公开(公告)号：US08468579B2

公开(公告)日：2013-06-18

申请号：US11764034

申请日：2007-06-15

申请人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： G06F21/00

CPC分类号： H04L63/101 ,  H04L63/0823

摘要： The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.

摘要翻译： 本发明涉及利用证书来管理访问控制的系统和方法。 本文描述的系统和方法旨在将访问控制列表中表示的访问策略映射到一组证书。 该证书集可用于以ACL所描述的方式授予对资源的访问权限。 证书可以分发给实体以用于获取资源访问。 实体可以向资源提供证书，作为获取资源的权利的证据。 顺序ACL的访问逻辑可以转换或映射到一组与订单无关的证书。 特别地，可以分析每个条目，列表中的条目的位置和任何前面的条目。 该分析可用于生成根据ACL中传达的访问策略提供访问权限的独立凭证。

公开(公告)号：US20080301780A1

公开(公告)日：2008-12-04

申请号：US11756393

申请日：2007-05-31

申请人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： G06F17/00

CPC分类号： G06F21/6218

摘要： The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.

摘要翻译： 本发明涉及便于管理组实体以进行访问控制的系统和方法。 使用基组定义负组，其中与基组关联的负组包括未包括在基组中的任何实体。 负组可以使用证书而不是负组成员的显式列表来实现。 证书可以提供负组织成员的证据，并可以提供评估以获得资源。 减法组也可用于管理对资源的访问。 减法组可以定义为第一组的成员，不包括第二组的任何成员。

公开(公告)号：US20080313712A1

公开(公告)日：2008-12-18

申请号：US11764034

申请日：2007-06-15

申请人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： H04L9/32

CPC分类号： H04L63/101 ,  H04L63/0823

摘要： The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.

摘要翻译： 本发明涉及利用证书来管理访问控制的系统和方法。 本文描述的系统和方法旨在将访问控制列表中表示的访问策略映射到一组证书。 该证书集可用于以ACL所描述的方式授予对资源的访问权限。 证书可以分发给实体以用于获取资源访问。 实体可以向资源提供证书，作为获取资源的权利的证据。 顺序ACL的访问逻辑可以转换或映射到一组与订单无关的证书。 特别地，可以分析每个条目，列表中的条目的位置和任何前面的条目。 该分析可用于生成根据ACL中传达的访问策略提供访问权限的独立凭证。

公开(公告)号：US20080307486A1

公开(公告)日：2008-12-11

申请号：US11761170

申请日：2007-06-11

申请人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： G06F17/00 ,  H04L9/32

CPC分类号： H04L9/3231 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/102 ,  H04L2209/56

摘要： The subject disclosure pertains to systems and methods that facilitate entity-based for access management. Typically, access to one or more resources is managed based upon identifiers assigned to entities. Groups of identifiers can be assigned to access rights. An authority component can manage an exclusion group that excludes an entity, regardless of the identifier utilized by the entity. Access control components can utilize exclusion groups in access policies to define access rights to a resource.

摘要翻译： 本发明涉及促进基于实体的访问管理的系统和方法。 通常，基于分配给实体的标识符来管理对一个或多个资源的访问。 标识符组可以分配给访问权限。 权限组件可以管理排除实体的排除组，而不管实体使用的标识符。 访问控制组件可以利用访问策略中的排除组来定义资源的访问权限。

公开(公告)号：US07900248B2

公开(公告)日：2011-03-01

申请号：US11756393

申请日：2007-05-31

申请人： Carl Melvin Ellison ,  Paul J. Lach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Lach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： G06F17/30

CPC分类号： G06F21/6218

摘要： The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.

摘要翻译： 本发明涉及便于管理组实体以进行访问控制的系统和方法。 使用基组定义负组，其中与基组关联的负组包括未包括在基组中的任何实体。 负组可以使用证书而不是负组成员的显式列表来实现。 证书可以提供负组织成员的证据，并可以提供评估以获得资源。 减法组也可用于管理对资源的访问。 减法组可以定义为第一组的成员，不包括第二组的任何成员。

公开(公告)号：US20090007247A1

公开(公告)日：2009-01-01

申请号：US11770677

申请日：2007-06-28

申请人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

发明人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

IPC分类号： G06F21/20 ,  H04L9/32

CPC分类号： H04L63/145 ,  G06F21/445 ,  G06F2221/2115 ,  G06F2221/2129 ,  H04L9/0891 ,  H04L63/0442 ,  H04L63/0823

摘要： The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

摘要翻译： 主题公开涉及域识别系统，其包括具有密钥和经验无意义的标识符的主体，用于识别网络环境中的组件的经典无意义的标识符。 可以通过绑定将符号无意义的标识符绑定到公钥。 组件可以是组件邻域的一部分，并且每个成员组件都知道成员的绑定。

