公开(公告)号：US07143165B2

公开(公告)日：2006-11-28

申请号：US10967608

申请日：2004-10-18

申请人： Keith R. Vogel ,  Charlie D. Chase ,  Kelvin S. Yiu ,  Philip J. Hallin ,  Louis K. Thomas

发明人： Keith R. Vogel ,  Charlie D. Chase ,  Kelvin S. Yiu ,  Philip J. Hallin ,  Louis K. Thomas

IPC分类号： G06F15/173

CPC分类号： H04L63/0823 ,  H04L9/3236 ,  H04L9/3265 ,  H04L63/12 ,  H04L63/20 ,  H04L2209/38

摘要： An update process is used to update root certificates in a root certificate store of a client computer, maintaining the integrity of the existing root certificates as well as any new root certificates. In accordance with certain aspects, the integrity of a certificate trust list identifying one or more root certificates is verified. The root certificate store of the client computer is modified in accordance with the certificate trust list if the integrity of the certificate trust list is verified.

摘要翻译： 更新过程用于更新客户端计算机的根证书库中的根证书，维护现有根证书的完整性以及任何新的根证书。 根据某些方面，验证识别一个或多个根证书的证书信任列表的完整性。 如果验证了证书信任列表的完整性，则客户端计算机的根证书存储库将根据证书信任列表进行修改。

公开(公告)号：US07350073B2

公开(公告)日：2008-03-25

申请号：US11278063

申请日：2006-03-30

申请人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

发明人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

IPC分类号： H04L9/00 ,  G06F15/16 ,  G06F21/00

CPC分类号： H04L63/0823 ,  H04L9/3265 ,  H04L9/3268 ,  H04L12/4641 ,  H04L63/0272 ,  H04L2209/56

摘要： A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

摘要翻译： 本文描述了虚拟专用网（VPN）注册协议网关。 协议网关被实现为注册机构，其作为路由器和证书机构之间的中介，允许根据一个协议操作的路由器从根据另一协议操作的证书颁发机构获得和维护VPN的证书。 根据一个方面，网关协议支持来自路由器的各种请求，包括路由器注册请求，获得证书撤销列表请求，获得证书请求，获得证书颁发机构证书请求和密码请求。

公开(公告)号：US07171556B2

公开(公告)日：2007-01-30

申请号：US11134713

申请日：2005-05-20

申请人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

发明人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

IPC分类号： H04L9/00 ,  G06F15/16

CPC分类号： H04L63/0823 ,  H04L9/3265 ,  H04L9/3268 ,  H04L12/4641 ,  H04L63/0272 ,  H04L2209/56

摘要： A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

摘要翻译： 本文描述了虚拟专用网（VPN）注册协议网关。 协议网关被实现为注册机构，其作为路由器和证书机构之间的中介，允许根据一个协议操作的路由器从根据另一协议操作的证书颁发机构获得和维护VPN的证书。 根据一个方面，网关协议支持来自路由器的各种请求，包括路由器注册请求，获得证书撤销列表请求，获得证书请求，获得证书颁发机构证书请求和密码请求。

公开(公告)号：US07100046B2

公开(公告)日：2006-08-29

申请号：US10801333

申请日：2004-03-15

申请人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

发明人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

IPC分类号： H04L9/00 ,  G06F15/16 ,  G06F21/00 ,  H04F9/00 ,  H04L9/32

CPC分类号： H04L63/0823 ,  H04L9/3265 ,  H04L9/3268 ,  H04L12/4641 ,  H04L63/0272 ,  H04L2209/56

摘要： A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

摘要翻译： 本文描述了虚拟专用网（VPN）注册协议网关。 协议网关被实现为注册机构，其作为路由器和证书机构之间的中介，允许根据一个协议操作的路由器从根据另一协议操作的证书颁发机构获得和维护VPN的证书。 根据一个方面，网关协议支持来自路由器的各种请求，包括路由器注册请求，获得证书撤销列表请求，获得证书请求，获得证书颁发机构证书请求和密码请求。

