-
公开(公告)号:US08015204B2
公开(公告)日:2011-09-06
申请号:US10270441
申请日:2002-10-15
IPC分类号: G06F17/30
CPC分类号: H04L63/126 , G06F21/6218 , G06F2221/2141 , H04L45/34 , H04L45/566 , H04L63/04 , H04L63/0428 , H04L63/08 , H04L63/102 , H04L63/123 , H04L67/02 , Y10S707/99939
摘要: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.
摘要翻译: 提供了传达对象元数据的方法,系统和数据结构。 提出了一个通用的元数据容器,允许使用协议中立和平台无关的方法以可扩展的方式描述对象元数据。 元数据范围是指所包含的元数据语句对应的目标的动态范围。 元数据属性提供了一种描述元数据本身的机制,并且可以使用元数据安全性来确保发送和接收真实的元数据。 还提供了机制来允许细化和替换元数据语句。 通用元数据容器可以被适配成动态地定义一系列用户对一系列对象的访问控制权限,包括授权和被拒绝的访问权限。
-
公开(公告)号:US07949758B2
公开(公告)日:2011-05-24
申请号:US10371048
申请日:2003-02-20
申请人: Christopher G. Kaler
发明人: Christopher G. Kaler
IPC分类号: G06F15/16 , G06F9/46 , G06Q10/00 , G06Q40/00 , G05B19/418
CPC分类号: H04L67/34 , G06Q40/04 , H04L69/24 , H04L69/32 , Y02P90/265
摘要: An initiating application layer and at an initiating message processor identifies offer information for negotiating an application layer agreement such as, for example, the communication properties of a communication channel, with one or more other message processors. The initiating message processor sends a schema-based offer including the offer information to the one or more other message processors. A receiving application layer at a receiving message processor receives the schema-based offer. In response, a receiving application layer at the receiving message processor identifies response information, such as, for example, indicating an acceptance, a rejection or a counter offer to the schema-based offer, for negotiating the application layer agreement. The receiving message processor sends a schema-based response including the response information to the initiating message processor. Negotiations continue until an application layer agreement is reached or until one of the application layers rejects further negotiations.
摘要翻译: 发起应用层和起始消息处理器识别与一个或多个其他消息处理器协商应用层协议(例如通信信道的通信属性)的报价信息。 发起消息处理器向一个或多个其他消息处理器发送包括提供信息的基于模式的报价。 在接收消息处理器处的接收应用层接收基于模式的报价。 作为响应,在接收消息处理器处的接收应用层识别响应信息,例如指示对基于模式的报价的接受,拒绝或反向提供,用于协商应用层协议。 接收消息处理器将包括响应信息的基于模式的响应发送到发起消息处理器。 谈判继续进行,直到达成应用层协议,或者直到其中一个应用层拒绝进一步的协商。
-
公开(公告)号:US07730094B2
公开(公告)日:2010-06-01
申请号:US11207034
申请日:2005-08-19
IPC分类号: G06F17/30
CPC分类号: H04L63/126 , G06F21/6218 , G06F2221/2141 , H04L45/34 , H04L45/566 , H04L63/04 , H04L63/0428 , H04L63/08 , H04L63/102 , H04L63/123 , H04L67/02 , Y10S707/99939
摘要: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.
摘要翻译: 提供了传达对象元数据的方法,系统和数据结构。 提出了一个通用的元数据容器,允许使用协议中立和平台无关的方法以可扩展的方式描述对象元数据。 元数据范围是指所包含的元数据语句对应的目标的动态范围。 元数据属性提供了一种描述元数据本身的机制,并且可以使用元数据安全性来确保发送和接收真实的元数据。 还提供了机制来允许细化和替换元数据语句。 通用元数据容器可以被适配成动态地定义一系列用户对一系列对象的访问控制权限,包括授权和被拒绝的访问权限。
-
公开(公告)号:US07707637B2
公开(公告)日:2010-04-27
申请号:US12058156
申请日:2008-03-28
CPC分类号: G06F21/554
摘要: A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.
