公开(公告)号：US08181225B2

公开(公告)日：2012-05-15

申请号：US12481007

申请日：2009-06-09

申请人： Heather Maria Hinton ,  Anthony Scott Moran ,  Dolapo Martin Falola ,  Ivan Matthew Milman ,  Patrick Ryan Wardrop

发明人： Heather Maria Hinton ,  Anthony Scott Moran ,  Dolapo Martin Falola ,  Ivan Matthew Milman ,  Patrick Ryan Wardrop

IPC分类号： G06F7/04

CPC分类号： H04L63/0815 ,  H04L67/30

摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.

摘要翻译： 本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。 多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。 在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。 请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。 在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

公开(公告)号：US5862323A

公开(公告)日：1999-01-19

申请号：US557754

申请日：1995-11-13

申请人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

发明人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

IPC分类号： G06F12/14 ,  G06F1/00 ,  G06F13/00 ,  G06F13/42 ,  G06F15/16 ,  G06F15/177 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06F21/31 ,  G06F21/46

摘要： A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network system server includes a security server, which is coupled to the main data store, a plurality of clients, which is coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, a password synchronization server, which is coupled to security server and the plurality of secondary data stores, and a password repository, which is coupled to the password synchronization server, that stores the passwords. One of the secondary data stores can retrieve the passwords via the password synchronization server so that each client is able to maintain a single, unique password among the plurality of secondary data stores. Password retrieval is instigated by at least one of the plurality of secondary data stores regardless of the current password status of the secondary data stores.

摘要翻译： 公开了一种在主数据存储和多个辅助数据存储之间提供密码同步的网络系统服务器。 网络系统服务器包括耦合到主数据存储的安全服务器，多个客户端，其耦合到安全服务器以访问主数据存储，其中每个客户端维护唯一的可修改密码，密码同步服务器 ，其耦合到安全服务器和多个辅助数据存储，以及耦合到密码同步服务器的密码存储库，其存储密码。 辅助数据存储中的一个可以通过密码同步服务器检索密码，以便每个客户端能够在多个辅助数据存储之间维护一个唯一的密码。 密码检索是由多个辅助数据存储器中的至少一个引起的，而不管辅助数据存储器的当前密码状态如何。

公开(公告)号：US5832211A

公开(公告)日：1998-11-03

申请号：US557755

申请日：1995-11-13

申请人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

发明人： George Robert Blakley, III ,  Ivan Matthew Milman ,  Wayne Dube Sigler

IPC分类号： G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F13/00 ,  G06F21/00 ,  G06F21/20 ,  G06F21/24 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06F21/31 ,  G06F21/46

摘要： A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network server further includes a security server, which is coupled to the main data store, a plurality of clients, coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, and a password synchronization server, coupled to the security server and the plurality of secondary data stores, that provides password propagation synchronization to each of the secondary data stores from a user associated with one of the plurality of clients so that user is able to maintain a single, unique password among plurality of secondary data stores. The password propagation is imposed on the plurality of secondary data stores regardless of the current password status of the secondary data stores.

摘要翻译： 公开了一种在主数据存储和多个辅助数据存储之间提供密码同步的网络系统服务器。 网络服务器还包括耦合到主数据存储的安全服务器，耦合到安全服务器的多个客户端，用于访问主数据存储，其中每个客户端维护唯一的可修改的密码和密码同步服务器， 耦合到安全服务器和多个辅助数据存储，其从与多个客户端中的一个客户端相关联的用户提供与每个次要数据存储的密码传播同步，使得用户能够在多个客户端之间维护单个唯一密码 的次要数据存储。 密码传播被施加在多个辅助数据存储上，而不管辅助数据存储器的当前密码状态如何。

公开(公告)号：US08443189B2

公开(公告)日：2013-05-14

申请号：US12257878

申请日：2008-10-24

申请人： Chung-Sheng Li ,  Ivan Matthew Milman ,  Guenter Anton Sauter ,  Harald Clyde Smith ,  Charles Daniel Wolfson

