069B1 (en) 2008-05-30 2017-11-28 F5 Networks, Inc. Persistence based on server response in an IP multimedia subsystem (IMS)
US9130846B1 (en) 2008-08-27 2015-09-08 F5 Networks, Inc. Exposed control components for customizable load balancing and persistence
US20110167479A1 (en) * 2010-01-07 2011-07-07 Oracle International Corporation Enforcement of policies on context-based authorization
US20110166943A1 (en) * 2010-01-07 2011-07-07 Oracle International Corporation Policy-based advertisement engine
US9509791B2 (en) 2010-01-07 2016-11-29 Oracle International Corporation Policy-based exposure of presence
US9467858B2 (en) 2010-02-05 2016-10-11 Oracle International Corporation On device policy enforcement to secure open platform via network and open network
US9495521B2 (en) * 2010-02-05 2016-11-15 Oracle International Corporation System self integrity and health validation for policy enforcement
US20110196728A1 (en) * 2010-02-05 2011-08-11 Oracle International Corporation Service level communication advertisement business
US10482254B2 (en) 2010-07-14 2019-11-19 Intel Corporation Domain-authenticated control of platform resources
US9680763B2 (en) 2012-02-14 2017-06-13 Airwatch, Llc Controlling distribution of resources in a network
US10404615B2 (en) 2012-02-14 2019-09-03 Airwatch, Llc Controlling distribution of resources on a network
JP5567053B2 (en) * 2012-03-19 2014-08-06 株式会社東芝 Authority changing device, creation device, and program
US9336357B2 (en) 2012-09-28 2016-05-10 Intel Corporation Secure access management of devices
US20140280955A1 (en) 2013-03-14 2014-09-18 Sky Socket, Llc Controlling Electronically Communicated Resources
EP3014507B1 (en) 2013-06-27 2018-04-04 Intel Corporation Continuous multi-factor authentication
US9516005B2 (en) * 2013-08-20 2016-12-06 Airwatch Llc Individual-specific content management
US10073964B2 (en) 2015-09-25 2018-09-11 Intel Corporation Secure authentication protocol systems and methods
US11087016B1 (en) 2020-08-20 2021-08-10 Spideroak, Inc. Implementation of a file system on a block chain

