Chris M Ferris

US Patent:

6609198, Aug 19, 2003

Filed:

Aug 5, 1999

Appl. No.:

09/368506

Inventors:

David L. Wood - Louisville CO
Paul Weschler - Broomfield CO
Derk Norton - Louisville CO
Chris Ferris - Whitinsville MA
Yvonne Wilson - Mountain View CA
William R. Soley - Campbell CA

Assignee:

Sun Microsystems, Inc. - Santa Clara CA

International Classification:

G06F 126

US Classification:

713155, 713182, 713200, 713201

Abstract:

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e. g. , those based on passwords, certificates, biometric techniques, smart cards, etc. ) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on.

US Patent:

6892307, May 10, 2005

Filed:

Aug 5, 1999

Appl. No.:

09/368507

Inventors:

David L. Wood - Louisville CO, US
Derk Norton - Louisville CO, US
Paul Weschler - Broomfield CO, US
Chris Ferris - Whitinsville MA, US
Yvonne Wilson - Mountain View CA, US

Assignee:

Sun Microsystems, Inc. - Santa Clara CA

International Classification:

G06F011/30
G06F012/14
H04L009/00
H04L009/32

US Classification:

713201, 713200, 713155, 713156, 713175

Abstract:

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e. g. , those based on passwords, certificates, biometric techniques, smart cards, etc. ) are associated with trust levels and a log-on service obtains credentials for an entity commensurate with the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

US Patent:

6944761, Sep 13, 2005

Filed:

Aug 19, 2003

Appl. No.:

10/643813

Inventors:

David L. Wood - Louisville CO, US
Paul Weschler - Broomfield CO, US
Derk Norton - Louisville CO, US
Chris Ferris - Whitinsville MA, US
Yvonne Wilson - Mountain View CA, US
William R. Soley - Campbell CA, US

Assignee:

Sun Microsystems, Inc. - Sunnyvale CA

International Classification:

G06F011/30

US Classification:

713155, 713182, 713200, 713201, 713169

Abstract:

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e. g. , those based on passwords, certificates, biometric techniques, smart cards, etc. ) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

US Patent:

7117359, Oct 3, 2006

Filed:

Sep 12, 2005

Appl. No.:

11/224675

Inventors:

David L. Wood - Louisville CO, US
Paul Weschler - Broomfield CO, US
Derk Norton - Louisville CO, US
Chris Ferris - Whitinsville MA, US
Yvonne Wilson - Mountain View CA, US
William R. Soley - Campbell CA, US

Assignee:

Sun Microsystems, Inc. - Santa Clara CA

International Classification:

G06F 1/24

US Classification:

713155, 713182, 713169

Abstract:

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e. g. , those based on passwords, certificates, biometric techniques, smart cards, etc. ) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. In addition, an entity can be allocated a new session and associated default credential if the entity's access request indicates an invalid session token or does not indicate a token.

US Patent:

7325128, Jan 29, 2008

Filed:

Sep 19, 2006

Appl. No.:

11/533296

Inventors:

David L. Wood - Louisville CO, US
Paul Weschler - Broomfield CO, US
Derk Norton - Louisville CO, US
Chris Ferris - Whitinsville MA, US
Yvonne Wilson - Mountain View CA, US
William R. Soley - Campbell CA, US

Assignee:

Sun Microsystems, Inc. - Palo Alto CA

International Classification:

G06F 9/00

US Classification:

713155, 713169, 713182

Abstract:

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e. g. , those based on passwords, certificates, biometric techniques, smart cards, etc. ) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.