公开(公告)号：US09052963B2

公开(公告)日：2015-06-09

申请号：US13476795

申请日：2012-05-21

申请人： David Y. Chang ,  John Y Chang ,  Edwin M Philpot, Jr. ,  Vishwanath Venkataramappa

发明人： David Y. Chang ,  John Y Chang ,  Edwin M Philpot, Jr. ,  Vishwanath Venkataramappa

IPC分类号： G06F15/173 ,  G06F9/50 ,  G06F11/30 ,  G06F11/34

CPC分类号： G06F9/5072 ,  G06F11/3003 ,  G06F11/3058 ,  G06F11/3409 ,  G06F2201/815

摘要： Systems, methods and computer-readable media provide for identifying a physical machine corresponding to a virtual machine. A system assigns a data center machine identifier to a physical computing device in a data center, along with a physical location for the physical computing system. In response to creating a virtual machine on the physical computing device, the system creates a mapping from a virtual machine identifier for the virtual machine to the data center machine identifier for the physical computing system.

摘要翻译： 系统，方法和计算机可读介质提供用于识别对应于虚拟机的物理机。 系统将数据中心机器标识符与物理计算系统的物理位置一起分配给数据中心中的物理计算设备。 响应于在物理计算设备上创建虚拟机，系统创建从虚拟机的虚拟机标识符到用于物理计算系统的数据中心机器标识符的映射。

公开(公告)号：US20130346543A1

公开(公告)日：2013-12-26

申请号：US13530267

申请日：2012-06-22

申请人： Messaoud B. Benantar ,  David Y. Chang ,  John Y. Chang ,  Vishwanath Venkataramappa

发明人： Messaoud B. Benantar ,  David Y. Chang ,  John Y. Chang ,  Vishwanath Venkataramappa

IPC分类号： G06F15/16

CPC分类号： G06F9/5055 ,  G06F2209/502

摘要： In a method for selecting a remote application service from a plurality of remote application services containing a requested electronic resource, a computer receives a request for an electronic resource. The computer sends a request for a geographic location of each node in the plurality of nodes containing the electronic resource. The computer determines a distance between the geographic location of each node in the plurality of nodes and the geographic location of the origin of the request for the electronic resource, respectively. The computer selects a remote application service based at least partially on the distance between the geographic location of each node and the geographic location of the origin of the request for the electronic resource.

摘要翻译： 在从包含所请求的电子资源的多个远程应用服务中选择远程应用服务的方法中，计算机接收对电子资源的请求。 计算机在包含电子资源的多个节点中发送对每个节点的地理位置的请求。 计算机分别确定多个节点中的每个节点的地理位置与电子资源的请求的原点的地理位置之间的距离。 计算机至少部分地基于每个节点的地理位置与电子资源的请求的原点的地理位置之间的距离来选择远程应用服务。

公开(公告)号：US20130311632A1

公开(公告)日：2013-11-21

申请号：US13476795

申请日：2012-05-21

申请人： David Y. Chang ,  John Y. Chang ,  Edwin M. Philpot ,  Vishwanath Venkataramappa

发明人： David Y. Chang ,  John Y. Chang ,  Edwin M. Philpot ,  Vishwanath Venkataramappa

IPC分类号： G06F15/173

CPC分类号： G06F9/5072 ,  G06F11/3003 ,  G06F11/3058 ,  G06F11/3409 ,  G06F2201/815

摘要： Systems, methods and computer-readable media provide for identifying a physical machine corresponding to a virtual machine. A system assigns a data center machine identifier to a physical computing device in a data center, along with a physical location for the physical computing system. In response to creating a virtual machine on the physical computing device, the system creates a mapping from a virtual machine identifier for the virtual machine to the data center machine identifier for the physical computing system.

摘要翻译： 系统，方法和计算机可读介质提供用于识别对应于虚拟机的物理机。 系统将数据中心机器标识符与物理计算系统的物理位置一起分配给数据中心中的物理计算设备。 响应于在物理计算设备上创建虚拟机，系统创建从虚拟机的虚拟机标识符到用于物理计算系统的数据中心机器标识符的映射。

公开(公告)号：US08290163B2

公开(公告)日：2012-10-16

申请号：US12049294

申请日：2008-03-15

申请人： David Yu Chang ,  John Yow-Chun Chang ,  Vishwanath Venkataramappa

发明人： David Yu Chang ,  John Yow-Chun Chang ,  Vishwanath Venkataramappa

IPC分类号： H04L29/06

CPC分类号： H04L63/0846 ,  H04L63/0428 ,  H04W12/02 ,  H04W12/06

摘要： An approach is provided that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.

