-
公开(公告)号:US20060041743A1
公开(公告)日:2006-02-23
申请号:US11254264
申请日:2005-10-20
申请人: Giovanni Della-Libera , Christopher Kaler , Scott Konersmann , Butler Lampson , Paul Leach , Bradford Lovering , Steven Lucco , Stephen Millet , Richard Rashid , John Shewchuk
发明人: Giovanni Della-Libera , Christopher Kaler , Scott Konersmann , Butler Lampson , Paul Leach , Bradford Lovering , Steven Lucco , Stephen Millet , Richard Rashid , John Shewchuk
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
-
公开(公告)号:US20050177602A1
公开(公告)日:2005-08-11
申请号:US11097355
申请日:2005-04-04
申请人: Christopher Kaler , John Shewchuk , David Langworthy , Donald Box
发明人: Christopher Kaler , John Shewchuk , David Langworthy , Donald Box
CPC分类号: H04L45/34 , H04L45/566 , H04L63/02 , H04L63/04 , H04L63/0428 , H04L63/08 , H04L63/0823 , H04L63/102 , H04L63/104 , H04L63/108 , H04L63/123 , H04L63/126 , H04L67/02 , H04L2463/101 , Y10S707/99942 , Y10S707/99943
摘要: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. Communication of metadata is expedited using hash digests to confirm metadata versions, and by piggybacking policy metadata requests and responses on other substantive data communication messages, thereby dynamically altering future communications.
摘要翻译: 提供了传达对象元数据的方法,系统和数据结构。 提出了一个通用的元数据容器,允许使用协议中立和平台无关的方法以可扩展的方式描述对象元数据。 元数据范围是指所包含的元数据语句对应的目标的动态范围。 元数据属性提供了一种描述元数据本身的机制,并且可以使用元数据安全性来确保发送和接收真实的元数据。 还提供了机制来允许细化和替换元数据语句。 通过使用散列摘要来确认元数据版本,并通过捎带政策元数据请求和对其他实质性数据通信消息的响应来加速元数据的通信,从而动态地改变将来的通信。
-
公开(公告)号:US20060253699A1
公开(公告)日:2006-11-09
申请号:US11254539
申请日:2005-10-20
申请人: Giovanni Della-Libera , Christopher Kaler , Scott Konersmann , Butler Lampson , Paul Leach , Bradford Lovering , Steven Lucco , Stephen Millet , Richard Rashid , John Shewchuk
发明人: Giovanni Della-Libera , Christopher Kaler , Scott Konersmann , Butler Lampson , Paul Leach , Bradford Lovering , Steven Lucco , Stephen Millet , Richard Rashid , John Shewchuk
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
-
公开(公告)号:US20060047947A1
公开(公告)日:2006-03-02
申请号:US11249410
申请日:2005-10-14
申请人: David Langworthy , Christopher Kaler , Luis Cabrera , Patrick Helland , Steven Lucco , John Shewchuk
发明人: David Langworthy , Christopher Kaler , Luis Cabrera , Patrick Helland , Steven Lucco , John Shewchuk
IPC分类号: H04L9/00
CPC分类号: H04L69/16 , H04L67/02 , H04L69/162 , H04L69/163
摘要: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.
-
公开(公告)号:US20060041929A1
公开(公告)日:2006-02-23
申请号:US11254519
申请日:2005-10-20
申请人: Giovanni Della-Libera , Christopher Kaler , Scott Konersmann , Butler Lampson , Paul Leach , Bradford Lovering , Steven Lucco , Stephen Millet , Richard Rashid , John Shewchuk
发明人: Giovanni Della-Libera , Christopher Kaler , Scott Konersmann , Butler Lampson , Paul Leach , Bradford Lovering , Steven Lucco , Stephen Millet , Richard Rashid , John Shewchuk
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
-
公开(公告)号:US20050246760A1
公开(公告)日:2005-11-03
申请号:US10827474
申请日:2004-04-19
IPC分类号: G06F12/00
CPC分类号: G06F21/445 , G06F2221/2103 , G06F2221/2129
摘要: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.
