利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

7 条记录 (耗时 0.018 秒)

    Global policy framework analyzer
    1.
    发明授权
    Global policy framework analyzer 有权
    全球政策框架分析仪

    公开(公告)号:US08655824B1

    公开(公告)日:2014-02-18

    申请号:US13041545

    申请日:2011-03-07

    申请人: Paul L. Allen David J. Finton Charles Theodore Kitzmiller

    发明人: Paul L. Allen David J. Finton Charles Theodore Kitzmiller

    IPC分类号: G06N5/02

    CPC分类号: G06N5/025 G06F21/604 H04L41/0866 H04L41/0893 H04L63/20

    摘要: Analyzing a set of policies. A goal comprising a particular outcome is received. An analysis object comprising a data structure maintaining information needed to perform an analysis of the goal is defined. The analysis object is configured to limit a number of calculations needed to achieve the goal. Each member of a set of expressions found in the set of policies has an output. The output is the same for each expression. One of the set of expressions is solved. The solved output is cached in the analysis object such that the solved output is associated with each member of the set of expressions. The analysis object is processed to create a set of values that achieves the goal. Processing includes referencing the cache to retrieve the solved output each time a member of the set of expressions is to be solved during processing of the analysis object.

    摘要翻译: 分析一套策略。 收到包含特定结果的目标。 定义了包括保持执行目标分析所需的信息的数据结构的分析对象。 分析对象被配置为限制实现目标所需的计算数量。 在该策略集中找到的一组表达式的每个成员都有一个输出。 每个表达式的输出相同。 一组表达式被解决了。 解析输出缓存在分析对象中,使得求解的输出与表达式集合中的每个成员相关联。 处理分析对象以创建一组达到目标的值。 处理包括引用高速缓存以在每次在分析对象的处理期间解析表达式集合的成员时检索解决的输出。

    Checking rule and policy representation
    2.
    发明授权
    Checking rule and policy representation 有权
    检查规则和策略表示

    公开(公告)号:US08271418B2

    公开(公告)日:2012-09-18

    申请号:US12428294

    申请日:2009-04-22

    申请人: Paul L. Allen Michael W. Anderson David J. Finton Charles T. Kitzmiller

    发明人: Paul L. Allen Michael W. Anderson David J. Finton Charles T. Kitzmiller

    IPC分类号: G06F17/00 G06N5/02

    CPC分类号: G06F21/577 G06Q10/10 H04L63/102

    摘要: A computer-performed method of examining policies for a target system of an enterprise system domain. The policies are represented as policy rules, each rule including a condition having binary operator expression(s), each expression referring to one or more policy attributes. For a pair of expressions, the computer(s) obtain sets of sample values sufficient to represent all values assumable by the policy attribute(s) referred to in the pair. The sample values are combined in a mixed-radix enumeration in which each attribute is represented in a corresponding position of each sample value combination and of the enumeration. Using the enumeration, the computer(s) evaluate each expression of the pair relative to each of the sample value combinations to obtain a truth table. Based on the truth table, a relationship between the pair is detected and the user may be notified as to an anomaly in the rules.

    摘要翻译: 一种用于检查企业系统域目标系统的策略的计算机执行方法。 策略被表示为策略规则,每个规则包括具有二进制运算符表达式的条件,每个表达式引用一个或多个策略属性。 对于一对表达式,计算机获得足以表示由该对中所引用的策略属性所假定的所有值的样本值集合。 样本值以混合基数枚举组合,其中每个属性在每个样本值组合和枚举的相应位置表示。 使用枚举,计算机根据每个样本值组合来评估对的每个表达式以获得真值表。 基于真值表,检测到该对之间的关​​系,并且可以向用户通知规则中的异常。

    Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism
    3.
    发明授权
    Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism 有权
    密码执法,多角色,有策略的对象传播控制机制

    公开(公告)号:US07640429B2

    公开(公告)日:2009-12-29

    申请号:US10788151

    申请日:2004-02-26

    申请人: Ming-Yuh Huang Paul L. Allen Phyllis Melvin Keith E. Williamson Philip J. Attfield

    发明人: Ming-Yuh Huang Paul L. Allen Phyllis Melvin Keith E. Williamson Philip J. Attfield

    IPC分类号: H04L29/06

    CPC分类号: G06F21/6218

    摘要: An apparatus to implement role based access control which reduces administrative expenses associated with managing access in accordance with policies and roles. The apparatus includes a memory storing a first role based access control condition associated with an action and a subsystem executing an enforcement entity and a decision entity. In various forms, the two entities are independent entities. The enforcement entity receives a request for the action from a requestor with a role. Additionally, the enforcement entity communicates the role and the request to the decision entity for the decision entity's decision of whether the role satisfies the first condition. The decision entity then communicates the decision to the enforcement entity. Accordingly, the enforcement entity allows or denies the requester the action based on the decision made by the decision entity.