公开(公告)号：US08006295B2

公开(公告)日：2011-08-23

申请号：US11770677

申请日：2007-06-28

申请人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

发明人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

IPC分类号： G06F7/04

CPC分类号： H04L63/145 ,  G06F21/445 ,  G06F2221/2115 ,  G06F2221/2129 ,  H04L9/0891 ,  H04L63/0442 ,  H04L63/0823

摘要： The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

摘要翻译： 主题公开涉及域识别系统，其包括具有密钥和经验无意义的标识符的主体，用于识别网络环境中的组件的经典无意义的标识符。 可以通过绑定将符号无意义的标识符绑定到公钥。 组件可以是组件邻域的一部分，并且每个成员组件都知道成员的绑定。

公开(公告)号：US09015205B2

公开(公告)日：2015-04-21

申请号：US13243701

申请日：2011-09-23

申请人： Melissa W. Dunn ,  Marcus Harvey

发明人： Melissa W. Dunn ,  Marcus Harvey

IPC分类号： G06F17/30 ,  G06F21/62

CPC分类号： G06F21/6245

摘要： Upon requesting to share one or more types of identity information, a user is automatically presented with an interface through which the user can interact in selecting an amount of identity items to share. A subset of the total identity items selected may then be shared with specified entities. Interfaces can also be used to assist the user in managing identity information that has been shared with others by providing the user with a visual list of entities for which the user has shared specified identity information and to whom updated information can be sent.

摘要翻译： 在请求共享一种或多种类型的身份信息时，用户自动地呈现用户可以在选择要共享的身份项目的数量时交互的界面。 所选择的总身份项目的一个子集可以与指定的实体共享。 接口还可以用于通过向用户提供用户已经共享指定身份信息的实体的可视列表以及可以发送更新的信息的用户来管理已经与他人共享的身份信息。

公开(公告)号：US20120016903A1

公开(公告)日：2012-01-19

申请号：US13243701

申请日：2011-09-23

申请人： Melissa W. Dunn ,  Marcus Harvey

发明人： Melissa W. Dunn ,  Marcus Harvey

IPC分类号： G06F17/30

CPC分类号： G06F21/6245

摘要： Upon requesting to share one or more types of identity information, a user is automatically presented with an interface through which the user can interact in selecting an amount of identity items to share. A subset of the total identity items selected may then be shared with specified entities. Interfaces can also be used to assist the user in managing identity information that has been shared with others by providing the user with a visual list of entities for which the user has shared specified identity information and to whom updated information can be sent.

摘要翻译： 在请求共享一种或多种类型的身份信息时，用户自动地呈现用户可以在选择要共享的身份项目的数量时交互的界面。 所选择的总身份项目的一个子集可以与指定的实体共享。 接口还可以用于通过向用户提供用户已经共享指定身份信息的实体的可视列表以及可以发送更新的信息的用户来管理已经与他人共享的身份信息。

公开(公告)号：US20110083013A1

公开(公告)日：2011-04-07

申请号：US12575260

申请日：2009-10-07

申请人： Nir Nice ,  Melissa W. Dunn ,  Eric Picard ,  Amit Shaked ,  Eric Don Van Valkenburg ,  Alexander George Gounares ,  Friedman Arie ,  Sefy Ophir ,  Boaz Feldbaum ,  Vu A. Ha ,  Teresa Mah ,  Darrell Jay Cannon ,  Michael Joseph Toutonghi ,  Uri Barash ,  Cynthia Dwork ,  Ying Li

发明人： Nir Nice ,  Melissa W. Dunn ,  Eric Picard ,  Amit Shaked ,  Eric Don Van Valkenburg ,  Alexander George Gounares ,  Friedman Arie ,  Sefy Ophir ,  Boaz Feldbaum ,  Vu A. Ha ,  Teresa Mah ,  Darrell Jay Cannon ,  Michael Joseph Toutonghi ,  Uri Barash ,  Cynthia Dwork ,  Ying Li

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： G06Q30/02 ,  G06F21/6263

摘要： Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.

摘要翻译： 提供了用于促进web内容的个性化的方法，系统和计算机可读介质，同时保护用于个性化用户体验的用户数据的隐私。 隐私保险库可以收集用户数据，包括用户活动数据，人口统计数据和用户提交的用户兴趣。 在一个实施例中，隐私保险库在用户客户端设备上运行。 隐私保护库将用户数据发送到从多个用户收集用户数据的社区保管库。 社区保管库会生成段规则，用户是否属于用户区段，表示用户的兴趣。 然后，段规则被传送回隐私保险库，隐私保险库基于隐私保险库和段规则可用的用户数据将一个或多个用户段分配给用户。 隐私保险库可以将用户段传达给提供基于所提供的用户段选择的个性化内容的一个或多个内容提供者。