-
公开(公告)号:US20120054368A1
公开(公告)日:2012-03-01
申请号:US12869506
申请日:2010-08-26
申请人: Jeremy Ray Brown , Jason Allen Sabin , Nathaniel Brent Kranendonk , Kal A. Larsen , Lloyd Leon Burch , Stephen R Carter
发明人: Jeremy Ray Brown , Jason Allen Sabin , Nathaniel Brent Kranendonk , Kal A. Larsen , Lloyd Leon Burch , Stephen R Carter
IPC分类号: G06F21/00 , G06F15/173
CPC分类号: H04L63/20 , G06F9/50 , G06F21/606 , H04L12/18 , H04L12/4641 , H04L41/0816 , H04L45/14 , H04L45/24 , H04L45/302
摘要: Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies.
摘要翻译: 介绍了基于身份和策略的路由技术。 资源在具有资源标识的设备上启动,并且为资源获取角色分配以及策略。 使用设备的设备地址,资源标识,角色分配和策略为资源创建自定义网络。
-
公开(公告)号:US20110289553A1
公开(公告)日:2011-11-24
申请号:US13196586
申请日:2011-08-02
CPC分类号: H04L63/102 , H04L63/0807
摘要: Techniques are provided for controlling access to a resource based on access policies and attributes. A principal issues a request to a service for purposes of accessing a resource. The principal is authenticated and a service contract for the principal, the service, and the resource is generated. The service contract defines resource access policies and attributes which can be permissibly performed by the service on behalf of the principal during a session. Moreover, the session between the service and the resource is controlled by the service contract.
摘要翻译: 提供了基于访问策略和属性来控制对资源的访问的技术。 主体向服务发出请求以访问资源。 委托人通过身份验证,生成主体,服务和资源的服务合同。 服务合同定义了在会话期间代表主体可以由服务允许地执行的资源访问策略和属性。 此外,服务和资源之间的会话由服务合同控制。
-
公开(公告)号:US08065395B2
公开(公告)日:2011-11-22
申请号:US12612807
申请日:2009-11-05
IPC分类号: G06F15/16 , G06F15/173 , G06F15/177
CPC分类号: H04L63/0281 , H04L63/20
摘要: System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing.
摘要翻译: 描述了通过代理服务队列请求的系统和方法。 在一个实施例中,系统包括设置在企业计算环境内并且具有与之相关联的企业队列的企业排队代理(“EQP”)。 布置在云计算环境中的云队列代理(“CQP”),CQP连接到多个云队列,每个云队列具有与其相关联的至少一个队列服务进程,在云队列上侦听队列请求进行服务; 以及用于互连EQP和CQP的安全通信机制。 当从企业服务接收到队列请求时,EQP根据策略评估请求以确定是在本地还是远程地进行服务,并且如果请求远程服务,则通过安全通信机制将请求转发给CQP。 在接收到请求后,CQP根据策略评估队列请求,以选择要路由队列请求进行维护的一个云队列。
-
14.发明申请公开(公告)号:US20110106927A1
公开(公告)日:2011-05-05
申请号:US12612903
申请日:2009-11-05
IPC分类号: G06F15/173 , G06F21/00 , G06F7/00
CPC分类号: H04L67/306 , G06F7/00 , G06F15/173 , G06F21/554 , H04L67/10
摘要: System and method for implementing cloud mitigation and operations controllers are described. One embodiment is a system for controlling operation of a cloud computing environment, wherein the system comprises a repository for storing data regarding characteristics of the cloud computing environment, wherein the stored data includes policy notations designating compliance or noncompliance of the data with policy; an analyst module for analyzing the stored data in combination with external report information regarding the cloud computing environment and for providing results of the analysis; and a controller for evaluating the analysis results and issuing instructions for controlling operation of the cloud computing environment based on the evaluating.
