112 results about "Identity correlation" patented technology

User names and user groups serve as the basis of a formal policy in a network. A passive monitor examines network traffic in near real time and indicates: which network traffic is flowing on the network as before; which users or user groups were logged into workstations initiating this network traffic; and which of this traffic conforms to the formal policy definition. In one embodiment of the invention, users and user groups are determined by querying Microsoft® Active Directory and Microsoft® Windows servers, to determine who is logged onto the Microsoft® network. Other sources of identity information are also possible. The identity information is then correlated with the network traffic, so that even traffic that does not bear on the Microsoft® networking scheme is still tagged with identity

A method and apparatus that enables incremental control the flow of downlink data on an external interface-by-interface basis, reducing the risk of repeatedly exhausting internal memory resources. A mobile device (300), having a plurality of device interfaces (328–330) for transmitting data received from a network (306) through a network controller (302), includes an identity associating layer (322) that associates identifiers with packet data protocol contexts corresponding to the plurality of device interfaces. A general resource indicator (334) generates a first indication in response to system memory of the mobile device being substantially exhausted, and a private resource indicator (336) generates a second indication in response to private resources corresponding to the plurality of device interfaces being substantially exhausted. A control processing unit (332) generates a flow control indication signal in response to the first indication, the second indication, flow control information corresponding to the plurality of interfaces, and the identifiers associated by the identity associating layer. A bit-map generator (338) generates a bit-map, based on the flow control indication signal, that is transmitted to the radio network controller, which interprets the bit-map to discretely control transmission of data from the radio network controller to the plurality of device interfaces.

Exemplary embodiments of the present invention are directed to a system and method for user identity portability in communication systems. The present invention can provide user identity portability across communication networks that do not necessarily impose a phone number as the identity, addressing, or routing identifier. According to exemplary embodiments, a user identified by any suitable user identifier can switch network operators (e.g., from operator A to operator B) and retain their user identifier. For example, an identity server can support reverse lookup ENUM usage for URI and other identity correlation. Thus, all communication contacts that the user had while with operator A can seamlessly continue communications with the user even after the user switches to operator B.

Systems, methods, apparatuses, and computer readable media for facilitating user identity authentication to a service provider by linking, on a user certificate system, identity-linked information to certificate information, such that the certificate information may be used to generate an identity message that the service provider may verify to confirm a user identity. An exemplary method comprises receiving identity-linked information, retrieving public certificate information, retrieving, from a hardware security module, a private key, causing transmission, over a second network to the service provider, of a notification that an identity message is available for access, the identity message based on the retrieved public certificate information and the retrieved private key, and upon reception, from the service provider, of a request for the identity message, generating and transmitting the identity message, wherein the identity message comprises at least an encrypted portion of the identity message encrypted using at least the private key.

The invention relates to the field of identity authentication of an internet of vehicles and discloses a vehicle identity authentication method based on the virtual machine migration technology. The vehicle identity authentication method based on the virtual machine migration technology comprises the following steps that a mobile on board unit sends an identity authentication request to a road side unit with an identity certificate of the mobile on board unit as a credential, after determining the legitimacy of the identity of the mobile on board unit, the road side unit turns on a virtual machine corresponding to the mobile on board unit, and identity relevant information of the on board unit is stored in the corresponding virtual machine; based on the position information of the on board unit, the current road side unit can determine the migration address, corresponding to the virtual machine, of the on board unit, namely, the network address of a target road side unit; when the connection between the on board unit and the current road side unit is interrupted and the on board unit is connected to the target road side unit, and the target road side unit detects the corresponding relation between the identity relevant information stored in the current virtual machine which is turned on and the identification certificate of the on board unit which requests identity authentication so that the identity legitimacy of the on board unit can be determined; the on board unit can have access to the virtual machine corresponding to the migrated on board unit through the target road side unit.

A method, apparatus and computer program product for detecting that a computing device may not be secure based on inconsistent identity associations identified during Federated Single Sign-On (F-SSO). A detection proxy detects when a user with a particular session is accessing an identity provider (IdP) that is associated with an account that is not the current user's account. When a user performs a login to an F-SSO-enabled IdP, the proxy performs an F-SSO, and the results are compared with known aliases for that particular federation partner. If an anomaly is detected (e.g., the in-line device sees that a user logs into a web site as someone else), a workflow is initiated to perform a given action, such as blocking access, issuing an alert, or the like.

