公开(公告)号：US07836298B2

公开(公告)日：2010-11-16

申请号：US11565250

申请日：2006-11-30

Applicant: Thomas R. Gross ,  Birgit M. Pfitzmann

Inventor： Thomas R. Gross ,  Birgit M. Pfitzmann

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/41

Abstract: The invention relates to a method for providing an identity-related information (IRI) to a requesting entity (50) by means of an identity provider (40). The invention comprises: a first authenticity reference part generation step (IVa), comprising the generation of a first authenticity reference part (art 1) by the identity provider (40); a first authenticity reference communication step (IVb, IVd) between the client application (30) and the identity provider (40) comprising the communication of the first authenticity reference part (art 1); a second authenticity reference part generation step (VI), comprising the generation of a second authenticity reference part (art 2) by the identity provider (40); a second authenticity reference communication step (VIII, IX) between the identity provider (40) and the requesting entity (50) by means of the first communication protocol comprising the communication of the second authenticity reference part (art 2) and in the referrer element the communication of the first authenticity reference part (art 1).

Abstract translation: 本发明涉及一种通过身份提供者（40）向请求实体（50）提供身份相关信息（IRI）的方法。 本发明包括：第一真实性参考部分生成步骤（IVa），包括由身份提供者（40）生成第一真实性参考部分（艺术1）; 在客户端应用程序（30）和身份提供者（40）之间的第一真实性参考通信步骤（IVb，IVd）包括第一真实性参考部分（第1条）的通信; 第二真伪参考部分生成步骤（VI），包括由身份提供商（40）生成第二真实性参考部分（艺术2）; 通过包括第二真实性参考部分（技术2）的通信的第一通信协议和参照元素中的身份提供者（40）和请求实体（50）之间的第二真实性参考通信步骤（VIII，IX） 第一真实性参考部分的通信（第1条）。

公开(公告)号：US20100064134A1

公开(公告)日：2010-03-11

申请号：US11565250

申请日：2006-11-30

Applicant: Thomas R. Gross ,  Birgit M. Pfitzmann

Inventor： Thomas R. Gross ,  Birgit M. Pfitzmann

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/41

Abstract: The invention relates to a method for providing an identity-related information (IRI) to a requesting entity (50) by means of an identity provider (40). The invention comprises: a first authenticity reference part generation step (IVa), comprising the generation of a first authenticity reference part (art 1) by the identity provider (40); a first authenticity reference communication step (IVb, IVd) between the client application (30) and the identity provider (40) comprising the communication of the first authenticity reference part (art 1); a second authenticity reference part generation step (VI), comprising the generation of a second authenticity reference part (art 2) by the identity provider (40); a second authenticity reference communication step (VIII, IX) between the identity provider (40) and the requesting entity (50) by means of the first communication protocol comprising the communication of the second authenticity reference part (art 2) and in the referrer element the communication of the first authenticity reference part (art 1).

Abstract translation: 本发明涉及一种通过身份提供者（40）向请求实体（50）提供身份相关信息（IRI）的方法。 本发明包括：第一真实性参考部分生成步骤（IVa），包括由身份提供者（40）生成第一真实性参考部分（艺术1）; 在客户端应用程序（30）和身份提供者（40）之间的第一真实性参考通信步骤（IVb，IVd）包括第一真实性参考部分的通信（第1条）; 第二真伪参考部分生成步骤（VI），包括由身份提供商（40）生成第二真实性参考部分（艺术2）; 通过包括第二真实性参考部分（技术2）的通信的第一通信协议和参照元素中的身份提供商（40）和请求实体（50）之间的第二真实性参考通信步骤（VIII，IX） 第一真实性参考部分的通信（第1条）。

公开(公告)号：US08819672B2

公开(公告)日：2014-08-26

申请号：US12885752

申请日：2010-09-20

Applicant: Nikolai A. Joukov ,  Birgit M. Pfitzmann

Inventor： Nikolai A. Joukov ,  Birgit M. Pfitzmann

IPC: G06F9/445

CPC classification number: G06F9/45558 ,  G06F8/63 ,  G06F2009/4557

Abstract: A system and method for application migration include matching an infrastructure of a source application with a plurality of multi-image work sets from a catalog by selecting a mapping of components of the infrastructure with components in the multi-image work sets to provide one or more selected multi-images. The source application is migrated to a target environment using the one or more selected multi-images.

