专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09202080B2 Method and system for policy driven data distribution 有权
公开(公告)号：US09202080B2
公开(公告)日：2015-12-01
申请号：US13417691
申请日：2012-03-12
申请人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
发明人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
IPC分类号： G06F17/30 , G06F21/62
CPC分类号： G06F21/6245
摘要： A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.

2. 发明授权

US08418234B2 Authentication of a principal in a federation 失效
标题翻译：联邦委托人的身份验证
公开(公告)号：US08418234B2
公开(公告)日：2013-04-09
申请号：US11304945
申请日：2005-12-15
申请人： Heather M. Hinton , Anthony S. Moran
发明人： Heather M. Hinton , Anthony S. Moran
IPC分类号： G06F7/04
CPC分类号： H04L63/0815 , H04L63/0884 , H04L63/102 , H04L67/14
摘要： Methods, systems, and computer program products are disclosed that give entities flexibility to implement custom authentication methods of other entities for authentication of a principal in a federation by authenticating the principal by an identity provider according to a service provider's authentication policy and recording in session data of the identity provider an authentication credential satisfying the service provider's authentication policy. Authentication of a principal in a federation is also carried out by authenticating the principal by the identity provider according to an identity provider's authentication policy. Authentication of a principal in a federation is further carried out by receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider's authentication policy.
摘要翻译：公开了方法，系统和计算机程序产品，其给予实体灵活性，以实现其他实体的定制认证方法，以通过身份提供者根据服务提供商的认证策略认证主体并在会话数据中进行记录来实现联盟中的主体的认证身份提供商的身份验证凭证满足服务提供商的身份验证策略。通过身份提供者根据身份提供商的身份验证策略对主体进行身份认证，也可以对联盟中的主体进行身份验证。进一步通过在身份提供者中接收来自服务提供者的认证请求，指定服务提供商的认证策略的认证请求来进行联盟中的主体的认证。

3. 发明授权

US08341694B2 Method and system for synchronized access control in a web services environment 有权
标题翻译：在Web服务环境中同步访问控制的方法和系统
公开(公告)号：US08341694B2
公开(公告)日：2012-12-25
申请号：US11456190
申请日：2006-07-08
申请人： Heather M. Hinton , Ivan M. Milman
发明人： Heather M. Hinton , Ivan M. Milman
IPC分类号： G06F7/04
CPC分类号： H04L63/101 , G06F17/30876 , G06F21/604 , G06F21/6218 , G06F21/6236
摘要： Access controls for a Web service (which controls are based on abstract WSDL definitions) are defined for a WSDL defined protected object space and, as such, are loosely coupled with the concrete WSDL binding derived from those definitions, preferably on a per binding level. This WSDL-defined POS is in turn loosely bound to a resource-specific protected object space definition. This loose coupling is leveraged to allow changes (e.g., updates) to the abstract WSDL binding's protected object space to be transitively applied to the application-specific protected object space. If appropriate, changes to the resource-specific protected object space may be applied to the WSDL's protected object space. Thus, according to the invention, the coupling may be one-way (typically, from the WSDL POS to the resource level POS) or two-way (from the WSDL POS to the resource level POS and vice versa). This technique ensures that different security policies are not applied unintentionally to the same resource (for example, one at the Web services entry level, and the other at the resource level). By synchronizing the protected object spaces in the manner described, neither the entity that deploys the application nor the security administrator need to be aware of the differences between the Web service request and the resource request.
摘要翻译：针对WSDL定义的受保护对象空间定义了一个Web服务（基于抽象WSDL定义的控件）的访问控制，因此与从这些定义派生的具体WSDL绑定松散耦合，优选地在每个绑定级别上。这个WSDL定义的POS又松动地绑定到特定于资源的受保护对象空间定义。利用这种松散耦合来允许将抽象WSDL绑定的受保护对象空间的更改（例如，更新）传递性地应用于应用程序特定的受保护对象空间。如果适用，对资源特定的受保护对象空间的更改可能会应用于WSDL的受保护对象空间。因此，根据本发明，耦合可以是单向的（通常从WSDL POS到资源级POS）或双向（从WSDL POS到资源级POS，反之亦然）。这种技术可以确保不同意的资源（例如，一个在Web服务条目级别，另一个在资源级）不同的安全策略。通过以所描述的方式同步受保护的对象空间，部署应用程序的实体和安全管理员都不需要了解Web服务请求与资源请求之间的差异。

4. 发明申请

US20120191731A1 Method and System for Policy Driven Data Distribution 审中-公开
标题翻译：策略驱动数据分发方法与系统
公开(公告)号：US20120191731A1
公开(公告)日：2012-07-26
申请号：US13417691
申请日：2012-03-12
申请人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
发明人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
IPC分类号： G06F17/30
CPC分类号： G06F21/6245
摘要： A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.
摘要翻译：公开了用于控制数据分布的方法，系统和计算机可用介质。根据数据发布策略对存储在数据存储区中的数据进行过滤，以生成过滤的数据。生成与数据发布策略相对应的数据发布策略协议。然后将过滤的数据和数据发布策略协议提供给信息消费者。然后，数据发布策略协议用于实施数据发布策略。

