利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

8 条记录 (耗时 0.028 秒)

    Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism
    1.
    发明授权
    Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism 有权
    密码执法,多角色,有策略的对象传播控制机制

    公开(公告)号:US07640429B2

    公开(公告)日:2009-12-29

    申请号:US10788151

    申请日:2004-02-26

    申请人: Ming-Yuh Huang Paul L. Allen Phyllis Melvin Keith E. Williamson Philip J. Attfield

    发明人: Ming-Yuh Huang Paul L. Allen Phyllis Melvin Keith E. Williamson Philip J. Attfield

    IPC分类号: H04L29/06

    CPC分类号: G06F21/6218

    摘要: An apparatus to implement role based access control which reduces administrative expenses associated with managing access in accordance with policies and roles. The apparatus includes a memory storing a first role based access control condition associated with an action and a subsystem executing an enforcement entity and a decision entity. In various forms, the two entities are independent entities. The enforcement entity receives a request for the action from a requestor with a role. Additionally, the enforcement entity communicates the role and the request to the decision entity for the decision entity's decision of whether the role satisfies the first condition. The decision entity then communicates the decision to the enforcement entity. Accordingly, the enforcement entity allows or denies the requester the action based on the decision made by the decision entity.

    摘要翻译: 实现基于角色的访问控制的装置,其减少与根据策略和角色管理访问相关联的管理费用。 该装置包括存储与动作相关联的第一基于角色的访问控制条件的存储器和执行执行实体和决策实体的子系统。 以各种形式,这两个实体是独立实体。 执行实体从具有角色的请求者接收到该操作的请求。 此外,执行实体将角色和请求传达给决策实体,以便决策实体决定角色是否满足第一个条件。 决策实体然后将决定传达给执行实体。 因此,执行实体允许或拒绝请求者基于决策实体作出的决定的动作。

    Implementing access control policies across dissimilar access control platforms
    3.
    发明授权
    Implementing access control policies across dissimilar access control platforms 有权
    在不同的访问控制平台上实现访问控制策略

    公开(公告)号:US08056114B2

    公开(公告)日:2011-11-08

    申请号:US11209987

    申请日:2005-08-23

    申请人: Paul L. Allen Ming-Yuh Huang Phyllis Melvin

    发明人: Paul L. Allen Ming-Yuh Huang Phyllis Melvin

    IPC分类号: G06F17/00 H04L29/06

    CPC分类号: G06Q10/06 G06F21/6236

    摘要: A method of implementing access control requirements to control access to a plurality of system resources. The requirements are modeled as contents of security policies. The security policy contents are integrated into a policy set. Representations of the integrated policy set are generated, each representation corresponding to a target system that controls access to the resources. The policy set representation(s) are integrated with the corresponding target system(s) to implement the policy set. This method makes it possible to implement high-level security requirements correctly and consistently across systems of a system-of-systems (SoS) and/or distributed system.

    摘要翻译: 一种实现访问控制要求以控制对多个系统资源的访问的方法。 这些要求被模拟为安全策略的内容。 安全策略内容被集成到策略集中。 生成集成策略集的表示形式,每个表示对应于控制对资源的访问的目标系统。 策略集表示与相应的目标系统集成以实现策略集。 这种方法使得可以在系统级(SoS)和/或分布式系统的系统上正确和一致地实现高级安全性要求。

    Implementing access control policies across dissimilar access control platforms
    5.
    发明申请
    Implementing access control policies across dissimilar access control platforms 有权
    在不同的访问控制平台上实现访问控制策略

    公开(公告)号:US20070056019A1

    公开(公告)日:2007-03-08

    申请号:US11209987

    申请日:2005-08-23

    申请人: Paul Allen Ming-Yuh Huang Phyllis Melvin

    发明人: Paul Allen Ming-Yuh Huang Phyllis Melvin

    IPC分类号: H04L9/00

    CPC分类号: G06Q10/06 G06F21/6236

    摘要: A method of implementing access control requirements to control access to a plurality of system resources. The requirements are modeled as contents of security policies. The security policy contents are integrated into a policy set. Representations of the integrated policy set are generated, each representation corresponding to a target system that controls access to the resources. The policy set representation(s) are integrated with the corresponding target system(s) to implement the policy set. This method makes it possible to implement high-level security requirements correctly and consistently across systems of a system-of-systems (SoS) and/or distributed system.

    摘要翻译: 一种实现访问控制要求以控制对多个系统资源的访问的方法。 这些要求被模拟为安全策略的内容。 安全策略内容被集成到策略集中。 生成集成策略集的表示形式,每个表示对应于控制对资源的访问的目标系统。 策略集表示与相应的目标系统集成以实现策略集。 这种方法使得可以在系统级(SoS)和/或分布式系统的系统上正确和一致地实现高级安全性要求。

    Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism
    6.
    发明申请
    Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism 有权
    密码执法,多角色,有策略的对象传播控制机制

    公开(公告)号:US20050193196A1

    公开(公告)日:2005-09-01

    申请号:US10788151

    申请日:2004-02-26

    申请人: Ming-Yuh Huang Paul Allen Phyllis Melvin Keith Williamson Philip Attfield

    发明人: Ming-Yuh Huang Paul Allen Phyllis Melvin Keith Williamson Philip Attfield

    IPC分类号: G06F21/00 H04L9/00

    CPC分类号: G06F21/6218

    摘要: An apparatus to implement role based access control which reduces administrative expenses associated with managing access in accordance with policies and roles. The apparatus includes a memory storing a first role based access control condition associated with an action and a subsystem executing an enforcement entity and a decision entity. In one preferred form, the two entities are independent entities. The enforcement entity receives a request for the action from a requestor with a role. Additionally, the enforcement entity communicates the role and the request to the decision entity for the decision entity's decision of whether the role satisfies the first condition. The decision entity then communicates the decision to the enforcement entity. Accordingly, the enforcement entity allows or denies the requestor the action based on the decision made by the decision entity.

