WO2006116103A3 - Supporting statements for credential based access control - Google Patents
Supporting statements for credential based access control Download PDFInfo
- Publication number
- WO2006116103A3 WO2006116103A3 PCT/US2006/015116 US2006015116W WO2006116103A3 WO 2006116103 A3 WO2006116103 A3 WO 2006116103A3 US 2006015116 W US2006015116 W US 2006015116W WO 2006116103 A3 WO2006116103 A3 WO 2006116103A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- access control
- based access
- credential based
- supporting statements
- statements
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06750984A EP1872519A2 (en) | 2005-04-22 | 2006-04-20 | Supporting statements for credential based access control |
JP2008507919A JP2008538641A (en) | 2005-04-22 | 2006-04-20 | Support description of access control based on credentials |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/112,993 | 2005-04-22 | ||
US11/112,993 US7657746B2 (en) | 2005-04-22 | 2005-04-22 | Supporting statements for credential based access control |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006116103A2 WO2006116103A2 (en) | 2006-11-02 |
WO2006116103A3 true WO2006116103A3 (en) | 2006-12-28 |
Family
ID=37188638
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/015116 WO2006116103A2 (en) | 2005-04-22 | 2006-04-20 | Supporting statements for credential based access control |
Country Status (6)
Country | Link |
---|---|
US (1) | US7657746B2 (en) |
EP (1) | EP1872519A2 (en) |
JP (1) | JP2008538641A (en) |
KR (1) | KR20080008335A (en) |
CN (1) | CN101164277A (en) |
WO (1) | WO2006116103A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8938783B2 (en) | 2006-09-11 | 2015-01-20 | Microsoft Corporation | Security language expressions for logic resolution |
Families Citing this family (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9614772B1 (en) | 2003-10-20 | 2017-04-04 | F5 Networks, Inc. | System and method for directing network traffic in tunneling applications |
JP4791760B2 (en) * | 2005-05-17 | 2011-10-12 | 株式会社リコー | Access control apparatus, access control method, and access control program |
US8418233B1 (en) * | 2005-07-29 | 2013-04-09 | F5 Networks, Inc. | Rule based extensible authentication |
US8533308B1 (en) | 2005-08-12 | 2013-09-10 | F5 Networks, Inc. | Network traffic management through protocol-configurable transaction processing |
US20070294404A1 (en) * | 2006-06-15 | 2007-12-20 | International Business Machines Corporation | Method and system for authorization and access control delegation in an on demand grid environment |
US8201215B2 (en) * | 2006-09-08 | 2012-06-12 | Microsoft Corporation | Controlling the delegation of rights |
US20080066158A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Authorization Decisions with Principal Attributes |
US8095969B2 (en) * | 2006-09-08 | 2012-01-10 | Microsoft Corporation | Security assertion revocation |
US20080066169A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Fact Qualifiers in Security Scenarios |
US7814534B2 (en) * | 2006-09-08 | 2010-10-12 | Microsoft Corporation | Auditing authorization decisions |
US20080065899A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Variable Expressions in Security Assertions |
US8060931B2 (en) * | 2006-09-08 | 2011-11-15 | Microsoft Corporation | Security authorization queries |
US20080066147A1 (en) * | 2006-09-11 | 2008-03-13 | Microsoft Corporation | Composable Security Policies |
US8656503B2 (en) * | 2006-09-11 | 2014-02-18 | Microsoft Corporation | Security language translations with logic resolution |
US8136146B2 (en) * | 2007-01-04 | 2012-03-13 | International Business Machines Corporation | Secure audit log access for federation compliance |
US9832069B1 (en) | 2008-05-30 | 2017-11-28 | F5 Networks, Inc. | Persistence based on server response in an IP multimedia subsystem (IMS) |
US9130846B1 (en) | 2008-08-27 | 2015-09-08 | F5 Networks, Inc. | Exposed control components for customizable load balancing and persistence |
US20110167479A1 (en) * | 2010-01-07 | 2011-07-07 | Oracle International Corporation | Enforcement of policies on context-based authorization |
