公开(公告)号：US20100242102A1

公开(公告)日：2010-09-23

申请号：US11477160

申请日：2006-06-27

申请人： David B. Cross ,  Paul J. Leach ,  Klaus U. Schutz ,  Robert D. Young ,  Nathan C. Sherman

发明人： David B. Cross ,  Paul J. Leach ,  Klaus U. Schutz ,  Robert D. Young ,  Nathan C. Sherman

IPC分类号： G06F21/00 ,  H04L29/06 ,  H04L9/08

CPC分类号： G06F21/32 ,  G06F21/335 ,  G06Q20/40145 ,  H04L63/0428 ,  H04L63/067 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/126

摘要： Use of a biometric identification device in a client computer system to subsequently access an authentication system includes receiving biometric sample data which is digitally signed and combining the data with a user ID and PIN. This package of data is then securely transmitted to a biometric matching server to validate the user and the biometric sample. Once validated, the biometric matching server return the data package plus a temporary certificate and a public/private key pair to the client computer. The client computer may then use this information to access an authentication system to subsequently gain access to a secure resource.

摘要翻译： 在客户端计算机系统中使用生物识别装置随后访问认证系统包括接收数字签名的生物特征样本数据，并将数据与用户ID和PIN组合。 然后将该数据包安全地传输到生物特征匹配服务器以验证用户和生物特征样本。 一旦验证，生物特征匹配服务器将数据包加上临时证书和公钥/私钥对返回给客户端计算机。 然后，客户端计算机可以使用该信息来访问认证系统以随后获得对安全资源的访问。

公开(公告)号：US20090241193A1

公开(公告)日：2009-09-24

申请号：US12475883

申请日：2009-06-01

申请人： Bhalchandra S. Pandit ,  Praerit Garg ,  Richard B. Ward ,  Paul J. Leach ,  Scott A. Field ,  Robert P. Reichel ,  John E. Brezak

发明人： Bhalchandra S. Pandit ,  Praerit Garg ,  Richard B. Ward ,  Paul J. Leach ,  Scott A. Field ,  Robert P. Reichel ,  John E. Brezak

IPC分类号： G06F21/20 ,  G06F21/22 ,  G06F21/24 ,  G08B23/00 ,  H04K1/00 ,  G06F15/173 ,  G06F21/06

CPC分类号： G06F21/31 ,  G06F2221/2101

摘要： Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

摘要翻译： 提供了改进的入侵检测和/或跟踪方法和系统，用于跨越各种计算设备和网络。 例如，某些方法在每个认证/登录过程期间形成基本唯一的审计标识符。 一种方法包括识别与认证/登录过程相关联的一个或多个基本上唯一的参数并将其加密以形成至少一个审核标识符，然后可以由认证/登录过程中涉及的每个设备生成和记录。 然后可以将生成的审核日志文件与来自其他设备的类似审核日志文件一起审核，以跨多个平台跟踪用户。

公开(公告)号：US07571438B2

公开(公告)日：2009-08-04

申请号：US09909072

申请日：2001-07-18

申请人： Michael B. Jones ,  Paul J. Leach ,  Richard P. Draves, Jr. ,  Joseph S. Barrera, III

发明人： Michael B. Jones ,  Paul J. Leach ,  Richard P. Draves, Jr. ,  Joseph S. Barrera, III

IPC分类号： G06F9/46

CPC分类号： G06F9/5011 ,  G06F2209/5014

摘要： A resource management mechanism is provided to ensure that real-time application programs running on a single machine or set of machines exhibit predictable behavior. The resource management mechanism employs the abstraction of an activity which serves as the basis for granting resource reservations and for accounting. An activity submits a request for resources in specified amounts to a resource planner. The activity is resource self-aware so that it is aware of its resource requirements. The activity may query resource providers to obtain resource requirements for particular operations. The resource planner determines whether the activity should be granted the requested reservation by employing an internal policy. Policy is separated by mechanism so that the resource planner may implement any of a number of policies. The resource planner may choose to grant the reservation to an activity or deny the request by an activity. When denying a request, the resource planner may inform the activity of what quantity of the requested resources are currently available so that the activity may submit a modified request. The resource management mechanism includes a dynamic feedback mechanism for initiating renegotiation of resource reservations when appropriate.

公开(公告)号：US07558846B2

公开(公告)日：2009-07-07

申请号：US11071700

申请日：2005-03-02

申请人： Ye Gu ,  Peter S. Ford ,  Holly Knight ,  Paul J. Leach ,  Yaron Y. Goland

发明人： Ye Gu ,  Peter S. Ford ,  Holly Knight ,  Paul J. Leach ,  Yaron Y. Goland

IPC分类号： G06F15/177 ,  G06F12/00

CPC分类号： H04L67/16 ,  H04L12/2805 ,  H04L12/2809 ,  H04L12/2856 ,  H04L12/2898 ,  H04L12/4633 ,  H04L29/12235 ,  H04L29/1232 ,  H04L29/12594 ,  H04L47/2408 ,  H04L61/2023 ,  H04L61/2092 ,  H04L61/303 ,  H04L67/02 ,  H04L67/025 ,  H04L67/125 ,  H04L67/14 ,  H04L69/329

摘要： A device control model provides an integrated set of addressing, naming, discovery and description processes that enables automatic, dynamic and ad-hoc self-setup by devices to interoperate with other devices on a network. This permits a computing device when introduced into a network to automatically configure so as to connect and interact with other computing devices available on the network, without a user installation experience and without downloading driver software or persisting a configuration setup for connecting and interacting with such other computing devices. Upon completing interaction with such other devices, the computing device automatically releases the setup for such other devices so as to avoid persistent device configurations that might create a configuration maintenance and management burden.

