公开(公告)号：US08060632B2

公开(公告)日：2011-11-15

申请号：US12841197

申请日：2010-07-22

Applicant: George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

Inventor： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC: G06F15/16 ,  G06F15/173 ,  G06F21/00

CPC classification number: H04L63/101 ,  G06F21/41 ,  H04L63/0807

Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

Abstract translation: 提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项 和/或在事务期间动态确定。 诸如在线银行或商家的电子商务服务提供商（ECSP）也保持与AIP的关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。 用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。 如果ECSP与用户的AIP之一有关系，则当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

公开(公告)号：US07725562B2

公开(公告)日：2010-05-25

申请号：US10334326

申请日：2002-12-31

Applicant: George Robert Blakley, III ,  Heather Maria Hinton ,  Anthony Joseph Nadalin ,  Birgit Monika Pfitzmann

Inventor： George Robert Blakley, III ,  Heather Maria Hinton ,  Anthony Joseph Nadalin ,  Birgit Monika Pfitzmann

IPC: G06F15/16

CPC classification number: H04L63/0807 ,  H04L63/104

Abstract: A computer system is presented for facilitating storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. Through enrollment processes, certain domains inform online service providers of identities of attribute information providers that may be used to retrieve user attribute information for a particular user. When performing a user-specific operation with respect to a requested resource, e.g., for personalizing documents using user attribute information or for determining user access privileges for the resource, an e-commerce service provider requires user attribute information, which is retrieved from an attribute information provider that has been previously specified through an enrollment operation. The e-commerce service provider may store the identity of the user's attribute information providers in a persistent token, e.g., an HTTP cookie, that is available when the user sends a request for access to a resource.

Abstract translation: 提出了一种计算机系统，用于在管理诸如服务之类的信息的实体处促进在联合环境中的用户属性信息的存储和检索。 通过注册过程，某些域通知在线服务提供商可以用于检索特定用户的用户属性信息的属性信息提供者的身份。 当对所请求的资源执行用户特定的操作时，例如用于使用用户属性信息个性化文档或者确定资源的用户访问权限时，电子商务服务提供者需要从属性检索的用户属性信息 以前通过注册操作指定的信息提供者。 电子商务服务提供商可以将用户属性信息提供者的身份存储在用户发送对资源的访问请求时可用的持久令牌，例如HTTP cookie中。

公开(公告)号：US07496552B2

公开(公告)日：2009-02-24

申请号：US11511772

申请日：2006-08-29

Applicant: Ying Huang ,  Haiqi Liang ,  Ying Liu ,  Birgit Monika Pfitzmann ,  Jian Wang ,  Xin Zhou ,  Jun Zhu

Inventor： Ying Huang ,  Haiqi Liang ,  Ying Liu ,  Birgit Monika Pfitzmann ,  Jian Wang ,  Xin Zhou ,  Jun Zhu

IPC: G06N5/02

CPC classification number: G06Q50/18

Abstract: A method for rule compliance situation checking is provided. The method in one aspect, includes the steps of: a) building a rule model for predefined rules and building a business operational model for business processes; b) normalizing vocabularies in the rule model and the business operational model; c) checking whether the rule model is satisfied by the business operational model; and d) outputting a report on checking results. The present invention also provides a corresponding system for rule compliance checking. The rule compliance checking of the present invention allows users to perform fast and effective automatic checking of rule compliance, avoid interference of man-made factors in checking process to a great extent and thus guarantee veracity of checking results.

Abstract translation: 提供了规则合规情况检查的方法。 该方法在一个方面包括以下步骤：a）建立用于预定义规则的规则模型并为业务流程构建业务操作模型; b）规范模型和业务运营模式中的词汇正常化; c）检查商业运作模式是否满足规则模型; 和d）输出关于检查结果的报告。 本发明还提供了一种用于规则符合性检查的相应系统。 本发明的规则合规性检查允许用户对规则合规性进行快速有效的自动检查，避免人为因素在很大程度上干扰人为因素，从而保证检查结果的真实性。

