专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07836510B1 Fine-grained attribute access control 有权
标题翻译：细粒度属性访问控制
公开(公告)号：US07836510B1
公开(公告)日：2010-11-16
申请号：US10836991
申请日：2004-04-30
申请人： Rajeev Angal , Qingwen Cheng , Heng-Ming Hsu , Malla Simhachalam , Dilli Dorai Minnal Arumugam
发明人： Rajeev Angal , Qingwen Cheng , Heng-Ming Hsu , Malla Simhachalam , Dilli Dorai Minnal Arumugam
IPC分类号： G06F21/22
CPC分类号： G06F21/6218
摘要： A mechanism is disclosed for enabling an attribute provider service (APS), which provides access to one or more attributes, to control access to the attributes at the attribute level. In one implementation, a request is received, which specifies a particular attribute that is desired to be accessed from an attribute repository. In response to this request, a policy that applies to the particular attribute is accessed. The policy is then processed to determine whether access to the particular attribute is to be allowed or denied. With the above mechanism, it is possible to control access to attributes at the attribute level rather than at the service level. Because access control is exercised at such a low level, an administrator can exercise much tighter and precise control over how attributes provided by an APS are accessed.
摘要翻译：公开了一种用于启用属性提供者服务（APS）的机制，其提供对一个或多个属性的访问以控制对属性级别的属性的访问。在一个实现中，接收到请求，该请求指定希望从属性存储库访问的特定属性。响应于此请求，访问适用于特定属性的策略。然后处理该策略以确定是否允许或拒绝对特定属性的访问。利用上述机制，可以控制对属性级别而不是服务级别的属性的访问。由于访问控制以如此低的水平运行，所以管理员可以对如何访问由APS提供的属性进行更严格和精确的控制。

2. 发明授权

US08099768B2 Method and system for multi-protocol single logout 有权
标题翻译：多协议单一注销的方法和系统
公开(公告)号：US08099768B2
公开(公告)日：2012-01-17
申请号：US12233377
申请日：2008-09-18
申请人： Qingwen Cheng , Ping Luo , Andrew Patterson , Rajeev Angal
发明人： Qingwen Cheng , Ping Luo , Andrew Patterson , Rajeev Angal
IPC分类号： H04L29/00
CPC分类号： G06F21/41 , H04L63/0815 , H04L69/18
摘要： A method for multi-protocol logout. The method includes receiving, by a first identity provider, a logout request from a user agent, wherein the first identity provider executes in a federation manager, and initiating a logout on a service provider associated with the first identity provider based on the logout request by the first identity provider. The method further includes identifying, by the federation manager, a plurality of identity providers associated with the user agent, wherein the plurality of identity providers communicate using heterogeneous federation protocols, and initiating, by the federation manager, a logout on each of the plurality of identity providers based on the logout request using the plurality of heterogeneous federation protocols. The method further includes initiating, by the plurality of identity providers, a logout of each service provider corresponding to the plurality of identity providers, identifying a status of each logout, and sending the status to the user agent.
摘要翻译：一种多协议注销的方法。所述方法包括由第一身份提供者接收来自用户代理的注销请求，其中所述第一身份提供者在联合管理器中执行，并且基于所述注销请求，在与所述第一身份提供商相关联的服务提供商上发起登出第一个身份提供商。所述方法还包括由所述联盟管理器识别与所述用户代理相关联的多个身份提供者，其中所述多个身份提供者使用异构联盟协议进行通信，并且由所述联盟管理器发起在所述多个基于使用多个异构联合协议的注销请求的身份提供者。所述方法还包括由所述多个身份提供者发起对应于所述多个身份提供者的每个服务提供商的注销，识别每个注销的状态，以及将所述状态发送给所述用户代理。

