公开(公告)号：US07941859B2

公开(公告)日：2011-05-10

申请号：US10874421

申请日：2004-06-23

Applicant: Jan L. Camenisch ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

Inventor： Jan L. Camenisch ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

IPC: H04L17/30 ,  G06F17/30 ,  G06F12/14

CPC classification number: G06F21/6245

Abstract: Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.

Abstract translation: 用于减少或最小化敏感信息访问的方法，系统和存储介质。 一种方法包括识别与计算机系统相关联的过程和数据，并将每个数据分类为敏感信息或非敏感信息之一。 敏感信息包括以下至少一项：对个人个人的数据，机密数据和法律上受限于使用条件的数据。 对于每个过程，该方法包括选择过程和敏感数据项，修改敏感数据项，分析至少所选过程的行为，以及如果结果，则阻止敏感数据项的访问。 在分析的情况下，敏感数据项被确定为所选择的处理不需要。

公开(公告)号：US20080235805A1

公开(公告)日：2008-09-25

申请号：US10597664

申请日：2005-01-28

Applicant: Birgit M. Pfitzmann ,  Michael P. Waidner

Inventor： Birgit M. Pfitzmann ,  Michael P. Waidner

IPC: G06F1/00

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F2221/0773 ,  G06F2221/2137

Abstract: Software licence management systems are provided in which a licence to use a software product is represented by a data token. The systems have a software controller for controlling use of the software product at a user device, and a licence management server for communicating with the software controller via a data communications network. The software controller allows use of the software product at the user device substantially only during a use period associated with a current data token supplied to the software controller by the licence management server. An exchange token can be supplied to another, similar software controller when necessary to transfer the licence, e.g. in the event of a breakdown. The software controller is adapted to supply either the current data token, or the exchange token, to the licence management server to be exchanged for a new data token.

Abstract translation: 提供了软件许可证管理系统，其中使用软件产品的许可证由数据令牌表示。 该系统具有用于控制在用户设备处使用软件产品的软件控制器，以及用于经由数据通信网络与软件控制器进行通信的许可证管理服务器。 软件控制器允许基本上仅在与由许可证管理服务器提供给软件控制器的当前数据令牌相关联的使用期间内在用户设备处使用软件产品。 交换令牌可以在必要时提供给另一个类似的软件控制器来传送许可证，例如 发生故障时。 软件控制器适于将当前数据令牌或交换令牌提供给许可证管理服务器，以交换新的数据令牌。

公开(公告)号：US07302569B2

公开(公告)日：2007-11-27

申请号：US10643798

申请日：2003-08-19

Applicant: Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

Inventor： Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

IPC: H04L29/00

CPC classification number: G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract translation: 通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。

公开(公告)号：US08205266B2

公开(公告)日：2012-06-19

申请号：US10597664

申请日：2005-01-28

Applicant: Birgit M. Pfitzmann ,  Michael P. Waidner

Inventor： Birgit M. Pfitzmann ,  Michael P. Waidner

IPC: G06F21/00

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F2221/0773 ,  G06F2221/2137

Abstract: Software license management systems are provided in which a license to use a software product is represented by a data token. The systems have a software controller for controlling use of the software product at a user device, and a license management server for communicating with the software controller via a data communications network. The software controller allows use of the software product at the user device substantially only during a use period associated with a current data token supplied to the software controller by the license management server. An exchange token can be supplied to another, similar software controller when necessary to transfer the license, e.g. in the event of a breakdown. The software controller is adapted to supply either the current data token, or the exchange token, to the license management server to be exchanged for a new data token.

