Didier Durand

Computer-implemented techniques for verifying translated access controls for application modernization include an application modernization service of a provider network obtaining a source access control. The service translates the source access control to a target access control. The service compiles the source access control and the target access control into respective automated reasoning solver encodings. The service uses the automated reasoning solver coding to query an automated reasoning… Mehr anzeigen

Computer-implemented techniques for verifying translated access controls for application modernization include an application modernization service of a provider network obtaining a source access control. The service translates the source access control to a target access control. The service compiles the source access control and the target access control into respective automated reasoning solver encodings. The service uses the automated reasoning solver coding to query an automated reasoning solver such as Satisfiability Modulo Theories (SMT) solver to determine whether the source access control is less or more permissive than the target access control representing a security issue or an availability issue with the target access control, respectively. Weniger anzeigen

Remapping mainframe functional components from a mainframe computing environment onto a network of distinct but communicating accounts of a provider network. The mainframe computer (or network of such computers) is analyzed hierarchically through one or more of physical separation between logical partitions (LPARs), LPARs within the mainframe computer(s), separation of batch and transactional workloads, separation of batch and transactional accounts, or security of the mainframe architecture… Mehr anzeigen

Remapping mainframe functional components from a mainframe computing environment onto a network of distinct but communicating accounts of a provider network. The mainframe computer (or network of such computers) is analyzed hierarchically through one or more of physical separation between logical partitions (LPARs), LPARs within the mainframe computer(s), separation of batch and transactional workloads, separation of batch and transactional accounts, or security of the mainframe architecture. Mainframe application artifacts obtained through the analyzing are used to generate a graph model representing relationships among the mainframe application artifacts. The graph model includes nodes representing the mainframe application artifacts and edges connecting pairs of the mainframe application artifacts, where the edges represent use relationships between the pairs of mainframe application artifacts. The nodes are then clustered, where the clusters represent sets of mainframe artifacts having high density of use relationships, and the clusters correspond to the distinct accounts in the provider network. Weniger anzeigen

Systems, devices, and methods are provided for implementing a cloud-based mainframe service. A cloud-based mainframe service may utilize various resources, including an operating system that is provisioned with an authorization interceptor that uses a first set of security policies stored in a policy database to determine whether to grant or deny access to resources managed by the operating system. The authorization interceptor may use the security policies of the policy database to determine… Mehr anzeigen

Systems, devices, and methods are provided for implementing a cloud-based mainframe service. A cloud-based mainframe service may utilize various resources, including an operating system that is provisioned with an authorization interceptor that uses a first set of security policies stored in a policy database to determine whether to grant or deny access to resources managed by the operating system. The authorization interceptor may use the security policies of the policy database to determine whether to grant access to operating system resources. A database management system may use a second set of security policies stored in the policy database to determine whether to grant or deny access to resources managed by the database system. Security policies for a mainframe service may be centrally stored in a policy database managed by a policy management service. Weniger anzeigen

Systems, devices, and methods are provided for authorizing access to operating system resources using security policies managed by a service external to the operating system. An operating system may be provisioned with a kernel-mode component that intercepts system calls from applications, determines a request context for the system call, and sends a request to an external policy management service.

The policy management service may be used to perform a policy evaluation to determine… Mehr anzeigen

Systems, devices, and methods are provided for authorizing access to operating system resources using security policies managed by a service external to the operating system. An operating system may be provisioned with a kernel-mode component that intercepts system calls from applications, determines a request context for the system call, and sends a request to an external policy management service.

The policy management service may be used to perform a policy evaluation to determine whether to grant access to operating system resources. In some cases, policies are cached by the operating system. In various examples, the operating system and policy management service are both hosted on resources managed by a computing resource service provider on behalf of a customer to run mainframe workloads. Weniger anzeigen

Systems, devices, and methods are provided for determining whether security assurances are satisfied by security policies that are used to control access to resources used by a mainframe application. A system may use a database ot store a plurality of security policies that may comprise security polices of various resources used by mainframes, including resources managed by operating systems and database sys- tems. A reference policy that corresponds to the security assurance being sought may… Mehr anzeigen

