专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明申请

US20120173554A1 Method and System for Policy Driven Data Disclosure 有权
标题翻译：政策驱动数据披露的方法和系统
公开(公告)号：US20120173554A1
公开(公告)日：2012-07-05
申请号：US13417705
申请日：2012-03-12
申请人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
发明人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
IPC分类号： G06F17/30
CPC分类号： G06F21/6218
摘要： A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application.
摘要翻译：公开了一种用于控制对属性信息的访问的方法，系统和计算机可用介质。从应用程序接收到属性信息的请求。与请求应用程序相关联的属性发布策略用于过滤存储在数据存储中的属性。然后将过滤的属性提供给请求应用程序。

32. 发明申请

US20110162089A1 Method and System for Policy Driven Data Disclosure 有权
标题翻译：政策驱动数据披露的方法和系统
公开(公告)号：US20110162089A1
公开(公告)日：2011-06-30
申请号：US12648813
申请日：2009-12-29
申请人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
发明人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
IPC分类号： G06F17/30 , G06F21/24
CPC分类号： G06F21/6218
摘要： A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application.
摘要翻译：公开了一种用于控制对属性信息的访问的方法，系统和计算机可用介质。从应用程序接收到属性信息的请求。与请求应用程序相关联的属性发布策略用于过滤存储在数据存储中的属性。然后将过滤的属性提供给请求应用程序。

33. 发明申请

US20110161332A1 Method and System for Policy Driven Data Distribution 有权
标题翻译：策略驱动数据分发方法与系统
公开(公告)号：US20110161332A1
公开(公告)日：2011-06-30
申请号：US12648876
申请日：2009-12-29
申请人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
发明人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
IPC分类号： G06F17/00
CPC分类号： G06F21/6245
摘要： A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.
摘要翻译：公开了用于控制数据分布的方法，系统和计算机可用介质。根据数据发布策略对存储在数据存储区中的数据进行过滤，以生成过滤的数据。生成与数据发布策略相对应的数据发布策略协议。然后将过滤的数据和数据发布策略协议提供给信息消费者。然后，数据发布策略协议用于实施数据发布策略。

34. 发明申请

US20100115284A1 SUPPORT OF TAMPER DETECTION FOR A LOG OF RECORDS 失效
标题翻译：支持记录记录的篡改检测
公开(公告)号：US20100115284A1
公开(公告)日：2010-05-06
申请号：US12263427
申请日：2008-10-31
申请人： Timothy J. Hahn , Heather M. Hinton
发明人： Timothy J. Hahn , Heather M. Hinton
IPC分类号： H04L9/32 , H04L9/06
CPC分类号： G06F21/64 , G06F2221/2101
摘要： Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.
摘要翻译：审计记录的篡改检测包括配置代理，通过从至少一个审计记录产生源获得审计记录，将获取的审计记录分组到审计记录的子集中，并通过加密方式向子集提供篡改证据处理，从而将审计信息添加到审计信息中计算每个审计记录子集签名的机制。代理对子集进行分组，使得每个子集包含至少一个与下一个子集重叠的指定的结转审核记录，使得每个结转审核记录与至少两个签名相关联。因此，代理创建一个数字签名的审计记录子集的重叠链。代理进一步将篡改明显的审计记录从篡改证据添加代理转发到相应的审计日志存储子系统进行存储，存储计算的签名。

35. 发明授权

US07657639B2 Method and system for identity provider migration using federated single-sign-on operation 有权
标题翻译：使用联合单点登录操作的身份提供者迁移的方法和系统
公开(公告)号：US07657639B2
公开(公告)日：2010-02-02
申请号：US11459118
申请日：2006-07-21
申请人： Heather M. Hinton
发明人： Heather M. Hinton
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L63/104
摘要： A method is presented for performing an identity provider migration operation with respect to a user within a federated computational environment, wherein the user has a first user account at a first identity provider, a second user account at a second identity provider, and a third user account at a service provider. A request to access a resource is received by the service provider, after which a federated single-sign-on operation for the user is performed between the service provider and the first identity provider. Prior to sending a response to the request to access the protected resource, information in the third user account is modified to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider. A response for the request to access the resource is then returned by the service provider.
摘要翻译：提出了一种用于对联合计算环境内的用户执行身份提供者迁移操作的方法，其中用户在第一身份提供者处具有第一用户帐户，在第二身份提供商处具有第二用户帐户，以及第三用户帐户在服务提供商。服务提供商接收访问资源的请求，之后在服务提供商和第一身份提供商之间执行用户的联合单点登录操作。在发送对访问受保护资源的请求的响应之前，第三用户帐户中的信息被修改以指示服务提供者依赖于第二身份提供者来代表服务提供商而不是第一身份提供者认证用户。然后由服务提供商返回对访问资源的请求的响应。

