-
61.发明授权Challenge-based authentication without requiring knowledge of secret authentication data 失效基于挑战的认证,不需要知道秘密认证数据公开(公告)号:US07519815B2
公开(公告)日:2009-04-14
申请号:US10917786
申请日:2004-08-13
CPC分类号: H04L63/0853 , H04L9/3271 , H04L63/0428 , H04L2209/56
摘要: A challenge based authentication mechanism that does not require that the authenticating computing entities be aware of the secret data used for the initial authentication. An authenticator computing entity is to authenticate to the authenticatee computing entity. First, the authenticatee computing entity acquires a challenge from a supplemental authenticatee computing entity. The authenticatee computing entity provides the challenge to the authenticator computing entity, which has a supplemental authenticator computing entity solve the challenge. The authenticator computing entity sends the answer to the authenticatee computing entity, which uses the answer to authenticate the authenticator computing entity.
摘要翻译: 一种基于挑战的认证机制,不要求认证计算实体知道用于初始认证的秘密数据。 认证者计算实体将对认证计算实体进行认证。 首先,认证计算实体从补充认证计算实体获取挑战。 认证计算实体向认证者计算实体提供了挑战,认证者计算实体具有解决挑战的补充认证计算实体。 认证者计算实体将认证方计算实体发送给验证者计算实体,认证方计算实体使用该认证方认证认证者计算实体。
-
公开(公告)号:US07475097B2
公开(公告)日:2009-01-06
申请号:US10996719
申请日:2004-11-24
IPC分类号: G06F17/30
CPC分类号: G06F8/71 , Y10S707/99939 , Y10S707/99942 , Y10S707/99953 , Y10S707/99954
摘要: A configuration management system creates (602) each configuration by assigning a configuration identifier to each configuration. In addition, relational information is computed (706) that indicates the relationships between the configuration and any configurations upon which it is based. The system then tracks (604) changes to files of the configuration by storing information associating each new file version with the configuration identifier. The system also tracks (1210) changes to file properties. A configuration is then reconstructed (608) as of a desired date, by identifying (2104, 2106) the file versions and properties associated with that configuration as of the desired date. A determination is made (2110) whether a user that has requested the file versions has access privileges by first checking a security cache (2600) for the user privileges information. If the information is not on the cache, it is computed from a security table (2800) and stored on the cache. The system automatically compresses (3118) and reconstitutes (3006) file versions that are stored in the version store.
摘要翻译: 配置管理系统通过为每个配置分配配置标识符来创建(602)每个配置。 另外,计算关系信息(706),其指示配置和基于其的任何配置之间的关系。 然后,系统通过存储将每个新文件版本与配置标识符相关联的信息来跟踪(604)对配置文件的更改。 系统还跟踪(1210)文件属性的更改。 然后,通过根据期望日期识别(2104,2106)与该配置相关联的文件版本和属性,从而将所需日期重新构建(608)。 (2110)通过首先检查用户权限信息的安全缓存(2600),确定已请求文件版本的用户是否具有访问权限。 如果信息不在缓存上,则从安全表(2800)计算并存储在缓存中。 系统自动压缩存储在版本存储中的(3118)和重构(3006)文件版本。
-
公开(公告)号:US07451157B2
公开(公告)日:2008-11-11
申请号:US10270440
申请日:2002-10-15
IPC分类号: G06F17/00
CPC分类号: H04L45/34 , H04L45/566 , H04L63/02 , H04L63/04 , H04L63/0428 , H04L63/08 , H04L63/0823 , H04L63/102 , H04L63/104 , H04L63/108 , H04L63/123 , H04L63/126 , H04L67/02 , H04L2463/101 , Y10S707/99942 , Y10S707/99943
摘要: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. Communication of metadata is expedited using hash digests to confirm metadata versions, and by piggybacking policy metadata requests and responses on other substantive data communication messages, thereby dynamically altering future communications.
