专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

US20130007845A1 Authentication and authorization methods for cloud computing security platform 有权
标题翻译：云计算安全平台的认证和授权方法
公开(公告)号：US20130007845A1
公开(公告)日：2013-01-03
申请号：US13173563
申请日：2011-06-30
申请人： David Yu Chang , Messaoud Benantar , John Yow-Chun Chang , Vishwanath Venkataramappa
发明人： David Yu Chang , Messaoud Benantar , John Yow-Chun Chang , Vishwanath Venkataramappa
IPC分类号： G06F17/30
CPC分类号： H04L63/104 , G06F21/62 , G06F21/6218 , G06F21/78 , G06F2221/2115 , H04L63/08 , H04L63/0815 , H04L67/10 , H04L67/34 , H04L67/42
摘要： An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.
摘要翻译：云计算环境的认证和授权插件模型使云客户在将应用程序部署在云中时能够保留对其企业信息的控制。云服务提供商为客户安全模块提供可插拔的界面。当客户部署应用程序时，云环境管理员为客户的应用程序和数据分配资源组（例如，处理器，存储和内存）。客户将其自己的认证和授权安全模块注册到云安全服务，然后该安全模块用于控制哪些人员或实体可以访问与部署的应用程序相关的信息。然而，云环境管理员通常没有在客户的安全模块中注册（作为允许的用户）; 因此，云环境管理员无法访问（或向其他人或云的一般资源池）访问分配给云客户的资源（即使管理员自己分配了这些资源）或相关联的业务信息。为了进一步平衡各方的权利，第三方公证服务在将应用程序和信息部署在云中时保护客户的隐私和访问权限。

12. 发明申请

US20080222697A1 Application Server Object-level Security for Distributed Computing Domains 有权
标题翻译：分布式计算域的应用服务器对象级安全性
公开(公告)号：US20080222697A1
公开(公告)日：2008-09-11
申请号：US12123693
申请日：2008-05-20
申请人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
IPC分类号： G06F21/00
CPC分类号： G06F21/31
摘要： Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要翻译：应用服务器上的对象可以被定义为接收不同级别的安全保护的类，例如用户对象和管理对象的定义。可以在管理对象上实施全域安全性，可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。在CORBA体系结构中，IOR对于在域范围内进行安全保护的共享对象（如管理对象）在IOR创建和导出到名称服务器期间提供了已标记组件。之后，当客户端使用IOR时，客户机根据标记的组件调用必要的安全措施，如认证，授权和传输保护。

13. 发明申请

US20050154886A1 Declarative trust model between reverse proxy server and websphere application server 审中-公开
标题翻译：反向代理服务器和Websphere应用服务器之间的声明信任模型
公开(公告)号：US20050154886A1
公开(公告)日：2005-07-14
申请号：US10755828
申请日：2004-01-12
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung , Ajay Karkala , Carlton Mason , Nataraj Nagaratnam , Brian Smith , Vishwanath Venkataramappa
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung , Ajay Karkala , Carlton Mason , Nataraj Nagaratnam , Brian Smith , Vishwanath Venkataramappa
IPC分类号： H04L9/00 , H04L29/06
CPC分类号： H04L63/0815 , H04L63/0209 , H04L63/105
摘要： A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.
摘要翻译：一种用于提供声明性信任关联模型的方法和系统，其形式化信任建立的方式，并且需要以标准格式呈现相应的认证信息。因此，应用服务器可以提供有保证的保护级别。本发明的机制提供了一种框架，其允许应用服务器执行信任评估，并允许反向代理安全服务器断言客户端的安全身份以及其他客户端安全凭证信息。扩展了一个已知的信任关联拦截器模型，以允许反向代理安全服务器断言经过身份验证的用户的安全属性。这样的安全属性包括例如组信息，认证强度和位置（即，用户进入请求，内联网与互联网，IP地址等在哪里）。安全属性可用于作出授权决定。

