-
公开(公告)号:US07809938B2
公开(公告)日:2010-10-05
申请号:US11254545
申请日:2005-10-20
申请人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
发明人: Giovanni M. Della-Libera , Christopher G. Kaler , Scott A. Konersmann , Butler W. Lampson , Paul J. Leach , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , Richard F. Rashid , John P. Shewchuk
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06Q20/3676 , H04L63/10 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/28 , H04L67/2804 , H04L67/2823
摘要: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
摘要翻译: 提供分布式安全系统。 分布式安全系统使用以政策语言编写的安全策略,该策略语言是传输和安全协议独立的,而与密码技术无关。 该安全策略可以用语言来表示,以创建不同的安全组件,从而实现更大的可扩展性和灵活性。 通过抽象底层协议和技术,可以支持多个环境和平台。
-
公开(公告)号:US07743145B2
公开(公告)日:2010-06-22
申请号:US10827474
申请日:2004-04-19
IPC分类号: G06F15/16
CPC分类号: G06F21/445 , G06F2221/2103 , G06F2221/2129
摘要: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.
摘要翻译: 本发明扩展到验证计算系统的可测量方面。 提供者会向请求者发出一个挑战,质询请求证明请求者被正确地配置为访问资源。 请求者访问指示请求者如何证明访问资源的适当配置的信息。 请求者制定并发送证据,证明请求者配置的一个或多个可衡量的方面是适当的。 提供者收到证据,证明请求者配置的一个或多个可衡量的方面是适当的,并授权请求者访问该资源。 请求者的一个可衡量方面的证明可以与其他类型的认证一起使用,以授权请求者访问提供商的资源。 挑战的解决方案可以预先计算并存储在供应商可访问的位置。
-
公开(公告)号:US07730094B2
公开(公告)日:2010-06-01
申请号:US11207034
申请日:2005-08-19
IPC分类号: G06F17/30
CPC分类号: H04L63/126 , G06F21/6218 , G06F2221/2141 , H04L45/34 , H04L45/566 , H04L63/04 , H04L63/0428 , H04L63/08 , H04L63/102 , H04L63/123 , H04L67/02 , Y10S707/99939
摘要: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.
摘要翻译: 提供了传达对象元数据的方法,系统和数据结构。 提出了一个通用的元数据容器,允许使用协议中立和平台无关的方法以可扩展的方式描述对象元数据。 元数据范围是指所包含的元数据语句对应的目标的动态范围。 元数据属性提供了一种描述元数据本身的机制,并且可以使用元数据安全性来确保发送和接收真实的元数据。 还提供了机制来允许细化和替换元数据语句。 通用元数据容器可以被适配成动态地定义一系列用户对一系列对象的访问控制权限,包括授权和被拒绝的访问权限。
-
公开(公告)号:US07707637B2
公开(公告)日:2010-04-27
申请号:US12058156
申请日:2008-03-28
CPC分类号: G06F21/554
摘要: A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.
摘要翻译: 提供了一种用于管理分布式系统中的安全威胁的方法和系统。 系统的分布式元素会将威胁管理代理的可疑活动检测并报告。 威胁管理代理确定攻击是否发生,并在攻击确定发生时部署对攻击的对策。 还提供另一种方法和系统来管理分布式系统中的安全威胁。 威胁管理代理审查报告了可疑活动,包括从系统的至少一个分布式元素报告的可疑活动,根据报告确定是否发生攻击的模式特征,并预测何时可能发生下一次攻击。 基于预测发生下一次攻击的时间窗口,针对预测的下一次攻击的对策部署。
-
公开(公告)号:US07676540B2
公开(公告)日:2010-03-09
申请号:US10270442
申请日:2002-10-15
申请人: Henrik F. Nielsen , Christopher G. Kaler , Steven E. Lucco , David E. Levin , Erik B. Christensen
发明人: Henrik F. Nielsen , Christopher G. Kaler , Steven E. Lucco , David E. Levin , Erik B. Christensen
IPC分类号: G06F15/16
CPC分类号: H04L63/04 , H04L45/02 , H04L63/0428 , H04L63/102 , H04L63/123 , H04L63/126 , H04L67/02
摘要: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The metadata container may be used to convey referral data to update routing tables in network nodes, and may also be used register referral statements and query a node for referral information.
摘要翻译: 提供了传达对象元数据的方法,系统和数据结构。 提出了一个通用的元数据容器,允许使用协议中立和平台无关的方法以可扩展的方式描述对象元数据。 元数据范围是指所包含的元数据语句对应的目标的动态范围。 元数据属性提供了一种描述元数据本身的机制,并且可以使用元数据安全性来确保发送和接收真实的元数据。 还提供了机制来允许细化和替换元数据语句。 元数据容器可以用于传送参考数据以更新网络节点中的路由表,并且还可以使用注册参考语句并查询节点以获得推荐信息。
-
46.发明授权公开(公告)号:US07657745B2
公开(公告)日:2010-02-02
申请号:US10988875
申请日:2004-11-15
CPC分类号: H04L9/3271 , G06Q20/382 , H04L63/0428 , H04L63/0853 , H04L2209/56
摘要: A secure electronic transfer mechanism that does not require that the computing entities that are parties to the transaction be aware of the secret data used to secure the transfer. A transferring computing entity provides a request from a billing agent computing entity to transfer the electronically transferable item to a computing entity. The billing agent computing entity responds to the request by providing approval data to the second computing entity, the approval data being encrypted using secret data known to the billing agent computing entity and a supplemental computing entity associated with the transferee computing entity, but not to the transferring and transferee computing entity. The approval is provided to the supplemental computing entity, which then credits the transferee account.