摘要翻译: 描述了用于实现云缓解和操作控制器的系统和方法。 一个实施例是用于控制云计算环境的操作的系统,其中所述系统包括用于存储关于云计算环境的特性的数据的存储库,其中所存储的数据包括指定数据与策略的合规性或不一致性的策略符号; 分析模块,用于结合云计算环境的外部报告信息分析存储的数据,并提供分析结果; 以及控制器,用于基于评估来评估分析结果并发布用于控制云计算环境的操作的指令。
-
公开(公告)号:US07845003B2
公开(公告)日:2010-11-30
申请号:US11590121
申请日:2006-10-31
CPC分类号: G06F21/31 , G06F21/46 , G06F2221/2137
摘要: Techniques for variable security access information are presented. The complexity levels associated with access secrets drive the assigned access rights to target resources. A single target resource may have varying sets of access rights, where each set is associated with a particular complexity level for a given access secret. A requesting principal can custom establish the principal's desired access secret complexity level for a target resource; this in turn drives the set of access rights for the target resource, which the principal may use when accessing the target resource.
摘要翻译: 介绍了可变安全访问信息的技术。 与访问机密相关联的复杂性级别驱动分配的访问权限以达到目标资源。 单个目标资源可以具有不同的访问权限集合,其中每个集合与给定访问秘密的特定复杂度级别相关联。 请求主体可以自定义建立主体对目标资源的期望访问密钥复杂度级别; 这又驱动了目标资源的访问权限集,主体可以在访问目标资源时使用该权限。
-
公开(公告)号:US20100235903A1
公开(公告)日:2010-09-16
申请号:US12612841
申请日:2009-11-05
申请人: Stephen R. Carter , Carolyn Bennion McClain , Jared Patrick Allen , Dale Robert Olds , Lloyd Leon Burch , Jaimon Jose
发明人: Stephen R. Carter , Carolyn Bennion McClain , Jared Patrick Allen , Dale Robert Olds , Lloyd Leon Burch , Jaimon Jose
IPC分类号: G06F21/00 , G06F15/173 , G06F9/455
CPC分类号: H04L63/0272 , H04L63/0281 , H04L67/10
摘要: System and method for transparent cloud access are described. In one embodiment, the system comprises an enterprise computing environment maintained by an enterprise and a cloud computing environment maintained by a cloud provider; and a secure bridge mechanism for interconnecting the enterprise computing environment and the cloud computing environment. The secure bridge mechanism comprises a first secure bridge portion associated with the enterprise and a second secure bridge portion associated with the cloud computing environment. The first and second secure bridge portions interoperate to provide transparent and secure access by resources of one of the computing environments to those of the other computing environment.
摘要翻译: 描述了透明云访问的系统和方法。 在一个实施例中,该系统包括由企业维护的企业计算环境和由云供应商维护的云计算环境; 以及用于互连企业计算环境和云计算环境的安全桥机制。 安全桥机构包括与企业相关联的第一安全桥接部分和与云计算环境相关联的第二安全桥接部分。 第一和第二安全桥接部分互操作以通过其中一个计算环境的资源与其他计算环境的资源提供透明和安全的访问。
-
公开(公告)号:US20100235887A1
公开(公告)日:2010-09-16
申请号:US12612807
申请日:2009-11-05
CPC分类号: H04L63/0281 , H04L63/20
摘要: System and method for servicing queue requests via a proxy are described. In one embodiment, the system includes an enterprise queuing proxy (“EQP”) disposed within an enterprise computing environment and having an enterprise queue associated therewith; a cloud queuing proxy (“CQP”) disposed within a cloud computing environment, the CQP connected to a plurality of cloud queues each having associated therewith at least one queue service process listening on the cloud queue for queue requests to service; and a secure communications mechanism for interconnecting the EQP and the CQP. Upon receipt of a queue request from an enterprise service, the EQP evaluates the request against policy to determine whether to service it locally or remotely and, if the request is to be serviced remotely, forwards the request to the CQP via the secure communications mechanism. Upon receipt of the request, the CQP evaluates the queue request against policy to select one of the cloud queues to which to route the queue request for servicing.
