专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明申请

US20100095127A1 TUNABLE ENCRYPTION SYSTEM 失效
标题翻译：可控加密系统
公开(公告)号：US20100095127A1
公开(公告)日：2010-04-15
申请号：US12248982
申请日：2008-10-10
申请人： Dwip N. Banerjee , Sandeep Ramesh Patil , Sachin C. Punadikar , Ravi A. Shankar
发明人： Dwip N. Banerjee , Sandeep Ramesh Patil , Sachin C. Punadikar , Ravi A. Shankar
IPC分类号： H04L9/32
CPC分类号： H04L63/0428 , H04L63/0807 , H04L63/105
摘要： A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user's Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user's Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user's own choice.
摘要翻译：提供了一种方法，编程介质和系统，用于使用户能够从用户的Kerberos配置文件中列出的多种加密类型中选择用户优选的加密类型。在Kerberos系统中的故障单授予过程中，请求用户从用户的Kerberos配置文件中包含的加密类型中选择要在Kerberos通信中使用的首选加密类型。用户选择的加密类型然后被实现用于加密会话票据（以及生成用户请求的加密类型的会话密钥），以供用户机器在被特定的通信时与Kerberized应用服务器进行安全通信时使用用户。因此，系统允许不同的用户使用用户自己选择的受支持的加密类型同时与相同的Kerberized应用服务器进行通信。

32. 发明申请

US20100043069A1 Authorized Authorization Set in RBAC Model 失效
标题翻译： RBAC模型中的授权授权集
公开(公告)号：US20100043069A1
公开(公告)日：2010-02-18
申请号：US12191644
申请日：2008-08-14
申请人： Ranganathan Vidya , Murali Vaddagiri , Ravi A. Shankar , Saurabh Desai
发明人： Ranganathan Vidya , Murali Vaddagiri , Ravi A. Shankar , Saurabh Desai
IPC分类号： G06F21/00
CPC分类号： G06F9/468 , G06F21/62
摘要： The Authorized Authorization Set System comprising a modified operating system, a command table containing authorized authorization sets, and a modified RBAC security system, eliminates the need for inherited privileges that must be passed to subcommands in order for the command to run. The modified operating system accesses a table containing authorized authorization sets which identify the privileges for all subcommands within a command. When a user is assigned an accessauth for a command, and a sub-command is a privileged sub-command, the privileged sub-command is only run when the accessauth of the sub-command is included in the authorized authorization set of the command.
摘要翻译：授权授权集系统包括修改的操作系统，包含授权授权集的命令表和修改后的RBAC安全系统，不需要传递给子命令的继承权限，以便命令运行。修改的操作系统访问包含授权授权集的表，其中标识命令中所有子命令的权限。当用户被分配了命令的访问权限，子命令是特权子命令时，只有在命令的授权授权集合中包含子命令的访问权限时，才会运行特权子命令。

33. 发明申请

US20080271139A1 DETERMINATION OF ACCESS CHECKS IN A MIXED ROLE BASED ACCESS CONTROL AND DISCRETIONARY ACCESS CONTROL ENVIRONMENT 失效
标题翻译：基于混合角色的访问控制和离散访问控制环境中的访问检查的确定
公开(公告)号：US20080271139A1
公开(公告)日：2008-10-30
申请号：US11742099
申请日：2007-04-30
申请人： Saurabh Desai , Niteesh Kumar Dubey , Ravi A. Shankar , Drew Thomas Walters
发明人： Saurabh Desai , Niteesh Kumar Dubey , Ravi A. Shankar , Drew Thomas Walters
IPC分类号： H04L9/32
CPC分类号： G06F21/6218
摘要： A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command.
摘要翻译：一种用于混合自由访问控制和基于角色的访问控制环境中的访问控制的计算机实现的方法，装置和计算机程序产品。在一个实施例中，使用调用该命令的用户的一组基于角色的授权来确定命令的执行访问。响应于基于基于角色的授权集合来授权调用该命令的用户的确定，提出与该命令相关联的一组权限中的特权。在权限集中提升权限将绕过自由访问控制检查。响应于基于一组基于角色的授权来确定用户调用命令是未经授权的，使用与该命令相关联的一组自由访问模式位来确定该命令的执行访问。

