-
Patent Agency Ranking
公开(公告)号:US07644432B2
公开(公告)日:2010-01-05
申请号:US10962079
申请日:2004-10-08
Applicant: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
Inventor: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
IPC: H04L29/06
CPC classification number: H04L63/20
Abstract: A computer-implemented system and method for policy inheritance, comprising, defining a first group wherein the first group refers to at least one of: a user and a group different from the first group, defining a second group wherein the second group is nested within the first group, defining a first policy wherein the first policy includes a resource, a subject and one of, an action and a role, and wherein the subject includes the first group, inheriting the first policy by the second group, wherein the resource is part of a resource hierarchy, and wherein the first policy can be used to control access to the resource.
Abstract translation: 一种用于策略继承的计算机实现的系统和方法,包括:定义第一组,其中所述第一组参考以下中的至少一个:与所述第一组不同的用户和组,定义第二组,其中所述第二组嵌套在 所述第一组定义第一策略,其中所述第一策略包括资源,主题以及动作和角色之一,并且其中所述对象包括所述第一组,由所述第二组继承所述第一策略,其中所述资源是 资源层次结构的一部分,并且其中第一策略可以用于控制对资源的访问。
-
公开(公告)号:US07603547B2
公开(公告)日:2009-10-13
申请号:US10961674
申请日:2004-10-08
Applicant: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
Inventor: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
CPC classification number: G06F21/6218 , H04L63/105 , H04L63/20
Abstract: A system for distributing information from a first process to one or more security service modules. The system comprises a remote interface, capable of accepting first information from the first process, and a provisioning service provider (PSP) coupled to the remote interface. The PSP can obtain the first information from the remote interface, and also can provide second information to a local interface. The second information is based on the first information and is tailored for the one or more security service modules. The local interface can provide the second information to the one or more security service modules and the one or more security service modules can accept the second information and perform at least one of the following: adjust a configuration of the one or more security service modules to reflect the second information, and protect access to at least one resource based on the second information.
Abstract translation: 一种用于将信息从第一进程分发到一个或多个安全服务模块的系统。 该系统包括能够接收来自第一进程的第一信息的远程接口和耦合到远程接口的供应服务提供商(PSP)。 PSP可以从远程接口获取第一条信息,并且可以向本地接口提供第二条信息。 第二信息基于第一信息,并针对一个或多个安全服务模块量身定制。 所述本地接口可以向所述一个或多个安全服务模块提供所述第二信息,并且所述一个或多个安全服务模块可以接受所述第二信息并且执行以下中的至少一个:将所述一个或多个安全服务模块的配置调整为 反映第二信息,并且基于第二信息保护对至少一个资源的访问。
-
公开(公告)号:US07594112B2
公开(公告)日:2009-09-22
申请号:US10961839
申请日:2004-10-08
Applicant: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
Inventor: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
IPC: H04L9/00
CPC classification number: G06F21/6218 , H04L63/105 , H04L63/20
Abstract: A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.
Abstract translation: 一种系统和方法,包括以下步骤:将能力从第一用户委托给第二用户,将包括所述委托的证据的信息传播到多个安全服务模块,其中所述多个安全服务模块中的每一个能够 保护一个或多个资源,向属于所述多个安全服务模块的第一安全服务模块提供证据,当所述第二用户尝试访问所述一个或多个资源中的资源时执行所述委托,其中所述资源被所述第一 安全服务模块,并且其中所述实施由所述第一安全服务模块执行。
-
公开(公告)号:US07603548B2
公开(公告)日:2009-10-13
申请号:US10961675
申请日:2004-10-08
Applicant: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
Inventor: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
CPC classification number: G06F21/6218 , H04L63/105 , H04L63/20
Abstract: A method for providing a security provider for a client comprises providing a service provider interface, that is compatible with a security framework layer, and one or more services. The one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping. The one or more services can be exposed through the service provider interface and the framework layer can expose the one or more services to an application program interface.
Abstract translation: 用于为客户端提供安全提供者的方法包括提供与安全框架层兼容的服务提供者接口以及一个或多个服务。 一个或多个服务包括认证,授权,审核,角色映射和凭证映射中的至少一个。 一个或多个服务可以通过服务提供商接口公开,并且框架层可以将一个或多个服务公开到应用程序接口。
-
公开(公告)号:US07594224B2
公开(公告)日:2009-09-22
申请号:US10961595
申请日:2004-10-08
Applicant: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
Inventor: Paul Patrick , David Byrne , Kenneth D. Yagen , Mingde Xu , Jason Howes , Mark A. Falco , Richard J. Riendeau
CPC classification number: G06F21/6218 , H04L63/105 , H04L63/20
Abstract: A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration information, a security control module (SCM) operable to accept the information, at least one security service module (SSM) operable to accept the information from the SCM, and herein the information accepted by the SCM is relevant to one or more of the at least one SSMs.
Abstract translation: 一种用于分布式企业安全性的系统和方法,包括:可操作以更新信息的服务器,其中所述信息可以包括策略和配置信息中的一个或多个,可操作以接受所述信息的安全控制模块(SCM),至少一个安全 服务模块(SSM),其可操作以接受来自SCM的信息,并且此处由SCM接受的信息与所述至少一个SSM中的一个或多个相关。
-
-
-
-
Search Results
5
records
(took 0.016 seconds)
