公开(公告)号：US20050138061A1

公开(公告)日：2005-06-23

申请号：US10741708

申请日：2003-12-19

Applicant: David Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

Inventor： David Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

IPC: G06F17/00

CPC classification number: G06F17/00 ,  G06F17/30 ,  G06Q10/00 ,  G06Q10/06 ,  G06Q10/10 ,  Y10S707/99939

Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

Abstract translation: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。 然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

公开(公告)号：US07284000B2

公开(公告)日：2007-10-16

申请号：US10741708

申请日：2003-12-19

Applicant: David G. Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent C. Williams ,  Sharon L. Cutcher ,  Sumit Taank ,  Brian A. Stube ,  Hari Shankar

Inventor： David G. Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent C. Williams ,  Sharon L. Cutcher ,  Sumit Taank ,  Brian A. Stube ,  Hari Shankar

IPC: G06F17/30

CPC classification number: G06F17/00 ,  G06F17/30 ,  G06Q10/00 ,  G06Q10/06 ,  G06Q10/10 ,  Y10S707/99939

Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

Abstract translation: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。 然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

公开(公告)号：US20050138420A1

公开(公告)日：2005-06-23

申请号：US10741904

申请日：2003-12-19

Applicant: Govindaraj Sampathkumar ,  Pratik Gupta ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

Inventor： Govindaraj Sampathkumar ,  Pratik Gupta ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

IPC: H04L9/00

CPC classification number: G06Q10/10 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2145

Abstract: A role hierarchy is automatically generated by hierarchically ranking roles in a role based control system, each role including a plurality of identities having attributes. Iteratively at each hierarchical level: each non-cohesive role (wherein, in this case, at least one attribute is not possessed by every identity in the role) is replaced, at the same hierarchical level, by a cohesive role formed by grouping identities having at least one common attribute. The remaining identities are clustered into children roles based on attributes other than the common attribute, and the children roles are added to the role hierarchy at a hierarchical level below the cohesive role. If no common attribute exists in the non-cohesive role, the role is clustered into two or more new roles based on all the attributes in the role, and the non-cohesive role is replaced with the new roles at the same hierarchical level.

Abstract translation: 通过在基于角色的控制系统中对角色进行分级排序自动生成角色层次结构，每个角色包括具有属性的多个身份。 迭代地在每个层次级别：每个非凝聚的角色（其中，在这种情况下，角色中的每个身份不具有至少一个属性）在相同的层次上由通过将身份分组 至少有一个共同的属性。 剩余的身份基于公共属性以外的属性聚类成儿童角色，并且儿童角色被添加到角色层次结构中，层级低于凝聚角色。 如果非凝聚角色中不存在共同属性，则该角色将基于角色中的所有属性聚集到两个或多个新角色中，并且将非相关角色替换为同一层次级别的新角色。

公开(公告)号：US08533168B2

公开(公告)日：2013-09-10

申请号：US11780956

申请日：2007-07-20

Applicant: David G. Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent C. Williams ,  Sharon L. Cutcher ,  Sumit Taank ,  Brian A. Stube ,  Hari Shankar

Inventor： David G. Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent C. Williams ,  Sharon L. Cutcher ,  Sumit Taank ,  Brian A. Stube ,  Hari Shankar

IPC: G06F17/00 ,  G06F17/30 ,  G06Q10/00

CPC classification number: G06F17/00 ,  G06F17/30 ,  G06Q10/00 ,  G06Q10/06 ,  G06Q10/10 ,  Y10S707/99939

Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

Abstract translation: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。 然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

公开(公告)号：US20080016104A1

公开(公告)日：2008-01-17

申请号：US11780956

申请日：2007-07-20

Applicant: David Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

Inventor： David Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

IPC: G06F17/00

CPC classification number: G06F17/00 ,  G06F17/30 ,  G06Q10/00 ,  G06Q10/06 ,  G06Q10/10 ,  Y10S707/99939

Abstract: Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

Abstract translation: 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。 然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

公开(公告)号：US07031909B2

公开(公告)日：2006-04-18

申请号：US10096048

申请日：2002-03-12

Applicant: Jianchang Mao ,  Sumit Taank ,  Christina Chung ,  Alpha Luk

Inventor： Jianchang Mao ,  Sumit Taank ,  Christina Chung ,  Alpha Luk

IPC: G06F17/20 ,  G06F17/28

CPC classification number: G06F17/2775 ,  G06F17/2715 ,  G06F17/2785 ,  G06F17/2795 ,  G06F17/30705 ,  Y10S707/99933

Abstract: The present invention provides a method, system and computer program for naming a cluster, or a hierarchy of clusters, of words and phrases that have been extracted from a set of documents. The invention takes these clusters as the input and generates appropriate labels for the clusters using a lexical database. Naming involves first finding out all possible word senses for all the words in the cluster, using the lexical database; and then augmenting each word sense with words that are semantically similar to that word sense to form respective definition vectors. Thereafter, word sense disambiguation is done to find out the most relevant sense for each word. Definition vectors are clustered into groups. Each group represents a concept. These concepts are thereafter ranked based on their support. Finally, a pre-specified number of words and phrases from the definition vectors of the dominant concepts are selected as labels, based on their generality in the lexical database. Therefore, the labels may not necessarily consist of the original words in the cluster. A hierarchy of clusters is named in a recursive fashion starting from leaf clusters. Dominant concepts in child clusters are propagated into their parent to reduce the labeling complexity of parent clusters.

