-
1.发明授权Method and apparatus for time synchronization in a network data processing system 有权网络数据处理系统中时间同步的方法和装置公开(公告)号:US07818562B2
公开(公告)日:2010-10-19
申请号:US12129490
申请日:2008-05-29
申请人: Bruce Arland Rich , Xiaoyan Zhang
发明人: Bruce Arland Rich , Xiaoyan Zhang
CPC分类号: H04L9/3297 , H04J3/0667 , H04L9/083 , H04L9/12
摘要: A method, apparatus, and computer implemented instructions for synchronizing time in a network data processing system. A request for time synchronization is received at a target data processing system. A current target time at the target data processing system is placed in a reply. The reply is sent to the source data processing system. A current source time from when the reply is received at the source data processing system is compared to the current target time to generate a comparison. A synchronization factor is generated using the comparison.
摘要翻译: 一种用于在网络数据处理系统中同步时间的方法,装置和计算机实现的指令。 在目标数据处理系统处接收到时间同步请求。 在目标数据处理系统中的当前目标时间被放置在回复中。 答复发送到源数据处理系统。 从源数据处理系统接收到应答的当前源时间与当前目标时间进行比较以生成比较。 使用比较生成同步因子。
-
2.发明授权Method for enabling a program written in untrusted code to interact with a security subsystem of a hosting operating system 失效使用不可信代码编写的程序能够与主机操作系统的安全子系统进行交互的方法公开(公告)号:US07451484B1
公开(公告)日:2008-11-11
申请号:US09321788
申请日:1999-05-27
IPC分类号: G06F12/14
CPC分类号: G06F21/31
摘要: A program written in untrusted code (e.g., JAVA) is enabled to access a native operating system resource (e.g., supported in WINDOWS NT) through a staged login protocol. In operation, a trusted login service listens, e.g., on a named pipe, for requests for login credentials. In response to a login request, the trusted login service requests a native operating system identifier. The native operating system identifier is then sent to the program. Using this identifier, a credential object is then created within an authentication framework. The credential object is then used to login to the native operating system to enable the program to access the resource. This technique enables a JAVA program to access a WINDOWS NT operating system resource under the identity of the user running the JAVA program.
摘要翻译: 使用不可信代码(例如,JAVA)编写的程序能够通过分段登录协议来访问本地操作系统资源(例如,在WINDOWS NT中支持)。 在操作中,信任的登录服务例如在命名管道上侦听用于登录凭证的请求。 响应于登录请求,可信登录服务请求本机操作系统标识符。 然后将本地操作系统标识符发送到程序。 使用此标识符,然后在认证框架内创建凭证对象。 然后,凭证对象用于登录到本机操作系统,以使程序能够访问该资源。 该技术使JAVA程序能够在运行JAVA程序的用户的身份下访问WINDOWS NT操作系统资源。
-
公开(公告)号:US06934840B2
公开(公告)日:2005-08-23
申请号:US09746582
申请日:2000-12-21
CPC分类号: H04L9/3263 , H04L2209/56
摘要: An apparatus and method for managing keystores is implemented. A distributed keystore is established by aggregating individual. The distributed keystore may, be organized in a multi-level structure, which may be associated with an organizational structure of an enterprise, or other predetermined partitioning. Additionally, a centralized management of certificates may be provided, whereby the expiration or revocation of the certificates may be tracked, and expired or revoked certificates may be refreshed. The keystore may be updated in response to one or more update events.
