公开(公告)号：WO2004027612A2

公开(公告)日：2004-04-01

申请号：PCT/GB0304063

申请日：2003-09-19

Applicant: IBM ,  IBM UK

Inventor： BIRK PETER ,  CHAO CHING-YUN ,  CHUNG HYEN ,  MASON CARLTON ,  REDDY AJAYKUMAR ,  VENKATARAMAPPA VISHWANATH

IPC: G06F9/46 ,  G06F21/00 ,  H04L9/00

CPC classification number: G06F21/31

Abstract: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.

Abstract translation: 应用程序服务器上的对象可以定义为接收不同级别安全保护的类，例如用户对象和管理对象的定义。 可以对管理对象实施域范围的安全性，可以为域中的每个应用程序服务器单独配置用户对象安全性。 在CORBA体系结构中，在IOR创建和导出到名称服务器期间，为管理对象等整个域范围内的受保护共享对象（例如管理对象）提供IOR。 稍后，当IOR被客户端使用时，客户端根据标记的组件调用必要的安全措施，例如验证，授权和传输保护。

公开(公告)号：JP2005056424A

公开(公告)日：2005-03-03

申请号：JP2004228691

申请日：2004-08-04

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： PEREPA BHARGAV V ,  PEREPA SUJATHA ,  VENKATARAMAPPA VISHWANATH

IPC: G06F13/00 ,  G06F15/173 ,  G06Q10/00 ,  H04L12/58

CPC classification number: G06Q10/107 ,  G06Q30/0255

Abstract: PROBLEM TO BE SOLVED: To provide a method and system for delivering e-mails to addressees at almost the same time. SOLUTION: The method of delivering time sensitive e-mail includes the following steps of: creating an e-mail message for time-sensitive delivery to a multiplicity of addressees' mailboxes on e-mail servers; inserting in the e-mail message a data element identifying the message as a message for time-sensitive delivery; assigning delivery time constraints to the message; delivering the message, in accordance with the time constraints and for temporary storage outside the mailboxes, to e-mail servers having addressees' mailboxes; and instructing the servers to place the message in all addressees' mailboxes at approximately the same time. COPYRIGHT: (C)2005,JPO&NCIPI

Abstract translation: 要解决的问题：提供几乎在同一时间向收件人递送电子邮件的方法和系统。 解决方案：提供时间敏感的电子邮件的方法包括以下步骤：创建一个电子邮件消息，以便对电子邮件服务器上的多个收件人的邮箱进行时间敏感的传送; 在所述电子邮件消息中插入将所述消息标识为用于时间敏感传送的消息的数据元素; 为消息分配传递时间约束; 根据时间限制和邮箱外的临时存储将消息传递给具有收件人邮箱的电子邮件服务器; 并指示服务器大致在同一时间将邮件放在所有收件人的邮箱中。 版权所有（C）2005，JPO＆NCIPI

公开(公告)号：GB2506564B

公开(公告)日：2015-09-23

申请号：GB201401348

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  BENANTAR MESSAOUD ,  CHANG JOHN YOW-CHUN ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/78 ,  H04L12/24

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

公开(公告)号：AT441150T

公开(公告)日：2009-09-15

申请号：AT03750943

申请日：2003-09-19

Applicant: IBM

Inventor： BIRK PETER ,  CHAO CHING-YUN ,  CHUNG HYEN ,  MASON CARLTON ,  REDDY AJAYKUMAR ,  VENKATARAMAPPA VISHWANATH

IPC: G06F9/46 ,  G06F21/00 ,  H04L9/00

Abstract: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

公开(公告)号：GB2319865B

公开(公告)日：2001-06-06

申请号：GB9720316

申请日：1997-09-25

Applicant: IBM

Inventor： GOYAL PRABHAKAR ,  HARISH GRAMA KASTURI ,  HEATH JAMES DARRELL ,  JAGANNADHAN CHAKRAVARTHY ,  VENKATARAMAPPA VISHWANATH

IPC: G06F9/318 ,  G06F9/38 ,  G06F12/08 ,  G06F9/30

Abstract: A system and method for compressing portions of the operating system in a ROM image and for executing the system from the compressed image. Compression is used to reduce the size of the ROM image to reduce component cost. Low use segments are compressed. The operating system is initialized into a virtual address space with entries only for the uncompressed segments. Attempts to execute a compressed segment result in a page fault. The page fault handler determines that the segment is compressed, allocates a new page and decompresses the page into RAM for execution. The RAM copy of the segment is used for execution until the page is reused for another purpose. Later execution causes a new page fault and reallocation. A memory object reference is created for components of the image; a virtual memory page reference is then made for each component not in a compressed form; instructions are then executed by reference to the image; a page fault is detected when attempting to execute an instruction in a component not having a page table reference; a compressed image is then decompressed into the random access memory in response to the page fault.

