中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

16 records (took 0.019 seconds)

    Virtual disks constructed from unused distributed storage
    2.
    发明授权
    Virtual disks constructed from unused distributed storage 有权
    由未使用的分布式存储构成的虚拟磁盘

    公开(公告)号:US08775734B2

    公开(公告)日:2014-07-08

    申请号:US13297245

    申请日:2011-11-15

    Applicant: Jeffrey B. Hamblin Saurabh Gupta Justin Neddo Joseph Sherman

    Inventor: Jeffrey B. Hamblin Saurabh Gupta Justin Neddo Joseph Sherman

    IPC: G06F12/00 G06F3/06

    CPC classification number: G06F3/0631 G06F3/0608 G06F3/0617 G06F3/065 G06F3/0665

    Abstract: A virtual disk is comprised of segments of unused capacity of physical computer-readable storage media co-located with computing devices that are communicationally coupled to one another through network communications. The computing devices execute one or more of a client process, a storage process and a controller process. The controller processes manage the metadata of the virtual disk, including a virtual disk topology that defines the relationships between certain ones of the physical computer-readable storage media and a particular virtual disk. The client process provide data for storage to certain ones of the computing devices executing the storage processes, as defined by a virtual disk topology, and also read data from storage from those computing devices. The client process additionally expose the virtual disk in the same manner as any other computer-readable medium.

    Abstract translation: 虚拟磁盘由物理计算机可读存储介质的未使用容量的段组成,其与通过网络通信彼此通信地耦合的计算设备共同定位。 计算设备执行客户端进程,存储过程和控制器进程中的一个或多个。 控制器进程管理虚拟磁盘的元数据,包括定义物理计算机可读存储介质中某些与特定虚拟磁盘之间的关系的虚拟磁盘拓扑。 客户端进程提供数据以存储到由虚拟磁盘拓扑定义的执行存储过程的某些计算设备,并且还从这些计算设备读取来自存储器的数据。 客户端进程以与任何其他计算机可读介质相同的方式另外暴露虚拟磁盘。

    VIRTUAL DISKS CONSTRUCTED FROM UNUSED DISTRIBUTED STORAGE
    3.
    发明申请
    VIRTUAL DISKS CONSTRUCTED FROM UNUSED DISTRIBUTED STORAGE 有权
    虚拟磁盘由未分配的分布式存储构成

    公开(公告)号:US20130124797A1

    公开(公告)日:2013-05-16

    申请号:US13297245

    申请日:2011-11-15

    Applicant: Jeffrey B. Hamblin Saurabh Gupta Justin Neddo Joseph Sherman

    Inventor: Jeffrey B. Hamblin Saurabh Gupta Justin Neddo Joseph Sherman

    IPC: G06F12/00

    CPC classification number: G06F3/0631 G06F3/0608 G06F3/0617 G06F3/065 G06F3/0665

    Abstract: A virtual disk is comprised of segments of unused capacity of physical computer-readable storage media co-located with computing devices that are communicationally coupled to one another through network communications. The computing devices execute one or more of a client process, a storage process and a controller process. The controller processes manage the metadata of the virtual disk, including a virtual disk topology that defines the relationships between certain ones of the physical computer-readable storage media and a particular virtual disk. The client process provide data for storage to certain ones of the computing devices executing the storage processes, as defined by a virtual disk topology, and also read data from storage from those computing devices. The client process additionally expose the virtual disk in the same manner as any other computer-readable medium.

    Abstract translation: 虚拟磁盘由物理计算机可读存储介质的未使用容量的段组成,其与通过网络通信彼此通信地耦合的计算设备共同定位。 计算设备执行客户端进程,存储过程和控制器进程中的一个或多个。 控制器进程管理虚拟磁盘的元数据,包括定义物理计算机可读存储介质中某些与特定虚拟磁盘之间的关系的虚拟磁盘拓扑。 客户端进程提供数据以存储到由虚拟磁盘拓扑定义的执行存储过程的某些计算设备,并且还从这些计算设备读取来自存储器的数据。 客户端进程以与任何其他计算机可读介质相同的方式另外暴露虚拟磁盘。

    INTEGRATING SECURITY PROTECTION TOOLS WITH COMPUTER DEVICE INTEGRITY AND PRIVACY POLICY
    4.
    发明申请
    INTEGRATING SECURITY PROTECTION TOOLS WITH COMPUTER DEVICE INTEGRITY AND PRIVACY POLICY 有权
    集成安全保护工具与计算机设备完整性和隐私政策

