利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

36 条记录 (耗时 0.037 秒)

    Creating a privacy policy from a process model and verifying the compliance
    5.
    发明申请
    Creating a privacy policy from a process model and verifying the compliance 审中-公开
    从过程模型创建隐私策略并验证合规性

    公开(公告)号:US20060184995A1

    公开(公告)日:2006-08-17

    申请号:US11317396

    申请日:2005-12-22

    申请人: Michael Backes Guenter Karjoth Birgit Pfitzmann Matthias Schunter Michael Waidner

    发明人: Michael Backes Guenter Karjoth Birgit Pfitzmann Matthias Schunter Michael Waidner

    IPC分类号: H04L9/00

    CPC分类号: G06Q10/06 G06Q10/063

    摘要: The present invention provides methods and apparatus for creating a privacy policy from a process model, and methods and apparatus for checking the compliance of a privacy policy. An example of a method for creating a privacy policy from a process model according to the invention comprises the following steps. First, a task from the process model is chosen. Then one or more of the elements role, data, purpose, action, obligation, and condition are gathered from the task and a rule is build up by means of these elements. Finally the rule is added to the privacy policy.

    摘要翻译: 本发明提供了用于从过程模型创建隐私策略的方法和装置,以及用于检查隐私策略的合规性的方法和装置。 根据本发明的用于从过程模型创建隐私策略的方法的示例包括以下步骤。 首先,选择过程模型的任务。 然后,从任务中收集一个或多个元素的角色,数据,目的,行为,义务和条件,并通过这些元素建立规则。 最后将规则添加到隐私政策中。

    Conditionalized Access Control Based on Dynamic Content Analysis
    6.
    发明申请
    Conditionalized Access Control Based on Dynamic Content Analysis 审中-公开
    基于动态内容分析的条件化访问控制

    公开(公告)号:US20050086228A1

    公开(公告)日:2005-04-21

    申请号:US10904038

    申请日:2004-10-20

    申请人: Thomas Gross Guenter Karjoth Matthias Schunter

    发明人: Thomas Gross Guenter Karjoth Matthias Schunter

    IPC分类号: G06F17/30 G06F21/00 H04L29/06

    CPC分类号: H04L63/10 G06F21/6209 G06F21/6218

    摘要: According to the present invention, there is provided a method and apparatus for controlling an access for a client application residing on a user computer to data stored on a network computer within a network. The method comprises the steps of receiving a request from the user computer for accessing the data; retrieving the data from the network computer and storing it in a memory; deriving from the stored data at least one attribute that relates to the content of the data; and deciding based on the derived at least one attribute whether or not the data stored in the memory is provided to the user computer

    摘要翻译: 根据本发明,提供了一种用于控制驻留在用户计算机上的客户端应用程序对存储在网络中的网络计算机上的数据的访问的方法和装置。 该方法包括从用户计算机接收用于访问数据的请求的步骤; 从网络计算机检索数据并将其存储在存储器中; 从存储的数据中导出与数据的内容有关的至少一个属性; 以及基于所得到的至少一个属性来确定存储在存储器中的数据是否被提供给用户计算机

    Serialization of XACML policies
    7.
    发明授权
    Serialization of XACML policies 失效
    XACML策略的序列化

    公开(公告)号:US08458764B2

    公开(公告)日:2013-06-04

    申请号:US12419445

    申请日:2009-04-07

    申请人: Guenter Karjoth Andreas Schade

    发明人: Guenter Karjoth Andreas Schade

    IPC分类号: G06F17/00

    CPC分类号: H04L63/101 G06F21/6227 G06F2221/2141 G06F2221/2145 G06F2221/2149 H04L63/20 H04L67/2823

    摘要: A computer implemented access control system, the system includes a database for storing a serialized version of an XACML permissions hierarchy. The system also includes a memory for storing an original version of the XACML permissions hierarchy, and an XACML serialization engine configured to convert the XACML permissions hierarchy into the serialized version, wherein the serialized version contains a listing of at least a portion of the predicates possible in the XACML permission hierarchy and the effect on each of the portion of the predicates.

    摘要翻译: 一种计算机实现的访问控制系统,该系统包括用于存储XACML权限层级的序列化版本的数据库。 该系统还包括用于存储XACML许可层次的原始版本的存储器,以及被配置为将XACML权限层级转换为序列化版本的XACML序列化引擎,其中序列化版本包含可能的至少一部分谓词的列表 在XACML权限层次结构中以及对谓词中每一部分的影响。

    Access control in data processing systems
    8.
    发明申请
    Access control in data processing systems 失效
    数据处理系统中的访问控制

    公开(公告)号:US20110247046A1

    公开(公告)日:2011-10-06

    申请号:US13077881

    申请日:2011-03-31

    申请人: Thomas R. Gross Guenter Karjoth

    发明人: Thomas R. Gross Guenter Karjoth

    IPC分类号: G06F21/00

    CPC分类号: H04L63/10 G06F21/00 G06F21/6218 G06F2221/2141 H04L63/20

    摘要: A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure.

    摘要翻译: 策略数据结构定义了预定授权,每个授权涉及至少一个用户访问至少一个资源以及动态访问请求的授权。 每个动态访问请求指示通过与访问资源的用户请求相关联的相应属性集以及在没有对请求的授权决定性的情况下被授予的请求来满足的条件。 如果结构没有定义对访问资源的请求的授权,则确定结构是否定义了针对请求的动态访问需求确定性,如果是,则是否根据相关属性集合来授予请求 与请求。 对于至少一个请求,在确定是否授予请求之后,向该结构添加与请求中访问资源的授权有关的动态授权。

    Anonymous Separation of Duties with Credentials
    9.
    发明申请
    Anonymous Separation of Duties with Credentials 失效
    匿名分离职责与证书

    公开(公告)号:US20110035241A1

    公开(公告)日:2011-02-10

    申请号:US12536874

    申请日:2009-08-06

    申请人: Jan Camenisch Christopher J. Giblin Thomas R. Gross Guenter Karjoth

    发明人: Jan Camenisch Christopher J. Giblin Thomas R. Gross Guenter Karjoth

    IPC分类号: G06Q10/00 G06Q99/00

    CPC分类号: G06Q10/00 G06Q10/063 G06Q20/383 G06Q30/018

    摘要: A system for anonymous separation of duties with credentials includes an identity provider, the identity provider configured to issue anonymous credentials to a user based on one or more attributes of the user; a service provider, the service provider configured to issue a pseudonym to the user based on the user's anonymous credentials, and to associate the user's pseudonym with a step of an instance of a business process hosted on the service provider, the step being completed by the user; and an auditor, the auditor configured to determine if the completion of the step of the instance of the business process by the user is compliant with a separation of duties policy.

    摘要翻译: 用于凭借凭证匿名分离职责的系统包括身份提供者,身份提供者被配置为基于用户的一个或多个属性向用户发布匿名凭证; 服务提供商,所述服务提供商被配置为基于所述用户的匿名凭证向所述用户发布假名,并且将所述用户的假名与所述服务提供商上托管的业务流程的实例的步骤相关联,所述步骤由 用户; 和审核员,审核员被配置为确定用户完成业务流程实例的步骤是否符合职责分离政策。