Patent application number | Description | Published |
20140074973 | SYSTEM AND METHOD FOR ORCHESTRATION OF SERVICES FOR USE WITH A CLOUD COMPUTING ENVIRONMENT - A system and method for orchestration of services for use with a cloud computing environment. In accordance with an embodiment, a cloud platform enables provisioning of enterprise software applications within a cloud environment, including packaging enterprise applications as service definition packages (SDP), and instantiating the services using service management engines (SME). In an embodiment, an orchestration engine communicates with a plurality of SMEs to control the flow of service creation, provider dependency resolution, association of services and providers, and the life-cycle management of services within the cloud platform. | 03-13-2014 |
20140075019 | SYSTEM AND METHOD FOR PROVIDING A SERVICE MANAGEMENT ENGINE FOR USE WITH A CLOUD COMPUTING ENVIRONMENT - A system and method for providing a service management engine for use with a cloud computing environment. In accordance with an embodiment, enterprise software applications (e.g., Fusion Middleware applications) can be instantiated as services within a cloud platform, where they are then made accessible by other (e.g., customer) applications. In an embodiment, a service management engine (SME), in communication with an orchestration engine, can be used to provision services as one or more different service types, according to a service definition package (SDP). Service types can be instantiated according to the configuration of the cloud platform itself, and the contents of the SDP, including discovering, provisioning, and associating service types with system resources, to address different customer requirements. | 03-13-2014 |
20140075412 | SYSTEM AND METHOD FOR ELASTICITY MANAGEMENT OF SERVICES WITH A CLOUD COMPUTING ENVIRONMENT - A system and method for elasticity management of services for use with a cloud computing environment. In accordance with an embodiment, a cloud platform enables provisioning of enterprise software applications within a cloud environment, including packaging enterprise applications as service definition packages (SDP), and instantiating the services using service management engines (SME). In an embodiment, an elasticity manager can be used to determine the health of the services, and to take appropriate actions, including detecting events, issuing alerts and/or notifying the orchestration engine to manage the service lifecycle, e.g., to respond to an increased demand for particular services. | 03-13-2014 |
20140075426 | SYSTEM AND METHOD FOR DYNAMIC MODIFICATION OF SERVICE DEFINITION PACKAGES WITH A CLOUD COMPUTING ENVIRONMENT - A system and method for dynamic modification of service definition packages for use with a cloud computing environment. In accordance with an embodiment, a cloud platform enables provisioning of enterprise software applications (e.g., Fusion Middleware applications) within a cloud environment. In an embodiment, enterprise applications can be packaged as service definition packages (SDP). To support maintenance of services (e.g., bug fixes, security updates, and configuration changes), a service's characteristics and requirements can be modified dynamically, by reconfiguring the cloud platform itself and/or by mounting a disk volume that corresponds to the service's SDP, and modifying its contents directly. | 03-13-2014 |
20140075431 | SYSTEM AND METHOD FOR SERVICE DEFINITION PACKAGES FOR USE WITH A CLOUD COMPUTING ENVIRONMENT - A system and method for providing service definition packages for use with a cloud computing environment. In accordance with an embodiment, a cloud platform enables provisioning of enterprise software applications (e.g., Fusion Middleware applications) within a cloud environment. In an embodiment, enterprise applications can be packaged as service definition packages (SDP). Each SDP can include an application binary component, a metadata defining the application's service characteristics and requirements, and a plugin that enables the SDP to be installed into the cloud platform. The SDP can also include a virtual assembly that defines a topology and configuration for a set of virtual appliances. The application, as defined by its SDP, can be instantiated as one or more services that are then accessible by other (e.g., customer) applications within the cloud environment. | 03-13-2014 |
20140280975 | SYSTEM AND METHOD FOR PROVISIONING CLOUD SERVICES USING A HYBRID SERVICE MANAGEMENT ENGINE PLUGIN - Described herein is a system and method for provisioning or controlling services using a hybrid service management engine (SME) plugin. In accordance with an embodiment, SMEs provide a means by which service types can be plugged into a cloud environment. For example, an SME can control a service-specific lifecycle, including provisioning, management, and monitoring of a service type. In accordance with an embodiment, an SME plugin associated with a service type can extend a hybrid SME plugin, to delegate one or more lifecycle operations to be controlled with shell or other scripts. Since a service provider can be associated with an SME that is used for the lifecycle and configuration of its services, the use of a hybrid SME plugin allows shell scripts to be leveraged to assist in the provisioning and control of those services. | 09-18-2014 |
Patent application number | Description | Published |