摘要翻译: 实现用于管理密钥库的设备和方法。 分布式密钥库是通过聚合个体建立的。 分布式密钥库可以被组织在可以与企业的组织结构或其他预定分区相关联的多级结构中。 此外,可以提供证书的集中管理,由此可以跟踪证书的到期或撤销,并且可以刷新过期或撤销的证书。 可以响应于一个或多个更新事件来更新密钥库。
-
4.发明授权Web client scripting test architecture for web server-based authentication 失效用于基于Web服务器的认证的Web客户端脚本测试体系结构
公开(公告)号:US06151599A
公开(公告)日:2000-11-21
申请号:US118561
申请日:1998-07-17
申请人: Theodore Jack London Shrader , Michael Bradford Ault , Garry L. Child , Ernst Robert Plassmann , Bruce Arland Rich , Davis Kent Soper
发明人: Theodore Jack London Shrader , Michael Bradford Ault , Garry L. Child , Ernst Robert Plassmann , Bruce Arland Rich , Davis Kent Soper
IPC分类号: G06F21/00 , G06F15/173
CPC分类号: G06F21/577 , G06F21/6218 , Y10S707/99939
摘要: A test page including a statement invoking an executable periodically reloading the test page is placed on a Web server having a security plug-in to be tested. The test page may include multiple frames, each containing a reference requesting access to the same test page or each performing a different testing function. The test page may be placed in a protected directory, may include an attempt to access the contents of a file within a different protected directory, and may include attempts to access protected CGI executables or other programs or modules which may be run on the Web server. A remote browser is employed to attempt to access the test page using the userid and password employed to login to the browser. Successful or unsuccessful access to the test page verifies proper operation of the security plug-in. The test page is automatically reloaded by the browser at a selected interval, and multiple frames or multiple browser instances each accessing the test page results in stress testing of the security plug-in.
摘要翻译: 包括调用可执行程序的语句的测试页面将定期重新加载测试页面放在具有要测试的安全插件的Web服务器上。 测试页可以包括多个帧,每个帧包含请求访问相同测试页面或者每个执行不同测试功能的参考。 测试页面可能被放置在受保护的目录中,可能包括尝试访问不同的受保护目录中的文件的内容,并且可能包括尝试访问受保护的CGI可执行文件或可能在Web服务器上运行的其他程序或模块 。 使用远程浏览器尝试使用用于登录浏览器的用户名和密码访问测试页面。 成功访问或不成功访问测试页验证安全插件的正确操作。 测试页由浏览器以选定的间隔自动重新加载,并且每个访问测试页面的多个框架或多个浏览器实例会导致安全插件的压力测试。
-
5.发明授权Method and apparatus for providing persistent fault-tolerant proxy login to a web-based distributed file service 失效用于向基于Web的分布式文件服务提供持久的容错代理登录的方法和装置
公开(公告)号:US5974566A
公开(公告)日:1999-10-26
申请号:US946077
申请日:1997-10-07
申请人: Michael Bradford Ault , Ernst Robert Plassmann , Bruce Arland Rich , Shaw-Ben Shi , Theodore Jack London Shrader
发明人: Michael Bradford Ault , Ernst Robert Plassmann , Bruce Arland Rich , Shaw-Ben Shi , Theodore Jack London Shrader
摘要: A method of enabling persistent access by a Web server to files stored in a distributed file system of a distributed computing environment that includes a security service. A session manager is used to perform a proxy login to the security service on behalf of the Web server. Persistent operation of the session manager is ensured by periodically spawning new instances of the session manager process. Each new instance preferably initializes itself against a binding file. A prior instance of the session manager is maintained in an active state for at least a period of time during which the new instance of the session manager initializes itself. Upon receipt of a given transaction request from a Web client to the Web server, a determination is made regarding whether a new instance of the session manager process has been spawned while the Web server was otherwise idle. If so, the Web server is re-bound to the new instance of the session manager process so that the new instance of the session manager process can respond to the transaction request.
