公开(公告)号：US20110302093A1

公开(公告)日：2011-12-08

申请号：US12791933

申请日：2010-06-02

申请人： Sanjay Mecheri Kesavan ,  Nataraj Nagaratnam ,  Lohitashwa Thyagaraj

发明人： Sanjay Mecheri Kesavan ,  Nataraj Nagaratnam ,  Lohitashwa Thyagaraj

IPC分类号： G06Q10/00

CPC分类号： G06Q30/0603 ,  G06Q30/018 ,  G06Q30/0185

摘要： A method, system, and computer usable program product for mitigating distribution or consumption of counterfeit products in a supply chain are provided in the illustrative embodiments. A first set of identifiers is generated to associate with a product to be manufactured. The first set of identifiers includes identifiers corresponding to a customer reference number (CRN), a customer acknowledgment number (CAN), and a merchant acknowledgment number (MAN). The first set of identifiers is associated with the product and a status indicator. The status indicator is set to a first value representative of the product being an original product and the product being available for sale. The first set of identifiers is transmitted to another second application.

摘要翻译： 在说明性实施例中提供了用于减轻供应链中的假冒产品的分配或消耗的方法，系统和计算机可用程序产品。 生成第一组标识符以与待制造的产品相关联。 第一组标识符包括与客户参考号（CRN），客户确认号（CAN）和商家确认号（MAN）相对应的标识符。 第一组标识符与产品和状态指示器相关联。 状态指示器被设置为代表原始产品的产品的第一个值，并且该产品可供出售。 第一组标识符被传送到另一个第二应用。

公开(公告)号：US20070180498A1

公开(公告)日：2007-08-02

申请号：US11333019

申请日：2006-01-17

申请人： Samar Choudhary ,  Nataraj Nagaratnam ,  Naveenkumar Muguda

发明人： Samar Choudhary ,  Nataraj Nagaratnam ,  Naveenkumar Muguda

IPC分类号： H04L9/32

CPC分类号： H04L29/08864 ,  G06F21/6227 ,  G06F2221/2141 ,  H04L29/08765 ,  H04L29/08936 ,  H04L63/102 ,  H04L63/20

摘要： A system for security management for applications associated with multiple user registries can include an integrated console configured to host a one or more applications or resource objects in corresponding realms. The system also can include one or more roles mapped to different ones of the resource objects and also to different users permitted to access the integrated console. The system yet further can include a user relationship system having associations with multiple different ones of the roles. Finally, the system can include console security management logic programmed to manage authentication for the users using realm of the resource object while not requiring a separate user registry for the integrated console.

摘要翻译： 用于与多个用户注册表相关联的应用的安全管理的系统可以包括被配置为托管相应领域中的一个或多个应用或资源对象的集成控制台。 系统还可以包括映射到不同资源对象的一个​​或多个角色，还可以包括允许访问集成控制台的不同用户。 该系统还可以包括具有与多个不同角色的关联的用户关系系统。 最后，该系统可以包括控制台安全管理逻辑，其被编程为使用资源对象的领域来管理用户的认证，而不需要用于集成控制台的单独的用户注册。

公开(公告)号：US09916461B2

公开(公告)日：2018-03-13

申请号：US13608125

申请日：2012-09-10

申请人： Kaushal Kiran Kapadia ,  Rahul Prabhakar Kulkarni ,  Nataraj Nagaratnam ,  Anindya Neogi ,  Magesh Rajamani

发明人： Kaushal Kiran Kapadia ,  Rahul Prabhakar Kulkarni ,  Nataraj Nagaratnam ,  Anindya Neogi ,  Magesh Rajamani

IPC分类号： G06F17/00 ,  H04L29/06 ,  G06F21/60

CPC分类号： G06F21/604 ,  H04L63/102

摘要： Identity context-based access control is implemented by generating an identity context expression from user identity data. In particular, users are clustered based on combinations of one or more attributes. These clusters comprise one or more identity context(s). Preferably, an intersection of attribute sets of each user in the cluster is formed. In addition, an intersection of attribute sets of each user not in the cluster also is formed. If the attribute set that is common across the cluster of users is not a subset of the attribute set that is common across the rest of the users, then the attribute set forms a unique identity context expression. To reduce the number of roles used in role-based access control (RBAC), at least one role is replaced with an identity context expression. Run-time access control is then enabled.