US20110166943A1 (en) * | 2010-01-07 | 2011-07-07 | Oracle International Corporation | Policy-based advertisement engine |
US9509791B2 (en) | 2010-01-07 | 2016-11-29 | Oracle International Corporation | Policy-based exposure of presence |
US9467858B2 (en) | 2010-02-05 | 2016-10-11 | Oracle International Corporation | On device policy enforcement to secure open platform via network and open network |
US9495521B2 (en) * | 2010-02-05 | 2016-11-15 | Oracle International Corporation | System self integrity and health validation for policy enforcement |
US20110196728A1 (en) * | 2010-02-05 | 2011-08-11 | Oracle International Corporation | Service level communication advertisement business |
US10482254B2 (en) | 2010-07-14 | 2019-11-19 | Intel Corporation | Domain-authenticated control of platform resources |
US9680763B2 (en) | 2012-02-14 | 2017-06-13 | Airwatch, Llc | Controlling distribution of resources in a network |
US10404615B2 (en) | 2012-02-14 | 2019-09-03 | Airwatch, Llc | Controlling distribution of resources on a network |
JP5567053B2 (en) * | 2012-03-19 | 2014-08-06 | 株式会社東芝 | Authority changing device, creation device, and program |
US9336357B2 (en) | 2012-09-28 | 2016-05-10 | Intel Corporation | Secure access management of devices |
US20140280955A1 (en) | 2013-03-14 | 2014-09-18 | Sky Socket, Llc | Controlling Electronically Communicated Resources |
EP3014507B1 (en) | 2013-06-27 | 2018-04-04 | Intel Corporation | Continuous multi-factor authentication |
US9516005B2 (en) * | 2013-08-20 | 2016-12-06 | Airwatch Llc | Individual-specific content management |
US10073964B2 (en) | 2015-09-25 | 2018-09-11 | Intel Corporation | Secure authentication protocol systems and methods |
US11087016B1 (en) | 2020-08-20 | 2021-08-10 | Spideroak, Inc. | Implementation of a file system on a block chain |
Family Cites Families (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08263438A (en) * | 1994-11-23 | 1996-10-11 | Xerox Corp | Distribution and use control system of digital work and access control method to digital work |
US5958050A (en) * | 1996-09-24 | 1999-09-28 | Electric Communities | Trusted delegation system |
US6256734B1 (en) * | 1998-02-17 | 2001-07-03 | At&T | Method and apparatus for compliance checking in a trust management system |
JP3546787B2 (en) * | 1999-12-16 | 2004-07-28 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Access control system, access control method, and storage medium |
US7246370B2 (en) * | 2000-01-07 | 2007-07-17 | Security, Inc. | PDstudio design system and method |
US7222362B1 (en) * | 2000-05-15 | 2007-05-22 | International Business Machines Corporation | Non-transferable anonymous credentials |
US7313692B2 (en) * | 2000-05-19 | 2007-12-25 | Intertrust Technologies Corp. | Trust management systems and methods |
US7669238B2 (en) * | 2000-06-21 | 2010-02-23 | Microsoft Corporation | Evidence-based application security |
JP2002014862A (en) * | 2000-06-28 | 2002-01-18 | Fujitsu Ltd | Information access controller and information access control method |
US7249369B2 (en) * | 2000-07-10 | 2007-07-24 | Oracle International Corporation | Post data processing |
JP2002132730A (en) * | 2000-10-20 | 2002-05-10 | Hitachi Ltd | System and method for authentication or access management based on reliability and disclosure degree of personal information |
US7660902B2 (en) * | 2000-11-20 | 2010-02-09 | Rsa Security, Inc. | Dynamic file access control and management |
US7085925B2 (en) * | 2001-04-03 | 2006-08-01 | Sun Microsystems, Inc. | Trust ratings in group credentials |
US7590684B2 (en) * | 2001-07-06 | 2009-09-15 | Check Point Software Technologies, Inc. | System providing methodology for access control with cooperative enforcement |
US7536712B2 (en) * | 2001-10-16 | 2009-05-19 | Microsoft Corporation | Flexible electronic message security mechanism |
US7024693B2 (en) * | 2001-11-13 | 2006-04-04 | Sun Microsystems, Inc. | Filter-based attribute value access control |
US20030126464A1 (en) * | 2001-12-04 | 2003-07-03 | Mcdaniel Patrick D. | Method and system for determining and enforcing security policy in a communication session |
