专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明授权

US08171295B2 Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable process 有权
标题翻译：信息处理装置，服务器装置，信息处理装置的方法，服务器装置的方法以及装置执行处理
公开(公告)号：US08171295B2
公开(公告)日：2012-05-01
申请号：US11001817
申请日：2004-12-02
申请人： Seiji Munetoh , Hiroshi Maruyama , Frank Seliger , Nataraj Nagaratnam
发明人： Seiji Munetoh , Hiroshi Maruyama , Frank Seliger , Nataraj Nagaratnam
IPC分类号： H04L29/06
CPC分类号： G06F21/52 , G06F21/57 , H04L63/123
摘要： To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program.An information processing apparatus uses signed integrity values unique to software configuration and asserting integrity of initial codes of a networked server. The server apparatus generates keys used for certifying the server apparatus (S810, S820, S830). One of the keys are certified by a third party to generate a digital signature (S840). The digital signature is attached to the integrity values and the signed integrity values are transmitted to the information processing apparatus for allowing the information processing apparatus to have secure services through the network (S850, S860).
摘要翻译：提供信息处理装置，服务器装置，信息处理装置的方法，服务器装置的方法和装置可执行程序。信息处理装置使用对软件配置唯一的有符号的完整性值和断言联网服务器的初始代码的完整性。服务器装置生成用于认证服务器装置的键（S810，S820，S830）。其中一个密钥由第三方认证生成数字签名（S840）。数字签名附加到完整性值，并且将签名的完整性值发送到信息处理设备，以允许信息处理设备通过网络具有安全服务（S850，S860）。

32. 发明申请

US20080168528A1 ROLE-BASED AUTHORIZATION USING CONDITIONAL PERMISSIONS 审中-公开
标题翻译：使用条件许可的基于角色的授权
公开(公告)号：US20080168528A1
公开(公告)日：2008-07-10
申请号：US11619672
申请日：2007-01-04
申请人： Dah-Haur Lin , Satoshi Hada , Anthony Joseph Nadalin , Nataraj Nagaratnam
发明人： Dah-Haur Lin , Satoshi Hada , Anthony Joseph Nadalin , Nataraj Nagaratnam
IPC分类号： G06F21/00
CPC分类号： H04L63/102 , G06F21/53 , G06F21/6218 , G06F2221/2105 , G06F2221/2141 , H04L63/105 , H04L63/168
摘要： The present invention implements a set of interfaces for a standard Java execution environment to provide authorization with conditional permissions. In particular, a framework enables a provider to provide a condition-based runtime authorization decision when a caller entity requests a Java resource. To this end, during a policy configuration certain “Conditions” may be associated with a standard Java Permission object using a ConditionalPermission class. Each “Condition” may be represented in one of a set of different conditions (e.g., containment, logical, comparison, owner and regular expression conditions) using various name-value pairs of “AttributeName” objects. During runtime, an “implies” method in the ConditionalPermission class returns true if the argument permission is implied by the wrapped permission and the additional “Conditions” are evaluated to be true. The ConditionalPermission class allows the caller to seamlessly instrument an instance evaluation “Condition” into a regular permission evaluation and to hand off this evaluation to a provider to facilitate an instance-based runtime authorization decision. The framework is highly flexible and provides for a wide-range of possible fine-grained policy and instance-based “Conditions” for authorization evaluation.
摘要翻译：本发明实现了用于标准Java执行环境的一组接口，以提供具有条件许可的授权。特别地，当呼叫者实体请求Java资源时，框架使得供应商能够提供基于条件的运行时授权决定。为此，在策略配置期间，某些“条件”可能与使用ConditionalPermission类的标准Java Permission对象相关联。可以使用“AttributeName”对象的各种名称 - 值对，以一组不同条件（例如，包含，逻辑，比较，所有者和正则表达条件）中的一个来表示每个“条件”。在运行时，ConditionalPermission类中的“暗示”方法如果被包装的权限隐含参数许可，并且额外的“条件”被评估为true，则返回true。 ConditionalPermission类允许调用者将实例评估“条件”无缝地仪器仪器置于常规权限评估中，并将此评估移交给提供者以促进基于实例的运行时授权决策。该框架是高度灵活的，并提供广泛的可能的细粒度政策和基于实例的“条件”进行授权评估。