公开(公告)号：US07069441B2

公开(公告)日：2006-06-27

申请号：US10946280

申请日：2004-09-21

申请人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

发明人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  H04L9/3265 ,  H04L9/3268 ,  H04L12/4641 ,  H04L63/0272 ,  H04L2209/56

摘要： A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

公开(公告)号：US06816900B1

公开(公告)日：2004-11-09

申请号：US09542669

申请日：2000-04-04

申请人： Keith R. Vogel ,  Charlie D. Chase ,  Kelvin S. Yiu ,  Philip J. Hallin ,  Louis K. Thomas

发明人： Keith R. Vogel ,  Charlie D. Chase ,  Kelvin S. Yiu ,  Philip J. Hallin ,  Louis K. Thomas

IPC分类号： G06F15173

CPC分类号： H04L63/0823 ,  H04L9/3236 ,  H04L9/3265 ,  H04L63/12 ,  H04L63/20 ,  H04L2209/38

摘要： An update process is used to update root certificates in a root certificate store of a client computer, maintaining the integrity of the existing root certificates as well as any new root certificates. In one embodiment, the root certificate store is updated by adding root certificates to the store, removing root certificates from the store, or modifying usage restrictions of root certificates in the store. A cryptographically signed message including a certificate trust list, as well as any new root certificates to be added to the root certificate store, is accessed by an update root control to update the root certificates in the root certificate store. The update root control verifies the integrity of the message, and thus the integrity of the certificate trust list contained therein. Once such integrity is verified, the update root control proceeds to update the root certificate store in accordance with the information in the certificate trust list. In another embodiment, root certificates in the root certificate store are updated when a World Wide Web web page is accessed by the client. A check is made during the access as to whether the client's root certificate store should be updated (e.g., a new root certificate is needed in order to access the web page). If the store should be updated, then the client is redirected to another web page that hosts the update root control. The update root control executes to update the client's certificate store, and then redirects the client back to the originally requested web page.

摘要翻译： 更新过程用于更新客户端计算机的根证书库中的根证书，维护现有根证书的完整性以及任何新的根证书。 在一个实施例中，通过向存储添加根证书来更新根证书存储，从商店中移除根证书，或修改存储库中根证书的使用限制。 包含证书信任列表以及要添加到根证书存储区的任何新根证书的加密签名消息由更新根控制器访问，以更新根证书存储库中的根证书。 更新根控制验证消息的完整性，从而验证其中包含的证书信任列表的完整性。 一旦验证完整性，更新根控制就会根据证书信任列表中的信息进行更新根证书存储。 在另一个实施例中，当客户端访问万维网网页时，更新根证书存储库中的根证书。 在访问期间检查客户端的根证书存储是否应该被更新（例如，为了访问网页需要新的根证书）。 如果应该更新商店，那么客户端将重定向到另一个托管更新根控制的网页。 执行更新根控制以更新客户端的证书存储，然后将客户端重定向回原来请求的网页。

公开(公告)号：US06978364B1

公开(公告)日：2005-12-20

申请号：US09548257

申请日：2000-04-12

申请人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

发明人： Rudolph Balaz ,  Victor W. Heller ,  Xiaohong Su ,  Keith R. Vogel

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F15/16 ,  H04L9/00 ,  H04L12/28 ,  H04L12/46 ,  H04L29/06

CPC分类号： H04L63/0823 ,  H04L9/3265 ,  H04L9/3268 ,  H04L12/4641 ,  H04L63/0272 ,  H04L2209/56

摘要： A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

摘要翻译： 本文描述了虚拟专用网（VPN）注册协议网关。 协议网关被实现为注册机构，其作为路由器和证书机构之间的中介，允许根据一个协议操作的路由器从根据另一协议操作的证书颁发机构获得和维护VPN的证书。 根据一个方面，网关协议支持来自路由器的各种请求，包括路由器注册请求，获得证书撤销列表请求，获得证书请求，获得证书颁发机构证书请求和密码请求。

