公开(公告)号：US20070260737A1

公开(公告)日：2007-11-08

申请号：US11408184

申请日：2006-04-21

申请人： Jose Gomes ,  Paolina Centonze ,  Sai Zeng ,  Man Singh ,  Ioana Boier-Martin ,  Laurent Balmelli

发明人： Jose Gomes ,  Paolina Centonze ,  Sai Zeng ,  Man Singh ,  Ioana Boier-Martin ,  Laurent Balmelli

IPC分类号： G06F15/16

CPC分类号： G06F8/24 ,  G06F9/451

摘要： A computer-implemented method (and structure) for creating a service client for a service and a role includes exercising an application programming interface (API) of the service to perform activities of the role, discovering data and behavioral models exposed by the service during this exercise, and configuring a selected set of graphical user interface (GUI) components to represent the discovered data and behavioral models for the activities of the role.

摘要翻译： 用于为服务和角色创建服务客户端的计算机实现的方法（和结构）包括：运行该服务的应用程序编程接口（API）以执行该角色的活动，发现由该服务暴露的数据和行为模型 锻炼和配置所选择的一组图形用户界面（GUI）组件以表示用于角色的活动的发现的数据和行为模型。

公开(公告)号：US20080109272A1

公开(公告)日：2008-05-08

申请号：US11557520

申请日：2006-11-08

申请人： Anshul Sheopuri ,  Paolina Centonze ,  Sai Zeng ,  Jose Gomes ,  Ioana Boier-Martin

发明人： Anshul Sheopuri ,  Paolina Centonze ,  Sai Zeng ,  Jose Gomes ,  Ioana Boier-Martin

IPC分类号： G06Q10/00 ,  G07F17/10

CPC分类号： G06Q10/10 ,  G06Q40/00

摘要： In one non-limiting aspect thereof the exemplary embodiments of this invention provide a computer-implemented method to make a decision as to whether a particular claim submitted by a first economic agent for approval by a second economic agent may be a fraudulent claim. The method includes applying statistics to information representing a proxy of fraud to generate an estimate of a probability of fraud for the particular claim; updating the estimate of the probability of fraud using decision making under uncertainty that is based at least in part on at least one type of additional information; applying game theory to the updated estimate of the probability of fraud to model strategic behavior between the first and second economic agents; and generating a recommendation to audit or not audit the particular claim. The proxy of fraud may be imperfect proxy of fraud, such as is found in nascent industries.

摘要翻译： 在其一个非限制性方面，本发明的示例性实施例提供了一种计算机实现的方法，用于作出关于由第一经济代理人提交以由第二经济代理人批准的特定索赔是否为欺诈性索赔的决定。 该方法包括将统计信息应用于代表欺诈代理的信息以产生针对特定权利要求的欺诈概率的估计; 至少部分地基于至少一种类型的附加信息来更新使用不确定性下的决策的欺诈概率的估计; 将游戏理论应用于对第一和第二经济主体之间的战略行为模拟欺诈概率的更新估计; 并产生建议来审核或不审核特定的权利要求。 欺诈的代理可能是欺诈行为的不完美代理，如在新兴行业中发现的。

公开(公告)号：US09449190B2

公开(公告)日：2016-09-20

申请号：US12127298

申请日：2008-05-27

申请人： Paolina Centonze ,  Jose Gomes ,  Marco Pistoia

发明人： Paolina Centonze ,  Jose Gomes ,  Marco Pistoia

IPC分类号： G06F21/00 ,  G06F21/62

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  G06F2221/2149

摘要： A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.

摘要翻译： 用于识别安全授权和特权代码要求的系统，方法和计算机程序产品; 用于验证使用静态分析进行的分析; 用于自动评估现有安全策略; 用于检测代码中的问题; 在执行软件程序的运行时执行环境中。 该方法包括：响应于程序尝试访问需要授权的资源，实施用于识别执行程序中的程序点的反射对象，其中发生授权失败; 经由用户界面显示所识别的节目点的实例，所识别的实例是用户可选择的; 对于选定的程序点，实时地确定访问受限资源的授权和特权代码要求; 并且使得用户能够经由用户界面来选择是否应当授予所需的授权，其中本地系统提供需要授权的资源的细粒度访问。

公开(公告)号：US20070261124A1

公开(公告)日：2007-11-08

申请号：US11416839

申请日：2006-05-03

申请人： Paolina Centonze ,  Jose Gomes ,  Marco Pistoia

发明人： Paolina Centonze ,  Jose Gomes ,  Marco Pistoia

IPC分类号： H04L9/32 ,  G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00 ,  H04L9/00 ,  H04N7/16

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  G06F2221/2149

摘要： A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.

