-
1.发明授权Method and system for automating security policy definition based on recorded transactions 有权基于记录事务自动化安全策略定义的方法和系统公开(公告)号:US08640195B2
公开(公告)日:2014-01-28
申请号:US12570293
申请日:2009-09-30
IPC分类号: G06F7/04
CPC分类号: H04L63/102
摘要: Following development of an application, the application is deployed in a pre-production environment. A user role plays against that application, typically by performing one or more operations as a particular user in a particular group. As the operator role plays, access logs are written, and these logs are then analyzed and consolidated into a set of commands that drive a policy generator. The policy generator creates an optimized security policy that it then deploys to one or more enforcement points. In this manner, the framework enables automated configuration and deployment of one or more security policies.
摘要翻译: 在开发应用程序之后,将应用程序部署在预生产环境中。 用户角色通常通过执行特定组中的特定用户的一个或多个操作来对该应用进行播放。 当操作员角色扮演时,会写入访问日志,然后将这些日志分析并整合到一组驱动策略生成器的命令中。 策略生成器创建优化的安全策略,然后将其部署到一个或多个执行点。 以这种方式,该框架能够自动配置和部署一个或多个安全策略。
-
2.发明授权Method for detecting and applying different security policies to active client requests running within secure user web sessions 有权用于检测和应用不同安全策略的方法,用于在安全用户Web会话中运行的活动客户端请求公开(公告)号:US08560712B2
公开(公告)日:2013-10-15
申请号:US13101458
申请日:2011-05-05
IPC分类号: G06F15/16
CPC分类号: H04L63/20 , G06F21/31 , G06F21/552 , H04L63/0245 , H04L63/08 , H04L63/101
摘要: A method for detecting and applying security policy to active client requests within a secure user session begins by applying a first heuristic to a plurality of requests for a particular resource to identify a pattern indicating of an active client. In one embodiment, the heuristic evaluates a frequency of requests for the particular resource across one or more secure user sessions. Later, upon receipt of a new request for the particular resource, a determination is then made whether the new request is consistent with the pattern. If so, an action is taken with respect to a secure session policy. In one embodiment, the action bypasses the secure session policy, which policy is associated with an inactivity time-out that might otherwise have been triggered upon receipt of the new request. In addition, a second heuristic may be applied to determine whether a response proposed to be returned (in response to the new request) is expected by the active client. If so, the response is returned unaltered. If, however, applying the second heuristic indicates that the response proposed to be returned is not expected by the active client, the response is modified to create a modified response, which is then returned.
摘要翻译: 用于在安全用户会话内检测和应用安全策略到主动客户端请求的方法开始于对特定资源的多个请求应用第一启发式以识别指示活动客户端的模式。 在一个实施例中,启发式对一个或多个安全用户会话的特定资源的请求频率进行评估。 之后,当接收到针对特定资源的新请求时,确定新请求是否与模式一致。 如果是这样,就采取安全会话策略。 在一个实施例中,该动作绕过安全会话策略,该策略与可能在接收到新请求时触发的不活动超时相关联。 此外,可以应用第二启发式来确定主动客户端是否期望提出要返回的响应(响应于新请求)。 如果是这样,则返回的响应不会改变。 然而,如果应用第二个启发式表示活动客户端不希望提出要返回的响应,则修改响应以创建经修改的响应,然后返回。
-
3.发明申请Method and System For Automating Security Policy Definition Based On Recorded Transactions 有权基于记录交易自动化安全策略定义的方法和系统公开(公告)号:US20110078759A1
公开(公告)日:2011-03-31
申请号:US12570293
申请日:2009-09-30
IPC分类号: H04L29/06
CPC分类号: H04L63/102
摘要: Following development of an application, the application is deployed in a pre-production environment. A user role plays against that application, typically by performing one or more operations as a particular user in a particular group. As the operator role plays, access logs are written, and these logs are then analyzed and consolidated into a set of commands that drive a policy generator. The policy generator creates an optimized security policy that it then deploys to one or more enforcement points. In this manner, the framework enables automated configuration and deployment of one or more security policies.