5. 发明授权

US08230228B2 Support of tamper detection for a log of records 失效
标题翻译：支持篡改检测记录日志
公开(公告)号：US08230228B2
公开(公告)日：2012-07-24
申请号：US12263427
申请日：2008-10-31
申请人： Timothy J. Hahn , Heather M. Hinton
发明人： Timothy J. Hahn , Heather M. Hinton
IPC分类号： H04L29/06 , H04L29/00
CPC分类号： G06F21/64 , G06F2221/2101
摘要： Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.
摘要翻译：审计记录的篡改检测包括配置代理，通过从至少一个审计记录产生源获得审计记录，将获取的审计记录分组到审计记录的子集中，并通过加密方式向子集提供篡改证据处理，从而将审计信息添加到审计信息中计算每个审计记录子集签名的机制。代理对子集进行分组，使得每个子集包含至少一个与下一个子集重叠的指定的结转审核记录，使得每个结转审核记录与至少两个签名相关联。因此，代理创建一个数字签名的审计记录子集的重叠链。代理进一步将篡改明显的审计记录从篡改证据添加代理转发到相应的审计日志存储子系统进行存储，存储计算的签名。

6. 发明申请

US20120173554A1 Method and System for Policy Driven Data Disclosure 有权
标题翻译：政策驱动数据披露的方法和系统
公开(公告)号：US20120173554A1
公开(公告)日：2012-07-05
申请号：US13417705
申请日：2012-03-12
申请人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
发明人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
IPC分类号： G06F17/30
CPC分类号： G06F21/6218
摘要： A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application.
摘要翻译：公开了一种用于控制对属性信息的访问的方法，系统和计算机可用介质。从应用程序接收到属性信息的请求。与请求应用程序相关联的属性发布策略用于过滤存储在数据存储中的属性。然后将过滤的属性提供给请求应用程序。

7. 发明申请

US20110162089A1 Method and System for Policy Driven Data Disclosure 有权
标题翻译：政策驱动数据披露的方法和系统
公开(公告)号：US20110162089A1
公开(公告)日：2011-06-30
申请号：US12648813
申请日：2009-12-29
申请人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
发明人： Heather M. Hinton , Donald N. Jones , Masakazu Miyamoto
IPC分类号： G06F17/30 , G06F21/24
CPC分类号： G06F21/6218
摘要： A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application.
摘要翻译：公开了一种用于控制对属性信息的访问的方法，系统和计算机可用介质。从应用程序接收到属性信息的请求。与请求应用程序相关联的属性发布策略用于过滤存储在数据存储中的属性。然后将过滤的属性提供给请求应用程序。

8. 发明申请

US20110161332A1 Method and System for Policy Driven Data Distribution 有权
标题翻译：策略驱动数据分发方法与系统
公开(公告)号：US20110161332A1
公开(公告)日：2011-06-30
申请号：US12648876
申请日：2009-12-29
申请人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
发明人： Ivan M. Milman , Charles D. Wolfson , Matthias Schunter , Heather M. Hinton , Michael P. Waidner
IPC分类号： G06F17/00
CPC分类号： G06F21/6245
摘要： A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.
摘要翻译：公开了用于控制数据分布的方法，系统和计算机可用介质。根据数据发布策略对存储在数据存储区中的数据进行过滤，以生成过滤的数据。生成与数据发布策略相对应的数据发布策略协议。然后将过滤的数据和数据发布策略协议提供给信息消费者。然后，数据发布策略协议用于实施数据发布策略。

9. 发明申请

US20100115284A1 SUPPORT OF TAMPER DETECTION FOR A LOG OF RECORDS 失效
标题翻译：支持记录记录的篡改检测
公开(公告)号：US20100115284A1
公开(公告)日：2010-05-06
申请号：US12263427
申请日：2008-10-31
申请人： Timothy J. Hahn , Heather M. Hinton
发明人： Timothy J. Hahn , Heather M. Hinton
IPC分类号： H04L9/32 , H04L9/06
CPC分类号： G06F21/64 , G06F2221/2101
摘要： Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.
摘要翻译：审计记录的篡改检测包括配置代理，通过从至少一个审计记录产生源获得审计记录，将获取的审计记录分组到审计记录的子集中，并通过加密方式向子集提供篡改证据处理，从而将审计信息添加到审计信息中计算每个审计记录子集签名的机制。代理对子集进行分组，使得每个子集包含至少一个与下一个子集重叠的指定的结转审核记录，使得每个结转审核记录与至少两个签名相关联。因此，代理创建一个数字签名的审计记录子集的重叠链。代理进一步将篡改明显的审计记录从篡改证据添加代理转发到相应的审计日志存储子系统进行存储，存储计算的签名。

10. 发明授权

US07657639B2 Method and system for identity provider migration using federated single-sign-on operation 有权
标题翻译：使用联合单点登录操作的身份提供者迁移的方法和系统
公开(公告)号：US07657639B2
公开(公告)日：2010-02-02
申请号：US11459118
申请日：2006-07-21
申请人： Heather M. Hinton
发明人： Heather M. Hinton
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L63/104
摘要： A method is presented for performing an identity provider migration operation with respect to a user within a federated computational environment, wherein the user has a first user account at a first identity provider, a second user account at a second identity provider, and a third user account at a service provider. A request to access a resource is received by the service provider, after which a federated single-sign-on operation for the user is performed between the service provider and the first identity provider. Prior to sending a response to the request to access the protected resource, information in the third user account is modified to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider. A response for the request to access the resource is then returned by the service provider.
摘要翻译：提出了一种用于对联合计算环境内的用户执行身份提供者迁移操作的方法，其中用户在第一身份提供者处具有第一用户帐户，在第二身份提供商处具有第二用户帐户，以及第三用户帐户在服务提供商。服务提供商接收访问资源的请求，之后在服务提供商和第一身份提供商之间执行用户的联合单点登录操作。在发送对访问受保护资源的请求的响应之前，第三用户帐户中的信息被修改以指示服务提供者依赖于第二身份提供者来代表服务提供商而不是第一身份提供者认证用户。然后由服务提供商返回对访问资源的请求的响应。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式