Abstract translation: 用于应用迁移的系统和方法包括通过选择基础设施的组件与多图像工作集中的组件的映射来匹配源应用的基础设施与来自目录的多个多图像工作集，以提供一个或多个 选择多图像。 源应用程序使用一个或多个所选的多个映像迁移到目标环境。

公开(公告)号：US20120284389A1

公开(公告)日：2012-11-08

申请号：US13553342

申请日：2012-07-19

Applicant: Alain C. Azagury ,  Murthy V. Devarakonda ,  Nikolai Joukov ,  Manoj Kumar ,  Konstantinos Magoutis ,  Birgit M. Pfitzmann ,  Norbert G. Vogl

Inventor： Alain C. Azagury ,  Murthy V. Devarakonda ,  Nikolai Joukov ,  Manoj Kumar ,  Konstantinos Magoutis ,  Birgit M. Pfitzmann ,  Norbert G. Vogl

IPC: G06F15/173

CPC classification number: G06F21/604 ,  G06F2221/2101

Abstract: A method, system, computer program product, and computer program storage device for transforming a high-level policy associated with a high layer to a low-level policy associated with a low layer. Mapping between high-level objects in a high layer and low-level objects in a low layer is derived by an automated discovery tool. The high-level policy is mapped to the low-level policy according to the mapping (e.g., by substituting the high-level objects with the low-level objects and by performing a syntax transformation). In one embodiment, a low-level policy is transformed to a high-level policy according to the mapping. As exemplary embodiments, policy transformations in traffic shaping and data retention are disclosed.

公开(公告)号：US20120054727A1

公开(公告)日：2012-03-01

申请号：US12871468

申请日：2010-08-30

Applicant: Nikolai A. Joukov ,  Joel P. Ossher ,  Birgit M. Pfitzmann ,  Vasily Tarasov

Inventor： Nikolai A. Joukov ,  Joel P. Ossher ,  Birgit M. Pfitzmann ,  Vasily Tarasov

IPC: G06F9/44

CPC classification number: G06F9/44505

Abstract: A system and method includes discovering one or more instances of external resource access by statically analyzing application code. One or more locations of constants are identified in the application code and a configuration repository that specify addresses of discovered instances of external resource access. The application code and the configuration repository are updated to change values of the constants to enable migration.

Abstract translation: 系统和方法包括通过静态分析应用代码来发现外部资源访问的一个或多个实例。 在应用程序代码中标识一个或多个常量位置，以及指定外部资源访问的已发现实例的地址的配置库。 更新应用程序代码和配置库以更改常量的值以启用迁移。

公开(公告)号：US07987253B2

公开(公告)日：2011-07-26

申请号：US12187861

申请日：2008-08-07

Applicant: Birgit M. Pfitzmann

Inventor： Birgit M. Pfitzmann

IPC: G06F15/173

CPC classification number: G06F21/6209

Abstract: Provides methods, apparatus and systems for determining an applicable policy for an incoming message having a service-level addressing element. A method includes the following steps: a) applying a potentially applicable policy (P1) on the incoming message to make the service-level addressing element of the incoming message visible, b) if the service-level addressing element of the incoming message gets visible and is the one to which the currently applied policy (P1) is associated, the currently applied policy (P1) is determined to be the applicable policy, and if not associated c) repeating steps a) and b) with a further potentially applicable policy (P2 . . . Pn).