The invention discloses a safety control mechanism based on Web service of PKI and PMI, which comprises a PKI system, a PMI system and a safety system of Web service. Users apply for a letter of identification through the PKI system, and then apply for an attribute certificate according to the letter of identification to the PMI system. Through the attribute certificate, the user identification and one or more roles are related. The roles then are bond with one or more Web service through the strategy certificate pre-defined by the PMI system. Then when users use Web service, the safety system of web helps the PKI system to check the legality of an identification letter and helps the PMI system to check whether a user has the right to call the Web service or not. When all checks pass through successfully, the user can access the Web service so as to realize safety calling of Web service. The mechanism of the invention provides a set of identification authentication and access control systems with strong integrity, thereby ensuring the confidentiality, the integrity and the non-repudiation of calling information of Web service.

The invention provides a cloud detection safety management auditing system. The cloud detection safety management auditing system comprises following modules: a software system, a hardware device and an updating device, wherein the software system and the hardware device are used for auditing a networking behavior by capturing an original data package; and the updating device is used for updating the original data package to a cloud storage center. The invention further provides a corresponding system which has a network safety auditing function, a public security requirement is satisfied by virtue of a data package capturing function, and wide small-sized online places are facilitated as well. An updating function of the original data package is added, the data are updated cloud centers through Internet, and thus, the support of history data is provided to the case handling and investigating of policemen. A plurality of identity authentication manners are provided, so that addresses of networking devices and personal real identities are associated together.

A system and method include a device connectable to a private network and designed to access to a public network, the device used to control identity associations for end user devices in the private network, wherein the device has an associated device key and is operable to receive additional keys associated with service providers, and a conditional access system associated with the device, the conditional access system operated by a key authority to manage the device key and to authenticate the service provider keys thereby allowing identity associations between the private network and the service providers.

A system and method for pre-placing content from a provider on an end user storage device is described. The system includes a device connected to an end user network and a public network and used to interface with one or more digital keys, where each digital key is able to control one or more identity associations. A storage device attached to the end user network and is able to receive content from the provider using the identity association with the provider. The content is encrypted on the storage device using a keys established by the provider, such that the end user can only decrypt and access the content by agreeing to terms established by the provider using the digital key and identity association with the provider.

The invention discloses a method for allocating an IP address, comprising the following steps: sending a request message to a server of a dynamical host configuration protocol version 6 (DHCPv6) by a client which supports internet protocol version 4 (IPv4), requesting to allocate an IPv4 address, and carrying identity related (IA)-IPv4 options in the request message; and after the DHCPv6 server receives the request message, according to the (IA)-IPv4 options, allocating the IPv4 address for the client according to an address allocation strategy and sending the IPv4 address to the client. Under the environment of double protocol stacks of IPv4 and IPv6, the method leads the system to be capable of dynamically configuring the IPv4 address flexibly and easily, and reduces the dependency of the IPv4 service on a DHCPv4 protocol under the environment of the double protocol stacks; and simultaneously for a network manager, single DHCPv6 protocol is configured and used, thus being capable ofeffectively reducing the cost of operation and maintenance.

An embodiment of the invention discloses a method for obtaining an IPV6ND address and a broadband remote access server (BARS). The BARS receives a routing request (RS) message sent by a user device. A dynamic host configuration protocol version 6 (DHCPV6) server sends a DHCPV6Solicit message, wherein the DHCPV6Solicit message carries an unique device identifier (DUID) and identity relevance options IA_PD of the user device, so that the DHCPV6 server allocates a 64-bit Delegation prefixion for the user device according to the IA_PD. The 64-bit Delegation prefixion is sent to the user device through a random access (RA) message to enable the user device to use the 64-bit Delegation prefixion and a 64-bit IPV6 interface identity (ID) to form a 128-bit IPV6ND address, and when a network only supporting an IPV4 protocol can be updated and can support an IPV6 protocol or a Dual Stack, the dual stack can support the IPV4 and IPV6 protocols, and ND access and DHCPV6 access can be achieved only by updating the support of a DHCP Server and allocating an IPV6 prefixion.

A system and method are disclosed for tracking image and audio data over time to automatically identify a person based on a correlation of their voice with their body in a multi-user game or multimedia setting.