摘要翻译: 一种使Web服务器能够持久访问存储在包括安全服务的分布式计算环境的分布式文件系统中的文件的方法。 会话管理器用于代表Web服务器执行代理登录到安全服务。 通过定期产生会话管理器进程的新实例来确保会话管理器的持续操作。 每个新实例都优选地针对绑定文件初始化本身。 会话管理器的先前实例被保持在活动状态中至少一段时间,在该时间段期间,会话管理器的新实例自身初始化。 在从Web客户端向Web服务器接收到给定的事务请求时,确定在Web服务器否则空闲时是否已经产生了会话管理器进程的新实例。 如果是,则将Web服务器重新绑定到会话管理器进程的新实例,以便会话管理器进程的新实例可以响应事务请求。
-
公开(公告)号:US07444509B2
公开(公告)日:2008-10-28
申请号:US10855728
申请日:2004-05-27
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L2209/56 , H04L2209/60
摘要: A method, an apparatus, a system, and a computer program product are presented for validating certificates. A certificate validation service receives a certificate validation request for a target certificate from a client, thereby allowing the client to offload certificate validation tasks into an online certificate validation service that is accessible and sharable by multiple components within a data processing system. In response to a determination that the target certificate is valid or invalid, the certificate validation service sends a certificate validation response with an indicating status value that the target certificate is valid or invalid. The certificate validation service is able to cache information about previously validated certificates and the associated certificate chains, thereby enhancing the efficiency of the service. Different certificate validation policies may be applied against target certificates based upon information associated with the target certificates.
摘要翻译: 提供了验证证书的方法,装置,系统和计算机程序产品。 证书验证服务从客户端接收目标证书的证书验证请求,从而允许客户端将证书验证任务卸载到可由数据处理系统内的多个组件访问和共享的在线证书验证服务。 响应于目标证书有效或无效的确定,证书验证服务发送具有目标证书有效或无效的指示状态值的证书验证响应。 证书验证服务能够缓存有关以前验证的证书和关联的证书链的信息,从而提高服务的效率。 可以根据与目标证书相关的信息,针对目标证书应用不同的证书验证策略。
-
公开(公告)号:US06910128B1
公开(公告)日:2005-06-21
申请号:US09717524
申请日:2000-11-21
申请人: Donna Skibbie , Anthony Joseph Nadalin , Bruce Arland Rich , Theodore Jack London Shrader , Julianne Yarsa
发明人: Donna Skibbie , Anthony Joseph Nadalin , Bruce Arland Rich , Theodore Jack London Shrader , Julianne Yarsa
CPC分类号: H04L63/126 , G06F21/51 , G06F21/53 , H04L63/0428 , H04L63/20
摘要: A framework for processing signed applets that are distributed over the Internet. Using the framework, an applet that is packaged as a Netscape- or JDK-signed jar file, or as an Internet Explorer-signed cab file, is processed within the same Java runtime environment irrespective of the browser type (i.e. Netscape Communicator, Internet Explorer or JDK) used to execute the applet. When the applet is executed, the framework verifies one or more applet signatures using the same algorithm that was used to sign the applet, verifies the signer(s) of the applet, and stores information about the signers so that they can be honored by a security policy when permissions for the applet are determined.
摘要翻译: 用于处理通过互联网分发的签名小程序的框架。 使用框架,打包为Netscape或JDK签名的jar文件或作为Internet Explorer签名的cab文件的小程序在同一个Java运行时环境中处理,无论浏览器类型如Netscape Communicator,Internet Explorer 或JDK)用于执行小程序。 当小程序被执行时,框架使用用于签署小程序的相同算法验证一个或多个小程序签名,验证小应用程序的签名者,并存储关于签名者的信息,以便它们可被 确定小程序的权限时的安全策略。
-
公开(公告)号:US06473894B1
公开(公告)日:2002-10-29
申请号:US09240959
申请日:1999-01-29
IPC分类号: G06F944
CPC分类号: G06F11/3672 , G06F17/3089
摘要: A test/run program receives as input a list of identifiers for source pages referencing applets to be tested or run. The test/run program creates an array of the identifiers, together with parameters for each identifier, web browser to run the test under, and a number of times the source page is to be reloaded and the applets re-run. For each source page, and for each reload of a given source page, the test/run program starts the specified web browser process, loads the designated source page, and starts a fresh runtime environment for the applet. Support for a test class within the test/run program allows the applets to write success, failure, or informational results to an output file and to exit the web browser process when complete. Where a native implementation of the test class is employed, special security permissions need not be specified and the test/run program need not necessarily be run locally. In exiting the web browser process, the applets write a marker file to indicate that the applet run is complete, which the test/run program detects. Multiple applets may be automatically and repetitively loaded, each with a fresh runtime environment in a new web browser application, for testing of the applets or repeat execution of the applets changing system properties.
