专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07743423B2 Security requirement determination 有权
标题翻译：安全要求确定
公开(公告)号：US07743423B2
公开(公告)日：2010-06-22
申请号：US10772207
申请日：2004-02-03
申请人： Sebastian Lange , Gregory D. Fee , Aaron Goldfeder , Ivan Medvedev , Michael Gashler
发明人： Sebastian Lange , Gregory D. Fee , Aaron Goldfeder , Ivan Medvedev , Michael Gashler
IPC分类号： H04N7/16 , G06F17/00 , G06F11/30 , G06F9/44
CPC分类号： G06F21/53
摘要： All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.
摘要翻译：托管代码中的一个或多个程序集的所有执行路径都被模拟，以查找每个执行路径的权限。托管代码可以对应于托管共享库或托管应用程序。每个执行路径中的每个调用都具有相应的权限集。当库或应用程序具有不少于执行路径所需权限集的执行权限时，库或应用程序的任何动态执行都不会触发安全异常。模拟执行提供了一种可用于确保正在编写的代码不会超过代码的最大安全许可。对于与应用程序对应的每个程序集以及对应于共享库的每个入口点，工具可以确定权限集。

2. 发明授权

US07669238B2 Evidence-based application security 有权
标题翻译：循证应用安全
公开(公告)号：US07669238B2
公开(公告)日：2010-02-23
申请号：US10705756
申请日：2003-11-10
申请人： Gregory D. Fee , Aaron Goldfeder , John M. Hawkins , Jamie L. Cool , Sebastian Lange , Sergey Khorun
发明人： Gregory D. Fee , Aaron Goldfeder , John M. Hawkins , Jamie L. Cool , Sebastian Lange , Sergey Khorun
IPC分类号： H04L9/00
CPC分类号： G06F21/51 , G06F21/53
摘要： Evidence-based application security may be implemented at the application and/or application group levels. A manifest may be provided defining at least one trust condition for the application or application group. A policy manager evaluates application evidence (e.g., an XrML license) for an application or group of applications relative to the manifest. The application is only granted permissions on the computer system if the application evidence indicates that the application is trusted. Similarly, a group of applications are only granted permissions on the computer system if the evidence indicates that the group of applications is trusted. If the application evidence satisfies the at least one trust condition defined by the manifest, the policy manager generates a permission grant set for each code assembly that is a member of the at least one application. Evidence may be further evaluated for code assemblies that are members of the trusted application or application group.
摘要翻译：基于证据的应用程序安全性可以在应用程序和/或应用程序组级别实现。可以提供清单来为应用或应用组定义至少一个信任条件。策略管理员针对相对于清单的应用程序或应用程序组来评估应用程序证据（例如，XrML许可证）。如果应用程序的证据表明应用程序是可信任的，则该应用程序仅被授予计算机系统的权限。类似地，如果证据表明应用程序组是可信任的，则一组应用程序仅被授予计算机系统的权限。如果应用证据满足由清单定义的至少一个信任条件，则策略管理器为作为至少一个应用的成员的每个代码集合生成许可授权集合。可以对作为可信应用程序或应用程序组成员的代码程序集进一步评估证据。

3. 发明授权

US07647629B2 Hosted code runtime protection 有权
标题翻译：托管代码运行时保护
公开(公告)号：US07647629B2
公开(公告)日：2010-01-12
申请号：US10772205
申请日：2004-02-03
申请人： Christopher W. Brumme , Sebastian Lange , Gregory D. Fee , Michael Gashler , Mahesh Prakriya
发明人： Christopher W. Brumme , Sebastian Lange , Gregory D. Fee , Michael Gashler , Mahesh Prakriya
IPC分类号： G06F7/04 , G06F12/00 , G06F12/14 , G06F13/00 , G06F17/30 , G11C7/00
CPC分类号： G06F9/468
摘要： A host operating in a managed environment intercepts a call from a managed caller to a particular callee and determines whether the call is permissible according to the host's prior configuration of a plurality of callees. The particular callee, which provides access to a resource that the host can be protecting, can have been previously configured by the host to always allow the call to be made, to never allow the call to be made, or to allow the call to be made based upon the degree to which the host trusts the managed caller.
摘要翻译：在受管环境中操作的主机拦截来自被管理的呼叫者到特定被叫方的呼叫，并根据主机先前配置多个被呼叫者确定该呼叫是否被允许。提供对主机可以保护的资源的访问的特定被叫方可以先前由主机配置，以始终允许进行呼叫，从不允许进行呼叫，或允许呼叫成为基于主机信任被管理的呼叫者的程度。