发明人： Chung-Sheng Li ,  Ivan Matthew Milman ,  Guenter Anton Sauter ,  Harald Clyde Smith ,  Charles Daniel Wolfson

IPC分类号： H04L29/06 ,  G06F7/04

CPC分类号： G06F21/577

摘要： An approach is provided for selecting one or more trust factors from trust factors included in a trust index repository. Thresholds are identified corresponding to one or more of the selected trust factors. Actions are identified to perform when the selected trust factors reach the corresponding threshold values. The identified thresholds, identified actions, and selected trust factors are stored in a data store. The selected trust factors are monitored by comparing one or more trust metadata scores with the stored identified thresholds. The stored identified actions that correspond to the selected trust factors are performed when one or more of the trust metadata scores reach the identified thresholds. At least one of the actions includes an event notification that is provided to a trust data consumer.

摘要翻译： 提供了一种用于从包括在信任指数存储库中的信任因子中选择一个或多个信任因子的方法。 对应于一个或多个所选择的信任因子来识别阈值。 当所选择的信任因素达到相应的阈值时，确定动作被执行。 所识别的阈值，识别的动作和所选择的信任因子被存储在数据存储器中。 通过将一个或多个信任元数据分数与存储的已确定的阈值相比较来监视所选择的信任因子。 当信任元数据分数中的一个或多个达到所识别的阈值时，执行对应于所选信任因子的所存储的已识别动作。 至少一个动作包括提供给信任数据消费者的事件通知。

公开(公告)号：US08290960B2

公开(公告)日：2012-10-16

申请号：US12257866

申请日：2008-10-24

申请人： Chung-Sheng Li ,  Ivan Matthew Milman ,  Guenter Anton Sauter ,  Harald Clyde Smith ,  Charles Daniel Wolfson

发明人： Chung-Sheng Li ,  Ivan Matthew Milman ,  Guenter Anton Sauter ,  Harald Clyde Smith ,  Charles Daniel Wolfson

IPC分类号： G06F7/00

CPC分类号： G06Q30/00 ,  G06Q30/018

摘要： An approach is provided for selecting a trust factor from trust factors that are included in a trust index repository. A trust metaphor is associated with the selected trust factor. The trust metaphor includes various context values. Range values are received and the trust metaphor, context values, and range values are associated with the selected trust factor. A request is received from a data consumer, the request corresponding to a trust factor metadata score that is associated with the selected trust factor. The trust factor metadata score is retrieved and matched with the range values. The matching results in one of the context values being selected based on the retrieved trust factor metadata score. The selected context value is then provided to the data consumer.

摘要翻译： 提供了一种用于从信任因子中包含的信任因子中选择信任因子的方法。 信任隐喻与选定的信任因子相关联。 信任隐喻包括各种上下文值。 收到范围值，信任隐喻，上下文值和范围值与选定的信任因子相关联。 从数据使用者接收到与所选择的信任因子相关联的信任因素元数据得分的请求。 检索信任因子元数据得分并与范围值匹配。 匹配结果基于检索的信任因素元数据得分选择上下文值之一。 然后将选定的上下文值提供给数据消费者。

公开(公告)号：US08108330B2

公开(公告)日：2012-01-31

申请号：US12257894

申请日：2008-10-24

申请人： Chung-Sheng Li ,  Ivan Matthew Milman ,  Guenter Anton Sauter ,  Harald Clyde Smith ,  Charles Daniel Wolfson

发明人： Chung-Sheng Li ,  Ivan Matthew Milman ,  Guenter Anton Sauter ,  Harald Clyde Smith ,  Charles Daniel Wolfson

IPC分类号： G06F17/00

CPC分类号： G06Q10/10 ,  G06Q10/06 ,  G06Q10/0635 ,  G06Q30/018 ,  G06Q30/0282

摘要： An approach is provided in which atomic trust scores are computed using a atomic trust factors that are applied to a plurality of metadata. A first set of composite trust scores are computed using some of the atomic trust scores. The composite trust scores are computed using a first set of algorithms. Some of the algorithms use a factor weighting value as input to the algorithm. A second plurality of composite trust scores is computed using some of the composite trust scores that were included in the first set of scores as input. A fact and one of the second set of composite trust scores are presented to a user. The presented composite trust score provides a trustworthiness value that corresponds to the presented fact.

