专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120185952A1 CONTEXT AWARE DATA PROTECTION 审中-公开
标题翻译：背景知识数据保护
公开(公告)号：US20120185952A1
公开(公告)日：2012-07-19
申请号：US13413636
申请日：2012-03-06
申请人： Srinivas Jandhyala , Albee Jhoney , Sridhar Muppidi , Nataraj Nagaratnam , Atul Saxena
发明人： Srinivas Jandhyala , Albee Jhoney , Sridhar Muppidi , Nataraj Nagaratnam , Atul Saxena
IPC分类号： G06F21/24
CPC分类号： G06F21/6218
摘要： A method, for context aware data protection is provided. Information about an access context is received in a data processing system. A resource affected by the access context is identified. The identification of the resource may include deriving knowledge about resource by making an inference from a portion of contents of the resource that the access context affects the resource, making an inference that the access context affects a second resource thereby inferring that the resource has to be modified, determining that the access context is relevant to the resource, or a combination thereof. The resource is received. A policy that is applicable to the access context is identified. A part of the resource to modify according to the policy is determined. The part is modified according to the policy and the access context to form a modified resource. The modified resource is transmitted.
摘要翻译：提供了一种用于上下文感知数据保护的方法。在数据处理系统中接收关于访问上下文的信息。识别受访问环境影响的资源。资源的识别可以包括通过从访问上下文影响资源的资源的内容的一部分进行推断来导出关于资源的知识，从而推断访问上下文影响第二资源，从而推断资源必须是修改，确定访问上下文与资源相关或其组合。资源被收到。确定适用于访问环境的策略。确定根据策略修改的资源的一部分。该部分根据策略和访问上下文进行修改，形成修改后的资源。传输修改后的资源。

2. 发明申请

US20070143601A1 System and method for authorizing information flows 审中-公开
标题翻译：授权信息流的系统和方法
公开(公告)号：US20070143601A1
公开(公告)日：2007-06-21
申请号：US11304933
申请日：2005-12-15
申请人： Diana Arroyo , George Blakley , Damir Jamsek , Sridhar Muppidi , Kimberly Simon , Ronald Williams
发明人： Diana Arroyo , George Blakley , Damir Jamsek , Sridhar Muppidi , Kimberly Simon , Ronald Williams
IPC分类号： H04L9/32 , H04N7/16 , G06F17/30 , H04L9/00 , G06F12/14 , G06F7/04 , G06F12/00 , G06K9/00 , G06F13/00 , H03M1/68 , H04K1/00 , G06F7/58 , G06K19/00 , G11C7/00
CPC分类号： G06F21/6218
摘要： A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.
摘要翻译：提供了一种用于在数据处理系统的设备之间授权信息流的系统，设备，计算机程序产品和方法。在一个说明性实施例中，从第一设备接收信息流请求，以授权从第一设备到第二设备的信息流。信息流请求包括第二设备的标识符。基于第一设备和第二设备的标识符，检索识别第一设备和第二设备的授权级别的安全信息。确定要在信息流中传送的信息对象的灵敏度，并且仅基于信息对象的灵敏度和第一和第二设备的授权级别而不管特定动作是否被授权或拒绝信息流作为信息流的一部分对信息对象执行。

3. 发明申请

US20070143840A1 System and method for associating security information with information objects in a data processing system 失效
标题翻译：将安全信息与数据处理系统中的信息对象相关联的系统和方法
公开(公告)号：US20070143840A1
公开(公告)日：2007-06-21
申请号：US11304971
申请日：2005-12-15
申请人： Diana Arroyo , George Blakley , Damir Jamsek , Sridhar Muppidi , Kimberly Simon , Ronald Williams
发明人： Diana Arroyo , George Blakley , Damir Jamsek , Sridhar Muppidi , Kimberly Simon , Ronald Williams
IPC分类号： G06F12/14
CPC分类号： G06F21/6218
摘要： A system, apparatus, computer program product and method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.
摘要翻译：提供了一种基于与信息对象相关联的安全信息来授权信息流的系统，装置，计算机程序产品和方法。基于信息对象生成散列密钥，并且基于散列密钥在哈希表中执行查找操作。确定散列表中与散列键相对应的索引处的条目是否识别信息对象的标签集。如果在散列表中的条目中没有标识信息对象的标签集，则标识信息对象的敏感度的标签集存储在与信息对象的散列键相对应的索引的条目中。基于与哈希表中的信息对象相关联的标签集的查找来授权涉及信息对象的信息流。散列表可以是多维哈希表。

