公开(公告)号：US09311495B2

公开(公告)日：2016-04-12

申请号：US12963967

申请日：2010-12-09

Applicant: Neil Ian Readshaw ,  Jayashree Ramanathan ,  Gavin George Bray

Inventor： Neil Ian Readshaw ,  Jayashree Ramanathan ,  Gavin George Bray

IPC: G06F21/60 ,  G06F21/55 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F21/55 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/104

Abstract: A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.

Abstract translation: 数据丢失防护（DLP）系统中的策略管理方法使用将用户与一个或多个DLP端点相关联的策略模型。 当将端点添加到系统时，将使用与端点关联的用户的身份以及该用户的角色或组列表来确定该端点的一组策略。 在策略分发时间，该方法确定策略分配到的一组端点。

公开(公告)号：US08631459B2

公开(公告)日：2014-01-14

申请号：US13366858

申请日：2012-02-06

Applicant: Christopher Young-Soo Choi ,  Neil Ian Readshaw

Inventor： Christopher Young-Soo Choi ,  Neil Ian Readshaw

IPC: G06F21/00

CPC classification number: G06F21/57

Abstract: A user provisioning system is extended to enable account reconciliation to occur in conjunction with a provisioning request. In response to a user provisioning request, a determination is made whether the user provisioning request is to be extended by including a reconciliation request. If so, the reconciliation request is piggy-backed on top of the provisioning request. This approach enables the reconciliation operation to be scoped to just the particular user account that is the subject to the provisioning operation, and it enables reconciliation to be carried out much more frequently as compared to the periodic, batch-oriented approach of prior techniques.

Abstract translation: 扩展用户配置系统以使帐户对帐与配置请求一起发生。 响应于用户供应请求，确定是否通过包括对帐请求来扩展用户供应请求。 如果是这样，则对帐请求在配置请求的基础上进行捎带。 这种方法使协调操作的范围仅限于与供应操作相关的特定用户帐户，并且与现有技术的周期性，批量定向方法相比，可以更频繁地执行对帐。

公开(公告)号：US20130179936A1

公开(公告)日：2013-07-11

申请号：US13345991

申请日：2012-01-09

Applicant: Christopher Young-Soo Choi ,  Neil Ian Readshaw

Inventor： Christopher Young-Soo Choi ,  Neil Ian Readshaw

IPC: G06F21/00

CPC classification number: G06Q10/10 ,  G06F21/552 ,  G06F21/57 ,  G06Q10/04

Abstract: A security analytics system receives incident data (from an incident management system) and security policy information (from a security policy management system). The security analytics system evaluates these data sets against one another, preferably using a rules-based analysis engine. As a result, the security analytics system determines whether a particular security policy configuration (as established by the security policy management system) needs to be (or should be) changed, e.g., to reduce the number of incidents caused by a misconfiguration, to increase its effectiveness in some manner, or the like. As a result of the evaluation, the security analytics system may cause a policy to be updated automatically, notify an administrator of the need for the change (and the recommendation), or take some other action to evolve one or more security policies being enforced by the security policy management system.

Abstract translation: 安全分析系统从事件管理系统接收事件数据和安全策略信息（来自安全策略管理系统）。 安全分析系统相互评估这些数据集，优选地使用基于规则的分析引擎。 因此，安全分析系统确定是否需要（或应该）改变特定的安全策略配置（由安全策略管理系统建立），例如，减少错误配置引起的事件数量，以增加 其有效性等。 作为评估的结果，安全分析系统可能导致自动更新策略，通知管理员需要进行更改（和建议），或采取其他措施来演变一个或多个安全策略，该安全策略将由 安全策略管理系统。

公开(公告)号：US20090313374A1

公开(公告)日：2009-12-17

申请号：US12138152

申请日：2008-06-12

Applicant: Grant Charles Murphy ,  Neil Ian Readshaw

Inventor： Grant Charles Murphy ,  Neil Ian Readshaw

IPC: G06F15/173

CPC classification number: H04L67/2847 ,  G06Q40/12 ,  H04L67/22 ,  H04L67/2819 ,  H04L67/2857 ,  H04L67/2895

Abstract: In accordance with an illustrative embodiment of the present invention, a computer implemented method for dynamic management of resource utilization is provided. The computer implemented method monitors data flows of a reverse proxy web server, and determines whether a resource utilization of the reverse proxy web server exceeds a first threshold. The computer implemented method further, responsive to a determination that the resource utilization does not exceed a first threshold, determines whether the resource utilization exceeds a second threshold, responsive to a determination that the resource utilization does exceed a second threshold, filters pre-fetch directives inversely by frequency.

