-
公开(公告)号:US07802294B2
公开(公告)日:2010-09-21
申请号:US11046281
申请日:2005-01-28
IPC分类号: G06F7/04
CPC分类号: G06F21/6218 , G06F21/6281 , G06F2221/2141
摘要: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.
摘要翻译: 描述了控制由应用访问数据的尝试的系统和方法。 在一个实施例中,该应用与包括应用ID的安全令牌相关联。 在操作中,系统接收由应用程序启动的用于访问数据的请求。 该系统被配置为基于安全令牌的比较和与数据相关联的已批准应用ID的列表来部分地评估访问请求。
-
公开(公告)号:US07779265B2
公开(公告)日:2010-08-17
申请号:US11302047
申请日:2005-12-13
CPC分类号: G06F21/6218 , G06F2221/2141 , G06F2221/2145 , H04L63/101
摘要: An item inheritance system and method are provided. The item inheritance system can be employed to propagate access control information (e.g., an access control list) to one or more item(s), thus facilitating security of item(s). At least one of the item(s) is a compound item.The item inheritance system includes an input component that receives information associated with one or more items. The items can include container(s), object(s) and/or compound item(s). The system can be triggered by a change in security policy to the item(s), for example, adding and/or deleting a user's access to the item(s). Additionally, moving and/or copying a collection of items can further trigger the system.The system further includes a propagation component that propagates access control information to the item(s). For example, the propagation component can enforce the ACL propagation policies when a change to the security descriptor takes place at the root of a hierarchy.
摘要翻译: 提供了项目继承系统和方法。 可以采用项目继承系统将访问控制信息(例如,访问控制列表)传播到一个或多个项目,从而促进项目的安全性。 至少一个项目是复合项目。 项目继承系统包括接收与一个或多个项目相关联的信息的输入组件。 物品可以包括容器,物体和/或复合物品。 可以通过对项目的安全策略的改变来触发系统,例如添加和/或删除用户对项目的访问。 此外,移动和/或复制物品的集合可以进一步触发系统。 该系统还包括将访问控制信息传播到该项目的传播组件。 例如,当安全描述符的更改发生在层次结构的根目录下时,传播组件可以强制执行ACL传播策略。
-
公开(公告)号:US20090055921A1
公开(公告)日:2009-02-26
申请号:US11843752
申请日:2007-08-23
IPC分类号: G06F15/16
CPC分类号: G06F21/6236
摘要: Aspects of the subject matter described herein relate to providing file access in a multi-protocol environment. In aspects, a file server is operable to receive requests formatted according to two or more file access protocols. If a request is formatted according to a first file access protocol, the file server applies access rights associated with the file to an account associated with a requester to determine whether to grant access. If the request is formatted according to the second file access protocol, the file server may first attempt to find an account for the requester. If an account is not found, the file server may then grant access based on access rights associated with the file as applied to information in the request without consulting an account on the file server.
摘要翻译: 本文描述的主题的方面涉及在多协议环境中提供文件访问。 在方面中,文件服务器可操作以接收根据两个或多个文件访问协议格式化的请求。 如果根据第一文件访问协议格式化请求,则文件服务器将与文件相关联的访问权限应用于与请求者相关联的帐户,以确定是否授予访问权限。 如果根据第二文件访问协议来格式化请求,则文件服务器可以首先尝试找到请求者的帐户。 如果没有找到一个帐户,则文件服务器可能会根据应用于请求中的信息的与该文件相关联的访问权限来授予访问权限,而不咨询文件服务器上的一个帐户。
-
公开(公告)号:US07046689B2
公开(公告)日:2006-05-16
申请号:US09824901
申请日:2001-04-02
申请人: Gregory Burns , Paul J. Leach
发明人: Gregory Burns , Paul J. Leach
CPC分类号: H04L65/4084 , G06F17/30902 , H04B7/18582 , H04L29/06 , H04L29/06027 , H04L67/2819 , H04L67/2847 , H04L67/2852 , H04L67/325 , H04L69/329
摘要: A network system includes a content provider connected to local service providers via an interactive distribution network, such as the Internet. The local service providers facilitate delivery of the content from the content provider to multiple subscribers. The local service providers schedule delivery of frequently requested content from the content provider prior to a peak time when the subscribers are likely to request the content. The content is downloaded from the content provider during the off-peak hours and cached at the local service providers for serving to the subscribers during the ensuing peak time. In this manner, the frequently requested content is already present at the local service providers and ready to be served to the subscribers before they actually request it. When the content is finally requested, the data is streamed continuously in real-time for just-in-time rendering at the subscriber computer. Another aspect of this invention involves supplementing content delivery over the Internet with delivery of content over a secondary network, such as a broadcast satellite network. The supplemental broadcast link offers additional bandwidth at a fraction of the cost that would be incurred if the local service provider installed additional Internet connections, such as T1 or T3 connections.
