-
公开(公告)号:US06553384B1
公开(公告)日:2003-04-22
申请号:US09333058
申请日:1999-06-14
IPC分类号: G06F1700
CPC分类号: G06F9/548 , G06F2209/462 , H04L29/12009 , H04L29/12783 , H04L61/35 , H04L67/1002 , H04L67/1008 , Y10S707/99944
摘要: A transactional name server. One or more objects of the name server are managed as transactional objects, thereby providing a transactional name server. Atomic updates are provided in the name server by the addition of transactional semantics. The transactional semantics include making the objects of the name space managed objects and providing a local interface to a directory service that propagates a transactional context from the name server through a directory down to a resource manager.
摘要翻译: 事务名称服务器。 名称服务器的一个或多个对象作为事务对象进行管理,从而提供事务名称服务器。 原子更新通过添加事务语义在名称服务器中提供。 事务语义包括使名称空间的对象管理对象,并向目录服务提供本地接口,该目录服务将事务上下文从名称服务器通过目录下载到资源管理器。
-
2.发明授权Federation of naming contexts across multiple and/or diverse underlying directory technologies 失效跨多个和/或多个基础目录技术命名上下文的联合公开(公告)号:US06505210B1
公开(公告)日:2003-01-07
申请号:US09332301
申请日:1999-06-14
IPC分类号: G06F1200
CPC分类号: G06F9/465 , G06F2209/462 , Y10S707/99944
摘要: Resolution of a compound name of an object may indicate that a disjunction exists within the object name. This disjunction represents a foreign binding indicating that the resolve cannot be completed on one system or an alias name of the object. When a disjunction in the object name is identified, the object associated with the disjunction is obtained. Thereafter, a resolve operation on that object is performed using at least a portion of the object name.
摘要翻译: 对象的复合名称的解析可能表示对象名称中存在分离。 此分离表示外部绑定,指示无法在一个系统上完成该解析或该对象的别名。 当识别对象名称中的分离时,获得与分离关联的对象。 此后,使用对象名称的至少一部分来执行对该对象的解析操作。
-
公开(公告)号:US08230228B2
公开(公告)日:2012-07-24
申请号:US12263427
申请日:2008-10-31
申请人: Timothy J. Hahn , Heather M. Hinton
发明人: Timothy J. Hahn , Heather M. Hinton
CPC分类号: G06F21/64 , G06F2221/2101
摘要: Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.
摘要翻译: 审计记录的篡改检测包括配置代理,通过从至少一个审计记录产生源获得审计记录,将获取的审计记录分组到审计记录的子集中,并通过加密方式向子集提供篡改证据处理,从而将审计信息添加到审计信息中 计算每个审计记录子集签名的机制。 代理对子集进行分组,使得每个子集包含至少一个与下一个子集重叠的指定的结转审核记录,使得每个结转审核记录与至少两个签名相关联。 因此,代理创建一个数字签名的审计记录子集的重叠链。 代理进一步将篡改明显的审计记录从篡改证据添加代理转发到相应的审计日志存储子系统进行存储,存储计算的签名。
-
公开(公告)号:US20100115284A1
公开(公告)日:2010-05-06
申请号:US12263427
申请日:2008-10-31
申请人: Timothy J. Hahn , Heather M. Hinton
发明人: Timothy J. Hahn , Heather M. Hinton
CPC分类号: G06F21/64 , G06F2221/2101
摘要: Tamper detection of audit records comprises configuring a proxy for adding tamper evidence information to audit information by obtaining audit records from at least one audit record generating source, grouping obtained audit records into subsets of audit records and providing tamper evidence processing to the subsets utilizing a cryptographic mechanism to calculate a signature over each subset of audit records. The proxy groups the subsets such that each subset contains at least one designated carryover audit record that overlaps into a next subset so that each carryover audit record is associated with at least two signatures. As such, the proxy creates an overlapping chain of digitally signed audit records subsets. The proxy further forwards the tamper evident audit records from the tamper evidence adding proxy to a corresponding audit log storage subsystem for storage, storing the calculated signatures.
摘要翻译: 审计记录的篡改检测包括配置代理,通过从至少一个审计记录产生源获得审计记录,将获取的审计记录分组到审计记录的子集中,并通过加密方式向子集提供篡改证据处理,从而将审计信息添加到审计信息中 计算每个审计记录子集签名的机制。 代理对子集进行分组,使得每个子集包含至少一个与下一个子集重叠的指定的结转审核记录,使得每个结转审核记录与至少两个签名相关联。 因此,代理创建一个数字签名的审计记录子集的重叠链。 代理进一步将篡改明显的审计记录从篡改证据添加代理转发到相应的审计日志存储子系统进行存储,存储计算的签名。
-
5.发明授权Role-based access control management for multiple heterogeneous application components 失效基于角色的多个异构应用程序组件的访问控制管理公开(公告)号:US07676831B2
公开(公告)日:2010-03-09
申请号:US11221630
申请日:2005-09-08
申请人: Kathryn H. Britton , Dieter Buehler , Ching-Yun Chao , Timothy J. Hahn , Anthony J. Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , ChunHui Yang
发明人: Kathryn H. Britton , Dieter Buehler , Ching-Yun Chao , Timothy J. Hahn , Anthony J. Nadalin , Nataraj Nagaratnam , Yi-Hsiu Wei , ChunHui Yang
CPC分类号: G06F21/6236
摘要: Embodiments of the present invention address deficiencies of the art in respect to access control and provide a method, system and computer program product for access control management for a collection of heterogeneous application components. In a first embodiment, a data processing system for role-based access control management for multiple heterogeneous application components can include at least one business role descriptor associating a business role with multiple, different application roles for corresponding, disparate application components. The system also can include at least one access policy associating a user with the business role. Finally, the system can include policy deployment logic include program code enabled to process the access policy to assign the user to the different application roles in the disparate application components.
