公开(公告)号：US09665576B2

公开(公告)日：2017-05-30

申请号：US13470662

申请日：2012-05-14

申请人： Shalini Kapoor ,  Palanivel A. Kodeswaran ,  Sridhar R. Muppidi ,  Nataraj Nagaratnam ,  Vikrant Nandakumar

发明人： Shalini Kapoor ,  Palanivel A. Kodeswaran ,  Sridhar R. Muppidi ,  Nataraj Nagaratnam ,  Vikrant Nandakumar

IPC分类号： G06F17/30 ,  H04W12/08

CPC分类号： G06F17/3007 ,  H04W12/08

摘要： A method, system and computer program product for controlling enterprise data on mobile devices. Data on a mobile device is tagged as being associated with either enterprise data or with personal data. Upon identifying the storage location of the tagged data and the identifier of the application that generated the tagged data, the tag, the storage location of the tagged data and the identifier of the application are stored in an index. A mobile agent residing on the mobile device may be directed by a mobile device management server of the enterprise to perform various actions (e.g., deleting, encrypting, backing-up) on the enterprise data using the index. In this manner, the enterprise has the ability to control their applications and data that resides on employees' mobile devices to ensure that such data is not lost or used in a manner that is contrary to the wishes of the employer.

公开(公告)号：US09027093B2

公开(公告)日：2015-05-05

申请号：US12649496

申请日：2009-12-30

申请人： Heather Maria Hinton ,  Venkat Raghavan ,  Sridhar R. Muppidi ,  Casey M. Plunkett

发明人： Heather Maria Hinton ,  Venkat Raghavan ,  Sridhar R. Muppidi ,  Casey M. Plunkett

IPC分类号： H04L29/06 ,  G06F9/54 ,  G06F9/46

CPC分类号： G06F9/541 ,  G06F9/468

摘要： A method, system and computer program for business process automation facilitates transforming a user's identity/credentials as part of the enablement of transaction fulfillment, e.g., within a SOA environment. In one embodiment, identity and attribute information is added to one or more business process models that each represents a sub-transaction within an overall transaction fulfillment business process flow. As the business model is mapped to an execution environment, the identity and attribute information in the model is used to configure appropriate tooling to define the identity/attribute transformation required to complete the particular portion of the transaction represented by the model. In a representative implementation, the business process models conform to BPEL4WS, and one or more of these models are extended with identity mapping information such that, during transaction fulfillment, local identity mapping transformations provide the identity/credential propagation required to support the business process.

摘要翻译： 用于业务流程自动化的方法，系统和计算机程序有助于将用户的身份/凭证变换为例如在SOA环境中实现交易履行的一部分。 在一个实施例中，身份和属性信息被添加到一个或多个业务流程模型，每个商业流程模型表示整个交易履行业务流程中的子交易。 随着业务模型映射到执行环境，模型中的身份和属性信息用于配置适当的工具以定义完成由模型表示的事务的特定部分所需的身份/属性转换。 在代表性的实现中，业务流程模型符合BPEL4WS，并且这些模型中的一个或多个使用身份映射信息进行扩展，使得在事务完成期间，本地身份映射转换提供支持业务流程所需的身份/凭证传播。

公开(公告)号：US08244907B2

公开(公告)日：2012-08-14

申请号：US11872847

申请日：2007-10-16

申请人： Heather Maria Hinton ,  Sridhar R. Muppidi

发明人： Heather Maria Hinton ,  Sridhar R. Muppidi

IPC分类号： G06F15/16

CPC分类号： G06F17/30899 ,  H04L67/02 ,  H04L67/14 ,  H04L67/143

摘要： A web browser is provided with a logout enablement function that traps a browser or page shutdown request and prevents that request from completing until the browser (or page) has logged out from one or more current server-side application sessions. The logout enablement function ensures that server-side resources that have been invoked for a given session are released before the web browser can be shutdown. The function is implemented as native browser code, a web page applet, a Java server page, a script, a control associated with the browser, and a browser plug-in.