34. 发明授权

US07428306B2 Encryption apparatus and method for providing an encrypted file system 失效
标题翻译：用于提供加密文件系统的加密装置和方法
公开(公告)号：US07428306B2
公开(公告)日：2008-09-23
申请号：US11406184
申请日：2006-04-18
申请人： Ufuk Celikkan , William C. Conklin , Shawn P. Mullen , Ravi A. Shankar
发明人： Ufuk Celikkan , William C. Conklin , Shawn P. Mullen , Ravi A. Shankar
IPC分类号： H04L9/14
CPC分类号： G06F21/602 , G06F21/6218 , H04L9/0637
摘要： An encryption apparatus and method for providing an encrypted file system are provided. The encryption apparatus and method of the illustrative embodiments uses a combination of encryption methodologies so as to reduce the amount of decryption and re-encryption that is necessary to a file in the Encrypted File System in the event that the file needs to be modified. The encryption methodologies are interleaved, or alternated, with regard to each block of plaintext. In one illustrative embodiment, Plaintext Block Chaining (PBC) and Cipher Block Chaining (CBC) encryption methodologies are alternated for encrypting a sequence of blocks of data. The encryption of a block of plaintext is dependent upon the plaintext or a cipher generated for the plaintext of a previous block of data in the sequence of blocks of data so that the encryption is more secure than known Electronic Code Book encryption methodologies.
摘要翻译：提供了一种用于提供加密文件系统的加密装置和方法。说明性实施例的加密装置和方法使用加密方法的组合，以便在需要修改文件的情况下减少加密文件系统中的文件所必需的解密和重新加密的量。关于每个明文块，加密方法被交织或交替。在一个说明性实施例中，替代了明文块链接（PBC）和密码块链接（CBC）加密方法来加密数据块序列。明文块的加密取决于明文或为数据块序列中的先前数据块的明文生成的密码，使得加密比已知的电子代码簿加密方法更安全。

35. 发明申请

US20080134320A1 METHOD FOR AUTOMATIC ROLE ACTIVATION 有权
标题翻译：自动角度激活方法
公开(公告)号：US20080134320A1
公开(公告)日：2008-06-05
申请号：US11565249
申请日：2006-11-30
申请人： Saurabh Desai , Niteesh Kumar Dubey , Yantian Tom Lu , Ravi A. Shankar , Murali Vaddagiri , Drew Thomas Walters , Xinya Wang
发明人： Saurabh Desai , Niteesh Kumar Dubey , Yantian Tom Lu , Ravi A. Shankar , Murali Vaddagiri , Drew Thomas Walters , Xinya Wang
IPC分类号： H04L9/32
CPC分类号： G06F21/30 , G06F21/6218
摘要： A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.
摘要翻译：提供了一种用于自动激活角色的方法，设备和计算机可用程序产品。当用户发起一个动作时，确定该动作所需的一组角色。还识别分配给用户的一组角色。从两组角色中，两个集合共同的所有角色都在角色的一个子集中标识。该子集中的角色被分配给用户，并且对于该动作是足够的。根据有效的系统策略，选择此角色子集中的一个或多个角色进行激活。所选角色将自动激活，无需用户干预。一旦所选择的角色被激活，它们可以在完成当前动作时变为不活动，或者在用户会话的全部或部分期间对用户的后续动作保持活动状态。系统策略可以决定如何激活角色，激活角色保持活动的持续时间。