公开(公告)号：GB2506564A

公开(公告)日：2014-04-02

申请号：GB201401348

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  BENANTAR MESSAOUD ,  CHANG JOHN YOW-CHUN ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  G06F21/62 ,  G06F21/78 ,  H04L12/24

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

公开(公告)号：DE60329002D1

公开(公告)日：2009-10-08

申请号：DE60329002

申请日：2003-09-19

Applicant: IBM

Inventor： BIRK PETER ,  CHAO CHING-YUN ,  CHUNG HYEN ,  MASON CARLTON ,  REDDY AJAYKUMAR ,  VENKATARAMAPPA VISHWANATH

IPC: G06F9/46 ,  G06F21/00 ,  H04L9/00

Abstract: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

公开(公告)号：DE112012002741T5

公开(公告)日：2014-03-13

申请号：DE112012002741

申请日：2012-06-26

Applicant: IBM

Inventor： CHANG DAVID YU ,  CHANG JOHN YOW-CHUN ,  BENANTAR MESSAOUD ,  VENKATARAMAPPA VISHWANATH

IPC: H04L9/32 ,  H04L12/24

Abstract: Ein Plug-In-Modell zur Identitäts- und Berechtigungsprüfung für eine Cloud-Datenverarbeitungsumgebung ermöglicht Cloud-Kunden, die Kontrolle über ihre Unternehmensdaten zu behalten, wenn ihre Anwendungen in der Cloud bereitgestellt werden. Der Cloud-Dienstanbieter stellt eine einbindbare Schnittstelle für Kundensicherheitsmodule bereit. Wenn ein Kunde eine Anwendung bereitstellt, ordnet der Cloud-Umgebungsadministrator der Anwendung und den Daten des Kunden eine Ressourcengruppe zu (z. B. Prozessoren, Speicher und Arbeitsspeicher). Der Kunde registriert sein eigenes Sicherheitsmodul zur Identitäts- und Berechtigungsprüfung bei dem Cloud-Sicherheitsdienst, und anhand dieses Sicherheitsmoduls wird dann kontrolliert, welche Personen oder Einheiten auf Daten zugreifen können, die der bereitgestellten Anwendung zugehörig sind. Der Cloud-Umgebungsadministrator ist jedoch typischerweise nicht (als zugelassener Benutzer) bei dem Sicherheitsmodul des Kunden registriert; somit ist der Cloud-Umgebungsadministrator nicht in der Lage, auf die dem Cloud-Kunden zugewiesenen Ressourcen (obwohl er diese Ressourcen selbst zugewiesen hat) oder die zugehörigen Geschäftsdaten zuzugreifen (bzw. sie für andere oder für den allgemeinen Ressourcen-Pool der Cloud freizugeben). Um die Rechte der verschiedenen Parteien des Weiteren auszutarieren, schützt ein Drittanbieter-Notardienst die Vertraulichkeit und das Zugriffsrecht des Kunden, wenn seine Anwendung und seine Daten in der Cloud bereitgestellt werden.

公开(公告)号：AU2003269163A1

公开(公告)日：2004-04-08

申请号：AU2003269163

申请日：2003-09-19

Applicant: IBM

Inventor： CHAO CHING-YUN ,  CHUNG HYEN ,  MASON CARLTON ,  REDDY AJAYKUMAR ,  VENKATARAMAPPA VISHWANATH ,  BIRK PETER

IPC: G06F9/46 ,  G06F21/00 ,  H04L9/00

Abstract: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.

公开(公告)号：GB2319865A

公开(公告)日：1998-06-03

申请号：GB9720316

申请日：1997-09-25

Applicant: IBM

Inventor： GOYAL PRABHAKAR ,  HARISH GRAMA KASTURI ,  HEATH JAMES DARRELL ,  JAGANNADHAN CHAKRAVARTHY ,  VENKATARAMAPPA VISHWANATH

IPC: G06F9/318 ,  G06F9/38 ,  G06F12/08 ,  G06F9/30 ,  G06F9/445

Abstract: In an embedded microprocessor based computer system, compressed portions of a ROM image are decompressed only when accessed. A ROM image is built such that low use segments of the operating system are compressed (figs. 3 and 4). The operating system is initialised into a virtual address space with page table entries only for the uncompressed segments (figs. 6-8). An attempt to execute a compressed segment, 902, results in a page fault, 908. A page fault handler determines that the segment is compressed, 912, allocates a new page and decompresses the page into RAM 916, 918 for execution 906. The RAM copy of the segment is used for execution until the page is reused for another purpose, whereby later execution will cause a new page fault and reallocation. Compression reduces the size of the ROM image and since the entire image does not need to be expanded into RAM for execution, the overall component cost is reduced.