-
公开(公告)号:US20050102535A1
公开(公告)日:2005-05-12
申请号:US10961351
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
IPC分类号: G06F11/30 , G06F15/173 , G06F21/00 , H04L9/00
CPC分类号: G06F21/6218 , H04L63/105 , H04L63/20
摘要: A system and method distributed enterprise security, comprising, a security control module (SCM) operable to accept information, wherein the information include one or more of: a policy and configuration information at least one security service module (SSM) operable to accept the information from SCM at least one security service providers coupled to the at least one SSM, wherein the at least one security service providers is cable of at least one of, authentication of a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource, and wherein the information accepted by the SCM is relevant to one or more of the at least one SSMs.
摘要翻译: 一种系统和方法分布式企业安全性,包括:可操作以接受信息的安全控制模块(SCM),其中所述信息包括以下各项中的一个或多个:策略和配置信息,至少一个安全服务模块(SSM),可操作以接受信息 所述至少一个安全服务提供者耦合到所述至少一个SSM,其中所述至少一个安全服务提供者是至少一个用户的认证,基于所述信息确定是否允许对资源的访问, 审核安全决策,以及将认证身份映射到要用于认证目标资源的一组凭证,并且其中由所述SCM接受的所述信息与所述至少一个SSM中的一个或多个相关。
-
公开(公告)号:US20050102401A1
公开(公告)日:2005-05-12
申请号:US10961677
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
IPC分类号: G06F11/30 , G06F15/173 , G06F21/00 , H04L9/00
CPC分类号: G06F21/6218 , H04L63/105 , H04L63/20
摘要: A system and method for a distributed system for controlling access to a first resource in a hierarchy of resources, comprising, a distributor located on a first server and capable of distributing to a second server a first policy for the first resource, a security service module (SSM) located on the second server and capable of managing based on the first policy conditions for access to at least one of: the first resource and a second resource that is hierarchically inferior to the first resource, and wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.
摘要翻译: 一种用于控制对资源层级中的第一资源的访问的分布式系统的系统和方法,包括位于第一服务器上并且能够向第二服务器分发第一资源的第一策略的分发器,安全服务模块 (SSM),其能够基于所述第一策略条件来管理以访问以下中的至少一个:所述第一资源和所述第一资源分级地劣于所述第一资源的第二资源,并且其中所述第一策略可以被重写 通过第二策略,其中所述第二策略指定对于与所述第一资源分级地劣化的资源的访问条件。
-
公开(公告)号:US20050102510A1
公开(公告)日:2005-05-12
申请号:US10961637
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
IPC分类号: G06F11/30 , G06F15/173 , G06F21/00 , H04L9/00
CPC分类号: G06F21/6218 , H04L63/105 , H04L63/20
摘要: A method for delegating enterprise security capabilities, comprising, providing a capability for a first user, wherein the capability can be expressed as a policy, delegating the capability from the first user to a second user, wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability, and wherein the delegated capability is propagated in a distributed enterprise security system.
摘要翻译: 一种用于委派企业安全能力的方法,包括:为第一用户提供能力,其中所述能力可以表示为策略,将所述能力从所述第一用户委派给第二用户,其中所述第二用户被允许具有所述能力 仅在第一用户被允许具有能力的时候,并且其中委托的能力在分布式企业安全系统中传播。
-
公开(公告)号:US20050097166A1
公开(公告)日:2005-05-05
申请号:US10962079
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
CPC分类号: H04L63/20
摘要: A computer-implemented system and method for policy inheritance, comprising, defining a first group wherein the first group refers to at least one of: a user and a group different from the first group, defining a second group wherein the second group is nested within the first group, defining a first policy wherein the first policy includes a resource, a subject and one of, an action and a role, and wherein the subject includes the first group, inheriting the first policy by the second group, wherein the resource is part of a resource hierarchy, and wherein the first policy can be used to control access to the resource.
摘要翻译: 一种用于策略继承的计算机实现的系统和方法,包括:定义第一组,其中所述第一组参考以下中的至少一个:与所述第一组不同的用户和组,定义第二组,其中所述第二组嵌套在 所述第一组定义第一策略,其中所述第一策略包括资源,主题以及动作和角色之一,并且其中所述对象包括所述第一组,由所述第二组继承所述第一策略,其中所述资源是 资源层次结构的一部分,并且其中第一策略可以用于控制对资源的访问。
-
公开(公告)号:US20050097352A1
公开(公告)日:2005-05-05
申请号:US10961701
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
CPC分类号: H04L63/20
摘要: A system and method for a dynamically configurable security system, comprising, a process having one or more resources to be protected, and a security service module coupled to the process, one or more plugin security provider modules that are compatible with and extend the security service module, wherein the security service module is capable of receiving security information updates, and wherein the security service module is capable of controlling access to the one or more resources based on the security information updates through the use of the one or more plugin security provider modules.
摘要翻译: 一种用于动态可配置的安全系统的系统和方法,包括:具有一个或多个要保护的资源的进程,以及耦合到所述进程的安全服务模块,与所述安全服务兼容并扩展所述安全服务的一个或多个插件安全提供者模块 模块,其中所述安全服务模块能够接收安全信息更新,并且其中所述安全服务模块能够通过使用所述一个或多个插件安全提供者模块来基于所述安全信息更新来控制对所述一个或多个资源的访问 。
-
公开(公告)号:US20050097350A1
公开(公告)日:2005-05-05
申请号:US10961674
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
IPC分类号: G06F11/30 , G06F15/173 , G06F21/00 , H04L9/00
CPC分类号: G06F21/6218 , H04L63/105 , H04L63/20
摘要: A system and method for distributing information from a first process to one or more security service modules, said system comprising the steps of, a remote interface capable of accepting first information from the first process, a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing second information to a local interface, wherein the second information is based on the first information and is tailored for the one or more security service modules, the local interface capable of providing the second information to the one or more security service modules and wherein the one or more security service modules are capable of accepting the second information and performing at least one of the following: adjusting a configuration of the one or more security service modules to reflect the second information, and protecting access to at least one resource based on the second information.