Abstract translation: 提供了软件许可证管理系统，其中使用软件产品的许可证由数据令牌表示。 该系统具有用于控制在用户设备处使用软件产品的软件控制器，以及用于经由数据通信网络与软件控制器进行通信的许可证管理服务器。 软件控制器允许基本上仅在与由许可证管理服务器提供给软件控制器的当前数据令牌相关联的使用期间内在用户设备上使用该软件产品。 交换令牌可以在必要时提供给另一个类似的软件控制器来传送许可证，例如 发生故障时。 软件控制器适于将当前数据令牌或交换令牌提供给许可证管理服务器，以交换新的数据令牌。

公开(公告)号：US07617393B2

公开(公告)日：2009-11-10

申请号：US11764487

申请日：2007-06-18

Applicant: Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Michael P. Waidner ,  Matthias Schunter

Inventor： Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Michael P. Waidner ,  Matthias Schunter

IPC: H04L29/00

CPC classification number: G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract translation: 通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。

公开(公告)号：US08819672B2

公开(公告)日：2014-08-26

申请号：US12885752

申请日：2010-09-20

Applicant: Nikolai A. Joukov ,  Birgit M. Pfitzmann

Inventor： Nikolai A. Joukov ,  Birgit M. Pfitzmann

IPC: G06F9/445

CPC classification number: G06F9/45558 ,  G06F8/63 ,  G06F2009/4557

Abstract: A system and method for application migration include matching an infrastructure of a source application with a plurality of multi-image work sets from a catalog by selecting a mapping of components of the infrastructure with components in the multi-image work sets to provide one or more selected multi-images. The source application is migrated to a target environment using the one or more selected multi-images.

Abstract translation: 用于应用迁移的系统和方法包括通过选择基础设施的组件与多图像工作集中的组件的映射来匹配源应用的基础设施与来自目录的多个多图像工作集，以提供一个或多个 选择多图像。 源应用程序使用一个或多个所选的多个映像迁移到目标环境。

公开(公告)号：US20120284389A1

公开(公告)日：2012-11-08

申请号：US13553342

申请日：2012-07-19

Applicant: Alain C. Azagury ,  Murthy V. Devarakonda ,  Nikolai Joukov ,  Manoj Kumar ,  Konstantinos Magoutis ,  Birgit M. Pfitzmann ,  Norbert G. Vogl

Inventor： Alain C. Azagury ,  Murthy V. Devarakonda ,  Nikolai Joukov ,  Manoj Kumar ,  Konstantinos Magoutis ,  Birgit M. Pfitzmann ,  Norbert G. Vogl

IPC: G06F15/173

CPC classification number: G06F21/604 ,  G06F2221/2101

Abstract: A method, system, computer program product, and computer program storage device for transforming a high-level policy associated with a high layer to a low-level policy associated with a low layer. Mapping between high-level objects in a high layer and low-level objects in a low layer is derived by an automated discovery tool. The high-level policy is mapped to the low-level policy according to the mapping (e.g., by substituting the high-level objects with the low-level objects and by performing a syntax transformation). In one embodiment, a low-level policy is transformed to a high-level policy according to the mapping. As exemplary embodiments, policy transformations in traffic shaping and data retention are disclosed.

公开(公告)号：US20120054727A1

公开(公告)日：2012-03-01

申请号：US12871468

申请日：2010-08-30

Applicant: Nikolai A. Joukov ,  Joel P. Ossher ,  Birgit M. Pfitzmann ,  Vasily Tarasov

Inventor： Nikolai A. Joukov ,  Joel P. Ossher ,  Birgit M. Pfitzmann ,  Vasily Tarasov

IPC: G06F9/44

CPC classification number: G06F9/44505

Abstract: A system and method includes discovering one or more instances of external resource access by statically analyzing application code. One or more locations of constants are identified in the application code and a configuration repository that specify addresses of discovered instances of external resource access. The application code and the configuration repository are updated to change values of the constants to enable migration.

