公开(公告)号：US07451484B1

公开(公告)日：2008-11-11

申请号：US09321788

申请日：1999-05-27

申请人： Anthony J. Nadalin ,  Bruce Arland Rich ,  Theodore Jack London Shrader

发明人： Anthony J. Nadalin ,  Bruce Arland Rich ,  Theodore Jack London Shrader

IPC分类号： G06F12/14

CPC分类号： G06F21/31

摘要： A program written in untrusted code (e.g., JAVA) is enabled to access a native operating system resource (e.g., supported in WINDOWS NT) through a staged login protocol. In operation, a trusted login service listens, e.g., on a named pipe, for requests for login credentials. In response to a login request, the trusted login service requests a native operating system identifier. The native operating system identifier is then sent to the program. Using this identifier, a credential object is then created within an authentication framework. The credential object is then used to login to the native operating system to enable the program to access the resource. This technique enables a JAVA program to access a WINDOWS NT operating system resource under the identity of the user running the JAVA program.

摘要翻译： 使用不可信代码（例如，JAVA）编写的程序能够通过分段登录协议来访问本地操作系统资源（例如，在WINDOWS NT中支持）。 在操作中，信任的登录服务例如在命名管道上侦听用于登录凭证的请求。 响应于登录请求，可信登录服务请求本机操作系统标识符。 然后将本地操作系统标识符发送到程序。 使用此标识符，然后在认证框架内创建凭证对象。 然后，凭证对象用于登录到本机操作系统，以使程序能够访问该资源。 该技术使JAVA程序能够在运行JAVA程序的用户的身份下访问WINDOWS NT操作系统资源。

公开(公告)号：US08484699B2

公开(公告)日：2013-07-09

申请号：US13414736

申请日：2012-03-08

申请人： Anthony J. Nadalin ,  Ajamu A. Wesley

发明人： Anthony J. Nadalin ,  Ajamu A. Wesley

IPC分类号： G06F7/04 ,  G06F21/00 ,  G06F15/173

CPC分类号： H04L63/0428 ,  G06F21/6209 ,  H04L63/126

摘要： Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

摘要翻译： 披露技术用于在分布式Web门户（或类似的聚合框架）内聚合内容的联合环境中实现上下文敏感的机密性，确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域，并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术，可以在跨域联合（不管路由路径）内安全地路由消息，从而确保机密信息不会暴露给无意的第三方，并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。

公开(公告)号：US20100192197A1

公开(公告)日：2010-07-29

申请号：US12714447

申请日：2010-02-27

申请人： Anthony J. Nadalin ,  Ajamu A. Wesley

发明人： Anthony J. Nadalin ,  Ajamu A. Wesley

IPC分类号： G06F7/04 ,  H04K1/00 ,  G06F15/173

CPC分类号： H04L63/0428 ,  G06F21/6209 ,  H04L63/126

摘要： Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

摘要翻译： 披露技术用于在分布式Web门户（或类似的聚合框架）内聚合内容的联合环境中实现上下文敏感的机密性，确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域，并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术，可以在跨域联合（不管路由路径）内安全地路由消息，从而确保机密信息不会暴露给无意的第三方，并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。

公开(公告)号：US07467399B2

公开(公告)日：2008-12-16

申请号：US10814090

申请日：2004-03-31

申请人： Anthony J. Nadalin ,  Ajamu A. Wesley

发明人： Anthony J. Nadalin ,  Ajamu A. Wesley

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F15/173 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L63/0428 ,  G06F21/6209 ,  H04L63/126

摘要： Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

摘要翻译： 披露技术用于在分布式Web门户（或类似的聚合框架）内聚合内容的联合环境中实现上下文敏感的机密性，确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域，并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术，可以在跨域联合（不管路由路径）内安全地路由消息，从而确保机密信息不会暴露给无意的第三方，并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。