    摘要翻译: 实现基于角色的访问控制的装置,其减少与根据策略和角色管理访问相关联的管理费用。 该装置包括存储与动作相关联的第一基于角色的访问控制条件的存储器和执行执行实体和决策实体的子系统。 以各种形式,这两个实体是独立实体。 执行实体从具有角色的请求者接收到该操作的请求。 此外,执行实体将角色和请求传达给决策实体,以便决策实体决定角色是否满足第一个条件。 决策实体然后将决定传达给执行实体。 因此,执行实体允许或拒绝请求者基于决策实体作出的决定的动作。

    Implementing access control policies across dissimilar access control platforms
    5.
    发明授权
    Implementing access control policies across dissimilar access control platforms 有权
    在不同的访问控制平台上实现访问控制策略

    公开(公告)号:US08056114B2

    公开(公告)日:2011-11-08

    申请号:US11209987

    申请日:2005-08-23

    申请人: Paul L. Allen Ming-Yuh Huang Phyllis Melvin

    发明人: Paul L. Allen Ming-Yuh Huang Phyllis Melvin

    IPC分类号: G06F17/00 H04L29/06

    CPC分类号: G06Q10/06 G06F21/6236

    摘要: A method of implementing access control requirements to control access to a plurality of system resources. The requirements are modeled as contents of security policies. The security policy contents are integrated into a policy set. Representations of the integrated policy set are generated, each representation corresponding to a target system that controls access to the resources. The policy set representation(s) are integrated with the corresponding target system(s) to implement the policy set. This method makes it possible to implement high-level security requirements correctly and consistently across systems of a system-of-systems (SoS) and/or distributed system.

    摘要翻译: 一种实现访问控制要求以控制对多个系统资源的访问的方法。 这些要求被模拟为安全策略的内容。 安全策略内容被集成到策略集中。 生成集成策略集的表示形式,每个表示对应于控制对资源的访问的目标系统。 策略集表示与相应的目标系统集成以实现策略集。 这种方法使得可以在系统级(SoS)和/或分布式系统的系统上正确和一致地实现高级安全性要求。

    CHECKING RULE AND POLICY REPRESENTATION
    6.
    发明申请
    CHECKING RULE AND POLICY REPRESENTATION 有权
    检查规则和政策陈述

    公开(公告)号:US20090281977A1

    公开(公告)日:2009-11-12

    申请号:US12428294

    申请日:2009-04-22

    申请人: Paul L. Allen Michael W. Anderson David J. Finton Charles T. Kitzmiller

    发明人: Paul L. Allen Michael W. Anderson David J. Finton Charles T. Kitzmiller

    IPC分类号: G06F17/00 G06N5/02

    CPC分类号: G06F21/577 G06Q10/10 H04L63/102

    摘要: A computer-performed method of examining policies for a target system of an enterprise system domain. The policies are represented as policy rules, each rule including a condition having binary operator expression(s), each expression referring to one or more policy attributes. For a pair of expressions, the computer(s) obtain sets of sample values sufficient to represent all values assumable by the policy attribute(s) referred to in the pair. The sample values are combined in a mixed-radix enumeration in which each attribute is represented in a corresponding position of each sample value combination and of the enumeration. Using the enumeration, the computer(s) evaluate each expression of the pair relative to each of the sample value combinations to obtain a truth table. Based on the truth table, a relationship between the pair is detected and the user may be notified as to an anomaly in the rules.

    摘要翻译: 一种用于检查企业系统域目标系统的策略的计算机执行方法。 策略被表示为策略规则,每个规则包括具有二进制运算符表达式的条件,每个表达式引用一个或多个策略属性。 对于一对表达式,计算机获得足以表示由该对中所引用的策略属性所假定的所有值的样本值集合。 样本值以混合基数枚举组合,其中每个属性在每个样本值组合和枚举的相应位置表示。 使用枚举,计算机根据每个样本值组合来评估对的每个表达式以获得真值表。 基于真值表,检测到该对之间的关​​系,并且可以向用户通知规则中的异常。