专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07844496B2 Method and system for processing a request of a customer 失效
标题翻译：用于处理客户请求的方法和系统
公开(公告)号：US07844496B2
公开(公告)日：2010-11-30
申请号：US10429365
申请日：2003-05-05
申请人： Joy Algesheimer , Christian Cachin , Jan Camenisch , Guenter Karjoth
发明人： Joy Algesheimer , Christian Cachin , Jan Camenisch , Guenter Karjoth
IPC分类号： G06Q30/00
CPC分类号： G06Q99/00 , G06Q30/0633
摘要： The invention provides methods, apparatus and systems for securely processing an originator request of a customer. This originator request can be sent to at least one first entity. An example of a method for processing the originator request comprises the steps of a) sending from the customer the originator request to each first entity; b) connecting each first entity to a computation entity; c) each first entity, adding, on receipt of the originator request, information concerning the originator request thereby forming a first-modified request; d) sending at least part of the first-modified request to at least the computation entity; e) the computation entity having received at least part of the first-modified request deriving a computation-entity result from the at least part of the first-modified request; f) sending at least part of the computation-entity result to each first entity; g) each first entity having received at least part of the computation-entity result deriving therefrom a first-entity result and forwarding it at least in part; and h) the customer having received at least part of the first-entity result, deriving therefrom a customer result.
摘要翻译：本发明提供了用于安全地处理客户的发起者请求的方法，装置和系统。该发起者请求可以被发送到至少一个第一实体。用于处理发起者请求的方法的示例包括以下步骤：a）从客户发送发起者请求到每个第一实体; b）将每个第一实体连接到计算实体; c）每个第一实体，在接收到发起者请求时添加关于发起者请求的信息，从而形成第一修改的请求; d）至少将所述第一修改请求的至少一部分发送给所述计算实体; e）所述计算实体已经从所述第一修改请求的所述至少一部分中接收到所述第一修改请求的至少一部分导出计算实体结果; f）将至少部分计算实体结果发送给每个第一实体; g）每个第一实体已经接收到至少部分计算实体结果，从而导出第一实体结果并至少部分地转发该结果; 以及h）所述客户已经接收到所述第一实体结果的至少一部分，从而得到客户结果。

2. 发明申请

US20070194879A1 Method and device for detecting an invalid RFID tag and method for manufacturing an RFID tag 审中-公开
标题翻译：用于检测无效RFID标签的方法和装置以及用于制造RFID标签的方法
公开(公告)号：US20070194879A1
公开(公告)日：2007-08-23
申请号：US11415796
申请日：2006-05-02
申请人： Michael Backes , Christian Cachin , Sastry Duri , Guenter Karjoth , Luke O'Connor
发明人： Michael Backes , Christian Cachin , Sastry Duri , Guenter Karjoth , Luke O'Connor
IPC分类号： G05B19/00
CPC分类号： G06K7/0008
摘要： For detecting an invalid RFID tag, an identifier and authentication information is read from a given RFID tag. The authentication information is then verified dependent on at least a given part (IDP_TAG) of the identifier (ID_TAG) and it is determined that the given RFID tag is the invalid RFID tag if the verification was negative. Accordingly, an RFID tag is manufactured by determining an identifier (ID), determining an authentication information dependent on at least a given part (IDP) of the identifier (ID) and storing the identifier (ID) and the authentication information on or in the RFID tag.
摘要翻译：为了检测无效的RFID标签，从给定的RFID标签中读取标识符和认证信息。然后验证信息取决于标识符（ID_TAG）的给定部分（IDP_TAG），并且如果验证是否定的，则确定给定的RFID标签是无效的RFID标签。因此，通过确定标识符（ID），确定依赖于标识符（ID）的至少一个给定部分（IDP）的认证信息并将标识符（ID）和认证信息存储在或在其中，来制造RFID标签 RFID标签。

3. 发明申请

US20110035241A1 Anonymous Separation of Duties with Credentials 失效
标题翻译：匿名分离职责与证书
公开(公告)号：US20110035241A1
公开(公告)日：2011-02-10
申请号：US12536874
申请日：2009-08-06
申请人： Jan Camenisch , Christopher J. Giblin , Thomas R. Gross , Guenter Karjoth
发明人： Jan Camenisch , Christopher J. Giblin , Thomas R. Gross , Guenter Karjoth
IPC分类号： G06Q10/00 , G06Q99/00
CPC分类号： G06Q10/00 , G06Q10/063 , G06Q20/383 , G06Q30/018
摘要： A system for anonymous separation of duties with credentials includes an identity provider, the identity provider configured to issue anonymous credentials to a user based on one or more attributes of the user; a service provider, the service provider configured to issue a pseudonym to the user based on the user's anonymous credentials, and to associate the user's pseudonym with a step of an instance of a business process hosted on the service provider, the step being completed by the user; and an auditor, the auditor configured to determine if the completion of the step of the instance of the business process by the user is compliant with a separation of duties policy.
摘要翻译：用于凭借凭证匿名分离职责的系统包括身份提供者，身份提供者被配置为基于用户的一个或多个属性向用户发布匿名凭证; 服务提供商，所述服务提供商被配置为基于所述用户的匿名凭证向所述用户发布假名，并且将所述用户的假名与所述服务提供商上托管的业务流程的实例的步骤相关联，所述步骤由用户; 和审核员，审核员被配置为确定用户完成业务流程实例的步骤是否符合职责分离政策。

4. 发明授权

US07069427B2 Using a rules model to improve handling of personally identifiable information 失效
公开(公告)号：US07069427B2
公开(公告)日：2006-06-27
申请号：US09884153
申请日：2001-06-19
申请人： Steven B. Adler , Endre Felix Bangerter , Nigel Howard Julian Brown , Jan Camenisch , Arthur M. Gilbert , Guenter Karjoth , Dogan Kesdogan , Michael Robert McCullough , Adam Charles Nelson , Charles Campbell Palmer , Martin Joseph Clayton Presler-Marshall , Michael Schnyder , Elsie Van Herreweghen , Michael Waidner
发明人： Steven B. Adler , Endre Felix Bangerter , Nigel Howard Julian Brown , Jan Camenisch , Arthur M. Gilbert , Guenter Karjoth , Dogan Kesdogan , Michael Robert McCullough , Adam Charles Nelson , Charles Campbell Palmer , Martin Joseph Clayton Presler-Marshall , Michael Schnyder , Elsie Van Herreweghen , Michael Waidner
IPC分类号： G06F9/00
CPC分类号： G06F21/6254 , G06F21/6245
摘要： The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.

5. 发明授权

US08458764B2 Serialization of XACML policies 失效
标题翻译： XACML策略的序列化
公开(公告)号：US08458764B2
公开(公告)日：2013-06-04
申请号：US12419445
申请日：2009-04-07
申请人： Guenter Karjoth , Andreas Schade
发明人： Guenter Karjoth , Andreas Schade
IPC分类号： G06F17/00
CPC分类号： H04L63/101 , G06F21/6227 , G06F2221/2141 , G06F2221/2145 , G06F2221/2149 , H04L63/20 , H04L67/2823
摘要： A computer implemented access control system, the system includes a database for storing a serialized version of an XACML permissions hierarchy. The system also includes a memory for storing an original version of the XACML permissions hierarchy, and an XACML serialization engine configured to convert the XACML permissions hierarchy into the serialized version, wherein the serialized version contains a listing of at least a portion of the predicates possible in the XACML permission hierarchy and the effect on each of the portion of the predicates.
摘要翻译：一种计算机实现的访问控制系统，该系统包括用于存储XACML权限层级的序列化版本的数据库。该系统还包括用于存储XACML许可层次的原始版本的存储器，以及被配置为将XACML权限层级转换为序列化版本的XACML序列化引擎，其中序列化版本包含可能的至少一部分谓词的列表在XACML权限层次结构中以及对谓词中每一部分的影响。

6. 发明申请

US20110247046A1 Access control in data processing systems 失效
标题翻译：数据处理系统中的访问控制
公开(公告)号：US20110247046A1
公开(公告)日：2011-10-06
申请号：US13077881
申请日：2011-03-31
申请人： Thomas R. Gross , Guenter Karjoth
发明人： Thomas R. Gross , Guenter Karjoth
IPC分类号： G06F21/00
CPC分类号： H04L63/10 , G06F21/00 , G06F21/6218 , G06F2221/2141 , H04L63/20
摘要： A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.
摘要翻译：策略数据结构定义了预定授权，每个授权涉及至少一个用户访问至少一个资源以及动态访问请求的授权。每个动态访问请求指示通过与访问资源的用户请求相关联的相应属性集以及在没有对请求的授权决定性的情况下被授予的请求来满足的条件。如果结构没有定义对访问资源的请求的授权，则确定结构是否定义了针对请求的动态访问需求确定性，如果是，则是否根据相关属性集合来授予请求与请求。对于至少一个请求，在确定是否授予请求之后，向该结构添加与请求中访问资源的授权有关的动态授权。