    摘要翻译: 实现基于角色的访问控制的装置,其减少与根据策略和角色管理访问相关联的管理费用。 该装置包括存储与动作相关联的第一基于角色的访问控制条件的存储器和执行执行实体和决策实体的子系统。 在一个优选形式中,两个实体是独立实体。 执行实体从具有角色的请求者接收到该操作的请求。 此外,执行实体将角色和请求传达给决策实体,以便决策实体决定角色是否满足第一个条件。 决策实体然后将决定传达给执行实体。 因此,执行实体根据决策实体作出的决定允许或拒绝请求者采取行动。

    Distributed security architecture
    7.
    发明授权
    Distributed security architecture 有权
    分布式安全架构

    公开(公告)号:US08434125B2

    公开(公告)日:2013-04-30

    申请号:US12043034

    申请日:2008-03-05

    申请人: Tirumale K. Ramesh John L. Meier Jason Edward Amanatullah Ming-Yuh Huang

    发明人: Tirumale K. Ramesh John L. Meier Jason Edward Amanatullah Ming-Yuh Huang

    IPC分类号: H04L29/06

    CPC分类号: H04L63/08 H04L63/0218 H04L63/0263 H04L63/101 H04L63/20 H04L69/32

    摘要: A distributed security architecture may include: a mobile anti-tamper hardware policy enforcement point configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point; a mobile anti-tamper hardware policy decision point encapsulated within the mobile anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution modes configured to distribute and/or update communication and routing security policies to the mobile client; a contextual manager configured to handle system-wide status change update signaling; and a mobility authentication manager configured to provide mobile clients with registration and credential/role assignments based on mobile access policies. The distributed security architecture may be configured to provide open system interconnection layer 3.5 policy-based secure routing, and open system interconnection layer 2 policy-based mandatory access control address filtering to provide secure communication and computing for layers 4, 5, 6, and 7.

    摘要翻译: 分布式安全架构可以包括:移动防篡改硬件策略执行点,被配置为通过在策略决策点内执行通信策略来控制移动客户端的通信行为; 封装在移动防篡改硬件策略执行点内的移动防篡改硬件策略决策点; 策略分配模式的策略交换通道,被配置为向移动客户端分发和/或更新通信和路由安全策略; 配置为处理全系统状态改变更新信令的上下文管理器; 以及移动性认证管理器,被配置为基于移动接入策略向移动客户端提供注册和凭证/角色分配。 分布式安全架构可以被配置为提供开放系统互连层3.5基于策略的安全路由,以及开放的系统互连层2基于策略的强制访问控制地址过滤,以为层4,5,6和7提供安全的通信和计算 。

    DISTRIBUTED SECURITY ARCHITECTURE
    8.
    发明申请
    DISTRIBUTED SECURITY ARCHITECTURE 有权
    分布式安全架构

    公开(公告)号:US20090228951A1

    公开(公告)日:2009-09-10

    申请号:US12043034

    申请日:2008-03-05

    申请人: Tirumale K. Ramesh John L. Meier Jason Edward Amanatullah Ming-Yuh Huang

    发明人: Tirumale K. Ramesh John L. Meier Jason Edward Amanatullah Ming-Yuh Huang

    IPC分类号: G06F7/04

    CPC分类号: H04L63/08 H04L63/0218 H04L63/0263 H04L63/101 H04L63/20 H04L69/32

    摘要: A distributed security architecture may include: a mobile anti-tamper hardware policy enforcement point configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point; a mobile anti-tamper hardware policy decision point encapsulated within the mobile anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution modes configured to distribute and/or update communication and routing security policies to the mobile client; a contextual manager configured to handle system-wide status change update signaling; and a mobility authentication manager configured to provide mobile clients with registration and credential/role assignments based on mobile access policies. The distributed security architure may be configured to provide open system inteconnection layer 3.5 policy-based secure routing, and open system inteconnection layer 2 policy-based mandatory access control address filtering to provide secure communication and computing for layers 4, 5, 6, and 7.

    摘要翻译: 分布式安全架构可以包括:移动防篡改硬件策略执行点,被配置为通过在策略决策点内执行通信策略来控制移动客户端的通信行为; 封装在移动防篡改硬件策略执行点内的移动防篡改硬件策略决策点; 策略分配模式的策略交换通道,被配置为向移动客户端分发和/或更新通信和路由安全策略; 配置为处理全系统状态改变更新信令的上下文管理器; 以及移动性认证管理器,被配置为基于移动接入策略向移动客户端提供注册和凭证/角色分配。 分布式安全架构可以被配置为提供开放系统连接层3.5基于策略的安全路由,以及开放系统连接层2基于策略的强制访问控制地址过滤,以为层4,5,6和7提供安全的通信和计算 。