摘要翻译: 描述了通过代理服务队列请求的系统和方法。 在一个实施例中,系统包括设置在企业计算环境内并且具有与之相关联的企业队列的企业排队代理(“EQP”)。 布置在云计算环境中的云队列代理(“CQP”),CQP连接到多个云队列,每个云队列具有与其相关联的至少一个队列服务进程,在云队列上侦听队列请求进行服务; 以及用于互连EQP和CQP的安全通信机制。 当从企业服务接收到队列请求时,EQP根据策略评估请求以确定是在本地还是远程地进行服务,并且如果请求远程服务,则通过安全通信机制将请求转发给CQP。 在接收到请求后,CQP根据策略评估队列请求,以选择要路由队列请求进行维护的一个云队列。
-
18.发明申请SYSTEM AND METHOD FOR REDUCING CLOUD IP ADDRESS UTILIZATION USING A DISTRIBUTOR REGISTRY 有权使用分销商注册减少云端IP地址利用的系统和方法公开(公告)号:US20100235526A1
公开(公告)日:2010-09-16
申请号:US12613112
申请日:2009-11-05
申请人: Stephen R. Carter , Carolyn Bennion McClain , Jared Patrick Allen , Dale Robert Olds , Lloyd Leon Burch
发明人: Stephen R. Carter , Carolyn Bennion McClain , Jared Patrick Allen , Dale Robert Olds , Lloyd Leon Burch
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: H04L63/061 , G06F9/505 , H04L29/12367 , H04L45/586 , H04L61/2514 , H04L63/0281 , H04L67/10
摘要: System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information.
摘要翻译: 描述了用于提供云计算服务的系统和方法。 在一个实施例中,该系统包括云计算环境,其包括用于支持云工作负载的资源,每个云工作负载与其相关联的内部云地址; 以及布置在外部计算环境的外部工作负载和云工作负载之间的路由系统,用于将来自外部云地址的流量引导到云工作负载的内部云地址的路由系统。 路由系统包括被配置为用作网络地址转换器(“NAT”)的虚拟路由器; 连接在虚拟路由器和云工作负载之间的分销商; 以及由分发器访问的分发者注册器,用于维护包括端口映射,云地址映射和云工作负载配置信息中的至少一个的信息。
-
公开(公告)号:US08468268B2
公开(公告)日:2013-06-18
申请号:US12869506
申请日:2010-08-26
申请人: Jeremy Ray Brown , Jason Allen Sabin , Nathaniel Brent Kranendonk , Kal A. Larsen , Lloyd Leon Burch , Stephen R Carter
发明人: Jeremy Ray Brown , Jason Allen Sabin , Nathaniel Brent Kranendonk , Kal A. Larsen , Lloyd Leon Burch , Stephen R Carter
IPC分类号: G06F15/173
CPC分类号: H04L63/20 , G06F9/50 , G06F21/606 , H04L12/18 , H04L12/4641 , H04L41/0816 , H04L45/14 , H04L45/24 , H04L45/302
摘要: Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies.
-
公开(公告)号:US20130014245A1
公开(公告)日:2013-01-10
申请号:US13619554
申请日:2012-09-14
IPC分类号: G06F21/00
CPC分类号: G06F21/34
摘要: An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.
摘要翻译: 访问器功能在客户端,依赖方和身份提供者之间进行接口。 身份提供者可以代表用户管理个人(即自称的)信息卡,使个人信息卡可以在没有安装个人信息卡的客户端上可用。 客户端可以是不受信任的客户端,易受攻击,例如密钥记录,屏幕捕获和内存询问。 在访问和使用信息卡系统方面,访问者功能也可以被要求作为依赖方的代理人,以便与传统依赖方一起使用。
-
-
-
-
-
-
-
-
-
搜索结果
146 条记录 (耗时 0.033 秒)
