公开(公告)号：US07546640B2

公开(公告)日：2009-06-09

申请号：US10732628

申请日：2003-12-10

申请人： David Yu Chang ,  Vishwanath Venkataramappa ,  Leigh Allen Williamson

发明人： David Yu Chang ,  Vishwanath Venkataramappa ,  Leigh Allen Williamson

IPC分类号： H04L9/32 ,  H04N7/16

CPC分类号： H04L63/101 ,  G06F21/6218

摘要： Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource. Further, the embodiment includes locating, based on the request, the resource in a structure having groupings of resources, wherein the groupings include a grouping having the resource. Typically the groupings comprise files having mappings of resources to assigned groups, and each group has an associated authorization table mapping roles or policies to users. Further still, the embodiment includes reading an authorization table associated with the grouping having the resource, and determining whether to grant the access rights for performing the action on the resource.

摘要翻译： 公开了用于确定对由应用程序管理的资源的访问权限的方法，系统和媒体。 一个实施例包括接收应用的请求，其中所述请求包括用户寻求对资源执行的动作。 此外，实施例包括基于请求定位具有资源分组的结构中的资源，其中分组包括具有资源的分组。 通常，分组包括具有分配组的资源映射的文件，并且每个组具有将角色或策略映射到用户的相关联的授权表。 此外，实施例包括读取与具有资源的分组相关联的授权表，以及确定是否授予对资源执行动作的访问权限。

公开(公告)号：US20090037196A1

公开(公告)日：2009-02-05

申请号：US11830964

申请日：2007-07-31

申请人： David Yu Chang ,  John Yow-Chun Chang ,  Syed-Muasir Khalll ,  Vishwanath Venkataramappa

发明人： David Yu Chang ,  John Yow-Chun Chang ,  Syed-Muasir Khalll ,  Vishwanath Venkataramappa

IPC分类号： G06Q50/00

CPC分类号： G06Q50/32 ,  G06Q30/018

摘要： A method, computer program product, and apparatus for receiving a postal mail item. The postal mail item is received. The postal mail item contains a radio frequency identifier identifying the sender of the postal mail item. Responsive to receiving the postal mail item in the mailbox, the radio frequency identifier of the postal mail item is scanned with a scanner to identify the sender of the postal mail item. A determination is made whether the sender of the postal mail item is in a junk mail list. The junk mail list includes a list of senders accessible to a processor in the scanner.

摘要翻译： 一种用于接收邮政邮件的方法，计算机程序产品和装置。 接收邮政邮件。 邮政邮件包含标识邮政邮件的发送者的射频标识符。 响应于在邮箱中接收邮政邮件，用扫描仪扫描邮政邮件的射频标识符，以识别邮政邮件的发送者。 确定邮政邮件的发件人是否在垃圾邮件列表中。 垃圾邮件列表包括扫描仪中处理器可访问的发件人列表。

公开(公告)号：US20080222719A1

公开(公告)日：2008-09-11

申请号：US12055407

申请日：2008-03-26

申请人： David Yu Chang ,  Vishwanath Venkataramappa ,  Leigh Allen Williamson

发明人： David Yu Chang ,  Vishwanath Venkataramappa ,  Leigh Allen Williamson

IPC分类号： G06F7/04

CPC分类号： G06F21/6218

摘要： Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.

摘要翻译： 公开了用于确定对由应用程序管理的资源的访问权限的方法，系统和媒体。 一个实施例包括接收应用的请求，其中所述请求包括用户在资源上执行的动作，以及基于所述请求，在包含关系图和具有资源分组的结构中查找资源， 其中所述分组包括具有所述资源的分组。 此外，实施例包括遍历包容关系图的顶点，其中顶点包括资源的代数资源，以及读取与分组中具有代数资源的分组相关联的授权表。 此外，该实施例还包括确定是否授予对资源执行动作的访问权限。

公开(公告)号：US20080172727A1

公开(公告)日：2008-07-17

申请号：US11622698

申请日：2007-01-12

申请人： Michael Cheng ,  Vishwanath Venkataramappa ,  Tom Zhongyu Zhou

发明人： Michael Cheng ,  Vishwanath Venkataramappa ,  Tom Zhongyu Zhou

IPC分类号： G06F21/00

CPC分类号： G06F21/6227 ,  G06F2221/2141

摘要： A system and method for using a declarative approach to enforce instance based security in a distributed environment is presented. The invention described herein includes security logic in declarative specifications that, in turn, decouples the security logic from distributed object administration logic. An access manager identifies access requirements by combining object name property keys included in a distributed object with property key specifications included in a declarative specification. In turn, the access manager compares a caller's access attributes with the access requirements to determine whether to create a distributed object instance and allow the caller to invoke a method on the distributed object instance. The access requirements may also include role specifications and method parameter specifications.

