会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • CLASSIFICATION AND POLICY MANAGEMENT FOR SOFTWARE COMPONENTS
    • 软件组件的分类和政策管理
    • US20100076914A1
    • 2010-03-25
    • US12235900
    • 2008-09-23
    • Sridhar R. MuppidiNataraj NagaratnamAnthony Joseph Nadalin
    • Sridhar R. MuppidiNataraj NagaratnamAnthony Joseph Nadalin
    • G06F15/18G06N5/02
    • G06F21/604
    • A method, system, and computer usable program product for classification and policy management for software components are provided in the illustrative embodiments. A metadata associated with an application or component is identified. A mapping determination is made whether the metadata maps to a classification in a set of classifications. A policy that is applicable to the classification is identified and associated with the classification. If the mapping determination is deterministic, the component is assigned to the classification and the policy associated with the classification is associated with the component. If the mapping determination is not deterministic, a user intervention may be necessary, the component may be classified in a default classification, or both. Because of the policy being associated with the classification, associating the policy with the component may occur based on the metadata of the application or component and its resultant classification.
    • 在说明性实施例中提供了用于软件组件的分类和策略管理的方法,系统和计算机可用程序产品。 识别与应用或组件相关联的元数据。 做出映射确定是否元数据映射到一组分类中的分类。 识别适用于分类的策略并与分类相关联。 如果映射确定是确定性的,则将组件分配给分类,并且与分类相关联的策略与组件相关联。 如果映射确定不是确定性的,则可能需要用户干预,该组件可以被分类为默认分类,或者两者。 由于与分类相关联的策略,将策略与组件相关联可以基于应用或组件的元数据及其结果分类而发生。
    • 2. 发明授权
    • Classification and policy management for software components
    • 软件组件的分类和策略管理
    • US08112370B2
    • 2012-02-07
    • US12235900
    • 2008-09-23
    • Sridhar R MuppidiNataraj NagaratnamAnthony Joseph Nadalin
    • Sridhar R MuppidiNataraj NagaratnamAnthony Joseph Nadalin
    • G06N5/00
    • G06F21/604
    • A method, system, and computer usable program product for classification and policy management for software components are provided in the illustrative embodiments. A metadata associated with an application or component is identified. A mapping determination is made whether the metadata maps to a classification in a set of classifications. A policy that is applicable to the classification is identified and associated with the classification. If the mapping determination is deterministic, the component is assigned to the classification and the policy associated with the classification is associated with the component. If the mapping determination is not deterministic, a user intervention may be necessary, the component may be classified in a default classification, or both. Because of the policy being associated with the classification, associating the policy with the component may occur based on the metadata of the application or component and its resultant classification.
    • 在说明性实施例中提供了用于软件组件的分类和策略管理的方法,系统和计算机可用程序产品。 识别与应用或组件相关联的元数据。 做出映射确定是否元数据映射到一组分类中的分类。 识别适用于分类的策略并与分类相关联。 如果映射确定是确定性的,则将组件分配给分类,并且与分类相关联的策略与组件相关联。 如果映射确定不是确定性的,则可能需要用户干预,该组件可以被分类为默认分类,或者两者。 由于与分类相关联的策略,将策略与组件相关联可以基于应用或组件的元数据及其合成分类而发生。
    • 4. 发明申请
    • ROLE-BASED AUTHORIZATION USING CONDITIONAL PERMISSIONS
    • 使用条件许可的基于角色的授权
    • US20080168528A1
    • 2008-07-10
    • US11619672
    • 2007-01-04
    • Dah-Haur LinSatoshi HadaAnthony Joseph NadalinNataraj Nagaratnam
    • Dah-Haur LinSatoshi HadaAnthony Joseph NadalinNataraj Nagaratnam
    • G06F21/00
    • H04L63/102G06F21/53G06F21/6218G06F2221/2105G06F2221/2141H04L63/105H04L63/168
    • The present invention implements a set of interfaces for a standard Java execution environment to provide authorization with conditional permissions. In particular, a framework enables a provider to provide a condition-based runtime authorization decision when a caller entity requests a Java resource. To this end, during a policy configuration certain “Conditions” may be associated with a standard Java Permission object using a ConditionalPermission class. Each “Condition” may be represented in one of a set of different conditions (e.g., containment, logical, comparison, owner and regular expression conditions) using various name-value pairs of “AttributeName” objects. During runtime, an “implies” method in the ConditionalPermission class returns true if the argument permission is implied by the wrapped permission and the additional “Conditions” are evaluated to be true. The ConditionalPermission class allows the caller to seamlessly instrument an instance evaluation “Condition” into a regular permission evaluation and to hand off this evaluation to a provider to facilitate an instance-based runtime authorization decision. The framework is highly flexible and provides for a wide-range of possible fine-grained policy and instance-based “Conditions” for authorization evaluation.