公开(公告)号：US09767301B2

公开(公告)日：2017-09-19

申请号：US13413636

申请日：2012-03-06

申请人： Srinivas Jandhyala ,  Albee Jhoney ,  Sridhar R Muppidi ,  Nataraj Nagaratnam ,  Atul Saxena

发明人： Srinivas Jandhyala ,  Albee Jhoney ,  Sridhar R Muppidi ,  Nataraj Nagaratnam ,  Atul Saxena

IPC分类号： G06F21/00 ,  G06F21/62

CPC分类号： G06F21/6218

摘要： A method, system, and computer usable program product-for context aware data protection are provided. Information about an access context is received in a data processing system. A resource affected by the access context is identified. The identification of the resource may include deriving knowledge about resource by making an inference from a portion of contents of the resource that the access context affects the resource, making an inference that the access context affects a second resource thereby inferring that the resource has to be modified, determining that the access context is relevant to the resource, or a combination thereof. The resource is received. A policy that is applicable to the access context is identified. A part of the resource to modify according to the policy is determined. The part is modified according to the policy and the access context to form a modified resource. The modified resource is transmitted.

公开(公告)号：US09710834B2

公开(公告)日：2017-07-18

申请号：US12791943

申请日：2010-06-02

申请人： Sanjay Mecheri Kesavan ,  Nataraj Nagaratnam ,  Lohitashwa Thyagaraj

发明人： Sanjay Mecheri Kesavan ,  Nataraj Nagaratnam ,  Lohitashwa Thyagaraj

IPC分类号： G06Q10/10 ,  G06Q30/02 ,  G06Q30/06 ,  G06Q10/04 ,  G06Q10/06 ,  G06Q30/00

CPC分类号： G06Q30/06 ,  G06Q30/018 ,  G06Q30/0185

摘要： A method, system, and computer usable program product for pre and post purchase identification of counterfeit products in a supply chain are provided in the illustrative embodiments. A customer reference number (CRN) associated with a unit of product is identified. The unit of product has associated therewith a unique set of identifiers including the CRN, a customer acknowledgment number (CAN), and a merchant acknowledgment number (MAN). The CRN is sent to a second application and a message is received from the second application in response to sending the CRN. If the message includes a second CAN that is not the same as the CAN associated with the unit, the unit is determined to be a counterfeit product.

公开(公告)号：US09160752B2

公开(公告)日：2015-10-13

申请号：US11848405

申请日：2007-08-31

申请人： German S. Goldszmidt ,  Dah-Haur H. Lin ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

发明人： German S. Goldszmidt ,  Dah-Haur H. Lin ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

IPC分类号： H04L29/06 ,  G06F21/62

CPC分类号： H04L63/105 ,  G06F21/6227

摘要： Embodiments of the present invention provide a method, system and computer program product for aggregating database and component logic authorization rules in a multi-tier application. In an embodiment of the invention, a method for aggregating database and component logic authorization rules in a multi-tier application system can include aggregating role-based authorization rules for both a persistence layer and a logic layer of a multi-tier application in a unified policy, distributing the unified policy to both the persistence layer and the logic layer of the multi-tier application, transforming the unified policy into respectively a set of role based permissions for the persistence layer and a set of role based permissions for the logic layer, and applying the set of role based permissions for the persistence layer in the persistence layer, and the set of role based permissions for the logic layer in the logic layer of the multi-tier application.

摘要翻译： 本发明的实施例提供了一种用于在多层应用中聚合数据库和组件逻辑授权规则的方法，系统和计算机程序产品。 在本发明的一个实施例中，用于在多层应用系统中聚合数据库和组件逻辑授权规则的方法可以包括为统一的多层应用的持久层和逻辑层聚合基于角色的授权规则 策略，将统一策略分发到多层应用的持久层和逻辑层，将统一策略分为一组基于角色的持久层权限和逻辑层的一组基于角色的权限， 并在持久层中为持久层应用一组基于角色的权限，以及在多层应用程序的逻辑层中逻辑层的基于角色的权限集合。

公开(公告)号：US20140075492A1

公开(公告)日：2014-03-13

申请号：US13608125

申请日：2012-09-10

申请人： Kaushal Kiran Kapadia ,  Rahul Prabhakar Kulkarni ,  Nataraj Nagaratnam ,  Anindya Neogi ,  Magesh Rajamani

发明人： Kaushal Kiran Kapadia ,  Rahul Prabhakar Kulkarni ,  Nataraj Nagaratnam ,  Anindya Neogi ,  Magesh Rajamani

IPC分类号： G06F21/00

CPC分类号： G06F21/604 ,  H04L63/102

摘要： Identity context-based access control is implemented by generating an identity context expression from user identity data. In particular, users are clustered based on combinations of one or more attributes. These clusters comprise one or more identity context(s). Preferably, an intersection of attribute sets of each user in the cluster is formed. In addition, an intersection of attribute sets of each user not in the cluster also is formed. If the attribute set that is common across the cluster of users is not a subset of the attribute set that is common across the rest of the users, then the attribute set forms a unique identity context expression. To reduce the number of roles used in role-based access control (RBAC), at least one role is replaced with an identity context expression. Run-time access control is then enabled.

