公开(公告)号：US20060005234A1

公开(公告)日：2006-01-05

申请号：US10882118

申请日：2004-06-30

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

IPC分类号： G06F15/16

CPC分类号： H04L63/0815 ,  H04L29/06

摘要： A method, apparatus and computer instructions for handling propagation of custom tokens without using Java™ serialization. A service provider may plug in a first login module to add a marker token to a subject for later use by an application at run time. The marker token is then serialized by the mechanism of the present invention by invoking a get bytes method on the token. The present invention then propagates the token downstream if the token is marked forwardable. At a target server, a second login module may be plugged in to deserialize a byte array from a list of tokens and perform custom operation on the byte array retrieved from a token holder.

摘要翻译： 用于处理自定义令牌的传播而不使用Java（TM）序列化的方法，设备和计算机指令。 服务提供商可以插入第一登录模块以将标记标记添加到主体以供运行时应用程序稍后使用。 然后通过在令牌上调用get bytes方法，通过本发明的机制对标记标记进行序列化。 然后，如果令牌被标记为可向导，则本发明在下游传播令牌。 在目标服务器上，可以插入第二登录模块以反序列化令牌列表中的字节数组，并对从令牌持有者检索的字节数组执行自定义操作。

公开(公告)号：US20050154887A1

公开(公告)日：2005-07-14

申请号：US10755835

申请日：2004-01-12

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung ,  Carlton Mason ,  Karkala Reddy ,  Vishwanath Venkataramappa ,  Dennis Riddlemoser

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung ,  Carlton Mason ,  Karkala Reddy ,  Vishwanath Venkataramappa ,  Dennis Riddlemoser

IPC分类号： G06F11/30 ,  G06F21/00 ,  H04L9/00

CPC分类号： G06F21/41 ,  G06F2221/2151

摘要： State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.

摘要翻译： 状态管理（cookie）数据被加密，使得包含在cookie中的访问控制数据不能被用户修改。 使用Cookie数据中的各种字段执行散列算法，并且哈希值被加密。 哈希值与诸如用户标识符和时间戳的其他数据组合，并被加密以形成cookie值。 收到请求后，将检查Cookie数据。 如果令牌值不在服务器的缓存中，那么令牌被认证便于客户端在服务器之间移动。 如果cookie不存在或超时，那么用户将使用传统手段进行身份验证。

公开(公告)号：US20050154886A1

公开(公告)日：2005-07-14

申请号：US10755828

申请日：2004-01-12

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung ,  Ajay Karkala ,  Carlton Mason ,  Nataraj Nagaratnam ,  Brian Smith ,  Vishwanath Venkataramappa

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung ,  Ajay Karkala ,  Carlton Mason ,  Nataraj Nagaratnam ,  Brian Smith ,  Vishwanath Venkataramappa

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/0815 ,  H04L63/0209 ,  H04L63/105

摘要： A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.

摘要翻译： 一种用于提供声明性信任关联模型的方法和系统，其形式化信任建立的方式，并且需要以标准格式呈现相应的认证信息。 因此，应用服务器可以提供有保证的保护级别。 本发明的机制提供了一种框架，其允许应用服务器执行信任评估，并允许反向代理安全服务器断言客户端的安全身份以及其他客户端安全凭证信息。 扩展了一个已知的信任关联拦截器模型，以允许反向代理安全服务器断言经过身份验证的用户的安全属性。 这样的安全属性包括例如组信息，认证强度和位置（即，用户进入请求，内联网与互联网，IP地址等在哪里）。 安全属性可用于作出授权决定。

公开(公告)号：US20080034202A1

公开(公告)日：2008-02-07

申请号：US11867015

申请日：2007-10-04

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

IPC分类号： H04L9/00

CPC分类号： G06F21/64

摘要： A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object. These one or more methods determine the validity of the credential object by retrieving the encrypted UID from the private class stored in the server runtime environment, decrypting the UID and comparing it to the decrypted UID stored in the private field of the credential object. If the two UIDs match, a determination is made that the credential object was created by the server runtime environment rather than a rogue application. If the two UIDs do not match, or if there is no UID in the credential object, then a false result will be returned by the verification class.