公开(公告)号：US09258125B2

公开(公告)日：2016-02-09

申请号：US11245310

申请日：2005-10-06

申请人： Paul R. Bunter ,  Ralph A. Hertlein ,  Sreedhar Janaswamy ,  Rania Y. Khalaf ,  Keeranoor G. Kumar ,  Michael McIntosh ,  Anthony J. Nadalin ,  Shishir Saxena ,  Ralph P. Williams

发明人： Paul R. Bunter ,  Ralph A. Hertlein ,  Sreedhar Janaswamy ,  Rania Y. Khalaf ,  Keeranoor G. Kumar ,  Michael McIntosh ,  Anthony J. Nadalin ,  Shishir Saxena ,  Ralph P. Williams

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L9/3247 ,  H04L63/12 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/68 ,  H04L2209/80

摘要： Methods, systems, and products are disclosed in which generating evidence of web services transactions are provided generally by receiving in an ultimate recipient web service from an initial sender a request, the request containing a proof of message origin (‘PMO’). The PMO contains an element addressed to the ultimate recipient web service and the element bears a first signature, the first signature having a value. Embodiments also include authenticating the identity of the initial sender; creating a proof of message receipt (‘PMR’) including signing the value of the first signature; sending the PMR to the initial sender, receiving, by the initial sender, the PMR; and saving, by the initial sender, the PMR.

摘要翻译： 披露了方法，系统和产品，其中通常通过从初始发送者接收最终接收者Web服务的请求来提供Web服务交易的证据，该请求包含消息来源证据（“PMO”）。 PMO包含寻址到最终的接收者Web服务的元素，该元素具有第一个签名，第一个签名具有一个值。 实施例还包括验证初始发送者的身份; 创建消息收据证明（“PMR”），包括签署第一个签名的价值; 将PMR发送到初始发送者，由初始发送者接收PMR; 并由初始发件人保存PMR。

公开(公告)号：US09160752B2

公开(公告)日：2015-10-13

申请号：US11848405

申请日：2007-08-31

申请人： German S. Goldszmidt ,  Dah-Haur H. Lin ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

发明人： German S. Goldszmidt ,  Dah-Haur H. Lin ,  Anthony J. Nadalin ,  Nataraj Nagaratnam ,  Indrajit Poddar

IPC分类号： H04L29/06 ,  G06F21/62

CPC分类号： H04L63/105 ,  G06F21/6227

摘要： Embodiments of the present invention provide a method, system and computer program product for aggregating database and component logic authorization rules in a multi-tier application. In an embodiment of the invention, a method for aggregating database and component logic authorization rules in a multi-tier application system can include aggregating role-based authorization rules for both a persistence layer and a logic layer of a multi-tier application in a unified policy, distributing the unified policy to both the persistence layer and the logic layer of the multi-tier application, transforming the unified policy into respectively a set of role based permissions for the persistence layer and a set of role based permissions for the logic layer, and applying the set of role based permissions for the persistence layer in the persistence layer, and the set of role based permissions for the logic layer in the logic layer of the multi-tier application.

摘要翻译： 本发明的实施例提供了一种用于在多层应用中聚合数据库和组件逻辑授权规则的方法，系统和计算机程序产品。 在本发明的一个实施例中，用于在多层应用系统中聚合数据库和组件逻辑授权规则的方法可以包括为统一的多层应用的持久层和逻辑层聚合基于角色的授权规则 策略，将统一策略分发到多层应用的持久层和逻辑层，将统一策略分为一组基于角色的持久层权限和逻辑层的一组基于角色的权限， 并在持久层中为持久层应用一组基于角色的权限，以及在多层应用程序的逻辑层中逻辑层的基于角色的权限集合。

公开(公告)号：US07657924B2

公开(公告)日：2010-02-02

申请号：US10907577

申请日：2005-04-06

申请人： Maryann Hondo ,  Anthony J. Nadalin ,  Nataraj Nagaratnam

发明人： Maryann Hondo ,  Anthony J. Nadalin ,  Nataraj Nagaratnam

IPC分类号： H04L9/00

CPC分类号： H04L63/102 ,  H04L63/08

摘要： A method, system and computer program product for implementing authorization policies for web services may include defining an authorization policy for access to a web service. The method, system and computer program product may also include attaching the authorization policy to a service definition for the web service.