摘要翻译: 测试/运行程序作为输入接收引用要测试或运行的小程序的源页面的标识符列表。 测试/运行程序创建一个标识符数组,连同每个标识符的参数,Web浏览器运行测试,以及多次重新加载源页面,并重新运行小程序。 对于每个源页面,并且对于给定源页面的每个重新加载,测试/运行程序启动指定的Web浏览器进程,加载指定的源页面,并为该小程序启动新的运行时环境。 在测试/运行程序中支持测试类允许小程序将成功,失败或信息结果写入输出文件,并在完成时退出Web浏览器进程。 在使用测试类的本地实现的地方,不需要指定特殊的安全权限,并且测试/运行程序不一定必须在本地运行。 在退出Web浏览器进程时,小程序会写入一个标记文件,以指示小程序运行完成,测试/运行程序检测到该文件。 可以自动重复加载多个小应用程序,每个小程序在新的Web浏览器应用程序中具有新的运行时环境,用于测试小程序或重复执行小程序更改系统属性。
-
9.发明授权Extending credential type to group Key Management Interoperability Protocol (KMIP) clients 有权将凭证类型扩展到组密钥管理互操作性协议(KMIP)客户端公开(公告)号:US08798273B2
公开(公告)日:2014-08-05
申请号:US13213161
申请日:2011-08-19
CPC分类号: H04L9/083 , H04L63/062 , H04L63/0823
摘要: A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.
摘要翻译: 扩展密钥管理协议(如KMIP)以提供扩展凭证类型,以将信息从客户端传递到服务器,以使服务器能够推断出各个客户端的预先配置的加密材料。 优选地,KMIP客户端代码将密码管理服务器的设备信息以流向服务器的KMIP请求的头部的值传送。 以这种方式,KMIP请求与特定设备或设备组的预先配置的加密材料相关联。
-
公开(公告)号:US08387111B2
公开(公告)日:2013-02-26
申请号:US10002439
申请日:2001-11-01
申请人: Lawrence Koved , Anthony Joseph Nadalin , Nataraj Nagaratnam , Marco Pistoia , Bruce Arland Rich
发明人: Lawrence Koved , Anthony Joseph Nadalin , Nataraj Nagaratnam , Marco Pistoia , Bruce Arland Rich
IPC分类号: G06F12/14
CPC分类号: G06F21/53 , G06F2221/2145
摘要: A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.
摘要翻译: 提供了一种用于基于类型独立许可的访问控制的方法和装置。 该方法和装置利用对象继承来提供一种机制,通过该机制,可以将大量的权限组分配给代码源,而不必对代码源明确地分配每个单独的权限。 基本权限或超类权限与继承层级或权限级别中的基本权限之下的继承或子类权限一起定义。 在这样的层次结构中定义了权限之后,开发人员可以为已安装的类分配一个基本权限,从而将基本权限的所有继承的权限分配给已安装的类。 以这种方式,安全提供程序不需要知道应用程序中定义的所有权限类型。 此外,安全提供商可以无缝地集成许多应用程序,而无需更改其访问控制和策略存储语义。 此外,应用程序提供商的安全执行不依赖于安全提供程序定义的权限。 该方法和设备不需要对Java安全管理器进行任何更改,也不需要更改应用程序代码。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.014 秒)