Family Cites Families (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08263438A (en) * 1994-11-23 1996-10-11 Xerox Corp Distribution and use control system of digital work and access control method to digital work
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US6256734B1 (en) * 1998-02-17 2001-07-03 At&T Method and apparatus for compliance checking in a trust management system
JP3546787B2 (en) * 1999-12-16 2004-07-28 インターナショナル・ビジネス・マシーンズ・コーポレーション Access control system, access control method, and storage medium
US7246370B2 (en) * 2000-01-07 2007-07-17 Security, Inc. PDstudio design system and method
US7222362B1 (en) * 2000-05-15 2007-05-22 International Business Machines Corporation Non-transferable anonymous credentials
US7313692B2 (en) * 2000-05-19 2007-12-25 Intertrust Technologies Corp. Trust management systems and methods
US7669238B2 (en) * 2000-06-21 2010-02-23 Microsoft Corporation Evidence-based application security
JP2002014862A (en) * 2000-06-28 2002-01-18 Fujitsu Ltd Information access controller and information access control method
US7249369B2 (en) * 2000-07-10 2007-07-24 Oracle International Corporation Post data processing
JP2002132730A (en) * 2000-10-20 2002-05-10 Hitachi Ltd System and method for authentication or access management based on reliability and disclosure degree of personal information
US7660902B2 (en) * 2000-11-20 2010-02-09 Rsa Security, Inc. Dynamic file access control and management
US7085925B2 (en) * 2001-04-03 2006-08-01 Sun Microsystems, Inc. Trust ratings in group credentials
US7590684B2 (en) * 2001-07-06 2009-09-15 Check Point Software Technologies, Inc. System providing methodology for access control with cooperative enforcement
US7536712B2 (en) * 2001-10-16 2009-05-19 Microsoft Corporation Flexible electronic message security mechanism
US7024693B2 (en) * 2001-11-13 2006-04-04 Sun Microsystems, Inc. Filter-based attribute value access control
US20030126464A1 (en) * 2001-12-04 2003-07-03 Mcdaniel Patrick D. Method and system for determining and enforcing security policy in a communication session
US7260831B1 (en) * 2002-04-25 2007-08-21 Sprint Communications Company L.P. Method and system for authorization and access to protected resources
ATE367043T1 (en) * 2002-05-24 2007-08-15 Ericsson Telefon Ab L M METHOD FOR AUTHENTICATING A USER WHEN ACCESSING A SERVICE OF A SERVICE PROVIDER
US6721396B2 (en) * 2002-06-26 2004-04-13 Lucent Technologies Inc. Method and system of enhancing emergency call services
US6931530B2 (en) * 2002-07-22 2005-08-16 Vormetric, Inc. Secure network file access controller implementing access control and auditing
JP2004110335A (en) * 2002-09-18 2004-04-08 Fuji Electric Systems Co Ltd Access control system
AU2003279950A1 (en) * 2002-10-10 2004-05-04 Rocksteady Networks, Inc. System and method for providing access control
US20040073668A1 (en) * 2002-10-10 2004-04-15 Shivaram Bhat Policy delegation for access control
US7526798B2 (en) * 2002-10-31 2009-04-28 International Business Machines Corporation System and method for credential delegation using identity assertion
US7587491B2 (en) * 2002-12-31 2009-09-08 International Business Machines Corporation Method and system for enroll-thru operations and reprioritization operations in a federated environment
US20040128542A1 (en) * 2002-12-31 2004-07-01 International Business Machines Corporation Method and system for native authentication protocols in a heterogeneous federated environment
US7219154B2 (en) * 2002-12-31 2007-05-15 International Business Machines Corporation Method and system for consolidated sign-off in a heterogeneous federated environment
US7814021B2 (en) * 2003-01-23 2010-10-12 Verdasys, Inc. Managed distribution of digital assets
JP4222184B2 (en) * 2003-04-24 2009-02-12 日本電気株式会社 Security management support system, security management support method and program
JP4280110B2 (en) * 2003-05-16 2009-06-17 日本電信電話株式会社 Attribute approval device
US7900240B2 (en) * 2003-05-28 2011-03-01 Citrix Systems, Inc. Multilayer access control security system
JP2005004679A (en) * 2003-06-16 2005-01-06 Asgent Inc Security policy structuring device, question maintenance device, policy maintenance device and document maintenance device
US7827595B2 (en) * 2003-08-28 2010-11-02 Microsoft Corporation Delegated administration of a hosted resource
EP1530339B1 (en) * 2003-11-07 2008-03-05 Harman Becker Automotive Systems GmbH Method and apparatuses for access control to encrypted data services for a vehicle entertainment and information processing device
US7640429B2 (en) * 2004-02-26 2009-12-29 The Boeing Company Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism
US9245266B2 (en) * 2004-06-16 2016-01-26 Callahan Cellular L.L.C. Auditable privacy policies in a distributed hierarchical identity management system
US7669226B2 (en) * 2004-07-30 2010-02-23 International Business Machines Corporation Generic declarative authorization scheme for Java
US8146142B2 (en) * 2004-09-03 2012-03-27 Intel Corporation Device introduction and access control framework
US7711835B2 (en) * 2004-09-30 2010-05-04 Citrix Systems, Inc. Method and apparatus for reducing disclosure of proprietary data in a networked environment
US20060150238A1 (en) * 2005-01-04 2006-07-06 Symbol Technologies, Inc. Method and apparatus of adaptive network policy management for wireless mobile computers
US7631346B2 (en) * 2005-04-01 2009-12-08 International Business Machines Corporation Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
BAUER ET AL.: "A Proof-Carrying Authorization System", SECURE INTERNET PROGRAMMING LABORATORY DEPARTMENT OF COMPUTER SCIENCE - PRINCETON UNIVERSITY, TECH REPORT TR-638-01, 30 April 2001 (2001-04-30), pages 1 - 16, XP008077261 *
BAUER L. ET AL.: "Distributed Proving in Access-Control Systems", 2005 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (S&P'05), 2005, pages 1 - 15, XP010798365 *
BECKER ET AL.: "Cassandra: Distributed Access Control Policies with Tunable Expressiveness", COMPUTER LABORATORY - UNIVERSITY OF CAMBRIDGE, FIFTH IEEE INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS (POLICY'04), 2004, pages 1 - 10, XP008077260 *
LI N. ET AL.: "Beyond Proof-of Compliance: Security Analysis in Trust Management", JOURNAL OF THE ACM, vol. 52, no. 3, May 2005 (2005-05-01), pages 474 - 514, XP003007572 *
RYUTOV ET AL.: "Adaptive Trust Negotiation and Access Control", INFORMATION SCIENCES INSTITUTE - UNIVERSITY OF SOUTHERN CALIFORNIA, AMC, 3 June 2005 (2005-06-03), pages 139 - 146, XP008077259 *
SMITH T.J. ET AL.: "Joint Policy Management and Auditing in Virtual Organizations", MCNC-RDI RESEARCH AND DEVELOPMENT INSTITUTE, FOURTH INTERNATIONAL WORKSHOP ON GRID COMPUTING (GRID'03), 2003, pages 1 - 8, XP010680018 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8938783B2 (en) 2006-09-11 2015-01-20 Microsoft Corporation Security language expressions for logic resolution