3. 发明授权

US07565356B1 Liberty discovery service enhancements 有权
标题翻译：自由发现服务增强
公开(公告)号：US07565356B1
公开(公告)日：2009-07-21
申请号：US10837146
申请日：2004-04-30
申请人： Emily Hong Xu , Qingwen Cheng , Rajeev Angal , Xuerbin Lue
发明人： Emily Hong Xu , Qingwen Cheng , Rajeev Angal , Xuerbin Lue
IPC分类号： G06F17/30
CPC分类号： H04L63/08 , Y10S707/99933 , Y10S707/99936 , Y10S707/99939 , Y10S707/99943
摘要： A mechanism is disclosed for providing a user's web service provider's (WSP's) access information to a web service consumer (WSC). In one embodiment, a directory service provider (DSP) receives, from a WSC, a request for a particular user's WSP access information. The request contains identifying information that is associated with the particular user. A repository indicates, for each user, an associated user characteristic. Each user characteristic is associated with a separate template object that indicates one or more WSP instances' access information. In response to receiving the request, the DSP determines, from the repository, the user characteristic that is associated with the particular user. The DSP sends, in a response to the WSC's request, the one or more WSP instances' access information that is indicated in the template object that is associated with the particular user's associated user characteristic. The WSC may use the WSP access information to direct a query to a particular WSP.
摘要翻译：公开了一种用于向Web服务消费者（WSC）提供用户的web服务提供商（WSP））访问信息的机制。在一个实施例中，目录服务提供商（DSP）从WSC接收对特定用户的WSP访问信息的请求。请求包含与特定用户相关联的标识信息。存储库为每个用户指示相关联的用户特性。每个用户特征与指示一个或多个WSP实例的访问信息的单独的模板对象相关联。响应于接收到请求，DSP从存储库确定与特定用户相关联的用户特性。 DSP响应于WSC的请求，发送与特定用户的关联用户特征相关联的模板对象中指示的一个或多个WSP实例的访问信息。 WSC可以使用WSP访问信息来将查询引导到特定的WSP。

4. 发明申请

US20100071056A1 METHOD AND SYSTEM FOR MULTI-PROTOCOL SINGLE LOGOUT 有权
标题翻译：用于多协议单出口的方法和系统
公开(公告)号：US20100071056A1
公开(公告)日：2010-03-18
申请号：US12233377
申请日：2008-09-18
申请人： Qingwen Cheng , Ping Luo , Rajeev Angal , Andrew Patterson
发明人： Qingwen Cheng , Ping Luo , Rajeev Angal , Andrew Patterson
IPC分类号： H04L9/32
CPC分类号： G06F21/41 , H04L63/0815 , H04L69/18
摘要： A method for multi-protocol logout. The method includes receiving, by a first identity provider, a logout request from a user agent, wherein the first identity provider executes in a federation manager, and initiating a logout on a service provider associated with the first identity provider based on the logout request by the first identity provider. The method further includes identifying, by the federation manager, a plurality of identity providers associated with the user agent, wherein the plurality of identity providers communicate using heterogeneous federation protocols, and initiating, by the federation manager, a logout on each of the plurality of identity providers based on the logout request using the plurality of heterogeneous federation protocols. The method further includes initiating, by the plurality of identity providers, a logout of each service provider corresponding to the plurality of identity providers, identifying a status of each logout, and sending the status to the user agent.
摘要翻译：一种多协议注销的方法。所述方法包括由第一身份提供者接收来自用户代理的注销请求，其中所述第一身份提供者在联合管理器中执行，并且基于所述注销请求，在与所述第一身份提供商相关联的服务提供商上发起登出第一个身份提供商。所述方法还包括由所述联盟管理器识别与所述用户代理相关联的多个身份提供者，其中所述多个身份提供者使用异构联盟协议进行通信，并且由所述联盟管理器发起所述多个基于使用多个异构联合协议的注销请求的身份提供者。所述方法还包括由所述多个身份提供者发起对应于所述多个身份提供者的每个服务提供商的注销，识别每个注销的状态，以及将所述状态发送给所述用户代理。

5. 发明授权

US08543810B1 Deployment tool and method for managing security lifecycle of a federated web service 有权
标题翻译：用于管理联合Web服务的安全生命周期的部署工具和方法
公开(公告)号：US08543810B1
公开(公告)日：2013-09-24
申请号：US11462780
申请日：2006-08-07
申请人： Rajeev Angal , Malla V. Simhachalam , Srividhya Narayanan
发明人： Rajeev Angal , Malla V. Simhachalam , Srividhya Narayanan
IPC分类号： H04L29/06
CPC分类号： H04L63/205 , H04L63/08
摘要： A method for managing a security lifecycle of a federated web service provider (WSP) is described. The method includes populating a graphical user interface with available security mechanisms, receiving a selection of a selected security mechanism from a user, and creating a deployment time policy generator for instantiating the selected security mechanism in outgoing messages generated by the WSP. A system and machine readable-medium for a deployment tool for performing the method are also described.
摘要翻译：描述了用于管理联合web服务提供商（WSP）的安全生命周期的方法。该方法包括使用可用的安全机制填充图形用户界面，从用户接收所选择的安全机制的选择，以及创建部署时间策略生成器，用于在由WSP生成的传出消息中实例化所选择的安全机制。还描述了用于执行该方法的部署工具的系统和机器可读介质。

6. 发明授权

US06542932B1 Domain access control for logging systems 有权
标题翻译：记录系统的域访问控制
公开(公告)号：US06542932B1
公开(公告)日：2003-04-01
申请号：US09332270
申请日：1999-06-11
申请人： John P. Brinnand , Rajeev Angal , Balaji V. Pagadala
发明人： John P. Brinnand , Rajeev Angal , Balaji V. Pagadala
IPC分类号： G06F1516
CPC分类号： H04L41/0233 , G06F21/6218 , G06F2221/2101 , G06F2221/2141 , H04L63/104 , H04L63/1425
摘要： A method of and system for control of access to add an event notification as a log record in a computer system. Each potential log record is associated with one or more logs, each of which has one or more log owners. Grant of access to add a log record to the information in a particular log is restricted to the owner(s) of that log. A list of owners of a log can be changed from time to time, based upon present circumstances or the presence of special conditions.
摘要翻译：用于控制访问的方法和系统，以将事件通知作为日志记录添加到计算机系统中。每个潜在的日志记录与一个或多个日志相关联，每个日志都有一个或多个日志所有者。向特定日志中的信息添加日志记录的访问权限仅限于该日志的所有者。可以根据当前情况或特殊条件的存在，不时更改日志的所有者列表。

7. 发明授权

US06301624B1 Methods systems and software for alleviating event overload conditions for computer networks 有权
标题翻译：用于减轻计算机网络事件超载条件的方法系统和软件
公开(公告)号：US06301624B1
公开(公告)日：2001-10-09
申请号：US09205324
申请日：1998-12-04
申请人： Linda Lee , Subodh Bapat , Rajeev Angal
发明人： Linda Lee , Subodh Bapat , Rajeev Angal
IPC分类号： G06F1300
CPC分类号： H04L41/0681 , G06F9/542 , H04L29/06 , H04L41/0213 , H04L41/0226 , H04L69/08
摘要： A method for processing events generated by software and hardware entities installed on a computer network that avoids overload conditions at large event processing rates is provided. In one embodiment, the method includes the steps of providing a protocol translation facility that is configured to translate messages from a first network communications protocol to a second network communications protocol. The protocol translation facility is further configured to receive events transmitted by software and hardware entities on the network. The protocol translation facility forwards the events to a management information server. An event is received, and a determination is made whether an association between the protocol translation facility and the entity exists. The event is processed
摘要翻译：提供了一种用于处理安装在计算机网络上的软件和硬件实体生成的事件的方法，其避免了大事件处理速率下的过载状况。在一个实施例中，该方法包括以下步骤：提供被配置为将消息从第一网络通信协议转换为第二网络通信协议的协议转换设施。协议翻译设备还被配置为接收由网络上的软件和硬件实体发送的事件。协议转换工具将事件转发到管理信息服务器。接收事件，确定协议翻译设备与实体之间的关联是否存在。事件被处理

8. 发明授权

US06298378B1 Event distribution system for computer network management architecture 有权
标题翻译：计算机网络管理架构事件分配系统
公开(公告)号：US06298378B1
公开(公告)日：2001-10-02
申请号：US09205072
申请日：1998-12-04
申请人： Rajeev Angal , Shivaram Bhat , Subodh Bapat , Ragavendra Sondur
发明人： Rajeev Angal , Shivaram Bhat , Subodh Bapat , Ragavendra Sondur
IPC分类号： G06F15173
CPC分类号： G06F9/542 , H04L41/0604
摘要： Improved techniques for reporting events raised by entities running on computer networks are disclosed. The techniques provide an event distribution system that handles events generated by various software and other entities installed on a computer or communications network. The event distribution system is capable of handling large volumes of event traffic and can be installed and operated separately from other network management software components to provide thereby more robust operations in the case one or more components fail. In addition, the event distribution system can be scaled readily to handle greater volumes of network traffic. In one embodiment, an event distribution service is coupled with an event source. In addition, an event listener is provided on the computer network. When an event is generated from the event source and received by the event distribution system, the event distribution system processes and forwards the event, or a notification of the event, to an appropriate listener.
摘要翻译：披露了用于报告在计算机网络上运行的实体提出的事件的改进技术。这些技术提供了处理由计算机或通信网络上安装的各种软件和其他实体产生的事件的事件分发系统。事件分配系统能够处理大量事件流量，并且可以与其他网络管理软件组件分开安装和操作，从而在一个或多个组件出现故障的情况下提供更强大的操作。此外，事件分配系统可以轻松扩展，以处理更大量的网络流量。在一个实施例中，事件分发服务与事件源耦合。另外，在计算机网络上提供事件侦听器。当从事件源生成事件并由事件分发系统接收到事件时，事件分发系统将事件或事件的通知处理并转发给适当的侦听器。

