专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080168530A1 Method and Apparatus for Creating Custom Access Control Hierarchies 有权
标题翻译：用于创建自定义访问控制层次结构的方法和装置
公开(公告)号：US20080168530A1
公开(公告)日：2008-07-10
申请号：US11620219
申请日：2007-01-05
申请人： David G. Kuehr-McLaren , Kwabena Mireku , Govindaraj Sampathkumar , Janette S. Wong
发明人： David G. Kuehr-McLaren , Kwabena Mireku , Govindaraj Sampathkumar , Janette S. Wong
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/105 , G06F21/6218 , G06F21/6236
摘要： The Custom Access Controller adds a custom security hierarchy to the organizational data in the View Processor of WEBSPHERE Virtual Member Manager. Whenever an entity or application attempts to access a resources the access control engine starts the View Processor to identify the organizational data and assigned security policy for the resource. The assigned security policy is applied to a delegated administration path which is part of the delegated administration hierarchy but includes the appropriate path and security policy for the resource. The delegated administration path is sent to an access control engine that grants or denies access to the resource. A View Processor Interface allows network administrators to create and modify custom security hierarchies.
摘要翻译：自定义访问控制器将自定义安全层次结构添加到WEBSPHERE虚拟会员管理器的查看处理器中的组织数据。无论何时一个实体或应用程序尝试访问资源，访问控制引擎启动查看处理器以识别资源的组织数据和分配的安全策略。分配的安全策略应用于作为委派管理层次结构的一部分的委派管理路径，但包括资源的适当路径和安全策略。委派的管理路径被发送到访问控制引擎，该引擎允许或拒绝对资源的访问。视图处理器接口允许网络管理员创建和修改自定义安全层次结构。

2. 发明授权

US09124602B2 Method and apparatus for creating custom access control hierarchies 有权
标题翻译：用于创建自定义访问控制层次结构的方法和设备
公开(公告)号：US09124602B2
公开(公告)日：2015-09-01
申请号：US11620219
申请日：2007-01-05
申请人： David G. Kuehr-McLaren , Kwabena Mireku , Govindaraj Sampathkumar , Janette S. Wong
发明人： David G. Kuehr-McLaren , Kwabena Mireku , Govindaraj Sampathkumar , Janette S. Wong
IPC分类号： G06F7/04 , H04L29/06 , G06F21/62
CPC分类号： H04L63/105 , G06F21/6218 , G06F21/6236
摘要： The Custom Access Controller adds a custom security hierarchy to the organizational data in the View Processor of WEBSPHERE Virtual Member Manager. Whenever an entity or application attempts to access a resources the access control engine starts the View Processor to identify the organizational data and assigned security policy for the resource. The assigned security policy is applied to a delegated administration path which is part of the delegated administration hierarchy but includes the appropriate path and security policy for the resource. The delegated administration path is sent to an access control engine that grants or denies access to the resource. A View Processor Interface allows network administrators to create and modify custom security hierarchies.
摘要翻译：自定义访问控制器将自定义安全层次结构添加到WEBSPHERE虚拟会员管理器的查看处理器中的组织数据。无论何时一个实体或应用程序尝试访问资源，访问控制引擎启动查看处理器来识别资源的组织数据和分配的安全策略。分配的安全策略应用于作为委派管理层次结构的一部分的委派管理路径，但包括资源的适当路径和安全策略。委派的管理路径被发送到访问控制引擎，该引擎允许或拒绝对资源的访问。视图处理器接口允许网络管理员创建和修改自定义安全层次结构。

