-
1.发明授权Specifying a repository for an authentication token in a distributed computing system 有权在分布式计算系统中指定认证令牌的存储库公开(公告)号:US07386877B2
公开(公告)日:2008-06-10
申请号:US10194910
申请日:2002-07-12
CPC分类号: G06F21/31
摘要: One embodiment of the present invention provides a system that facilitates specifying a repository containing authentication information to a plugin in a plugable authentication system. When the system receives a command that requires the repository to be accessed, the system populates a data structure with information including a specifier for the repository. The system passes this data structure into a plugin framework. This enables one or more plugins within the framework to access the specified repository.
摘要翻译: 本发明的一个实施例提供了一种便于在可插入认证系统中向插件指定包含认证信息的存储库的系统。 当系统收到需要访问存储库的命令时,系统将填充包含存储库说明符的信息的数据结构。 系统将此数据结构传递到插件框架中。 这使得框架内的一个或多个插件可以访问指定的存储库。
-
公开(公告)号:US20100031355A1
公开(公告)日:2010-02-04
申请号:US12182790
申请日:2008-07-30
IPC分类号: G06F12/14
摘要: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.
摘要翻译: 用于安全地访问可执行文件对象的方法包括步骤,其中来自目标进程的访问可执行文件对象的请求被操作系统组件接收,并且在允许访问之前检查对象的有效性。 对于无法验证的对象,如果权限上限允许执行该对象,该进程将以权限上限的权限运行。
-
公开(公告)号:US08856938B2
公开(公告)日:2014-10-07
申请号:US12182790
申请日:2008-07-30
摘要: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.
摘要翻译: 用于安全地访问可执行文件对象的方法包括步骤,其中来自目标进程的访问可执行文件对象的请求被操作系统组件接收,并且在允许访问之前检查对象的有效性。 对于无法验证的对象,如果权限上限允许执行该对象,该进程将以权限上限的权限运行。
-
公开(公告)号:US20100070775A1
公开(公告)日:2010-03-18
申请号:US12233331
申请日:2008-09-18
CPC分类号: G06F21/645
摘要: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.
摘要翻译: 一种验证程序执行的方法。 该方法包括从第二计算机系统识别程序,由第一计算机系统从第二计算机系统获得用于文件文件的页面的第一副本,计算第一副本的哈希值,存储第一副本 在第一计算机系统的本地存储器中复制,存储用于第一副本的散列值,以及在第一计算机系统上执行程序,其中在执行程序期间将第一副本从本地存储器中移除。 该方法还包括从第二计算机系统获得页面的第二副本,计算第二副本的散列,确定第一副本的哈希值是否等于第二副本的哈希值,以及执行适当的动作 以此作出回应。
-
公开(公告)号:US08108686B2
公开(公告)日:2012-01-31
申请号:US12233331
申请日:2008-09-18
IPC分类号: G06F21/00
CPC分类号: G06F21/645
摘要: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.
摘要翻译: 一种验证程序执行的方法。 该方法包括从第二计算机系统识别程序,由第一计算机系统从第二计算机系统获得用于文件文件的页面的第一副本,计算第一副本的哈希值,存储第一副本 在第一计算机系统的本地存储器中复制,存储用于第一副本的散列值,以及在第一计算机系统上执行程序,其中在执行程序期间将第一副本从本地存储器中移除。 该方法还包括从第二计算机系统获得页面的第二副本,计算第二副本的散列,确定第一副本的哈希值是否等于第二副本的哈希值,以及执行适当的动作 以此作出回应。
-
公开(公告)号:US07853780B2
公开(公告)日:2010-12-14
申请号:US12183859
申请日:2008-07-31
申请人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
发明人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
IPC分类号: G06F9/445
CPC分类号: G06F21/00 , G06F21/575
摘要: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.
摘要翻译: 启动顺序所必需的文件在执行时被验证。 由于核心引导文件由计算机加载和执行,文件的散列将被创建并扩展到配置寄存器中。 核心操作系统文件由引导加载程序使用数字签名进行验证,用于验证数字签名的公钥被记录在配置寄存器中。 由引导加载程序验证的核心操作系统文件包括哈希值列表,由操作系统用于在执行其他文件时验证其他文件。 通过将配置寄存器的状态与反映寄存器预期状态的先前存储值进行比较来实现系统正确启动的用户保证。 在配置寄存器的状态匹配期望的情况下,由用户先前选择的数据被用户检索和识别。
-
公开(公告)号:US20100031012A1
公开(公告)日:2010-02-04
申请号:US12183859
申请日:2008-07-31
申请人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
发明人: Scott A. Rotondo , Casper H. Dik , Joep J. Vesseur
IPC分类号: G06F12/14 , G06F15/177
CPC分类号: G06F21/00 , G06F21/575
摘要: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.
摘要翻译: 启动顺序所必需的文件在执行时被验证。 由于核心引导文件由计算机加载和执行,文件的散列将被创建并扩展到配置寄存器中。 核心操作系统文件由引导加载程序使用数字签名进行验证,用于验证数字签名的公钥被记录在配置寄存器中。 由引导加载程序验证的核心操作系统文件包括哈希值列表,由操作系统用于在执行其他文件时验证其他文件。 通过将配置寄存器的状态与反映寄存器预期状态的先前存储值进行比较来实现系统正确启动的用户保证。 在配置寄存器的状态匹配期望的情况下,由用户先前选择的数据被用户检索和识别。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.011 秒)