摘要翻译: 在开发应用程序之后,将应用程序部署在预生产环境中。 用户角色通常通过执行特定组中的特定用户的一个或多个操作来对该应用进行播放。 当操作员角色扮演时,会写入访问日志,然后将这些日志分析并整合到一组驱动策略生成器的命令中。 策略生成器创建优化的安全策略,然后将其部署到一个或多个执行点。 以这种方式,该框架能够自动配置和部署一个或多个安全策略。
-
4.发明申请Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device 有权从客户端设备提供安全动态角色选择和管理特权用户访问公开(公告)号:US20120324546A1
公开(公告)日:2012-12-20
申请号:US13593013
申请日:2012-08-23
IPC分类号: G06F21/20
CPC分类号: H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要: An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译: 提供了一种从客户端设备接收第一个角色选择的方法。 每个角色包括各种用户帐户,用于访问各种软件应用程序。 检索认证挑战。 验证挑战基于从客户端设备接收的角色选择。 认证挑战被传送到客户端设备。 从客户端设备接收到认证提交。 该认证提交被认证,并且如果认证成功,则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。 此外,记录客户端设备对软件应用的使用的审核数据。 审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。
-
5.发明申请Method for detecting and applying different security policies to active client requests running within secure user web sessions 有权用于检测和应用不同安全策略的方法,用于在安全用户Web会话中运行的活动客户端请求公开(公告)号:US20120284767A1
公开(公告)日:2012-11-08
申请号:US13101458
申请日:2011-05-05
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , G06F21/31 , G06F21/552 , H04L63/0245 , H04L63/08 , H04L63/101
摘要: A method for detecting and applying security policy to active client requests within a secure user session begins by applying a first heuristic to a plurality of requests for a particular resource to identify a pattern indicating of an active client. In one embodiment, the heuristic evaluates a frequency of requests for the particular resource across one or more secure user sessions. Later, upon receipt of a new request for the particular resource, a determination is then made whether the new request is consistent with the pattern. If so, an action is taken with respect to a secure session policy. In one embodiment, the action bypasses the secure session policy, which policy is associated with an inactivity time-out that might otherwise have been triggered upon receipt of the new request. In addition, a second heuristic may be applied to determine whether a response proposed to be returned (in response to the new request) is expected by the active client. If so, the response is returned unaltered. If, however, applying the second heuristic indicates that the response proposed to be returned is not expected by the active client, the response is modified to create a modified response, which is then returned.
摘要翻译: 用于在安全用户会话内检测和应用安全策略到主动客户端请求的方法开始于对特定资源的多个请求应用第一启发式以识别指示活动客户端的模式。 在一个实施例中,启发式对一个或多个安全用户会话的特定资源的请求频率进行评估。 之后,当接收到针对特定资源的新请求时,确定新请求是否与模式一致。 如果是这样,就采取安全会话策略。 在一个实施例中,该动作绕过安全会话策略,该策略与可能在接收到新请求时触发的不活动超时相关联。 此外,可以应用第二启发式来确定主动客户端是否期望提出要返回的响应(响应于新请求)。 如果是这样,则返回的响应不会改变。 然而,如果应用第二个启发式表示活动客户端不希望提出要返回的响应,则修改响应以创建经修改的响应,然后返回。
-
6.发明申请Providing Secure Dynamic Role Selection and Managing Privileged User Access From a Client Device 失效从客户端设备提供安全动态角色选择和管理特权用户访问公开(公告)号:US20110162046A1
公开(公告)日:2011-06-30
申请号:US12648590
申请日:2009-12-29
CPC分类号: H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要: An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译: 提供了一种从客户端设备接收第一个角色选择的方法。 每个角色包括各种用户帐户,用于访问各种软件应用程序。 检索认证挑战。 验证挑战基于从客户端设备接收的角色选择。 认证挑战被传送到客户端设备。 从客户端设备接收到认证提交。 该认证提交被认证,并且如果认证成功,则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。 此外,记录客户端设备对软件应用的使用的审核数据。 审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。
-
公开(公告)号:US08572709B2
公开(公告)日:2013-10-29
申请号:US12774082
申请日:2010-05-05
CPC分类号: H04L9/3226 , G06F21/41 , H04L9/0891 , H04L9/321
摘要: This disclosure describes a method of and system for provisioning of shared account credentials to provide authorized access to shared or delegated accounts. Preferably, an enterprise single sign-on (E-SSO) system is used to manage the shared account or control delegation of account access, and preferably the shared or delegated account credential is not exposed to the end user. The described technique enables temporary delegation of account privileges to a member of a shared role. Using the described approach, an information technology (IT) account may be shared so that a user who needs to perform a shared duty can do so in the context of a shared role and without having control over the account itself. The approach facilitates delegating the use of a single account to one of a member of the shared role.
