专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08640195B2 Method and system for automating security policy definition based on recorded transactions 有权
标题翻译：基于记录事务自动化安全策略定义的方法和系统
公开(公告)号：US08640195B2
公开(公告)日：2014-01-28
申请号：US12570293
申请日：2009-09-30
申请人： Christopher Young-Soo Choi , Christopher John Hockings , Neil Ian Readshaw
发明人： Christopher Young-Soo Choi , Christopher John Hockings , Neil Ian Readshaw
IPC分类号： G06F7/04
CPC分类号： H04L63/102
摘要： Following development of an application, the application is deployed in a pre-production environment. A user role plays against that application, typically by performing one or more operations as a particular user in a particular group. As the operator role plays, access logs are written, and these logs are then analyzed and consolidated into a set of commands that drive a policy generator. The policy generator creates an optimized security policy that it then deploys to one or more enforcement points. In this manner, the framework enables automated configuration and deployment of one or more security policies.
摘要翻译：在开发应用程序之后，将应用程序部署在预生产环境中。用户角色通常通过执行特定组中的特定用户的一个或多个操作来对该应用进行播放。当操作员角色扮演时，会写入访问日志，然后将这些日志分析并整合到一组驱动策略生成器的命令中。策略生成器创建优化的安全策略，然后将其部署到一个或多个执行点。以这种方式，该框架能够自动配置和部署一个或多个安全策略。

2. 发明授权

US08560712B2 Method for detecting and applying different security policies to active client requests running within secure user web sessions 有权
标题翻译：用于检测和应用不同安全策略的方法，用于在安全用户Web会话中运行的活动客户端请求
公开(公告)号：US08560712B2
公开(公告)日：2013-10-15
申请号：US13101458
申请日：2011-05-05
申请人： Christopher John Hockings , Trevor Scott Norvill , Scott Anthony Exton
发明人： Christopher John Hockings , Trevor Scott Norvill , Scott Anthony Exton
IPC分类号： G06F15/16
CPC分类号： H04L63/20 , G06F21/31 , G06F21/552 , H04L63/0245 , H04L63/08 , H04L63/101
摘要： A method for detecting and applying security policy to active client requests within a secure user session begins by applying a first heuristic to a plurality of requests for a particular resource to identify a pattern indicating of an active client. In one embodiment, the heuristic evaluates a frequency of requests for the particular resource across one or more secure user sessions. Later, upon receipt of a new request for the particular resource, a determination is then made whether the new request is consistent with the pattern. If so, an action is taken with respect to a secure session policy. In one embodiment, the action bypasses the secure session policy, which policy is associated with an inactivity time-out that might otherwise have been triggered upon receipt of the new request. In addition, a second heuristic may be applied to determine whether a response proposed to be returned (in response to the new request) is expected by the active client. If so, the response is returned unaltered. If, however, applying the second heuristic indicates that the response proposed to be returned is not expected by the active client, the response is modified to create a modified response, which is then returned.
摘要翻译：用于在安全用户会话内检测和应用安全策略到主动客户端请求的方法开始于对特定资源的多个请求应用第一启发式以识别指示活动客户端的模式。在一个实施例中，启发式对一个或多个安全用户会话的特定资源的请求频率进行评估。之后，当接收到针对特定资源的新请求时，确定新请求是否与模式一致。如果是这样，就采取安全会话策略。在一个实施例中，该动作绕过安全会话策略，该策略与可能在接收到新请求时触发的不活动超时相关联。此外，可以应用第二启发式来确定主动客户端是否期望提出要返回的响应（响应于新请求）。如果是这样，则返回的响应不会改变。然而，如果应用第二个启发式表示活动客户端不希望提出要返回的响应，则修改响应以创建经修改的响应，然后返回。

3. 发明申请

US20110078759A1 Method and System For Automating Security Policy Definition Based On Recorded Transactions 有权
标题翻译：基于记录交易自动化安全策略定义的方法和系统
公开(公告)号：US20110078759A1
公开(公告)日：2011-03-31
申请号：US12570293
申请日：2009-09-30
申请人： Christopher Young-Soo Choi , Christopher John Hockings , Neil Ian Readshaw
发明人： Christopher Young-Soo Choi , Christopher John Hockings , Neil Ian Readshaw
IPC分类号： H04L29/06
CPC分类号： H04L63/102
摘要： Following development of an application, the application is deployed in a pre-production environment. A user role plays against that application, typically by performing one or more operations as a particular user in a particular group. As the operator role plays, access logs are written, and these logs are then analyzed and consolidated into a set of commands that drive a policy generator. The policy generator creates an optimized security policy that it then deploys to one or more enforcement points. In this manner, the framework enables automated configuration and deployment of one or more security policies.
摘要翻译：在开发应用程序之后，将应用程序部署在预生产环境中。用户角色通常通过执行特定组中的特定用户的一个或多个操作来对该应用进行播放。当操作员角色扮演时，会写入访问日志，然后将这些日志分析并整合到一组驱动策略生成器的命令中。策略生成器创建优化的安全策略，然后将其部署到一个或多个执行点。以这种方式，该框架能够自动配置和部署一个或多个安全策略。