摘要翻译： Web浏览器提供了一个注销启用功能，可以捕获浏览器或页面关闭请求，并在浏览器（或页面）已从一个或多个当前服务器端应用程序会话注销之前阻止该请求完成。 注销启用功能确保在Web浏览器可以关闭之前已释放为给定会话调用的服务器端资源。 该功能实现为本地浏览器代码，网页小程序，Java服务器页面，脚本，与浏览器相关联的控件和浏览器插件。

公开(公告)号：US07921152B2

公开(公告)日：2011-04-05

申请号：US10621934

申请日：2003-07-17

申请人： Paul Anthony Ashley ,  Sridhar R. Muppidi ,  Mark Vandenwauver

发明人： Paul Anthony Ashley ,  Sridhar R. Muppidi ,  Mark Vandenwauver

IPC分类号： G06F15/16

CPC分类号： G06F21/6263 ,  G06Q30/02

摘要： A method, system, apparatus, and computer program product are presented for processing cookies that are transmitted from a server through a proxy server to a client that is operated by a user. The proxy server detects that a response message from the server for the client has an associated cookie. The proxy server extracts a domain identifier associated with the server from the response message, and the proxy server retrieves a set of parameters that contain domain identifiers that are associated with indications of whether to block transmission of cookies from servers associated with the domain identifiers. The proxy server then processes the cookie in the response message in accordance with the retrieved set of parameters and the extracted domain identifier, either blocking or not blocking cookies from the identified domain. Blocked cookies are cached for subsequent use. Multiple sets of parameters may be configured by the user.

摘要翻译： 提出了一种方法，系统，装置和计算机程序产品，用于处理从服务器通过代理服务器传送到由用户操作的客户端的Cookie。 代理服务器检测到来自客户端的服务器的响应消息具有相关联的cookie。 代理服务器从响应消息中提取与服务器相关联的域标识符，并且代理服务器检索一组包含域标识符的参数，这些域标识符与是否阻止来自与域标识符相关联的服务器的传输的指示相关联。 然后，代理服务器根据检索的参数集合和提取的域标识符处理响应消息中的cookie，阻止或不阻止来自所识别域的cookie。 被阻止的cookie被缓存以供后续使用。 用户可以配置多组参数。

公开(公告)号：US07734642B2

公开(公告)日：2010-06-08

申请号：US11789227

申请日：2007-04-24

申请人： Paul Anthony Ashley ,  Sridhar R. Muppidi ,  Mark Vandenwauver

发明人： Paul Anthony Ashley ,  Sridhar R. Muppidi ,  Mark Vandenwauver

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F21/6263 ,  H04L63/20

摘要： This invention automates the selection of purpose usages when a user agent interacts with a web site that has been enabled for automated purpose usage information exchange. A user first configures the purpose usage automation in his or her user agent. At this stage, which typically occurs off-line, the user decides on a level of automation when specifying the one or more purpose usages. If desired, this preference may depend on how “trusted” the site is to the user. Later, when the user navigates to an organization's web site, the user agent communicates the purpose usage settings to the organization according to the level of purpose usage automation that has been configured. In particular, when a user's agent visits a web site, the user agent detects that “automated purpose usage” is enabled for the web site. The web site then provides the user agent with a list of one or more purpose usage options required or desired by the organization. The user agent then determines the response for each purpose usage option. This determination may be completely automatic, or partially automated, depending on the user's configuration. The web site then receives the purpose usage selections. At this point, the user agent can provide PII and the user is assured that such information is managed or used by the organization only according to the user's desires.

摘要翻译： 当用户代理与已经启用用于自动化目的使用信息交换的网站交互时，本发明自动选择目的用途。 用户首先在其用户代理中配置用途使用自动化。 在通常脱机通常发生的这个阶段，用户在指定一个或多个目的用途时决定自动化程度。 如果需要，此偏好可能取决于站点对用户的“信任”。 稍后，当用户浏览到组织的网站时，用户代理根据已配置的用途自动化级别将组织的用途使用设置进行通信。 特别地，当用户代理访问网站时，用户代理检测到该网站启用了“自动化目的用途”。 然后，该网站向用户代理提供组织所需或期望的一个或多个目的使用选项的列表。 然后，用户代理确定每个目的使用选项的响应。 根据用户的配置，此确定可能是完全自动的或部分自动化的。 然后，该网站接收目的用途选择。 在这一点上，用户代理可以提供PII，并且用户确保这样的信息仅由组织根据用户的愿望来管理或使用。

公开(公告)号：US20090150981A1

公开(公告)日：2009-06-11

申请号：US11951980

申请日：2007-12-06

申请人： Alexander Phillip Amies ,  Sadanand Rajaram Bajekal ,  Christopher Michael Bauserman ,  Leanne L. Chen ,  Sridhar R. Muppidi