公开(公告)号：US20110131628A1

公开(公告)日：2011-06-02

申请号：US12628420

申请日：2009-12-01

Applicant: Birgit Monika Pfitzmann ,  Harigovind Venkatraj Ramasamy ,  Cheng-Lin Tsao

Inventor： Birgit Monika Pfitzmann ,  Harigovind Venkatraj Ramasamy ,  Cheng-Lin Tsao

IPC: G06F17/00

CPC classification number: H04L63/1433 ,  H04L63/20

Abstract: A system and method for discovering security classifications of network areas includes representing actually allowed network flows and flows permitted by a security policy in a format that enables comparison. The actually allowed network flows and the security policy are provided in a networked computing environment including network areas, wherein each network area is a collection of one or more computing and network devices, and enterprise security policy defines security requirements for security classifications. An assignment of security classifications to network areas is determined by comparing the actually allowed network flows with the flows permitted by the security policy.

Abstract translation: 用于发现网络区域的安全分类的系统和方法包括以允许比较的格式表示由安全策略允许的实际允许的网络流和流。 实际允许的网络流和安全策略在包括网络区域的网络计算环境中提供，其中每个网络区域是一个或多个计算和网络设备的集合，并且企业安全策略定义了安全分类的安全性要求。 通过将实际允许的网络流量与安全策略允许的流量进行比较来确定对网络区域的安全分类的分配。

公开(公告)号：US20100287235A1

公开(公告)日：2010-11-11

申请号：US12841207

申请日：2010-07-22

Applicant: George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

Inventor： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC: G06F15/16

CPC classification number: H04L63/101 ,  G06F21/41 ,  H04L63/0807

Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

Abstract translation: 提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项 和/或在事务期间动态确定。 诸如在线银行或商家的电子商务服务提供商（ECSP）也保持与AIP的关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。 用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。 如果ECSP与用户的AIP之一有关系，则当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

公开(公告)号：US07685300B2

公开(公告)日：2010-03-23

申请号：US10655368

申请日：2003-09-04

Applicant: Warwick Leslie Burrows ,  Guenter Karioth ,  Birgit Monika Pfitzmann ,  Matthias Schunter ,  Anthony Scott Moran ,  Brian James Turner

Inventor： Warwick Leslie Burrows ,  Guenter Karioth ,  Birgit Monika Pfitzmann ,  Matthias Schunter ,  Anthony Scott Moran ,  Brian James Turner

IPC: G06F15/16

CPC classification number: H04L67/14 ,  H04L63/08 ,  H04L67/02 ,  H04L67/327

Abstract: A method is presented for obtaining information from a client for the benefit of a server using a particular communication protocol that the server does not implement. A primary server receives a client-generated request, and the primary server sends a first request to a secondary server as part of the processing of the client-generated request. While processing the first request, the secondary server determines a need for data obtainable from a client application that supports user interaction using a communication protocol for which the secondary server is not configured to implement. The secondary server sends a second request to the primary server for obtaining data that results from using the communication protocol. The secondary server subsequently receives the resulting data and continues to process the first request using the resulting data, after which the secondary server returns a response for the first request to the primary server.

Abstract translation: 提出了一种用于从服务器获取信息以利用服务器不实现的特定通信协议的服务器的方法。 主服务器接收客户端生成的请求，主服务器作为处理客户端生成的请求的一部分向第二个服务器发送第一个请求。 在处理第一请求时，辅助服务器确定需要使用辅助服务器未被配置为实现的通信协议从支持用户交互的客户端应用获得的数据。 辅助服务器向主服务器发送第二个请求，以获取使用通信协议产生的数据。 次服务器随后接收所得到的数据，并使用所得到的数据继续处理第一请求，之后辅助服务器向主服务器返回对第一请求的响应。

公开(公告)号：US08826425B2

公开(公告)日：2014-09-02

申请号：US12628420

申请日：2009-12-01

Applicant: Birgit Monika Pfitzmann ,  Harigovind Venkatraj Ramasamy ,  Cheng-Lin Tsao

Inventor： Birgit Monika Pfitzmann ,  Harigovind Venkatraj Ramasamy ,  Cheng-Lin Tsao

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  H04L63/20

Abstract: A system and method for discovering security classifications of network areas includes representing actually allowed network flows and flows permitted by a security policy in a format that enables comparison. The actually allowed network flows and the security policy are provided in a networked computing environment including network areas, wherein each network area is a collection of one or more computing and network devices, and enterprise security policy defines security requirements for security classifications. An assignment of security classifications to network areas is determined by comparing the actually allowed network flows with the flows permitted by the security policy.