摘要翻译: 网络系统包括经由诸如因特网的交互式分发网络连接到本地服务提供商的内容提供商。 本地服务提供商便于将内容从内容提供商传递到多个订阅者。 本地服务提供商在用户可能请求内容的高峰时间之前从内容提供商调度经常请求的内容的传送。 在非高峰时段,内容从内容提供商下载,并在随后的高峰时段缓存在本地服务提供商处供服务。 以这种方式,频繁请求的内容已经存在于本地服务提供商处,并且在其实际请求之前准备被发送给订户。 当最终请求内容时,数据在用户计算机上实时连续流式传输以便及时呈现。 本发明的另一方面涉及通过诸如广播卫星网络的辅助网络上的内容传送来补充因特网上的内容传送。 如果本地服务提供商安装了诸如T1或T3连接的其他互联网连接,补充广播链路将以一小部分成本提供额外的带宽。
-
公开(公告)号:US06910068B2
公开(公告)日:2005-06-21
申请号:US09811362
申请日:2001-03-16
申请人: William M. Zintel , Amar S. Gandhi , Ye Gu , Shyamalan Pather , Jeffrey C. Schlimmer , Christopher M. Rude , Daniel R. Weisman , Donald R. Ryan , Paul J. Leach , Ting Cai , Holly N. Knight , Peter S. Ford
发明人: William M. Zintel , Amar S. Gandhi , Ye Gu , Shyamalan Pather , Jeffrey C. Schlimmer , Christopher M. Rude , Daniel R. Weisman , Donald R. Ryan , Paul J. Leach , Ting Cai , Holly N. Knight , Peter S. Ford
CPC分类号: H04L29/12235 , H04L12/2803 , H04L12/2805 , H04L12/2807 , H04L12/2818 , H04L12/2856 , H04L12/2898 , H04L12/4633 , H04L29/06 , H04L29/0602 , H04L29/1232 , H04L29/12594 , H04L47/2408 , H04L61/2023 , H04L61/2092 , H04L61/30 , H04L67/02 , H04L67/025 , H04L67/125 , H04L67/14 , H04L67/16 , H04L69/329
摘要: A universal plug and play (UPnP) device makes itself known through a set of processes-discovery, description, control, eventing, and presentation. Following discovery of a UPnP device, an entity can learn more about the device and its capabilities by retrieving the device's description. The description includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name, URLs to vendor-specific Web sites, etc. The description also includes a list of any embedded devices or services, as well as URLs for control, eventing, and presentation. The description is written by a vendor, and is usually based on a device template produced by a UPnP forum working committee. The template is derived from a template language that is used to define elements to describe the device and any services supported by the device. The template language is written using an XML-based syntax that organizes and structures the elements.
-
36.发明授权Method and system for scheduling the use of a computer system resource using a resource planner and a resource provider 失效使用资源规划者和资源提供者调度计算机系统资源使用的方法和系统公开(公告)号:US06584489B1
公开(公告)日:2003-06-24
申请号:US09038759
申请日:1998-03-11
申请人: Michael B. Jones , Paul J. Leach , Richard P. Draves, Jr. , Joseph S. Barrera, III , Steven P. Levi , Richard F. Rashid , Robert P. Fitzgerald
发明人: Michael B. Jones , Paul J. Leach , Richard P. Draves, Jr. , Joseph S. Barrera, III , Steven P. Levi , Richard F. Rashid , Robert P. Fitzgerald
IPC分类号: G06F900
CPC分类号: G06F9/50 , G06F2209/5014
摘要: A method and system for scheduling the use of a computer system resource using a resource planner and a resource provider are provided. In a preferred embodiment, a resource is scheduled for use by a plurality of consumer entities. Each consumer entity may request the commitment of a share of the resource. The method and system use representations of resource usage policy, present commitments of shares of the resource, and present commitments of specified amounts of the resource over a specified period of time. The method and system first receive a request from a consumer entity for the commitment of a specified share of the resource. In response, the method and system determine whether the specified share of the resource should be committed to the requesting consumer entity. This determination is based on the representations of resource usage policy and present commitments of shares of the resource. If it is determined that the specified share of the resource should be committed to the requesting consumer entity, then the method and system modify the representation of present commitments of shares of the resource to commit the specified share of the resource to the requesting consumer entity. The method and system then schedule the use of the resource by the plurality of consumer entities based on the modified representation of present commitments of shares of the resource.
