-
公开(公告)号:US20120079268A1
公开(公告)日:2012-03-29
申请号:US12893763
申请日:2010-09-29
申请人: Yuhui Zhong , Gregory Kostal , Tejas D. Patel , Scott C. Cottrille , Vladimir Yarmolenko , Pankaj Mohan Kamat , Sunitha Samuel , Frank D. Byrum , Mayank Mehta , Chandresh Kumar Jain , Edward Banti
发明人: Yuhui Zhong , Gregory Kostal , Tejas D. Patel , Scott C. Cottrille , Vladimir Yarmolenko , Pankaj Mohan Kamat , Sunitha Samuel , Frank D. Byrum , Mayank Mehta , Chandresh Kumar Jain , Edward Banti
IPC分类号: H04L29/06
CPC分类号: H04L63/126 , H04L63/0428 , H04L63/105 , H04L2463/101
摘要: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.
摘要翻译: 本发明扩展到用于将授权身份与策略执行身份分离的方法,系统和计算机程序产品。 本发明的实施例扩展了受保护信息的消费阶段。 两个身份,授权身份和策略执行身份被用于获取,发布和执行使用许可证而不是一个身份证书。 授权身份用于对使用策略进行评估。 授权身份与身份证书中的身份信息相似。 策略执行身份用于确保授权和内容密钥的机密性。 策略执行身份对授权委托人(例如收件人)的机器执行使用许可。 策略执行身份的强制使用许可证与身份证书中的加密密钥类似。
-
公开(公告)号:US08448228B2
公开(公告)日:2013-05-21
申请号:US12893763
申请日:2010-09-29
申请人: Yuhui Zhong , Gregory Kostal , Tejas D. Patel , Scott C. Cottrille , Vladimir Yarmolenko , Pankaj Mohan Kamat , Sunitha Samuel , Frank D. Byrum , Mayank Mehta , Chandresh Kumar Jain , Edward Banti
发明人: Yuhui Zhong , Gregory Kostal , Tejas D. Patel , Scott C. Cottrille , Vladimir Yarmolenko , Pankaj Mohan Kamat , Sunitha Samuel , Frank D. Byrum , Mayank Mehta , Chandresh Kumar Jain , Edward Banti
IPC分类号: H04L29/06
CPC分类号: H04L63/126 , H04L63/0428 , H04L63/105 , H04L2463/101
摘要: The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate.
摘要翻译: 本发明扩展到用于将授权身份与策略执行身份分离的方法,系统和计算机程序产品。 本发明的实施例扩展了受保护信息的消费阶段。 两个身份,授权身份和策略执行身份被用于获取,发布和执行使用许可证而不是一个身份证书。 授权身份用于对使用策略进行评估。 授权身份与身份证书中的身份信息相似。 策略执行身份用于确保授权和内容密钥的机密性。 策略执行身份对授权委托人(例如收件人)的机器执行使用许可。 策略执行身份的强制使用许可证与身份证书中的加密密钥类似。
-
公开(公告)号:US08447976B2
公开(公告)日:2013-05-21
申请号:US12476049
申请日:2009-06-01
申请人: Chandresh K. Jain , Mayank Mehta , Frank D. Byrum , Edward Banti , Ayse Yesim Koman , James R. Knibb , Michael A. Nelte , Christopher Barnes , Hao Zhang , Victor Boctor , Tejas D. Patel , Yuhui Zhong , Gregory Kostal , Vladimir Yarmolenko , Pankaj M. Kamat , Amit K. Fulay , Krassimir E. Karamfilov
发明人: Chandresh K. Jain , Mayank Mehta , Frank D. Byrum , Edward Banti , Ayse Yesim Koman , James R. Knibb , Michael A. Nelte , Christopher Barnes , Hao Zhang , Victor Boctor , Tejas D. Patel , Yuhui Zhong , Gregory Kostal , Vladimir Yarmolenko , Pankaj M. Kamat , Amit K. Fulay , Krassimir E. Karamfilov
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , G06F21/606 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L2209/125
摘要: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.
摘要翻译: 可能会提供企业对企业的安全邮件。 与本发明的实施例一致,可以接收受保护的消息。 收件人可以从信任代理请求令牌,将令牌提交给与发送者相关联的授权服务器,从授权服务器接收用户许可证; 并使用用户许可证解密受保护的消息。 受保护的消息可能限制接收者可能采取的操作,例如转发给其他用户。
-
公开(公告)号:US20100306535A1
公开(公告)日:2010-12-02
申请号:US12476049
申请日:2009-06-01
申请人: Chandresh K. Jain , Mayank Mehta , Frank D. Byrum , Edward Banti , Ayse Yesim Koman , James R. Knibb , Michael A. Nelte , Christopher Barnes , Hao Zhang , Victor Boctor , Tejas D. Patel , Yuhui Zhong , Gregory Kostal , Vladimir Yarmolenko , Pankaj M. Kamat , Amit K. Fulay , Krassimir E. Karamfilov
发明人: Chandresh K. Jain , Mayank Mehta , Frank D. Byrum , Edward Banti , Ayse Yesim Koman , James R. Knibb , Michael A. Nelte , Christopher Barnes , Hao Zhang , Victor Boctor , Tejas D. Patel , Yuhui Zhong , Gregory Kostal , Vladimir Yarmolenko , Pankaj M. Kamat , Amit K. Fulay , Krassimir E. Karamfilov
CPC分类号: H04L63/0823 , G06F21/606 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L2209/125
摘要: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.