摘要翻译: 一种安全的电子传输机制,不要求交易方的计算实体知道用于确保传输的秘密数据。 转移计算实体提供来自计费代理计算实体的请求以将电子可转移项转移到计算实体。 计费代理计算实体通过向第二计算实体提供批准数据来响应该请求,所述批准数据使用计费代理计算实体已知的秘密数据和与受让人计算实体相关联的补充计算实体进行加密,但不对 转移和受让计算实体。 批准提供给补充计算实体,然后补充计算实体将受让人账户记入账户。
-
公开(公告)号:US07631298B2
公开(公告)日:2009-12-08
申请号:US11171768
申请日:2005-06-30
IPC分类号: G06F9/44
CPC分类号: A61M5/1689 , A61M2205/3306 , G06F8/20
摘要: A software-development system or versioning system has a collection of modules for performing individual development functions such as document editing, keyword processing, and private-copy management. Each module has an interface compatible with that of the others, so that modules can be added to or substituted for the original modules, if the new modules conform to the interface. The architecture of this system supports the performance of development actions such as document merging and keyword expansion at any location within the system. The system operates upon documents and files as objects in an object space, rather than in name spaces.
摘要翻译: 软件开发系统或版本控制系统具有用于执行诸如文档编辑,关键词处理和私人副本管理之类的个人开发功能的模块集合。 每个模块都具有与其他模块兼容的接口,因此如果新模块符合接口,则可以将模块添加到或替代原始模块。 该系统的架构支持系统内任何位置的文档合并和关键字扩展等开发操作的性能。 系统将文档和文件作为对象空间中的对象而不是名称空间进行操作。
-
公开(公告)号:US07567586B2
公开(公告)日:2009-07-28
申请号:US11263196
申请日:2005-10-31
IPC分类号: H04J3/22
摘要: Compression of a portion of a message at above a transport layer in a protocol stack. In the transmission direction, the message is accessed in a form that includes a number of initially parseable components, at least one of which being in compressed form. The message also includes a marker that identifies the component(s) that are compressed. The message is then passed to the transport layer in further preparation for transmission. In the receiving direction, the message is received from the transport layer. The message is initially parsed, and then the compressed component(s) are identified based on the marker.
摘要翻译: 在协议栈中的传输层上方压缩消息的一部分。 在传输方向上,消息以包括多个最初可解析组件的形式被访问,其中至少一个是压缩形式的。 消息还包括标识被压缩的组件的标记。 然后将消息传递到传输层,以进一步准备传输。 在接收方向,从传输层接收消息。 该消息最初被解析,然后基于该标记识别压缩的组件。
-
公开(公告)号:US07559080B2
公开(公告)日:2009-07-07
申请号:US11025375
申请日:2004-12-29
IPC分类号: G06F21/00
CPC分类号: H04L63/08 , H04L63/102 , H04L63/12 , H04L63/20
摘要: Systems and methods for automatically generating security policy for a web service are described. In one aspect, one or more links between one or more endpoints are described with an abstract link description. The abstract link description describes, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link. The one or more endpoints host respective principals networked in a distributed operating environment. Detailed security policies for enforcement during exchange of messages between the one or more endpoints are automatically generated from the abstract link description.
摘要翻译: 描述了用于自动生成Web服务的安全策略的系统和方法。 在一个方面,一个或多个端点之间的一个或多个链路用抽象链接描述来描述。 抽象链接描述针对一个或多个链接的每个链接描述与在与链接相关联的一个或多个端点之间的消息交换相关联的一个或多个安全目标。 一个或多个端点托管在分布式操作环境中联网的各个主体。 在一个或多个端点之间的消息交换期间执行的详细的安全策略是从抽象链接描述中自动生成的。
-
公开(公告)号:US20090113534A1
公开(公告)日:2009-04-30
申请号:US11925734
申请日:2007-10-26
CPC分类号: H04L63/08 , G06F21/31 , G06F2221/2103
摘要: A challenge mechanism in which a challenge is issued from one message processor to another. In generating the challenge, the message processor may select any one or more of a number of available interactive challenge types, where each type of challenge type might use different user-originated information. Upon receiving the challenge, the challengee message processor may identify the challenge type based on information provided in the challenge, and perform different actions depending on the challenge type. The challengee message processor then generates an appropriate challenge response, and issues that challenge response to the challenger message processor. The challenger message processor may then validate the challenge response.
摘要翻译: 挑战机制,其中挑战是从一个消息处理器发出到另一个。 在产生挑战时,消息处理器可以选择多个可用的交互式挑战类型中的任何一个或多个,其中每种类型的挑战类型可以使用不同的用户发起的信息。 在接收到挑战时,挑战者消息处理器可以基于挑战中提供的信息识别挑战类型,并根据挑战类型执行不同的动作。 挑战者消息处理器然后生成适当的挑战响应,并且向挑战者消息处理器发出挑战响应。 挑战者消息处理器然后可以验证挑战响应。
-
-
-
-
-
-
-
-
-
搜索结果
104 条记录 (耗时 0.037 秒)
