Processing

Please wait...

Settings

Settings

Goto Application

1. WO2011047722 - METHOD FOR MANAGING ACCESS TO PROTECTED RESOURCES IN A COMPUTER NETWORK, PHYSICAL ENTITIES AND COMPUTER PROGRAMS THEREFOR

Publication Number WO/2011/047722
Publication Date 28.04.2011
International Application No. PCT/EP2009/063891
International Filing Date 22.10.2009
Chapter 2 Demand Filed 02.08.2011
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
G06F 21/33 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
33using certificates
H04L 29/08 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
08Transmission control procedure, e.g. data link level control procedure
CPC
G06F 21/335
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
33using certificates
335for accessing specific resources, e.g. using Kerberos tickets
H04L 63/0407
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0407wherein the identity of one or more communicating identities is hidden
H04L 63/102
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
102Entity profiles
Applicants
  • TELEFONAKTIEBOLAGET LM ERICSSON (publ) [SE]/[SE] (AllExceptUS)
  • UNIVERSIDAD POLITECNICA DE MADRID [ES]/[ES] (AllExceptUS)
  • MONJAS LLORENTE, Miguel Angel [ES]/[ES] (UsOnly)
  • DEL ÁLAMO RAMIRO, José Maria [ES]/[ES] (UsOnly)
  • YELMO GARCÍA, Juan Carlos [ES]/[ES] (UsOnly)
Inventors
  • MONJAS LLORENTE, Miguel Angel
  • DEL ÁLAMO RAMIRO, José Maria
  • YELMO GARCÍA, Juan Carlos
Agents
  • SIEGERT, Georg
Priority Data
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD FOR MANAGING ACCESS TO PROTECTED RESOURCES IN A COMPUTER NETWORK, PHYSICAL ENTITIES AND COMPUTER PROGRAMS THEREFOR
(FR) PROCÉDÉ DE GESTION DE L'ACCÈS À DES RESSOURCES PROTÉGÉES DANS UN RÉSEAU INFORMATIQUE, ENTITÉS PHYSIQUES ET PROGRAMMES INFORMATIQUES ASSOCIÉS
Abstract
(EN)
A method carried out by a controller is disclosed. The method includes receiving (s10) a message including a request token. A request token is a value used by a consumer (300) to request authorization from a user to access protected resources from a service provider (400). A service provider (400) is at least one of a software application and web site that is configured to provide access to protected resources. A consumer {300} is at least one of a software application and a web site that is configured to access a service provider (400) on behalf of a user. The method further includes determining (s20) whether the message meets policy settings governing the access to protected resources; and, if it is determined (s30) that the message does not meet the policy settings, preventing (s34) the request token from being forwarded to the service provider (400) associated with the request token.
(FR)
La présente invention concerne un procédé exécuté par un dispositif de commande. Le procédé comprend l'étape qui consiste à recevoir (s10) un message comprenant un jeton de requête. Un jeton de requête est une valeur utilisée par un consommateur (300) pour demander à un utilisateur l'autorisation d'accéder à des ressources protégées provenant d'un fournisseur de services (400). Le fournisseur de services (400) est au moins soit une application logicielle, soit un site Web qui est conçu pour fournir l'accès à des ressources protégées. Le consommateur (300) est au moins soit une application logicielle, soit un site Web qui est conçu pour accéder à un fournisseur de services (400) pour le compte d'un utilisateur. Le procédé comprend en outre les étapes qui consistent à déterminer (s20) si le message respecte les paramètres réglementaires qui régissent l'accès aux ressources protégées; et, s'il est déterminé (s30) que le message ne respecte pas ces paramètres réglementaires, à empêcher (s34) que le jeton de requête soit transmis au fournisseur de services (400) associé au jeton de requête.
Latest bibliographic data on file with the International Bureau