    • 本发明实现了用于标准Java执行环境的一组接口,以提供具有条件许可的授权。 特别地,当呼叫者实体请求Java资源时,框架使得供应商能够提供基于条件的运行时授权决定。 为此,在策略配置期间,某些“条件”可能与使用ConditionalPermission类的标准Java Permission对象相关联。 可以使用“AttributeName”对象的各种名称 - 值对,以一组不同条件(例如,包含,逻辑,比较,所有者和正则表达条件)中的一个来表示每个“条件”。 在运行时,ConditionalPermission类中的“暗示”方法如果被包装的权限隐含参数许可,并且额外的“条件”被评估为true,则返回true。 ConditionalPermission类允许调用者将实例评估“条件”无缝地仪器仪器置于常规权限评估中,并将此评估移交给提供者以促进基于实例的运行时授权决策。 该框架是高度灵活的,并提供广泛的可能的细粒度政策和基于实例的“条件”进行授权评估。
    • 6. 发明申请
    • DISCOVERY AND MANAGEMENT OF CONTEXT-BASED ENTITLEMENTS ACROSS LOOSELY-COUPLED ENVIRONMENTS
    • 基于环境友好环境的基于语境的实践的发现与管理
    • US20110162034A1
    • 2011-06-30
    • US12649421
    • 2009-12-30
    • NATARAJ NAGARATNAMAnthony Joseph Nadalin
    • NATARAJ NAGARATNAMAnthony Joseph Nadalin
    • H04L9/32G06F21/22
    • G06F21/604
    • A method, apparatus and computer program product are provided to model and manage context-based entitlements that govern a user's access to information, applications and systems across a loosely-coupled distributed environment. One such distributed environment is a federated environment, which may span across companies, organizations, and geographical locations and regions. According to one embodiment, an entitlement modeling framework comprises a discovery module and an entitlement generator module. The discovery framework generates a data model for storing information concerning user identity, context, relationships between users, relationships between users and contexts and relationships between contexts. Preferably, the user identity, context, relationships between users, relationships between users and contexts, and relationships between contexts, are stored as attributes in the data model. An entitlement generator generates an entitlement according to the data model, wherein the entitlement (e.g., a user entitlement) is generated according to one or more contexts.
    • 提供了一种方法,装置和计算机程序产品来建模和管理基于上下文的权限,该权限管理用户对松散耦合的分布式环境中的信息,应用和系统的访问。 一个这样的分布式环境是联合环境,可能跨越公司,组织以及地理位置和地区。 根据一个实施例,授权建模框架包括发现模块和授权生成器模块。 发现框架生成用于存储关于用户身份,上下文,用户之间的关系,用户与上下文之间的关系以及上下文之间的关系的信息的数据模型。 优选地,用户身份,上下文,用户之间的关系,用户和上下文之间的关系以及上下文之间的关系被存储为数据模型中的属性。 授权生成器根据数据模型生成授权,其中根据一个或多个上下文生成授权(例如,用户授权)。
    • 7. 发明授权
    • Type independent permission based access control
    • 键入独立权限的访问控制
    • US08387111B2
    • 2013-02-26
    • US10002439
    • 2001-11-01
    • Lawrence KovedAnthony Joseph NadalinNataraj NagaratnamMarco PistoiaBruce Arland Rich
    • Lawrence KovedAnthony Joseph NadalinNataraj NagaratnamMarco PistoiaBruce Arland Rich
    • G06F12/14
    • G06F21/53G06F2221/2145
    • A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.
    • 提供了一种用于基于类型独立许可的访问控制的方法和装置。 该方法和装置利用对象继承来提供一种机制,通过该机制,可以将大量的权限组分配给代码源,而不必对代码源明确地分配每个单独的权限。 基本权限或超类权限与继承层级或权限级别中的基本权限之下的继承或子类权限一起定义。 在这样的层次结构中定义了权限之后,开发人员可以为已安装的类分配一个基本权限,从而将基本权限的所有继承的权限分配给已安装的类。 以这种方式,安全提供程序不需要知道应用程序中定义的所有权限类型。 此外,安全提供商可以无缝地集成许多应用程序,而无需更改其访问控制和策略存储语义。 此外,应用程序提供商的安全执行不依赖于安全提供程序定义的权限。 该方法和设备不需要对Java安全管理器进行任何更改,也不需要更改应用程序代码。
    • 9. 发明授权
    • Method and system for user enrollment of user attribute storage in a federated environment
    • 在联合环境中用户注册用户属性存储的方法和系统
    • US07725562B2
    • 2010-05-25
    • US10334326
    • 2002-12-31
    • George Robert Blakley, IIIHeather Maria HintonAnthony Joseph NadalinBirgit Monika Pfitzmann
    • George Robert Blakley, IIIHeather Maria HintonAnthony Joseph NadalinBirgit Monika Pfitzmann
    • G06F15/16
    • H04L63/0807H04L63/104
    • A computer system is presented for facilitating storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. Through enrollment processes, certain domains inform online service providers of identities of attribute information providers that may be used to retrieve user attribute information for a particular user. When performing a user-specific operation with respect to a requested resource, e.g., for personalizing documents using user attribute information or for determining user access privileges for the resource, an e-commerce service provider requires user attribute information, which is retrieved from an attribute information provider that has been previously specified through an enrollment operation. The e-commerce service provider may store the identity of the user's attribute information providers in a persistent token, e.g., an HTTP cookie, that is available when the user sends a request for access to a resource.
    • 提出了一种计算机系统,用于在管理诸如服务之类的信息的实体处促进在联合环境中的用户属性信息的存储和检索。 通过注册过程,某些域通知在线服务提供商可以用于检索特定用户的用户属性信息的属性信息提供者的身份。 当对所请求的资源执行用户特定的操作时,例如用于使用用户属性信息个性化文档或者确定资源的用户访问权限时,电子商务服务提供者需要从属性检索的用户属性信息 以前通过注册操作指定的信息提供者。 电子商务服务提供商可以将用户属性信息提供者的身份存储在用户发送对资源的访问请求时可用的持久令牌,例如HTTP cookie中。