摘要翻译： 用于识别安全授权和特权代码要求的系统，方法和计算机程序产品; 用于验证使用静态分析进行的分析; 用于自动评估现有安全策略; 用于检测代码中的问题; 在执行软件程序的运行时执行环境中。 该方法包括：响应于程序尝试访问需要授权的资源，实施用于识别执行程序中的程序点的反射对象，其中发生授权失败; 经由用户界面显示所识别的节目点的实例，所识别的实例是用户可选择的; 对于选定的程序点，实时地确定访问受限资源的授权和特权代码要求; 并且使得用户能够经由用户界面来选择是否应当授予所需的授权，其中本地系统提供需要授权的资源的细粒度访问。

公开(公告)号：US20090007223A1

公开(公告)日：2009-01-01

申请号：US12127298

申请日：2008-05-27

申请人： Paolina Centonze ,  Jose Gomes ,  Marco Pistoia

发明人： Paolina Centonze ,  Jose Gomes ,  Marco Pistoia

IPC分类号： G06F21/00

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  G06F2221/2149

摘要： A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.

摘要翻译： 用于识别安全授权和特权代码要求的系统，方法和计算机程序产品; 用于验证使用静态分析进行的分析; 用于自动评估现有安全策略; 用于检测代码中的问题; 在执行软件程序的运行时执行环境中。 该方法包括：响应于程序尝试访问需要授权的资源，实施用于识别执行程序中的程序点的反射对象，其中发生授权失败; 经由用户界面显示所识别的节目点的实例，所识别的实例是用户可选择的; 对于选定的程序点，实时地确定访问受限资源的授权和特权代码要求; 并且使得用户能够经由用户界面来选择是否应当授予所需的授权，其中本地系统提供需要授权的资源的细粒度访问。

公开(公告)号：US20150089637A1

公开(公告)日：2015-03-26

申请号：US14033502

申请日：2013-09-22

申请人： Paolina Centonze ,  Yinnon Avraham Haviv ,  Roee Hay ,  Marco Pistoia ,  Adi Sharabani ,  Omer Tripp

发明人： Paolina Centonze ,  Yinnon Avraham Haviv ,  Roee Hay ,  Marco Pistoia ,  Adi Sharabani ,  Omer Tripp

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F21/51 ,  G06F21/604 ,  H04L63/102 ,  H04L63/20

摘要： Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

摘要翻译： 访问控制和信息流完整性策略在计算系统中通过检测在计算系统上运行的应用的软件代码中的安全敏感的汇和从计算系统可访问的数据库检索访问控制策略来实施。 访问控制策略将计算系统内的一组访问权限映射到多个主体中的每一个。 对于每个检测到的安全敏感接收器，检测到影响该安全敏感信宿的所有主体，并通过对该安全敏感信宿的所有影响主体的访问权限集合的交集来分配每个安全敏感信宿的总访问权限 水槽。 如果此权限集不足，则会报告完整性违规。 此外，权限标签分配给在安全敏感的接收器中使用的变量的每个值。 每个权限标签都是一组权限。

公开(公告)号：US08572727B2

公开(公告)日：2013-10-29

申请号：US12624172

申请日：2009-11-23

申请人： Paolina Centonze ,  Yinnon Avraham Haviv ,  Roee Hay ,  Marco Pistoia ,  Adi Sharabani ,  Omer Tripp

发明人： Paolina Centonze ,  Yinnon Avraham Haviv ,  Roee Hay ,  Marco Pistoia ,  Adi Sharabani ,  Omer Tripp

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/51 ,  G06F21/604 ,  H04L63/102 ,  H04L63/20

摘要： Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.