摘要翻译: 可能会提供企业对企业的安全邮件。 与本发明的实施例一致,可以接收受保护的消息。 收件人可以从信任代理请求令牌,将令牌提交给与发送者相关联的授权服务器,从授权服务器接收用户许可证; 并使用用户许可证解密受保护的消息。 受保护的消息可能限制接收者可能采取的操作,例如转发给其他用户。
-
5.
公开(公告)号:US20100313276A1
公开(公告)日:2010-12-09
申请号:US12479235
申请日:2009-06-05
申请人: Edward T. Banti , Steven O. Hubbell , Mayerber L. Carvalho Neto , Chandresh K. Jain , Mayank Mehta , Durlabh Malik , Christopher Barnes , Michael A. Nelte , Frank D. Byrum , Tejas D. Patel , Yuhui Zhong , Amit K. Fulay , Gregory Kostal , Pankaj M. Kamat , Vladimir Yarmolenko
发明人: Edward T. Banti , Steven O. Hubbell , Mayerber L. Carvalho Neto , Chandresh K. Jain , Mayank Mehta , Durlabh Malik , Christopher Barnes , Michael A. Nelte , Frank D. Byrum , Tejas D. Patel , Yuhui Zhong , Amit K. Fulay , Gregory Kostal , Pankaj M. Kamat , Vladimir Yarmolenko
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , G06F21/6218 , G06F2221/2141 , H04L51/00 , H04L63/0428
摘要: A web-based client for creating and accessing protected content may be provided. Consistent with embodiments of the invention, a webmail client may be provided allowing a user to apply a restriction template to a document. The webmail client may be further operative to decrypt and display the document and enforce the restriction against a recipient.
摘要翻译: 可以提供用于创建和访问受保护内容的基于web的客户端。 与本发明的实施例一致,可以提供webmail客户端,允许用户将限制模板应用于文档。 网络邮件客户端可以进一步操作以解密和显示文档并且强制对接收者的限制。
-
公开(公告)号:US20100313016A1
公开(公告)日:2010-12-09
申请号:US12478608
申请日:2009-06-04
申请人: Hao Zhang , Danny Tin-Van Chow , Ayse Yesim Koman , Frank D. Byrum , Mayank Mehta , Chandresh K. Jain , Victor Boctor , Charlie R. Chung , Tejas D. Patel , Yuhui Zhong , Amit K. Fulay , Gregory Kostal , Pankaj M. Kamat , Vladimir Yarmolenko , Krassimir E. Karamfilov
发明人: Hao Zhang , Danny Tin-Van Chow , Ayse Yesim Koman , Frank D. Byrum , Mayank Mehta , Chandresh K. Jain , Victor Boctor , Charlie R. Chung , Tejas D. Patel , Yuhui Zhong , Amit K. Fulay , Gregory Kostal , Pankaj M. Kamat , Vladimir Yarmolenko , Krassimir E. Karamfilov
CPC分类号: G06F21/57 , G06F21/56 , H04L51/12 , H04L63/0464 , H04L63/145
摘要: Transport pipeline decryption may be provided. Consistent with embodiments of the invention, a protected message may be received and decrypted. The decrypted message may be provided to pipeline agents, such as anti-virus, anti-spam, journaling, and/or policy enforcement agents. The message may then be re-encrypted and delivered.
摘要翻译: 可以提供传输管道解密。 与本发明的实施例一致,可以接收和解密受保护的消息。 解密的消息可以被提供给流水线代理,诸如反病毒,反垃圾邮件,日志记录和/或策略执行代理。 然后可以重新加密和传递该消息。
-
公开(公告)号:US20120079557A1
公开(公告)日:2012-03-29
申请号:US12893786
申请日:2010-09-29
申请人: Tejas D. Patel , Gregory Kostal , Yuhui Zhong , Vladimir Yarmolenko , Pankaj Mohan Kamat , Krassimir E. Karamfilov
发明人: Tejas D. Patel , Gregory Kostal , Yuhui Zhong , Vladimir Yarmolenko , Pankaj Mohan Kamat , Krassimir E. Karamfilov
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/10 , G06F2221/0759
摘要: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.
摘要翻译: 本发明扩展到用于导出受保护内容中的表达权限的方法,系统和计算机程序产品。 本发明的实施例提供了将组织(例如企业)边界内部和外部的实体(包括应用)的隐式权限转换为表达权利的机制。 转换可以动态地发生,基于策略管理员定义的信息保护策略,授予实体表达对受保护内容执行任务的访问权限。
-
公开(公告)号:US08505068B2
公开(公告)日:2013-08-06
申请号:US12893786
申请日:2010-09-29
申请人: Tejas D. Patel , Gregory Kostal , Yuhui Zhong , Vladimir Yarmolenko , Pankaj Mohan Kamat , Krassimir E. Karamfilov
发明人: Tejas D. Patel , Gregory Kostal , Yuhui Zhong , Vladimir Yarmolenko , Pankaj Mohan Kamat , Krassimir E. Karamfilov
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/10 , G06F2221/0759
摘要: The present invention extends to methods, systems, and computer program products for deriving express rights in protected content. Embodiments of the invention provide mechanisms to convert implicit rights to express rights for entities, including applications, inside and outside of an organizational (e.g., enterprise) boundary. The conversion can occur dynamically, based on the information protection policies defined by a policy administrator, granting entities express access to perform tasks on protected content.
摘要翻译: 本发明扩展到用于导出受保护内容中的表达权限的方法,系统和计算机程序产品。 本发明的实施例提供了将组织(例如企业)边界内部和外部的实体(包括应用)的隐式权限转换为表达权利的机制。 转换可以动态地发生,基于策略管理员定义的信息保护策略,授予实体表达对受保护内容执行任务的访问权限。
-
-
-
-
-
-
-