7. 发明申请

US20060184995A1 Creating a privacy policy from a process model and verifying the compliance 审中-公开
标题翻译：从过程模型创建隐私策略并验证合规性
公开(公告)号：US20060184995A1
公开(公告)日：2006-08-17
申请号：US11317396
申请日：2005-12-22
申请人： Michael Backes , Guenter Karjoth , Birgit Pfitzmann , Matthias Schunter , Michael Waidner
发明人： Michael Backes , Guenter Karjoth , Birgit Pfitzmann , Matthias Schunter , Michael Waidner
IPC分类号： H04L9/00
CPC分类号： G06Q10/06 , G06Q10/063
摘要： The present invention provides methods and apparatus for creating a privacy policy from a process model, and methods and apparatus for checking the compliance of a privacy policy. An example of a method for creating a privacy policy from a process model according to the invention comprises the following steps. First, a task from the process model is chosen. Then one or more of the elements role, data, purpose, action, obligation, and condition are gathered from the task and a rule is build up by means of these elements. Finally the rule is added to the privacy policy.
摘要翻译：本发明提供了用于从过程模型创建隐私策略的方法和装置，以及用于检查隐私策略的合规性的方法和装置。根据本发明的用于从过程模型创建隐私策略的方法的示例包括以下步骤。首先，选择过程模型的任务。然后，从任务中收集一个或多个元素的角色，数据，目的，行为，义务和条件，并通过这些元素建立规则。最后将规则添加到隐私政策中。

8. 发明授权

US08875224B2 Access control in data processing system 有权
标题翻译：数据处理系统中的访问控制
公开(公告)号：US08875224B2
公开(公告)日：2014-10-28
申请号：US13460842
申请日：2012-05-01
申请人： Thomas R. Gross , Guenter Karjoth
发明人： Thomas R. Gross , Guenter Karjoth
IPC分类号： G06F9/00 , G06F21/00
CPC分类号： H04L63/10 , G06F21/00 , G06F21/6218 , G06F2221/2141 , H04L63/20
摘要： A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.
摘要翻译：策略数据结构定义了预定授权，每个授权涉及至少一个用户访问至少一个资源以及动态访问请求的授权。每个动态访问请求指示通过与访问资源的用户请求相关联的相应属性集以及在没有对请求的授权决定性的情况下被授予的请求来满足的条件。如果结构没有定义用于访问资源的请求的授权，则确定结构是否定义了针对请求的动态访问需求确定性，并且如果是，是否根据相关属性集合来授予请求与请求。对于至少一个请求，在确定是否授予请求之后，向该结构添加与请求中访问资源的授权有关的动态授权。

9. 发明申请

US20120216247A1 Access control in data processing system 有权
标题翻译：数据处理系统中的访问控制
公开(公告)号：US20120216247A1
公开(公告)日：2012-08-23
申请号：US13460842
申请日：2012-05-01
申请人： Thomas R. Gross , Guenter Karjoth
发明人： Thomas R. Gross , Guenter Karjoth
IPC分类号： G06F21/00
CPC分类号： H04L63/10 , G06F21/00 , G06F21/6218 , G06F2221/2141 , H04L63/20
摘要： A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.
摘要翻译：策略数据结构定义了预定授权，每个授权涉及至少一个用户访问至少一个资源以及动态访问请求的授权。每个动态访问请求指示通过与访问资源的用户请求相关联的相应属性集以及在没有对请求的授权决定性的情况下被授予的请求来满足的条件。如果结构没有定义用于访问资源的请求的授权，则确定结构是否定义了针对请求的动态访问需求确定性，并且如果是，是否根据相关属性集合来授予请求与请求。对于至少一个请求，在确定是否授予请求之后，向该结构添加与请求中访问资源的授权有关的动态授权。

10. 发明授权

US07617393B2 Implementation and use of PII data access control facility employing personally identifying information labels and purpose serving function sets 有权
标题翻译：实施和使用使用个人识别信息标签和目的服务功能集的PII数据访问控制设施
公开(公告)号：US07617393B2
公开(公告)日：2009-11-10
申请号：US11764487
申请日：2007-06-18
申请人： Linda Betz , John C. Dayka , Walter B. Farrell , Richard H. Guski , Guenter Karjoth , Mark A. Nelson , Birgit M. Pfitzmann , Michael P. Waidner , Matthias Schunter
发明人： Linda Betz , John C. Dayka , Walter B. Farrell , Richard H. Guski , Guenter Karjoth , Mark A. Nelson , Birgit M. Pfitzmann , Michael P. Waidner , Matthias Schunter
IPC分类号： H04L29/00
CPC分类号： G06F21/629 , G06F21/6245 , G06F2221/2101 , G06F2221/2113 , G06F2221/2141 , G06F2221/2149
摘要： A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.
摘要翻译：通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式