摘要翻译: 一种用于将信息从第一进程分发到一个或多个安全服务模块的系统和方法,所述系统包括以下步骤:能够接收来自第一进程的第一信息的远程接口,耦合到远程接口的提供服务提供商和能够 从所述远程接口获取所述第一信息,并且还能够向本地接口提供第二信息,其中所述第二信息基于所述第一信息,并针对所述一个或多个安全服务模块进行定制,所述本地接口能够提供 将所述第二信息提供给所述一个或多个安全服务模块,并且其中所述一个或多个安全服务模块能够接受所述第二信息并且执行以下中的至少一个:调整所述一个或多个安全服务模块的配置以反映 第二信息,以及基于第二信息保护对至少一个资源的访问 配合
-
公开(公告)号:US20050251851A1
公开(公告)日:2005-11-10
申请号:US10962067
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
CPC分类号: H04L63/08 , G06F21/604 , G06F21/6218 , G06F2221/2101 , H04L63/105 , H04L63/20
摘要: A system and method for distributing security information, comprising, a remote interface capable of accepting the information from a distributor wherein the information includes at least one of: policy information and configuration information, a local interface capable of providing the information to at least one services layer, wherein the at least one services layer includes at least one security provider, and wherein the at least one services layer can dynamically configure the at least one security provider based on the information.
摘要翻译: 一种用于分发安全信息的系统和方法,包括:能够接收来自分发者的信息的远程接口,其中所述信息包括以下中的至少一个:策略信息和配置信息,能够向所述至少一个服务提供所述信息的本地接口 层,其中所述至少一个服务层包括至少一个安全提供者,并且其中所述至少一个服务层可基于所述信息来动态配置所述至少一个安全提供者。
-
公开(公告)号:US20050102536A1
公开(公告)日:2005-05-12
申请号:US10961544
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
IPC分类号: G06F11/30 , G06F15/173 , G06F21/00 , H04L9/00
CPC分类号: G06F21/6218 , H04L63/105 , H04L63/20
摘要: A system and method for a configurable distributed security system, comprising, a security service module capable of dynamically instantiating one or more plugin security provider modules, the one or more security provider modules are coupled to the security service module wherein the one or more security provider modules are capable of responding to one or more changes in configuration information, a first process capable of modifying the configuration information, wherein the security service module is capable of accepting at least one of, security information and the configuration information, and wherein the security service module is capable of controlling access to one or more resources based on the security information.
摘要翻译: 一种用于可配置分布式安全系统的系统和方法,包括:能够动态地实例化一个或多个插件安全提供者模块的安全服务模块,所述一个或多个安全提供者模块耦合到所述安全服务模块,其中所述一个或多个安全提供者 模块能够响应配置信息的一个或多个变化,能够修改配置信息的第一处理,其中安全服务模块能够接受安全信息和配置信息中的至少一个,并且其中安全服务 模块能够基于安全信息来控制对一个或多个资源的访问。
-
公开(公告)号:US20050097353A1
公开(公告)日:2005-05-05
申请号:US10961808
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
CPC分类号: H04L63/10 , H04L63/105 , H04L63/20
摘要: A method for searching a first set of policies, comprising, accessing the first set of policies wherein each policy in the first set of policies includes the following policy components, a resource, a subject, and one of an action and a role name, and wherein the subject includes at least one of, a user and a group, specifying one or more search criteria wherein the one or more search criteria includes one or more values for policy components and wherein the one or more values can include one or more wild cards, finding in the first set of policies a second set of policies that satisfy the one or more search criteria, and wherein a policy can be used to control access to a resource.
摘要翻译: 一种用于搜索第一组策略的方法,包括:访问第一组策略,其中第一组策略中的每个策略包括以下策略组件,资源,主题以及动作和角色名称之一,以及 其中所述对象包括指定一个或多个搜索准则的用户和组中的至少一个,其中所述一个或多个搜索准则包括用于策略组件的一个或多个值,并且其中所述一个或多个值可以包括一个或多个通配符 在第一组策略中查找满足一个或多个搜索条件的第二组策略,并且其中可以使用策略来控制对资源的访问。
-
公开(公告)号:US20050081062A1
公开(公告)日:2005-04-14
申请号:US10961595
申请日:2004-10-08
申请人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
发明人: Paul Patrick , David Byrne , Kenneth Yagen , Mingde Xu , Jason Howes , Mark Falco , Richard Riendeau
IPC分类号: G06F11/30 , G06F15/173 , G06F21/00 , H04L9/00
CPC分类号: G06F21/6218 , H04L63/105 , H04L63/20
摘要: A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration information, a security control module (SCM) operable to accept the information, at least one security service module (SSM) operable to accept the information from the SCM, and herein the information accepted by the SCM is relevant to one or more of the at least one SSMs.
摘要翻译: 一种用于分布式企业安全性的系统和方法,包括:可操作以更新信息的服务器,其中所述信息可以包括策略和配置信息中的一个或多个,可操作以接受所述信息的安全控制模块(SCM),至少一个安全 服务模块(SSM),其可操作以接受来自SCM的信息,并且此处由SCM接受的信息与所述至少一个SSM中的一个或多个相关。
-
-
-
-
-
-
-
-
-
搜索结果
40 条记录 (耗时 0.033 秒)
