-
1.发明授权Method and apparatus for processing requests in a network data processing system based on a trust association between servers 有权基于服务器之间的信任关联在网络数据处理系统中处理请求的方法和装置公开(公告)号:US06965939B2
公开(公告)日:2005-11-15
申请号:US09755351
申请日:2001-01-05
CPC分类号: H04L63/0281 , H04L63/08 , H04L63/0807 , H04L63/102 , H04L67/28 , H04L67/2804
摘要: A method, apparatus, and computer implemented instructions for handling requests in a network data processing system. The network data processing system includes a network and clients connected to the network. A first server is present in which the first server receives a request from a client to access a resource, performs an authentication process with the client, add information to the request in which the information indicates that the request is from a trusted source to form a modified request, and sends the modified request for processing. This modified request is received by a second server. This second server determines whether the first server is a trusted server based on the information, and provides access to the resource in response to a determination that the first server is a trusted server. If the second server receives the request directly from a client, it would process the request by itself instead of basing its trust on any of the known first servers.
摘要翻译: 一种用于在网络数据处理系统中处理请求的方法,装置和计算机实现的指令。 网络数据处理系统包括网络和连接到网络的客户端。 存在第一服务器,其中第一服务器从客户端接收到访问资源的请求,与客户端进行认证处理,向请求添加信息,在该请求中,该信息指示请求来自可信源,以形成 修改请求,并发送修改后的请求进行处理。 该修改的请求由第二服务器接收。 该第二服务器基于该信息确定第一服务器是否为可信服务器,并响应于确定第一服务器是可信服务器而提供对资源的访问。 如果第二台服务器直接从客户端收到请求,它将自己处理该请求,而不是将其信任放在任何已知的第一台服务器上。
-
2.发明授权Method and apparatus for securing session information of users in a web application server environment 有权用于在Web应用服务器环境中保护用户的会话信息的方法和装置公开(公告)号:US07043455B1
公开(公告)日:2006-05-09
申请号:US09627373
申请日:2000-07-28
IPC分类号: G06F19/00
CPC分类号: H04L63/08 , G06Q20/3674 , G06Q20/382 , G06Q20/401
摘要: A method and apparatus for securing hypertext transfer protocol sessions authenticates a user's credentials before creating a session. The present invention then associates the session with the credentials. Subsequent requests are submitted with the session ID and the user credentials to be associated with the session. Therefore, an unauthorized user that has obtained a session ID cannot gain access to sensitive content associated with the session without possessing the valid credentials.
摘要翻译: 用于保护超文本传输协议会话的方法和装置在创建会话之前认证用户的凭证。 然后,本发明将会话与凭证相关联。 随后的请求将被提交与会话ID和与会话相关联的用户凭据。 因此,获得会话ID的未经授权的用户无法访问与会话相关联的敏感内容,而不拥有有效的凭证。
-
公开(公告)号:US07051201B2
公开(公告)日:2006-05-23
申请号:US10099739
申请日:2002-03-15
IPC分类号: G06F1/26
CPC分类号: G06F21/6227 , H04L63/0209 , H04L63/0428
摘要: A method for securing cached data in an enterprise environment. The method can include processing a request to locate data in a query cache. If the data can be located in the query cache, the data can be retrieved from the query cache. Additionally, at least one encrypted portion of the retrieved data can be decrypted. Finally, the decrypted portion and any remaining unencrypted portion of the retrieved data can be forwarded to a requesting client. By comparison, if the data cannot be located in the query cache, the data can be retrieved from a back-end data source over a computer communications network, and forwarded to the requesting client. Additionally, at least a portion of the retrieved data can be encrypted and both the encrypted portion and any remaining unencrypted portion can be stored in the query cache.
-
公开(公告)号:US10984457B2
公开(公告)日:2021-04-20
申请号:US11849210
申请日:2007-08-31
摘要: Embodiments of the present invention address deficiencies of the art in respect to privacy data management and provide a novel and non-obvious method, system and computer program product for trusted statement verification for data privacy. In one embodiment of the invention, a method for trusted statement verification for data privacy can be provided. The method can include deducing a claim from an attribute for personal data for an end user, receiving a request from a personal data consumer to vouch for an assertion based upon the attribute, comparing the assertion to the claim, and providing a voucher for the assertion to the personal data consumer on behalf of the end user if the claim supports the assertion without revealing the attribute to the personal data consumer.