摘要翻译： 提供了一种方法，其中使用应用于多个元数据的原子信任因子来计算原子信任评分。 使用一些原子信任分数计算第一组复合信任评分。 使用第一组算法计算复合信任评分。 一些算法使用因子加权值作为算法的输入。 使用包含在第一组分数中的一些复合信任评分作为输入来计算第二组复合信任评分。 向用户呈现事实和第二组复合信任评分之一。 所提出的复合信任分数提供对应于所呈现的事实的可信赖度值。

公开(公告)号：US20110112974A1

公开(公告)日：2011-05-12

申请号：US12616330

申请日：2009-11-11

申请人： Heather Maria Hinton ,  Ivan Matthew Milman

发明人： Heather Maria Hinton ,  Ivan Matthew Milman

IPC分类号： G06Q10/00 ,  G06F15/177

CPC分类号： G06Q10/06 ,  G06Q10/06393 ,  G06Q30/018

摘要： A multi-component auditing environment uses a set of log-enabled components that are capable of being triggered during an information flow in a data processing system. A “master”, compliance component receives data from each log-enabled component in the set of log-enabled components, the data indicating a set of logging properties that are associated with or provided by that log-enabled component. The master compliance component determines, for a given compliance policy, which of a set of one or more events are required from one or more of the individual log-enabled components in the set of log-enabled components. As a result of the determining step, the master compliance component then configures one of more of the individual log-enabled components, e.g. by generating one or more configuration events that are then sent to the one or more individual components. This configuration may take place remotely, i.e., over a network connection. As a result of the information flow, audit or other logs are then collected from the log-enabled components. The master compliance component evaluates the collected logs to determine compliance with the compliance policy. As necessary, the master compliance component re-configures one or more log-enabled components in the set of log-enabled components to address any compliance issues arising from the evaluation. Thus, once a given compliance policy is specified, typically the individual log-enabled components in the multiple-component environment are not responsible for their own configuration, as that task is undertaken by the master compliance component.

摘要翻译： 多组件审计环境使用能够在数据处理系统中的信息流中触发的一组启用日志的组件。 “主”合规性组件从启用日志的组件集中的每个启用日志的组件接收数据，该数据指示与该启用日志的组件相关联或由该启用日志的组件提供的一组日志记录属性。 对于给定的合规性策略，主合规性组件确定了一组启用日志的组件中的一个或多个启用日志的组件中需要哪一个或多个事件中的哪一个。 作为确定步骤的结果，主合规性组件然后配置多个单独的启用日志的组件中的一个，例如， 通过生成一个或多个配置事件，然后将其发送到一个或多个单独组件。 这种配置可以远程进行，即通过网络连接进行。 作为信息流的结果，然后从启用日志的组件中收集审核或其他日志。 主合规性组件评估收集的日志以确定是否符合合规性策略。 根据需要，主合规性组件会重新配置一组启用日志的组件中的一个或多个启用日志的组件，以解决评估引起的任何合规性问题。 因此，一旦指定了规定的合规性策略，通常，多组件环境中的单个启用日志的组件对其自己的配置不负任何责任，因为该任务由主合规性组件承担。

公开(公告)号：US07562382B2

公开(公告)日：2009-07-14

申请号：US11014553

申请日：2004-12-16

申请人： Heather Maria Hinton ,  Anthony Scott Moran ,  Dolapo Martin Falola ,  Ivan Matthew Milman ,  Patrick Ryan Wardrop

发明人： Heather Maria Hinton ,  Anthony Scott Moran ,  Dolapo Martin Falola ,  Ivan Matthew Milman ,  Patrick Ryan Wardrop

IPC分类号： G06F7/04

CPC分类号： H04L63/0815 ,  H04L67/30

摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requesters is configured prior to initialization of the runtimes. Configuration data is structured into global specified data, federation relationship data and requestor specific data to minimize data change, making the addition or deletion of requestors very scalable.

