专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明授权

US07546640B2 Fine-grained authorization by authorization table associated with a resource 有权
标题翻译：与资源关联的授权表进行细粒度授权
公开(公告)号：US07546640B2
公开(公告)日：2009-06-09
申请号：US10732628
申请日：2003-12-10
申请人： David Yu Chang , Vishwanath Venkataramappa , Leigh Allen Williamson
发明人： David Yu Chang , Vishwanath Venkataramappa , Leigh Allen Williamson
IPC分类号： H04L9/32 , H04N7/16
CPC分类号： H04L63/101 , G06F21/6218
摘要： Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource. Further, the embodiment includes locating, based on the request, the resource in a structure having groupings of resources, wherein the groupings include a grouping having the resource. Typically the groupings comprise files having mappings of resources to assigned groups, and each group has an associated authorization table mapping roles or policies to users. Further still, the embodiment includes reading an authorization table associated with the grouping having the resource, and determining whether to grant the access rights for performing the action on the resource.
摘要翻译：公开了用于确定对由应用程序管理的资源的访问权限的方法，系统和媒体。一个实施例包括接收应用的请求，其中所述请求包括用户寻求对资源执行的动作。此外，实施例包括基于请求定位具有资源分组的结构中的资源，其中分组包括具有资源的分组。通常，分组包括具有分配组的资源映射的文件，并且每个组具有将角色或策略映射到用户的相关联的授权表。此外，实施例包括读取与具有资源的分组相关联的授权表，以及确定是否授予对资源执行动作的访问权限。

42. 发明授权

US07526798B2 System and method for credential delegation using identity assertion 失效
标题翻译：使用身份断言进行凭据授权的系统和方法
公开(公告)号：US07526798B2
公开(公告)日：2009-04-28
申请号：US10286609
申请日：2002-10-31
申请人： Ching-Yun Chao , Hyen Vui Chung , Ajay Reddy , Vishwanath Venkataramappa
发明人： Ching-Yun Chao , Hyen Vui Chung , Ajay Reddy , Vishwanath Venkataramappa
IPC分类号： H04L9/00 , H04L9/32 , G06F17/00 , G06F9/44 , H04K1/00
CPC分类号： H04L63/0807 , H04L63/205
摘要： Run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.
摘要翻译：呈现使用身份断言的运行凭证委派。服务器从客户端收到包含客户端用户标识和密码的请求。服务器对客户端进行身份验证，并将客户端的用户标识符存储在客户端凭证存储区域中，而没有相应的密码。服务器确定是否指定了run-as命令来与下游服务器进行通信。如果指定了run-as命令，则服务器检索相应的运行身份，该身份标识在run-as命令中是否应使用客户端凭据类型，服务器凭据类型或特定标识符凭据类型。服务器检索与所识别的证书类型相对应的已识别证书，并且将识别的身份认证令牌发送到下游服务器。

43. 发明申请

US20090037196A1 DETERMINING WHETHER A POSTAL MAIL ITEM CONTAINING A RADIO FREQUENCY IDENTIFIER (RFID) IS JUNK MAIL 审中-公开
标题翻译：确定无论是无线电频率识别器（RFID）的邮政邮件是否是邮件邮件
公开(公告)号：US20090037196A1
公开(公告)日：2009-02-05
申请号：US11830964
申请日：2007-07-31
申请人： David Yu Chang , John Yow-Chun Chang , Syed-Muasir Khalll , Vishwanath Venkataramappa
发明人： David Yu Chang , John Yow-Chun Chang , Syed-Muasir Khalll , Vishwanath Venkataramappa
IPC分类号： G06Q50/00
CPC分类号： G06Q50/32 , G06Q30/018
摘要： A method, computer program product, and apparatus for receiving a postal mail item. The postal mail item is received. The postal mail item contains a radio frequency identifier identifying the sender of the postal mail item. Responsive to receiving the postal mail item in the mailbox, the radio frequency identifier of the postal mail item is scanned with a scanner to identify the sender of the postal mail item. A determination is made whether the sender of the postal mail item is in a junk mail list. The junk mail list includes a list of senders accessible to a processor in the scanner.
摘要翻译：一种用于接收邮政邮件的方法，计算机程序产品和装置。接收邮政邮件。邮政邮件包含标识邮政邮件的发送者的射频标识符。响应于在邮箱中接收邮政邮件，用扫描仪扫描邮政邮件的射频标识符，以识别邮政邮件的发送者。确定邮政邮件的发件人是否在垃圾邮件列表中。垃圾邮件列表包括扫描仪中处理器可访问的发件人列表。

