公开(公告)号：US12294573B2

公开(公告)日：2025-05-06

申请号：US17547559

申请日：2021-12-10

Applicant: International Business Machines Corporation

Inventor： Chunlong Liang ,  Jose Angel Rodriguez ,  James T. Mulvey ,  Jose I. Ortiz ,  Xiaoyan Yanni Zhang

IPC: H04L9/40 ,  G06F9/54 ,  H04L9/32 ,  H04L67/02

Abstract: An approach for optimizing security token exchange. The approach receives a first request from a client. The approach extracts a first security token and an API reference. The approach validates the first security token. If the security token is valid, then the approach, calls the API and retrieves a second security token, embeds the second security token in the API and sends a second request with a third security token and the reference to the API to another application in a different domain.

公开(公告)号：US20240267209A1

公开(公告)日：2024-08-08

申请号：US18107086

申请日：2023-02-08

Applicant: International Business Machines Corporation

Inventor： Chunlong Liang ,  James T. Mulvey ,  Jose Angel Rodriguez ,  Jose I. Ortiz ,  Xiaoyan Yanni Zhang

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0863 ,  H04L9/3242

Abstract: Mechanisms are provided for salted password protection of computing resources. An entity identifier and password for authenticating an entity to access a protected computing resource are received. A salt value is generated as a random value that is combined with the password to generate a salted password. A hash value is generated based on a hash function and the salted password as an input to the hash function. Based on the password, an encryption key is generated for encrypting the salt value. The salt value is encrypted based on the encryption key and an encryption algorithm to generate an encrypted salt value. The entity identifier, hash value, and encrypted salt value are stored in a secured database for later retrieval to validate subsequent access requests specifying the entity identifier.

公开(公告)号：US10706078B2

公开(公告)日：2020-07-07

申请号：US15834486

申请日：2017-12-07

Applicant: International Business Machines Corporation

Inventor： Carlos N. Andreu ,  Rajesh Balasubramanian ,  William D. Dodd ,  Chunlong Liang ,  Eduardo N. Spring

IPC: G06F16/35 ,  G06F16/28 ,  G06F16/11

Abstract: Arrangements described herein relate to collaborative environments and, more particularly, to use of a microblog to enhance communication in an organization. The present arrangements can include receiving from a first user a first microblog entry into a microblog, identifying at least one keyword associated with the first microblog entry, and assigning to the at least one keyword a tag creating an association between the at least one keyword and at least one data repository. The arrangements further can include establishing bidirectional integration between the microblog and the at least one data repository of information related to the tag creating the association between the at least one keyword and the at least one data repository.

公开(公告)号：US09276869B2

公开(公告)日：2016-03-01

申请号：US13732727

申请日：2013-01-02

Applicant: International Business Machines Corporation

Inventor： William D. Dodd ,  William J. O'Donnell ,  Eduardo N. Spring ,  Chunlong Liang

IPC: G06F15/173 ,  H04L12/911 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L47/70 ,  H04L63/0815 ,  H04L67/02 ,  H04L67/327

Abstract: An identity provider (IdP) discovery service operative at a service provider (SP) is described. In operation, and as valid requests are received by the SP via normal IdP-initiated flows, the SP builds-up knowledge about the relationship between the IdP (that redirected the request) and the initiator of the request. The IdP instance typically is inferred from an HTTP referrer field, and information about the initiator may be ascertained from client-specific information, such as client system IP address, client DNS domain, a domain of a user e-mail address, a target URL for the incoming request, or the value associated with a particular HTTP header field. This knowledge is maintained in one or more mapping table(s) that associate request attributes-to-IdP instance data. The mappings are then used to facilitate IdP discovery for a new incoming request to the SP that has been determined to originate from other than an IdP.