4. 发明申请

US20120324546A1 Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device 有权
标题翻译：从客户端设备提供安全动态角色选择和管理特权用户访问
公开(公告)号：US20120324546A1
公开(公告)日：2012-12-20
申请号：US13593013
申请日：2012-08-23
申请人： Craig Robert William Forster , Christopher John Hockings
发明人： Craig Robert William Forster , Christopher John Hockings
IPC分类号： G06F21/20
CPC分类号： H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要： An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译：提供了一种从客户端设备接收第一个角色选择的方法。每个角色包括各种用户帐户，用于访问各种软件应用程序。检索认证挑战。验证挑战基于从客户端设备接收的角色选择。认证挑战被传送到客户端设备。从客户端设备接收到认证提交。该认证提交被认证，并且如果认证成功，则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。此外，记录客户端设备对软件应用的使用的审核数据。审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。

5. 发明申请

US20120284767A1 Method for detecting and applying different security policies to active client requests running within secure user web sessions 有权
标题翻译：用于检测和应用不同安全策略的方法，用于在安全用户Web会话中运行的活动客户端请求
公开(公告)号：US20120284767A1
公开(公告)日：2012-11-08
申请号：US13101458
申请日：2011-05-05
申请人： Christopher John Hockings , Trevor Scott Norvill , Scott Anthony Exton
发明人： Christopher John Hockings , Trevor Scott Norvill , Scott Anthony Exton
IPC分类号： G06F21/00
CPC分类号： H04L63/20 , G06F21/31 , G06F21/552 , H04L63/0245 , H04L63/08 , H04L63/101
摘要： A method for detecting and applying security policy to active client requests within a secure user session begins by applying a first heuristic to a plurality of requests for a particular resource to identify a pattern indicating of an active client. In one embodiment, the heuristic evaluates a frequency of requests for the particular resource across one or more secure user sessions. Later, upon receipt of a new request for the particular resource, a determination is then made whether the new request is consistent with the pattern. If so, an action is taken with respect to a secure session policy. In one embodiment, the action bypasses the secure session policy, which policy is associated with an inactivity time-out that might otherwise have been triggered upon receipt of the new request. In addition, a second heuristic may be applied to determine whether a response proposed to be returned (in response to the new request) is expected by the active client. If so, the response is returned unaltered. If, however, applying the second heuristic indicates that the response proposed to be returned is not expected by the active client, the response is modified to create a modified response, which is then returned.
摘要翻译：用于在安全用户会话内检测和应用安全策略到主动客户端请求的方法开始于对特定资源的多个请求应用第一启发式以识别指示活动客户端的模式。在一个实施例中，启发式对一个或多个安全用户会话的特定资源的请求频率进行评估。之后，当接收到针对特定资源的新请求时，确定新请求是否与模式一致。如果是这样，就采取安全会话策略。在一个实施例中，该动作绕过安全会话策略，该策略与可能在接收到新请求时触发的不活动超时相关联。此外，可以应用第二启发式来确定主动客户端是否期望提出要返回的响应（响应于新请求）。如果是这样，则返回的响应不会改变。然而，如果应用第二个启发式表示活动客户端不希望提出要返回的响应，则修改响应以创建经修改的响应，然后返回。

6. 发明申请

US20110162046A1 Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device 失效
标题翻译：从客户端设备提供安全动态角色选择和管理特权用户访问
公开(公告)号：US20110162046A1
公开(公告)日：2011-06-30
申请号：US12648590
申请日：2009-12-29
申请人： Craig Robert William Forster , Christopher John Hockings
发明人： Craig Robert William Forster , Christopher John Hockings
IPC分类号： H04L9/32 , G06F21/00 , G06F15/16
CPC分类号： H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要： An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译：提供了一种从客户端设备接收第一个角色选择的方法。每个角色包括各种用户帐户，用于访问各种软件应用程序。检索认证挑战。验证挑战基于从客户端设备接收的角色选择。认证挑战被传送到客户端设备。从客户端设备接收到认证提交。该认证提交被认证，并且如果认证成功，则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。此外，记录客户端设备对软件应用的使用的审核数据。审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。