33. 发明申请

US20080154559A1 Method and system for variable scale time management for simulation environments 审中-公开
标题翻译：用于模拟环境的可变尺度时间管理的方法和系统
公开(公告)号：US20080154559A1
公开(公告)日：2008-06-26
申请号：US11548910
申请日：2006-10-12
申请人： Chethan Ram , Nataraj Nagaratnam , Michael Levi Fraenkel
发明人： Chethan Ram , Nataraj Nagaratnam , Michael Levi Fraenkel
IPC分类号： G06G7/48
CPC分类号： G06Q10/06
摘要： A system for variable scale time management in a simulation environment may include a simulation orchestrator to receive a job plan including a group of jobs and to execute a simulation of the group of jobs. The system may also include a scale time management (VSTM) component to factor an actual execution time for all jobs and to determine a scale-down time factor. The system may further include an output device to present results of the simulation based on the scale-down time factor.
摘要翻译：用于在模拟环境中进行可变规模时间管理的系统可以包括用于接收包括一组作业的作业计划并且执行该组作业的模拟的模拟编排器。系统还可以包括缩放时间管理（VSTM）组件，以确定所有作业的实际执行时间并确定缩小时间因子。系统还可以包括输出装置，以基于缩小时间因子来呈现模拟结果。

34. 发明申请

US20070056026A1 Role-based access control management for multiple heterogeneous application components 失效
标题翻译：基于角色的多个异构应用程序组件的访问控制管理
公开(公告)号：US20070056026A1
公开(公告)日：2007-03-08
申请号：US11221630
申请日：2005-09-08
申请人： Kathryn Britton , Dieter Buehler , Ching-Yun Chao , Timothy Hahn , Anthony Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , Chun Yang
发明人： Kathryn Britton , Dieter Buehler , Ching-Yun Chao , Timothy Hahn , Anthony Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , Chun Yang
IPC分类号： H04L9/32
CPC分类号： G06F21/6236
摘要： Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.
摘要翻译：本发明的实施例解决了本领域在访问控制方面的缺陷，并提供了用于异构应用组件的集合的访问控制管理的方法，系统和计算机程序产品。在第一实施例中，用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。系统还可以包括将用户与业务角色相关联的至少一个访问策略。最后，系统可以包括策略部署逻辑，包括能够处理访问策略的程序代码，以将用户分配给不同应用程序组件中的不同应用程序角色。

35. 发明申请

US20060294383A1 Secure data communications in web services 审中-公开
标题翻译：在Web服务中安全的数据通信
公开(公告)号：US20060294383A1
公开(公告)日：2006-12-28
申请号：US11168716
申请日：2005-06-28
申请人： Paula Austel , Maryann Hondo , Michael McIntosh , Anthony Nadalin , Nataraj Nagaratnam
发明人： Paula Austel , Maryann Hondo , Michael McIntosh , Anthony Nadalin , Nataraj Nagaratnam
IPC分类号： H04L9/00
CPC分类号： G06F21/606 , G06F21/629 , H04L63/12
摘要： Methods, systems, and products are disclosed in which secure data communications in web services are provided generally by receiving in a web service from a client a request containing an element bearing a first signature, the signature having a value; signing the value of the first signature, thereby creating a second signature; and sending a response from the web service to the client, the response including the second signature. The requester may verify that the response includes the second signature. The request may be encrypted, and the response may be encrypted. The first signature may be encrypted, and the web service may encrypt the value of the first signature and include the encrypted value of the first signature in the response. The web service may receive a request encoded in SOAP and may send a response also encoded in SOAP.
摘要翻译：公开了一种方法，系统和产品，其中Web服务中的安全数据通信通常通过从客户端接收web服务来提供包含具有第一签名的元素的请求，该签名具有值; 签署第一签名的价值，从而创建第二个签名; 以及将所述web服务的响应发送到所述客户端，所述响应包括所述第二签名。请求者可以验证响应包括第二个签名。该请求可以被加密，并且响应可以被加密。可以对第一签名进行加密，并且web服务可以加密第一签名的值并将第一签名的加密值包括在响应中。 Web服务可以接收以SOAP编码的请求，并且可以发送也以SOAP编码的响应。