摘要翻译: 提供了传达对象元数据的方法,系统和数据结构。 提出了一个通用的元数据容器,允许使用协议中立和平台无关的方法以可扩展的方式描述对象元数据。 元数据范围是指所包含的元数据语句对应的目标的动态范围。 元数据属性提供了一种描述元数据本身的机制,并且可以使用元数据安全性来确保发送和接收真实的元数据。 还提供了机制来允许细化和替换元数据语句。 通过使用散列摘要来确认元数据版本,并通过捎带政策元数据请求和对其他实质性数据通信消息的响应来加速元数据的通信,从而动态地改变将来的通信。
-
公开(公告)号:US07447785B2
公开(公告)日:2008-11-04
申请号:US10403857
申请日:2003-03-31
申请人: Christopher G. Kaler , Erik B. Christensen , Giovanni M. Della-Libera , John P. Shewchuk , Stephen J. Millet , Steven E. Lucco
发明人: Christopher G. Kaler , Erik B. Christensen , Giovanni M. Della-Libera , John P. Shewchuk , Stephen J. Millet , Steven E. Lucco
IPC分类号: G06F15/16
CPC分类号: H04L63/102 , H04L67/327 , H04L69/329 , H04L2463/102
摘要: A network site often provides multiple offerings, each having their own context. The complete context for one of the offerings is stored. That complete context represents a root node in a hierarchical tree of context nodes, each node representing the context information for one or more of the offerings. Each node in the tree includes a reference to its parent node, and then a description of incremental changes to the context information as compared to the context information from the parent node. Accordingly, the context information for a particular node in the tree may be obtained by combining the complete context for the root node offering with incremental changes described in other nodes in the ancestral chain that leads from the particular offering to the root offering.
摘要翻译: 网络站点通常提供多个产品,每个产品都有自己的上下文。 存储其中一个产品的完整上下文。 该完整上下文表示上下文节点的分层树中的根节点,每个节点表示一个或多个提供的上下文信息。 树中的每个节点都包含对其父节点的引用,然后是与父节点的上下文信息相比较,对上下文信息的增量更改的描述。 因此,可以通过将根节点提供的完整上下文与从特定产品引导到根产品的祖先链中的其他节点中描述的增量变化相结合来获得树中的特定节点的上下文信息。
-
65.发明授权Client-server communications system and method using a semi-connectionless protocol 有权客户端 - 服务器通信系统和使用半连接协议的方法公开(公告)号:US07406523B1
公开(公告)日:2008-07-29
申请号:US09717674
申请日:2000-11-21
IPC分类号: G06F15/16
CPC分类号: H04L67/14
摘要: A system and method for performing client-server transactions includes an application interface, located at a client, which manages connections between the client and a server. The application interface receives a request from an application program, opens a connection with the server, sends a message that includes the request over the connection, and holds the connection open for at least a timeout period. If the application interface receives another request destined for the server during the timeout period, it sends another message with the new request over the open connection. If the application interface receives one or more requests that are part of a transaction, the application interface assigns a transaction identifier to the transaction. The transaction identifier and a sequence indicator are included in each message with each request. At the server, a transaction manager receives the messages, sequences the requests based on the sequence indicators, and processes the requests in the indicated sequence. If the application interface receives a redirect request from the server in response to a message, the application interface sends the message to another server identified in the redirect request without involving the client application.
摘要翻译: 用于执行客户机 - 服务器事务的系统和方法包括位于客户机处的应用接口,其管理客户端与服务器之间的连接。 应用程序接口从应用程序接收请求,打开与服务器的连接,通过连接发送包含请求的消息,并将连接保持至少一个超时时间。 如果应用程序接口在超时期间收到发往服务器的其他请求,则通过打开的连接发送带有新请求的另一个消息。 如果应用程序接口接收到作为事务一部分的一个或多个请求,则应用程序接口为事务分配事务标识符。 交易标识符和序列指示符包含在每个消息中,每个请求。 在服务器处,事务管理器接收消息,根据顺序指示符对请求进行排序,并按指示的顺序处理请求。 如果应用程序接口响应于消息从服务器接收到重定向请求,则应用程序接口将消息发送到重定向请求中标识的另一个服务器,而不涉及客户端应用程序。
-
公开(公告)号:US20080083009A1
公开(公告)日:2008-04-03
申请号:US11537029
申请日:2006-09-29
IPC分类号: H04L9/00
CPC分类号: H04L63/20
摘要: Communicating and requesting specialized policy information. A message is sent by a client to a service which provides the services requested by the message or a specialized processor that evaluates messages. The message is evaluated for compliance with a policy particular to the message. If the message does not comply with a policy particular to the message, policy information is sent, where the policy information indicates the correct policy particular to the message. In one embodiment, if the message complies with a policy particular to the message, policy information is sent, where the policy information indicates that the message complies with a policy particular to the message.