发明人： Alexander Phillip Amies ,  Sadanand Rajaram Bajekal ,  Christopher Michael Bauserman ,  Leanne L. Chen ,  Sridhar R. Muppidi

IPC分类号： H04L9/32

CPC分类号： H04L63/102 ,  H04L67/02

摘要： A computer implemented method, data processing system, and computer program product for logical management and provisioning of business applications within the framework of an identity management system. The illustrative embodiments providing an interface layer to map respective attributes, permissions, and resource accounts in a data repository needed to represent access to business applications via a managed service in the identity management system. The illustrative embodiments define user entitlements on a user account associated with the managed service. The illustrative embodiments provision user access to the business applications via the managed service in the identity management system upon user request.

摘要翻译： 一种计算机实现的方法，数据处理系统和计算机程序产品，用于在身份管理系统的框架内逻辑管理和提供业务应用程序。 提供接口层的说明性实施例，用于映射在通过身份管理系统中的被管理服务来表示对业务应用的访问所需的数据存储库中的相应属性，许可和资源帐户。 说明性实施例定义与被管理服务相关联的用户帐户上的用户权利。 说明性实施例在用户请求时通过身份管理系统中的管理服务提供用户对业务应用的访问。

公开(公告)号：US20090100438A1

公开(公告)日：2009-04-16

申请号：US11872847

申请日：2007-10-16

申请人： Heather Maria Hinton ,  Sridhar R. Muppidi

发明人： Heather Maria Hinton ,  Sridhar R. Muppidi

IPC分类号： G06F9/44

CPC分类号： G06F17/30899 ,  H04L67/02 ,  H04L67/14 ,  H04L67/143

摘要： A web browser is provided with a logout enablement function that traps a browser or page shutdown request and prevents that request from completing until the browser (or page) has logged out from one or more current server-side application sessions. The logout enablement function ensures that server-side resources that have been invoked for a given session are released before the web browser can be shutdown. The function is implemented as native browser code, a web page applet, a Java server page, a script, a control associated with the browser, and a browser plug-in.

摘要翻译： Web浏览器提供了一个注销启用功能，可以捕获浏览器或页面关闭请求，并在浏览器（或页面）已从一个或多个当前服务器端应用程序会话注销之前阻止该请求完成。 注销启用功能确保在Web浏览器可以关闭之前已释放为给定会话调用的服务器端资源。 该功能实现为本地浏览器代码，网页小程序，Java服务器页面，脚本，与浏览器相关联的控件和浏览器插件。

公开(公告)号：US07395424B2

公开(公告)日：2008-07-01

申请号：US10621927

申请日：2003-07-17

申请人： Paul Anthony Ashley ,  Sridhar R. Muppidi ,  Mark Vandenwauver

发明人： Paul Anthony Ashley ,  Sridhar R. Muppidi ,  Mark Vandenwauver

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/31 ,  G06F21/40 ,  G06F21/6218 ,  G06F2221/2113 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/166 ,  H04L63/20

摘要： A method is presented for performing authentication operations. When a client requests a resource from a server, a non-certificate-based authentication operation is performed through an SSL (Secure Sockets Layer) session between the server and the client. When the client requests another resource, the server determines to step up to a more restrictive level of authentication, and a certificate-based authentication operation is performed through the SSL session without exiting or renegotiating the SSL session prior to completion of the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to the client from the server through the SSL session, after which the server receives through the SSL session a digital signature that has been generated by the executable module using a digital certificate at the client. In response to successfully verifying the digital signature at the server, the server provides access to a requested resource.

摘要翻译： 呈现用于执行认证操作的方法。 当客户端从服务器请求资源时，通过服务器和客户端之间的SSL（安全套接字层）会话执行非基于证书的身份验证操作。 当客户端请求另一个资源时，服务器确定升级到更严格的身份验证级别，并且基于证书的身份验证操作通过SSL会话执行，而不会在完成基于证书的身份验证之前退出或重新协商SSL会话 操作。 在基于证书的认证过程中，可执行模块通过SSL会话从服务器下载到客户端，之后服务器通过SSL会话接收可执行模块使用数字证书生成的数字签名 客户。 响应于成功验证服务器上的数字签名，服务器提供对所请求资源的访问。