-
公开(公告)号:US20090119672A1
公开(公告)日:2009-05-07
申请号:US11934443
申请日:2007-11-02
申请人: Laurent Bussard , Anna Wojtas
发明人: Laurent Bussard , Anna Wojtas
IPC分类号: G06F9/50
CPC分类号: G06F21/335 , G06F9/468 , G06F2221/2111 , G06F2221/2141 , H04L63/101 , H04L67/16 , H04L67/327
摘要: A delegation metasystem for composite services is described, where a composite service is a service which calls other services during its operation. In an embodiment, the composite service is defined using generic descriptions for any services (and their access control models) which may be called by the composite service during operation. At run time, these generic descriptions and potentially other factors, such as the user of the composite service, are used to select actual available services which may be called by the composite service and access rights for the selected services are delegated to the composite service. These access rights may subsequently be revoked when the composite service terminates.
摘要翻译: 描述了复合服务的委托元系统,其中组合服务是在其操作期间调用其他服务的服务。 在一个实施例中,使用在操作期间可由组合服务调用的任何服务(及其访问控制模型)的通用描述定义组合服务。 在运行时,这些通用描述和潜在的其他因素(例如组合服务的用户)被用于选择可由组合服务调用的实际可用服务,并且所选服务的访问权限被委派给组合服务。 当复合服务终止时,这些访问权限随后可能被撤销。
-
公开(公告)号:US08601482B2
公开(公告)日:2013-12-03
申请号:US11934443
申请日:2007-11-02
申请人: Laurent Bussard , Anna Wojtas
发明人: Laurent Bussard , Anna Wojtas
CPC分类号: G06F21/335 , G06F9/468 , G06F2221/2111 , G06F2221/2141 , H04L63/101 , H04L67/16 , H04L67/327
摘要: A delegation metasystem for composite services is described, where a composite service is a service which calls other services during its operation. In an embodiment, the composite service is defined using generic descriptions for any services (and their access control models) which may be called by the composite service during operation. At run time, these generic descriptions and potentially other factors, such as the user of the composite service, are used to select actual available services which may be called by the composite service and access rights for the selected services are delegated to the composite service. These access rights may subsequently be revoked when the composite service terminates.
摘要翻译: 描述了复合服务的委托元系统,其中组合服务是在其操作期间调用其他服务的服务。 在一个实施例中,使用在操作期间可由组合服务调用的任何服务(及其访问控制模型)的通用描述定义组合服务。 在运行时,这些通用描述和潜在的其他因素(例如组合服务的用户)被用于选择可由组合服务调用的实际可用服务,并且所选服务的访问权限被委派给组合服务。 当复合服务终止时,这些访问权限随后可能被撤销。
-
公开(公告)号:US07827407B2
公开(公告)日:2010-11-02
申请号:US11427535
申请日:2006-06-29
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , H04L63/0807
摘要: A scoped federation is described which is referenced by a unique identifier and messages relating to the federation include this unique identifier. The federation is scoped by rules which are stored associated with the unique identifier and upon receipt of a request containing the unique identifier, the related rules are checked to determine if the request is valid.
摘要翻译: 描述了由唯一标识符引用的范围联合,并且与联合相关的消息包括该唯一标识符。 联盟由与唯一标识符相关联的规则限定,并且在接收到包含唯一标识符的请求时,检查相关规则以确定请求是否有效。
-
4.发明申请DATA HANDLING PREFERENCES AND POLICIES WITHIN SECURITY POLICY ASSERTION LANGUAGE 审中-公开数据处理优先权和政策在安全政策评估语言中的应用公开(公告)号:US20100153695A1
公开(公告)日:2010-06-17
申请号:US12336349
申请日:2008-12-16
申请人: Laurent Bussard , Moritz Y. Becker
发明人: Laurent Bussard , Moritz Y. Becker
CPC分类号: G06F21/57 , G06F21/6245 , G06F2221/2141
摘要: Whether user-side privacy preferences and service-side privacy policies are matched is determined utilizing an extended security policy assertion language. Both privacy policies, i.e. how data recipients promise to treat data, and privacy preferences, i.e. how data providers expect their data to be treated, are expressed with the same language. Decisions are made through evaluation of queries based on preference and policy assertions.