36. 发明申请

US20090297043A1 PATTERN SCANNER AND EDITOR FOR SECURITY AUDIT SYSTEMS 审中-公开
标题翻译：图案扫描仪和编辑安全审计系统
公开(公告)号：US20090297043A1
公开(公告)日：2009-12-03
申请号：US12127925
申请日：2008-05-28
申请人： Heather M. Hinton , Ping Wang , Hang Xiao , Jean X. Yu
发明人： Heather M. Hinton , Ping Wang , Hang Xiao , Jean X. Yu
IPC分类号： G06K9/68
CPC分类号： H04L63/1433 , G06F21/552 , H04L63/1425
摘要： A pattern scanner is provided for identifying which portions of a security log entry is unrecognizable by currently defined data patterns. Furthermore, an editor is provided for identifying portions of the security log entry that are recognizable by sub-patterns of the currently defined data patterns and portions of the security log entry that are not recognizable. The editor further provides a user interface through which a user may associated sub-patterns with portions of the security log entry that are not recognized. Moreover, a user interface may be provided for defining new sub-patterns that may be applied to recognizing portions of security log entries. A data pattern based on a combination of sub-patterns for the recognized and unrecognized portions of the security log entry may then be automatically generated.
摘要翻译：提供了一种模式扫描器，用于识别安全日志条目的哪些部分不能被当前定义的数据模式识别。此外，提供了一种编辑器，用于识别安全日志条目的可识别的当前定义的数据模式的子模式和不可识别的安全日志条目的部分的部分。编辑器进一步提供用户界面，通过该用户界面，用户可以将子模式与安全日志条目的不被识别的部分相关联。此外，可以提供用于定义可以应用于识别安全日志条目的部分的新子模式的用户界面。然后可以自动生成基于用于安全日志条目的识别和未识别部分的子模式的组合的数据模式。

37. 发明申请

US20090007097A1 Product install and configuration providing choice of new installation and re-use of existing installation 审中-公开
标题翻译：产品安装和配置提供新安装和重新使用现有安装的选择
公开(公告)号：US20090007097A1
公开(公告)日：2009-01-01
申请号：US11770890
申请日：2007-06-29
申请人： Heather M. Hinton , Ivan M. Milman , Patrick R. Wardrop
发明人： Heather M. Hinton , Ivan M. Milman , Patrick R. Wardrop
IPC分类号： G06F9/445
CPC分类号： G06F8/61 , G06F9/44505
摘要： A method, system and program are provided for managing the installation and configuration of a software product by using a proxy service to loosely couple the installation and/or configuration of constituent modules within the installation/configuration flow of the software product. The proxy service invokes the installation/configuration processing of an existing software component, thereby reducing the complexity associated with installing new component installation processes every time a component is to be supported, especially where the software products and new component(s) do not share the same installation/configuration platforms.
摘要翻译：提供了一种方法，系统和程序，用于通过使用代理服务来在软件产品的安装/配置流程内松散地耦合组件模块的安装和/或配置来管理软件产品的安装和配置。代理服务调用现有软件组件的安装/配置处理，从而降低与每次支持组件时安装新组件安装过程相关的复杂性，特别是在软件产品和新组件不共享的情况下相同的安装/配置平台。