摘要翻译: 提供了一种用于管理分布式系统中的安全威胁的方法和系统。 系统的分布式元素会将威胁管理代理的可疑活动检测并报告。 威胁管理代理确定攻击是否发生,并在攻击确定发生时部署对攻击的对策。 还提供另一种方法和系统来管理分布式系统中的安全威胁。 威胁管理代理审查报告了可疑活动,包括从系统的至少一个分布式元素报告的可疑活动,根据报告确定是否发生攻击的模式特征,并预测何时可能发生下一次攻击。 基于预测发生下一次攻击的时间窗口,针对预测的下一次攻击的对策部署。
-
65.发明授权公开(公告)号:US07657745B2
公开(公告)日:2010-02-02
申请号:US10988875
申请日:2004-11-15
CPC分类号: H04L9/3271 , G06Q20/382 , H04L63/0428 , H04L63/0853 , H04L2209/56
摘要: A secure electronic transfer mechanism that does not require that the computing entities that are parties to the transaction be aware of the secret data used to secure the transfer. A transferring computing entity provides a request from a billing agent computing entity to transfer the electronically transferable item to a computing entity. The billing agent computing entity responds to the request by providing approval data to the second computing entity, the approval data being encrypted using secret data known to the billing agent computing entity and a supplemental computing entity associated with the transferee computing entity, but not to the transferring and transferee computing entity. The approval is provided to the supplemental computing entity, which then credits the transferee account.
摘要翻译: 一种安全的电子传输机制,不要求交易方的计算实体知道用于确保传输的秘密数据。 转移计算实体提供来自计费代理计算实体的请求以将电子可转移项转移到计算实体。 计费代理计算实体通过向第二计算实体提供批准数据来响应该请求,所述批准数据使用计费代理计算实体已知的秘密数据和与受让人计算实体相关联的补充计算实体进行加密,但不对 转移和受让计算实体。 批准提供给补充计算实体,然后补充计算实体将受让人账户记入账户。
-
公开(公告)号:US07631298B2
公开(公告)日:2009-12-08
申请号:US11171768
申请日:2005-06-30
IPC分类号: G06F9/44
CPC分类号: A61M5/1689 , A61M2205/3306 , G06F8/20
摘要: A software-development system or versioning system has a collection of modules for performing individual development functions such as document editing, keyword processing, and private-copy management. Each module has an interface compatible with that of the others, so that modules can be added to or substituted for the original modules, if the new modules conform to the interface. The architecture of this system supports the performance of development actions such as document merging and keyword expansion at any location within the system. The system operates upon documents and files as objects in an object space, rather than in name spaces.
摘要翻译: 软件开发系统或版本控制系统具有用于执行诸如文档编辑,关键词处理和私人副本管理之类的个人开发功能的模块集合。 每个模块都具有与其他模块兼容的接口,因此如果新模块符合接口,则可以将模块添加到或替代原始模块。 该系统的架构支持系统内任何位置的文档合并和关键字扩展等开发操作的性能。 系统将文档和文件作为对象空间中的对象而不是名称空间进行操作。
-
公开(公告)号:US07559080B2
公开(公告)日:2009-07-07
申请号:US11025375
申请日:2004-12-29
IPC分类号: G06F21/00
CPC分类号: H04L63/08 , H04L63/102 , H04L63/12 , H04L63/20
摘要: Systems and methods for automatically generating security policy for a web service are described. In one aspect, one or more links between one or more endpoints are described with an abstract link description. The abstract link description describes, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link. The one or more endpoints host respective principals networked in a distributed operating environment. Detailed security policies for enforcement during exchange of messages between the one or more endpoints are automatically generated from the abstract link description.
摘要翻译: 描述了用于自动生成Web服务的安全策略的系统和方法。 在一个方面,一个或多个端点之间的一个或多个链路用抽象链接描述来描述。 抽象链接描述针对一个或多个链接的每个链接描述与在与链接相关联的一个或多个端点之间的消息交换相关联的一个或多个安全目标。 一个或多个端点托管在分布式操作环境中联网的各个主体。 在一个或多个端点之间的消息交换期间执行的详细的安全策略是从抽象链接描述中自动生成的。
-
公开(公告)号:US20090113534A1
公开(公告)日:2009-04-30
申请号:US11925734
申请日:2007-10-26
CPC分类号: H04L63/08 , G06F21/31 , G06F2221/2103
摘要: A challenge mechanism in which a challenge is issued from one message processor to another. In generating the challenge, the message processor may select any one or more of a number of available interactive challenge types, where each type of challenge type might use different user-originated information. Upon receiving the challenge, the challengee message processor may identify the challenge type based on information provided in the challenge, and perform different actions depending on the challenge type. The challengee message processor then generates an appropriate challenge response, and issues that challenge response to the challenger message processor. The challenger message processor may then validate the challenge response.