4. 发明申请

US20060136985A1 Method and system for implementing privacy policy enforcement with a privacy proxy 有权
标题翻译：使用隐私代理实施隐私策略执行的方法和系统
公开(公告)号：US20060136985A1
公开(公告)日：2006-06-22
申请号：US11014561
申请日：2004-12-16
申请人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
发明人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
IPC分类号： H04L9/00
CPC分类号： H04L63/0407 , H04L63/101 , H04L67/306
摘要： A method is presented for enforcing a privacy policy concerning management of personally identifiable information in a centralized manner through a privacy proxy agent. A proxy intercepts a message from a first system to a second system, e.g., from a server to a client, and determines whether the message is associated with an operation on personally identifiable information; if not, then the proxy sends the message to the second system, but if so, then the proxy determines whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated the personally identifiable information. If the message is compliant with the privacy policy and user preference data, then the proxy sends the first message to the second system; otherwise, an error indication is returned to the first system.
摘要翻译：提出了一种通过隐私代理代理以集中方式执行关于个人身份信息管理的隐私政策的方法。代理拦截从第一系统到第二系统的消息，例如从服务器到客户端，并且确定消息是否与关于个人身份信息的操作相关联; 那么代理将消息发送到第二个系统，但是如果是这样，则代理确定对个人身份信息的操作是否符合隐私策略以及与用户相关的隐私策略的用户偏好信息谁联系个人身份信息。如果消息符合隐私策略和用户偏好数据，则代理将第一消息发送到第二系统; 否则，返回到第一系统的错误指示。

5. 发明申请

US20050015594A1 Method and system for stepping up to certificate-based authentication without breaking an existing SSL session 有权
标题翻译：在不破坏现有SSL会话的情况下加快基于证书的身份验证的方法和系统
公开(公告)号：US20050015594A1
公开(公告)日：2005-01-20
申请号：US10621927
申请日：2003-07-17
申请人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
发明人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
IPC分类号： G06F21/00 , H04L29/06 , H04L9/00
CPC分类号： H04L63/0823 , G06F21/31 , G06F21/40 , G06F21/6218 , G06F2221/2113 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L63/20
摘要： A method is presented for performing authentication operations. When a client requests a resource from a server, a non-certificate-based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client. When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SSL session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.
摘要翻译：呈现用于执行认证操作的方法。当客户端从服务器请求资源时，通过服务器和客户端之间的SSL（安全套接字层）会话执行非基于证书的身份验证操作。当客户端请求另一个资源时，服务器确定升级到更严格的身份验证级别，并且基于证书的身份验证操作通过SSL会话执行，而不会在完成基于证书的身份验证之前退出或重新协商SSL会话操作。在基于证书的认证过程中，可执行模块通过SSL会话从服务器下载到客户端，之后服务器通过SSL会话接收可执行模块使用数字证书生成的数字签名客户。响应于成功验证服务器上的数字签名，服务器提供对所请求资源的访问。

6. 发明申请

US20050015429A1 Method and system for providing user control over receipt of cookies from e-commerce applications 失效
标题翻译：提供用户控制从电子商务应用程序接收Cookie的方法和系统
公开(公告)号：US20050015429A1
公开(公告)日：2005-01-20
申请号：US10621934
申请日：2003-07-17
申请人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
发明人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
IPC分类号： G06F15/16 , G06F21/00 , G06Q30/00
CPC分类号： G06F21/6263 , G06Q30/02
摘要： A method, system, apparatus, and computer program product are presented for processing cookies that are transmitted from a server through a proxy server to a client that is operated by a user. The proxy server detects that a response message from the server for the client has an associated cookie. The proxy server extracts a domain identifier associated with the server from the response message, and the proxy server retrieves a set of parameters that contain domain identifiers that are associated with indications of whether to block transmission of cookies from servers associated with the domain identifiers. The proxy server then processes the cookie in the response message in accordance with the retrieved set of parameters and the extracted domain identifier, either blocking or not blocking cookies from the identified domain. Blocked cookies are cached for subsequent use. Multiple sets of parameters may be configured by the user.
摘要翻译：提出了一种方法，系统，装置和计算机程序产品，用于处理从服务器通过代理服务器传送到由用户操作的客户端的Cookie。代理服务器检测到来自客户端的服务器的响应消息具有相关联的cookie。代理服务器从响应消息中提取与服务器相关联的域标识符，并且代理服务器检索一组包含域标识符的参数，这些域标识符与是否阻止来自与域标识符相关联的服务器的传输的指示相关联。然后，代理服务器根据检索的参数集合和提取的域标识符处理响应消息中的cookie，阻止或不阻止来自所识别域的cookie。被阻止的cookie被缓存以供后续使用。用户可以配置多组参数。

7. 发明申请

US20060095956A1 Method and system for implementing privacy notice, consent, and preference with a privacy proxy 有权
公开(公告)号：US20060095956A1
公开(公告)日：2006-05-04
申请号：US10976266
申请日：2004-10-28
申请人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
发明人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
IPC分类号： H04L9/32
CPC分类号： H04L63/0823 , H04L67/30 , H04L67/306
摘要： A method is presented for processing data for a privacy policy concerning management of personally identifiable information. A proxy intercepts a first message from a server to a client and determines that the first message initiates collection of personally identifiable information from a user of the client. The proxy then sends a second message to the client that requests consent from the user to the privacy policy. If the user provides consent within a third message that is received by the proxy from the client, then the proxy sends the intercepted first message to the client. If the user does not provide consent, then the proxy sends a fourth message to the server that fails the collection of personally identifiable information from the client by the server. The proxy may also obtain user preferences for options concerning management of the personally identifiable information by a data processing system.