公开(公告)号：US07487230B2

公开(公告)日：2009-02-03

申请号：US10838769

申请日：2004-05-03

申请人： Ye Gu ,  Peter S. Ford ,  Holly Knight ,  Yaron Y. Goland ,  Paul J. Leach

发明人： Ye Gu ,  Peter S. Ford ,  Holly Knight ,  Yaron Y. Goland ,  Paul J. Leach

IPC分类号： G06F15/177 ,  G06F12/00

CPC分类号： H04L67/16 ,  H04L12/2805 ,  H04L12/2809 ,  H04L12/2856 ,  H04L12/2898 ,  H04L12/4633 ,  H04L29/12235 ,  H04L29/1232 ,  H04L29/12594 ,  H04L47/2408 ,  H04L61/2023 ,  H04L61/2092 ,  H04L61/303 ,  H04L67/02 ,  H04L67/025 ,  H04L67/125 ,  H04L67/14 ,  H04L69/329

摘要： A device control model provides an integrated set of addressing, naming, discovery and description processes that enables automatic, dynamic and ad-hoc self-setup by devices to interoperate with other devices on a network. This permits a computing device when introduced into a network to automatically configure so as to connect and interact with other computing devices available on the network, without a user installation experience and without downloading driver software or persisting a configuration setup for connecting and interacting with such other computing devices. Upon completing interaction with such other devices, the computing device automatically releases the setup for such other devices so as to avoid persistent device configurations that might create a configuration maintenance and management burden.

摘要翻译： 设备控制模型提供了一套集成的寻址，命名，发现和描述过程，使设备能够自动，动态和自组织自我设置，以与网络上的其他设备进行互操作。 这允许计算设备被引入到网络中以自动配置以便连接并与网络上可用的其他计算设备进行交互，而无需用户安装体验，并且不下载驱动程序软件或持续配置设置来连接和与其他操作系统进行交互 计算设备。 在完成与这样的其他设备的交互时，计算设备自动释放这些其他设备的设置，以避免可能产生配置维护和管理负担的持续设备配置。

公开(公告)号：US20090007247A1

公开(公告)日：2009-01-01

申请号：US11770677

申请日：2007-06-28

申请人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

发明人： Carl M. Ellison ,  Paul J. Leach ,  Butler W. Lampson ,  Melissa W. Dunn ,  Ravindra N. Pandya ,  Charles W. Kaufman

IPC分类号： G06F21/20 ,  H04L9/32

CPC分类号： H04L63/145 ,  G06F21/445 ,  G06F2221/2115 ,  G06F2221/2129 ,  H04L9/0891 ,  H04L63/0442 ,  H04L63/0823

摘要： The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

摘要翻译： 主题公开涉及域识别系统，其包括具有密钥和经验无意义的标识符的主体，用于识别网络环境中的组件的经典无意义的标识符。 可以通过绑定将符号无意义的标识符绑定到公钥。 组件可以是组件邻域的一部分，并且每个成员组件都知道成员的绑定。

公开(公告)号：US20080307486A1

公开(公告)日：2008-12-11

申请号：US11761170

申请日：2007-06-11

申请人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

发明人： Carl Melvin Ellison ,  Paul J. Leach ,  Butler Wright Lampson ,  Melissa W. Dunn ,  Ravindra Nath Pandya ,  Charles William Kaufman

IPC分类号： G06F17/00 ,  H04L9/32

CPC分类号： H04L9/3231 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/102 ,  H04L2209/56

摘要： The subject disclosure pertains to systems and methods that facilitate entity-based for access management. Typically, access to one or more resources is managed based upon identifiers assigned to entities. Groups of identifiers can be assigned to access rights. An authority component can manage an exclusion group that excludes an entity, regardless of the identifier utilized by the entity. Access control components can utilize exclusion groups in access policies to define access rights to a resource.