摘要翻译: 挑战机制,其中挑战是从一个消息处理器发出到另一个。 在产生挑战时,消息处理器可以选择多个可用的交互式挑战类型中的任何一个或多个,其中每种类型的挑战类型可以使用不同的用户发起的信息。 在接收到挑战时,挑战者消息处理器可以基于挑战中提供的信息识别挑战类型,并根据挑战类型执行不同的动作。 挑战者消息处理器然后生成适当的挑战响应,并且向挑战者消息处理器发出挑战响应。 挑战者消息处理器然后可以验证挑战响应。
-
公开(公告)号:US07512782B2
公开(公告)日:2009-03-31
申请号:US10218584
申请日:2002-08-15
申请人: Christopher G. Kaler , John P. Shewchuk , Giovanni Moises Della-Libera , Robert George Atkinson
发明人: Christopher G. Kaler , John P. Shewchuk , Giovanni Moises Della-Libera , Robert George Atkinson
摘要: A method and system are provided such that a universal license may be used for authentication and authorization purposes and may include one or more cryptographic keys as well as assertions and related indications of authenticity. In an aspect of the invention, a license may be presented that includes access information, such that authentication and authorization decisions may be made based only on the access information. In other aspects of the invention, rights may be delegated and a trusted party may assert that another party can be trusted.
摘要翻译: 提供了一种方法和系统,使得通用许可证可以用于认证和授权目的,并且可以包括一个或多个密码密钥以及真实性的断言和相关的指示。 在本发明的一个方面,可以呈现包括访问信息的许可证,使得可以仅基于访问信息进行认证和授权决定。 在本发明的其他方面,可以委托权利,并且可信方可以断言另一方可以被信任。
-
公开(公告)号:US07496602B2
公开(公告)日:2009-02-24
申请号:US11325690
申请日:2006-01-04
IPC分类号: G06F17/00
CPC分类号: G06F17/30067 , H04L29/12132 , H04L29/12594 , H04L61/1552 , H04L61/3015 , Y10S707/99931 , Y10S707/99942 , Y10S707/99943 , Y10S707/99944 , Y10S707/99945 , Y10S707/99948
摘要: Implementations of the present invention relate in part to optimizations to peer-to-peer communication systems. For example, one implementation relates to use of a smart transceiver that creates, caches, and manages communication channels dynamically between peers. Another implementation relates to use of a central tracking object that can be used to efficiently register and distribute peer messages among the various peers. In one implementation, the central tracking object is shared amongst peers in the group. Still another implementation relates to associating peer groups with namespaces, and for including peer groups of one namespace within still other peer groups of different namespaces. These and other aspects of the invention can also be used to ensure delivery intent of a given peer message is preserved, and to ensure that optimal numbers of messages are communicated to any given peer at any given time.
摘要翻译: 本发明的实现部分地涉及对等通信系统的优化。 例如,一个实现涉及在对等体之间动态地创建,高速缓存和管理通信信道的智能收发器的使用。 另一实现涉及使用可用于在各个对等体之间有效地注册和分发对等消息的中央跟踪对象。 在一个实现中,中心跟踪对象在组中的对等体之间共享。 另一个实现涉及将对等体组与命名空间相关联,并且用于将不同命名空间的另一个对等体组内的一个命名空间的对等体组包括在内。 本发明的这些和其它方面也可用于确保给定对等体消息的传送意图被保留,并确保在任何给定时间将最佳数量的消息传送给任何给定的对等体。
-
-
-
-
-
-
-
-
-
搜索结果
104 条记录 (耗时 0.062 秒)