38. 发明申请

US20080134305A1 Method and system for extending authentication methods 有权
标题翻译：用于扩展认证方法的方法和系统
公开(公告)号：US20080134305A1
公开(公告)日：2008-06-05
申请号：US11305646
申请日：2005-12-16
申请人： Heather M. Hinton , Benjamin Harmon , Anthony Moran
发明人： Heather M. Hinton , Benjamin Harmon , Anthony Moran
IPC分类号： H04L9/32
CPC分类号： H04L63/08 , H04L63/0815
摘要： A method is presented for managing authentication credentials for a user. A session management server performs session management with respect to the user for a domain that includes a protected resource. The session management server receives a request to access the protected resource, which requires authentication credentials that have been generated for a first type of authentication context. In response to determining that authentication credentials for the user have been generated for a second type of authentication context, the session management server sends to an authentication proxy server a first message that contains the authentication credentials for the user and an indicator for the first type of authentication context. The session management server subsequently receives a second message that contains updated authentication credentials for the user that indicate that the updated authentication credentials have been generated for the first type of authentication context.
摘要翻译：呈现用于管理用户的认证凭证的方法。会话管理服务器针对包含受保护资源的域对用户执行会话管理。会话管理服务器接收访问受保护资源的请求，该请求需要为第一类型的认证上下文生成的认证凭证。为了响应于确定用于第二类型的认证上下文的用户的认证凭证，会话管理服务器向认证代理服务器发送包含用户的认证凭证的第一消息和用于第一类型的认证凭证的指示符认证上下文。会话管理服务器随后接收第二消息，该第二消息包含用于指示为第一类型的认证上下文生成了更新的认证凭证的用户的更新认证证书。

39. 发明申请

US20080022362A1 METHOD AND SYSTEM FOR SYNCHRONIZED ACCESS CONTROL IN A WEB SERVICES ENVIRONMENT 有权
标题翻译： WEB服务环境中同步访问控制的方法与系统
公开(公告)号：US20080022362A1
公开(公告)日：2008-01-24
申请号：US11456190
申请日：2006-07-08
申请人： Heather M. Hinton , Ivan M. Milman
发明人： Heather M. Hinton , Ivan M. Milman
IPC分类号： H04L9/32
CPC分类号： H04L63/101 , G06F17/30876 , G06F21/604 , G06F21/6218 , G06F21/6236
摘要： Access controls for a Web service (which controls are based on abstract WSDL definitions) are defined for a WSDL defined protected object space and, as such, are loosely coupled with the concrete WSDL binding derived from those definitions, preferably on a per binding level. This WSDL-defined POS is in turn loosely bound to a resource-specific protected object space definition. This loose coupling is leveraged to allow changes (e.g., updates) to the abstract WSDL binding's protected object space to be transitively applied to the application-specific protected object space. If appropriate, changes to the resource-specific protected object space may be applied to the WSDL's protected object space. Thus, according to the invention, the coupling may be one-way (typically, from the WSDL POS to the resource level POS) or two-way (from the WSDL POS to the resource level POS and vice versa). This technique ensures that different security policies are not applied unintentionally to the same resource (for example, one at the Web services entry level, and the other at the resource level). By synchronizing the protected object spaces in the manner described, neither the entity that deploys the application nor the security administrator need to be aware of the differences between the Web service request and the resource request.
摘要翻译：针对WSDL定义的受保护对象空间定义了一个Web服务（基于抽象WSDL定义的控件）的访问控制，因此与从这些定义派生的具体WSDL绑定松散耦合，优选地在每个绑定级别上。这个WSDL定义的POS又松动地绑定到特定于资源的受保护对象空间定义。利用这种松散耦合来允许将抽象WSDL绑定的受保护对象空间的更改（例如，更新）传递性地应用于应用程序特定的受保护对象空间。如果适用，对资源特定的受保护对象空间的更改可能会应用于WSDL的受保护对象空间。因此，根据本发明，耦合可以是单向的（通常从WSDL POS到资源级POS）或双向（从WSDL POS到资源级POS，反之亦然）。这种技术可以确保不同意的资源（例如，一个在Web服务条目级别，另一个在资源级）不同的安全策略。通过以所描述的方式同步受保护的对象空间，部署应用程序的实体和安全管理员都不需要了解Web服务请求与资源请求之间的差异。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式