公开(公告)号：US07992195B2

公开(公告)日：2011-08-02

申请号：US10512229

申请日：2003-03-26

Applicant: Birgit Pfitzmann ,  Michael Waidner

Inventor： Birgit Pfitzmann ,  Michael Waidner

IPC: G06F7/04 ,  G06F17/30 ,  G06F21/00 ,  G06F15/16 ,  G06F15/173 ,  H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0815 ,  G06F21/6263

Abstract: The invention allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a method and system are presented for providing an identity-related information about a user to a requesting entity. The method comprises a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information. The acquiring step comprises a contact step wherein the location entity contacts the requesting entity, a request step wherein the requesting entity requests the identity-related information, and a response step wherein the requesting entity receives the identity-related information from the location entity.

Abstract translation: 本发明允许可靠和有效的身份管理，其可以具有完全互操作性，以适应参与者的各种要求。 为此，提出了一种用于向请求实体提供关于用户的身份相关信息的方法和系统。 该方法包括由请求实体发起的位置请求步骤，用于从客户端应用程序请求与拥有身份相关信息的位置实体相对应的位置信息;重定向步骤，用于将客户端应用连接到位置实体，以便 指示所述位置实体将所述身份相关信息传送到所述请求实体，以及获取步骤，用于获取所述身份相关信息。 所述获取步骤包括联系步骤，其中所述位置实体联系所述请求实体;请求步骤，其中所述请求实体请求所述身份相关信息;以及响应步骤，其中所述请求实体从所述位置实体接收所述身份相关信息。

公开(公告)号：US20050289340A1

公开(公告)日：2005-12-29

申请号：US10874421

申请日：2004-06-23

Applicant: Jan Camenisch ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

Inventor： Jan Camenisch ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

IPC: G06F21/00 ,  H04L9/00

CPC classification number: G06F21/6245

Abstract: Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.

Abstract translation: 用于减少或最小化敏感信息访问的方法，系统和存储介质。 一种方法包括识别与计算机系统相关联的过程和数据，并将每个数据分类为敏感信息或非敏感信息之一。 敏感信息包括以下至少一项：对个人个人的数据，机密数据和法律上受限于使用条件的数据。 对于每个过程，该方法包括选择过程和敏感数据项，修改敏感数据项，分析至少所选过程的行为，以及如果结果，则阻止敏感数据项的访问。 在分析的情况下，敏感数据项被确定为所选择的处理不需要。

公开(公告)号：US20050044409A1

公开(公告)日：2005-02-24

申请号：US10643798

申请日：2003-08-19

Applicant: Linda Betz ,  John Dayka ,  Walter Farrell ,  Richard Guski ,  Guenter Karjoth ,  Mark Nelson ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

Inventor： Linda Betz ,  John Dayka ,  Walter Farrell ,  Richard Guski ,  Guenter Karjoth ,  Mark Nelson ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

IPC: G06F21/00 ,  G06F15/16

CPC classification number: G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract translation: 通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。

公开(公告)号：US08813209B2

公开(公告)日：2014-08-19

申请号：US12793202

申请日：2010-06-03

Applicant: Kamal Bhattacharya ,  Birgit Pfitzmann ,  Nikolai A. Joukov ,  HariGovind V. Ramasamy

Inventor： Kamal Bhattacharya ,  Birgit Pfitzmann ,  Nikolai A. Joukov ,  HariGovind V. Ramasamy

IPC: G06F21/00

CPC classification number: H04L41/0813 ,  H04L63/0263

Abstract: Automating network reconfiguration such as firewall reconfiguration in migrations may include determining network reconfiguration needs in one or more network functionalities of the target environment based on the discovering; and applying the network reconfiguration needs to the one or more network functionalities in the target environment.

Abstract translation: 自动化网络重新配置，例如迁移中的防火墙重新配置可以包括基于发现来确定目标环境的一个或多个网络功能中的网络重新配置需求; 并且对目标环境中的一个或多个网络功能需要应用网络重新配置。

公开(公告)号：US08561035B2

公开(公告)日：2013-10-15

申请号：US12553486

申请日：2009-09-03

Applicant: Sergej Chicherin ,  Nikolai A. Joukov ,  Birgit Pfitzmann ,  Marco Pistoia ,  Vasily Tarasov ,  Takaaki Tateishi ,  Norbert G. Vogl

Inventor： Sergej Chicherin ,  Nikolai A. Joukov ,  Birgit Pfitzmann ,  Marco Pistoia ,  Vasily Tarasov ,  Takaaki Tateishi ,  Norbert G. Vogl

IPC: G06F9/44 ,  G06F9/45

CPC classification number: G06F8/75 ,  G06F9/44505

Abstract: A system and method of discovering one or more program variable values may extract an abstract interpretation of a program variable used in a computer program, locate installation-specific repositories associated with the computer program, parse the located installation-specific repositories and extract one or more configuration parameters, and substitute the one or more configuration parameters into the extracted abstract interpretation.