摘要翻译: 使用扩展安全策略断言语言确定用户侧隐私偏好和服务侧隐私策略是否匹配。 两种隐私政策,即数据接收方如何处理数据,以及隐私偏好,即数据提供商如何预期其数据被处理的两个表达方式都是以相同的语言表达的。 通过基于偏好和政策主张的查询评估来做出决策。
-
公开(公告)号:US20100082989A1
公开(公告)日:2010-04-01
申请号:US12238917
申请日:2008-09-26
CPC分类号: G06F21/6218
摘要: A method of storing a composite service on an untrusted host without enabling the untrusted host to access resources called by the composite service is described. In an embodiment, the delegator provides a delegatee with credentials to enable verification of the composite service and to enable access to the resources. The credential which is provided to enable access to the resources may be a credential which can be used to decrypt access credentials for each of the resources. These access credentials are stored in encrypted form in a credential store. The delegatee downloads the composite service and the encrypted access credentials and executes the composite service once it has been verified.
摘要翻译: 描述了将复合服务存储在不受信任的主机上而不使得不可信主机能够访问由复合服务调用的资源的方法。 在一个实施例中,委托方向委托人提供凭证以使得验证复合服务并且能够访问资源。 被提供以使得能够访问资源的证书可以是可用于解密每个资源的访问凭证的凭证。 这些访问凭据以加密形式存储在凭证存储中。 委托人下载复合服务和加密的访问凭证,并在验证后执行复合服务。
-
公开(公告)号:US07673330B2
公开(公告)日:2010-03-02
申请号:US11326278
申请日:2006-01-05
申请人: Laurent Bussard , Alain Gefflaut
发明人: Laurent Bussard , Alain Gefflaut
IPC分类号: G06F7/04
CPC分类号: H04L12/185 , H04L12/1818 , H04L12/189
摘要: Provided is ad-hoc creation of groups based on contextual information comprising. Two mechanisms are used to restrict valid members of a group. First, to make sure that devices are somehow related, devices provide contextual information that is compared to the contextual information provided by other devices willing to join the group. Only devices providing “similar” contextual information are accepted as possible candidates in the group. Second, to scope the group, a time window is used to limit the duration of the group creation. In other words, access to the group is reserved to the devices that can provide similar context information to existing member of the group in a defined time window. Security properties are ensured by enabling a visual check of the list of group participants. For instance, a member can verify that the displayed pictures indeed represent the attendees of an ongoing meeting.
摘要翻译: 提供基于上下文信息的特设创建组。 两个机制用于限制组的有效成员。 首先,为了确保设备有某种相关性,设备提供与愿意加入该组的其他设备提供的上下文信息进行比较的上下文信息。 只有提供“相似”上下文信息的设备才被接受为组中可能的候选者。 第二,为了对组进行分组,使用时间窗口来限制组创建的持续时间。 换句话说,对于可以在定义的时间窗口中为组中的现有成员提供类似上下文信息的设备保留对组的访问。 通过对组参与者列表的目视检查来确保安全属性。 例如,成员可以验证所显示的图片确实代表正在进行的会议的与会者。
-
公开(公告)号:US20100017602A1
公开(公告)日:2010-01-21
申请号:US12146774
申请日:2008-06-26
申请人: Laurent Bussard , Ulrich Muller , Alain Gefflaut
发明人: Laurent Bussard , Ulrich Muller , Alain Gefflaut
CPC分类号: H04L9/0844 , H04L9/3236 , H04L9/3271
摘要: Methods for ad-hoc trust establishment using visual verification are described. In a first embodiment, a visual representation of a shared data is generated on two or more devices and the visual representations generated can be visually compared by a user. This method can be used to verify that the correct devices are involved in a negotiation, when pre-existing trust relationships do not exist between the devices. The visual representation may, for example, comprise a picture with a number of different elements, each representing a part of the shared data. In another embodiment, a method of secure key exchange is described in which, before sharing the keys, the parties exchange information which encapsulates the key. This information can be used subsequently to check that a party has not changed the key that they are using and prevents a man in the middle attack.
