COMPUTER SYSTEM SECURITY SERVICE
    1.
    发明申请
    COMPUTER SYSTEM SECURITY SERVICE 有权
    计算机系统安全服务

    公开(公告)号:US20080134286A1

    公开(公告)日:2008-06-05

    申请号:US12014612

    申请日:2008-01-15

    IPC分类号: G06F21/20

    摘要: A security service of computer networks having a policy builder, an LDAP-compliant database, a validator and an API. The policy builder component provides a graphical user interface to be used by a policy manager to define access policies for users seeking to access network services and resources. The graphical user interface has a grid of nodes representing access policies. The grid is arranged to correspond to a defined tree structure representing services and resources and a business relationship tree structure representing users. The graphical user interface permits the policy manager to define policy builder plug-ins for access policy customization. The LDAP-compliant database maintains the policy builder plug-ins. The validator component receives requests from users and queries the LDAP-compliant database to obtain relevant access policies as defined by the policy manager. The system provides for double inheritance of access policies such that where there is no express definition of an access policy for a node, the access policies are propagated according to the hierarchical structures of the data. The validator includes validator plug-ins for carrying out access policies corresponding to the access policies defined by policy builder plug-ins.

    摘要翻译: 具有策略构建器,符合LDAP的数据库,验证器和API的计算机网络的安全服务。 策略构建器组件提供了一个图形用户界面,由策略管理器用于为寻求访问网络服务和资源的用户定义访问策略。 图形用户界面具有表示访问策略的节点网格。 网格被布置为对应于表示服务和资源的定义的树结构以及表示用户的业务关系树结构。 图形用户界面允许策略管理器定义用于访问策略定制的策略构建器插件。 符合LDAP的数据库维护策略构建器插件。 验证器组件接收来自用户的请求,并查询符合LDAP的数据库,以获取策略管理器定义的相关访问策略。 该系统提供访问策略的双重继承,使得在节点的访问策略没有明确定义的地方,根据数据的层次结构传播访问策略。 验证器包括用于执行与由策略构建器插件定义的访问策略相对应的访问策略的验证器插件。

    Computer system security service
    2.
    发明授权
    Computer system security service 有权
    计算机系统安全服务

    公开(公告)号:US07757271B2

    公开(公告)日:2010-07-13

    申请号:US12014612

    申请日:2008-01-15

    IPC分类号: G06F21/20

    摘要: A security service of computer networks having a policy builder, an LDAP-compliant database, a validator and an API. The policy builder component provides a graphical user interface to be used by a policy manager to define access policies for users seeking to access network services and resources. The graphical user interface has a grid of nodes representing access policies. The grid is arranged to correspond to a defined tree structure representing services and resources and a business relationship tree structure representing users. The graphical user interface permits the policy manager to define policy builder plug-ins for access policy customization. The LDAP-compliant database maintains the policy builder plug-ins. The validator component receives requests from users and queries the LDAP-compliant database to obtain relevant access policies as defined by the policy manager. The system provides for double inheritance of access policies such that where there is no express definition of an access policy for a node, the access policies are propagated according to the hierarchical structures of the data. The validator includes validator plug-ins for carrying out access policies corresponding to the access policies defined by policy builder plug-ins.

    摘要翻译: 具有策略构建器,符合LDAP的数据库,验证器和API的计算机网络的安全服务。 策略构建器组件提供了一个图形用户界面,由策略管理器用于为寻求访问网络服务和资源的用户定义访问策略。 图形用户界面具有表示访问策略的节点网格。 网格被布置为对应于表示服务和资源的定义的树结构以及表示用户的业务关系树结构。 图形用户界面允许策略管理器定义用于访问策略定制的策略构建器插件。 符合LDAP的数据库维护策略构建器插件。 验证器组件接收来自用户的请求,并查询符合LDAP的数据库,以获取策略管理器定义的相关访问策略。 该系统提供访问策略的双重继承,使得在节点的访问策略没有明确定义的地方,根据数据的层次结构传播访问策略。 验证器包括用于执行与由策略构建器插件定义的访问策略相对应的访问策略的验证器插件。

    Computer system security service
    3.
    发明授权
    Computer system security service 有权
    计算机系统安全服务

    公开(公告)号:US07512965B1

    公开(公告)日:2009-03-31

    申请号:US09611463

    申请日:2000-07-07

    IPC分类号: H04L9/00

    CPC分类号: H04L63/20

    摘要: A security service of computer networks having a policy builder, an LDAP-compliant database, a validator and an API. The policy builder component provides a graphical user interface to be used by a policy manager to define access policies for users seeking to access network services and resources. The graphical user interface has a grid of nodes representing access policies. The grid is arranged to correspond to a defined tree structure representing services and resources and a business relationship tree structure representing users. The graphical user interface permits the policy manager to define policy builder plug-ins for access policy customization. The LDAP-compliant database maintains the policy builder plug-ins. The validator component receives requests from users and queries the LDAP-compliant database to obtain relevant access policies as defined by the policy manager. The system provides for double inheritance of access policies such that where there is no express definition of an access policy for a node, the access policies are propagated according to the hierarchical structures of the data. The validator includes validator plug-ins for carrying out access policies corresponding to the access policies defined by policy builder plug-ins.

    摘要翻译: 具有策略构建器,符合LDAP的数据库,验证器和API的计算机网络的安全服务。 策略构建器组件提供了一个图形用户界面,由策略管理器用于为寻求访问网络服务和资源的用户定义访问策略。 图形用户界面具有表示访问策略的节点网格。 网格被布置为对应于表示服务和资源的定义的树结构以及表示用户的业务关系树结构。 图形用户界面允许策略管理器定义用于访问策略定制的策略构建器插件。 符合LDAP的数据库维护策略构建器插件。 验证器组件接收来自用户的请求,并查询符合LDAP的数据库,以获取策略管理器定义的相关访问策略。 该系统提供访问策略的双重继承,使得在节点的访问策略没有明确定义的地方,根据数据的层次结构传播访问策略。 验证器包括用于执行与由策略构建器插件定义的访问策略相对应的访问策略的验证器插件。

    Generation and use of digital signatures
    4.
    发明授权
    Generation and use of digital signatures 有权
    生成和使用数字签名

    公开(公告)号:US07234060B1

    公开(公告)日:2007-06-19

    申请号:US09614487

    申请日:2000-07-11

    IPC分类号: G06F17/00

    CPC分类号: G06F21/64 H04L9/3247

    摘要: A digital signature is generated in association with target data. The computer generating the digital data encrypts the digital signature using a public key encryption system. The private key is stored in dynamic memory in a secure manner. The public key associated with the private key is stored in an accessible database. The public key is accessed from the database and used by recipient computers to authenticate the target data by decrypting the encrypted digital signature. When the computer generating the digital signature is restarted, the private key stored in dynamic memory is lost. The computer obtains a new private and public key pair from the public key encryption system. The previously used public key is maintained in the database until a predefined time has elapsed, after which it is removed from the database.

    摘要翻译: 与目标数据相关联地生成数字签名。 生成数字数据的计算机使用公钥加密系统加密数字签名。 私钥以安全的方式存储在动态内存中。 与私钥相关联的公钥存储在可访问的数据库中。 从数据库访问公共密钥,并由收件人电脑通过解密加密的数字签名对目标数据进行身份验证。 当重新启动生成数字签名的计算机时,存储在动态内存中的私钥将丢失。 计算机从公钥加密系统获取新的私钥和公钥对。 先前使用的公钥保留在数据库中,直到预定义的时间过去,然后从数据库中删除它。