20090133110 | SYSTEM AND METHOD USING GLOBALLY UNIQUE IDENTITIES - Systems and methods are described for creating a globally unique identity for a user or user-container by performing an iterative join where each participating back-end data source. The systems and methods include an ID-Unify (IDU) that performs identity virtualization and creates or generates a globally unique identifier for a user in operational environments in which there is a pre-existing conflict caused by the existence of different identities for a user in different authentication data sources. | 05-21-2009 |
20090138939 | SYSTEM AND METHOD FOR INFERRING ACCESS POLICIES FROM ACCESS EVENT RECORDS - A method of security gateway policy definition to quickly infer a new policy based on event data extracted and analyzed using business logic and workflow from a gateway event log or behavior log. The method includes reading the components of a log record, translating the components into acceptable policy attributes, creating a new policy based on those attributes, and presenting the new policy to a system administrator for editing and approval. | 05-28-2009 |
20090144818 | SYSTEM AND METHOD FOR USING VARIABLE SECURITY TAG LOCATION IN NETWORK COMMUNICATIONS - A method of packet security management to ensure a secure connection from one network node to another. The method includes creating a security tag for each packet in a network session, selecting one of a number of possible tag locations within the packet, inserting the security tag at that location, transmitting the tagged packets from a sending node to the receiving node, authenticating the packets' security tags at the receiving node, and dropping non-authenticated packets. The method also includes determining best possible tag locations when sending a packet and locating a security tag when receiving a packet. | 06-04-2009 |
20090241170 | ACCESS, PRIORITY AND BANDWIDTH MANAGEMENT BASED ON APPLICATION IDENTITY - A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet. | 09-24-2009 |
20090276204 | METHOD AND SYSTEM FOR POLICY SIMULATION - A method and system for managing access to resources on a secured network is disclosed. The method includes reading packet information in respective packets of a packet communication received at a security node and applying one of the plurality of access rules. The method also includes determining whether the security node is to block the respective packets and/or the packet communication from reaching a resource on the secured network based on the applied access rule. If the security node is to block the respective packets and/or the packet communication, it is determined whether the applied access rule is a simulated access rule. Responsive to the applied access rule being a simulated access rule, the respective packets and/or the packet communication are passed towards the resource on the secured network and a log event is generated that indicates the security node blocked the respective packets and/or the packet communication. | 11-05-2009 |
20090328186 | COMPUTER SECURITY SYSTEM - A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted. | 12-31-2009 |
20110179477 | SYSTEM INCLUDING PROPERTY-BASED WEIGHTED TRUST SCORE APPLICATION TOKENS FOR ACCESS CONTROL AND RELATED METHODS - A target device may have a target application and a web application thereon, and a trust broker may generate an application token having associated therewith a state attribute having at least one of a hash digest and a property value assertion, and weighted trust score. The application token may correspond to a level of trustworthiness, in near real time, of a running application instance of the target application. A trust monitor may monitor an execution state of the target application, and an authentication broker may authenticate a user to the web application and based upon a web services query for remote verification of the target application. A network access enforcer may control access of an authenticated user to the target application, and a trust evaluation server may interrogate the target application and generate a trust score. | 07-21-2011 |
20120216244 | SYSTEM AND METHOD FOR APPLICATION ATTESTATION - An instrumented machine or platform having a target application thereon is disclosed. An attestation service may generate an application artifact having associated therewith a name and an application statement having at least one of a plurality of attribute value assertions describing the examined runtime local execution and introspection based derived security context. The application statements may represent the level of contextual trustworthiness, at near real time, of a running application on the instrumented target platform. A runtime process and network monitor may examine the local runtime execution context of the target application, and an identity provider may authenticate a user to the web application based on a web services query for attestation of the target application. A physical or logical authorization service may control access of an authenticated user to the target application, based on a dynamic application statement and multi-factor application attestation issued by the attestation service. | 08-23-2012 |
20130159023 | SYSTEM AND METHOD FOR EVIDENCE BASED DIFFERENTIAL ANALYSIS AND INCENTIVES BASED HEAL THCARE POLICY - An evidence based cost modeling and predictive analysis system, and an incentives based plan to reduce healthcare costs are disclosed. An analytics system may generate incremental expenditures among overweight and obese individuals, predictive forecasts of future medical costs, and predictive forecast of cost reduction based on financial incentives to recipients. The forecasts may include statistical trends, prevalence of diseases based on body mass index, and medical evidence associated with specific illnesses. A computer based program may process and analyze dependent and independent variables in electronically stored information (for example insurance, health and medical records). A health insurance provider may provide an annual rebate on paid premiums to recipients based on a qualifying annual BMI as an incentive. The recipients may receive the rebates in a qualified health reimbursement account (HRA) managed by the recipients towards future healthcare related expenditures. | 06-20-2013 |
20130298192 | SYSTEMS AND METHODS FOR USING REPUTATION SCORES IN NETWORK SERVICES AND TRANSACTIONS TO CALCULATE SECURITY RISKS TO COMPUTER SYSTEMS AND PLATFORMS - Instrumented networks, computer systems and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for calculating security risks by determining subject reputation scores. In an embodiment, a system receives a query for a reputation score of a subject, initiates directed queries to external information management systems to interrogate attributes associated with the subject, and analyzes responses. The system receives a hierarchical subject reputation score based on a calculus of risk and returns a reputation token. In another embodiment, a method provides real time attestation of a subject's reputation to a service provider using an endpoint trust agent, and a trust orchestrator comprising a reputation broker and a trust broker. | 11-07-2013 |
20130298230 | SYSTEMS AND METHODS FOR NETWORK FLOW REMEDIATION BASED ON RISK CORRELATION - Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for network flow and device/platform remediation in response to reconnaissance-based intelligence correlation based on network monitoring, to accomplish network flow remediation and device/platform remediation. In an embodiment, a system receives system warnings and endpoint threat intelligence. The system correlates risk based on inputs from sensory inputs that monitor network activity, system configuration, resource utilization, and device integrity. The system then performs a calculus of risk on a global security context including endpoint assessment reports and sends system warnings based upon the endpoint threat intelligence. The system includes a remediation engine for receiving real time directives to control the device. | 11-07-2013 |
20130298242 | SYSTEMS AND METHODS FOR PROVIDING MOBILE SECURITY BASED ON DYNAMIC ATTESTATION - Instrumented networks, machines and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects (including mobile devices) and applications on the instrumented target platform. Methods and systems are disclosed for dynamic attestation of mobile device integrity based upon subject reputation scores. In an embodiment, a method scores trustworthiness of a mobile device based on reputation scores for users associated with the device and/or a device reputation score. The method generates runtime integrity alerts regarding execution anomalies for applications executing on the device, calculates risks based on a ruleset, and determines a calculus of risk for the device. The method sends endpoint events comprising data and content of the integrity warnings to a trust orchestrator, which generates an integrity profile based on the endpoint events. | 11-07-2013 |
20130298243 | SYSTEMS AND METHODS FOR ORCHESTRATING RUNTIME OPERATIONAL INTEGRITY - Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods use a graphical user interface (GUI) console to orchestrate operational integrity of a platform. In an embodiment, a method presents a data center-level runtime operational integrity dashboard and remediation controls for infected systems in a display of a platform having a network trust agent, an endpoint trust agent, and a trust orchestrator. The method receives runtime integrity metrics for trust vectors and displays risk indicators based on the confidence level of received integrity metrics in the GUI. The method provides remediation controls for threat containment and risk mitigation and displays remediation status and progress results and malware analytics in the GUI. | 11-07-2013 |
20130298244 | SYSTEMS AND METHODS FOR THREAT IDENTIFICATION AND REMEDIATION - Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods for threat identification and remediation for computing platforms based upon reconnaissance-based intelligence correlation and network/application monitoring are disclosed. In an embodiment, a method provides runtime operational integrity of a system by receiving: a dynamic context including endpoint events; and network endpoint assessments. The method generates temporal events based on the network endpoint assessments and correlates the endpoint events and temporal events before generating an integrity profile for the system. In another embodiment, flow level remediation is provided to isolate infected or compromised systems from a computing network fabric using a network trust agent, an endpoint trust agent, and a trust orchestrator. | 11-07-2013 |
20140201806 | RUNTIME RISK DETECTION BASED ON USER, APPLICATION, AND SYSTEM ACTION SEQUENCE CORRELATION - A method for assessing runtime risk for an application or device includes: storing, in a rules database, a plurality of rules, wherein each rule identifies an action sequence; storing, in a policy database, a plurality of assessment policies, wherein each assessment policy includes at least one rule of the plurality of rules; identifying, using at least one assessment policy, a runtime risk for an application or device, wherein the identified runtime risk identifies and predicts a specific type of threat; and identifying, by a processing device, a behavior score for the application or device based on the identified runtime risk, wherein the action sequence is a sequence of at least two performed actions, and each performed action is at least one of: a user action, an application action, and a system action. | 07-17-2014 |