摘要翻译: 描述了使用视觉验证的即席信任建立方法。 在第一实施例中,在两个或多个设备上生成共享数据的视觉表示,并且可以由用户视觉地比较生成的视觉表示。 当设备之间不存在预先存在的信任关系时,此方法可用于验证正确的设备是否参与协商。 视觉表示可以例如包括具有多个不同元素的图像,每个图像表示共享数据的一部分。 在另一个实施例中,描述了一种安全密钥交换方法,其中在共享密钥之前,双方交换封装密钥的信息。 随后可以使用此信息来检查一方是否没有改变他们正在使用的密钥,并防止中间人员发生攻击。
-
公开(公告)号:US20070168332A1
公开(公告)日:2007-07-19
申请号:US11326278
申请日:2006-01-05
申请人: Laurent Bussard , Alain Gefflaut
发明人: Laurent Bussard , Alain Gefflaut
IPC分类号: G06F17/30
CPC分类号: H04L12/185 , H04L12/1818 , H04L12/189
摘要: Provided is ad-hoc creation of groups based on contextual information comprising. Two mechanisms are used to restrict valid members of a group. First, to make sure that devices are somehow related, devices provide contextual information that is compared to the contextual information provided by other devices willing to join the group. Only devices providing “similar” contextual information are accepted as possible candidates in the group. Second, to scope the group, a time window is used to limit the duration of the group creation. In other words, access to the group is reserved to the devices that can provide similar context information to existing member of the group in a defined time window. Security properties are ensured by enabling a visual check of the list of group participants. For instance, a member can verify that the displayed pictures indeed represent the attendees of an ongoing meeting.
摘要翻译: 提供基于上下文信息的特设创建组,包括。 两个机制用于限制组的有效成员。 首先,为了确保设备有某种相关性,设备提供与愿意加入该组的其他设备提供的上下文信息进行比较的上下文信息。 只有提供“相似”上下文信息的设备才被接受为组中可能的候选者。 第二,为了对组进行分组,使用时间窗口来限制组创建的持续时间。 换句话说,对于可以在定义的时间窗口中为组中的现有成员提供类似上下文信息的设备保留对组的访问。 通过对组参与者列表的目视检查来确保安全属性。 例如,成员可以验证所显示的图片确实代表正在进行的会议的与会者。
-
公开(公告)号:US20110283335A1
公开(公告)日:2011-11-17
申请号:US12779029
申请日:2010-05-12
申请人: Laurent Bussard , Moritz Y. Becker
发明人: Laurent Bussard , Moritz Y. Becker
CPC分类号: G06F16/3344
摘要: A logic language model for handling of personal data by specifying users' preferences on how their personal data should be treated by data-collecting services and the services' policies on how they will treat collected data is provided. Preferences and policies are specified in terms of granted rights and required obligations, expressed as declarative assertions and queries. Query evaluation is formalized by a proof system for verifying whether a policy satisfies a preference is defined.
摘要翻译: 通过指定用户对数据收集服务应如何处理其个人资料的偏好以及服务的政策如何处理收集的数据,提供处理个人数据的逻辑语言模型。 偏好和政策是根据授权的权利和所需的义务来规定的,以声明性的断言和查询形式表达。 查询评估由用于验证策略是否满足优先级的证明系统形式化。
-
公开(公告)号:US08621210B2
公开(公告)日:2013-12-31
申请号:US12146774
申请日:2008-06-26
申请人: Laurent Bussard , Ulrich Müller , Alain Gefflaut
发明人: Laurent Bussard , Ulrich Müller , Alain Gefflaut
CPC分类号: H04L9/0844 , H04L9/3236 , H04L9/3271
摘要: Methods for ad-hoc trust establishment using visual verification are described. In a first embodiment, a visual representation of a shared data is generated on two or more devices and the visual representations generated can be visually compared by a user. This method can be used to verify that the correct devices are involved in a negotiation, when pre-existing trust relationships do not exist between the devices. The visual representation may, for example, comprise a picture with a number of different elements, each representing a part of the shared data. In another embodiment, a method of secure key exchange is described in which, before sharing the keys, the parties exchange information which encapsulates the key. This information can be used subsequently to check that a party has not changed the key that they are using and prevents a man in the middle attack.
摘要翻译: 描述了使用视觉验证的即席信任建立方法。 在第一实施例中,在两个或多个设备上生成共享数据的视觉表示,并且可以由用户视觉地比较生成的视觉表示。 当设备之间不存在预先存在的信任关系时,此方法可用于验证正确的设备是否参与协商。 视觉表示可以例如包括具有多个不同元素的图像,每个图像表示共享数据的一部分。 在另一个实施例中,描述了一种安全密钥交换方法,其中在共享密钥之前,双方交换封装密钥的信息。 随后可以使用此信息来检查一方是否没有改变他们正在使用的密钥,并防止中间人员发生攻击。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.013 秒)