Abstract translation: 系统和方法包括通过静态分析应用代码来发现外部资源访问的一个或多个实例。 在应用程序代码中标识一个或多个常量位置，以及指定外部资源访问的已发现实例的地址的配置库。 更新应用程序代码和配置库以更改常量的值以启用迁移。

公开(公告)号：US07987253B2

公开(公告)日：2011-07-26

申请号：US12187861

申请日：2008-08-07

Applicant: Birgit M. Pfitzmann

Inventor： Birgit M. Pfitzmann

IPC: G06F15/173

CPC classification number: G06F21/6209

Abstract: Provides methods, apparatus and systems for determining an applicable policy for an incoming message having a service-level addressing element. A method includes the following steps: a) applying a potentially applicable policy (P1) on the incoming message to make the service-level addressing element of the incoming message visible, b) if the service-level addressing element of the incoming message gets visible and is the one to which the currently applied policy (P1) is associated, the currently applied policy (P1) is determined to be the applicable policy, and if not associated c) repeating steps a) and b) with a further potentially applicable policy (P2 . . . Pn).

Abstract translation: 提供用于确定具有服务级别寻址元素的输入消息的适用策略的方法，装置和系统。 一种方法包括以下步骤：a）对传入消息应用可能适用的策略（P1），使得传入消息的服务级寻址元素可见，b）如果传入消息的服务级寻址元素可见 并且是当前应用策略（P1）所关联的策略（P1）的当前应用策略（P1）被确定为适用策略，如果不是相关联的c）重复步骤a）和b）具有进一步潜在适用的策略 （P2 ... Pn）。

公开(公告)号：US20100319060A1

公开(公告)日：2010-12-16

申请号：US12485345

申请日：2009-06-16

Applicant: Louis E. Aiken ,  John K. Baker ,  Kamal Bhattacharya ,  Robert P. Boettcher ,  Murthy V. Devarakonda ,  Nikolai A. Joukov ,  Timothy P. Kane, SR. ,  Steve Lee ,  Matthew A. Markley ,  Birgit M. Pfitzmann ,  Michael Tacci ,  Norbert G. Vogl ,  Anthony G.D. Walker

Inventor： Louis E. Aiken ,  John K. Baker ,  Kamal Bhattacharya ,  Robert P. Boettcher ,  Murthy V. Devarakonda ,  Nikolai A. Joukov ,  Timothy P. Kane, SR. ,  Steve Lee ,  Matthew A. Markley ,  Birgit M. Pfitzmann ,  Michael Tacci ,  Norbert G. Vogl ,  Anthony G.D. Walker

IPC: H04L9/32 ,  G06F15/173

CPC classification number: G06F9/50 ,  H04L63/10

Abstract: A method and system for discovering dependencies, configurations and utilizations among IT resources are disclosed. A discovery team writes a prediscovery script without requesting credentials and sends it to a system administrator (SA) who already has necessary credentials to execute the prediscovery script. Then, the SA reviews the prediscovery script and executes the prediscovery script on a target server. While or after executing the prediscovery script, the target server generates a result of an execution of the prediscovery script and provides the result to an analysis system. The analysis system analyzes and parses the result and generates a user-friendly data (e.g., graph or spreadsheet) that represents the result. Then, the analysis system provides the user-friendly data to the discovery team. The analysis system does not require credentials and does not directly communicate with the target server except receiving the result of the executed prediscovery script from the target server.

Abstract translation: 公开了一种用于发现IT资源之间的依赖关系，配置和利用的方法和系统。 发现团队写入一个预发现脚本而不需要凭据，并将其发送给已经具有执行预发现脚本的必需凭据的系统管理员（SA）。 然后，SA会审查预发现脚本，并在目标服务器上执行预发现脚本。 在执行预发现脚本之后或之后，目标服务器生成执行预发现脚本的结果，并将结果提供给分析系统。 分析系统分析和分析结果，并生成表示结果的用户友好的数据（例如，图形或电子表格）。 然后，分析系统向发现团队提供用户友好的数据。 除了从目标服务器接收执行的预发现脚本的结果之外，分析系统不需要凭据，也不直接与目标服务器进行通信。