利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

23 条记录 (耗时 0.033 秒)

    Automatic policy generation based on role entitlements and identity attributes
    1.
    发明授权
    Automatic policy generation based on role entitlements and identity attributes 失效
    基于角色授权和身份属性自动生成策略

    公开(公告)号:US07284000B2

    公开(公告)日:2007-10-16

    申请号:US10741708

    申请日:2003-12-19

    申请人: David G. Kuehr-McLaren Pratik Gupta Govindaraj Sampathkumar Vincent C. Williams Sharon L. Cutcher Sumit Taank Brian A. Stube Hari Shankar

    发明人: David G. Kuehr-McLaren Pratik Gupta Govindaraj Sampathkumar Vincent C. Williams Sharon L. Cutcher Sumit Taank Brian A. Stube Hari Shankar

    IPC分类号: G06F17/30

    CPC分类号: G06F17/00 G06F17/30 G06Q10/00 G06Q10/06 G06Q10/10 Y10S707/99939

    摘要: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

    摘要翻译: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利,这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定,比较新身份的非授权属性以找到最接近的匹配。 然后,建议将该身份的非共同所有权利分配给新身份,并经批准。

    Automatic policy generation based on role entitlements and identity attributes
    3.
    发明申请
    Automatic policy generation based on role entitlements and identity attributes 失效
    基于角色授权和身份属性自动生成策略

    公开(公告)号:US20050138061A1

    公开(公告)日:2005-06-23

    申请号:US10741708

    申请日:2003-12-19

    申请人: David Kuehr-McLaren Pratik Gupta Govindaraj Sampathkumar Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    发明人: David Kuehr-McLaren Pratik Gupta Govindaraj Sampathkumar Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    IPC分类号: G06F17/00

    CPC分类号: G06F17/00 G06F17/30 G06Q10/00 G06Q10/06 G06Q10/10 Y10S707/99939

    摘要: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

    摘要翻译: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利,这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定,比较新身份的非授权属性以找到最接近的匹配。 然后,建议将该身份的非共同所有权利分配给新身份,并经批准。

    Automatic role hierarchy generation and inheritance discovery
    4.
    发明申请
    Automatic role hierarchy generation and inheritance discovery 审中-公开
    自动角色层次生成和继承发现

    公开(公告)号:US20050138420A1

    公开(公告)日:2005-06-23

    申请号:US10741904

    申请日:2003-12-19

    申请人: Govindaraj Sampathkumar Pratik Gupta David Kuehr-McLaren Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    发明人: Govindaraj Sampathkumar Pratik Gupta David Kuehr-McLaren Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    IPC分类号: H04L9/00

    CPC分类号: G06Q10/10 G06F21/604 G06F21/6218 G06F2221/2145

    摘要: A role hierarchy is automatically generated by hierarchically ranking roles in a role based control system, each role including a plurality of identities having attributes. Iteratively at each hierarchical level: each non-cohesive role (wherein, in this case, at least one attribute is not possessed by every identity in the role) is replaced, at the same hierarchical level, by a cohesive role formed by grouping identities having at least one common attribute. The remaining identities are clustered into children roles based on attributes other than the common attribute, and the children roles are added to the role hierarchy at a hierarchical level below the cohesive role. If no common attribute exists in the non-cohesive role, the role is clustered into two or more new roles based on all the attributes in the role, and the non-cohesive role is replaced with the new roles at the same hierarchical level.

    摘要翻译: 通过在基于角色的控制系统中对角色进行分级排序自动生成角色层次结构,每个角色包括具有属性的多个身份。 迭代地在每个层次级别:每个非凝聚的角色(其中,在这种情况下,角色中的每个身份不具有至少一个属性)在相同的层次上由通过将身份分组 至少有一个共同的属性。 剩余的身份基于公共属性以外的属性聚类成儿童角色,并且儿童角色被添加到角色层次结构中,层级低于凝聚角色。 如果非凝聚角色中不存在共同属性,则该角色将基于角色中的所有属性聚集到两个或多个新角色中,并且将非相关角色替换为同一层次级别的新角色。