-
公开(公告)号:US09727899B2
公开(公告)日:2017-08-08
申请号:US12791938
申请日:2010-06-02
CPC分类号: G06Q30/06 , G06Q30/018 , G06Q30/0185
摘要: A method, system, and computer usable program product for improved manufacturing and distribution to avoid counterfeit products in a supply chain are provided in the illustrative embodiments. For manufacturing to avoid a counterfeit product, a product to be manufactured is selected. Production volume information is determined, the production volume information including a number of units of the product to be produced. An identifier of a manufacturer of the product, an identifier of the product, and the production volume information are sent and several sets of identifiers are received. Each set of identifiers include identifiers corresponding to a customer reference number (CRN), a customer acknowledgment number (CAN), and a merchant acknowledgment number (MAN). One set of identifiers is uniquely associated with one unit of the product being produced. A unit of the product is manufactured such that the unit includes a corresponding set of identifiers.
-
公开(公告)号:US09665577B2
公开(公告)日:2017-05-30
申请号:US13471541
申请日:2012-05-15
申请人: Shalini Kapoor , Palanivel A. Kodeswaran , Sridhar R. Muppidi , Nataraj Nagaratnam , Vikrant Nandakumar
发明人: Shalini Kapoor , Palanivel A. Kodeswaran , Sridhar R. Muppidi , Nataraj Nagaratnam , Vikrant Nandakumar
CPC分类号: G06F17/3007 , H04W12/08
摘要: A method, system and computer program product for controlling enterprise data on mobile devices. Data on a mobile device is tagged as being associated with either enterprise data or with personal data. Upon identifying the storage location of the tagged data and the identifier of the application that generated the tagged data, the tag, the storage location of the tagged data and the identifier of the application are stored in an index. A mobile agent residing on the mobile device may be directed by a mobile device management server of the enterprise to perform various actions (e.g., deleting, encrypting, backing-up) on the enterprise data using the index. In this manner, the enterprise has the ability to control their applications and data that resides on employees' mobile devices to ensure that such data is not lost or used in a manner that is contrary to the wishes of the employer.
-
7.发明授权Security management for an integrated console for applications associated with multiple user registries 有权用于与多个用户注册表关联的应用程序的集成控制台的安全管理公开(公告)号:US08745387B2
公开(公告)日:2014-06-03
申请号:US13453543
申请日:2012-04-23
CPC分类号: H04L29/08864 , G06F21/6227 , G06F2221/2141 , H04L29/08765 , H04L29/08936 , H04L63/102 , H04L63/20
摘要: A system for security management for applications associated with multiple user registries can include an integrated console configured to host a one or more applications or resource objects in corresponding realms. The system also can include one or more roles mapped to different ones of the resource objects and also to different users permitted to access the integrated console. The system yet further can include a user relationship system having associations with multiple different ones of the roles. Finally, the system can include console security management logic programmed to manage authentication for the users using realm of the resource object while not requiring a separate user registry for the integrated console.
摘要翻译: 用于与多个用户注册表相关联的应用的安全管理的系统可以包括被配置为托管相应领域中的一个或多个应用或资源对象的集成控制台。 系统还可以包括映射到不同资源对象的一个或多个角色,还可以包括允许访问集成控制台的不同用户。 该系统还可以包括具有与多个不同角色的关联的用户关系系统。 最后,该系统可以包括控制台安全管理逻辑,其被编程为使用资源对象的领域来管理用户的认证,而不需要用于集成控制台的单独的用户注册。
-
公开(公告)号:US08683545B2
公开(公告)日:2014-03-25
申请号:US12192769
申请日:2008-08-15
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , H04L63/20
摘要: One aspect of the present invention can include a system, a method, a computer program product and an apparatus for federating policies from multiple policy providers. The aspect can identify a set of distinct policy providers, each maintaining at least one policy related to a service or a resource. A federated policy exchange service can be established that has a policy provider plug-in for each of the distinct policy providers. The federated policy exchange service can receive requests for policies from a set of policy requesters. Each request can include a resource_id or a service_id used to uniquely identify the service or resource. The federated policy exchange service can dynamically connect to a set of the policy providers to determine policies applicable to each request. For each request, results from the policy providers can be received and processed to generate a response. The federated policy exchange service can provide the response to each policy requestor responsive in response to each response.