36. 发明授权

US09110717B2 Managing use of lease resources allocated on fallover in a high availability computing environment 有权
标题翻译：管理在高可用性计算环境中使用分配给fallover的租赁资源
公开(公告)号：US09110717B2
公开(公告)日：2015-08-18
申请号：US13542639
申请日：2012-07-05
申请人： Jes Kiran Chittigala , Ravi A. Shankar
发明人： Jes Kiran Chittigala , Ravi A. Shankar
IPC分类号： G06F11/00 , G06F9/50 , G06F11/20
CPC分类号： H04L47/70 , G06F9/50 , G06F9/5022 , G06F11/203 , G06F11/2041 , G06F11/2046 , H04L67/10 , H04L69/28
摘要： Responsive to a cluster manager for a particular node from among multiple nodes allocating at least one leased resource for a resource group for an application workload on the particular node, on fallover of the resource group from another node to the particular node, setting a timer thread, by the cluster manager for the particular node, to track an amount of time remaining for an initial lease period of the at least one leased resource. Responsive to the timer thread expiring while the resource group is holding the at least one leased resource, maintaining, by the cluster manager for the particular node, the resource group comprising the at least one leased resource for an additional lease period and automatically incurring an additional fee, only if the particular node has the capacity to handle the resource group at a lowest cost from among the nodes.
摘要翻译：响应于来自多个节点中的特定节点的集群管理器，在资源组从另一个节点到特定节点的后退时，为特定节点上的应用程序工作负载为资源组分配至少一个租用资源，设置定时器线程由所述特定节点的所述群集管理器跟踪所述至少一个租用资源的初始租赁期间剩余的时间量。响应于定时器线程在资源组持有至少一个租用资源的期限过期期间，由特定节点的集群管理器维护包括至少一个租用资源的资源组以用于另外的租赁期，并自动产生额外的费用，只有特定节点具有以节点中最低成本处理资源组的能力。

37. 发明授权

US08943372B2 Systems and methods for open and extensible integration of management domains in computation and orchestration of resource placement 有权
标题翻译：开放和可扩展地整合管理领域的计算和编排资源安置的系统和方法
公开(公告)号：US08943372B2
公开(公告)日：2015-01-27
申请号：US13435121
申请日：2012-03-30
申请人： David C. Frank , Richard E. Harper , Jeffrey Lucash , Kyung D. Ryu , Ravi A. Shankar , Thomas Weaver
发明人： David C. Frank , Richard E. Harper , Jeffrey Lucash , Kyung D. Ryu , Ravi A. Shankar , Thomas Weaver
IPC分类号： G06F11/16
CPC分类号： G06F11/20 , G06F11/2023 , G06F11/2035 , G06F11/2043 , H04L41/00 , H04L41/0663 , H04L67/10
摘要： An aspect of this invention is a method that includes evaluating a computing environment by performing auditing of a fault tolerance ability of the computing environment to tolerate each of a plurality of failure scenarios; constructing a failover plan for each of the plurality of scenarios; identifying one or more physical resource limitations which constrain the fault tolerance ability; and identifying one or more physical resources to be added to the computing environment to tolerate each of the plurality of failure scenarios.
摘要翻译：本发明的一个方面是一种方法，其包括通过执行计算环境的容错能力的审核以容忍多个故障场景中的每一个来评估计算环境; 为所述多个场景中的每一个构建故障切换计划; 识别限制容错能力的一个或多个物理资源限制; 以及识别要添加到所述计算环境中的一个或多个物理资源以容忍所述多个故障情形中的每一个。

38. 发明授权

US08429192B2 System and method for supporting a plurality of access control list types for a file system in an operating system 失效
标题翻译：用于支持操作系统中的文件系统的多个访问控制列表类型的系统和方法
公开(公告)号：US08429192B2
公开(公告)日：2013-04-23
申请号：US11002865
申请日：2004-12-02
申请人： Rodney Carlton Burnett , Ramanjaneya Sarma Burugula , Niteesh K. Dubey , Joefon Jann , Ravi A. Shankar , Wu Zheng
发明人： Rodney Carlton Burnett , Ramanjaneya Sarma Burugula , Niteesh K. Dubey , Joefon Jann , Ravi A. Shankar , Wu Zheng
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： G06F17/30067 , G06F21/6218 , G06F2221/2141
摘要： System, method and computer program product for supporting a plurality of Access Control List types for a file system in an operating system in a data processing system. An Access Control List supporting system for managing access to a file system in a data processing system has at least one file system in an operating system of the data processing system, and an Access Control List management framework in the operating system and external to the at least one file system for managing access to the at least one file system. The Access Control List supporting system of the invention removes ACL management and access check-related functions from the at least one file system to an external Access Control List management framework, thus enabling an operating system to support a plurality of Access Control List types using the same Access Control List management framework and enabling new Access Control List types to be added to the operating system dynamically while the operating system is running.
摘要翻译：用于在数据处理系统中的操作系统中为文件系统支持多个访问控制列表类型的系统，方法和计算机程序产品。用于管理对数据处理系统中的文件系统的访问的访问控制列表支持系统在数据处理系统的操作系统中具有至少一个文件系统，以及操作系统中的外部的访问控制列表管理框架用于管理对所述至少一个文件系统的访问的至少一个文件系统。本发明的访问控制列表支持系统将ACL管理和访问检查相关功能从至少一个文件系统移除到外部访问控制列表管理框架，从而使得操作系统能够支持多个访问控制列表类型，相同的访问控制列表管理框架，并在操作系统运行时动态添加新的访问控制列表类型。