摘要翻译： 通过从用户身份数据生成身份上下文表达式来实现基于身份上下文的访问控制。 特别地，基于一个或多个属性的组合来聚类用户。 这些集群包括一个或多个身份上下文。 优选地，形成群集中的每个用户的属性集的交集。 另外，也不形成不在群集中的每个用户的属性集合的交集。 如果在用户集群中通用的属性集不是其余用户常用的属性集的子集，则属性集将形成唯一的身份上下文表达式。 为了减少基于角色的访问控制（RBAC）中使用的角色数量，至少有一个角色被替换为身份上下文表达式。 然后启用运行时访问控制。

公开(公告)号：US20130305058A1

公开(公告)日：2013-11-14

申请号：US13471541

申请日：2012-05-15

申请人： Shalini Kapoor ,  Palanivel A. Kodeswaran ,  Sridhar R. Muppidi ,  Nataraj Nagaratnam ,  Vikrant Nandakumar

发明人： Shalini Kapoor ,  Palanivel A. Kodeswaran ,  Sridhar R. Muppidi ,  Nataraj Nagaratnam ,  Vikrant Nandakumar

IPC分类号： G06F17/30 ,  G06F12/14

CPC分类号： G06F17/3007 ,  H04W12/08

摘要： A method, system and computer program product for controlling enterprise data on mobile devices. Data on a mobile device is tagged as being associated with either enterprise data or with personal data. Upon identifying the storage location of the tagged data and the identifier of the application that generated the tagged data, the tag, the storage location of the tagged data and the identifier of the application are stored in an index. A mobile agent residing on the mobile device may be directed by a mobile device management server of the enterprise to perform various actions (e.g., deleting, encrypting, backing-up) on the enterprise data using the index. In this manner, the enterprise has the ability to control their applications and data that resides on employees' mobile devices to ensure that such data is not lost or used in a manner that is contrary to the wishes of the employer.

公开(公告)号：US08387111B2

公开(公告)日：2013-02-26

申请号：US10002439

申请日：2001-11-01

申请人： Lawrence Koved ,  Anthony Joseph Nadalin ,  Nataraj Nagaratnam ,  Marco Pistoia ,  Bruce Arland Rich

发明人： Lawrence Koved ,  Anthony Joseph Nadalin ,  Nataraj Nagaratnam ,  Marco Pistoia ,  Bruce Arland Rich

IPC分类号： G06F12/14

CPC分类号： G06F21/53 ,  G06F2221/2145

摘要： A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.

摘要翻译： 提供了一种用于基于类型独立许可的访问控制的方法和装置。 该方法和装置利用对象继承来提供一种机制，通过该机制，可以将大量的权限组分配给代码源，而不必对代码源明确地分配每个单独的权限。 基本权限或超类权限与继承层级或权限级别中的基本权限之下的继承或子类权限一起定义。 在这样的层次结构中定义了权限之后，开发人员可以为已安装的类分配一个基本权限，从而将基本权限的所有继承的权限分配给已安装的类。 以这种方式，安全提供程序不需要知道应用程序中定义的所有权限类型。 此外，安全提供商可以无缝地集成许多应用程序，而无需更改其访问控制和策略存储语义。 此外，应用程序提供商的安全执行不依赖于安全提供程序定义的权限。 该方法和设备不需要对Java安全管理器进行任何更改，也不需要更改应用程序代码。

公开(公告)号：US20110302095A1

公开(公告)日：2011-12-08

申请号：US12791943

申请日：2010-06-02

申请人： Sanjay Mecheri Kesavan ,  Nataraj Nagaratnam ,  Lohitashwa Thyagaraj

发明人： Sanjay Mecheri Kesavan ,  Nataraj Nagaratnam ,  Lohitashwa Thyagaraj

IPC分类号： G06Q99/00 ,  G06F15/16

CPC分类号： G06Q30/06 ,  G06Q30/018 ,  G06Q30/0185

摘要： A method, system, and computer usable program product for pre and post purchase identification of counterfeit products in a supply chain are provided in the illustrative embodiments. A customer reference number (CRN) associated with a unit of product is identified. The unit of product has associated therewith a unique set of identifiers including the CRN, a customer acknowledgment number (CAN), and a merchant acknowledgment number (MAN). The CRN is sent to a second application and a message is received from the second application in response to sending the CRN. If the message includes a second CAN that is not the same as the CAN associated with the unit, the unit is determined to be a counterfeit product.

摘要翻译： 在说明性实施例中提供了用于供应链中假冒产品的购买前和购买后识别的方法，系统和计算机可用程序产品。 识别与产品单位相关联的客户参考号（CRN）。 产品单元与其相关联，包括CRN，客户确认号（CAN）和商家确认号（MAN）的唯一标识符集合。 CRN被发送到第二应用，并且响应于发送CRN而从第二应用接收消息。 如果该消息包含与该单元相关联的CAN不相同的第二个CAN，则该单元被确定为伪造产品。