8. 发明申请

US20110126118A1 Plugin-based User Interface Contributions to Manage Policies in an IT Environment 失效
标题翻译：基于插件的用户界面管理IT环境中的策略
公开(公告)号：US20110126118A1
公开(公告)日：2011-05-26
申请号：US12626005
申请日：2009-11-25
申请人： John Bergeron , Jonathan S. Kung , Sridhar Muppidi , Borna Safabakhsh , Eric J. Wood
发明人： John Bergeron , Jonathan S. Kung , Sridhar Muppidi , Borna Safabakhsh , Eric J. Wood
IPC分类号： G06F3/01
CPC分类号： G06F9/451
摘要： An approach is provided that registers a component plug-in with a console application. A request is received from a user of the console application. The console application displays a console user interface in a predetermined interface style. The console application detects that the request corresponds to the component plug-in and sends an initial request to the component plug-in. The console application receives an initial model of an initial user interface from the component plug-in and this model is provided to the user in response to the initial request. The console application builds an initial component user interface based on the received initial model. The initial component user interface is also consistent with the predetermined interface style. The console application displays the initial component user interface and the console user interface in a common application window in the predetermined interface style.
摘要翻译：提供了一种使用控制台应用程序注册组件插件的方法。从控制台应用程序的用户接收到请求。控制台应用程序以预定的界面风格显示控制台用户界面。控制台应用程序检测到请求对应于组件插件，并向组件插件发送初始请求。控制台应用程序从组件插件接收初始用户界面的初始模型，并且响应初始请求将该模型提供给用户。控制台应用程序基于接收到的初始模型构建初始组件用户界面。初始组件用户界面也与预定界面风格一致。控制台应用程序在预定界面样式的通用应用程序窗口中显示初始组件用户界面和控制台用户界面。

9. 发明申请

US20070143604A1 Reference monitor system and method for enforcing information flow policies 失效
标题翻译：参考监控系统和执行信息流策略的方法
公开(公告)号：US20070143604A1
公开(公告)日：2007-06-21
申请号：US11304853
申请日：2005-12-15
申请人： Diana Arroyo , George Blakley , Damir Jamsek , Sridhar Muppidi , Kimberly Simon , Ronald Williams
发明人： Diana Arroyo , George Blakley , Damir Jamsek , Sridhar Muppidi , Kimberly Simon , Ronald Williams
IPC分类号： H04L9/00
CPC分类号： G06F21/6218
摘要： A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.
摘要翻译：提供了参考监视器系统，装置，计算机程序产品和方法。在一个说明性实施例中，数据处理系统的元件与参考监视器中的安全数据结构相关联。从第一元素接收信息流请求，以授权从第一元素到第二元素的信息流。检索与第一元素相关联的第一安全数据结构和与第二元素相关联的第二安全数据结构。然后对第一安全数据结构和第二安全数据结构执行至少一组理论操作，以确定是否授权从第一元素到第二元素的信息流。安全数据结构可以是具有标识要应用于涉及相关元素的信息流的安全策略的一个或多个标签的标签集。

10. 发明申请

US20060031442A1 Method and system for externalizing session management using a reverse proxy server 有权
标题翻译：使用逆向代理服务器外部化会话管理的方法和系统
公开(公告)号：US20060031442A1
公开(公告)日：2006-02-09
申请号：US10840838
申请日：2004-05-07
申请人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
发明人： Paul Ashley , Sridhar Muppidi , Mark Vandenwauver
IPC分类号： G06F15/173
CPC分类号： H04L67/14 , H04L67/02
摘要： A method, system, and computer program product is presented for providing access to a set of resources in a distributed data processing system. A reverse proxy server receives a resource request from a client and determines whether or not it is managing a session identifier that was previously associated with the client by the reverse proxy server; if so, it retrieves the session identifier, otherwise it obtains a session identifier and associates the session identifier with the client using information that is managed by the reverse proxy server. The reverse proxy server then modifies the resource request to include the session identifier and forwards the modified resource request to an application server.
摘要翻译：呈现了一种方法，系统和计算机程序产品，用于提供对分布式数据处理系统中的一组资源的访问。反向代理服务器从客户端接收资源请求，并确定其是否正在管理之前由反向代理服务器与客户端相关联的会话标识符; 如果是，则它检索会话标识符，否则它获得会话标识符，并且使用由反向代理服务器管理的信息将会话标识符与客户端相关联。然后，逆向代理服务器修改资源请求以包括会话标识符，并将修改的资源请求转发到应用服务器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式