Abstract translation: 用于发现网络区域的安全分类的系统和方法包括以允许比较的格式表示由安全策略允许的实际允许的网络流和流。 实际允许的网络流和安全策略在包括网络区域的网络计算环境中提供，其中每个网络区域是一个或多个计算和网络设备的集合，并且企业安全策略定义了安全分类的安全性要求。 通过将实际允许的网络流量与安全策略允许的流量进行比较来确定对网络区域的安全分类的分配。

公开(公告)号：US08122138B2

公开(公告)日：2012-02-21

申请号：US12841207

申请日：2010-07-22

Applicant: George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

Inventor： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC: G06F15/16 ,  G06F15/173 ,  G06F21/00

CPC classification number: H04L63/101 ,  G06F21/41 ,  H04L63/0807

Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

Abstract translation: 提供了一种用于促进在一个或多个属性信息提供者（AIP）处管理用户属性信息的系统，其可以根据用户选择或管理确定的选项来管理用户的属性信息，包括存储在属性发布策略中的选项 和/或在事务期间动态确定。 诸如在线银行或商家的电子商务服务提供商（ECSP）也与AIP保持关系，使得ECSP可以代表用户信任由AIP提供的用户属性信息。 用户可以在任何ECSP中完成需要用户属性信息的事务，而无需先前与该特定ECSP建立关系。 如果ECSP与用户的AIP之一有关系，则当ECSP需要用户属性信息来完成用户的交易时，用户将能够将ECSP引导到AIP。

公开(公告)号：US07853549B2

公开(公告)日：2010-12-14

申请号：US12187107

申请日：2008-08-06

Applicant: Ying Huang ,  Haiqi Liang ,  Ying Liu ,  Birgit Monika Pfitzmann ,  Jian Wang ,  Xin Zhou ,  Jun Zhu

Inventor： Ying Huang ,  Haiqi Liang ,  Ying Liu ,  Birgit Monika Pfitzmann ,  Jian Wang ,  Xin Zhou ,  Jun Zhu

IPC: G06N5/02 ,  G06N5/04 ,  G06F15/18

CPC classification number: G06Q50/18

Abstract: A method for rule compliance situation checking is provided. The method in one aspect, includes the steps of: a) building a rule model for predefined rules and building a business operational model for business processes; b) normalizing vocabularies in the rule model and the business operational model; c) checking whether the rule model is satisfied by the business operational model; and d) outputting a report on checking results. The present invention also provides a corresponding system for rule compliance checking. The rule compliance checking of the present invention allows users to perform fast and effective automatic checking of rule compliance, avoid interference of man-made factors in checking process to a great extent and thus guarantee veracity of checking results.

Abstract translation: 提供了规则合规情况检查的方法。 该方法在一个方面包括以下步骤：a）建立用于预定义规则的规则模型并为业务流程构建商业操作模型; b）规范模型和业务运营模式中的词汇正常化; c）检查商业运作模式是否满足规则模型; 和d）输出关于检查结果的报告。 本发明还提供了一种用于规则符合性检查的相应系统。 本发明的规则合规性检查允许用户对规则合规性进行快速有效的自动检查，避免人为因素在很大程度上干扰人为因素，从而保证检查结果的真实性。

公开(公告)号：US20100287291A1

公开(公告)日：2010-11-11

申请号：US12841197

申请日：2010-07-22

Applicant: George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

Inventor： George Robert Blakley, III ,  Heather Maria Hinton ,  Birgit Monika Pfitzmann

IPC: G06F15/16

CPC classification number: H04L63/101 ,  G06F21/41 ,  H04L63/0807

Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.