3. 发明申请

US20090129591A1 Techniques for Securing Document Content in Print and Electronic Form 审中-公开
标题翻译：打印和电子形式保护文件内容的技术
公开(公告)号：US20090129591A1
公开(公告)日：2009-05-21
申请号：US11943662
申请日：2007-11-21
申请人： Gregory A. Hayes , David G. Kuehr-McLaren , Ranjan Kumar , Kwabena Mireku , Govindaraj Sampathkumar
发明人： Gregory A. Hayes , David G. Kuehr-McLaren , Ranjan Kumar , Kwabena Mireku , Govindaraj Sampathkumar
IPC分类号： H04N1/44
CPC分类号： H04N1/4486 , G06F21/608 , H04L9/32 , H04L2209/60
摘要： A technique for securing selected document content includes receiving, at a printer, an unsecured electronic document. Selected content of the electronic document is then encrypted, with an encryption key, at the printer. A paper document whose content includes the encrypted selected content of the electronic document is then printed. The encrypted selected content of the paper document is unintelligible prior to decryption with a decryption key.
摘要翻译：用于保护所选择的文档内容的技术包括在打印机处接收不安全的电子文档。电子文档的所选内容然后使用加密密钥在打印机处加密。然后打印其内容包括电子文档的加密的所选内容的纸质文档。在使用解密密钥进行解密之前，纸质文档的经加密的选定内容是无法理解的。

4. 发明授权

US07284000B2 Automatic policy generation based on role entitlements and identity attributes 失效
标题翻译：基于角色授权和身份属性自动生成策略
公开(公告)号：US07284000B2
公开(公告)日：2007-10-16
申请号：US10741708
申请日：2003-12-19
申请人： David G. Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent C. Williams , Sharon L. Cutcher , Sumit Taank , Brian A. Stube , Hari Shankar
发明人： David G. Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent C. Williams , Sharon L. Cutcher , Sumit Taank , Brian A. Stube , Hari Shankar
IPC分类号： G06F17/30
CPC分类号： G06F17/00 , G06F17/30 , G06Q10/00 , G06Q10/06 , G06Q10/10 , Y10S707/99939
摘要： Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.
摘要翻译：将自动生成定义要分配给加入角色的新身份的权利的策略。自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

5. 发明授权

US08533168B2 Automatic policy generation based on role entitlements and identity attributes 有权
标题翻译：基于角色授权和身份属性自动生成策略
公开(公告)号：US08533168B2
公开(公告)日：2013-09-10
申请号：US11780956
申请日：2007-07-20
申请人： David G. Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent C. Williams , Sharon L. Cutcher , Sumit Taank , Brian A. Stube , Hari Shankar
发明人： David G. Kuehr-McLaren , Pratik Gupta , Govindaraj Sampathkumar , Vincent C. Williams , Sharon L. Cutcher , Sumit Taank , Brian A. Stube , Hari Shankar
IPC分类号： G06F17/00 , G06F17/30 , G06Q10/00
CPC分类号： G06F17/00 , G06F17/30 , G06Q10/00 , G06Q10/06 , G06Q10/10 , Y10S707/99939
摘要： Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.
摘要翻译：将自动生成定义要分配给加入角色的新身份的权利的策略。自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

6. 发明授权

US06978298B1 Method and apparatus for managing session information in a data processing system 失效
标题翻译：用于在数据处理系统中管理会话信息的方法和装置
公开(公告)号：US06978298B1
公开(公告)日：2005-12-20
申请号：US09577391
申请日：2000-05-25
申请人： David G. Kuehr-McLaren
发明人： David G. Kuehr-McLaren
IPC分类号： G06F15/167 , H04L29/06 , H04L29/08
CPC分类号： H04L67/1095 , H04L67/14 , H04L67/2852 , H04L69/26
摘要： A method and apparatus in a data processing system for managing sessions for a secure access to the data processing system. A request for a secure connection is received. The secure connection is established, wherein information used to facilitate the secure connection is generated. The information is stored for a selected period of time, wherein the selected period of time is selected to optimize server resources.
摘要翻译：一种数据处理系统中的方法和装置，用于管理对数据处理系统的安全访问的会话。接收到安全连接的请求。建立安全连接，其中产生用于促进安全连接的信息。该信息被存储选定的时间段，其中选择的时间段被选择以优化服务器资源。