US7260831B1 (en) * | 2002-04-25 | 2007-08-21 | Sprint Communications Company L.P. | Method and system for authorization and access to protected resources |
ATE367043T1 (en) * | 2002-05-24 | 2007-08-15 | Ericsson Telefon Ab L M | METHOD FOR AUTHENTICATING A USER WHEN ACCESSING A SERVICE OF A SERVICE PROVIDER |
US6721396B2 (en) * | 2002-06-26 | 2004-04-13 | Lucent Technologies Inc. | Method and system of enhancing emergency call services |
US6931530B2 (en) * | 2002-07-22 | 2005-08-16 | Vormetric, Inc. | Secure network file access controller implementing access control and auditing |
JP2004110335A (en) * | 2002-09-18 | 2004-04-08 | Fuji Electric Systems Co Ltd | Access control system |
AU2003279950A1 (en) * | 2002-10-10 | 2004-05-04 | Rocksteady Networks, Inc. | System and method for providing access control |
US20040073668A1 (en) * | 2002-10-10 | 2004-04-15 | Shivaram Bhat | Policy delegation for access control |
US7526798B2 (en) * | 2002-10-31 | 2009-04-28 | International Business Machines Corporation | System and method for credential delegation using identity assertion |
US7587491B2 (en) * | 2002-12-31 | 2009-09-08 | International Business Machines Corporation | Method and system for enroll-thru operations and reprioritization operations in a federated environment |
US20040128542A1 (en) * | 2002-12-31 | 2004-07-01 | International Business Machines Corporation | Method and system for native authentication protocols in a heterogeneous federated environment |
US7219154B2 (en) * | 2002-12-31 | 2007-05-15 | International Business Machines Corporation | Method and system for consolidated sign-off in a heterogeneous federated environment |
US7814021B2 (en) * | 2003-01-23 | 2010-10-12 | Verdasys, Inc. | Managed distribution of digital assets |
JP4222184B2 (en) * | 2003-04-24 | 2009-02-12 | 日本電気株式会社 | Security management support system, security management support method and program |
JP4280110B2 (en) * | 2003-05-16 | 2009-06-17 | 日本電信電話株式会社 | Attribute approval device |
US7900240B2 (en) * | 2003-05-28 | 2011-03-01 | Citrix Systems, Inc. | Multilayer access control security system |
JP2005004679A (en) * | 2003-06-16 | 2005-01-06 | Asgent Inc | Security policy structuring device, question maintenance device, policy maintenance device and document maintenance device |
US7827595B2 (en) * | 2003-08-28 | 2010-11-02 | Microsoft Corporation | Delegated administration of a hosted resource |
EP1530339B1 (en) * | 2003-11-07 | 2008-03-05 | Harman Becker Automotive Systems GmbH | Method and apparatuses for access control to encrypted data services for a vehicle entertainment and information processing device |
US7640429B2 (en) * | 2004-02-26 | 2009-12-29 | The Boeing Company | Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism |
US9245266B2 (en) * | 2004-06-16 | 2016-01-26 | Callahan Cellular L.L.C. | Auditable privacy policies in a distributed hierarchical identity management system |
US7669226B2 (en) * | 2004-07-30 | 2010-02-23 | International Business Machines Corporation | Generic declarative authorization scheme for Java |
US8146142B2 (en) * | 2004-09-03 | 2012-03-27 | Intel Corporation | Device introduction and access control framework |
US7711835B2 (en) * | 2004-09-30 | 2010-05-04 | Citrix Systems, Inc. | Method and apparatus for reducing disclosure of proprietary data in a networked environment |
US20060150238A1 (en) * | 2005-01-04 | 2006-07-06 | Symbol Technologies, Inc. | Method and apparatus of adaptive network policy management for wireless mobile computers |
US7631346B2 (en) * | 2005-04-01 | 2009-12-08 | International Business Machines Corporation | Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment |
-
2005
- 2005-04-22 US US11/112,993 patent/US7657746B2/en not_active Expired - Fee Related
-
2006
- 2006-04-20 KR KR1020077024081A patent/KR20080008335A/en not_active Application Discontinuation
- 2006-04-20 EP EP06750984A patent/EP1872519A2/en not_active Withdrawn
- 2006-04-20 JP JP2008507919A patent/JP2008538641A/en active Pending
- 2006-04-20 WO PCT/US2006/015116 patent/WO2006116103A2/en active Application Filing
- 2006-04-20 CN CNA200680013400XA patent/CN101164277A/en active Pending
Non-Patent Citations (6)
Title |
---|