公开(公告)号：US20060020813A1

公开(公告)日：2006-01-26

申请号：US10881962

申请日：2004-06-30

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

IPC分类号： H04L9/00

CPC分类号： H04L63/0815 ,  G06F21/31 ,  H04L63/083

摘要： A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup

公开(公告)号：US20060015727A1

公开(公告)日：2006-01-19

申请号：US10882053

申请日：2004-06-30

申请人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

发明人： Peter Birk ,  Ching-Yun Chao ,  Hyen Chung

IPC分类号： H04L9/00

CPC分类号： H04L63/0281 ,  H04L63/08 ,  H04L63/083 ,  H04L63/104

摘要： An extensible token framework is provided for identifying purpose and behavior of run time security objects. The framework includes a set of marker token interfaces, which extends from a default token interface. A service provider may implement one or more marker token interfaces for a Subject or a thread of execution. A service provider may also implement its own custom marker tokens to perform custom operations. The security infrastructure runtime recognizes behavior and purpose of run time security objects based on the marker or custom marker token interfaces the token implements and handles the security objects accordingly.

公开(公告)号：US20050278790A1

公开(公告)日：2005-12-15

申请号：US10865345

申请日：2004-06-10

申请人： Peter Birk ,  Ching-Yun Chao

发明人： Peter Birk ,  Ching-Yun Chao

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F21/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/54 ,  G06F2221/2113

摘要： A system and method is provided for reducing the complexity and improving the performance of enforcing security restrictions on the execution of program code in a runtime environment. In a preferred embodiment, units of executable code, such as methods or functions, are classified by “security level.” Code units belonging to a “trusted” security level may call any other code unit in the runtime environment, but other security levels are restricted in the code units they can call. In a preferred embodiment, the security levels are represented by corresponding permission objects. Each permission object that is associated with a particular security level includes a numerical value that denotes that security level. Security policies can be enforced with respect to caller and callee code units by comparing numerical values of corresponding permission objects. This security level scheme also improves runtime performance by making it unnecessary to check individually-defined permissions in many cases.

摘要翻译： 提供了一种系统和方法，用于降低复杂性并提高在运行时环境中执行程序代码的安全限制的性能。 在优选实施例中，诸如方法或功能的可执行代码单元被“安全级别”分类。 属于“受信任”安全级别的代码单元可以调用运行时环境中的任何其他代码单元，但是其他安全级别在他们可以调用的代码单元中受到限制。 在优选实施例中，安全级别由相应的许可对象表示。 与特定安全级别相关联的每个权限对象包括表示该安全级别的数值。 通过比较相应权限对象的数值，可以对呼叫者和被叫方代码单元执行安全策略。 这种安全级别方案还可以通过在许多情况下不需要检查单独定义的权限来提高运行时性能。

公开(公告)号：US20090092579A1

公开(公告)日：2009-04-09

申请号：US12108478

申请日：2008-04-23

申请人： Martin Roland Jensen ,  Peter Birk ,  Klaus Gregorius Nielsen

发明人： Martin Roland Jensen ,  Peter Birk ,  Klaus Gregorius Nielsen

IPC分类号： A61K38/20 ,  A61K39/00 ,  C07K14/00 ,  C12N15/11 ,  C12N15/00 ,  C12N1/21 ,  A61K38/21 ,  C07K16/18 ,  C12N1/19 ,  C12N1/10 ,  C12N5/06 ,  A61K38/16 ,  C12N15/87

CPC分类号： A61K39/385 ,  A61K38/00 ,  A61K38/1709 ,  A61K39/0007 ,  A61K47/646 ,  A61K2039/53 ,  A61K2039/6037 ,  A61K2039/6087 ,  A61K2039/64 ,  C07K14/4711 ,  C07K2319/00 ,  G01N33/6896 ,  G01N2333/4709 ,  G01N2500/04

摘要： Disclosed are novel methods for combating diseases characterized by deposition of amyloid. The methods generally rely on immunization against amyloidogenic proteins (proteins contributing to formation of amyloid) such as beta amyloid (Aβ). Immunization is preferably effected by administration of analogues of autologous amyloidogenic polypeptides, said analogues being capable of inducing antibody production against the autologous amyloidogenic polypeptides. Especially preferred as an immunogen is autologous Aβ which has been modified by introduction of one single or a few foreign, immunodominant and promiscuous T-cell epitopes while substantially preserving the majority of Aβ's B-cell epitopes. Also disclosed are nucleic acid vaccination against amyloidogenic polypeptides and vaccination using live vaccines as well as methods and means useful for the vaccination. Such methods and means include methods for identification of useful immunogenic analogues of the amyloidogenic proteins, methods for the preparation of analogues and pharmaceutical formulations, as well as nucleic acid fragments, vectors, transformed cells, polypeptides and pharmaceutical formulations.