Systems, devices, and methods are provided for determining whether security assurances are satisfied by security policies that are used to control access to resources used by a mainframe application. A system may use a database ot store a plurality of security policies that may comprise security polices of various resources used by mainframes, including resources managed by operating systems and database sys- tems. A reference policy that corresponds to the security assurance being sought may be determined. The security policies may be evaluated using a satisfiability modulo theories (SMT) solver to determine whether the security policies are equally or less permissive than the reference policy. Weniger anzeigen

Systems, devices, and methods are provided for authorizing access to database management system (DBMS) resources using security policies managed by a service external to the DBMS. A DB may be provisioned to obtain a database request, identity one or more securable resources that from applications, determines a request context for the system call, and sends a request to an external policy management service. The policy management service may be used to perform a policy evaluation to determine… Mehr anzeigen

Systems, devices, and methods are provided for authorizing access to database management system (DBMS) resources using security policies managed by a service external to the DBMS. A DB may be provisioned to obtain a database request, identity one or more securable resources that from applications, determines a request context for the system call, and sends a request to an external policy management service. The policy management service may be used to perform a policy evaluation to determine whether to grant access to the securable resources. Weniger anzeigen

The patent provides a scalable container-based system implemented in computer instructions stored in a non-transitory medium. It further provides a method of creating and operating a scalable container-based system.

(Patent application currently under examination by various patent offices worldwide: official patent yt to be issued) The present invention relates to techniques and systems for partitioning monolithic legacy applications for deployment as microservices executing in a containerized, scalable and flexible operating environment.

A method and associated arrangement allows a content or service provider to establish an anonymous profile of a consumer using at least one request sent by the consumer through a communication network. The request sent by the consumer includes identification data of the consumer. The identification data is substituted in the network with an alias so as to anonymize the request. The identification data is not accessible to the content or service provider and there is a one-to-one and immutable… Mehr anzeigen

A method and associated arrangement allows a content or service provider to establish an anonymous profile of a consumer using at least one request sent by the consumer through a communication network. The request sent by the consumer includes identification data of the consumer. The identification data is substituted in the network with an alias so as to anonymize the request. The identification data is not accessible to the content or service provider and there is a one-to-one and immutable correspondence between the identification data and the alias. Weniger anzeigen

A method and associated arrangement allows a content or service provider to establish an anonymous profile of a consumer using at least one request sent by the consumer through a communication network. The request sent by the consumer includes identification data of the consumer. The identification data is substituted in the network with an alias so as to anonymize the request. The identification data is not accessible to the content or service provider and there is a one-to-one and immutable… Mehr anzeigen

A method and associated arrangement allows a content or service provider to establish an anonymous profile of a consumer using at least one request sent by the consumer through a communication network. The request sent by the consumer includes identification data of the consumer. The identification data is substituted in the network with an alias so as to anonymize the request. The identification data is not accessible to the content or service provider and there is a one-to-one and immutable correspondence between the identification data and the alias. Weniger anzeigen

Method allowing a consumer (1) to interact with a service provider (4, 5, 6), comprising: broadcasting a label to a plurality of consumers (1) over a television system, manually entering said label on the keypad of a mobile equipment (11) of said consumer (1), sending with a synchronous or quasi-synchronous communication protocol a message based on said label over a mobile network (30) to a logic unit (5), removing or replacing consumer identification in said message with an alias.

A method for preparing automated proof of publications and for supervising the publication of items in printed media, said method comprising: preparing a database including specifications for a plurality of items to publish, publishing said items on printed media using said specifications, scanning printed media pages or capturing an electronic file from a pre-press system including the published items, automatically extracting from the digitized pages identifying metadata characterizing said… Mehr anzeigen

A method for preparing automated proof of publications and for supervising the publication of items in printed media, said method comprising: preparing a database including specifications for a plurality of items to publish, publishing said items on printed media using said specifications, scanning printed media pages or capturing an electronic file from a pre-press system including the published items, automatically extracting from the digitized pages identifying metadata characterizing said published items, using said identifying metadata to retrieve from a database the address to which said proof of publication should be sent, performing a quality control for controlling the quality of said published item by confronting the published item with said specifications, sending a proof of publication including at least the portion of said page including said published item to said address.

Weniger anzeigen

Method allowing an advertisement publisher to compute the price billed to an advertising customer for publishing an interactive advertisement in an offline media. The number of answers to the advertisement received over an electronic return channel is used as a metric for determining the effectiveness of said advertisement. At least one component of said price depends on said number of answers received.