-
公开(公告)号:US09344432B2
公开(公告)日:2016-05-17
申请号:US12822724
申请日:2010-06-24
申请人: Yair Tor , Daniel Rose , Eugene (John) Neystadt , Patrik Schnell , Moshe Sapir , Oleg Ananiev , Arthur Zavalkovsky , Anat Eyal
发明人: Yair Tor , Daniel Rose , Eugene (John) Neystadt , Patrik Schnell , Moshe Sapir , Oleg Ananiev , Arthur Zavalkovsky , Anat Eyal
CPC分类号: H04L63/102 , G06F21/33 , G06F21/41 , H04L63/0807 , H04L63/0823 , H04L63/10 , H04L63/107 , H04L63/164
摘要: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).
摘要翻译: 本发明的实施例提供了至少部分地基于在权利要求中提供的信息来在网络层基础访问控制决策的技术,其可以描述请求访问的计算机的属性,请求访问的一个或多个资源,用户,情况 围绕所请求的访问,和/或其他信息。 可以基于可以被预先设置或动态生成的一个或多个访问控制策略来评估信息,并且用于做出是否授予或拒绝计算机对指定资源的访问的决定。
-
公开(公告)号:US08918856B2
公开(公告)日:2014-12-23
申请号:US12822745
申请日:2010-06-24
申请人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
发明人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
CPC分类号: H04L63/102 , H04L63/164
摘要: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.
摘要翻译: 本发明的实施例提供了一种在系统中使用的可信中介,其中访问控制决定可以至少部分地基于权利要求中提供的信息。 中介人可以代表要求访问的网络资源请求索赔,并提交索赔以作决定是否授予或拒绝访问。 该决定可以至少部分地基于可以被预先设置或动态生成的一个或多个访问控制策略。 因为中介请求权并提交用于访问控制决定的权利要求,所以不需要将网络资源(例如,服务器应用)配置为处理权利要求信息。
-
公开(公告)号:US20110321152A1
公开(公告)日:2011-12-29
申请号:US12822745
申请日:2010-06-24
申请人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
发明人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
CPC分类号: H04L63/102 , H04L63/164
摘要: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.
摘要翻译: 本发明的实施例提供了一种在系统中使用的可信中介,其中访问控制决定可以至少部分地基于权利要求中提供的信息。 中介人可以代表要求访问的网络资源请求索赔,并提交索赔以作决定是否授予或拒绝访问。 该决定可以至少部分地基于可以被预先设置或动态生成的一个或多个访问控制策略。 因为中介请求权并提交用于访问控制决定的权利要求,所以不需要将网络资源(例如,服务器应用)配置为处理权利要求信息。
-
公开(公告)号:US20110321130A1
公开(公告)日:2011-12-29
申请号:US12822724
申请日:2010-06-24
申请人: Yair Tor , Daniel Rose , Eugene (John) Neystadt , Patrik Schnell , Moshe Sapir , Oleg Ananiev , Arthur Zavalkovsky , Anat Eyal
发明人: Yair Tor , Daniel Rose , Eugene (John) Neystadt , Patrik Schnell , Moshe Sapir , Oleg Ananiev , Arthur Zavalkovsky , Anat Eyal
IPC分类号: G06F21/20
CPC分类号: H04L63/102 , G06F21/33 , G06F21/41 , H04L63/0807 , H04L63/0823 , H04L63/10 , H04L63/107 , H04L63/164
摘要: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).
摘要翻译: 本发明的实施例提供了至少部分地基于在权利要求中提供的信息来在网络层基础访问控制决策的技术,其可以描述请求访问的计算机的属性,请求访问的一个或多个资源,用户,情况 围绕所请求的访问,和/或其他信息。 可以基于可以被预先设置或动态生成的一个或多个访问控制策略来评估信息,并且用于做出是否授予或拒绝计算机对指定资源的访问的决定。
-
公开(公告)号:US20120084851A1
公开(公告)日:2012-04-05
申请号:US13015180
申请日:2011-01-27
申请人: Eugene (John) Neystadt , Daniel Alon , Yair Tor , Mark Novak , Khaja E. Ahmed , Yoav Yassour
发明人: Eugene (John) Neystadt , Daniel Alon , Yair Tor , Mark Novak , Khaja E. Ahmed , Yoav Yassour
IPC分类号: G06F7/04
CPC分类号: G06F21/335 , G06F21/57 , G06F2221/2129 , H04L63/0807 , H04L63/0876 , H04L63/10 , H04L63/1433
摘要: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issues may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.
摘要翻译: 本发明的实施例使可信赖的设备权利要求的发布作为服务可用于客户端设备,使得设备要求的客户端设备是问题,可以使用与访问网络应用的尝试有关的设备权利要求。 该服务可以对设备的特性和/或状态进行评估,表征设备权利要求中的该评估的结果,并向设备发出设备声明。 客户端设备可以从实现网络应用的实体的外部管理边界访问该服务,因此对于使企业对消费者(B2C)和企业对企业(B2C)可访问的网络应用的实体可能是有用的 B2B)拓扑,例如通过可公开访问的互联网。
-
公开(公告)号:US09111079B2
公开(公告)日:2015-08-18
申请号:US13015180
申请日:2011-01-27
申请人: Eugene (John) Neystadt , Daniel Alon , Yair Tor , Mark Novak , Khaja E. Ahmed , Yoav Yassour
发明人: Eugene (John) Neystadt , Daniel Alon , Yair Tor , Mark Novak , Khaja E. Ahmed , Yoav Yassour
CPC分类号: G06F21/335 , G06F21/57 , G06F2221/2129 , H04L63/0807 , H04L63/0876 , H04L63/10 , H04L63/1433
摘要: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issued may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.