摘要翻译: 本发明扩展到验证计算系统的可测量方面。 提供者会向请求者发出一个挑战,质询请求证明请求者被正确地配置为访问资源。 请求者访问指示请求者如何证明访问资源的适当配置的信息。 请求者制定并发送证据,证明请求者配置的一个或多个可衡量的方面是适当的。 提供者收到证据,证明请求者配置的一个或多个可衡量的方面是适当的,并授权请求者访问该资源。 请求者的一个可衡量方面的证明可以与其他类型的认证一起使用,以授权请求者访问提供商的资源。 挑战的解决方案可以预先计算并存储在供应商可访问的位置。
-
公开(公告)号:US20050060718A1
公开(公告)日:2005-03-17
申请号:US10984874
申请日:2004-11-10
申请人: Gregory Lindhorst , Stephen Millet , John Shewchuk , John Buehler
发明人: Gregory Lindhorst , Stephen Millet , John Shewchuk , John Buehler
CPC分类号: G06F8/30 , G06F8/51 , G06F9/4493
摘要: An environment for developing clientside/serverside code is disclosed. The environment supports the perception that the server space and client space are seamlessly joined into a single program execution space. An outgrowth of the single execution space includes effective event handling on the server through enabling created objects to migrate effectively between the server and client.
摘要翻译: 公开了开发客户端/服务器端代码的环境。 环境支持将服务器空间和客户端空间无缝连接到单个程序执行空间的感觉。 单个执行空间的增长包括通过使服务器和客户端之间有效迁移创建的对象在服务器上进行有效的事件处理。
-
公开(公告)号:US20080184339A1
公开(公告)日:2008-07-31
申请号:US11952890
申请日:2007-12-07
申请人: John Shewchuk , Kim Cameron , Arun Nanda , Xiao Xie
发明人: John Shewchuk , Kim Cameron , Arun Nanda , Xiao Xie
IPC分类号: G06F7/04
CPC分类号: H04L63/08 , G06F21/33 , G06F21/41 , H04L63/0853
摘要: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.
摘要翻译: 用于控制数字身份表示(“DIR”)分发和使用的系统和方法提高了DIR使用的安全性,可用性和监督性。 可以通过第二设备获得存储在第一设备上的DIR,以用于满足依赖方的安全策略。 将DIR发布到第二设备需要来自可能与尝试访问依赖方的设备或实体不同的设备或实体的许可。 此外,使用DIR获得身份令牌可以单独要求甚至不同的人或实体的许可,并且可以在接收到与DIR的预期用途有关的令人满意的信息的条件下(例如,依赖方的名称,类型 正在尝试操作等)。 通过控制DIR的分配和使用,主体的身份安全性和对委托人活动的监督控制得到加强。
-
公开(公告)号:US20070130478A1
公开(公告)日:2007-06-07
申请号:US11548266
申请日:2006-10-10
申请人: David Langworthy , Christopher Kaler , Luis Cabrera , Patrick Helland , Steven Lucco , John Shewchuk
发明人: David Langworthy , Christopher Kaler , Luis Cabrera , Patrick Helland , Steven Lucco , John Shewchuk
CPC分类号: H04L69/16 , H04L67/02 , H04L69/162 , H04L69/163
摘要: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to comununicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.
摘要翻译: 可靠的端到端消息传递,其中跟踪和确认信息包含在电子消息中,对于传输层之上的层可见,从而独立于什么传输协议以及是否使用不同的传输协议来在两者之间进行通信 终点 此外,确认消息可以标识与所接收的电子消息相对应的多个序列号范围,从而允许在确认所接收的消息时进一步的灵活性和完整性。
-
公开(公告)号:US20070061873A1
公开(公告)日:2007-03-15
申请号:US11222912
申请日:2005-09-09
申请人: John Shewchuk , Arun Nanda , Donald Box , Douglas Walter , Hervey Wilson
发明人: John Shewchuk , Arun Nanda , Donald Box , Douglas Walter , Hervey Wilson
IPC分类号: H04L9/32
CPC分类号: H04L9/3271 , H04L9/3213 , H04L9/3297 , H04L2209/56 , H04L2209/80
摘要: A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.
摘要翻译: 利用加密会话密钥来维护数字身份的安全性。 会话密钥仅在有限的时间内有效。 通过双峰凭证提供额外的安全性,允许不同级别的访问数字识别。 身份令牌包含与数字身份相关联的相关信息。 使用公钥密码术对身份令牌进行加密。 用于验证数字身份的有效性的标识符被加密会话密钥加密。 加密的身份令牌和加密的标识符例如被提供给服务。 该服务使用公钥加密来解密加密的身份令牌,并且利用从身份令牌获得的加密会话密钥对加密的标识符进行解密。 如果标识符被确定为有效,则事务正常进行。 如果标识符被确定为无效,则停止该事务。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.048 秒)
