公开(公告)号：US20080016554A1

公开(公告)日：2008-01-17

申请号：US11787707

申请日：2007-04-16

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: H04L9/32

CPC classification number: G06F21/60 ,  G06Q10/06

Abstract: A computer-implemented method for executing a workflow is described, wherein the workflow comprises a set of individual activities, the method comprising the operations of deriving a global workflow access type and receiving a request to execute a workflow. Execution of access control based on the global workflow access type is performed. If access is allowable, the user is authorised to execute all activities belonging to the workflow. If access is not allowable, the user is rejected before executing the workflow.

Abstract translation: 描述了用于执行工作流程的计算机实现的方法，其中所述工作流包括一组单独的活动，所述方法包括导出全局工作流访问类型和接收执行工作流的请求的操作。 执行基于全局工作流访问类型的访问控制。 如果允许访问，则用户被授权执行属于该工作流的所有活动。 如果不允许访问，则在执行工作流程之前，用户被拒绝。

公开(公告)号：US08453199B2

公开(公告)日：2013-05-28

申请号：US12051580

申请日：2008-03-19

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: H04L29/06

CPC classification number: G06F21/6218 ,  G06Q10/06

Abstract: There is provided a computer-implemented method, computer-program product, system and security index structure for a security enforcement strategy for a composite application. The method comprises providing a workflow for the composite application, wherein the composite application is constructed from a set of sub-applications and wherein at least a plurality of the sub-applications has a policy. A consolidated workflow policy is generated for the workflow by combining the policies of the sub-applications and by taking into account a control flow of the workflow, wherein the control flow provides an order in which the set of sub-applications are performed. The consolidated workflow policy is enforced by providing a security index structure for the consolidated workflow policy adapted for checking authorization in the workflow.

Abstract translation: 为组合应用程序的安全执行策略提供了计算机实现的方法，计算机程序产品，系统和安全索引结构。 该方法包括提供组合应用程序的工作流程，其中复合应用程序由一组子应用程序构成，其中至少多个子应用程序具有策略。 通过组合子应用程序的策略并考虑工作流的控制流，为工作流生成合并的工作流策略，其中控制流提供执行子应用程序集的顺序。 通过为适用于检查工作流程中的授权的统一工作流策略提供安全索引结构来强化整合工作流策略。

公开(公告)号：US08001378B2

公开(公告)日：2011-08-16

申请号：US11804696

申请日：2007-05-18

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: H04L9/32

CPC classification number: H04L63/045 ,  G06F21/52 ,  G06Q20/382 ,  H04L9/004 ,  H04L9/0825 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/80

Abstract: The present description refers to a method for protecting data of a mobile agent (MA) from a first server (A) which are intended for at least one second server (B) within a network system against an attack and an unauthorized access, wherein the first server (A) as well as the at least one second server (B) have a pair of a public key (KA, KB) and a private key (PKA, PKB) associated therewith, respectively, the method comprising, starting from the first server, at least the steps of choosing an unique number (r0) and assigning it to the mobile agent (MA), choosing a secret symmetric key (SKo) and assigning it to the data (mB) to be protected, encoding the secret key (SKo) with the public key (KB) of the second server (B), encrypting the secret key (SKo) and the public key (KA) of the first server via a cryptographic wrapping function (h), thus forming a data authentication code (h(KA, SKo)), encoding the data (mB) with the secret key (SKo), and combining the unique number (r0), the encoded data ({mB}SKo) and the data authentication code (h (KA, SKo)) and encoding that combination with the private key (PKA) of the first server (A), thus forming a nested structure to be decoded successively for access to the data (mB).

Abstract translation: 本描述涉及一种用于保护来自第一服务器（A）的移动代理（MA）的数据的方法，所述第一服务器（A）旨在针对网络系统内的至少一个第二服务器（B）针对攻击和未经授权的访问，其中， 第一服务器（A）以及所述至少一个第二服务器（B）分别具有与其相关联的一对公钥（KA，KB）和私钥（PKA，PKB），所述方法包括：从 第一服务器，至少选择唯一号码（r0）并将其分配给移动代理（MA）的步骤，选择秘密对称密钥（SKo）并将其分配给要保护的数据（mB），对密码进行编码 密钥（SKo）与第二服务器（B）的公开密钥（KB），通过密码包装功能（h）加密第一服务器的秘密密钥（SKo）和公开密钥（KA），从而形成数据 认证码（h（KA，SKo）），用秘密密钥（SKo）对数据（mB）进行编码，并组合唯一号码（r0），enc （kB，SKo））和数据认证码（h（KA，SKo）），并与第一服务器（A）的私钥（PKA）的组合进行编码，从而形成嵌套结构，以连续解码 访问数据（mB）。

公开(公告)号：US20080282318A1

公开(公告)日：2008-11-13

申请号：US12051580

申请日：2008-03-19

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: G06F21/00 ,  G06F9/46

CPC classification number: G06F21/6218 ,  G06Q10/06

Abstract: There is provided a computer-implemented method, computer-program product, system and security index structure for a security enforcement strategy for a composite application. The method comprises providing a workflow for the composite application, wherein the composite application is constructed from a set of sub-applications and wherein at least a plurality of the sub-applications has a policy. A consolidated workflow policy is generated for the workflow by combining the policies of the sub-applications and by taking into account a control flow of the workflow, wherein the control flow provides an order in which the set of sub-applications are performed. The consolidated workflow policy is enforced by providing a security index structure for the consolidated workflow policy adapted for checking authorization in the workflow.