摘要翻译： 提供了一种允许管理员在无线接入点（例如传统WAP或无线路由器）设置新密码的方法。 无线接入点创建一个包含新密码的消息。 该消息是使用之前为无线网络设置的旧密码加密的。 加密的消息从无线接入点无线地发送到活动客户端设备（当前正在接入无线网络的那些客户端）。 客户端使用之前提供给客户端的旧密码解密邮件。 客户端从邮件中检索新密码。 客户端构造使用新密码加密的新消息。 新消息从客户端无线传输到无线接入设备，并作为确认。

公开(公告)号：US20050289536A1

公开(公告)日：2005-12-29

申请号：US10874495

申请日：2004-06-23

申请人： Ranjit Nayak ,  Sridhar Sudarsan ,  Vishwanath Venkataramappa ,  Qinhua Wang ,  Leigh Williamson

发明人： Ranjit Nayak ,  Sridhar Sudarsan ,  Vishwanath Venkataramappa ,  Qinhua Wang ,  Leigh Williamson

IPC分类号： G06F9/44 ,  G06F9/445

CPC分类号： G06F8/61

摘要： Methods, systems, and media to automatically deploy an, e.g., a JS2EE file between environments are disclosed. Embodiments include hardware and/or software for selecting one or more applications in an original system for export. The applications along with their corresponding application data, configuration data, and descriptor files, are compressed into one or more archive files such as Enterprise Archives (EARs). Variable configuration data associated with the target environment is identified so the values of the variable configuration data can be adapted for the target environment. Then, the target environment is adapted for installation of the application and the application is installed in the target environment. Advantageously, this deployment of the application may reduce the chance of user error, require less J2EE knowledge and script maintenance, and complete faster than deployments effected manually.

摘要翻译： 公开了在环境之间自动部署例如JS2EE文件的方法，系统和媒体。 实施例包括用于选择用于输出的原始系统中的一个或多个应用的​​硬件和/或软件。 应用程序及其相应的应用程序数据，配置数据和描述符文件被压缩成一个或多个存档文件，例如企业档案（EAR）。 识别与目标环境相关联的可变配置数据，从而可以针对目标环境调整可变配置数据的值。 然后，目标环境适用于安装应用程序，应用程序安装在目标环境中。 有利地，应用程序的这种部署可能减少用户错误的机会，需要较少的J2EE知识和脚本维护，并且比手动实现的部署更快地完成。

公开(公告)号：US20050005090A1

公开(公告)日：2005-01-06

申请号：US10611022

申请日：2003-07-01

申请人： Vishwanath Venkataramappa ,  Shyamala Vishwanath

发明人： Vishwanath Venkataramappa ,  Shyamala Vishwanath

IPC分类号： H04L9/00

CPC分类号： G06F21/31 ,  G06F9/468 ,  G06F21/335 ,  G06F2221/2149

摘要： Authentication operations are performed within a CORBA-compliant environment with client applications using the JAAS programming model. A client application obtains an interoperable object reference (IOR) for a target object on a remote server that is protected within a security domain. After the client application invokes the target object, an object request is generated, and a request-level interceptor obtains the IOR for the target object and extracts an identifier for the security domain from the IOR. If a credential for the security domain is not in the current execution context of the client application, i.e., the current JAAS subject in the JAAS programming model, then the request-level interceptor performs an authentication operation with the security domain on behalf of the client application, receives an authentication credential, and places the authentication credential into the execution context of the client application. The object request is further processed in association with the obtained credential.

摘要翻译： 使用JAAS编程模型的客户端应用程序在符合CORBA的环境中执行身份验证操作。 客户端应用程序获取在安全域内受保护的远程服务器上的目标对象的可互操作对象引用（IOR）。 客户端应用程序调用目标对象后，生成对象请求，请求级拦截器获取目标对象的IOR，并从IOR中提取安全域的标识符。 如果安全域的凭证不在客户端应用程序的当前执行上下文中，即JAAS编程模型中的当前JAAS主题，则请求级拦截器代表客户机与安全域执行身份验证操作 应用程序，接收认证凭证，并将认证凭证放入客户端应用程序的执行上下文中。 与所获得的证书相关联地进一步处理对象请求。

公开(公告)号：US20130007845A1

公开(公告)日：2013-01-03

申请号：US13173563

申请日：2011-06-30

申请人： David Yu Chang ,  Messaoud Benantar ,  John Yow-Chun Chang ,  Vishwanath Venkataramappa

发明人： David Yu Chang ,  Messaoud Benantar ,  John Yow-Chun Chang ,  Vishwanath Venkataramappa

IPC分类号： G06F17/30

CPC分类号： H04L63/104 ,  G06F21/62 ,  G06F21/6218 ,  G06F21/78 ,  G06F2221/2115 ,  H04L63/08 ,  H04L63/0815 ,  H04L67/10 ,  H04L67/34 ,  H04L67/42