Also Published As

Publication number Publication date
US20060242688A1 (en) 2006-10-26
CN101164277A (en) 2008-04-16
WO2006116103A2 (en) 2006-11-02
KR20080008335A (en) 2008-01-23
US7657746B2 (en) 2010-02-02
EP1872519A2 (en) 2008-01-02
JP2008538641A (en) 2008-10-30

Similar Documents

Publication Publication Date Title
WO2006116103A3 (en) Supporting statements for credential based access control
WO2006132740A3 (en) Architecture for computer-implemented authentication and authorization
EP2053779A4 (en) A system and method for authenticating the accessing request for the home network
WO2008029393A3 (en) Method for managing simultaneous modification of database objects during development
WO2008016567A3 (en) Method and system for access authentication
WO2007024759A3 (en) System and methods for secure service oriented architecture
EP1653332B8 (en) Multiprocessor computer for task distribution with heat emission levelling
DK2149652T3 (en) Flooring, floor panels, process for their manufacture
IL182230A0 (en) Methods and systems for accessing, by application programs, resources provided by an operating system
BRPI0505394A (en) process and system to securely provision a client device
WO2007002443A3 (en) Control of service workload management
WO2007115209A3 (en) Identity and access management framework
NO20053170D0 (en) Procedure for preventing reuse in an analyte painting system.
WO2007034017A3 (en) System, access control device and method for enabling the exchange and shared use of parking spaces
DE602005025187D1 (en) Service system, service server and method for authenticating service requests
WO2009008003A3 (en) Method and system for restricting access of one or more users to a service
WO2006043018A3 (en) Focus priority in window management
BRPI0518060A (en) selection of generic access network controller (gan) in a plmn environment
WO2008054676A3 (en) Medical devices and methods of using the same
WO2007106521A3 (en) Separate computing device for medical device with computing capabilities
DE112005001162B8 (en) The fuel cell system
DE602005002407D1 (en) The fuel cell system
DE602005020227D1 (en) The fuel cell system
FI20041638A0 (en) Content Sharing in a Communication System
AU2003258211A1 (en) Hardware-assisted credential validation

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680013400.X

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006750984

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2008507919

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1020077024081

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU