Patent application number | Description | Published |
20130117564 | MANAGING SECURITY FOR COMPUTER SERVICES - A system or computer usable program product for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key. | 05-09-2013 |
20130117567 | MANAGING SECURITY FOR COMPUTER SERVICES - A method for providing security for a business application including receiving a request from a server including a server public key and a security token, deploying a virtual node implementing the business application in response to the request, using the security token in a bootstrap process by the virtual node to provide authentication to the server, and authenticating a message from the server using a server public key. | 05-09-2013 |
20140337746 | DYNAMICALLY GROUPING MONITORED RESOURCES IN A CLOUD ENVIRONMENT TO COLLECTIONS REPRESENTING A COMPOSITE APPLICATION - Provided are techniques for grouping resources based upon ownership in a cloud environment into a collection representing a composite application corresponding to a particular user; automatically monitoring the resources across two or more virtual machines and two or more physical computing devices; and displaying the monitored resources in a graphical user interface (GUI) in a context associated with the composite application for managing the composite application and the resources, wherein the resources are provided as one or more of a platform as service (PaaS) environment and an infrastructure as Service (IaaS) environment. | 11-13-2014 |
20140337750 | DYNAMICALLY GROUPING MONITORED RESOURCES IN A CLOUD ENVIRONMENT TO COLLECTIONS REPRESENTING A COMPOSITE APPLICATION - Provided are techniques for grouping resources based upon ownership in a cloud environment into a collection representing a composite application corresponding to a particular user; automatically monitoring the resources across two or more virtual machines and two or more physical computing devices; and displaying the monitored resources in a graphical user interface (GUI) in a context associated with the composite application for managing the composite application and the resources, wherein the resources are provided as one or more of a platform as service (PaaS) environment and an infrastructure as Service (IaaS) environment. | 11-13-2014 |
Patent application number | Description | Published |
20080222697 | Application Server Object-level Security for Distributed Computing Domains - Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components. | 09-11-2008 |
20080320112 | Highly scalable and highly available cluster system management scheme - A cluster system is treated as a set of resource groups, each resource group including a highly available application and the resources upon which it depends. A resource group may have between 2 and M data processing systems, where M is small relative to the cluster size N of the total cluster. Configuration and status information for the resource group is fully replicated only on those data processing systems which are members of the resource group. A configuration object/database record for the resource group has an associated owner list identifying the data processing systems which are members of the resource group and which may therefore manage the application. A data processing system may belong to more than one resource group, however, and configuration and status information for the data processing system is replicated to each data processing system which could be affected by failure of the subject data processing system—that is, any data processing system which belongs to at least one resource group also containing the subject data processing system. The partial replication scheme of the present invention allows resource groups to run in parallel, reduces the cost of data replication and access, is highly scalable and applicable to very large clusters, and provides better performance after a catastrophe such as a network partition. | 12-25-2008 |
20080320113 | Highly Scalable and Highly Available Cluster System Management Scheme - A cluster system is treated as a set of resource groups, each resource group including a highly available application and the resources upon which it depends. A resource group may have between 2 and M data processing systems, where M is small relative to the cluster size N of the total cluster. Configuration and status information for the resource group is fully replicated only on those data processing systems which are members of the resource group. A configuration object/database record for the resource group has an associated owner list identifying the data processing systems which are members of the resource group and which may therefore manage the application. A data processing system may belong to more than one resource group, however, and configuration and status information for the data processing system is replicated to each data processing system which could be affected by failure of the subject data processing system—that is, any data processing system which belongs to at least one resource group also containing the subject data processing system. The partial replication scheme of the present invention allows resource groups to run in parallel, reduces the cost of data replication and access, is highly scalable and applicable to very large clusters, and provides better performance after a catastrophe such as a network partition. | 12-25-2008 |
20090138951 | Dynamic Cache Lookup Based on Dynamic Data - A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup | 05-28-2009 |
20090313470 | Using a Portable Computing Device as a Smart Key Device - A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system. | 12-17-2009 |
20090327763 | Method for Using a Compact Disk as a Smart Key Device - A data processing method accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit. | 12-31-2009 |
20140208119 | Controlling Exposure of Sensitive Data and Operation Using Process Bound Security Tokens in Cloud Computing Environment - Exposure of sensitive information to users is controlled using a first security token containing user identity and user credentials to represent the user who requests services, and a second security token containing two other identities, one identifying the token issuer and the other identifying the owning process. When requesting services, the token-owning process sends a security token to indicate who is making the request, and uses its key to digitally sign the request. The token-owning process signs the request to indicate that it endorses the request. A receiving server accepts a request if (1) the token-owning process endorses the request by signing the request; (2) the token is valid (token is signed by its issuer and the digital signature is verified and unexpired); (3) user entity, which can be a real user or a deployment or a server process, that is represented by the token has the authorization to access the specified resources; and (4) the token-owning process is authorized to endorse the user entity represented by the token to access the specified resources. | 07-24-2014 |
20140317716 | Extending infrastructure security to services in a cloud computing environment - A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration. | 10-23-2014 |
20150074395 | Establishing a Trust Relationship Between Two Product Systems - A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device. | 03-12-2015 |
Patent application number | Description | Published |
20110125635 | METHOD AND SYSTEM FOR MANAGING DISTRIBUTOR INFORMATION - An embodiment of the invention provides a system that enables financial services companies to manage and track information about a sales force. The system includes components for managing distributors information, for validating and tracking licenses and credentials, for creating customized contracts, and for maintaining compensation structures. The system allows for configuring compensations, providing financial services companies a toolkit for creating and modeling their complex commission schedules used to compensate their sales force. The system also provides modeling tools for agreements and contracts between a financial services company or provider and the distributors who sell products. The system has a multi-component architecture comprising multiple modules, multiple data processing engines, a backbone and multiple data sources. The processing modules carry out information processing using one or more data processing engines. The data processing provides the tools to fetch data from the databases and process it. | 05-26-2011 |
20110231197 | FRAMEWORK FOR PROCESSING SALES TRANSACTION DATA - A framework that enables financial services companies to manage and track information about a sales force is provided. The framework includes object models for managing distributors information, for validating and tracking licenses and credentials, for creating customized contracts, and for maintaining compensation structures. The framework allows for configuring compensations, providing financial services companies a toolkit for creating and modeling their complex commission schedules used to compensate their sales force. The framework also provides modeling tools for agreements and contracts between a financial services company or provider and the distributors who sell their products. The framework has a multi-component architecture comprising multiple modules, multiple data processing engines, a backbone and multiple data sources. The processing modules carry out information processing using one or more data processing engines. The data processing provides the tools to fetch data from the databases and process it. | 09-22-2011 |
20120130877 | Method And Apparatus For Processing Sales Transaction Data - A system provides a way to manage agreements that institutions such as financial services companies have with distributors who sell their products. Each distributor has a plurality of sales representatives that earn commissions for selling such products. The commissions earned and any other constraints imposed on the sales representatives may be defined within a selling agreement. The system can generate each selling agreement utilizing a set of components representative of the type of agreement formed between the institutions and the distributor. The components of each selling agreement contain an associated rule set that enables a configuration engine to generate an appropriate document. The system also contains a set of regulatory conditions for each sale made by the sales representatives. The system may be utilized to process sales transaction data to ensure that selling agreement terms are followed and that regulations for each sale are satisfied. | 05-24-2012 |
Patent application number | Description | Published |
20130150610 | PROCESS FOR MAKING NITRILES - A hydrocyanation reaction is used to react 1,3-butadiene with hydrogen cyanide in the presence of a catalyst to produce pentenenitriles, as well as reaction byproducts, such as methylglutaronitrile (MGN). The effluent from the hydrocyanation reaction is distilled in a particular manner to produce a pentenenitrile-enriched stream, a catalyst-enriched stream and a stream enriched in methylglutaronitrile (MGN). At least a portion of the catalyst enriched stream may be recycled to the hydrocyanation reaction. 3-pentenenitrile may be recovered and, optionally, further reacted with HCN to make adiponitrile (ADN). | 06-13-2013 |
20130211121 | PROCESS FOR MAKING NITRILES - Adiponitrile is made by reacting 3-pentenenitrile with hydrogen cyanide. The 3-pentenenitrile is made by reacting 1,3-butadiene with hydrogen cyanide. The catalyst for the reaction of 1,3-butadiene with hydrogen cyanide to make 3-pentenenitrile is recycled. At least a portion of the recycled catalyst is purified by an extraction process, which separates catalyst degradation products and reaction byproduct from the catalyst. | 08-15-2013 |
20130211122 | PROCESS FOR MAKING NITRILES - An improved multi-reaction zone process provides for improved nitrile product quality and yield. In a first reaction zone, 1,3-butadiene is reacted with hydrogen cyanide in the presence of a catalyst to produce pentenenitriles comprising 3-pentenenitrile and 2-methyl-3-butenenitrile. In a second reaction zone, 2-methyl-3-butenenitrile, recovered from the first reaction zone, is isomerized to 3-pentenenitrile. In an optional third reaction zone, 3-pentenenitrile recovered from the first and second reaction zones is reacted with hydrogen cyanide in the presence of a catalyst and a Lewis acid to produce adiponitrile. A portion of the first catalyst is purified and recycled. Zero valent nickel is added to the purified first catalyst before it is recycled. | 08-15-2013 |
20130211123 | PROCESS FOR MAKING NITRILES - Adiponitrile is made by reacting 3-pentenenitrile with hydrogen cyanide. The 3-pentenenitrile is made by reacting 1,3-butadiene with hydrogen cyanide. The catalyst for the reaction of 1,3-butadiene with hydrogen cyanide to make 3-pentenenitrile is recycled. At least a portion of the recycled catalyst is purified by an extraction process, which separates catalyst degradation products and reaction byproducts, such as mononitriles having 9 carbon atoms, from the catalyst. | 08-15-2013 |
20130211124 | PROCESS FOR MAKING NITRILES - Adiponitrile is made by reacting 3-pentenenitrile with hydrogen cyanide. The 3-pentenenitrile is made by reacting 1,3-butadiene with hydrogen cyanide and by isomerizing 2-methyl-3-butenenitrile. Phenolic compounds, such as phenol and cresols, are present as a catalyst impurity or as a catalyst degradation product. Phenolic compounds are removed during the nitrile manufacturing process. | 08-15-2013 |
20130211125 | PROCESS FOR MAKING NITRILES - Adiponitrile is made by reacting 3-pentenenitrile with hydrogen cyanide. The 3-pentenenitrile is made by reacting 1,3-butadiene with hydrogen cyanide. The 1,3-butadiene feed includes a small amount of tertiary-butylcatechol. The catalyst for the reaction of 1,3-butadiene with hydrogen cyanide to make 3-pentenenitrile is recycled. At least a portion of the recycled catalyst is purified by an extraction process. | 08-15-2013 |
20130211126 | PROCESS FOR MAKING NITRILES - Adiponitrile is made by reacting 3-pentenenitrile with hydrogen cyanide. The 3-pentenenitrile is made by reacting 1,3-butadiene with hydrogen cyanide and by isomerizing 2-methyl-3-butenenitrile. The reaction of 1,3-butadiene with hydrogen cyanide to produce 3-pentenenitrile also produces small amounts of dinitrile compounds, including adiponitrile (ADN) and methylglutaronitrile (MGN). Methylglutaronitrile is removed to provide an adiponitrile-enriched stream, which is used in a catalyst purification step. | 08-15-2013 |
20130211127 | PROCESS FOR MAKING NITRILES - An improved multi-reaction zone process provides improved nitrile product quality and yield. In a first reaction zone, 1,3-butadiene is reacted with hydrogen cyanide in the presence of a catalyst to produce pentenenitriles comprising 3-pentenenitrile and 2-methyl-3-butenenitrile. In a second reaction zone, 2-methyl-3-butenenitrile, recovered from the first reaction zone, is isomerized to 3-pentenenitrile. In a third reaction zone, 3-pentenenitrile recovered from the first and second reaction zones is reacted with hydrogen cyanide in the presence of a catalyst and a Lewis acid to produce adiponitrile. Unwanted production and build-up of dinitriles, including methylglutaronitrile, in the first reaction zone for the hydrocyanation of 1,3-butadiene is prevented by limiting the flow of Lewis acid into the first reaction zone. | 08-15-2013 |
20130267728 | PROCESS FOR MAKING NITRILES - Adiponitrile is made by reacting 3-pentenenitrile with hydrogen cyanide. The 3-pentenenitrile is made by reacting 1,3-butadiene with hydrogen cyanide and by isomerizing 2-methyl-3-butenenitrile. Both reactions take place in the presence of a catalyst comprising zero valent nickel and a phosphorus-containing ligand. The ligand is partially degraded by hydrolysis or oxidation. Phosphorus-containing ligand degradation products are removed during the production of 3-pentenenitrile and adiponitrile. | 10-10-2013 |