公开(公告)号：US08930326B2

公开(公告)日：2015-01-06

申请号：US13405924

申请日：2012-02-27

申请人： Kristen E. Cochrane ,  Ivan M. Milman ,  Martin Oberhofer ,  Donald A. Padilla

发明人： Kristen E. Cochrane ,  Ivan M. Milman ,  Martin Oberhofer ,  Donald A. Padilla

IPC分类号： G06F17/00

CPC分类号： G09B7/02

摘要： According to one embodiment of the present invention, a system analyzes data in response to detecting occurrence of an event, and includes a computer system including at least one processor. The system maps fields between the data and a fingerprint definition identifying relevant fields of the data to produce a fingerprint for the data. The data is deleted after occurrence of the event. The produced fingerprint is stored in a data repository, and retrieved in response to detection of the event occurrence after the data has been deleted. The system analyzes the retrieved fingerprint to evaluate an impact of the event on corresponding deleted data. Embodiments of the present invention further include a method and computer program product for analyzing data in response to detecting occurrence of an event in substantially the same manner described above.

摘要翻译： 根据本发明的一个实施例，系统响应于检测事件的发生来分析数据，并且包括包括至少一个处理器的计算机系统。 系统将数据和指纹定义之间的字段映射到标识数据的相关字段以产生数据的指纹。 数据在事件发生后被删除。 产生的指纹存储在数据存储库中，并且在数据被删除之后响应于事件发生的检测而被检索。 系统分析检索到的指纹，以评估事件对相应删除数据的影响。 本发明的实施例还包括一种方法和计算机程序产品，用于响应于以与上述基本相同的方式检测事件的发生来分析数据。

公开(公告)号：US08863225B2

公开(公告)日：2014-10-14

申请号：US12826614

申请日：2010-06-29

申请人： Ivan M. Milman ,  Martin Oberhofer ,  Dmitriy Fot

发明人： Ivan M. Milman ,  Martin Oberhofer ,  Dmitriy Fot

IPC分类号： G06F21/00 ,  G06F15/16 ,  G06F21/62

CPC分类号： G06F21/6218

摘要： Provided are techniques for providing security in a computing system with identity mediation policies that are enterprise service bus (EBS) independent. A mediator component performs service-level operation such as message brokering, identity mediation, and transformation to enhance interoperability among service consumers and service providers. A mediator component may also delegate identity related operations to a token service of handler. Identity mediation may include such operations as identity determination, or “identification,” authentication, authorization, identity transformation and security audit.

公开(公告)号：US08832779B2

公开(公告)日：2014-09-09

申请号：US13418950

申请日：2012-03-13

申请人： Ivan M. Milman ,  Martin Oberhofer ,  Dmitriy Fot

发明人： Ivan M. Milman ,  Martin Oberhofer ,  Dmitriy Fot

IPC分类号： G06F21/00 ,  G06F15/16 ,  G06F21/62

CPC分类号： G06F21/6218

摘要： Provided are techniques for providing security in a computing system with identity mediation policies that are enterprise service bus (EBS) independent. A mediator component performs service-level operation such as message brokering, identity mediation, and transformation to enhance interoperability among service consumers and service providers. A mediator component may also delegate identity related operations to a token service of handler. Identity mediation may include such operations as identity determination, or “identification,” authentication, authorization, identity transformation and security audit.

摘要翻译： 提供的是用于在计算系统中提供具有独立于企业服务总线（EBS）的身份调解策略的安全性的技术。 调解员组件执行服务级操作，如消息代理，身份中介和转换，以增强服务使用者和服务提供商之间的互操作性。 调解器组件还可以将身份相关操作委托给处理程序的令牌服务。 身份调解可以包括身份确定或“身份识别”，身份认证，身份转换和安全审核等操作。

公开(公告)号：US08341694B2

公开(公告)日：2012-12-25

申请号：US11456190

申请日：2006-07-08

申请人： Heather M. Hinton ,  Ivan M. Milman

发明人： Heather M. Hinton ,  Ivan M. Milman

IPC分类号： G06F7/04

CPC分类号： H04L63/101 ,  G06F17/30876 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/6236