4. 发明授权

US07779460B2 Partial grant set evaluation from partial evidence in an evidence-based security policy manager 有权
标题翻译：在基于证据的安全政策经理中部分授权评估部分证据
公开(公告)号：US07779460B2
公开(公告)日：2010-08-17
申请号：US11736295
申请日：2007-04-17
申请人： Gregory D. Fee , Brian Pratt , Sebastian Lange , Loren Kohnfelder
发明人： Gregory D. Fee , Brian Pratt , Sebastian Lange , Loren Kohnfelder
IPC分类号： G06F9/00 , G06F17/30
CPC分类号： G06F21/6218 , G06F21/6209 , G06F2221/2141
摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.
摘要翻译：基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。策略管理器可以基于所接收的代码组件的证据的子集来确定许可授权集合的子集，以便加速代码组合的处理。当证据子集不产生期望的许可子集时，策略管理器然后可以对所接收的所有证据进行评估。

5. 发明授权

US07207064B2 Partial grant set evaluation from partial evidence in an evidence-based security policy manager 有权
标题翻译：在基于证据的安全政策经理中部分授权评估部分证据
公开(公告)号：US07207064B2
公开(公告)日：2007-04-17
申请号：US10162260
申请日：2002-06-05
申请人： Gregory D. Fee , Brian Pratt , Sebastian Lange , Loren Kohnfelder
发明人： Gregory D. Fee , Brian Pratt , Sebastian Lange , Loren Kohnfelder
IPC分类号： G06F19/00 , G06F7/04
CPC分类号： G06F21/6218 , G06F21/6209 , G06F2221/2141
摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.
摘要翻译：基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。策略管理器可以基于所接收的代码组件的证据的子集来确定许可授权集合的子集，以便加速代码组合的处理。当证据子集不产生期望的许可子集时，策略管理器然后可以对所接收的所有证据进行评估。

6. 发明授权

US07770202B2 Cross assembly call interception 有权
标题翻译：交叉汇编呼叫截取
公开(公告)号：US07770202B2
公开(公告)日：2010-08-03
申请号：US10771653
申请日：2004-02-03
申请人： Christopher W. Brumme , Vance Morrison , Sebastian Lange , Gregory D. Fee , Dario Russi , Simon Jeremy Hall , Mahesh Prakriya , Brian F. Sullivan
发明人： Christopher W. Brumme , Vance Morrison , Sebastian Lange , Gregory D. Fee , Dario Russi , Simon Jeremy Hall , Mahesh Prakriya , Brian F. Sullivan
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： H04L63/102 , G06F9/468 , G06F21/52 , G06F21/62 , H04L63/101
摘要： A host intercepts calls between two executables and determines whether the calls are permissible according to the host's security model which can be identify based, such as user identity based—for instance, mapping access rights within a specific data base user context to database object access. Such an identity security model differs from a common language runtime security model where managed code uses Code Access Security to prevent managed assemblies from performing certain operations. Managed assemblies registered with the host are host objects from the host's perspective for which access rights can be defined via security rules, such as are defined for individual user identities. A host can decide access between managed executables based on the host's identity based access rules by trapping any cross assembly calls and deciding whether such calls should proceed or be blocked from taking place based on the corresponding identity security settings.
摘要翻译：主机拦截两个可执行文件之间的调用，并根据主机的可以识别的安全模型（例如基于用户身份的特定数据库用户上下文中将访问权限映射到数据库对象访问）来确定是否允许呼叫。这种身份安全模型与公共语言运行时安全模型不同，托管代码使用代码访问安全性来防止托管程序集执行某些操作。与主机注册的托管程序集是主机视角的主机对象，可以通过安全规则定义访问权限，例如为各个用户身份定义的对象。主机可以基于主机的基于身份的访问规则来决定托管的可执行文件之间的访问，通过捕获任何交叉程序集调用，并根据相应的身份安全设置来确定这些呼叫是应该继续还是被阻止发生。

7. 发明授权

US08607311B2 Delegation in logic-based access control 有权
标题翻译：基于逻辑的访问控制委托
公开(公告)号：US08607311B2
公开(公告)日：2013-12-10
申请号：US11962761
申请日：2007-12-21
申请人： Moritz Y. Becker , Blair B. Dillaway , Gregory D. Fee , John M. Leen , Jason F. Mackay
发明人： Moritz Y. Becker , Blair B. Dillaway , Gregory D. Fee , John M. Leen , Jason F. Mackay
IPC分类号： G06F7/04 , G06F17/30 , G06F12/00 , H04L29/06
CPC分类号： G06F21/6218
摘要： Access to a resource may be controlled by a policy, such that a request to access the resource is either granted or denied based on what assertions have been made by various principals. To find the assertions that support a grant of access to the resource, a template may be created that defines the nature of assertions that would cause access to succeed. Assertions may be stored in the form of tokens. The template may be used to search an existing token store to find assertions that have been made, and/or to generate assertions that have not been found in the token store and that would satisfy the template. The assertions in the template may be created by performing an abductive reasoning process on an access query.
摘要翻译：可以通过策略来控制对资源的访问，使得根据各个主体所做的断言来授予或拒绝访问资源的请求。要查找支持资源访问权限的断言，可以创建一个模板，该模板定义了导致访问成功的断言的性质。断言可以以令牌的形式存储。该模板可以用于搜索现有的令牌存储以找到已经做出的断言和/或生成在令牌存储器中尚未发现并且将满足模板的断言。可以通过在访问查询上执行引用推理过程来创建模板中的断言。

