专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

61. 发明授权

US07058717B2 Method and system for providing highly available services based on a load balancing policy and a reusable connection context object 失效
标题翻译：基于负载平衡策略和可重用连接上下文对象提供高可用性服务的方法和系统
公开(公告)号：US07058717B2
公开(公告)日：2006-06-06
申请号：US10205540
申请日：2002-07-25
申请人： Ching-Yun Chao , Chunlong Liang
发明人： Ching-Yun Chao , Chunlong Liang
IPC分类号： G06F15/173 , G06F9/46
CPC分类号： H04L67/1008 , H04L29/06 , H04L41/0893 , H04L41/0896 , H04L67/1002 , H04L67/1017 , H04L67/1029 , H04L67/1034 , H04L67/306 , H04L69/329 , H04L69/40 , H04L2029/06054
摘要： An example of a solution provided here comprises: providing a connection pool, said connection pool including a connection for each of a plurality of servers; applying a load-balancing policy to said connection pool; and assigning a connection from said connection pool to a client, according to said load-balancing policy. Another example of a solution comprises: providing a plurality of directory servers; providing a connection pool, said connection pool including a connection for each of said plurality of directory servers; applying a load-balancing policy to said connection pool; and assigning a connection from said connection pool to a client, according to said load-balancing policy. Methods for providing highly available services, systems for executing such methods, and instructions on a computer-usable medium, for executing such methods, are provided.
摘要翻译：这里提供的解决方案的示例包括：提供连接池，所述连接池包括用于多个服务器中的每一个的连接; 对所述连接池应用负载均衡策略; 以及根据所述负载均衡策略将连接从所述连接池分配给客户端。解决方案的另一示例包括：提供多个目录服务器; 提供连接池，所述连接池包括用于所述多个目录服务器中的每一个的连接; 对所述连接池应用负载均衡策略; 以及根据所述负载均衡策略将连接从所述连接池分配给客户端。提供了用于提供高可用性服务的方法，用于执行这些方法的系统以及用于执行这些方法的计算机可用介质上的指令。

62. 发明申请

US20050154887A1 System and method for secure network state management and single sign-on 审中-公开
标题翻译：用于安全网络状态管理和单点登录的系统和方法
公开(公告)号：US20050154887A1
公开(公告)日：2005-07-14
申请号：US10755835
申请日：2004-01-12
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung , Carlton Mason , Karkala Reddy , Vishwanath Venkataramappa , Dennis Riddlemoser
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung , Carlton Mason , Karkala Reddy , Vishwanath Venkataramappa , Dennis Riddlemoser
IPC分类号： G06F11/30 , G06F21/00 , H04L9/00
CPC分类号： G06F21/41 , G06F2221/2151
摘要： State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.
摘要翻译：状态管理（cookie）数据被加密，使得包含在cookie中的访问控制数据不能被用户修改。使用Cookie数据中的各种字段执行散列算法，并且哈希值被加密。哈希值与诸如用户标识符和时间戳的其他数据组合，并被加密以形成cookie值。收到请求后，将检查Cookie数据。如果令牌值不在服务器的缓存中，那么令牌被认证便于客户端在服务器之间移动。如果cookie不存在或超时，那么用户将使用传统手段进行身份验证。

63. 发明授权

US07454786B2 Method for integrated security roles 失效
标题翻译：集成安全角色的方法
公开(公告)号：US07454786B2
公开(公告)日：2008-11-18
申请号：US10401334
申请日：2003-03-27
申请人： David Yu Chang , Ching-Yun Chao
发明人： David Yu Chang , Ching-Yun Chao
IPC分类号： G06F21/00 , G06F15/173 , H04L9/00
CPC分类号： H04L63/102 , G06F21/6236
摘要： A method for integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application's role-mapping table or by adding upstream user-to-role mappings to a downstream application's role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.
摘要翻译：提出了一种集成安全角色的方法。上游应用程序包括一个或多个对应于上游安全角色和下游安全角色的角色映射要求。通过在下游应用程序的角色映射表中添加上游安全角色标识符，或通过向下游应用程序的角色映射表添加上游用户到角色映射来扩展上游安全角色。当扩展上游安全角色时，分配给上游安全角色的用户可以自动访问角色映射的下游应用程序。

64. 发明授权

US07337318B2 Method and apparatus for preventing rogue implementations of a security-sensitive class interface 失效
标题翻译：防止安全敏感类接口的恶意实现的方法和装置
公开(公告)号：US07337318B2
公开(公告)日：2008-02-26
申请号：US10376113
申请日：2003-02-27
申请人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung
发明人： Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung
IPC分类号： H04L9/00
CPC分类号： G06F21/64
摘要： A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object. These one or more methods determine the validity of the credential object by retrieving the encrypted UID from the private class stored in the server runtime environment, decrypting the UID and comparing it to the decrypted UID stored in the private field of the credential object. If the two UIDs match, a determination is made that the credential object was created by the server runtime environment rather than a rogue application. If the two UIDs do not match, or if there is no UID in the credential object, then a false result will be returned by the verification class.
摘要翻译：提供了用于防止安全敏感类接口的流氓实现的方法和装置。使用该方法和装置，当服务器进程启动时，由服务器进程创建唯一标识符（UID）。服务器进程（即服务器运行时环境）在服务器进程启动后实例化新的凭据对象时，加密的UID将被放置在新凭证对象内的私有字段中。此外，UID被加密并存储在服务器运行时环境的私有类中。在服务器运行时环境中提供了一个验证类，其中包括一个或多个接收凭证对象作为参数的方法，并返回true或false作为证书对象的有效性。这些一个或多个方法通过从存储在服务器运行时环境中的私有类中检索加密的UID来确定凭证对象的有效性，解密UID并将其与存储在证书对象的私有字段中的解密的UID进行比较。如果两个UID匹配，则确定凭据对象是由服务器运行时环境创建的，而不是流氓应用程序。如果两个UID不匹配，或者如果凭证对象中没有UID，那么验证类将返回一个错误的结果。

65. 发明申请

US20080034202A1 METHOD AND APPARATUS FOR PREVENTING ROGUE IMPLEMENTATIONS OF A SECURITY-SENSITIVE CLASS INTERFACE 失效
公开(公告)号：US20080034202A1
公开(公告)日：2008-02-07
申请号：US11867015
申请日：2007-10-04
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung
IPC分类号： H04L9/00
CPC分类号： G06F21/64
摘要： A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object. These one or more methods determine the validity of the credential object by retrieving the encrypted UID from the private class stored in the server runtime environment, decrypting the UID and comparing it to the decrypted UID stored in the private field of the credential object. If the two UIDs match, a determination is made that the credential object was created by the server runtime environment rather than a rogue application. If the two UIDs do not match, or if there is no UID in the credential object, then a false result will be returned by the verification class.

66. 发明申请

US20070271618A1 SECURING ACCESS TO A SERVICE DATA OBJECT 审中-公开
标题翻译：安全访问服务数据对象
公开(公告)号：US20070271618A1
公开(公告)日：2007-11-22
申请号：US11419245
申请日：2006-05-19
申请人： CHING-YUN CHAO , Yi-Hsiu Wei
发明人： CHING-YUN CHAO , Yi-Hsiu Wei
IPC分类号： H04L9/32 , H04L9/00 , G06K9/00 , G06F17/30 , G06F7/04 , H03M1/68 , H04K1/00 , H04N7/16 , G06F17/00
CPC分类号： G06F21/6218 , H04L9/3247 , H04L9/3263 , H04L63/0823 , H04L63/20 , H04L2209/56 , H04L2209/80
摘要： Methods, systems, and computer program products are disclosed for securing access to a service data object that include providing a service data object having an embedded security policy, and enforcing by the object the security policy of the object. Securing access to a service data object may include establishing a trust relationship with a trusted environment, transmitting the object to the trusted environment, and enforcing by the object the security policy of the object in the trusted environment. Securing access to a service data object may include exposing an interface to provide access to the object in dependence upon an authorization policy of the security policy for an authenticated user. Securing access to a service data object may include exposing attributes of the object in dependence upon an authorization policy of the security policy for an authenticated user.
摘要翻译：公开了方法，系统和计算机程序产品，用于保护对包括提供具有嵌入式安全策略的服务数据对象的服务数据对象的访问，以及由对象强制对象的安全策略。保护对服务数据对象的访问可以包括建立与可信环境的信任关系，将对象发送到可信环境，以及由对象强制可信环境中对象的安全策略。保护对服务数据对象的访问可以包括暴露接口以根据认证用户的安全策略的授权策略提供对对象的访问。保护对服务数据对象的访问可以包括根据认证用户的安全策略的授权策略来公开对象的属性。

67. 发明申请

US20060133615A1 Method and system for using a portable computing device as a smart key device 有权
标题翻译：使用便携式计算设备作为智能钥匙设备的方法和系统
公开(公告)号：US20060133615A1
公开(公告)日：2006-06-22
申请号：US11014067
申请日：2004-12-16
申请人： Steven Bade , Ching-Yun Chao
发明人： Steven Bade , Ching-Yun Chao
IPC分类号： H04L9/00
CPC分类号： G06F21/33 , G06F21/34 , G06F21/445 , H04L9/3265 , H04L9/3273 , H04L2209/56 , H04L2209/805
摘要： A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.
摘要翻译：包括第一密码装置的第一数据处理系统与包括第二密码装置的第二数据处理系统通信地耦合。然后密码设备会自己相互认证。第一加密设备存储与第二数据处理系统相关联的第一非对称密码密钥对和第二非对称密码密钥对的公钥的私钥。第二加密设备存储第二非对称密码密钥对的私钥和与第一数据处理系统相关联的第一非对称密码密钥对的公开密钥。响应于成功地执行两个加密系统之间的相互认证操作，第一数据处理系统能够在第一数据处理系统保持与第二数据处理系统通信耦合的同时在第一密码装置上调用敏感的加密功能。

68. 发明申请

US20060020813A1 Dynamic cache lookup based on dynamic data 失效
公开(公告)号：US20060020813A1
公开(公告)日：2006-01-26
申请号：US10881962
申请日：2004-06-30
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung
IPC分类号： H04L9/00
CPC分类号： H04L63/0815 , G06F21/31 , H04L63/083
摘要： A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup

69. 发明申请

US20060015727A1 Method and apparatus for identifying purpose and behavior of run time security objects using an extensible token framework 有权
公开(公告)号：US20060015727A1
公开(公告)日：2006-01-19
申请号：US10882053
申请日：2004-06-30
申请人： Peter Birk , Ching-Yun Chao , Hyen Chung
发明人： Peter Birk , Ching-Yun Chao , Hyen Chung
IPC分类号： H04L9/00
CPC分类号： H04L63/0281 , H04L63/08 , H04L63/083 , H04L63/104
摘要： An extensible token framework is provided for identifying purpose and behavior of run time security objects. The framework includes a set of marker token interfaces, which extends from a default token interface. A service provider may implement one or more marker token interfaces for a Subject or a thread of execution. A service provider may also implement its own custom marker tokens to perform custom operations. The security infrastructure runtime recognizes behavior and purpose of run time security objects based on the marker or custom marker token interfaces the token implements and handles the security objects accordingly.

70. 发明申请

US20050154898A1 Method and system for protecting master secrets using smart key devices 有权
标题翻译：使用智能钥匙装置保护主机秘密的方法和系统
公开(公告)号：US20050154898A1
公开(公告)日：2005-07-14
申请号：US10753818
申请日：2004-01-08
申请人： Ching-Yun Chao
发明人： Ching-Yun Chao
IPC分类号： G06F21/00 , H04K1/00 , H04L9/32
CPC分类号： G06F21/445 , G06F21/602 , G06F2221/2153 , H04L9/3247 , H04L9/3265 , H04L9/3273 , H04L2209/805
摘要： A data processing system accepts a removable hardware device, which becomes electrically engaged with a system unit within the data processing system, after which the removable hardware device and the hardware security unit mutually authenticate themselves. The removable hardware device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable hardware device. In response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit.
摘要翻译：数据处理系统接受与数据处理系统内的系统单元电接合的可移动硬件设备，之后可拆卸硬件设备和硬件安全单元相互认证自身。可拆卸硬件设备存储与硬件安全单元相关联的第一非对称加密密钥对和第二非对称密码密钥对的公钥的私钥，并且硬件安全单元存储第二非对称密码密钥的私钥对和与可移除硬件设备相关联的第一非对称加密密钥对的公开密钥。响应于成功地执行可移动硬件设备和硬件安全单元之间的相互认证操作，系统单元能够在硬件安全单元处调用密码功能，同时可拆卸硬件设备保持与系统单元电气接合。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式