摘要翻译： 本发明涉及促进基于实体的访问管理的系统和方法。 通常，基于分配给实体的标识符来管理对一个或多个资源的访问。 标识符组可以分配给访问权限。 权限组件可以管理排除实体的排除组，而不管实体使用的标识符。 访问控制组件可以利用访问策略中的排除组来定义资源的访问权限。

公开(公告)号：US07437434B2

公开(公告)日：2008-10-14

申请号：US10981057

申请日：2004-11-04

申请人： William Michael Zintel ,  Amar S. Gandhi ,  Ye Gu ,  Shyamalan Pather ,  Jeffrey C. Schlimmer ,  Christopher M. Rude ,  Daniel R. Weisman ,  Donald R. Ryan ,  Paul J. Leach ,  Ting Cai ,  Holly N. Knight ,  Peter S. Ford

发明人： William Michael Zintel ,  Amar S. Gandhi ,  Ye Gu ,  Shyamalan Pather ,  Jeffrey C. Schlimmer ,  Christopher M. Rude ,  Daniel R. Weisman ,  Donald R. Ryan ,  Paul J. Leach ,  Ting Cai ,  Holly N. Knight ,  Peter S. Ford

IPC分类号： G06F15/177 ,  G06F12/00

CPC分类号： H04L29/12235 ,  H04L12/2803 ,  H04L12/2805 ,  H04L12/2807 ,  H04L12/2818 ,  H04L12/2856 ,  H04L12/2898 ,  H04L12/4633 ,  H04L29/06 ,  H04L29/0602 ,  H04L29/1232 ,  H04L29/12594 ,  H04L47/2408 ,  H04L61/2023 ,  H04L61/2092 ,  H04L61/30 ,  H04L67/02 ,  H04L67/025 ,  H04L67/125 ,  H04L67/14 ,  H04L67/16 ,  H04L69/329

摘要： A universal plug and play (UPnP) device makes itself known through a set of processes—discovery, description, control, eventing, and presentation. Following discovery of a UPnP device, an entity can learn more about the device and its capabilities by retrieving the device's description. The description includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name, URLs to vendor-specific Web sites, etc. The description also includes a list of any embedded devices or services, as well as URLs for control, eventing, and presentation. The description is written by a vendor, and is usually based on a device template produced by a UPnP forum working committee. The template is derived from a template language that is used to define elements to describe the device and any services supported by the device. The template language is written using an XML-based syntax that organizes and structures the elements.

公开(公告)号：US20080235807A1

公开(公告)日：2008-09-25

申请号：US12131884

申请日：2008-06-02

申请人： David B. Cross ,  Paul J. Leach

发明人： David B. Cross ,  Paul J. Leach

IPC分类号： G06F21/00 ,  H04L9/32

CPC分类号： G06F17/30067

摘要： File system interaction with digital rights management (DRM) is facilitated by enabling one or more file system components to be DRM-aware. These one or more file system components may be part of a computer operating system. An exemplary system implementation includes: one or more processors; and one or more media in operative communication therewith, the media storing one or more file system components that are configured to provide content having DRM controls to a requesting program in either a raw form or a decrypted form in dependence on whether the DRM controls comprise simple DRM content controls or complex DRM content controls. In another exemplary system implementation, the one or more file system components are configured to provide files with simple DRM content controls to requesting applications in a decrypted form and to provide files with complex DRM content controls to requesting applications in an unaltered form.

摘要翻译： 通过使一个或多个文件系统组件成为DRM感知来促进与数字版权管理（DRM）的文件系统交互。 这些一个或多个文件系统组件可以是计算机操作系统的一部分。 示例性系统实现包括：一个或多个处理器; 以及与其操作通信的一个或多个媒体，所述媒体存储一个或多个文件系统组件，其被配置为根据DRM控件是否包括简单的形式，以原始形式或解密形式向请求程序提供具有DRM控制的内容 DRM内容控件或复杂的DRM内容控件。 在另一示例性系统实现中，一个或多个文件系统组件被配置为提供具有简单DRM内容控制的文件，以解密形式来请求应用程序，并且提供具有复杂DRM内容控制的文件以以未改变的形式请求应用程序。

公开(公告)号：US07383586B2

公开(公告)日：2008-06-03

申请号：US10346429

申请日：2003-01-17

申请人： David B. Cross ,  Paul J. Leach

发明人： David B. Cross ,  Paul J. Leach

IPC分类号： H04L9/32

CPC分类号： G06F17/30067

摘要： File system interaction with digital rights management (DRM) is facilitated by enabling one or more file system components to be DRM-aware. These one or more file system components may be part of a computer operating system. An exemplary system implementation includes: one or more processors; and one or more media in operative communication therewith, the media storing one or more file system components that are configured to provide content having DRM controls to a requesting program in either a raw form or a decrypted form in dependence on whether the DRM controls comprise simple DRM content controls or complex DRM content controls. In another exemplary system implementation, the one or more file system components are configured to provide files with simple DRM content controls to requesting applications in a decrypted form and to provide files with complex DRM content controls to requesting applications in an unaltered form.

摘要翻译： 通过使一个或多个文件系统组件成为DRM感知来促进与数字版权管理（DRM）的文件系统交互。 这些一个或多个文件系统组件可以是计算机操作系统的一部分。 示例性系统实现包括：一个或多个处理器; 以及与其操作通信的一个或多个媒体，所述媒体存储一个或多个文件系统组件，其被配置为根据DRM控件是否包括简单的形式，以原始形式或解密形式向请求程序提供具有DRM控制的内容 DRM内容控件或复杂的DRM内容控件。 在另一示例性系统实现中，一个或多个文件系统组件被配置为提供具有简单DRM内容控制的文件，以解密形式来请求应用程序，并且提供具有复杂DRM内容控制的文件以以未改变的形式请求应用程序。