摘要翻译： 提出了一种使用声明式方法在分布式环境中实施基于实例的安全性的系统和方法。 本文描述的本发明包括声明性规范中的安全逻辑，其又将安全逻辑与分布式对象管理逻辑分离。 访问管理器通过将分布式对象中包含的对象名称属性键与包含在声明性规范中的属性键规范组合来标识访问要求。 反过来，访问管理器将调用者的访问属性与访问要求进行比较，以确定是否创建分布式对象实例并允许调用者调用分布式对象实例上的方法。 访问要求还可以包括角色规范和方法参数规范。

公开(公告)号：US20060123016A1

公开(公告)日：2006-06-08

申请号：US11002696

申请日：2004-12-02

申请人： Rohith Ashok ,  Michael Cheng ,  Vishwanath Venkataramappa ,  Qinhua Wang

发明人： Rohith Ashok ,  Michael Cheng ,  Vishwanath Venkataramappa ,  Qinhua Wang

IPC分类号： G06F7/00

CPC分类号： H04L41/0803 ,  G06F16/256 ,  H04L41/0869 ,  H04L41/0893

摘要： A meta-data driven method and apparatus to manage configurations of coexisting heterogeneous subsystems. The present invention recognizes that schemas evolve incrementally from version to version. In a preferred embodiment, the present invention employs two stages: an identification specification stage, to identify and/or specify any changes in a heterogeneous distributed system, and a configuration validation stage, to implement and/or validate the changes thus identified or specified. In the first stage, the identification specification stage, the present invention programmably compares the next version of the schema from its previous version. This allows meta-data to be created that describes how a schema component evolves from version to version. In addition, a user may specify what appears in the schema. In the second stage, the configuration validation stage, the meta-data created in the first stage can be used to determine whether a particular component version of the subsystem is valid for a particular schema component, and vice versa, and/or to configure the subsystem to conform to the schema.

摘要翻译： 一种用于管理并存异构子系统配置的元数据驱动方法和装置。 本发明认识到，模式从版本到版本逐渐发展。 在优选实施例中，本发明采用两个阶段：标识规范阶段，用于识别和/或指定异构分布式系统中的任何变化以及配置验证阶段，以实现和/或验证由此识别或指定的变化。 在第一阶段中，识别规范阶段，本发明可编程地比较其先前版本的下一版本的模式。 这允许创建描述模式组件从版本到版本的元数据。 此外，用户可以指定模式中显示的内容。 在第二阶段，配置验证阶段，在第一阶段创建的元数据可用于确定子系统的特定组件版本是否对特定模式组件有效，反之亦然，和/或配置 子系统符合模式。

公开(公告)号：US20050132054A1

公开(公告)日：2005-06-16

申请号：US10732627

申请日：2003-12-10

申请人： David Chang ,  Vishwanath Venkataramappa ,  Leigh Williamson

发明人： David Chang ,  Vishwanath Venkataramappa ,  Leigh Williamson

IPC分类号： G06F15/16 ,  G06F21/00

CPC分类号： G06F21/6218

摘要： Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.

摘要翻译： 公开了用于确定对由应用程序管理的资源的访问权限的方法，系统和媒体。 一个实施例包括接收应用的请求，其中所述请求包括用户在资源上执行的动作，以及基于请求，在包含关系图和具有资源分组的结构中定位资源， 其中所述分组包括具有所述资源的分组。 此外，实施例包括遍历包容关系图的顶点，其中顶点包括资源的代数资源，以及读取与分组中具有代数资源的分组相关联的授权表。 此外，该实施例还包括确定是否授予对资源执行动作的访问权限。

公开(公告)号：US20050131994A1

公开(公告)日：2005-06-16

申请号：US10732756

申请日：2003-12-10

申请人： David Chang ,  Vishwanath Venkataramappa ,  Leigh Williamson

发明人： David Chang ,  Vishwanath Venkataramappa ,  Leigh Williamson

IPC分类号： G06F15/16 ,  G06F21/00 ,  H04L29/06

CPC分类号： G06F21/6218 ,  G06F21/6209 ,  H04L63/0227 ,  H04L63/083 ,  H04L63/10 ,  Y10S707/99943

摘要： Methods, systems, and media are disclosed for managing a resource managed by a mbean server having an mbean. One embodiment includes receiving a request by the application, wherein the request constitutes an action a user seeks to perform on the resource, and adding a number of instance identifier fields to an mbean descriptor file associated with the mbean. Further, the embodiment includes populating the number of instance identifier fields with an equivalent number of properties from an objectname of the resource, thereby producing a populated mbean descriptor file that identifies the resource among resources. Further still, the embodiment includes reading the mbean descriptor file after the populating, and determining, based on the reading, whether the user has an authority to perform the request. If authority exists, then an mbean method performs the action on the resource, and filters the obtained results to coincide with the user's authority.

摘要翻译： 公开了用于管理由具有mbean的mbean服务器管理的资源的方法，系统和媒体。 一个实施例包括接收应用程序的请求，其中该请求构成用户寻求对该资源执行的动作，并将多个实例标识符字段添加到与该mbean相关联的mbean描述符文件。 此外，该实施例包括从资源的对象名称填充具有等效数量的属性的实例标识符字段的数量，由此产生在资源之间标识资源的填充的mbean描述符文件。 此外，实施例包括在填充之后读取mbean描述符文件，并且基于读取来确定用户是否具有执行请求的权限。 如果权限存在，则mbean方法对资源执行操作，并对获取的结果进行过滤，以符合用户权限。