36. 发明授权

US07124192B2 Role-permission model for security policy administration and enforcement 有权
公开(公告)号：US07124192B2
公开(公告)日：2006-10-17
申请号：US09943618
申请日：2001-08-30
申请人： Robert Howard High, Jr. , Anthony Joseph Nadalin , Nataraj Nagaratnam
发明人： Robert Howard High, Jr. , Anthony Joseph Nadalin , Nataraj Nagaratnam
IPC分类号： G06F15/16 , G06F7/00 , G06F17/30
CPC分类号： H04L63/20 , H04L63/102 , H04L63/105 , Y10S707/99939
摘要： Methods, systems, and computer program products are disclosed for protecting the security of resources in distributed computing environments. The disclosed techniques improve administration and enforcement of security policies. Allowed actions on resources, also called permissions, (such as invocations of particular methods, read or write access of a particular row or perhaps a particular column in a database table, and so forth) are grouped, and each group of permissions is associated with a role name. A particular action on a particular resource may be specified in more than one group, and therefore may be associated with more than one role. Each role is administered as a security object. Users and/or user groups may be associated with one or more roles. At run-time, access to a resource is protected by determining whether the invoking user has been associated with (granted) at least one of the roles required for this type of access on this resource.

37. 发明授权

US06965939B2 Method and apparatus for processing requests in a network data processing system based on a trust association between servers 有权
标题翻译：基于服务器之间的信任关联在网络数据处理系统中处理请求的方法和装置
公开(公告)号：US06965939B2
公开(公告)日：2005-11-15
申请号：US09755351
申请日：2001-01-05
申请人： Gennaro A. Cuomo , Wilfred C. Jamison , Nataraj Nagaratnam
发明人： Gennaro A. Cuomo , Wilfred C. Jamison , Nataraj Nagaratnam
IPC分类号： G06F15/16 , H04L9/00 , H04L29/06 , H04L29/08
CPC分类号： H04L63/0281 , H04L63/08 , H04L63/0807 , H04L63/102 , H04L67/28 , H04L67/2804
摘要： A method, apparatus, and computer implemented instructions for handling requests in a network data processing system. The network data processing system includes a network and clients connected to the network. A first server is present in which the first server receives a request from a client to access a resource, performs an authentication process with the client, add information to the request in which the information indicates that the request is from a trusted source to form a modified request, and sends the modified request for processing. This modified request is received by a second server. This second server determines whether the first server is a trusted server based on the information, and provides access to the resource in response to a determination that the first server is a trusted server. If the second server receives the request directly from a client, it would process the request by itself instead of basing its trust on any of the known first servers.
摘要翻译：一种用于在网络数据处理系统中处理请求的方法，装置和计算机实现的指令。网络数据处理系统包括网络和连接到网络的客户端。存在第一服务器，其中第一服务器从客户端接收到访问资源的请求，与客户端进行认证处理，向请求添加信息，在该请求中，该信息指示请求来自可信源，以形成修改请求，并发送修改后的请求进行处理。该修改的请求由第二服务器接收。该第二服务器基于该信息确定第一服务器是否为可信服务器，并响应于确定第一服务器是可信服务器而提供对资源的访问。如果第二台服务器直接从客户端收到请求，它将自己处理该请求，而不是将其信任放在任何已知的第一台服务器上。