摘要翻译： 用于实现web服务的授权策略的方法，系统和计算机程序产品可以包括定义用于访问web服务的授权策略。 方法，系统和计算机程序产品还可以包括将授权策略附加到web服务的服务定义。

公开(公告)号：US20080263225A1

公开(公告)日：2008-10-23

申请号：US12172229

申请日：2008-07-12

申请人： Anthony J. Nadalin ,  Ajamu A. Wesley

发明人： Anthony J. Nadalin ,  Ajamu A. Wesley

IPC分类号： G06F15/16

CPC分类号： H04L63/0428 ,  G06F21/6209 ,  H04L63/126

摘要： Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

摘要翻译： 披露技术用于在分布式Web门户（或类似的聚合框架）内聚合内容的联合环境中实现上下文敏感的机密性，确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域，并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术，可以在跨域联合（不管路由路径）内安全地路由消息，从而确保机密信息不会暴露给无意的第三方，并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。

公开(公告)号：US09292305B2

公开(公告)日：2016-03-22

申请号：US12013867

申请日：2008-01-14

申请人： Indrajit Poddar ,  Anthony J. Nadalin ,  Nataraj Nagaratnam

发明人： Indrajit Poddar ,  Anthony J. Nadalin ,  Nataraj Nagaratnam

IPC分类号： G06F9/44

CPC分类号： G06F9/4435 ,  G06F9/4493

摘要： Embodiments of the present invention provide a method, system and computer program product for declarative instance based access control for persistent application resources in a multi-tier application. In one embodiment of the invention, a method for instance based access control in a persistent application resource can be provided. The method can include creating one or more instances of an persistent application resource for a particular user or based on attributes of the user, coupling the instance(s) of the persistent application resource to a database implementing row-level access control, initializing access to the database according to a role or attribute for the particular user, and accessing a restricted set of data in the database through the instance(s) of the persistent application resource.

摘要翻译： 本发明的实施例提供了一种用于在多层应用中用于持久应用资源的基于声明性实例的访问控制的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供用于持久应用资源中的基于实例的访问控制的方法。 该方法可以包括为特定用户创建持久性应用资源的一个或多个实例，或者基于用户的属性，将持久应用资源的实例耦合到实现行级访问控制的数据库，初始化对 数据库根据特定用户的角色或属性，以及通过持久性应用程序资源的实例访问数据库中受限制的一组数据。

公开(公告)号：US08200979B2

公开(公告)日：2012-06-12

申请号：US12714447

申请日：2010-02-27

申请人： Anthony J. Nadalin ,  Ajamu A. Wesley

发明人： Anthony J. Nadalin ,  Ajamu A. Wesley

IPC分类号： G06F21/00 ,  G06F7/06 ,  G06F15/16 ,  H04K1/00

CPC分类号： H04L63/0428 ,  G06F21/6209 ,  H04L63/126

摘要： Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

摘要翻译： 披露技术用于在分布式Web门户（或类似的聚合框架）内聚合内容的联合环境中实现上下文敏感的机密性，确保应该保密的消息部分对于联合环境中除实体之外的所有实体是机密的 消息部分可以正确地泄露给消息部分。 联盟可以包括任意数量的自治安全域，并且这些安全域可以具有独立的信任模型和认证服务。 使用所公开的技术，可以在跨域联合（不管路由路径）内安全地路由消息，从而确保机密信息不会暴露给无意的第三方，并且关键信息在安全域之间传输时不被篡改。 优选实施例利用Web服务技术和许多行业标准。