摘要翻译: 沟通和请求专门的政策信息。 消息由客户端发送到提供消息请求的服务或评估消息的专用处理器的服务。 评估消息是否符合消息特有的策略。 如果消息不符合消息特有的策略,则发送策略信息,其中策略信息指示消息特有的正确策略。 在一个实施例中,如果消息符合消息特有的策略,则发送策略信息,其中策略信息指示消息符合消息的特定策略。
-
公开(公告)号:US20080082638A1
公开(公告)日:2008-04-03
申请号:US11537019
申请日:2006-09-29
IPC分类号: G06F15/177 , G06F15/173 , G06F15/16
CPC分类号: H04L63/0807
摘要: Providing reference tokens. A method includes receiving a request for a token. In response to the request for a token and in place of a token, one or more rich pointers are sent referencing one or more tokens. The rich pointers point to locations where one or more actual tokens can be retrieved. When only a single pointer is sent, the pointer is a reference other than an HTTP URL.
摘要翻译: 提供引用令牌。 一种方法包括接收对令牌的请求。 响应于令牌的请求并代替令牌,发送一个或多个富指针,引用一个或多个令牌。 丰富的指针指向可以检索一个或多个实际令牌的位置。 当只发送一个指针时,该指针是HTTP URL以外的引用。
-
公开(公告)号:US20080080529A1
公开(公告)日:2008-04-03
申请号:US11536955
申请日:2006-09-29
申请人: Christopher G. Kaler
发明人: Christopher G. Kaler
IPC分类号: H04L12/56
CPC分类号: H04L67/104 , H04L67/1002 , H04L67/1059 , H04L67/108
摘要: Multiple peer groups for performing computing, communication, and/or storage tasks. A method may be performed for example, in a computing environment including one or more agents networked together. The method includes providing data to the agents using two or more distinct peer groups. The peer groups include members from among the agents. The method further includes performing at each of the peer groups operations on the data. Each peer group is configured to perform a specific operation. The method also includes coordinating the operations at each of the peer groups such that a common computing, communication and/or storage task is accomplished by aggregating the operations at each of the peer groups.
-
公开(公告)号:US07313687B2
公开(公告)日:2007-12-25
申请号:US10340694
申请日:2003-01-10
IPC分类号: H04L9/00
CPC分类号: H04L67/34 , H04L29/06 , H04L63/12 , H04L67/327 , H04L69/329
摘要: A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.
摘要翻译: 第一消息处理器处的第一应用层识别上下文信息的第一部分。 第二消息处理器接收上下文信息的第一部分。 第二消息处理器处的第二应用层识别上下文信息的第二部分。 第二消息处理器发送上下文信息的第二部分以及从上下文信息的第一和第二部分创建的第一数字签名。 第一消息处理器接收上下文信息和第一数字签名的第二部分。 第一消息处理器将从上下文信息的第一和第二部分创建的第二数字签名发送到第二消息处理器。 如果第一和第二数字签名都被认证,则可以在第一和第二应用层之间建立安全上下文。
-
公开(公告)号:US20070294743A1
公开(公告)日:2007-12-20
申请号:US11424415
申请日:2006-06-15
IPC分类号: H04L9/00
CPC分类号: G06F21/6218
摘要: The present invention extends to methods, systems, and computer program products for selecting policy for compatible communication. Hierarchical policy document data structures represent communication (e.g., security) aspects and options such that lower aspects and options are accessed in the context of corresponding higher aspects and options to define applicable scope. Use of a hierarchical description also facilitates separation of what is being protected from how it is being protected thereby allowing security policy to be considered at different locations of a description document.
摘要翻译: 本发明扩展到用于选择兼容通信的策略的方法,系统和计算机程序产品。 分级政策文件数据结构表示通信(例如,安全性)方面和选项,使得在对应的较高方面和选项的上下文中访问较低方面和选项以定义适用范围。 使用分层描述还有助于将被保护的内容与被保护的内容进行分离,从而允许在描述文档的不同位置处考虑安全策略。
-
-
-
-
-
-
-
-
-
搜索结果
104 条记录 (耗时 0.032 秒)