摘要翻译： 访问控制和信息流完整性策略在计算系统中通过检测在计算系统上运行的应用的软件代码中的安全敏感的汇和从计算系统可访问的数据库检索访问控制策略来实施。 访问控制策略将计算系统内的一组访问权限映射到多个主体中的每一个。 对于每个检测到的安全敏感接收器，检测到影响该安全敏感信宿的所有主体，并通过对该安全敏感信宿的所有影响主体的访问权限集合的交集来分配每个安全敏感信宿的总访问权限 水槽。 如果此权限集不足，则会报告完整性违规。 此外，权限标签分配给在安全敏感的接收器中使用的变量的每个值。 每个权限标签都是一组权限。

公开(公告)号：US08230477B2

公开(公告)日：2012-07-24

申请号：US11677298

申请日：2007-02-21

申请人： Paolina Centonze ,  Marco Pistoia

发明人： Paolina Centonze ,  Marco Pistoia

IPC分类号： G06F21/00

CPC分类号： H04L63/102 ,  G06F21/604

摘要： The present invention relates to methodologies for combining policy analysis and static analysis of code and thereafter determining whether the permissions granted by the policy to the code and to the subjects executing it are appropriate. In particular, this involves the verification that too many permissions have not been granted (wherein this would be a violation of the Principle of Least Privilege), and that the permissions being granted are sufficient to execute the code without run-time authorization failures, thus resulting in the failure of the program to execute.

摘要翻译： 本发明涉及用于组合策略分析和代码的静态分析的方法，此后确定由策略授予代码的权限和执行代码的对象是否合适。 特别地，这涉及验证是否没有授予太多的权限（其中这将违反最优权限的原则），并且被许可的权限足以执行代码而没有运行时授权失败，因此 导致程序执行失败。

公开(公告)号：US08473899B2

公开(公告)日：2013-06-25

申请号：US12638581

申请日：2009-12-15

申请人： Paolina Centonze ,  Mohammed Mostafa ,  Marco Pistoia ,  Takaaki Tateishi

发明人： Paolina Centonze ,  Mohammed Mostafa ,  Marco Pistoia ,  Takaaki Tateishi

IPC分类号： G06F9/44 ,  G06F9/45 ,  G06F17/20 ,  G06F17/15 ,  G06F15/16

CPC分类号： G06F8/4434

摘要： Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes identifying an application program interface to reduce the semantically equivalent objects to a single object in a single memory location.

摘要翻译： 获取到输入面向对象的计算机程序。 在输入面向对象的计算机程序中，识别了语义上等效的对象，存在于不同的存储器位置。 如果以下中的至少一个：用于语义等效对象的多个事件超过第一阈值，则该阈值为至少两个; 并且对于语义上等价的对象的多个等式测试超过第二阈值，则进一步的步骤包括识别应用程序接口以将语义上等价的对象减少到单个存储器位置中的单个对象。

公开(公告)号：US20130013367A1

公开(公告)日：2013-01-10

申请号：US13618320

申请日：2012-09-14

申请人： Mondhar Ben-Hamida ,  Chad Boucher ,  Paolina Centonze ,  Mary E. Helander ,  Kaan K. Katircloglu ,  Karthik Sourirajan

发明人： Mondhar Ben-Hamida ,  Chad Boucher ,  Paolina Centonze ,  Mary E. Helander ,  Kaan K. Katircloglu ,  Karthik Sourirajan

IPC分类号： G06Q10/06

CPC分类号： G06Q10/06315 ,  G06Q10/08 ,  G06Q30/0283 ,  Y02P90/84 ,  Y02P90/845 ,  Y02P90/90

摘要： Embodiments of the invention provide a method, system and computer program product for carbon management for sourcing and logistics. In one embodiment, the method comprises using a computer for quantifying both a cost and a carbon impact of one or more logistics policies relating to a manufacturing process; and minimizing the cost and carbon impact using a defined equation including a first component representing a transportation cost, and a second component representing a carbon cost. In an embodiment of the invention, the quantifying includes using an analytics engine to quantify the cost and carbon impact. The analytics engine may include a shipment analysis module to calculate an optimal transportation policy, a sourcing analysis module for testing alternate sourcing options, a scenario analysis module to find an optimal order frequency, and a sensitivity analysis module to test the impact of various changes.