摘要翻译: 本公开描述了用于提供共享帐户凭证以提供对共享或委托帐户的授权访问的方法和系统。 优选地,使用企业单点登录(E-SSO)系统来管理共享帐户或控制对帐户访问的委托,并且优选地,共享或委托的帐户凭证不会暴露给最终用户。 所描述的技术允许将临时委托给共享角色的成员的帐户特权。 使用所描述的方法,可以共享信息技术(IT)帐户,使得需要执行共享职责的用户在共享角色的上下文中可以这样做,而不必对帐户本身进行控制。 该方法有助于将单个帐户的使用委托给共享角色的成员之一。
-
8.发明授权Providing secure dynamic role selection and managing privileged user access from a client device 失效提供安全的动态角色选择和管理来自客户端设备的特权用户访问公开(公告)号:US08332917B2
公开(公告)日:2012-12-11
申请号:US12648590
申请日:2009-12-29
CPC分类号: H04L63/102 , G06F21/41 , H04L9/3226 , H04L9/3271 , H04L63/0815
摘要: An approach is provided that receives a first role selection from a client device. Each of the roles includes various user accounts provisioned to access various software applications. An authentication challenge is retrieved. The authentication challenge is based upon the role selection that was received from the client device. The authentication challenge is transmitted to the client device. An authentication submission is received from the client device. This authentication submission is authenticated and, if the authentication is successful, then the client device access is granted access to software applications using the provisioned user accounts that were included in the role selection. In addition, audit data of usage of the software applications by the client device is recorded. The audit data includes identification of the provisioned user accounts used to access the software applications using the role selection.
摘要翻译: 提供了一种从客户端设备接收第一个角色选择的方法。 每个角色包括各种用户帐户,用于访问各种软件应用程序。 检索认证挑战。 验证挑战基于从客户端设备接收的角色选择。 认证挑战被传送到客户端设备。 从客户端设备接收到认证提交。 该认证提交被认证,并且如果认证成功,则使用包括在角色选择中的所提供的用户帐户来授予客户端设备访问对软件应用的访问。 此外,记录客户端设备对软件应用的使用的审核数据。 审计数据包括使用角色选择识别用于访问软件应用程序的已配置用户帐户。
-
公开(公告)号:US07930255B2
公开(公告)日:2011-04-19
申请号:US12166567
申请日:2008-07-02
IPC分类号: G06Q99/00
摘要: An embodiment provides a computer implemented method for social profile assessment. The computer implemented method receives a request from a first user for an assessment, and sends questionnaires to a set of assessors for the first user. Upon receiving questionnaires from the set of assessors to form completed questionnaires, the computer implemented method generates an unadjusted social style assessment for the first user. Upon receiving a request from a second user for the social style assessment of the first user, the computer implemented method determines whether there are common assessors between the first user and the second user, and responsive to a determination that there are common assessors between the first user and the second user, generates an adjusted social style assessment for the first user, and returns the adjusted social style assessment for the first user to the second user.
摘要翻译: 一个实施例提供了用于社会概况评估的计算机实现的方法。 计算机实现的方法从第一用户接收用于评估的请求,并向第一用户的一组评估者发送问卷。 计算机实现的方法在收到一组评估员的问卷调查表后,对第一个用户产生未经调整的社会风格评估。 在从第二用户接收到用于第一用户的社会风格评估的请求时,计算机实现的方法确定在第一用户和第二用户之间是否存在共同的评估者,并且响应于确定在第一用户和第二用户之间存在公共评估者 用户和第二用户生成针对第一用户的经调整的社交风格评估,并且将针对第一用户的经调整的社交风格评估返回给第二用户。
-
公开(公告)号:US08949814B2
公开(公告)日:2015-02-03
申请号:US13531336
申请日:2012-06-22
IPC分类号: G06F9/44
摘要: An approach is provided that receives and processes a software change package. The software change package includes changes to an installed software product. Change metadata corresponding to the changes included in the software change package is also received. Support data corresponding to the software change package is also received with the support data includes evaluation data that corresponds to the software change package. The evaluation data being data that was gathered from other customer installations of an upgraded software product that previously installed the software change package. Customer configuration data items are retrieved and the customer configuration data items are analyzed along with the received change metadata and the received support data in order to generating an upgrade risk map.
摘要翻译: 提供一种接收和处理软件更改包的方法。 软件更改包包括对已安装软件产品的更改。 还收到与软件更改包中包含的更改相对应的更改元数据。 还接收与软件更改包相对应的支持数据,支持数据包括对应于软件更改包的评估数据。 评估数据是从以前安装软件更改包的升级软件产品的其他客户安装收集的数据。 检索客户配置数据项,并且与所接收的改变元数据和接收到的支持数据一起分析客户配置数据项,以生成升级风险图。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.027 秒)