公开(公告)号：US08365261B2

公开(公告)日：2013-01-29

申请号：US12169807

申请日：2008-07-09

Applicant: Anamitra Bhattacharyya ,  Ann Marie Fred ,  Hari H. Madduri ,  Thomas J. Sarasin ,  Sumit Taank

Inventor： Anamitra Bhattacharyya ,  Ann Marie Fred ,  Hari H. Madduri ,  Thomas J. Sarasin ,  Sumit Taank

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L63/20

Abstract: A method for implementing organization-specific policy during establishment of an autonomous connection between computer resources includes evaluating a relative priority between default credentials and alternative credentials; and using the highest priority credentials to establish a connection between the computer resources. The alternative credentials are based on organization-specific policy and provide for autonomous connections between computer resources differently than the default credentials.

Abstract translation: 在建立计算机资源之间的自主连接的过程中实现组织特定策略的方法包括评估默认凭据和替代证书之间的相对优先级; 并使用最高优先级的凭据来建立计算机资源之间的连接。 替代凭证基于组织特定策略，并提供与默认凭据不同的计算机资源之间的自主连接。

公开(公告)号：US20100011408A1

公开(公告)日：2010-01-14

申请号：US12169807

申请日：2008-07-09

Applicant: Anamitra Bhattacharyya ,  Ann Marie Fred ,  Hari H. Madduri ,  Thomas J. Sarasin ,  Sumit Taank

Inventor： Anamitra Bhattacharyya ,  Ann Marie Fred ,  Hari H. Madduri ,  Thomas J. Sarasin ,  Sumit Taank

IPC: H04L9/32 ,  H04L9/00

CPC classification number: H04L63/10 ,  H04L63/20

Abstract: An organization-specific policy is implemented during establishment of an autonomous connection between computer resources includes evaluating a relative priority between default credentials and alternative credentials; and using the highest priority credentials to establish a connection between the computer resources. The alternative credentials are based organization-specific policy and provide for autonomous connections between computer resources differently than the default credentials.

Abstract translation: 在建立计算机资源之间的自主连接的过程中实施组织特定策略，包括评估默认凭据和替代凭证之间的相对优先级; 并使用最高优先级的凭据来建立计算机资源之间的连接。 替代凭证是基于组织的特定策略，并提供与默认凭据不同的计算机资源之间的自主连接。

公开(公告)号：US07085771B2

公开(公告)日：2006-08-01

申请号：US10150795

申请日：2002-05-17

Applicant: Christina Yip Chung ,  Jinhui Liu ,  Alpha Luk ,  Jianchang Mao ,  Sumit Taank ,  Vamsi Vutukuru

Inventor： Christina Yip Chung ,  Jinhui Liu ,  Alpha Luk ,  Jianchang Mao ,  Sumit Taank ,  Vamsi Vutukuru

IPC: F17

CPC classification number: G06F17/2785 ,  G06F17/30616 ,  G06F17/3071 ,  Y10S707/99937 ,  Y10S707/99943

Abstract: The invention is a method, system and computer program for automatically discovering concepts from a corpus of documents and automatically generating a labeled concept hierarchy. The method involves extraction of signatures from the corpus of documents. The similarity between signatures is computed using a statistical measure. The frequency distribution of signatures is refined to alleviate any inaccuracy in the similarity measure. The signatures are also disambiguated to address the polysemy problem. The similarity measure is recomputed based on the refined frequency distribution and disambiguated signatures. The recomputed similarity measure reflects actual similarity between signatures. The recomputed similarity measure is then used for clustering related signatures. The signatures are clustered to generate concepts and concepts are arranged in a concept hierarchy. The concept hierarchy automatically generates query for a particular concept and retrieves relevant documents associated with the concept.

公开(公告)号：US20050138419A1

公开(公告)日：2005-06-23

申请号：US10741634

申请日：2003-12-19

Applicant: Pratik Gupta ,  Govindaraj Sampathkumar ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

Inventor： Pratik Gupta ,  Govindaraj Sampathkumar ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

IPC: G06F11/30 ,  H04L9/32

CPC classification number: G06F21/6218

Abstract: An automated, bottom-up role discovery method for a role based control system includes automatically extracting identities and attributes from data sources and automatically clustering the identities based on the attributes to form recommended roles. The recommended roles may be modified by intervention of an administrator. Additionally, the recommended roles may be aggregated by defining the role definition as an attribute of each constituent identity, and re-clustering the identities to generate refined roles. The recommended, modified, and/or refined roles may then be utilized in a role based control system, such as a role based access control system. Periodically performing the role discovery process provides a means to audit a role based access control system.

Abstract translation: 用于基于角色的控制系统的自动化的自下而上角色发现方法包括自动从数据源提取身份和属性，并根据属性自动聚类身份以形成推荐角色。 推荐的角色可以通过管理员的干预来修改。 另外，推荐的角色可以通过将角色定义定义为每个组成标识的属性来进行聚合，并重新聚集身份以生成精细角色。 然后，可以在基于角色的控制系统（例如基于角色的访问控制系统）中使用推荐的，修改的和/或细化的角色。 定期执行角色发现过程提供了一种审核基于角色的访问控制系统的方法。