Abstract translation: 提供用于确定具有服务级别寻址元素的输入消息的适用策略的方法，装置和系统。 一种方法包括以下步骤：a）对传入消息应用可能适用的策略（P1），使得传入消息的服务级寻址元素可见，b）如果传入消息的服务级寻址元素可见 并且是当前应用策略（P1）所关联的策略（P1）的当前应用策略（P1）被确定为适用策略，如果不是相关联的c）重复步骤a）和b）具有进一步潜在适用的策略 （P2 ... Pn）。

公开(公告)号：US20100319060A1

公开(公告)日：2010-12-16

申请号：US12485345

申请日：2009-06-16

Applicant: Louis E. Aiken ,  John K. Baker ,  Kamal Bhattacharya ,  Robert P. Boettcher ,  Murthy V. Devarakonda ,  Nikolai A. Joukov ,  Timothy P. Kane, SR. ,  Steve Lee ,  Matthew A. Markley ,  Birgit M. Pfitzmann ,  Michael Tacci ,  Norbert G. Vogl ,  Anthony G.D. Walker

Inventor： Louis E. Aiken ,  John K. Baker ,  Kamal Bhattacharya ,  Robert P. Boettcher ,  Murthy V. Devarakonda ,  Nikolai A. Joukov ,  Timothy P. Kane, SR. ,  Steve Lee ,  Matthew A. Markley ,  Birgit M. Pfitzmann ,  Michael Tacci ,  Norbert G. Vogl ,  Anthony G.D. Walker

IPC: H04L9/32 ,  G06F15/173

CPC classification number: G06F9/50 ,  H04L63/10

Abstract: A method and system for discovering dependencies, configurations and utilizations among IT resources are disclosed. A discovery team writes a prediscovery script without requesting credentials and sends it to a system administrator (SA) who already has necessary credentials to execute the prediscovery script. Then, the SA reviews the prediscovery script and executes the prediscovery script on a target server. While or after executing the prediscovery script, the target server generates a result of an execution of the prediscovery script and provides the result to an analysis system. The analysis system analyzes and parses the result and generates a user-friendly data (e.g., graph or spreadsheet) that represents the result. Then, the analysis system provides the user-friendly data to the discovery team. The analysis system does not require credentials and does not directly communicate with the target server except receiving the result of the executed prediscovery script from the target server.

Abstract translation: 公开了一种用于发现IT资源之间的依赖关系，配置和利用的方法和系统。 发现团队写入一个预发现脚本而不需要凭据，并将其发送给已经具有执行预发现脚本的必需凭据的系统管理员（SA）。 然后，SA会审查预发现脚本，并在目标服务器上执行预发现脚本。 在执行预发现脚本之后或之后，目标服务器生成执行预发现脚本的结果，并将结果提供给分析系统。 分析系统分析和分析结果，并生成表示结果的用户友好的数据（例如，图形或电子表格）。 然后，分析系统向发现团队提供用户友好的数据。 除了从目标服务器接收执行的预发现脚本的结果之外，分析系统不需要凭据，也不直接与目标服务器进行通信。

公开(公告)号：US20090307743A1

公开(公告)日：2009-12-10

申请号：US12134933

申请日：2008-06-06

Applicant: Alain C. Azagury ,  Murthy V. Devarakonda ,  Nikolai Joukov ,  Manoj Kumar ,  Konstantinos Magoutis ,  Birgit M. Pfitzmann ,  Norbert G. Vogl

Inventor： Alain C. Azagury ,  Murthy V. Devarakonda ,  Nikolai Joukov ,  Manoj Kumar ,  Konstantinos Magoutis ,  Birgit M. Pfitzmann ,  Norbert G. Vogl

IPC: G06F21/00

CPC classification number: G06F21/604 ,  G06F2221/2101

Abstract: A method, system, computer program product, and computer program storage device for transforming a high-level policy associated with a high layer to a low-level policy associated with a low layer. Mapping between high-level objects in a high layer and low-level objects in a low layer is derived by an automated discovery tool. The high-level policy is mapped to the low-level policy according to the mapping (e.g., by substituting the high-level objects with the low-level objects and by performing a syntax transformation). In one embodiment, a low-level policy is transformed to a high-level policy according to the mapping. As exemplary embodiments, policy transformations in traffic shaping and data retention are disclosed.