14. 发明授权

US5940871A Computer system and method for selectively decompressing operating system ROM image code using a page fault 失效
标题翻译：使用页面错误选择性地解压缩操作系统ROM映像代码的计算机系统和方法
公开(公告)号：US5940871A
公开(公告)日：1999-08-17
申请号：US739228
申请日：1996-10-28
申请人： Prabhakar Goyal , Grama Kasturi Harish , James Darrell Heath , Chakravarthy Jagannadhan , Vishwanath Venkataramappa
发明人： Prabhakar Goyal , Grama Kasturi Harish , James Darrell Heath , Chakravarthy Jagannadhan , Vishwanath Venkataramappa
IPC分类号： G06F9/318 , G06F9/38 , G06F12/08 , G06F12/10 , G06F5/00 , G06F13/00
CPC分类号： G06F9/30178 , G06F12/08 , G06F9/3017 , G06F9/3861 , G06F9/4401 , G06F2212/401
摘要： A system and method for compressing portions of the operating system in a ROM image and for executing the system from the compressed image. Compression is used to reduce the size of the ROM image to reduce component cost. Low use segments are compressed. The operating system is initialized into a virtual address space with entries only for the uncompressed segments. Attempts to execute a compressed segment result in a page fault. The page fault handler determines that the segment is compressed, allocates a new page and decompresses the page into RAM for execution. The RAM copy of the segment is used for execution until the page is reused for another purpose. Later execution causes a new page fault and reallocation.A memory object reference is created for components of the image; a virtual memory page reference is then made for each component not in a compressed form; instructions are then executed by reference to the image; a page fault is detected when attempting to execute an instruction in a component not having a page table reference; a compressed image is then decompressed into the random access memory in response to the page fault.
摘要翻译：一种用于压缩ROM图像中的操作系统的部分并且用于从压缩图像执行系统的系统和方法。压缩用于减小ROM映像的大小以降低组件成本。低使用段被压缩。操作系统被初始化为一个虚拟地址空间，只有未压缩段的条目。尝试执行压缩段会导致页面错误。页面错误处理程序确定段被压缩，分配一个新页面并将页面解压缩到RAM中以供执行。段的RAM副本用于执行，直到页面被重用为另一目的。后来执行会导致新的页面错误和重新分配。为图像的组件创建记忆对象引用; 然后针对不是压缩形式的每个组件进行虚拟内存页面引用; 然后通过参考图像执行指令; 当在不具有页表引用的组件中执行指令时，检测到页错误; 然后将压缩图像解压缩到随机存取存储器中以响应页面错误。

15. 发明授权

US5940850A System and method for selectively enabling load-on-write of dynamic ROM data to RAM 失效
标题翻译：用于选择性地将动态ROM数据写入RAM的系统和方法
公开(公告)号：US5940850A
公开(公告)日：1999-08-17
申请号：US742108
申请日：1996-10-31
申请人： Grama Kasturi Harish , James Darrell Heath , Vishwanath Venkataramappa
发明人： Grama Kasturi Harish , James Darrell Heath , Vishwanath Venkataramappa
IPC分类号： G06F12/06 , G06F12/10 , G06F13/00
CPC分类号： G06F12/0638
摘要： A system and method for loading dynamic data stored in read-only memory (ROM) is loaded into random access memory (RAM) only when it is being modified. Unmodified dynamic data is used from ROM saving valuable RAM space. Virtual memory page table entries are created for all dynamic data with the physical reference pointing to the dynamic data in ROM. Page table entries in a translation table for dynamic data in ROM include a virtual address to physical address mapping and are marked read-only causing a write-access exception if an attempt is made to write to or update the dynamic data. Write-access exceptions are intercepted, and a write-access exception caused by an attempt to write to dynamic data in ROM causes the system to allocate a dynamic data page in RAM, copy the ROM data to the RAM, update the page table entry to point to the RAM page rather than the ROM page, and finally to update the dynamic data now present in read-write RAM.
摘要翻译：存储在只读存储器（ROM）中的加载动态数据的系统和方法仅在其被修改时被加载到随机存取存储器（RAM）中。 ROM中使用未修改的动态数据，节省宝贵的RAM空间。为所有动态数据创建虚拟内存页表项，物理引用指向ROM中的动态数据。用于ROM中动态数据的转换表中的页表条目包括物理地址映射的虚拟地址，如果尝试写入或更新动态数据，则标记为只读，导致写入访问异常。写入访问异常被拦截，并且由于写入到ROM中的动态数据而引起的写访问异常导致系统在RAM中分配动态数据页，将ROM数据复制到RAM，将页表条目更新为指向RAM页面而不是ROM页面，最后更新现在存在于读写RAM中的动态数据。

