Paul B Patrick

US Patent:

7017051, Mar 21, 2006

Filed:

Feb 24, 2003

Appl. No.:

10/373532

Inventors:

Paul Patrick - Manchester NH, US

Assignee:

BEA Systems, Inc. - San Jose CA

International Classification:

H04L 9/00
G06F 11/30
G06F 15/16
G06F 17/60

US Classification:

713202, 713183, 713185, 713186, 709225, 709229, 380255, 380270, 705 1

Abstract:

A method for adaptively authenticating a subject, said method adapted to cooperate with a security provider interface hierarchy, said method comprising the steps of providing for the implementation of an authentication interface adapted to extend and implement at least a portion of the security provider hierarchy, providing for the authentication of the subject when so directed by the authentication interface, and providing for the association of a signed principal with the subject upon the successful authentication of the subject.

US Patent:

7310684, Dec 18, 2007

Filed:

May 19, 2005

Appl. No.:

11/133109

Inventors:

Paul B Patrick - Manchester NH, US
Ashok Aletty - Saratoga CA, US
Jayaram Kasi - San Jose CA, US
Chet Kapoor - San Jose CA, US
Tolga Urhan - Palo Alto CA, US
Matthew Mihic - San Francisco CA, US

Assignee:

BEA Systems, Inc. - San Jose CA

International Classification:

G06F 13/00

US Classification:

709238, 709206, 709250, 718313

Abstract:

A system, method and media for a service oriented architecture. This description is not intended to be a complete description of, or limit the scope of, the invention. Other features, aspects and objects of the invention can be obtained from a review of the specification, the figures and the claims.

US Patent:

7392546, Jun 24, 2008

Filed:

Jun 11, 2001

Appl. No.:

09/878536

Inventors:

Paul Patrick - Manchester NH, US

Assignee:

BEA Systems, Inc. - San Jose CA

International Classification:

H04L 9/00
G06F 15/16

US Classification:

726 26, 726 27, 726 29, 709217, 709219

Abstract:

A pluggable architecture allows security and business logic plugins to be inserted into a security service hosted by a server, and to control access to one or more secured resources on that server, on another server within the security domain, or between security domains. The security service may act as a focal point for security enforcement, and access rights determination, and information used or determined within one login process can flow transparently and automatically to other login processes. Entitlements denote what a particular user may or may not do with a particular resource, in a particular context. Entitlements reflect not only the technical aspects of the secure environment (the permit or deny concept), but can be used to represent the business logic or functionality required by the server provider. In this way entitlements bridge the gap between a simple security platform, and a complex business policy platform.

US Patent:

7594112, Sep 22, 2009

Filed:

Oct 8, 2004

Appl. No.:

10/961839

Inventors:

Paul Patrick - Manchester NH, US
David Byrne - Woburn MA, US
Kenneth D. Yagen - San Francisco CA, US
Mingde Xu - San Jose CA, US
Jason Howes - Cambridge MA, US
Mark A. Falco - Lexington MA, US
Richard J. Riendeau - Burlington MA, US

Assignee:

BEA Systems, Inc. - Redwood Shores CA

International Classification:

H04L 9/00

US Classification:

713166, 713165, 713150

Abstract:

A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.

US Patent:

7594224, Sep 22, 2009

Filed:

Oct 8, 2004

Appl. No.:

10/961595

Inventors:

Paul Patrick - Manchester NH, US
David Byrne - Woburn MA, US
Kenneth D. Yagen - San Francisco CA, US
Mingde Xu - San Jose CA, US
Jason Howes - Cambridge MA, US
Mark A. Falco - Lexington MA, US
Richard J. Riendeau - Burlington MA, US

Assignee:

BEA Systems, Inc. - Redwood Shores CA

International Classification:

G06F 9/44
G06F 11/30

US Classification:

717172, 726 1, 726 24

Abstract:

A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration information, a security control module (SCM) operable to accept the information, at least one security service module (SSM) operable to accept the information from the SCM, and herein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

US Patent:

7603547, Oct 13, 2009

Filed:

Oct 8, 2004

Appl. No.:

10/961674

Inventors:

Paul Patrick - Manchester NH, US
David Byrne - Woburn MA, US
Kenneth D. Yagen - San Francisco CA, US
Mingde Xu - San Jose CA, US
Jason Howes - Cambridge MA, US
Mark A. Falco - Lexington MA, US
Richard J. Riendeau - Burlington MA, US

Assignee:

BEA Systems, Inc. - Redwood Shores CA

International Classification:

H04L 29/06
G06F 9/44

US Classification:

713152, 713150, 713165, 717172, 726 1

Abstract:

A system for distributing information from a first process to one or more security service modules. The system comprises a remote interface, capable of accepting first information from the first process, and a provisioning service provider (PSP) coupled to the remote interface. The PSP can obtain the first information from the remote interface, and also can provide second information to a local interface. The second information is based on the first information and is tailored for the one or more security service modules. The local interface can provide the second information to the one or more security service modules and the one or more security service modules can accept the second information and perform at least one of the following: adjust a configuration of the one or more security service modules to reflect the second information, and protect access to at least one resource based on the second information.

US Patent:

7603548, Oct 13, 2009

Filed:

Oct 8, 2004

Appl. No.:

10/961675

Inventors:

Paul Patrick - Manchester NH, US
David Byrne - Woburn MA, US
Kenneth D. Yagen - San Francisco CA, US
Mingde Xu - San Jose CA, US
Jason Howes - Cambridge MA, US
Mark A. Falco - Lexington MA, US
Richard J. Riendeau - Burlington MA, US

Assignee:

BEA Systems, Inc. - Redwood Shores CA

International Classification:

H04L 29/06
G06F 9/44

US Classification:

713152, 713150, 713165, 717172, 726 1

Abstract:

A method for providing a security provider for a client comprises providing a service provider interface, that is compatible with a security framework layer, and one or more services. The one or more services include at least one of, authentication, authorization, auditing, role mapping and credential mapping. The one or more services can be exposed through the service provider interface and the framework layer can expose the one or more services to an application program interface.

US Patent:

7610615, Oct 27, 2009

Filed:

Jul 21, 2005

Appl. No.:

11/186444

Inventors:

Paul B Patrick - Manchester NH, US

Assignee:

BEA Systems, Inc. - Redwood Shores CA

International Classification:

G06F 21/00
H04L 29/06

US Classification:

726 4, 713155

Abstract:

A method for adaptively authenticating a subject, said method adapted to cooperate with a security provider interface hierarchy, said method comprising the steps of providing for the implementation of an authentication interface adapted to extend and implement at least a portion of the security provider hierarchy, providing for the authentication of the subject when so directed by the authentication interface, and providing for the association of a signed principal with the subject upon the successful authentication of the subject.