    Automated role discovery
    5.
    发明申请
    Automated role discovery 审中-公开
    自动角色发现

    公开(公告)号:US20050138419A1

    公开(公告)日:2005-06-23

    申请号:US10741634

    申请日:2003-12-19

    申请人: Pratik Gupta Govindaraj Sampathkumar David Kuehr-McLaren Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    发明人: Pratik Gupta Govindaraj Sampathkumar David Kuehr-McLaren Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    IPC分类号: G06F11/30 H04L9/32

    CPC分类号: G06F21/6218

    摘要: An automated, bottom-up role discovery method for a role based control system includes automatically extracting identities and attributes from data sources and automatically clustering the identities based on the attributes to form recommended roles. The recommended roles may be modified by intervention of an administrator. Additionally, the recommended roles may be aggregated by defining the role definition as an attribute of each constituent identity, and re-clustering the identities to generate refined roles. The recommended, modified, and/or refined roles may then be utilized in a role based control system, such as a role based access control system. Periodically performing the role discovery process provides a means to audit a role based access control system.

    摘要翻译: 用于基于角色的控制系统的自动化的自下而上角色发现方法包括自动从数据源提取身份和属性,并根据属性自动聚类身份以形成推荐角色。 推荐的角色可以通过管理员的干预来修改。 另外,推荐的角色可以通过将角色定义定义为每个组成标识的属性来进行聚合,并重新聚集身份以生成精细角色。 然后,可以在基于角色的控制系统(例如基于角色的访问控制系统)中使用推荐的,修改的和/或细化的角色。 定期执行角色发现过程提供了一种审核基于角色的访问控制系统的方法。

    Automatic Policy Generation Based on Role Entitlements and Identity Attributes
    6.
    发明申请
    Automatic Policy Generation Based on Role Entitlements and Identity Attributes 有权
    基于角色权利和身份属性的自动策略生成

    公开(公告)号:US20080016104A1

    公开(公告)日:2008-01-17

    申请号:US11780956

    申请日:2007-07-20

    申请人: David Kuehr-McLaren Pratik Gupta Govindaraj Sampathkumar Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    发明人: David Kuehr-McLaren Pratik Gupta Govindaraj Sampathkumar Vincent Williams Sharon Cutcher Sumit Taank Brian Stube Hari Shankar

    IPC分类号: G06F17/00

    CPC分类号: G06F17/00 G06F17/30 G06Q10/00 G06Q10/06 G06Q10/10 Y10S707/99939

    摘要: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

    摘要翻译: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利,这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定,比较新身份的非授权属性以找到最接近的匹配。 然后,建议将该身份的非共同所有权利分配给新身份,并经批准。

    Method and Apparatus for Creating Custom Access Control Hierarchies
    7.
    发明申请
    Method and Apparatus for Creating Custom Access Control Hierarchies 有权
    用于创建自定义访问控制层次结构的方法和装置

    公开(公告)号:US20080168530A1

    公开(公告)日:2008-07-10

    申请号:US11620219

    申请日:2007-01-05

    申请人: David G. Kuehr-McLaren Kwabena Mireku Govindaraj Sampathkumar Janette S. Wong

    发明人: David G. Kuehr-McLaren Kwabena Mireku Govindaraj Sampathkumar Janette S. Wong

    IPC分类号: H04L9/32 G06F21/00

    CPC分类号: H04L63/105 G06F21/6218 G06F21/6236

    摘要: The Custom Access Controller adds a custom security hierarchy to the organizational data in the View Processor of WEBSPHERE Virtual Member Manager. Whenever an entity or application attempts to access a resources the access control engine starts the View Processor to identify the organizational data and assigned security policy for the resource. The assigned security policy is applied to a delegated administration path which is part of the delegated administration hierarchy but includes the appropriate path and security policy for the resource. The delegated administration path is sent to an access control engine that grants or denies access to the resource. A View Processor Interface allows network administrators to create and modify custom security hierarchies.