BAUER ET AL.: "A Proof-Carrying Authorization System", SECURE INTERNET PROGRAMMING LABORATORY DEPARTMENT OF COMPUTER SCIENCE - PRINCETON UNIVERSITY, TECH REPORT TR-638-01, 30 April 2001 (2001-04-30), pages 1 - 16, XP008077261 * |
BAUER L. ET AL.: "Distributed Proving in Access-Control Systems", 2005 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (S&P'05), 2005, pages 1 - 15, XP010798365 * |
BECKER ET AL.: "Cassandra: Distributed Access Control Policies with Tunable Expressiveness", COMPUTER LABORATORY - UNIVERSITY OF CAMBRIDGE, FIFTH IEEE INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS (POLICY'04), 2004, pages 1 - 10, XP008077260 * |
LI N. ET AL.: "Beyond Proof-of Compliance: Security Analysis in Trust Management", JOURNAL OF THE ACM, vol. 52, no. 3, May 2005 (2005-05-01), pages 474 - 514, XP003007572 * |
RYUTOV ET AL.: "Adaptive Trust Negotiation and Access Control", INFORMATION SCIENCES INSTITUTE - UNIVERSITY OF SOUTHERN CALIFORNIA, AMC, 3 June 2005 (2005-06-03), pages 139 - 146, XP008077259 * |
SMITH T.J. ET AL.: "Joint Policy Management and Auditing in Virtual Organizations", MCNC-RDI RESEARCH AND DEVELOPMENT INSTITUTE, FOURTH INTERNATIONAL WORKSHOP ON GRID COMPUTING (GRID'03), 2003, pages 1 - 8, XP010680018 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8938783B2 (en) | 2006-09-11 | 2015-01-20 | Microsoft Corporation | Security language expressions for logic resolution |
Also Published As
Publication number | Publication date |
---|---|
US20060242688A1 (en) | 2006-10-26 |
CN101164277A (en) | 2008-04-16 |
WO2006116103A2 (en) | 2006-11-02 |
KR20080008335A (en) | 2008-01-23 |
US7657746B2 (en) | 2010-02-02 |
EP1872519A2 (en) | 2008-01-02 |
JP2008538641A (en) | 2008-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006116103A3 (en) | Supporting statements for credential based access control | |
WO2006132740A3 (en) | Architecture for computer-implemented authentication and authorization | |
EP2053779A4 (en) | A system and method for authenticating the accessing request for the home network | |
WO2008029393A3 (en) | Method for managing simultaneous modification of database objects during development | |
WO2008016567A3 (en) | Method and system for access authentication | |
WO2007024759A3 (en) | System and methods for secure service oriented architecture | |
EP1653332B8 (en) | Multiprocessor computer for task distribution with heat emission levelling | |
DK2149652T3 (en) | Flooring, floor panels, process for their manufacture | |
IL182230A0 (en) | Methods and systems for accessing, by application programs, resources provided by an operating system | |
BRPI0505394A (en) | process and system to securely provision a client device | |
WO2007002443A3 (en) | Control of service workload management | |
WO2007115209A3 (en) | Identity and access management framework | |
NO20053170D0 (en) | Procedure for preventing reuse in an analyte painting system. | |
WO2007034017A3 (en) | System, access control device and method for enabling the exchange and shared use of parking spaces | |
DE602005025187D1 (en) | Service system, service server and method for authenticating service requests | |
WO2009008003A3 (en) | Method and system for restricting access of one or more users to a service | |
WO2006043018A3 (en) | Focus priority in window management | |
BRPI0518060A (en) | selection of generic access network controller (gan) in a plmn environment | |
WO2008054676A3 (en) | Medical devices and methods of using the same | |
WO2007106521A3 (en) | Separate computing device for medical device with computing capabilities | |
DE112005001162B8 (en) | The fuel cell system | |
DE602005002407D1 (en) | The fuel cell system | |
DE602005020227D1 (en) | The fuel cell system | |
FI20041638A0 (en) | Content Sharing in a Communication System | |
AU2003258211A1 (en) | Hardware-assisted credential validation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680013400.X Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2006750984 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2008507919 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020077024081 Country of ref document: KR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |