专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070050854A1 Resource based dynamic security authorization 有权
标题翻译：基于资源的动态安全授权
公开(公告)号：US20070050854A1
公开(公告)日：2007-03-01
申请号：US11217748
申请日：2005-09-01
申请人： Jeffrey Cooperstein , Aaron Goldfeder , Gregory Fee , John Hawkins , Venkatraman Kudallur
发明人： Jeffrey Cooperstein , Aaron Goldfeder , Gregory Fee , John Hawkins , Venkatraman Kudallur
IPC分类号： H04L9/00 , G06F17/30 , G06F17/00 , G06F7/04 , H04K1/00 , G06K9/00 , H03M1/68 , H04L9/32 , H04N7/16
CPC分类号： G06F21/53
摘要： Access to a resource by sandboxed code is dynamically authorized by a client security system based on a resource based policy. A sandboxed application running on a client is granted access to a resource based on a resource based policy despite denial of the access based on a static policy associated with the client security system. The granting of access coincides with the determination that the threat to a user or the user's information is not increased should the access be granted.
摘要翻译：通过沙盒代码访问资源由客户端安全系统基于资源的策略动态授权。在客户机上运行的沙盒应用程序被授予对基于资源的策略的资源访问，尽管基于与客户端安全系统相关联的静态策略拒绝访问。准予访问与确定对用户的威胁或用户的信息没有增加的确定是一致的。

2. 发明申请

US20050172126A1 Security requirement determination 有权
标题翻译：安全要求确定
公开(公告)号：US20050172126A1
公开(公告)日：2005-08-04
申请号：US10772207
申请日：2004-02-03
申请人： Sebastian Lange , Gregory Fee , Aaron Goldfeder , Ivan Medvedev , Michael Gashler
发明人： Sebastian Lange , Gregory Fee , Aaron Goldfeder , Ivan Medvedev , Michael Gashler
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/53
摘要： All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.
摘要翻译：托管代码中的一个或多个程序集的所有执行路径都被模拟，以查找每个执行路径的权限。托管代码可以对应于托管共享库或托管应用程序。每个执行路径中的每个调用都具有相应的权限集。当库或应用程序具有不少于执行路径所需权限集的执行权限时，库或应用程序的任何动态执行都不会触发安全异常。模拟执行提供了一种可用于确保正在编写的代码不会超过代码的最大安全许可。对于与应用程序对应的每个程序集以及对应于共享库的每个入口点，工具可以确定权限集。

4. 发明申请

US20060070112A1 Filtering a permission set using permission requests associated with a code assembly 有权
标题翻译：使用与代码程序集相关联的权限请求过滤权限集
公开(公告)号：US20060070112A1
公开(公告)日：2006-03-30
申请号：US11272639
申请日：2005-11-14
申请人： Brian LaMacchia , Loren Kohnfelder , Gregory Fee , Michael Toutonghi
发明人： Brian LaMacchia , Loren Kohnfelder , Gregory Fee , Michael Toutonghi
IPC分类号： H04L9/00 , G06F15/16 , G06F17/00 , H04K1/00 , G06F9/00
CPC分类号： G06F21/52
摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.
摘要翻译：安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。策略管理器可以与计算机系统（例如，Web客户机）一起在运行时环境的验证模块和类加载器的组合中执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。还可以与代码组合相关联地接收许可请求集合。许可请求集可以包括最小请求集，指定代码组件正确运行所需的权限。许可请求集还可以包括可选的请求集合，指定代码组件请求的许可以提供替代级别的功能。此外，许可请求集合可以包括垃圾请求集合，指定不被授予代码组件的权限。权限请求用于过滤权限集以生成权限授予集。

5. 发明申请

US20070005623A1 Process oriented message driven workflow programming model 审中-公开
标题翻译：面向流程的消息驱动工作流程编程模型
公开(公告)号：US20070005623A1
公开(公告)日：2007-01-04
申请号：US11171050
申请日：2005-06-30
申请人： Joseph Self , Craig Sinclair , Gregory Fee , Marcelo Uemura , William Devlin , Pravin Indurkar , David Bozich , Tracey Trewin , Jayesh Rege , Gregory Eisenberg , Jeanine Spence , Wilf Russell , James Waletzky
发明人： Joseph Self , Craig Sinclair , Gregory Fee , Marcelo Uemura , William Devlin , Pravin Indurkar , David Bozich , Tracey Trewin , Jayesh Rege , Gregory Eisenberg , Jeanine Spence , Wilf Russell , James Waletzky
IPC分类号： G06F7/00
CPC分类号： G06Q30/06 , G06Q10/06 , G06Q10/107
摘要： The present application describes a framework for a process oriented message driven workflow programming model where a complex process can be modeled by breaking down the complex process into a coarse grained series of atomic processes that interact through messages. A process is represented as a data structure that includes typed properties and one or more actions. The typed properties are used to associate a process with an incoming message, and the actions are steps that are executed when certain conditions are met by message properties and process data structure properties. A process action may add one or more properties to the process and/or modify an existing property. Processes are invoked and communicate solely through messages. When a process is executed, results of the execution are communicated to one or more other processes or external applications with messages that include any new and/or modified properties.
摘要翻译：本应用程序描述了面向过程的消息驱动工作流程编程模型的框架，其中可以通过将复杂过程分解为通过消息进行交互的粗粒度的一系列原子进程来建模复杂过程。一个进程被表示为一个数据结构，它包括类型化属性和一个或多个动作。类型化属性用于将进程与传入消息相关联，并且操作是在消息属性和过程数据结构属性满足某些条件时执行的步骤。进程操作可以向进程添加一个或多个属性和/或修改现有属性。通过消息调用进程并进行通信。当执行过程时，执行结果被传送到具有包括任何新的和/或修改的属性的消息的一个或多个其他进程或外部应用程序。

6. 发明申请

US20060048099A1 Debugging applications under different permissions 有权
标题翻译：调试不同权限下的应用程序
公开(公告)号：US20060048099A1
公开(公告)日：2006-03-02
申请号：US10929129
申请日：2004-08-27
申请人： David Templin , Gregory Fee , Izydor Gryko , James Cantwell , Michael Eng , Sean Draine , Stephanie Saad
发明人： David Templin , Gregory Fee , Izydor Gryko , James Cantwell , Michael Eng , Sean Draine , Stephanie Saad
IPC分类号： G06F9/44
CPC分类号： G06F11/321 , G06F21/53
摘要： A system and method that allows developers to debug a component while it is restricted by any arbitrary set of specific permissions, or restricted by an existing permission set associated with a security “zone.” A security sandbox is mimicked within the development environment so that developers can study how applications perform inside the sandbox. Developers are able create any sandbox and debug inside it, where violating any bound of the artificial sandbox will throw a security exception and drop the user out on the exact line of code which generated the error, as well as provide helpful information about how to correct the error.
摘要翻译：一种系统和方法，允许开发人员在受任何任意特定权限集合限制或由与安全性“区域”关联的现有权限集限制时调试组件。安全沙箱在开发环境中被模仿，以便开发人员可以研究应用程序在沙箱内的执行情况。开发人员可以在其中创建任何沙盒并进行调试，其中违反人造沙箱的任何界限将抛出安全异常，并将用户放在产生错误的确切代码行上，并提供有关如何纠正的有用信息错误。

7. 发明申请

US20050172133A1 Cross assembly call interception 有权
标题翻译：交叉汇编呼叫截取
公开(公告)号：US20050172133A1
公开(公告)日：2005-08-04
申请号：US10771653
申请日：2004-02-03
申请人： Christopher Brumme , Vance Morrison , Sebastian Lange , Gregory Fee , Dario Russi , Simon Hall , Mahesh Prakriya , Brian Sullivan
发明人： Christopher Brumme , Vance Morrison , Sebastian Lange , Gregory Fee , Dario Russi , Simon Hall , Mahesh Prakriya , Brian Sullivan
IPC分类号： G06F9/46 , G06F21/00 , H04K1/00 , H04L29/06
CPC分类号： H04L63/102 , G06F9/468 , G06F21/52 , G06F21/62 , H04L63/101
摘要： A host intercepts calls between two executables and determines whether the calls are permissible according to the host's security model which can be identify based, such as user identity based—for instance, mapping access rights within a specific data base user context to database object access. Such an identity security model differs from a common language runtime security model where managed code uses Code Access Security to prevent managed assemblies from performing certain operations. Managed assemblies registered with the host are host objects from the host's perspective for which access rights can be defined via security rules, such as are defined for individual user identities. A host can decide access between managed executables based on the host's identity based access rules by trapping any cross assembly calls and deciding whether such calls should proceed or be blocked from taking place based on the corresponding identity security settings.
摘要翻译：主机拦截两个可执行文件之间的调用，并根据主机的可以识别的安全模型（例如基于用户身份的特定数据库用户上下文中将访问权限映射到数据库对象访问）来确定是否允许呼叫。这种身份安全模型与公共语言运行时安全模型不同，托管代码使用代码访问安全性来防止托管程序集执行某些操作。与主机注册的托管程序集是主机视角的主机对象，可以通过安全规则定义访问权限，例如为各个用户身份定义的对象。主机可以基于主机的基于身份的访问规则来决定托管的可执行文件之间的访问，通过捕获任何交叉程序集调用，并根据相应的身份安全设置来确定这些呼叫是应该继续还是被阻止发生。

8. 发明申请

US20060037082A1 Filtering a permission set using permission requests associated with a code assembly 有权
公开(公告)号：US20060037082A1
公开(公告)日：2006-02-16
申请号：US11254839
申请日：2005-10-20
申请人： Brian LaMacchia , Loren Kohnfelder , Gregory Fee , Michael Toutonghi
发明人： Brian LaMacchia , Loren Kohnfelder , Gregory Fee , Michael Toutonghi
IPC分类号： H04L9/32 , G06F17/30 , G06F7/04 , G06K9/00 , H03M1/68 , H04K1/00 , H04L9/00 , H04N7/16
CPC分类号： G06F21/52
摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.

9. 发明申请

US20070192839A1 PARTIAL GRANT SET EVALUATION FROM PARTIAL EVIDENCE IN AN EVIDENCE-BASED SECURITY POLICY MANAGER 有权
标题翻译：基于证据的安全政策管理部分部分证据的部分授权评估
公开(公告)号：US20070192839A1
公开(公告)日：2007-08-16
申请号：US11736295
申请日：2007-04-17
申请人： Gregory Fee , Brian Pratt , Sebastian Lange , Loren Kohnfelder
发明人： Gregory Fee , Brian Pratt , Sebastian Lange , Loren Kohnfelder
IPC分类号： H04L9/32
CPC分类号： G06F21/6218 , G06F21/6209 , G06F2221/2141
摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.
摘要翻译：基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。策略管理器可以基于所接收的代码组件的证据的子集来确定许可授权集合的子集，以便加速代码组合的处理。当证据子集不产生期望的许可子集时，策略管理器然后可以对所接收的所有证据进行评估。

10. 发明申请

US20070005593A1 Attribute-based data retrieval and association 审中-公开
标题翻译：基于属性的数据检索和关联
公开(公告)号：US20070005593A1
公开(公告)日：2007-01-04
申请号：US11170835
申请日：2005-06-30
申请人： Joseph Self , Craig Sinclair , Gregory Fee , Marcelo Uemura , William Devlin , Pravin Indurkar , David Bozich , Tracey Trewin , Jayesh Rege , Gregory Eisenberg , Jeanine Spence
发明人： Joseph Self , Craig Sinclair , Gregory Fee , Marcelo Uemura , William Devlin , Pravin Indurkar , David Bozich , Tracey Trewin , Jayesh Rege , Gregory Eisenberg , Jeanine Spence
IPC分类号： G06F17/30
CPC分类号： G06F16/2462 , G06F16/2457
摘要： In a matching system one or more related techniques use correlators to match entities and to look up metadata. Correlators are names that enable the matching system to associate entities with other entities. Attributes comprised of name/value pairs are used by the matching system to determine if two entities match. When two entities match, a process associated with an entity may be executed using the data associated with one or both of the matching entities. If the matching system is unable to determine a best match, all matching entities are provided to another process or human for further review. The matching system provides for the injection of new entities or correlators, to dynamically change the behavior of the system. Entities can be defined using a hierarchy, so that some of the entity properties are defined through an inheritance relationship with parent entities.
摘要翻译：在匹配系统中，一个或多个相关技术使用相关器来匹配实体并查找元数据。相关者是使匹配系统能够将实体与其他实体关联的名称。由匹配系统使用由名称/值对组成的属性来确定两个实体是否匹配。当两个实体匹配时，可以使用与一个或两个匹配实体相关联的数据来执行与实体相关联的进程。如果匹配系统无法确定最佳匹配，则将所有匹配实体提供给另一个进程或人员进行进一步审查。匹配系统提供新实体或相关器的注入，以动态地改变系统的行为。可以使用层次结构定义实体，以便通过与父实体的继承关系定义某些实体属性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式