摘要翻译: 本发明的实施例解决了本领域在访问控制方面的缺陷,并提供了用于异构应用组件的集合的访问控制管理的方法,系统和计算机程序产品。 在第一实施例中,用于多个异构应用组件的用于基于角色的访问控制管理的数据处理系统可以包括将业务角色与用于相应的不同应用组件的多个不同应用角色相关联的至少一个业务角色描述符。 系统还可以包括将用户与业务角色相关联的至少一个访问策略。 最后,系统可以包括策略部署逻辑,包括能够处理访问策略的程序代码,以将用户分配给不同应用程序组件中的不同应用程序角色。
-
公开(公告)号:US09946848B2
公开(公告)日:2018-04-17
申请号:US12393242
申请日:2009-02-26
CPC分类号: G06F21/10 , G06F21/105 , G06F21/12 , G06F2221/0737 , H04L9/3247 , H04L9/3263 , H04L2209/60 , H04L2209/68
摘要: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.
-
公开(公告)号:US09898587B2
公开(公告)日:2018-02-20
申请号:US13454555
申请日:2012-04-24
CPC分类号: G06F21/10 , G06F21/105 , G06F21/12 , G06F2221/0737 , H04L9/3247 , H04L9/3263 , H04L2209/60 , H04L2209/68
摘要: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.
-
8.发明授权公开(公告)号:US08422686B2
公开(公告)日:2013-04-16
申请号:US12142009
申请日:2008-06-19
申请人: Christian Cachin , Robert Haas , Timothy J. Hahn , Xiaoyu Hu , Ilias Iliadis , Rene Pawlitzek , John T. Peck
发明人: Christian Cachin , Robert Haas , Timothy J. Hahn , Xiaoyu Hu , Ilias Iliadis , Rene Pawlitzek , John T. Peck
IPC分类号: H04L29/06
CPC分类号: H04L9/083 , H04L9/0891
摘要: A method for automated validation and execution of cryptographic key and certificate deployment and distribution includes providing one or more keys; providing one or more key deployment points; and distributing the one or more keys to the one or more key deployment points in an automated manner based on a matrix or pattern mapping of each of the one or more keys to be distributed to each of the one or more key deployment points.
摘要翻译: 用于自动验证和执行加密密钥和证书部署和分发的方法包括提供一个或多个密钥; 提供一个或多个关键部署点; 以及基于要分配给所述一个或多个关键部署点中的每一个的所述一个或多个密钥中的每一个的矩阵或模式映射,以自动方式将所述一个或多个密钥分发到所述一个或多个密钥部署点。
-
9.发明申请公开(公告)号:US20120216294A1
公开(公告)日:2012-08-23
申请号:US13454555
申请日:2012-04-24
IPC分类号: G06F21/00
CPC分类号: G06F21/10 , G06F21/105 , G06F21/12 , G06F2221/0737 , H04L9/3247 , H04L9/3263 , H04L2209/60 , H04L2209/68
摘要: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.
摘要翻译: 提供了用于建立计算机程序产品的权利的技术,并且包括在注册过程中提供客户端身份以产生授权文件,获得计算机程序产品的编码版本,以及将计算机程序产品变换为安装产品 计算机存储介质,其中安装产品包括授权文件以建立计算机程序产品的有权使用。 此外,用于促进计算机程序产品的安全符合性的技术包括提供计算机程序产品的编码版本,并为计算机程序产品提供安装产品构建器,其中安装产品构建器使用计算机存储介质中的安装产品 客户端身份和计算机程序产品的编码版本,并且其中所创建的安装产品包括授权文件,以促进计算机程序产品的安全符合性。
-
公开(公告)号:US06711679B1
公开(公告)日:2004-03-23
申请号:US09282871
申请日:1999-03-31
申请人: Richard H. Guski , Timothy J. Hahn
发明人: Richard H. Guski , Timothy J. Hahn
IPC分类号: H04L900
CPC分类号: H04L63/0428 , H04L9/006 , H04L9/3247 , H04L9/3263 , H04L9/3297 , H04L63/0823 , H04L63/126 , H04L2209/80
摘要: An approach for allowing a server to act on behalf of an original requestor (originator) which includes an approach for indicating the chain of servers through which the original request came has been defined. This provides a mechanism for a server to act as a “delegate” for a request made by an originator. This approach uses PKI constructs and relies upon public-private key digital signatures for verifying the validity if the “delegation” information. The approach described here allows the originator some control over the extent to which its identity can be used on its behalf by servers that it contacts and servers that are contacted on its behalf. The entire “delegation chain” is contained within the construct, allowing examination of the “path” that a request has taken in getting to a server from which service was requested.
摘要翻译: 允许服务器代表原始请求者(发起方)采取行动的方法,其中包括用于指示原始请求到达的服务器链的方法。 这提供了一种机制,使服务器充当发起者发出的请求的“委托”。 这种方法使用PKI结构,并且依赖于公共 - 私人密钥数字签名来验证“授权”信息的有效性。 这里描述的方法允许发起者对其联系的服务器以及代表其联系的服务器代表其身份可以使用的程度进行一些控制。 整个“代理链”包含在构造中,允许检查请求在获得服务所请求的服务器上所采用的“路径”。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.037 秒)