摘要： Access controls for a Web service (which controls are based on abstract WSDL definitions) are defined for a WSDL defined protected object space and, as such, are loosely coupled with the concrete WSDL binding derived from those definitions, preferably on a per binding level. This WSDL-defined POS is in turn loosely bound to a resource-specific protected object space definition. This loose coupling is leveraged to allow changes (e.g., updates) to the abstract WSDL binding's protected object space to be transitively applied to the application-specific protected object space. If appropriate, changes to the resource-specific protected object space may be applied to the WSDL's protected object space. Thus, according to the invention, the coupling may be one-way (typically, from the WSDL POS to the resource level POS) or two-way (from the WSDL POS to the resource level POS and vice versa). This technique ensures that different security policies are not applied unintentionally to the same resource (for example, one at the Web services entry level, and the other at the resource level). By synchronizing the protected object spaces in the manner described, neither the entity that deploys the application nor the security administrator need to be aware of the differences between the Web service request and the resource request.

摘要翻译： 针对WSDL定义的受保护对象空间定义了一个Web服务（基于抽象WSDL定义的控件）的访问控制，因此与从这些定义派生的具体WSDL绑定松散耦合，优选地在每个绑定级别上。 这个WSDL定义的POS又松动地绑定到特定于资源的受保护对象空间定义。 利用这种松散耦合来允许将抽象WSDL绑定的受保护对象空间的更改（例如，更新）传递性地应用于应用程序特定的受保护对象空间。 如果适用，对资源特定的受保护对象空间的更改可能会应用于WSDL的受保护对象空间。 因此，根据本发明，耦合可以是单向的（通常从WSDL POS到资源级POS）或双向（从WSDL POS到资源级POS，反之亦然）。 这种技术可以确保不同意的资源（例如，一个在Web服务条目级别，另一个在资源级）不同的安全策略。 通过以所描述的方式同步受保护的对象空间，部署应用程序的实体和安全管理员都不需要了解Web服务请求与资源请求之间的差异。

公开(公告)号：US20120191731A1

公开(公告)日：2012-07-26

申请号：US13417691

申请日：2012-03-12

申请人： Ivan M. Milman ,  Charles D. Wolfson ,  Matthias Schunter ,  Heather M. Hinton ,  Michael P. Waidner

发明人： Ivan M. Milman ,  Charles D. Wolfson ,  Matthias Schunter ,  Heather M. Hinton ,  Michael P. Waidner

IPC分类号： G06F17/30

CPC分类号： G06F21/6245

摘要： A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.

摘要翻译： 公开了用于控制数据分布的方法，系统和计算机可用介质。 根据数据发布策略对存储在数据存储区中的数据进行过滤，以生成过滤的数据。 生成与数据发布策略相对应的数据发布策略协议。 然后将过滤的数据和数据发布策略协议提供给信息消费者。 然后，数据发布策略协议用于实施数据发布策略。

公开(公告)号：US20110321136A1

公开(公告)日：2011-12-29

申请号：US12826614

申请日：2010-06-29

申请人： Ivan M. Milman ,  Martin Oberhofer ,  Dmitriy Fot

发明人： Ivan M. Milman ,  Martin Oberhofer ,  Dmitriy Fot

IPC分类号： H04L29/06 ,  G06F15/16

CPC分类号： G06F21/6218

摘要： Provided are techniques for providing security in a computing system with identity mediation policies that are enterprise service bus (EBS) independent. A mediator component performs service-level operation such as message brokering, identity mediation, and transformation to enhance interoperability among service consumers and service providers. A mediator component may also delegate identity related operations to a token service of handler. Identity mediation may include such operations as identity determination, or “identification,” authentication, authorization, identity transformation and security audit.

摘要翻译： 提供的是用于在计算系统中提供具有独立于企业服务总线（EBS）的身份调解策略的安全性的技术。 调解员组件执行服务级操作，如消息代理，身份中介和转换，以增强服务使用者和服务提供商之间的互操作性。 调解器组件还可以将身份相关操作委托给处理程序的令牌服务。 身份调解可以包括身份确定或“身份识别”，身份认证，身份转换和安全审核等操作。

公开(公告)号：US20110161332A1

公开(公告)日：2011-06-30

申请号：US12648876

申请日：2009-12-29

申请人： Ivan M. Milman ,  Charles D. Wolfson ,  Matthias Schunter ,  Heather M. Hinton ,  Michael P. Waidner

发明人： Ivan M. Milman ,  Charles D. Wolfson ,  Matthias Schunter ,  Heather M. Hinton ,  Michael P. Waidner

IPC分类号： G06F17/00

CPC分类号： G06F21/6245

摘要： A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.