摘要翻译: 本发明的一个方面可以包括系统,方法,计算机程序产品和用于从多个策略提供者联合策略的装置。 该方面可以识别一组不同的策略提供者,每个策略提供者保持至少一个与服务或资源相关的策略。 可以建立联合的策略交换服务,其具有针对每个不同策略提供者的策略提供者插件。 联合策略交换服务可以从一组策略请求者接收到策略请求。 每个请求可以包括用于唯一标识服务或资源的resource_id或service_id。 联合策略交换服务可以动态地连接到一组策略提供者,以确定适用于每个请求的策略。 对于每个请求,可以接收和处理策略提供者的结果以产生响应。 联合策略交换服务可以响应于每个响应来响应每个策略请求者。
-
公开(公告)号:US08112370B2
公开(公告)日:2012-02-07
申请号:US12235900
申请日:2008-09-23
IPC分类号: G06N5/00
CPC分类号: G06F21/604
摘要: A method, system, and computer usable program product for classification and policy management for software components are provided in the illustrative embodiments. A metadata associated with an application or component is identified. A mapping determination is made whether the metadata maps to a classification in a set of classifications. A policy that is applicable to the classification is identified and associated with the classification. If the mapping determination is deterministic, the component is assigned to the classification and the policy associated with the classification is associated with the component. If the mapping determination is not deterministic, a user intervention may be necessary, the component may be classified in a default classification, or both. Because of the policy being associated with the classification, associating the policy with the component may occur based on the metadata of the application or component and its resultant classification.
摘要翻译: 在说明性实施例中提供了用于软件组件的分类和策略管理的方法,系统和计算机可用程序产品。 识别与应用或组件相关联的元数据。 做出映射确定是否元数据映射到一组分类中的分类。 识别适用于分类的策略并与分类相关联。 如果映射确定是确定性的,则将组件分配给分类,并且与分类相关联的策略与组件相关联。 如果映射确定不是确定性的,则可能需要用户干预,该组件可以被分类为默认分类,或者两者。 由于与分类相关联的策略,将策略与组件相关联可以基于应用或组件的元数据及其合成分类而发生。
-
10.发明申请DECLARATIVE INSTANCE BASED ACCESS CONTROL FOR APPLICATION RESOURCES WITH PERSISTED ATTRIBUTES AND STATE 有权具有相关属性和状态的应用资源的基于事件的基于实例的访问控制公开(公告)号:US20090183184A1
公开(公告)日:2009-07-16
申请号:US12013867
申请日:2008-01-14
IPC分类号: G06F9/54
CPC分类号: G06F9/4435 , G06F9/4493
摘要: Embodiments of the present invention provide a method, system and computer program product for declarative instance based access control for persistent application resources in a multi-tier application. In one embodiment of the invention, a method for instance based access control in a persistent application resource can be provided. The method can include creating one or more instances of an persistent application resource for a particular user or based on attributes of the user, coupling the instance(s) of the persistent application resource to a database implementing row-level access control, initializing access to the database according to a role or attribute for the particular user, and accessing a restricted set of data in the database through the instance(s) of the persistent application resource.
摘要翻译: 本发明的实施例提供了一种用于在多层应用中用于持久应用资源的基于声明性实例的访问控制的方法,系统和计算机程序产品。 在本发明的一个实施例中,可以提供用于持久应用资源中的基于实例的访问控制的方法。 该方法可以包括为特定用户创建持久性应用资源的一个或多个实例,或者基于用户的属性,将持久应用资源的实例耦合到实现行级访问控制的数据库,初始化对 数据库根据特定用户的角色或属性,以及通过持久性应用程序资源的实例访问数据库中受限制的一组数据。
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.026 秒)