Abstract translation: 为组合应用程序的安全执行策略提供了计算机实现的方法，计算机程序产品，系统和安全索引结构。 该方法包括提供组合应用程序的工作流程，其中复合应用程序由一组子应用程序构成，其中至少多个子应用程序具有策略。 通过组合子应用程序的策略并考虑工作流的控制流，为工作流生成合并的工作流策略，其中控制流提供执行子应用程序集的顺序。 通过为适用于检查工作流程中的授权的统一工作流策略提供安全索引结构来强化整合工作流策略。

公开(公告)号：US07778931B2

公开(公告)日：2010-08-17

申请号：US11804648

申请日：2007-05-18

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: G06F21/00 ,  G06F11/30 ,  H04L9/32

CPC classification number: G06Q20/382 ,  H04L9/3236 ,  H04L2209/84

Abstract: The present description refers to a method for securing processing of an order by a mobile agent from a first server (So) within a network system with a plurality of servers (So, S1, . . . ,Sn), at least a number of which the mobile agent has to pass according to an appropriate succession, wherein each of the plurality of servers has a pair of a public key (KSo, . . . ,KSi, . . . , KSn) and a private key (PKSo, . . . ,PKSi, . . . , PKSn) associated therewith, respectively, the method comprising, starting from any one of the number of servers the mobile agent has to pass, called herein the i'th server at least the steps of receiving the mobile agent which has been prepared by the first server by choosing a unique number (r0) and assigning it to the mobile agent, encoding the chosen unique number (r0) with the private key (PKSo) of the first server (So), thus forming an agent specific initialisation number (Co) as basis for a sequence of checksums (Co, . . . ,Ci, . . . ,Cn) to be computed successively by the number of servers (So, S1, . . ., Sn), sending the mobile agent together with its initialisation number (Co) on its route through the network system for processing the order passing thereby the number of servers (So, S1, . . . ,Sn) successively, and initiating each server (S1, . . . ,Sn) from which the mobile agent intends to take data with it when passing that server to encode the initialisation number (Co) together with the data with the respective server's private key (PKS1, . . . ,PKSi, . . . , PKSn) and to compute therewith a new server specific checksum (C1, . . . ,Ci, . . . ,Cn) using the public key (KSo) of the first server (So) and the checksum (Co, . . . ,Ci, . . . ,Cn−1) computed by the server (So, . . . ,Sn−1) right before in the succession.

公开(公告)号：US07386785B2

公开(公告)日：2008-06-10

申请号：US10929255

申请日：2004-08-30

Applicant: Cédric S. P. Ulmer ,  Pascal T. C. Spadone ,  Cédric R. J. Hébert ,  Laurent Y. Gomez ,  Maarten E. Rits

Inventor： Cédric S. P. Ulmer ,  Pascal T. C. Spadone ,  Cédric R. J. Hébert ,  Laurent Y. Gomez ,  Maarten E. Rits

IPC: G06F17/00

CPC classification number: G06Q10/10 ,  Y10S715/963

Abstract: A method for automatically filling an electronic timesheet includes extracting one or more calendar entries from an electronic calendar and matching each calendar entry of the one or more calendar entries to a corresponding project of a list of projects. An electronic timesheet is then filled based on each calendar entry matched with the corresponding project.

Abstract translation: 一种用于自动填充电子时间表的方法包括从电子日历提取一个或多个日历条目，并将一个或多个日历条目的每个日历条目与项目列表的相应项目相匹配。 然后根据与相应项目匹配的每个日历条目填写电子时间表。

公开(公告)号：US09021550B2

公开(公告)日：2015-04-28

申请号：US11787707

申请日：2007-04-16

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: G06F21/60 ,  G06Q10/06

CPC classification number: G06F21/60 ,  G06Q10/06

Abstract: A computer-implemented method for executing a workflow is described, wherein the workflow comprises a set of individual activities, the method comprising the operations of deriving a global workflow access type and receiving a request to execute a workflow. Execution of access control based on the global workflow access type is performed. If access is allowable, the user is authorized to execute all activities belonging to the workflow. If access is not allowable, the user is rejected before executing the workflow.