39. 发明申请

US20120254607A1 System And Method For Security Levels With Cluster Communications 审中-公开
标题翻译：集群通信安全级别的系统和方法
公开(公告)号：US20120254607A1
公开(公告)日：2012-10-04
申请号：US13078579
申请日：2011-04-01
申请人： Jes Kiran Chittigala , Ravi A. Shankar , Ranganathan Vidya
发明人： Jes Kiran Chittigala , Ravi A. Shankar , Ranganathan Vidya
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , H04L63/105
摘要： A cluster of computing nodes communicate through an unsecure network by selectively sending information in encrypted and unencrypted formats. Heartbeat packets are sent between the computing nodes to coordinate operation of the computing nodes and using an encrypted format. Messages are selectively sent between the computing nodes with an encrypted or an unencrypted format based upon one or more predetermined factors, such as an end user selection, the type of message or the load at the computing nodes.
摘要翻译：一组计算节点通过选择性地发送加密和未加密格式的信息通过不安全的网络进行通信。在计算节点之间发送心跳数据包以协调计算节点的操作并使用加密格式。基于一个或多个预定因素，例如最终用户选择，消息的类型或计算节点处的负载，有选择地以计算节点之间的加密或未加密格式发送消息。

40. 发明授权

US08205137B2 Apparatus for the reliability of host data stored on fibre channel attached storage subsystems 有权
标题翻译：用于存储在光纤通道附加存储子系统上的主机数据的可靠性的装置
公开(公告)号：US08205137B2
公开(公告)日：2012-06-19
申请号：US12276879
申请日：2008-11-24
申请人： James Patrick Allen , Thomas Stanley Mathews , Ravi A. Shankar , Satya Prakash Sharma , Glenn Rowan Wightwick
发明人： James Patrick Allen , Thomas Stanley Mathews , Ravi A. Shankar , Satya Prakash Sharma , Glenn Rowan Wightwick
IPC分类号： G11C29/00
CPC分类号： G11B20/1813
摘要： An apparatus for improving the reliability of host data stored on Fiber Channel attached storage subsystems by performing end-to-end data integrity checks. When a read or write operation is initiated, an initial checksum for data in the read/write operation is generated and associated with the data, wherein the association exists through a plurality of layers of software and attached storage subsystems. The initial checksum is passed with the data in the read/write path. When a layer of software in the read/write path receives the initial checksum and data, the layer performs an integrity check of the data, which includes generating another checksum and comparing it to the initial checksum. If the checksums do not match, the read/write operation fails and the error is logged. If the checksums match, the integrity check is repeated through each layer in the read/write path to enable detecting data corruption at the point of source.
摘要翻译：一种用于通过执行端到端数据完整性检查来提高存储在光纤通道附加存储子系统上的主机数据的可靠性的装置。当启动读或写操作时，生成读/写操作中的数据的初始校验和并与数据相关联，其中通过多层软件和附加的存储子系统存在关联。初始校验和与读/写路径中的数据一起传递。当读/写路径中的软件层接收到初始校验和和数据时，层执行数据的完整性检查，其中包括生成另一个校验和并将其与初始校验和进行比较。如果校验和不匹配，则读/写操作失败，并记录错误。如果校验和匹配，则通过读/写路径中的每个层重复完整性检查，以便能够在源点检测数据损坏。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式