    摘要翻译: 自定义访问控制器将自定义安全层次结构添加到WEBSPHERE虚拟会员管理器的查看处理器中的组织数据。 无论何时一个实体或应用程序尝试访问资源,访问控制引擎启动查看处理器以识别资源的组织数据和分配的安全策略。 分配的安全策略应用于作为委派管理层次结构的一部分的委派管理路径,但包括资源的适当路径和安全策略。 委派的管理路径被发送到访问控制引擎,该引擎允许或拒绝对资源的访问。 视图处理器接口允许网络管理员创建和修改自定义安全层次结构。

    Method and apparatus for creating custom access control hierarchies
    8.
    发明授权
    Method and apparatus for creating custom access control hierarchies 有权
    用于创建自定义访问控制层次结构的方法和设备

    公开(公告)号:US09124602B2

    公开(公告)日:2015-09-01

    申请号:US11620219

    申请日:2007-01-05

    申请人: David G. Kuehr-McLaren Kwabena Mireku Govindaraj Sampathkumar Janette S. Wong

    发明人: David G. Kuehr-McLaren Kwabena Mireku Govindaraj Sampathkumar Janette S. Wong

    IPC分类号: G06F7/04 H04L29/06 G06F21/62

    CPC分类号: H04L63/105 G06F21/6218 G06F21/6236

    摘要: The Custom Access Controller adds a custom security hierarchy to the organizational data in the View Processor of WEBSPHERE Virtual Member Manager. Whenever an entity or application attempts to access a resources the access control engine starts the View Processor to identify the organizational data and assigned security policy for the resource. The assigned security policy is applied to a delegated administration path which is part of the delegated administration hierarchy but includes the appropriate path and security policy for the resource. The delegated administration path is sent to an access control engine that grants or denies access to the resource. A View Processor Interface allows network administrators to create and modify custom security hierarchies.

    摘要翻译: 自定义访问控制器将自定义安全层次结构添加到WEBSPHERE虚拟会员管理器的查看处理器中的组织数据。 无论何时一个实体或应用程序尝试访问资源,访问控制引擎启动查看处理器来识别资源的组织数据和分配的安全策略。 分配的安全策略应用于作为委派管理层次结构的一部分的委派管理路径,但包括资源的适当路径和安全策略。 委派的管理路径被发送到访问控制引擎,该引擎允许或拒绝对资源的访问。 视图处理器接口允许网络管理员创建和修改自定义安全层次结构。

    Apparatus, System, and Method for Defining Normal and Expected Usage of a Computing Resource
    10.
    发明申请
    Apparatus, System, and Method for Defining Normal and Expected Usage of a Computing Resource 有权
    用于定义计算资源的正常和预期用途的装置,系统和方法

    公开(公告)号:US20110093413A1

    公开(公告)日:2011-04-21

    申请号:US12580023

    申请日:2009-10-15

    申请人: Jeffrey A. Calcaterra Andrew L. Hanson Gregory R. Hintermeister Govindaraj Sampathkumar

    发明人: Jeffrey A. Calcaterra Andrew L. Hanson Gregory R. Hintermeister Govindaraj Sampathkumar

    IPC分类号: G06F17/00

    CPC分类号: G06F11/3447 G06F11/3409 G06F2201/86 G06F2201/875

    摘要: An apparatus, system, and method are disclosed for defining normal usage of a computing system resource. A method for defining normal usage of a computing system resource includes receiving a repeating schedule that represents system usage of one or more computing resources and receiving one or more demand events that will affect the system usage of the one or more computer resources. The method also automatically creates a predictive temporal profile that represents the system usage of the one or more computer resources from information comprising the repeating schedule and the one or more demand events. The predictive temporal profile is displayed for the user to review.

    摘要翻译: 公开了一种用于定义计算系统资源的正常使用的装置,系统和方法。 定义计算系统资源的正常使用的方法包括:接收表示一个或多个计算资源的系统使用的重复调度,以及接收将影响所述一个或多个计算机资源的系统使用的一个或多个需求事件。 该方法还自动创建预测性时间特征,其表示来自包括重复调度和一个或多个需求事件的信息的一个或多个计算机资源的系统使用。 显示预测性时间特征供用户查看。