Abstract translation: 描述了用于执行工作流程的计算机实现的方法，其中所述工作流包括一组单独的活动，所述方法包括导出全局工作流访问类型和接收执行工作流的请求的操作。 执行基于全局工作流访问类型的访问控制。 如果允许访问，则用户被授权执行属于该工作流的所有活动。 如果不允许访问，则在执行工作流程之前，用户被拒绝。

公开(公告)号：US07827606B2

公开(公告)日：2010-11-02

申请号：US11284458

申请日：2005-11-21

Applicant: Maarten E. Rits ,  Benjamin De Boe

Inventor： Maarten E. Rits ,  Benjamin De Boe

IPC: G06F12/14

CPC classification number: G06F21/629

Abstract: Systems and methods for reverse engineering access control include determining a set of potential access control target methods, functions and/or subroutines that may be used in software applications. A software application is then analyzed to determine if the access control targets are present in the software application. If an access control target is used by the software application, then the access control policy for the target is analyzed to determine the roles, privileges, or rights that are necessary to successfully execute the access control target. A report is then generated that provides information about the access control policy elements actually used by the software application.

Abstract translation: 用于逆向工程访问控制的系统和方法包括确定可在软件应用中使用的一组潜在访问控制目标方法，功能和/或子程序。 然后分析软件应用程序以确定软件应用程序中是否存在访问控制目标。 如果软件应用程序使用访问控制目标，则分析目标的访问控制策略，以确定成功执行访问控制目标所必需的角色，权限或权限。 然后生成一个报告，提供有关软件应用程序实际使用的访问控制策略元素的信息。

公开(公告)号：US08744892B2

公开(公告)日：2014-06-03

申请号：US11356531

申请日：2006-02-17

Applicant: Yevgen Reznichenko ,  Maarten E. Rits ,  Jochen Haller ,  Pascal T. C. Spadone ,  Cedric R. J. Hebert

Inventor： Yevgen Reznichenko ,  Maarten E. Rits ,  Jochen Haller ,  Pascal T. C. Spadone ,  Cedric R. J. Hebert

IPC: G06Q10/10

CPC classification number: G06Q10/06 ,  G06Q10/0633 ,  G06Q10/10

Abstract: A method and system to control an interaction of a plurality of participants in a workflow process. The method classifies the plurality of activities as (1) first activity of the workflow process, (2) first activity of a participant in an on-going workflow process, and (3) interaction activity. A set of access control policies is generated for each type of activity. The policies include workflow initialization policy, participation policy and interaction policies. The policies determine if a requesting participant is permitted to interact with a responding participant. In addition, the system includes a policy enforcement point for receiving a request from a requesting participant, wherein the request is for activating an activity of a responding participant. The policy enforcement point forwards the request to a policy decision point where the request is evaluated based on the set of access control policies.

Abstract translation: 一种在工作流过程中控制多个参与者的交互的方法和系统。 该方法将多个活动分类为（1）工作流过程的第一活动，（2）参与者在正在进行的工作流过程中的第一活动，以及（3）交互活动。 为每种类型的活动生成一组访问控制策略。 这些策略包括工作流初始化策略，参与策略和交互策略。 该策略确定请求参与者是否被允许与响应参与者进行交互。 此外，该系统包括用于从请求的参与者接收请求的策略执行点，其中该请求用于激活响应参与者的活动。 策略执行点将请求转发到根据访问控制策略集合来评估请求的策略决策点。

公开(公告)号：US07797534B2

公开(公告)日：2010-09-14

申请号：US11583323

申请日：2006-10-19

Applicant: Maarten E. Rits

Inventor： Maarten E. Rits

IPC: H04L29/06 ,  G06F15/16

CPC classification number: G06F21/52 ,  G06F21/62 ,  G06F2221/2101

Abstract: There is proposed a method for executing a workflow, comprising providing the workflow comprising process level activities, at least one process level activity being able to access system resources, the access to the system resources being mediated by a plurality of backend modules. A backend module of the plurality of backend modules carries out the steps of receiving a hierarchical attribute certificate, validating the attribute certificate, checking whether the attribute certificate grants a right to execute the backend module, checking whether a predefined execution path from the process level activity to the backend module has been traversed, and if both checking steps are successful, executing the backend module. Moreover, there is proposed a respective device, computer program medium and computer program product.

Abstract translation: 提出了一种用于执行工作流的方法，包括提供包括过程级活动的工作流，能够访问系统资源的至少一个进程级活动，由多​​个后端模块介导的对系统资源的访问。 多个后端模块的后端模块执行接收分级属性证书，验证属性证书，检查属性证书是否授权执行后端模块的步骤，从进程级别活动检查预定义的执行路径 到后端模块已经被遍历，如果两个检查步骤都成功，执行后端模块。 此外，提出了各自的装置，计算机程序介质和计算机程序产品。