Abstract translation: 根据本发明的说明性实施例，提供了一种用于资源利用的动态管理的计算机实现方法。 计算机实现的方法监视反向代理web服务器的数据流，并且确定反向代理web服务器的资源利用率是否超过第一阈值。 计算机实现的方法还响应于资源利用率不超过第一阈值的确定，响应于资源利用率超过第二阈值的确定，确定资源利用是否超过第二阈值，过滤预取指令 按频率倒数

公开(公告)号：US09172694B2

公开(公告)日：2015-10-27

申请号：US13477052

申请日：2012-05-22

Applicant: Simon Gilbert Canning ,  Neil Ian Readshaw ,  Stephen Viselli ,  Shane Bradley Weeden

Inventor： Simon Gilbert Canning ,  Neil Ian Readshaw ,  Stephen Viselli ,  Shane Bradley Weeden

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/335

Abstract: An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor.

Abstract translation: 提供了一种访问遗留系统资源的方法。 在这种方法中，发往遗留系统的资源请求正在从请求者接收资源请求，包括访问令牌，并且代表资源所有者。 对访问令牌执行验证过程。 如果访问令牌有效，则该方法识别资源所有者和用于访问遗留系统的一个或多个传统访问令牌。 新请求形成另一个请求，包括遗留访问令牌。 新的请求被传送到遗留系统，并从遗留系统接收回应。 从传统系统接收的响应被传送回请求者。

公开(公告)号：US08701163B2

公开(公告)日：2014-04-15

申请号：US13152943

申请日：2011-06-03

Applicant: Christopher John Hockings ,  Simon Gilbert Canning ,  Scott Anthony Exton ,  Neil Ian Readshaw

Inventor： Christopher John Hockings ,  Simon Gilbert Canning ,  Scott Anthony Exton ,  Neil Ian Readshaw

IPC: G06F21/00

CPC classification number: G06F21/6218 ,  G06F2221/2141

Abstract: An authorization method is implemented in an authorization engine external to an authorization server. The authorization server includes a cache. The external authorization engine comprises an authorization decision engine, and a policy analytics engine. The method begins when the authorization decision engine receives a request for an authorization decision. The request is generated (at the authorization server) following receipt of a client request for which an authorization decision is not then available at the server. The authorization decision engine determines an authorization policy to apply to the client request, applies the policy, and generates an authorization decision. The authorization decision is then provided to the policy analytics engine, which stores previously-generated potential cache directives that may be applied to the authorization decision. Preferably, the cache directives are generated in an off-line manner (e.g., during initialization) by examining each security policy and extracting one or more cache dimensions associated with each such policy. The policy analytics engine determines an applicable cache directive, and the decision is augmented to include that cache directive. The decision (including the cache directive) is then returned to the authorization server, where the decision is applied to process the client request. The cache directive is then cached for re-use at the authorization server.

Abstract translation: 在授权服务器外部的授权引擎中实现授权方法。 授权服务器包括缓存。 外部授权引擎包括授权决策引擎和策略分析引擎。 当授权决策引擎接收到授权决定的请求时，该方法开始。 在接收到客户端请求之后（在授权服务器）生成该请求，在该请求中，服务器当前不具有授权决定。 授权决策引擎确定应用于客户端请求的授权策略，应用策略，并生成授权决策。 然后将授权决定提供给策略分析引擎，策略分析引擎存储先前生成的可能应用于授权决策的潜在缓存指令。 优选地，通过检查每个安全策略并提取与每个这样的策略相关联的一个或多个高速缓存维度，以离线方式（例如，在初始化期间）生成高速缓存指令。 策略分析引擎确定适用的缓存指令，并且扩展该决定以包括该缓存指令。 然后将决定（包括缓存指令）返回给授权服务器，在该服务器中应用该决定来处理客户端请求。 然后高速缓存指令被缓存以在授权服务器上重新使用。

公开(公告)号：US20130254121A1

公开(公告)日：2013-09-26

申请号：US13426735

申请日：2012-03-22

Applicant: Christopher John Hockings ,  Neil Ian Readshaw

Inventor： Christopher John Hockings ,  Neil Ian Readshaw

IPC: G06Q10/00 ,  G06F15/173

CPC classification number: G06F8/70 ,  G06F11/3409 ,  G06F11/3466 ,  G06F11/3476 ,  G06F2201/81 ,  G06F2201/865 ,  G06F2201/88

Abstract: An approach is provided to gather items of usage data that pertain a number of instrumented software modules that are included in a software offering. The usage data is gathered from a number of customer installations of the software offering. Usage statistics are computed for the software modules and are used to determine support levels for the instrumented software modules. In another aspect, an approach is provided that detects execution of the software modules included in a software offering. Usage statistics are recorded in a local data store. One of the usage statistics is a module identifier that the software module that was executed. In addition, the usage statistics track the number of times each of the software modules was executed. The usage statistics are periodically transmitting a computer network to a software provider that develops and maintains the software offering.