摘要翻译： 公开了用于控制数据分布的方法，系统和计算机可用介质。 根据数据发布策略对存储在数据存储区中的数据进行过滤，以生成过滤的数据。 生成与数据发布策略相对应的数据发布策略协议。 然后将过滤的数据和数据发布策略协议提供给信息消费者。 然后，数据发布策略协议用于实施数据发布策略。

公开(公告)号：US20090007097A1

公开(公告)日：2009-01-01

申请号：US11770890

申请日：2007-06-29

申请人： Heather M. Hinton ,  Ivan M. Milman ,  Patrick R. Wardrop

发明人： Heather M. Hinton ,  Ivan M. Milman ,  Patrick R. Wardrop

IPC分类号： G06F9/445

CPC分类号： G06F8/61 ,  G06F9/44505

摘要： A method, system and program are provided for managing the installation and configuration of a software product by using a proxy service to loosely couple the installation and/or configuration of constituent modules within the installation/configuration flow of the software product. The proxy service invokes the installation/configuration processing of an existing software component, thereby reducing the complexity associated with installing new component installation processes every time a component is to be supported, especially where the software products and new component(s) do not share the same installation/configuration platforms.

摘要翻译： 提供了一种方法，系统和程序，用于通过使用代理服务来在软件产品的安装/配置流程内松散地耦合组件模块的安装和/或配置来管理软件产品的安装和配置。 代理服务调用现有软件组件的安装/配置处理，从而降低与每次支持组件时安装新组件安装过程相关的复杂性，特别是在软件产品和新组件不共享的情况下 相同的安装/配置平台。

公开(公告)号：US20080022362A1

公开(公告)日：2008-01-24

申请号：US11456190

申请日：2006-07-08

申请人： Heather M. Hinton ,  Ivan M. Milman

发明人： Heather M. Hinton ,  Ivan M. Milman

IPC分类号： H04L9/32

CPC分类号： H04L63/101 ,  G06F17/30876 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/6236

摘要： Access controls for a Web service (which controls are based on abstract WSDL definitions) are defined for a WSDL defined protected object space and, as such, are loosely coupled with the concrete WSDL binding derived from those definitions, preferably on a per binding level. This WSDL-defined POS is in turn loosely bound to a resource-specific protected object space definition. This loose coupling is leveraged to allow changes (e.g., updates) to the abstract WSDL binding's protected object space to be transitively applied to the application-specific protected object space. If appropriate, changes to the resource-specific protected object space may be applied to the WSDL's protected object space. Thus, according to the invention, the coupling may be one-way (typically, from the WSDL POS to the resource level POS) or two-way (from the WSDL POS to the resource level POS and vice versa). This technique ensures that different security policies are not applied unintentionally to the same resource (for example, one at the Web services entry level, and the other at the resource level). By synchronizing the protected object spaces in the manner described, neither the entity that deploys the application nor the security administrator need to be aware of the differences between the Web service request and the resource request.

摘要翻译： 针对WSDL定义的受保护对象空间定义了一个Web服务（基于抽象WSDL定义的控件）的访问控制，因此与从这些定义派生的具体WSDL绑定松散耦合，优选地在每个绑定级别上。 这个WSDL定义的POS又松动地绑定到特定于资源的受保护对象空间定义。 利用这种松散耦合来允许将抽象WSDL绑定的受保护对象空间的更改（例如，更新）传递性地应用于应用程序特定的受保护对象空间。 如果适用，对资源特定的受保护对象空间的更改可能会应用于WSDL的受保护对象空间。 因此，根据本发明，耦合可以是单向的（通常从WSDL POS到资源级POS）或双向（从WSDL POS到资源级POS，反之亦然）。 这种技术可以确保不同意的资源（例如，一个在Web服务条目级别，另一个在资源级）不同的安全策略。 通过以所描述的方式同步受保护的对象空间，部署应用程序的实体和安全管理员都不需要了解Web服务请求与资源请求之间的差异。