The invention discloses a storage method of confidential data, wherein the storage method includes steps of 1), a data owner generates public and private key pairs by using a public key cryptographic algorithm; a data user applies public key cryptographic algorithm to generate the public and private key pairs associated with its identity; 2), a data storage administrator generates a ciphertext data index and publishes to a data authority administrator; 3), the data authority administrator feeds back a confidential data visit request to the data storage administrator; 4) an re-encryption key is generated; after receiving the data visit request, the data owner generates re-encryption key according to the public key information of the user, and sends to the data storage administrator; 5), re-encrypted ciphertext is distributed; the data storage administrator applies the re-encryption key to encrypt the confidential data ciphertext requested to visit by the secret key encryption data; the re-encrypted ciphertext is is acquired, and sent to the authorized data user. The method can easier realize the safe and high-efficient distribution of multiple users, and has high practicability.

The invention discloses an identity association method based on a block chain. The method comprises the following steps: a client generates a first asymmetric key pair for a login user, generates an account address of the login user in the corresponding one or more blockchain networks according to a first public key in a first asymmetric key pair of the login user and a generation rule of one or more blockchain accounts on which the login user depends; the client generates a two-dimensional code, the mobile terminal scans the two-dimensional code provided by the client to obtain an associationrequest message contained in the association request message, and analyzes the association request message to obtain the login user name and the account address of the login user in the correspondingone or more blockchain networks; the the mobile terminal randomly generates a second asymmetric key pair by, and generates the account address of the mobile terminal in the corresponding one or moreblockchain networks. According to the invention, the technical problems of time and labor consumption, low efficiency and poor security caused by the fact that association needs to be manually realized at the server in the existing method can be solved.

The invention relates to the wireless communication field, specifically discloses a method and apparatus for logoff of wireless IP access network association address, which, after the terminal leaves the IP access network in an abnormal mode, can avoid the problem that when the terminal receives the call of the user common identification corresponding to the terminal, the call can also be distributed from the IP access network according to the IP access network association address associated to the user identification. In the invention, when the terminal leaves a first wireless IP access network, if the association address of the terminal at the first wireless IP access network is not logoff to the IMS network, the other currently available access networks are used to inform the IMS network to logoff the association address of the terminal at the first wireless IP access network. When the available wireless IP access network exists, the terminal initiates a re-registration process to the wireless IP access network, and transmits the information for logoff of the first wireless IP access network to the S-CSCF; and the S-CSCF logs off the association address of the terminal at the first wireless IP access network.

The invention provides a ciphertext conversion method in a heterogeneous storage system, a decryption method and a decryption system, wherein the ciphertext conversion method comprises the steps of: on the basis of the identity ID of an authorized visitor appointed by a data owner, and the public key pair and the private key pair of the system, obtaining an identity-based decryption private key associated with the identity ID of the authorized visitor; on the basis of the access strategy appointed by the data owner and the identity-based decryption private key, obtaining a conversion key through an attribute-based encryption method; and, on the basis of the conversion key, converting an identity-based ciphertext to obtain an attribute-based ciphertext. By means of the ciphertext conversion method in the heterogeneous storage system, the decryption method and the decryption system provided by the invention, on the premise that a plaintext is not leaked, the identity-based ciphertext is converted into the attribute-based ciphertext; the fact that two encryption systems independently operate and are not influenced mutually can be ensured; and thus, a safe and effective way is provided for sharing secret data by users of two sets of storage systems having different encryption algorithms.

The invention discloses an identity association method and device based on track similarity, equipment and a storage medium, and the method comprises the steps: carrying out the serialization of to-be-analyzed track data of each system, and obtaining each track sequence in each system; calculating detail similarity and overall similarity between each track sequence in each system and each track sequence in other systems; for each track sequence in each system, performing weighted calculation according to the detail similarity and the overall similarity between the track sequence in each systemand each track sequence in other systems to obtain weighted track similarity between the track sequence in each system and each track sequence in other systems; and according to the weighted trajectory similarity between each trajectory sequence in each system and each trajectory sequence in other systems, associating the user identity information of the mutually similar trajectory sequences between different systems. By adopting the method and the device, the identity information corresponding to the mutually similar tracks among different systems can be accurately associated.