38. 发明申请

US20050154886A1 Declarative trust model between reverse proxy server and websphere application server 审中-公开
标题翻译：反向代理服务器和Websphere应用服务器之间的声明信任模型
公开(公告)号：US20050154886A1
公开(公告)日：2005-07-14
申请号：US10755828
申请日：2004-01-12
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung , Ajay Karkala , Carlton Mason , Nataraj Nagaratnam , Brian Smith , Vishwanath Venkataramappa
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung , Ajay Karkala , Carlton Mason , Nataraj Nagaratnam , Brian Smith , Vishwanath Venkataramappa
IPC分类号： H04L9/00 , H04L29/06
CPC分类号： H04L63/0815 , H04L63/0209 , H04L63/105
摘要： A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.
摘要翻译：一种用于提供声明性信任关联模型的方法和系统，其形式化信任建立的方式，并且需要以标准格式呈现相应的认证信息。因此，应用服务器可以提供有保证的保护级别。本发明的机制提供了一种框架，其允许应用服务器执行信任评估，并允许反向代理安全服务器断言客户端的安全身份以及其他客户端安全凭证信息。扩展了一个已知的信任关联拦截器模型，以允许反向代理安全服务器断言经过身份验证的用户的安全属性。这样的安全属性包括例如组信息，认证强度和位置（即，用户进入请求，内联网与互联网，IP地址等在哪里）。安全属性可用于作出授权决定。

39. 发明授权

US09727902B2 Mitigating distribution and consumption of counterfeit products 有权
公开(公告)号：US09727902B2
公开(公告)日：2017-08-08
申请号：US12791933
申请日：2010-06-02
申请人： Sanjay Mecheri Kesavan , Nataraj Nagaratnam , Lohitashwa Thyagaraj
发明人： Sanjay Mecheri Kesavan , Nataraj Nagaratnam , Lohitashwa Thyagaraj
IPC分类号： G06Q10/10 , G06Q30/02 , G06Q30/06 , G06Q10/04 , G06Q10/06 , G06Q30/00
CPC分类号： G06Q30/0603 , G06Q30/018 , G06Q30/0185
摘要： A method, system, and computer usable program product for mitigating distribution or consumption of counterfeit products in a supply chain are provided in the illustrative embodiments. A first set of identifiers is generated to associate with a product to be manufactured. The first set of identifiers includes identifiers corresponding to a customer reference number (CRN), a customer acknowledgment number (CAN), and a merchant acknowledgment number (MAN). The first set of identifiers is associated with the product and a status indicator. The status indicator is set to a first value representative of the product being an original product and the product being available for sale. The first set of identifiers is transmitted to another second application.

40. 发明授权

US08560857B2 Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program 失效
标题翻译：信息处理装置，服务器装置，信息处理装置的方法，服务器装置的方法和装置可执行程序
公开(公告)号：US08560857B2
公开(公告)日：2013-10-15
申请号：US13432715
申请日：2012-03-28
申请人： Seiji Munetoh , Hiroshi Maruyama , Frank Seliger , Nataraj Nagaratnam
发明人： Seiji Munetoh , Hiroshi Maruyama , Frank Seliger , Nataraj Nagaratnam
IPC分类号： H04L29/06
CPC分类号： G06F21/52 , G06F21/57 , H04L63/123
摘要： To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program.An information processing apparatus uses signed integrity values unique to software configuration and asserting integrity of initial codes of a networked server. The server apparatus generates keys used for certifying the server apparatus (S810, S820, S830). One of the keys are certified by a third party to generate a digital signature (S840). The digital signature is attached to the integrity values and the signed integrity values are transmitted to the information processing apparatus for allowing the information processing apparatus to have secure services through the network (S850, S860).
摘要翻译：提供信息处理装置，服务器装置，信息处理装置的方法，服务器装置的方法和装置可执行程序。信息处理装置使用对软件配置唯一的有符号的完整性值和断言联网服务器的初始代码的完整性。服务器装置生成用于认证服务器装置的键（S810，S820，S830）。其中一个密钥由第三方认证生成数字签名（S840）。数字签名附加到完整性值，并且将签名的完整性值发送到信息处理设备，以允许信息处理设备通过网络具有安全服务（S850，S860）。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式