7. 发明授权

US08572709B2 Method for managing shared accounts in an identity management system 有权
标题翻译：在身份管理系统中管理共享帐户的方法
公开(公告)号：US08572709B2
公开(公告)日：2013-10-29
申请号：US12774082
申请日：2010-05-05
申请人： Christopher John Hockings , Trevor Scott Norvill , Zoran Radenkovic
发明人： Christopher John Hockings , Trevor Scott Norvill , Zoran Radenkovic
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , G06F12/00 , G06F12/14 , G06F13/00 , H04L29/06 , G11C7/00
CPC分类号： H04L9/3226 , G06F21/41 , H04L9/0891 , H04L9/321
摘要： This disclosure describes a method of and system for provisioning of shared account credentials to provide authorized access to shared or delegated accounts. Preferably, an enterprise single sign-on (E-SSO) system is used to manage the shared account or control delegation of account access, and preferably the shared or delegated account credential is not exposed to the end user. The described technique enables temporary delegation of account privileges to a member of a shared role. Using the described approach, an information technology (IT) account may be shared so that a user who needs to perform a shared duty can do so in the context of a shared role and without having control over the account itself. The approach facilitates delegating the use of a single account to one of a member of the shared role.
摘要翻译：本公开描述了用于提供共享帐户凭证以提供对共享或委托帐户的授权访问的方法和系统。优选地，使用企业单点登录（E-SSO）系统来管理共享帐户或控制对帐户访问的委托，并且优选地，共享或委托的帐户凭证不会暴露给最终用户。所描述的技术允许将临时委托给共享角色的成员的帐户特权。使用所描述的方法，可以共享信息技术（IT）帐户，使得需要执行共享职责的用户在共享角色的上下文中可以这样做，而不必对帐户本身进行控制。该方法有助于将单个帐户的使用委托给共享角色的成员之一。

8. 发明授权

US08332917B2 Providing secure dynamic role selection and managing privileged user access from a client device 失效
标题翻译：提供安全的动态角色选择和管理来自客户端设备的特权用户访问
公开(公告)号：US08332917B2
公开(公告)日：2012-12-11
申请号：US12648590
申请日：2009-12-29
申请人： Craig Robert William Forster , Christopher John Hockings
发明人： Craig Robert William Forster , Christopher John Hockings
IPC分类号： G06F7/04 , G06F17/30 , H04L29/06
CPC分类号： H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要： An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译：提供了一种从客户端设备接收第一个角色选择的方法。每个角色包括各种用户帐户，用于访问各种软件应用程序。检索认证挑战。验证挑战基于从客户端设备接收的角色选择。认证挑战被传送到客户端设备。从客户端设备接收到认证提交。该认证提交被认证，并且如果认证成功，则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。此外，记录客户端设备对软件应用的使用的审核数据。审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。

9. 发明授权

US07930255B2 Social profile assessment 有权
标题翻译：社会档案评估
公开(公告)号：US07930255B2
公开(公告)日：2011-04-19
申请号：US12166567
申请日：2008-07-02
申请人： Christopher Choi , Christopher John Hockings , Neil Ian Readshaw
发明人： Christopher Choi , Christopher John Hockings , Neil Ian Readshaw
IPC分类号： G06Q99/00
CPC分类号： G06Q10/10 , G06Q30/02 , G06Q50/01 , G09B7/02
摘要： An embodiment provides a computer implemented method for social profile assessment. The computer implemented method receives a request from a first user for an assessment, and sends questionnaires to a set of assessors for the first user. Upon receiving questionnaires from the set of assessors to form completed questionnaires, the computer implemented method generates an unadjusted social style assessment for the first user. Upon receiving a request from a second user for the social style assessment of the first user, the computer implemented method determines whether there are common assessors between the first user and the second user, and responsive to a determination that there are common assessors between the first user and the second user, generates an adjusted social style assessment for the first user, and returns the adjusted social style assessment for the first user to the second user.
摘要翻译：一个实施例提供了用于社会概况评估的计算机实现的方法。计算机实现的方法从第一用户接收用于评估的请求，并向第一用户的一组评估者发送问卷。计算机实现的方法在收到一组评估员的问卷调查表后，对第一个用户产生未经调整的社会风格评估。在从第二用户接收到用于第一用户的社会风格评估的请求时，计算机实现的方法确定在第一用户和第二用户之间是否存在共同的评估者，并且响应于确定在第一用户和第二用户之间存在公共评估者用户和第二用户生成针对第一用户的经调整的社交风格评估，并且将针对第一用户的经调整的社交风格评估返回给第二用户。

10. 发明授权

US08869250B2 Providing secure dynamic role selection and managing privileged user access from a client device 有权
标题翻译：提供安全的动态角色选择和管理来自客户端设备的特权用户访问
公开(公告)号：US08869250B2
公开(公告)日：2014-10-21
申请号：US13593013
申请日：2012-08-23
申请人： Craig Robert William Forster , Christopher John Hockings
发明人： Craig Robert William Forster , Christopher John Hockings
IPC分类号： G06F7/04 , G06F17/30 , H04L9/32 , G06F21/41 , H04L29/06
CPC分类号： H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要： An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译：提供了一种从客户端设备接收第一个角色选择的方法。每个角色包括各种用户帐户，用于访问各种软件应用程序。检索认证挑战。验证挑战基于从客户端设备接收的角色选择。认证挑战被传送到客户端设备。从客户端设备接收到认证提交。该认证提交被认证，并且如果认证成功，则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。此外，记录客户端设备对软件应用的使用的审核数据。审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式