9. 发明授权

US06212511B1 Distributed system and method for providing SQL access to management information in a secure distributed network 失效
标题翻译：用于在安全分布式网络中提供SQL访问管理信息的分布式系统和方法
公开(公告)号：US06212511B1
公开(公告)日：2001-04-03
申请号：US08962092
申请日：1997-10-31
申请人： Bart Lee Fisher , Rajeev Angal , Sai V. S. Allavarpu
发明人： Bart Lee Fisher , Rajeev Angal , Sai V. S. Allavarpu
IPC分类号： G06F1730
CPC分类号： H04L41/28 , G06F1/00 , G06F21/6227 , H04L41/024 , H04L63/101 , Y10S707/99931
摘要： An access control database defines access rights through the use of access control objects. The access control objects include group objects, each defining a group and a set of users who are members of the group, and rule objects. A first subset of the rule objects each specify a set of the group objects, a set of the management objects, and access rights by the users who are members of the groups defined by the specified set of the group objects to the specified set of management objects. The access control server responds to the access requests from the users by granting, denying and partially granting and denying the access requested in each access request in accordance with the access rights specified in the access control database. A database management system receives management information from the network and stores that information in a set of database tables. A database access privileges module stores table access rights information corresponding to at least a subset of the access rights stored in access control database. A database access engine receives user requests for management information stored in the database tables. It limits user access to the management information stored in the database tables in accordance with the table access rights information stored in the database access privileges module.
摘要翻译：访问控制数据库通过使用访问控制对象来定义访问权限。访问控制对象包括组对象，每个对象定义组和一组作为组成员的用户以及规则对象。规则对象的第一个子集每个都指定一组组对象，一组管理对象，以及由指定的组对象定义的组的成员的用户到指定的一组管理的访问权限对象访问控制服务器根据访问控制数据库中指定的访问权限，通过授予，拒绝和部分授予和拒绝在每个访问请求中请求的访问来响应来自用户的访问请求。数据库管理系统从网络接收管理信息，并将该信息存储在一组数据库表中。数据库访问权限模块存储对应于访问控制数据库中存储的访问权限的至少一个子集的表访问权限信息。数据库访问引擎接收用户对存储在数据库表中的管理信息的请求。它根据存储在数据库访问权限模块中的表访问权限信息限制用户对存储在数据库表中的管理信息的访问。

10. 发明授权

US09230089B2 User device security manager 有权
标题翻译：用户设备安全管理器
公开(公告)号：US09230089B2
公开(公告)日：2016-01-05
申请号：US13709705
申请日：2012-12-10
申请人： Rajeev Angal
发明人： Rajeev Angal
IPC分类号： G06F21/30 , G06F21/44 , G06F21/31 , G06F21/10 , G06F21/60 , G06F21/62
CPC分类号： G06F21/44 , H04L63/10 , H04L63/12
摘要： Systems and methods are disclosed to authenticate and authorize a user for web services using user devices. In various embodiments, a method may comprise: identifying, by a user device security manager executing at a user device corresponding to a user of a web service, a first request issued from an application to access remote resources associated with the web service, the application executing at the user device and separate from the user device security manager; acquiring, by the user device security manager, security information of the application in response to the identifying of the first request, the security information including at least one of an application identification, an access scope or a nonce of the application; and transmitting a second request from the user device security manager to the web service to authenticate the application by the web service based, at least in part, on the application identification.
摘要翻译：公开了系统和方法，以使用用户设备来认证和授权用户进行web服务。在各种实施例中，一种方法可以包括：由用户设备在对应于web服务的用户的用户设备上执行的用户设备识别从应用程序发出的访问与web服务相关联的远程资源的第一请求，该应用在用户设备执行并与用户设备安全管理器分离; 所述安全信息包括应用标识，访问范围或所述应用的随机数中的至少一个;所述安全信息包括所述应用标识，访问范围或所述应用的随机数; 以及至少部分地基于所述应用标识，将来自所述用户设备安全管理器的第二请求从所述web服务发送到所述web服务以由所述web服务进行认证。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式