16. 发明授权

US09052963B2 Cloud computing data center machine monitor and control 有权
标题翻译：云计算数据中心机监控
公开(公告)号：US09052963B2
公开(公告)日：2015-06-09
申请号：US13476795
申请日：2012-05-21
申请人： David Y. Chang , John Y Chang , Edwin M Philpot, Jr. , Vishwanath Venkataramappa
发明人： David Y. Chang , John Y Chang , Edwin M Philpot, Jr. , Vishwanath Venkataramappa
IPC分类号： G06F15/173 , G06F9/50 , G06F11/30 , G06F11/34
CPC分类号： G06F9/5072 , G06F11/3003 , G06F11/3058 , G06F11/3409 , G06F2201/815
摘要： Systems, methods and computer-readable media provide for identifying a physical machine corresponding to a virtual machine. A system assigns a data center machine identifier to a physical computing device in a data center, along with a physical location for the physical computing system. In response to creating a virtual machine on the physical computing device, the system creates a mapping from a virtual machine identifier for the virtual machine to the data center machine identifier for the physical computing system.
摘要翻译：系统，方法和计算机可读介质提供用于识别对应于虚拟机的物理机。系统将数据中心机器标识符与物理计算系统的物理位置一起分配给数据中心中的物理计算设备。响应于在物理计算设备上创建虚拟机，系统创建从虚拟机的虚拟机标识符到用于物理计算系统的数据中心机器标识符的映射。

17. 发明申请

US20130346543A1 CLOUD SERVICE SELECTOR 审中-公开
标题翻译：云服务选择器
公开(公告)号：US20130346543A1
公开(公告)日：2013-12-26
申请号：US13530267
申请日：2012-06-22
申请人： Messaoud B. Benantar , David Y. Chang , John Y. Chang , Vishwanath Venkataramappa
发明人： Messaoud B. Benantar , David Y. Chang , John Y. Chang , Vishwanath Venkataramappa
IPC分类号： G06F15/16
CPC分类号： G06F9/5055 , G06F2209/502
摘要： In a method for selecting a remote application service from a plurality of remote application services containing a requested electronic resource, a computer receives a request for an electronic resource. The computer sends a request for a geographic location of each node in the plurality of nodes containing the electronic resource. The computer determines a distance between the geographic location of each node in the plurality of nodes and the geographic location of the origin of the request for the electronic resource, respectively. The computer selects a remote application service based at least partially on the distance between the geographic location of each node and the geographic location of the origin of the request for the electronic resource.
摘要翻译：在从包含所请求的电子资源的多个远程应用服务中选择远程应用服务的方法中，计算机接收对电子资源的请求。计算机在包含电子资源的多个节点中发送对每个节点的地理位置的请求。计算机分别确定多个节点中的每个节点的地理位置与电子资源的请求的原点的地理位置之间的距离。计算机至少部分地基于每个节点的地理位置与电子资源的请求的原点的地理位置之间的距离来选择远程应用服务。