摘要： An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

摘要翻译： 云计算环境的认证和授权插件模型使云客户在将应用程序部署在云中时能够保留对其企业信息的控制。 云服务提供商为客户安全模块提供可插拔的界面。 当客户部署应用程序时，云环境管理员为客户的应用程序和数据分配资源组（例如，处理器，存储和内存）。 客户将其自己的认证和授权安全模块注册到云安全服务，然后该安全模块用于控制哪些人员或实体可以访问与部署的应用程序相关的信息。 然而，云环境管理员通常没有在客户的安全模块中注册（作为允许的用户）; 因此，云环境管理员无法访问（或向其他人或云的一般资源池）访问分配给云客户的资源（即使管理员自己分配了这些资源）或相关联的业务信息。 为了进一步平衡各方的权利，第三方公证服务在将应用程序和信息部署在云中时保护客户的隐私和访问权限。

公开(公告)号：US08301910B2

公开(公告)日：2012-10-30

申请号：US10755829

申请日：2004-01-12

申请人： Bhargav V. Perepa ,  Sujatha Perepa ,  Vishwanath Venkataramappa

发明人： Bhargav V. Perepa ,  Sujatha Perepa ,  Vishwanath Venkataramappa

IPC分类号： G06F21/00 ,  G06F11/30 ,  G06F12/14

CPC分类号： G06F21/12 ,  G06F21/10 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2111

摘要： A method and system that enables cross-border compliance with export restrictions of particular computer technology, including software loaded on a computing device. The computing device is loaded with software, and has a country location device, such as a low-end GPS device. The country location device (country locator) stores the present geographic location of the device in a location register. When the computing device is turned on or the software is activated for operation on the computing device, a security utility of the software compares the value in the register against a list of pre-established locations that are export-restricted. When the value matches (or falls within a range) of one of pre-established locations, the features of the software that are export restricted are automatically disabled.

摘要翻译： 一种方法和系统，使得跨境符合特定计算机技术的出口限制，包括计算设备上加载的软件。 计算机装载有软件，并具有国家定位装置，如低端GPS装置。 国家位置设备（国家定位器）将设备的当前地理位置存储在位置寄存器中。 当计算设备被打开或软件被激活以在计算设备上操作时，软件的安全性实用程序将寄存器中的值与导出限制的预先建立的位置的列表进行比较。 当值与预先确定的位置之一匹配（或落在范围内）时，导出受限的软件的功能将被自动禁用。

公开(公告)号：US20080222697A1

公开(公告)日：2008-09-11

申请号：US12123693

申请日：2008-05-20

申请人： Peter Daniel Birk ,  Ching-Yun Chao ,  Hyen Vui Chung ,  Carlton Keith Mason ,  Ajaykumar Karkala Reddy ,  Vishwanath Venkataramappa

发明人： Peter Daniel Birk ,  Ching-Yun Chao ,  Hyen Vui Chung ,  Carlton Keith Mason ,  Ajaykumar Karkala Reddy ,  Vishwanath Venkataramappa

IPC分类号： G06F21/00

CPC分类号： G06F21/31

摘要： Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.

摘要翻译： 应用服务器上的对象可以被定义为接收不同级别的安全保护的类，例如用户对象和管理对象的定义。 可以在管理对象上实施全域安全性，可以为域中的每个应用程序服务器单独配置哪些用户对象安全性。 在CORBA体系结构中，IOR对于在域范围内进行安全保护的共享对象（如管理对象）在IOR创建和导出到名称服务器期间提供了已标记组件。 之后，当客户端使用IOR时，客户机根据标记的组件调用必要的安全措施，如认证，授权和传输保护。

公开(公告)号：US20050154886A1

公开(公告)日：2005-07-14

申请号：US10755828

申请日：2004-01-12

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung ,  Ajay Karkala ,  Carlton Mason ,  Nataraj Nagaratnam ,  Brian Smith ,  Vishwanath Venkataramappa

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung ,  Ajay Karkala ,  Carlton Mason ,  Nataraj Nagaratnam ,  Brian Smith ,  Vishwanath Venkataramappa

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0815 ,  H04L63/0209 ,  H04L63/105

摘要： A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.

摘要翻译： 一种用于提供声明性信任关联模型的方法和系统，其形式化信任建立的方式，并且需要以标准格式呈现相应的认证信息。 因此，应用服务器可以提供有保证的保护级别。 本发明的机制提供了一种框架，其允许应用服务器执行信任评估，并允许反向代理安全服务器断言客户端的安全身份以及其他客户端安全凭证信息。 扩展了一个已知的信任关联拦截器模型，以允许反向代理安全服务器断言经过身份验证的用户的安全属性。 这样的安全属性包括例如组信息，认证强度和位置（即，用户进入请求，内联网与互联网，IP地址等在哪里）。 安全属性可用于作出授权决定。