-
公开(公告)号:GB2501436A
公开(公告)日:2013-10-23
申请号:GB201314044
申请日:2012-01-12
Applicant: IBM
Inventor: HINTON HEATHER MARIA , COHEN RICHARD JAY
IPC: G06F17/30
Abstract: A cloud enablement aggregation proxy (CEAP) receives and processes audit data from audited resources before such data is stored in a database. The CEAP manages log data for resources hosted in a multi-tenant shared pool of configurable computing resources. A method for managing log data begins by the proxy aggregating and normalizing log information received from various resources. The aggregated and normalized log information is parsed to identify a tenant associated with each of a set of transactions. For each set of transactions, the CEAP annotates log data associated with the tenant and the particular transaction to include a tenant-specific identifier. An optional tenant separation proxy separates the annotated log data on a per tenant basis prior to storage, and the tenant- specific log data may be stored in per tenant data structures or dedicated tenant log event databases to facilitate subsequent compliance or other analysis.
-
公开(公告)号:DE112011101729T5
公开(公告)日:2013-05-02
申请号:DE112011101729
申请日:2011-06-30
Applicant: IBM
Inventor: HINTON HEATHER MARIA , BADE STEVEN , LINTON JEB , RODRIGUEZ PETER
Abstract: Ein Verfahren zum Ermöglichen des Zugriffs auf Ressourcen, die in einer Datenverarbeitungs-Cloud per Hosting zur Verfügung gestellt werden, beginnt nach dem Empfangen einer Registrierungsanforderung zum Einleiten der Registrierung eines Benutzers, um in der Datenverarbeitungs-Cloud per Hosting zur Verfügung gestellte Ressourcen zu verwenden. Während eines durch das Empfangen der Registrierungsanfrage eingeleiteten Registrierungsprozesses wird eine Anforderung über ein föderiertes Single-Sign-on (F-SSO) empfangen. Die F-SSO-Anforderung enthält eine Zusicherung (z. B. eine auf HTTP beruhende SAML-Zusicherung) mit Authentifizierungsdaten (z. B. einem öffentlichen SSH-Schlüssel, einem CIFS-Benutzernamen usw.) zur Verwendung zum Ermöglichen eines direkten Benutzerzugriffs auf eine in der Datenverarbeitungs-Cloud per Hosting zur Verfügung gestellte Ressource. Nach der Gültigkeitsprüfung der Zusicherung werden die Authentifizierungsdaten innerhalb der Cloud eingesetzt, um unter Verwendung der Authentifizierungsdaten einen direkten Benutzerzugriff auf die Ressource in der Datenverarbeitungs-Cloud zu ermöglichen.
-
公开(公告)号:DE602005003314T2
公开(公告)日:2008-09-04
申请号:DE602005003314
申请日:2005-12-15
Applicant: IBM
Inventor: FALOLA DOLAPO MARTIN , HINTON HEATHER MARIA , MILMAN IVAN MATTHEW , MORAN ANTHONY SCOTT , WARDROP PATRICK RYAN
Abstract: The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requestors is configured prior to initialization of the runtimes. Configuration data is structured into global specified data, federation relationship data and requestor specific data to minimize data change, making the addition or deletion of requestors very scalable.
-
公开(公告)号:DE60130037T2
公开(公告)日:2008-05-08
申请号:DE60130037
申请日:2001-10-25
Applicant: IBM
Inventor: HINTON HEATHER MARIA , WINTERS DAVID JOHN
Abstract: A method, system, or computer program product is presented for cross-domain, single-sign-on, authentication functionality. The methodology uses an introductory authentication token to introduce an already authenticated user from one domain to a new domain. This token is passed from one domain to the other domain using HTTP-redirection. This token is protected by encryption with a cryptographic key shared only between the two domain in a secure manner such that an external user cannot generate a counterfeit introductory token. An introductory token is further protected by enabling it with a limited lifetime so that an unauthorized user would not be able to use or reuse the introductory token within the token s lifetime. After a user has been introduced to a new security domain, then all of the user's resource requests are authorized by the new domain.
-
公开(公告)号:BR0312228A
公开(公告)日:2005-04-12
申请号:BR0312228
申请日:2003-06-24
Applicant: IBM
Inventor: HINTON HEATHER MARIA
Abstract: A method, system, or computer program product is presented for cross-domain, single-sign-on, authentication functionality. A user may contract with one or more authentication service providers (ANSPs). E-commerce service providers (ECSPs), such as online banks or online merchants, also maintain a relationship with an ANSP such that the ECSP can trust the authenticated identity of a user that is vouched-for by the ANSP on behalf of the user. The user can visit any e-commerce service provider in a federated environment without having to establish an a priori relationship with that particular ECSP. As long as the ECSP's domain has a relationship with at least one of the user's authentication service providers, then the user will be able to have a single-sign-on experience at that ECSP.
-
Patent Agency Ranking
公开(公告)号:AU2003288465A1
公开(公告)日:2004-07-22
申请号:AU2003288465
申请日:2003-12-12
Applicant: IBM
Abstract: A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.
-
27.发明专利
公开(公告)号:CA2672702C
公开(公告)日:2017-04-11
申请号:CA2672702
申请日:2008-05-08
Applicant: IBM
Inventor: ANGWIN ALASTAIR JOHN , HINTON HEATHER MARIA , POZEFSKY MARK
IPC: H04L29/06
Abstract: A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an "enriched" identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator (or an entity authorized thereby). When the mobile device user roams into a foreign network, that network receives the enriched identifier in lieu of an MSISDN. The foreign network uses the first part to identify the mobile device user's home network, e.g., to determine whether to permit the requested access (or to provide some other value-added service). The foreign network, however, cannot decode the second part; thus, the mobile device's identity (as well as the identity of the mobile device user) remains obscured. This ensures that the user's privacy is maintained, while preventing third parties from building a profile of the device based on the requests that include the MSISDN or similar identifier.
-
28.发明专利
公开(公告)号:BRPI0810927A2
公开(公告)日:2016-05-17
申请号:BRPI0810927
申请日:2008-05-08
Applicant: IBM
Inventor: ANGWIN ALASTAIR JOHN , HINTON HEATHER MARIA , POZEFSKY MARK
IPC: H04L29/06
-
公开(公告)号:IN4692CHN2014A
公开(公告)日:2015-09-18
申请号:IN4692CHN2014
申请日:2014-06-20
Applicant: IBM
Inventor: HINTON HEATHER MARIA , MCCARTY RICHARD JAMES , LOONEY CLIFTON
IPC: G06F17/00
Abstract: A proxy is integrated within an F SSO environment and interacts with an external identity provider (IdP) instance discovery service. The proxy proxies IdP instance requests to the discovery service and receives responses that include the IdP instance assignments. The proxy maintains a cache of the instance assignment(s). As new instance requests are received the cached assignment data is used to provide appropriate responses in lieu of proxying these requests to the discovery service thereby reducing the time needed to identify the required IdP instance. The proxy dynamically maintains and manages its cache by subscribing to updates from the discovery service. The updates identify IdP instance changes (such as servers being taken offline for maintenance new services being added etc.) occurring within the set of geographically distributed instances that comprise the IdP service. The updates are provided via a publication subscription model such that the proxy receives change notifications proactively.
-
公开(公告)号:GB2494834B
公开(公告)日:2014-09-03
申请号:GB201300412
申请日:2011-06-30
Applicant: IBM
Inventor: HINTON HEATHER MARIA , BADE STEVEN , LINTON JEB , RODRIGUEZ PETER
-
-
-
-
-
-
-
-
-
Search Results
34
records
(took 0.018 seconds)