Abstract translation: 发现一个或多个程序变量值的系统和方法可以提取在计算机程序中使用的程序变量的抽象解释，定位与计算机程序相关联的特定于安装的存储库，解析所定位的安装专用存储库并提取一个或多个 配置参数，并将一个或多个配置参数替换为提取的抽象解释。

公开(公告)号：US20110302273A1

公开(公告)日：2011-12-08

申请号：US13151708

申请日：2011-06-02

Applicant: Birgit Pfitzmann ,  Michael Waidner

Inventor： Birgit Pfitzmann ,  Michael Waidner

IPC: G06F15/16 ,  G06F15/173

CPC classification number: H04L63/0815 ,  G06F21/41 ,  G06Q20/00 ,  H04L63/0807 ,  H04L63/083

Abstract: A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information. The acquiring step includes a contact step wherein the location entity contacts the requesting entity, a request step wherein the requesting entity requests the identity-related information, and a response step wherein the requesting entity receives the identity-related information from the location entity.

Abstract translation: 系统允许可靠和有效的身份管理，可以完全互操作，适应参与者的各种要求。 为此，呈现用于向请求实体提供关于用户的身份相关信息的系统。 该方法包括由请求实体发起的位置请求步骤，用于从客户应用程序请求与具有身份相关信息的位置实体相对应的位置信息;重定向步骤，用于将客户端应用连接到位置实体，以便 指示所述位置实体将所述身份相关信息传送到所述请求实体，以及获取步骤，用于获取所述身份相关信息。 所述获取步骤包括联系步骤，其中所述位置实体联系所述请求实体;请求步骤，其中所述请求实体请求所述身份相关信息;以及响应步骤，其中所述请求实体从所述位置实体接收所述身份相关信息。

公开(公告)号：US20110055806A1

公开(公告)日：2011-03-03

申请号：US12553486

申请日：2009-09-03

Applicant: Sergej Chicherin ,  Nikolai A. Joukov ,  Birgit Pfitzmann ,  Marco Pistoia ,  Vasily Tarasov ,  Takaaki Tateishi ,  Norbert G. Vogl

Inventor： Sergej Chicherin ,  Nikolai A. Joukov ,  Birgit Pfitzmann ,  Marco Pistoia ,  Vasily Tarasov ,  Takaaki Tateishi ,  Norbert G. Vogl

IPC: G06F17/30

CPC classification number: G06F8/75 ,  G06F9/44505

Abstract: A system and method of discovering one or more program variable values may extract an abstract interpretation of a program variable used in a computer program, locate installation-specific repositories associated with the computer program, parse the located installation-specific repositories and extract one or more configuration parameters, and substitute the one or more configuration parameters into the extracted abstract interpretation.

Abstract translation: 发现一个或多个程序变量值的系统和方法可以提取在计算机程序中使用的程序变量的抽象解释，定位与计算机程序相关联的特定于安装的存储库，解析所定位的安装专用存储库并提取一个或多个 配置参数，并将一个或多个配置参数替换为提取的抽象解释。

公开(公告)号：US20080294480A1

公开(公告)日：2008-11-27

申请号：US12186257

申请日：2008-08-05

Applicant: Michael Backes ,  Guenter Karioth ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

Inventor： Michael Backes ,  Guenter Karioth ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

IPC: G06Q10/00

CPC classification number: G06Q10/06 ,  G06Q10/063

Abstract: The present invention provides methods and apparatus for creating a privacy policy from a process model, and methods and apparatus for checking the compliance of a privacy policy. An example of a method for creating a privacy policy from a process model according to the invention comprises the following steps. First, a task from the process model is chosen. Then one or more of the elements role, data, purpose, action, obligation, and condition are gathered from the task and a rule is build up by means of these elements. Finally the rule is added to the privacy policy.

Abstract translation: 本发明提供了用于从过程模型创建隐私策略的方法和装置，以及用于检查隐私策略的合规性的方法和装置。 根据本发明的用于从过程模型创建隐私策略的方法的示例包括以下步骤。 首先，选择过程模型的任务。 然后，从任务中收集一个或多个元素的角色，数据，目的，行为，义务和条件，并通过这些元素建立规则。 最后将规则添加到隐私政策中。

公开(公告)号：US20070250913A1

公开(公告)日：2007-10-25

申请号：US11764487

申请日：2007-06-18

Applicant: Linda Betz ,  John Dayka ,  Walter Farrell ,  Richard Guski ,  Guenter Karjoth ,  Mark Nelson ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

Inventor： Linda Betz ,  John Dayka ,  Walter Farrell ,  Richard Guski ,  Guenter Karjoth ,  Mark Nelson ,  Birgit Pfitzmann ,  Matthias Schunter ,  Michael Waidner

IPC: G06F15/16

CPC classification number: G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract translation: 通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。