8. 发明授权

US08584124B2 Methods and systems for batch processing in an on-demand service environment 有权
标题翻译：在按需服务环境中批量处理的方法和系统
公开(公告)号：US08584124B2
公开(公告)日：2013-11-12
申请号：US13076794
申请日：2011-03-31
申请人： Gregory D. Fee , William J Gallagher
发明人： Gregory D. Fee , William J Gallagher
IPC分类号： G06F9/455 , G06F7/00
CPC分类号： G06F9/466 , G06F9/4843 , G06F2209/5013
摘要： In accordance with embodiments disclosed herein, there are provided mechanisms and methods for batch processing in an on-demand service environment. For example, in one embodiment, mechanisms include receiving a processing request for a multi-tenant database, in which the processing request specifies processing logic and a processing target group within the multi-tenant database. Such an embodiment further includes dividing or chunking the processing target group into a plurality of processing target sub-groups, queuing the processing request with a batch processing queue for the multi-tenant database among a plurality of previously queued processing requests, and releasing each of the plurality of processing target sub-groups for processing in the multi-tenant database via the processing logic at one or more times specified by the batch processing queue.
摘要翻译：根据本文公开的实施例，提供了在按需服务环境中批量处理的机构和方法。例如，在一个实施例中，机制包括接收对多租户数据库的处理请求，其中处理请求指定处理逻辑和多租户数据库内的处理目标组。这样的实施例还包括将处理对象组划分或分块成多个处理对象子组，在多个先前排队的处理请求之间对多租户数据库的批处理队列进行排队处理请求，多个处理目标子组，用于经由处理逻辑在多租户数据库中处理由批处理队列指定的一个或多个时间。

9. 发明申请

US20130013577A1 METHODS AND SYSTEMS FOR BATCH PROCESSING IN AN ON-DEMAND SERVICE ENVIRONMENT 有权
标题翻译：在需求服务环境中进行批处理的方法和系统
公开(公告)号：US20130013577A1
公开(公告)日：2013-01-10
申请号：US13620147
申请日：2012-09-14
申请人： Gregory D. Fee , William J. Gallagher
发明人： Gregory D. Fee , William J. Gallagher
IPC分类号： G06F17/30
CPC分类号： G06F9/466 , G06F9/4843 , G06F2209/5013
摘要： In accordance with embodiments disclosed herein, there are provided mechanisms and methods for batch processing in an on-demand service environment. For example, in one embodiment, mechanisms include receiving a processing request for a multi-tenant database, in which the processing request specifies processing logic and a processing target group within the multi-tenant database. Such an embodiment further includes dividing or chunking the processing target group into a plurality of processing target sub-groups, queuing the processing request with a batch processing queue for the multi-tenant database among a plurality of previously queued processing requests, and releasing each of the plurality of processing target sub-groups for processing in the multi-tenant database via the processing logic at one or more times specified by the batch processing queue.
摘要翻译：根据本文公开的实施例，提供了在按需服务环境中批量处理的机构和方法。例如，在一个实施例中，机制包括接收对多租户数据库的处理请求，其中处理请求指定处理逻辑和多租户数据库内的处理目标组。这样的实施例还包括将处理对象组划分或分块成多个处理对象子组，在多个先前排队的处理请求之间对多租户数据库的批处理队列进行排队处理请求，多个处理目标子组，用于经由处理逻辑在多租户数据库中处理由批处理队列指定的一个或多个时间。

10. 发明申请

US20110265066A1 METHODS AND SYSTEMS FOR EVALUATING BYTECODE IN AN ON-DEMAND SERVICE ENVIRONMENT INCLUDING TRANSLATION OF APEX TO BYTECODE 有权
标题翻译：在需求服务环境中评估副产品的方法和系统，包括将APEX转换为BYTECODE
公开(公告)号：US20110265066A1
公开(公告)日：2011-10-27
申请号：US13091347
申请日：2011-04-21
申请人： Gregory D. Fee , William J. Gallagher
发明人： Gregory D. Fee , William J. Gallagher
IPC分类号： G06F9/45
CPC分类号： G06F8/41 , G06F9/5027 , G06F12/0811 , G06F12/0866 , G06F12/0875 , G06F17/30132 , G06F17/30424 , G06F2209/549 , G06F2212/45 , G06F2212/465
摘要： Techniques and mechanisms for conversion of code of a first type to bytecode. Apex provides various unique characteristics. When converting to bytecode, these characteristics are handled to provide bytecode functionality. Some of the unique characteristics of Apex include Autoboxing, SOQL, Properties, Comparisons, Modifiers, Code coverage mechanisms and Sharing mechanisms.
摘要翻译：将第一类代码转换为字节码的技术和机制。 Apex提供各种独特的特征。当转换为字节码时，处理这些特性以提供字节码功能。 Apex的一些独特特征包括Autoboxing，SOQL，属性，比较，修改器，代码覆盖机制和共享机制。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式