Abstract translation: 描述在服务提供商（SP）处操作的身份提供商（IdP）发现服务。 在操作中，SP通过正常的IdP发起的流程接收到有效请求，SP建立了关于IdP（重定向请求）与请求发起者之间的关系的知识。 IdP实例通常是从HTTP引用者字段推断的，并且可以从客户端特定信息（例如客户端系统IP地址，客户端DNS域，用户电子邮件地址的域，目标URL）中确定关于发起者的信息 对于传入请求，或与特定HTTP头字段相关联的值。 该知识被维护在将请求属性与IdP实例数据相关联的一个或多个映射表中。 然后，使用映射来促进对已经被确定源于除IdP之外的SP的新的传入请求的IdP发现。

公开(公告)号：US20150293991A1

公开(公告)日：2015-10-15

申请号：US14624690

申请日：2015-02-18

Applicant: International Business Machines Corporation

Inventor： Carlos N. Andreu ,  Rajesh Balasubramanian ,  William D. Dodd ,  Chunlong Liang ,  Eduardo N. Spring

IPC: G06F17/30

CPC classification number: G06F17/30598 ,  G06F17/30073 ,  G06F17/30705

Abstract: Arrangements described herein relate to collaborative environments and, more particularly, to use of a microblog to enhance communication in an organization. The present arrangements can include receiving from a first user a first microblog entry into a microblog, identifying at least one keyword associated with the first microblog entry, and assigning to the at least one keyword a tag creating an association between the at least one keyword and at least one data repository. The arrangements further can include establishing bidirectional integration between the microblog and the at least one data repository of information related to the tag creating the association between the at least one keyword and the at least one data repository.

公开(公告)号：US20150293987A1

公开(公告)日：2015-10-15

申请号：US14251357

申请日：2014-04-11

Applicant: International Business Machines Corporation

Inventor： Carlos N. Andreu ,  Rajesh Balasubramanian ,  William D. Dodd ,  Chunlong Liang ,  Eduardo N. Spring

IPC: G06F17/30

CPC classification number: G06F17/30598 ,  G06F17/30073 ,  G06F17/30705

Abstract: Arrangements described herein relate to collaborative environments and, more particularly, to use of a microblog to enhance communication in an organization. The present arrangements can include receiving from a first user a first microblog entry into a microblog, identifying at least one keyword associated with the first microblog entry, and assigning to the at least one keyword a tag creating an association between the at least one keyword and at least one data repository. The arrangements further can include establishing bidirectional integration between the microblog and the at least one data repository of information related to the tag creating the association between the at least one keyword and the at least one data repository.

Abstract translation: 这里描述的安排涉及协作环境，更具体地，涉及使用微博来增强组织中的通信。 目前的布置可以包括从第一用户接收第一微博条目到微博中，识别与第一微博条目相关联的至少一个关键字，以及向至少一个关键字分配标签，该标签创建至少一个关键字与 至少一个数据存储库。 所述安排还可以包括在所述微博和所述至少一个数据存储库之间建立与所述标签相关的信息之间的双向集成，从而创建所述至少一个关键字与所述至少一个数据存储库之间的关联。

公开(公告)号：US20140165194A1

公开(公告)日：2014-06-12

申请号：US13706691

申请日：2012-12-06

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： William Durward Dodd ,  Chunlong Liang ,  William J O'Donnell ,  Eduardo N Spring

IPC: G06F21/55

CPC classification number: H04L63/1441

Abstract: Protection against an attack which exploits an eXtensible Markup Language (XML) Encryption vulnerability includes receiving a ciphertext request utilizing an EncryptedKey element and detecting either a failure to decrypt the cipher value in the EncryptedData element or a failure to parse the resulting decrypted XML. Upon detecting the failure, a count of failures associated with the EncryptedKey element is incremented, and when the count exceeds a threshold number of failures, subsequent usage of the EncryptedKey element and delivery of the request to an application service are prevented. Optionally, a rejection message is returned to the requester.

Abstract translation: 利用可扩展标记语言（XML）加密漏洞的攻击防范包括使用EncryptedKey元素接收密文请求，并检测到EncryptedData元素中的密码解密失败或解析生成的解密XML的失败。 在检测到故障时，增加与EncryptedKey元素相关联的故障计数，并且当计数超过阈值数量的故障时，防止EncryptedKey元素的后续使用和向应用服务发送请求。 可选地，拒绝消息被返回给请求者。