44. 发明授权

US07448066B2 Application server object-level security for distributed computing domains 有权
标题翻译：分布式计算域的应用服务器对象级安全性
公开(公告)号：US07448066B2
公开(公告)日：2008-11-04
申请号：US10246909
申请日：2002-09-19
申请人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
IPC分类号： G06F7/04 , G06F17/30 , G06F9/32 , H04L9/00
CPC分类号： G06F21/31
摘要： Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要翻译：应用服务器上的对象可以被定义为接收不同级别的安全保护的类，例如用户对象和管理对象的定义。可以在管理对象上实施全域安全性，可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。在CORBA体系结构中，IOR对于在域范围内进行安全保护的共享对象（如管理对象）在IOR创建和导出到名称服务器期间提供了已标记组件。之后，当客户端使用IOR时，客户机根据标记的组件调用必要的安全措施，如认证，授权和传输保护。

45. 发明申请

US20080222719A1 Fine-Grained Authorization by Traversing Generational Relationships 审中-公开
标题翻译：通过遍历世代关系的细粒度授权
公开(公告)号：US20080222719A1
公开(公告)日：2008-09-11
申请号：US12055407
申请日：2008-03-26
申请人： David Yu Chang , Vishwanath Venkataramappa , Leigh Allen Williamson
发明人： David Yu Chang , Vishwanath Venkataramappa , Leigh Allen Williamson
IPC分类号： G06F7/04
CPC分类号： G06F21/6218
摘要： Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.
摘要翻译：公开了用于确定对由应用程序管理的资源的访问权限的方法，系统和媒体。一个实施例包括接收应用的请求，其中所述请求包括用户在资源上执行的动作，以及基于所述请求，在包含关系图和具有资源分组的结构中查找资源，其中所述分组包括具有所述资源的分组。此外，实施例包括遍历包容关系图的顶点，其中顶点包括资源的代数资源，以及读取与分组中具有代数资源的分组相关联的授权表。此外，该实施例还包括确定是否授予对资源执行动作的访问权限。

46. 发明申请

US20080172727A1 SYSTEM AND METHOD FOR USING A DECLARATIVE APPROACH TO ENFORCE INSTANCE BASED SECURITY IN A DISTRIBUTED ENVIRONMENT 有权
标题翻译：使用声明方法在分布式环境中实施基于实例的安全性的系统和方法
公开(公告)号：US20080172727A1
公开(公告)日：2008-07-17
申请号：US11622698
申请日：2007-01-12
申请人： Michael Cheng , Vishwanath Venkataramappa , Tom Zhongyu Zhou
发明人： Michael Cheng , Vishwanath Venkataramappa , Tom Zhongyu Zhou
IPC分类号： G06F21/00
CPC分类号： G06F21/6227 , G06F2221/2141
摘要： A system and method for using a declarative approach to enforce instance based security in a distributed environment is presented. The invention described herein includes security logic in declarative specifications that, in turn, decouples the security logic from distributed object administration logic. An access manager identifies access requirements by combining object name property keys included in a distributed object with property key specifications included in a declarative specification. In turn, the access manager compares a caller's access attributes with the access requirements to determine whether to create a distributed object instance and allow the caller to invoke a method on the distributed object instance. The access requirements may also include role specifications and method parameter specifications.
摘要翻译：提出了一种使用声明式方法在分布式环境中实施基于实例的安全性的系统和方法。本文描述的本发明包括声明性规范中的安全逻辑，其又将安全逻辑与分布式对象管理逻辑分离。访问管理器通过将分布式对象中包含的对象名称属性键与包含在声明性规范中的属性键规范组合来标识访问要求。反过来，访问管理器将调用者的访问属性与访问要求进行比较，以确定是否创建分布式对象实例并允许调用者调用分布式对象实例上的方法。访问要求还可以包括角色规范和方法参数规范。

47. 发明申请

US20050154887A1 System and method for secure network state management and single sign-on 审中-公开
标题翻译：用于安全网络状态管理和单点登录的系统和方法
公开(公告)号：US20050154887A1
公开(公告)日：2005-07-14
申请号：US10755835
申请日：2004-01-12
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung , Carlton Mason , Karkala Reddy , Vishwanath Venkataramappa , Dennis Riddlemoser
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung , Carlton Mason , Karkala Reddy , Vishwanath Venkataramappa , Dennis Riddlemoser
IPC分类号： G06F11/30 , G06F21/00 , H04L9/00
CPC分类号： G06F21/41 , G06F2221/2151
摘要： State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.
摘要翻译：状态管理（cookie）数据被加密，使得包含在cookie中的访问控制数据不能被用户修改。使用Cookie数据中的各种字段执行散列算法，并且哈希值被加密。哈希值与诸如用户标识符和时间戳的其他数据组合，并被加密以形成cookie值。收到请求后，将检查Cookie数据。如果令牌值不在服务器的缓存中，那么令牌被认证便于客户端在服务器之间移动。如果cookie不存在或超时，那么用户将使用传统手段进行身份验证。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式