摘要翻译： 公开了用于对抗以沉淀淀粉样蛋白为特征的疾病的新方法。 所述方法通常依赖于抗淀粉样变蛋白（有助于形成淀粉样蛋白的蛋白质）如β淀粉样蛋白（Abeta）的免疫。 免疫优选通过施用自体淀粉样蛋白多肽的类似物来实现，所述类似物能够诱导针对自体淀粉样蛋白多肽的抗体产生。 作为免疫原特别优选的是通过引入一个或几个外来的免疫显性和混杂的T细胞表位而修饰的自体Abeta，同时基本上保留了大部分的Abeta的B细胞表位。 还公开了针对淀粉样变性多肽的核酸接种和使用活疫苗的疫苗接种以及可用于疫苗接种的方法和装置。 这样的方法和手段包括用于鉴定淀粉样蛋白形成蛋白质的有用的免疫原性类似物的方法，用于制备类似物和药物制剂的方法，以及核酸片段，载体，转化细胞，多肽和药物制剂。

公开(公告)号：US20090311281A1

公开(公告)日：2009-12-17

申请号：US12360962

申请日：2009-01-28

申请人： Martin Roland Jensen ,  Peter Birk ,  Klaus Gregorius Nielsen

发明人： Martin Roland Jensen ,  Peter Birk ,  Klaus Gregorius Nielsen

IPC分类号： A61K39/00

CPC分类号： G01N33/6896 ,  A61K38/00 ,  A61K38/1709 ,  A61K38/19 ,  A61K39/00 ,  A61K39/0007 ,  A61K39/385 ,  A61K47/646 ,  A61K2039/53 ,  A61K2039/6037 ,  A61K2039/6087 ,  A61K2039/64 ,  C07K14/4711 ,  C07K2319/00 ,  G01N2333/4709 ,  G01N2500/04 ,  Y02A50/412 ,  A61K2300/00

摘要： Disclosed are novel methods for combating diseases characterized by deposition of amyloid. The methods generally rely on immunization against amyloidogenic proteins (proteins contributing to formation of amyloid) such as beta amyloid (Aβ). Immunization is preferably effected by administration of analogues of autologous amyloidogenic polypeptides, said analogues being capable of inducing antibody production against the autologous amyloidogenic polypeptides. Especially preferred as an immunogen is autologous Aβ which has been modified by introduction of one single or a few foreign, immunodominant and promiscuous T-cell epitopes while substantially preserving the majority of Aβ's B-cell epitopes. Also disclosed are nucleic acid vaccination against amyloidogenic polypeptides and vaccination using live vaccines as well as methods and means useful for the vaccination. Such methods and means include methods for identification of useful immunogenic analogues of the amyloidogenic proteins, methods for the preparation of analogues and pharmaceutical formulations, as well as nucleic acid fragments, vectors, transformed cells, polypeptides and pharmaceutical formulations.

公开(公告)号：US20070192632A1

公开(公告)日：2007-08-16

申请号：US11347860

申请日：2006-02-06

申请人： Keys Botzum ,  Peter Birk

发明人： Keys Botzum ,  Peter Birk

IPC分类号： G06F12/14

CPC分类号： G06F12/1408 ,  G06F12/084 ,  G06F21/62 ,  G06F21/6209 ,  G06F2221/2147

摘要： The present invention relates to a secure caching technique for shared distributed caches. A method in accordance with an embodiment of the present invention includes: encrypting a key K to provide a secure key, the key K corresponding to a value to be stored in a cache; and storing the value in the cache using the secure key.

摘要翻译： 本发明涉及用于共享分布式高速缓存的安全缓存技术。 根据本发明的实施例的方法包括：加密密钥K以提供安全密钥，密钥K对应于要存储在高速缓存中的值; 并使用安全密钥将该值存储在高速缓存中。