7. 发明申请

US20110239290A1 SECURE SHARING OF TRANSPORT LAYER SECURITY SESSION KEYS WITH TRUSTED ENFORCEMENT POINTS 有权
标题翻译：运输层安全会议安全交流钥匙与实际执行点
公开(公告)号：US20110239290A1
公开(公告)日：2011-09-29
申请号：US13158388
申请日：2011-06-11
申请人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
IPC分类号： G06F9/00 , G06F15/16 , H04L9/08
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中的安全执行点可操作性方面本领域的缺陷，并提供了一种新颖且不显眼的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

8. 发明授权

US07992200B2 Secure sharing of transport layer security session keys with trusted enforcement points 失效
标题翻译：传输层安全会话密钥与可信执行点的安全共享
公开(公告)号：US07992200B2
公开(公告)日：2011-08-02
申请号：US11778396
申请日：2007-07-16
申请人： David G. Kuehr-McLaren , Linwood H. Overby, Jr.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, Jr.
IPC分类号： G06F9/00 , G06F15/16
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中的安全执行点可操作性方面本领域的缺陷，并提供了一种新颖且不显眼的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

9. 发明申请

US20090025078A1 SECURE SHARING OF TRANSPORT LAYER SECURITY SESSION KEYS WITH TRUSTED ENFORCEMENT POINTS 失效
标题翻译：运输层安全会议安全交流钥匙与实际执行点
公开(公告)号：US20090025078A1
公开(公告)日：2009-01-22
申请号：US11778396
申请日：2007-07-16
申请人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
IPC分类号： G06F9/00
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中关于安全执行点可操作性的本领域的缺陷，并提供了一种新颖且非显而易见的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

10. 发明授权

US07065509B2 Method, system and computer program product for protection of identity information in electronic transactions using attribute certificates 有权
标题翻译：方法，系统和计算机程序产品，用于使用属性证书保护电子交易中的身份信息
公开(公告)号：US07065509B2
公开(公告)日：2006-06-20
申请号：US10434883
申请日：2003-05-09
申请人： Gordon K. Arnold , David G. Kuehr-McLaren
发明人： Gordon K. Arnold , David G. Kuehr-McLaren
IPC分类号： G06Q99/00
CPC分类号： G06Q30/06 , G06Q20/0855 , G06Q20/3674 , G06Q20/382 , G06Q20/3821 , G06Q20/401
摘要： Parties involved in a particular transaction in an E-marketplace each identify and submit to the E-marketplace relevant characteristics related to that transaction. The identification of the party is not revealed with this submission. To achieve this, an attribute certificate is created which contains attributes related to a buyer or seller's potential participation in a transaction. The attributes that are selected pertain to specifics of the transaction and not to the certificate holder. Each of the attributes are verified by a trusted authority (e.g., the E-marketplace acting as an intermediary for the transaction) so that when the attribute certificate is supplied to a party, the party is assured that the information it contains is accurate. In this manner, parties to a negotiation in a particular transaction are able to know immediately and with a high level of assurance that certain critical elements to the proposed transaction are met (or are capable of being met). This information is made available to all who wish to participate in the bidding/negotiating process (as opposed to being available only when specifically authorized by the certificate owner) but without the need to identify the certificate owner.
摘要翻译：参与电子交易市场中特定交易的各方均识别并提交电子市场与该交易相关的相关特征。该提交中没有透露该方的身份。为此，创建一个属性证书，其中包含与买方或卖方潜在参与交易相关的属性。选择的属性与交易的具体情况有关，而不是合法持有者。每个属性由受信任的机构（例如，作为交易的中介的电子市场）进行验证，使得当属性证书被提供给一方时，该方确保其包含的信息是准确的。以这种方式，特定交易中的谈判各方能够立即知道并提供高水平的保证，以满足所提交的交易的某些关键要素（或能够被满足）。所有参与投标/谈判过程的人都可以获得此信息（而不是仅在证书所有者特别授权的情况下可用），而无需识别证书所有者。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式