摘要翻译： 本发明通过一组专用的运行时提供数据处理系统内的联合功能。 多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。 在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系专门化。 请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。 在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。 配置数据被构造为全局指定数据，联合关系数据和请求者特定数据，以最小化数据更改，使添加或删除请求者非常可扩展。

公开(公告)号：US07039714B1

公开(公告)日：2006-05-02

申请号：US09487187

申请日：2000-01-19

申请人： George R. Blakley III ,  Gregory Scott Clark ,  Ivan Matthew Milman ,  Brian Turner

发明人： George R. Blakley III ,  Gregory Scott Clark ,  Ivan Matthew Milman ,  Brian Turner

IPC分类号： G06F15/16

CPC分类号： H04L63/0815 ,  H04L67/02 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1017

摘要： An enterprise computing environment such as a corporate web portal includes an intermediary server, a sign on service, and one or more backend enterprise systems managed by resource managers. Before or after user primary logon, which establishes a user primary account identity, the intermediary server uses its own identity to authenticate to the sign on service its right to retrieve user secondary account identities with respect to the backend enterprise systems. Retrieved secondary account identities are then used by the intermediary server to perform user secondary logons to respective resource managers in the environment. The intermediary server also manages the passing of resource requests and associated replies between the user and the resource managers.

摘要翻译： 诸如企业网络门户的企业计算环境包括中间服务器，登录服务以及由资源管理器管理的一个或多个后端企业系统。 在建立用户主帐户身份的用户主登录之前或之后，中间服务器使用其自己的身份对登录服务进行身份验证，以获取相对于后端企业系统的用户二级帐户身份的权利。 检索的次级帐户身份然后由中间服务器用于对环境中的相应资源管理器执行用户二级登录。 中间服务器还管理资源请求的传递和用户与资源管理器之间的相关回复。

公开(公告)号：US06651168B1

公开(公告)日：2003-11-18

申请号：US09240492

申请日：1999-01-29

申请人： I-Lung Kao ,  Ivan Matthew Milman ,  David J. Schneider ,  Ronald Gene Willard

发明人： I-Lung Kao ,  Ivan Matthew Milman ,  David J. Schneider ,  Ronald Gene Willard

IPC分类号： H04L930

CPC分类号： G06F21/41 ,  G06F21/32 ,  G06F21/34

摘要： An authentication framework subsystem enables a computer system to authenticate a user with a selected one of a plurality of authentication processes. Each of the authentication processes has a distinct sequence of steps and a unique input/output (I/O) interface for exchanging authentication information with the computer system. The invention includes an authentication framework in the computer system. An application program interface in the authentication framework provides an interface to an I/O component, such as a graphical user interface (GUI), of the computer system. A plurality of authentication modules interface with the framework. Each module has a conversation function driver defining a programmed sequence of steps to authenticate a user with a distinct authentication process. A conversation function in the application program interface, defines a programmed sequence of steps for controlling the I/O component in response to generic instructions that have the same format but different sequences for each of the authentication modules.

摘要翻译： 认证框架子系统使得计算机系统能够使用多个认证过程中所选择的一个进行认证。 每个认证过程具有不同的步骤顺序和用于与计算机系统交换认证信息的唯一输入/输出（I / O）接口。 本发明在计算机系统中包括认证框架。 认证框架中的应用程序接口提供与计算机系统的I / O组件（例如图形用户界面（GUI））的接口。 多个认证模块与框架接口。 每个模块都有一个会话功能驱动程序，定义了一个编程的步骤顺序，以便用户使用不同的身份验证过程进行身份验证。 应用程序接口中的会话功能定义了响应于对于每个认证模块具有相同格式但不同序列的通用指令来控制I / O组件的编程步骤序列。