公开(公告)号：GB2308688A

公开(公告)日：1997-07-02

申请号：GB9624244

申请日：1996-11-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  BLAKELEY III GEORGE ROBERT ,  COPELAND GEORGE PRENTICE ,  NADALIN ANTHONY J

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/42 ,  G06F9/44 ,  G06F9/46 ,  G06F21/00 ,  G06F21/24

公开(公告)号：GB2506564B

公开(公告)日：2015-09-23

申请号：GB201401348

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  BENANTAR MESSAOUD ,  CHANG JOHN YOW-CHUN ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/78 ,  H04L12/24

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

公开(公告)号：GB2308688B

公开(公告)日：1999-11-10

申请号：GB9624244

申请日：1996-11-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  BLAKELEY III GEORGE ROBERT ,  COPELAND GEORGE PRENTICE ,  NADALIN ANTHONY J

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/42 ,  G06F9/44 ,  G06F9/46 ,  G06F21/00 ,  G06F21/24

公开(公告)号：DE112012002741T5

公开(公告)日：2014-03-13

申请号：DE112012002741

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  CHANG JOHN YOW-CHUN ,  BENANTAR MESSAOUD ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  H04L12/24

Abstract: Ein Plug-In-Modell zur Identitäts- und Berechtigungsprüfung für eine Cloud-Datenverarbeitungsumgebung ermöglicht Cloud-Kunden, die Kontrolle über ihre Unternehmensdaten zu behalten, wenn ihre Anwendungen in der Cloud bereitgestellt werden. Der Cloud-Dienstanbieter stellt eine einbindbare Schnittstelle für Kundensicherheitsmodule bereit. Wenn ein Kunde eine Anwendung bereitstellt, ordnet der Cloud-Umgebungsadministrator der Anwendung und den Daten des Kunden eine Ressourcengruppe zu (z. B. Prozessoren, Speicher und Arbeitsspeicher). Der Kunde registriert sein eigenes Sicherheitsmodul zur Identitäts- und Berechtigungsprüfung bei dem Cloud-Sicherheitsdienst, und anhand dieses Sicherheitsmoduls wird dann kontrolliert, welche Personen oder Einheiten auf Daten zugreifen können, die der bereitgestellten Anwendung zugehörig sind. Der Cloud-Umgebungsadministrator ist jedoch typischerweise nicht (als zugelassener Benutzer) bei dem Sicherheitsmodul des Kunden registriert; somit ist der Cloud-Umgebungsadministrator nicht in der Lage, auf die dem Cloud-Kunden zugewiesenen Ressourcen (obwohl er diese Ressourcen selbst zugewiesen hat) oder die zugehörigen Geschäftsdaten zuzugreifen (bzw. sie für andere oder für den allgemeinen Ressourcen-Pool der Cloud freizugeben). Um die Rechte der verschiedenen Parteien des Weiteren auszutarieren, schützt ein Drittanbieter-Notardienst die Vertraulichkeit und das Zugriffsrecht des Kunden, wenn seine Anwendung und seine Daten in der Cloud bereitgestellt werden.

公开(公告)号：DE602005003631D1

公开(公告)日：2008-01-17

申请号：DE602005003631

申请日：2005-10-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  GINDIN THOMAS ,  SWEENY JAMES

IPC: G06F21/00 ,  H04L29/06

Abstract: A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.

公开(公告)号：MY121581A

公开(公告)日：2006-02-28

申请号：MYPI9605519

申请日：1996-12-27

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  BLAKLEY GEORGE ROBERT III ,  COPELAND GEORGE P ,  NADALIN ANTHONY J

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/42 ,  G06F9/44 ,  G06F9/46 ,  G06F21/00 ,  G06F21/24

Abstract: A SYSTEM, METHOD AND ARTICLE OF MANUFACTURE FOR CONTROLLING ACCESS TO OBJECTS IN AN INFORMATION HANDLING SYSTEM EMPLOYING OBJECT ORIENTED TECHNOLOGY, INCLUDES ONE OR MORE PROCESSORS , A MEMORY SYSTEM, ONE OR MORE I/O CONTROLLERS EACH CONTROLLING ONE OR MORE I/O DEVICES, A BUS CONNECTING THE PROCESSORS, THE MEMORY SYSTEM AND THE I/O CONTROLLERS, AN OPERATING SYSTEM CONTROLLING OPERATION OF THE PROCESSORS, THE MEMORY SYSTEM AND THE I/O CONTROLLERS, AND AN OBJECT ORIENTED CONTROL MEANS WHICH INCLUDES A BEFOREAFTER METACLASS HAVING A CONTROL ELEMENT WHICH IS USED TO CONTROL ACCESS TO OBJECTS. A SECURE METACLASS IS DEFINED TO BE A SUBCLASS OF THE BEFOREAFTER METACLASS. THE SECURE METACLASS OVERRIDES THE BEFORE METHOD TO PERFORM AUTHORIZATION CHECKING PRIOR TO METHOD DISPATCHING.

公开(公告)号：GB2506564A

公开(公告)日：2014-04-02

申请号：GB201401348

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  BENANTAR MESSAOUD ,  CHANG JOHN YOW-CHUN ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/78 ,  H04L12/24

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

公开(公告)号：DE602005003631T2

公开(公告)日：2008-11-13

申请号：DE602005003631

申请日：2005-10-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  GINDIN THOMAS ,  SWEENY JAMES

IPC: G06F21/00 ,  H04L29/06

Abstract: A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.

公开(公告)号：AT380370T

公开(公告)日：2007-12-15

申请号：AT05109836

申请日：2005-10-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  GINDIN THOMAS ,  SWEENY JAMES

IPC: G06F21/00 ,  H04L29/06

Abstract: A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.