摘要翻译: 本发明的实施例使可信赖的设备权利要求的发布可用作客户端设备作为服务,从而发布设备权利要求的客户端设备可以相对于访问网络应用的尝试使用设备权利要求。 该服务可以对设备的特性和/或状态进行评估,表征设备权利要求中的该评估的结果,并向设备发出设备声明。 客户端设备可以从实现网络应用的实体的外部管理边界访问该服务,因此对于使企业对消费者(B2C)和企业对企业(B2C)可访问的网络应用的实体可能是有用的 B2B)拓扑,例如通过可公开访问的互联网。
-
公开(公告)号:US20120084850A1
公开(公告)日:2012-04-05
申请号:US13015202
申请日:2011-01-27
申请人: Mark Novak , Yair Tor , Eugene (John) Neystadt , Yoav Yassour , Alexey Efron , Amos Ortal , Daniel Alon , Ran Didi
发明人: Mark Novak , Yair Tor , Eugene (John) Neystadt , Yoav Yassour , Alexey Efron , Amos Ortal , Daniel Alon , Ran Didi
CPC分类号: G06F21/335 , G06F21/51 , G06F21/575 , H04L9/3234 , H04L2209/127
摘要: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.
摘要翻译: 本发明的实施例使得客户端设备能够获得描述客户端设备的一个或多个属性的可信赖的设备权利要求,将这些设备权利要求包括在具有适合于应用程序处理的格式的数据结构中,并且使用包括 设备声明涉及访问应用程序的请求。 应用可以使用设备权利要求来驱动许多类型的应用功能中的任何一种,诸如安全相关和/或其他功能。
-
8.发明申请公开(公告)号:US20110138442A1
公开(公告)日:2011-06-09
申请号:US12727267
申请日:2010-03-19
申请人: Anders B. Vinberg , John Neystadt , Yair Tor , Oleg Ananiev
发明人: Anders B. Vinberg , John Neystadt , Yair Tor , Oleg Ananiev
IPC分类号: G06F21/00
摘要: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.
摘要翻译: 提供可在安全模型中获取和使用的附加数据的架构,以便在服务生命周期中为服务提供安全性。 该架构在服务的整个生命周期中自动传播安全性分类,其可以包括初始部署,扩展,移动服务器,监视和报告,并且进一步包括来自工作负载(计算机)的分类传播,模型中的分类传播, 根据存储位置(例如,虚拟硬盘驱动器)的沿袭分类传播,模型中的状态传播和基于存储在机器中的数据的分类。
-
9.发明授权公开(公告)号:US08799985B2
公开(公告)日:2014-08-05
申请号:US12727267
申请日:2010-03-19
申请人: Anders B. Vinberg , John Neystadt , Yair Tor , Oleg Ananiev
发明人: Anders B. Vinberg , John Neystadt , Yair Tor , Oleg Ananiev
摘要: Architecture that provides additional data that can be obtained and employed in security models in order to provide security to services over the service lifecycle. The architecture automatically propagates security classifications throughout the lifecycle of the service, which can include initial deployment, expansion, moving servers, monitoring, and reporting, for example, and further include classification propagation from the workload (computer), classification propagation in the model, classification propagation according to the lineage of the storage location (e.g., virtual hard drive), status propagation in the model and classification based on data stored in the machine.
摘要翻译: 提供可在安全模型中获取和使用的附加数据的架构,以便在服务生命周期中为服务提供安全性。 该架构在服务的整个生命周期中自动传播安全性分类,其可以包括初始部署,扩展,移动服务器,监视和报告,并且还包括来自工作负载(计算机)的分类传播,模型中的分类传播, 根据存储位置(例如,虚拟硬盘驱动器)的沿袭分类传播,模型中的状态传播和基于存储在机器中的数据的分类。
-
公开(公告)号:US08528069B2
公开(公告)日:2013-09-03
申请号:US13015202
申请日:2011-01-27
申请人: Mark Novak , Yair Tor , Eugene Neystadt , Yoav Yassour , Alexey Efron , Amos Ortal , Daniel Alon , Ran Didi
发明人: Mark Novak , Yair Tor , Eugene Neystadt , Yoav Yassour , Alexey Efron , Amos Ortal , Daniel Alon , Ran Didi
IPC分类号: G06F15/16
CPC分类号: G06F21/335 , G06F21/51 , G06F21/575 , H04L9/3234 , H04L2209/127
摘要: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.
摘要翻译: 本发明的实施例使得客户端设备能够获得描述客户端设备的一个或多个属性的可信赖的设备权利要求,将这些设备权利要求包括在具有适合于应用程序处理的格式的数据结构中,并且使用包括 设备声明涉及访问应用程序的请求。 应用可以使用设备权利要求来驱动许多类型的应用功能中的任何一种,诸如安全相关和/或其他功能。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.025 秒)