    公开(公告)号:US20120102577A1

    公开(公告)日:2012-04-26

    申请号:US13341855

    申请日:2011-12-30

    Applicant: Thekkthalackal Varugis Kurien Jeffrey B. Hamblin Narasimha Rao Nagampalli Peter T. Brundrett Scott Field

    Inventor: Thekkthalackal Varugis Kurien Jeffrey B. Hamblin Narasimha Rao Nagampalli Peter T. Brundrett Scott Field

    IPC: G06F21/24

    CPC classification number: G06F21/50 G06F21/51 G06F21/53

    Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

    Abstract translation: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

    AUDITING ACCESS TO DATA BASED ON RESOURCE PROPERTIES
    5.
    发明申请
    AUDITING ACCESS TO DATA BASED ON RESOURCE PROPERTIES 审中-公开
    基于资源特性的数据访问

    公开(公告)号:US20110239293A1

    公开(公告)日:2011-09-29

    申请号:US12730241

    申请日:2010-03-24

    Applicant: Raja Pazhanivel Perumal Nir Ben-Zvi Anders Samuelsson Jeffrey B. Hamblin Ran Kalach Ziquan Li Matthias H. Wollnik Clyde Law

    Inventor: Raja Pazhanivel Perumal Nir Ben-Zvi Anders Samuelsson Jeffrey B. Hamblin Ran Kalach Ziquan Li Matthias H. Wollnik Clyde Law

    IPC: G06F21/00

    CPC classification number: G06F21/552

    Abstract: Described is a technology, such as implemented in an operating system security system, by which a resource's metadata (e.g., including data properties) is evaluated against an audit rule or audit rules associated with that resource (e.g., object). The audit rule may be associated with all such resources corresponding to a resource manager, and/or by a resource-specific audit rule. When a resource is accessed, each audit rule is processed against the metadata to determine whether to generate an audit event for that rule. The audit rule may be in the form of one or more conditional expressions. Audit events may be maintained and queried to obtain audit information for various usage scenarios.

    Abstract translation: 描述了一种诸如在操作系统安全系统中实现的技术,通过该技术,资源的元数据(例如,包括数据属性)针对与该资源(例如,对象)相关联的审计规则或审计规则进行评估。 审计规则可以与对应于资源管理器的所有这样的资源和/或资源特定的审计规则相关联。 访问资源时,会根据元数据对每个审核规则进行处理,以确定是否为该规则生成审核事件。 审计规则可以是一个或多个条件表达式的形式。 可以维护和查询审计事件以获取各种使用场景的审计信息。

    Integrating security protection tools with computer device integrity and privacy policy
    7.
    发明授权
    Integrating security protection tools with computer device integrity and privacy policy 有权
    将安全保护工具与计算机设备完整性和隐私政策集成

    公开(公告)号:US08117441B2

    公开(公告)日:2012-02-14

    申请号:US11472052

    申请日:2006-06-20

    Applicant: Thekkthalackal Varugis Kurien Jeffrey B Hamblin Narasimha Rao Nagampalli Peter T Brundrett Scott Field

    Inventor: Thekkthalackal Varugis Kurien Jeffrey B Hamblin Narasimha Rao Nagampalli Peter T Brundrett Scott Field

    IPC: H04L29/00 H04L29/06

    CPC classification number: G06F21/50 G06F21/51 G06F21/53

    Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

    Abstract translation: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

    CREDENTIAL-BASED ACCESS TO DATA
    8.
    发明申请
    CREDENTIAL-BASED ACCESS TO DATA 审中-公开
    基于资料的数据访问

    公开(公告)号:US20110231940A1

    公开(公告)日:2011-09-22

    申请号:US12727763

    申请日:2010-03-19

    Applicant: Raja Pazhanivel Perumal Jeffrey B. Hamblin

    Inventor: Raja Pazhanivel Perumal Jeffrey B. Hamblin

    IPC: G06F21/24 G06F17/30

    CPC classification number: G06F21/335 G06F2221/2103 G06F2221/2143 G06F2221/2145 H04L63/101

    Abstract: Existing mechanisms that control access to data based upon whether the user seeking to access the data is identified among the users that are allowed to access the data, can be extended to further control access based upon the provision of credential data by the user, or processes associated therewith. Access control entries can limit access based upon Boolean conditionals, including those referencing credential data, such that access can be granted only to specific users that provide the credential data or, alternatively, to any user that provides it. The referenced credential data can be specified in the access control information in an obfuscated form for security purposes. Information associated with the user, such as a user token, can be temporarily updated to include credential data when provided by the user, so as to enable access to the data but to prevent such access from remaining open too long.