公开(公告)号：US06754661B1

公开(公告)日：2004-06-22

申请号：US09511173

申请日：2000-02-22

申请人： Philip J. Hallin ,  Keith R. Vogel ,  Kirt Debique

发明人： Philip J. Hallin ,  Keith R. Vogel ,  Kirt Debique

IPC分类号： G06F700

CPC分类号： G06F21/33 ,  G06F21/32 ,  Y10S707/955 ,  Y10S707/956 ,  Y10S707/99931 ,  Y10S707/99932 ,  Y10S707/99945

摘要： Hierarchical storage systems for holding objects used for evidentiary purposes, and methods of manipulating such systems are described. A logical store is provided and one or more physical stores are associated with and accessible through the logical store. Access to the physical stores can take place through the logical store with a single call to an appropriate application programming interface. Associations within and amongst stores can be define. One particular type of association is a context link which enables one evidentiary object in one physical store to get its context from another evidentiary object in another physical store.

摘要翻译： 描述用于保存用于证明目的的物体的分层存储系统以及操纵这种系统的方法。 提供逻辑存储，并且一个或多个物理存储与逻辑存储相关联并且可通过逻辑存储访问。 可以通过逻辑存储进行物理存储的访问，通过单个调用到适当的应用程序编程接口。 商店内和商店之间的协会可以定义。 一种特定类型的关联是上下文链接，其使一个物理存储中的一个证据对象从另一实体存储中的另一个证据对象获得其上下文。

公开(公告)号：US06405262B1

公开(公告)日：2002-06-11

申请号：US08502376

申请日：1995-07-14

申请人： Keith R. Vogel ,  Richard P. Draves ,  Paul J. Leach

发明人： Keith R. Vogel ,  Richard P. Draves ,  Paul J. Leach

IPC分类号： G06F944

CPC分类号： G06F9/54

摘要： A computer system includes a plurality of client processes executing in respective address spaces and at least one server process executing in a different address space than the client processes. The server process has one or more available server objects for potential use by the client processes. The server objects are accessible by the client processes through a plurality of server object interfaces dynamically created in response to demand for said interfaces by the client processes. The server object interfaces are destroyed when there is no further demand for them. Each object interface can be simultaneously held for use during at least a portion of its lifetime by more than one of the client processes. The computer system further includes one or more client-side ping managers and at least one server-side ping manager. Each client process registers interfaces it is holding for use with an associated client-side ping manager. The server-side ping manager is associated with the server process and stores one or more interface lists indicating server object interfaces held for use by client processes. The server-side ping manager has a ping manager object interface available to the client-side ping managers. Each client-side ping manager accesses the server-side ping manager through the ping manager object interface to maintain an interface list with the server-side ping manager indicating server object interfaces which are registered with the client-side ping manager. Each client-side ping manager monitors whether any of its registered client processes have terminated, and automatically unregisters the interfaces of any such client processes which have terminated. The server-side ping manager notifies the server process of any server object interfaces which are no longer included in the interface lists of the server-side ping manager so that those interfaces can be destroyed.

摘要翻译： 计算机系统包括在相应地址空间中执行的多个客户端进程和在与客户机进程不同的地址空间中执行的至少一个服务器进程。 服务器进程有一个或多个可用的服务器对象供客户端进程潜在使用。 服务器对象可以由客户端进程通过响应客户端进程对所述接口的需求动态创建的多个服务器对象接口来访问。 当没有进一步的需求时，服务器对象接口被破坏。 每个对象接口可以在其多于一个客户端进程的至少一段时间内同时保持使用。 计算机系统还包括一个或多个客户端ping管理器和至少一个服务器端ping管理器。 每个客户端进程都会注册它与相关的客户端ping管理器一起使用的接口。 服务器端ping管理器与服务器进程相关联，并存储一个或多个接口列表，指示服务器对象接口保持供客户端进程使用。 服务器端ping管理器具有可用于客户端ping管理器的ping管理器对象接口。 每个客户端ping管理器通过ping管理器对象接口访问服务器端ping管理器，以维护与服务器端ping管理器的接口列表，该管理员指示客户端ping管理器注册的服务器对象接口。 每个客户端ping管理器监视其注册的客户端进程是否终止，并自动注销已终止的任何此类客户端进程的接口。 服务器端ping管理器通知服务器进程任何不再包含在服务器端ping管理器的接口列表中的服务器对象接口，以便这些接口可以被销毁。