摘要翻译: 提供了一种用于使用资源规划器和资源提供者调度计算机系统资源的使用的方法和系统。 在优选实施例中,资源被调度为由多个消费者实体使用。 每个消费者实体可以请求资源份额的承诺。 资源使用政策的方法和系统使用表示,资源份额的现有承诺以及在指定时间段内指定资源量的现有承诺。 该方法和系统首先从消费者实体接收对资源的指定份额的承诺的请求。 作为响应,方法和系统确定资源的指定份额是否应该提交给请求的消费者实体。 这一决定是基于资源使用政策的表示和资源份额的现有承诺。 如果确定资源的指定份额应该提交给请求的消费者实体,则方法和系统将修改资源共享的当前承诺的表示,以将该资源的指定份额提交给请求的消费者实体。 该方法和系统随后基于对资源的份额的当前承诺的修改的表示来安排多个消费者实体的资源的使用。
-
公开(公告)号:US06298373B1
公开(公告)日:2001-10-02
申请号:US09260932
申请日:1999-03-02
申请人: Gregory Burns , Paul J. Leach
发明人: Gregory Burns , Paul J. Leach
IPC分类号: G06F1300
CPC分类号: H04L65/4084 , G06F17/30902 , H04B7/18582 , H04L29/06 , H04L29/06027 , H04L67/2819 , H04L67/2847 , H04L67/2852 , H04L67/325 , H04L69/329
摘要: A network system includes a content provider connected to local service providers via an interactive distribution network, such as the Internet. The local service providers facilitate delivery of the content from the content provider to multiple subscribers. The local service providers schedule delivery of frequently requested content from the content provider prior to a peak time when the subscribers are likely to request the content. The content is downloaded from the content provider during the off-peak hours and cached at the local service providers for serving to the subscribers during the ensuing peak time. In this manner, the frequently requested content is already present at the local service providers and ready to be served to the subscribers before they actually request it. When the content is finally requested, the data is streamed continuously in real-time for just-in-time rendering at the subscriber computer. Another aspect of this invention involves supplementing content delivery over the Internet with delivery of content over a secondary network, such as a broadcast satellite network. The supplemental broadcast link offers additional bandwidth at a fraction of the cost that would be incurred if the local service provider installed additional Internet connections, such as T1 or T3 connections.
摘要翻译: 网络系统包括经由诸如因特网的交互式分发网络连接到本地服务提供商的内容提供商。 本地服务提供商便于将内容从内容提供商传递到多个订阅者。 本地服务提供商在用户可能请求内容的高峰时间之前从内容提供商调度经常请求的内容的传送。 在非高峰时段,内容从内容提供商下载,并在随后的高峰时段缓存在本地服务提供商处供服务。 以这种方式,频繁请求的内容已经存在于本地服务提供商处,并且在其实际请求之前准备被发送给订户。 当最终请求内容时,数据在用户计算机上实时连续流式传输以便及时呈现。 本发明的另一方面涉及通过诸如广播卫星网络的辅助网络上的内容传送来补充因特网上的内容传送。 如果本地服务提供商安装了诸如T1或T3连接的其他互联网连接,补充广播链路将以一小部分成本提供额外的带宽。
-
公开(公告)号:US09032492B2
公开(公告)日:2015-05-12
申请号:US13224246
申请日:2011-09-01
申请人: Mark Novak , Paul J. Leach , Yi Zeng , Saurav Sinha , K Michiko Short , Gopinathan Kannan
发明人: Mark Novak , Paul J. Leach , Yi Zeng , Saurav Sinha , K Michiko Short , Gopinathan Kannan
CPC分类号: G06F21/00 , G06F21/34 , H04L63/065 , H04L63/068 , H04L67/10 , H04L2463/121 , H04W12/06
摘要: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.
-
公开(公告)号:US08627440B2
公开(公告)日:2014-01-07
申请号:US12647327
申请日:2009-12-24
申请人: David R. Mowers , Daniel R. Simon , Paul J. Leach , John A. Banes
发明人: David R. Mowers , Daniel R. Simon , Paul J. Leach , John A. Banes
IPC分类号: G06F15/16
CPC分类号: H04L63/08 , H04L63/0442 , H04L63/0807 , H04L63/0869 , H04L63/10 , H04L63/12 , H04L63/166 , H04L67/42
摘要: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
摘要翻译: 本公开通常涉及客户端认证。 本公开的一个方面涉及一种用于向第一认证上下文的域控制器(DC)呈现证据的第一服务器,该第一认证上下文从客户端提交到第一服务器以获得可委托的证书,其中该凭证可用于请求第二认证上下文 认证上下文从该客户端到第二个服务器。 另一方面涉及第一台服务器向DC提供证据。 证据涉及从客户端向第一服务器提交的第一个身份验证上下文,它获取了一个可委托凭证。 通过与凭证组合使用以从客户端请求第二认证上下文到第二服务器。
-
公开(公告)号:US08621561B2
公开(公告)日:2013-12-31
申请号:US11969456
申请日:2008-01-04
申请人: David B. Cross , Mark F. Novak , Oded Ye Shekel , Paul J. Leach , Andreas Luther , Thomas C. Jones
发明人: David B. Cross , Mark F. Novak , Oded Ye Shekel , Paul J. Leach , Andreas Luther , Thomas C. Jones
CPC分类号: H04L9/3213 , H04L9/3226 , H04L9/3263 , H04L63/0807
摘要: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.
摘要翻译: 公开了基于认证输入属性提供差分访问的实施例。 根据一个实施例,一种方法包括使用认证协议在认证机构处接收认证输入。 认证输入与客户端相关联。 该方法还包括为认证输入提供一个或多个表示,其中每个表示代表认证输入的属性。
-
-
-
-
-
-
-
-
-
搜索结果
98 条记录 (耗时 0.044 秒)