    Abstract translation: 可以根据用户访问数据的用户是否识别访问数据的现有机制,可以扩展为进一步控制访问,这是基于用户提供的凭据数据或处理 相关联。 访问控制条目可以基于布尔条件(包括引用凭证数据的那些)来限制访问,使得仅可以向提供证书数据的特定用户授予访问权,或者替代地,授予提供证书数据的任何用户的访问。 为了安全起见,引用的凭证数据可以以混淆形式在访问控制信息中指定。 与用户相关联的信息(例如用户令牌)可以被临时更新,以在由用户提供时包括凭证数据,以便能够访问数据,但是防止这种访问保持打开太久。

    Providing user on computer operating system with full privileges token and limited privileges token
    9.
    发明授权
    Providing user on computer operating system with full privileges token and limited privileges token 有权
    在计算机操作系统上为用户提供完全权限令牌和有限权限令牌

    公开(公告)号:US07636851B2

    公开(公告)日:2009-12-22

    申请号:US11171744

    申请日:2005-06-30

    Applicant: Jeffrey B. Hamblin Jonathan Schwartz Kedarnath A. Dubhashi Klaus U. Schutz Peter T. Brundrett Richard B. Ward Thomas C. Jones

    Inventor: Jeffrey B. Hamblin Jonathan Schwartz Kedarnath A. Dubhashi Klaus U. Schutz Peter T. Brundrett Richard B. Ward Thomas C. Jones

    IPC: G06F21/00

    CPC classification number: G06F21/62 G06F2221/2145 G06F2221/2149

    Abstract: An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.

    Abstract translation: 用于计算设备的操作系统具有用于用户的第一会话,所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。 第一权限令牌在操作系统上基本上包括用户的一整套特权。 操作系统还具有用户的第二会话,其包括具有附加到其的第二权限令牌的第二基本进程。 第二个权限令牌是从第一个权限令牌导出的,并且仅包含操作系统上用户的一组最小权限。 因此,第二个有限令牌不具有与第一个完整令牌相关联的所有权限,而是具有一组有限的权限,而不是可以用于采取有害,欺骗性或恶意行为的额外权限。

    System and methods for providing dynamic authorization in a computer system
    10.
    发明授权
    System and methods for providing dynamic authorization in a computer system 有权
    在计算机系统中提供动态授权的系统和方法

    公开(公告)号:US07434257B2

    公开(公告)日:2008-10-07

    申请号:US09849093

    申请日:2001-05-04

    Applicant: Praerit Garg Robert P. Reichel Richard B. Ward Kedarnath A. Dubhashi Jeffrey B. Hamblin Anne C. Hopkins

    Inventor: Praerit Garg Robert P. Reichel Richard B. Ward Kedarnath A. Dubhashi Jeffrey B. Hamblin Anne C. Hopkins

    IPC: G06F21/00

    CPC classification number: G06F21/6218 G06F9/4488 Y10S707/99939

    Abstract: A dynamic authorization callback mechanism is provided that implements a dynamic authorization model. An application can thus implement virtually any authorization policy by utilizing dynamic data and flexible policy algorithms inherent in the dynamic authorization model. Dynamic data, such as client operation parameter values, client attributes stored in a time-varying or updateable data store, run-time or environmental factors such as time-of-day, and any other static or dynamic data that is managed or retrievable by the application may be evaluated in connection with access control decisions. Hence, applications may define and implement business rules that can be expressed in terms of run-time operations and dynamic data. An application thus has substantial flexibility in defining and implementing custom authorization policy, and at the same time provides standard definitions for such dynamic data and policy.

    Abstract translation: 提供了实现动态授权模型的动态授权回调机制。 因此,应用程序可以通过利用动态授权模型中固有的动态数据和灵活的策略算法实现任何授权策略。 动态数据,例如客户端操作参数值,存储在时变或可更新数据存储中的客户端属性,运行时间或环境因素(例如时间)以及任何其他静态或动态数据,由 可以结合访问控制决定来评估应用。 因此,应用程序可以定义和实现可以根据运行时操作和动态数据来表达的业务规则。 因此,应用程序在定义和实施自定义授权策略方面具有很大的灵活性,同时为此类动态数据和策略提供了标准定义。

Patent Agency Ranking