18. 发明申请

US20130311632A1 CLOUD COMPUTING DATA CENTER MACHINE MONITOR AND CONTROL 有权
标题翻译：云计算数据中心机监控与控制
公开(公告)号：US20130311632A1
公开(公告)日：2013-11-21
申请号：US13476795
申请日：2012-05-21
申请人： David Y. Chang , John Y. Chang , Edwin M. Philpot , Vishwanath Venkataramappa
发明人： David Y. Chang , John Y. Chang , Edwin M. Philpot , Vishwanath Venkataramappa
IPC分类号： G06F15/173
CPC分类号： G06F9/5072 , G06F11/3003 , G06F11/3058 , G06F11/3409 , G06F2201/815
摘要： Systems, methods and computer-readable media provide for identifying a physical machine corresponding to a virtual machine. A system assigns a data center machine identifier to a physical computing device in a data center, along with a physical location for the physical computing system. In response to creating a virtual machine on the physical computing device, the system creates a mapping from a virtual machine identifier for the virtual machine to the data center machine identifier for the physical computing system.
摘要翻译：系统，方法和计算机可读介质提供用于识别对应于虚拟机的物理机。系统将数据中心机器标识符与物理计算系统的物理位置一起分配给数据中心中的物理计算设备。响应于在物理计算设备上创建虚拟机，系统创建从虚拟机的虚拟机标识符到用于物理计算系统的数据中心机器标识符的映射。

19. 发明授权

US07810132B2 Application server object-level security for distributed computing domains 有权
标题翻译：分布式计算域的应用服务器对象级安全性
公开(公告)号：US07810132B2
公开(公告)日：2010-10-05
申请号：US12123693
申请日：2008-05-20
申请人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
IPC分类号： H04L29/06 , G06F17/00 , G06F15/16 , G06F9/44 , G06F9/00
CPC分类号： G06F21/31
摘要： Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.
摘要翻译：应用程序服务器上的对象分发到一个或多个应用程序服务器; 允许用户在列表中声明哪些驻留在每个应用服务器上的对象将被保护; 列表由拦截器读取; 响应于为列出的对象导出通用对象请求代理体系结构（“CORBA”）兼容的可互操作对象引用（“IOR”），拦截器通过标记所列对象的组件将一个或多个应用程序服务器安全标志与列出的对象的接口相关联 IOR带有一个或多个安全标志; 并且当客户端访问应用服务器存储的对象时，应用服务器根据标记为IOR的安全标志执行一个或多个安全操作，该安全操作包括除客户端进程和服务器端之间建立安全通信之外的操作，存储对象。

20. 发明授权

US07731089B2 Interactive physical mail content management 有权
标题翻译：交互式物理邮件内容管理
公开(公告)号：US07731089B2
公开(公告)日：2010-06-08
申请号：US11463089
申请日：2006-08-08
申请人： David Yu Chang , John Yow-Chun Chang , Vishwanath Venkataramappa
发明人： David Yu Chang , John Yow-Chun Chang , Vishwanath Venkataramappa
IPC分类号： G06F19/00 , G06Q30/00 , G06Q90/00 , G06F17/00 , G07B17/02 , G08B13/08 , G08B13/14 , G08B13/12
CPC分类号： G06Q10/00 , A47G29/1214 , G06Q10/087
摘要： A computer implemented method, apparatus, and computer usable program code for interactive mail management of physical mail. Physical mail is received in a mailbox. An identifier is read in response to receiving the physical mail in the mailbox. The physical mail contains the identifier. Information contained in the identifier is sent to the mail recipient. The mail recipient is able to identify instructions for communicating with a sender associated with the physical mail based on the information from the identifier.
摘要翻译：用于物理邮件的交互式邮件管理的计算机实现的方法，装置和计算机可用程序代码。在邮箱中收到物理邮件。响应于在邮箱中接收到物理邮件而读取标识符。物理邮件包含标识符。标识符中包含的信息被发送到邮件收件人。邮件收件人能够基于来自标识符的信息来识别与与物理邮件相关联的发送者进行通信的指令。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式