Abstract translation: 提供了一种方法来收集涉及软件产品中包含的许多仪器化软件模块的使用数据项目。 使用数据是从许多客户安装的软件产品中收集的。 计算软件模块的使用统计数据，并用于确定仪器化软件模块的支持级别。 另一方面，提供一种检测软件产品中包含的软件模块的执行的方法。 使用统计信息记录在本地数据存储中。 其中一个使用统计信息是执行的软件模块的模块标识符。 此外，使用统计信息跟踪每个软件模块执行的次数。 使用统计信息周期性地将计算机网络发送到开发和维护软件产品的软件提供商。

公开(公告)号：US20130055337A1

公开(公告)日：2013-02-28

申请号：US13216309

申请日：2011-08-24

Applicant: Christopher Young-Soo Choi ,  Neil Ian Readshaw

Inventor： Christopher Young-Soo Choi ,  Neil Ian Readshaw

IPC: G06F21/00

CPC classification number: G06F21/577

Abstract: A security policy management solution (such as a Data Loss Prevention (DLP) system) is augmented to enable a user to model and visualize how changes in a security policy may impact (positively or negatively) the effectiveness of a policy configuration as well as the risk associated with its deployment. This technique enables a user (e.g., a security policy administrator) to evolve enterprise information technology (IT) security policies and, in particular, to generate and display “what-if” scenarios by which the user can determine trade-offs between, on the one hand, the effectiveness of a proposed change to a policy, and on the other hand, the risk associated with the proposed change.

公开(公告)号：US20110213852A1

公开(公告)日：2011-09-01

申请号：US13104108

申请日：2011-05-10

Applicant: Zoran Radenkovic ,  Neil Ian Readshaw

Inventor： Zoran Radenkovic ,  Neil Ian Readshaw

IPC: G06F15/16

CPC classification number: H04L51/16 ,  G06Q10/107 ,  H04L51/02 ,  H04L51/12 ,  H04L51/22 ,  H04L51/28

Abstract: A method for automatically removing a user from an e-mail thread is provided. An e-mail client receives a reply e-mail message. Responsive to a determination that the reply e-mail message is a message to opt-out of an e-mail thread, the e-mail address of a sender of the reply e-mail message is associated with the e-mail thread to form a listed e-mail address. The listed e-mail address is stored. When a new e-mail message is generated that is part of the e-mail thread, the listed e-mail address is automatically excluded from a list of recipients of the new e-mail.

Abstract translation: 提供了一种用于从电子邮件线程自动删除用户的方法。 电子邮件客户端收到回复电子邮件。 响应于确定回复电子邮件消息是选择退出电子邮件线程的消息，回复电子邮件消息的发件人的电子邮件地址与电子邮件线程相关联以形成 一个列出的电子邮件地址。 列出的电子邮件地址被存储。 当生成作为电子邮件线程的一部分的新电子邮件消息时，列出的电子邮件地址将自动从新电子邮件的收件人列表中排除。

公开(公告)号：US07941538B2

公开(公告)日：2011-05-10

申请号：US12138152

申请日：2008-06-12

Applicant: Grant Charles Murphy ,  Neil Ian Readshaw

Inventor： Grant Charles Murphy ,  Neil Ian Readshaw

IPC: G06F15/173

CPC classification number: H04L67/2847 ,  G06Q40/12 ,  H04L67/22 ,  H04L67/2819 ,  H04L67/2857 ,  H04L67/2895

Abstract: In accordance with an illustrative embodiment of the present invention, a computer implemented method for dynamic management of resource utilization is provided. The computer implemented method monitors data flows of a reverse proxy web server, and determines whether a resource utilization of the reverse proxy web server exceeds a first threshold. The computer implemented method further, responsive to a determination that the resource utilization does not exceed a first threshold, determines whether the resource utilization exceeds a second threshold, responsive to a determination that the resource utilization does exceed a second threshold, filters pre-fetch directives inversely by frequency.

Abstract translation: 根据本发明的说明性实施例，提供了一种用于资源利用的动态管理的计算机实现方法。 计算机实现的方法监视反向代理web服务器的数据流，并且确定反向代理web服务器的资源利用率是否超过第一阈值。 计算机实现的方法还响应于资源利用率不超过第一阈值的确定，响应于资源利用率超过第二阈值的确定，确定资源利用是否超过第二阈值，过滤预取指令 按频率倒数