Abstract translation: 一种用于将与高层相关联的高级策略变换为与低层相关联的低级策略的方法，系统，计算机程序产品和计算机程序存储设备。 高层的高层对象与低层对象之间的映射是通过自动发现工具得出的。 高级策略根据映射映射到低级策略（例如，通过用低级对象替换高级对象，并通过执行语法转换）。 在一个实施例中，根据映射将低级策略转换为高级策略。 作为示例性实施例，公开了流量整形和数据保持中的策略转换。

公开(公告)号：US07240362B2

公开(公告)日：2007-07-03

申请号：US10638184

申请日：2003-08-08

Applicant: Birgit M. Pfitzmann ,  Michael Waidner

Inventor： Birgit M. Pfitzmann ,  Michael Waidner

IPC: H04L9/32

CPC classification number: H04L63/0815 ,  G06Q20/4014 ,  H04L63/1466 ,  H04L63/1483

Abstract: This invention provides identity-related information about a client application to an honest requesting entity, ensuring identity of client applications and preventing man-in-the-middle attacks. An example method comprises transferring identity-related information hosted on an identity provider about a client application to an honest requesting entity by: the client application receiving from a particular entity a request to forward an inner request comprising an identifier of the honest requesting entity to an identity provider selected by the client application; the client application forwards the inner request to the identity provider holding the identity-related information; the client application receives from the identity provider a response envelope instructing the client application to forward an inner response comprising the identity-related information requested in the inner request and the identifier; the client application derives an address of the honest requesting entity having the identifier; and the client application forwards the inner response to the derived address.

Abstract translation: 本发明提供关于客户端应用程序到诚实请求实体的身份相关信息，确保客户端应用程序的身份并防止中间人攻击。 示例性方法包括：通过以下方式将托管在身份提供商上的身份相关信息转移到诚实请求实体：客户端应用程序从特定实体接收将包含诚实请求实体的标识符的内部请求转发到 身份提供者由客户端应用程序选择; 客户应用程序将内部请求转发给持有身份相关信息的身份提供者; 客户端应用程序从身份提供者接收响应包络，指示客户端应用程序转发包含内部请求中请求的身份相关信息和标识符的内部响应; 客户端应用程序导出具有标识符的诚实请求实体的地址; 并且客户端应用程序将内部响应转发到派生地址。

公开(公告)号：US20120109844A1

公开(公告)日：2012-05-03

申请号：US12938776

申请日：2010-11-03

Applicant: Murthy Devarakonda ,  Nikolai A. Joukov ,  Birgit M. Pfitzmann ,  Lawrence H. Thompson

Inventor： Murthy Devarakonda ,  Nikolai A. Joukov ,  Birgit M. Pfitzmann ,  Lawrence H. Thompson

IPC: G06Q10/00

CPC classification number: G06Q10/00 ,  G06Q10/067

Abstract: A system and method for cost-based migration planning includes determining cost factors and constraints associated with at least one of migrating and transforming a plurality of components. A cost-based model is constructed using the cost factors and constraints. The cost-based model is applied to groupings of the plurality of components to provide a cost-based determination grouping scheme in accordance with the constraints. The grouping scheme is output to provide migration waves for migrating or transforming the plurality of components.

Abstract translation: 用于基于成本的迁移规划的系统和方法包括确定与迁移和变换多个组件中的至少一个相关联的成本因素和约束。 使用成本因素和约束构建基于成本的模型。 基于成本的模型被应用于多个组件的分组以根据约束提供基于成本的确定分组方案。 输出分组方案以提供用于迁移或变换多个组件的迁移波。