公开(公告)号：US20060070112A1

公开(公告)日：2006-03-30

申请号：US11272639

申请日：2005-11-14

申请人： Brian LaMacchia ,  Loren Kohnfelder ,  Gregory Fee ,  Michael Toutonghi

发明人： Brian LaMacchia ,  Loren Kohnfelder ,  Gregory Fee ,  Michael Toutonghi

IPC分类号： H04L9/00 ,  G06F15/16 ,  G06F17/00 ,  H04K1/00 ,  G06F9/00

CPC分类号： G06F21/52

摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.

摘要翻译： 安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。 策略管理器可以与计算机系统（例如，Web客户机）一起在运行时环境的验证模块和类加载器的组合中执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 还可以与代码组合相关联地接收许可请求集合。 许可请求集可以包括最小请求集，指定代码组件正确运行所需的权限。 许可请求集还可以包括可选的请求集合，指定代码组件请求的许可以提供替代级别的功能。 此外，许可请求集合可以包括垃圾请求集合，指定不被授予代码组件的权限。 权限请求用于过滤权限集以生成权限授予集。

公开(公告)号：US08375443B1

公开(公告)日：2013-02-12

申请号：US13246786

申请日：2011-09-27

申请人： Charles Reis ,  Peter Hallam ,  Loren Kohnfelder

发明人： Charles Reis ,  Peter Hallam ,  Loren Kohnfelder

IPC分类号： G06F11/00

CPC分类号： G06F21/53

摘要： A safe environment is established for running untrusted code in a system whose trusted libraries include native code. Annotations are applied to code in the system libraries to identify safe and unsafe code, and analysis tools reveal whether code outside the system libraries is able to trigger any unsafe behavior.

摘要翻译： 建立了一个安全的环境，用于在受信任的库包括本地代码的系统中运行不受信任的代码。 注释应用于系统库中的代码，以识别安全和不安全的代码，分析工具可以显示系统库外的代码是否能够触发任何不安全的行为。

公开(公告)号：US20070192839A1

公开(公告)日：2007-08-16

申请号：US11736295

申请日：2007-04-17

申请人： Gregory Fee ,  Brian Pratt ,  Sebastian Lange ,  Loren Kohnfelder

发明人： Gregory Fee ,  Brian Pratt ,  Sebastian Lange ,  Loren Kohnfelder

IPC分类号： H04L9/32

CPC分类号： G06F21/6218 ,  G06F21/6209 ,  G06F2221/2141

摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.

摘要翻译： 基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。 策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 策略管理器可以基于所接收的代码组件的证据的子集来确定许可授权集合的子集，以便加速代码组合的处理。 当证据子集不产生期望的许可子集时，策略管理器然后可以对所接收的所有证据进行评估。

公开(公告)号：US20050240943A1

公开(公告)日：2005-10-27

申请号：US11159851

申请日：2005-06-23

申请人： Adam Smith ,  Anthony Moore ,  Brian LaMacchia ,  Anders Hejlsberg ,  Biran Grunkemeyer ,  Caleb Doise ,  Christopher Brumme ,  Christopher Anderson ,  Corina Feuerstein ,  Craig Sinclair ,  Daniel Takacs ,  David Ebbo ,  David Driver ,  David Mortenson ,  Erik Christensen ,  Erik Olson ,  Fabio Yeon ,  Gopala Kakivaya ,  George Fee ,  Hany Ramadan ,  Henry Sanders ,  Jayanth Rajan ,  Jeffrey Cooperstein ,  Jonathan Hawkins ,  James Hogg ,  Joe Long ,  John McConnell ,  Jesus Ruiz-Scougall ,  James Miller ,  Julie Bennett ,  Krzysztof Cwalina ,  Lance Olson ,  Loren Kohnfelder ,  Michael Magruder ,  Manish Prabhu ,  Radu Palanca ,  Raja Krishnaswamy ,  Shawn Burke ,  Sean Trowbridge ,  Seth Demsey ,  Shajan Dasan ,  Stefan Pharies ,  Suzanne Cook ,  Tarun Anand ,  Travis Muhlestein ,  Yann Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

发明人： Adam Smith ,  Anthony Moore ,  Brian LaMacchia ,  Anders Hejlsberg ,  Biran Grunkemeyer ,  Caleb Doise ,  Christopher Brumme ,  Christopher Anderson ,  Corina Feuerstein ,  Craig Sinclair ,  Daniel Takacs ,  David Ebbo ,  David Driver ,  David Mortenson ,  Erik Christensen ,  Erik Olson ,  Fabio Yeon ,  Gopala Kakivaya ,  George Fee ,  Hany Ramadan ,  Henry Sanders ,  Jayanth Rajan ,  Jeffrey Cooperstein ,  Jonathan Hawkins ,  James Hogg ,  Joe Long ,  John McConnell ,  Jesus Ruiz-Scougall ,  James Miller ,  Julie Bennett ,  Krzysztof Cwalina ,  Lance Olson ,  Loren Kohnfelder ,  Michael Magruder ,  Manish Prabhu ,  Radu Palanca ,  Raja Krishnaswamy ,  Shawn Burke ,  Sean Trowbridge ,  Seth Demsey ,  Shajan Dasan ,  Stefan Pharies ,  Suzanne Cook ,  Tarun Anand ,  Travis Muhlestein ,  Yann Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

IPC分类号： G06F9/00 ,  G06F9/44 ,  G06F9/46

CPC分类号： G06F3/00 ,  G06F9/46 ,  G06F9/465 ,  G06F9/541 ,  G06F2209/463

摘要： An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.

摘要翻译： 应用程序接口（API）提供了一组功能，包括一组基本所有应用程序中使用的基类和类型，用于在Microsoft Corporation的.NET（TM）平台上构建Web应用程序的应用程序开发人员。

公开(公告)号：US07779460B2

公开(公告)日：2010-08-17

申请号：US11736295

申请日：2007-04-17

申请人： Gregory D. Fee ,  Brian Pratt ,  Sebastian Lange ,  Loren Kohnfelder

发明人： Gregory D. Fee ,  Brian Pratt ,  Sebastian Lange ,  Loren Kohnfelder

IPC分类号： G06F9/00 ,  G06F17/30

CPC分类号： G06F21/6218 ,  G06F21/6209 ,  G06F2221/2141

摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.

摘要翻译： 基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。 策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 策略管理器可以基于所接收的代码组件的证据的子集来确定许可授权集合的子集，以便加速代码组合的处理。 当证据子集不产生期望的许可子集时，策略管理器然后可以对所接收的所有证据进行评估。

公开(公告)号：US20090320089A1

公开(公告)日：2009-12-24

申请号：US12143666

申请日：2008-06-20

申请人： Matthew G. Lyons ,  Scott R. Shell ,  Yadhu N. Gopalan ,  Neil R. Coles ,  John S. Camilleri ,  Loren Kohnfelder ,  Andrew M. Rogers ,  Sha Viswanathan

发明人： Matthew G. Lyons ,  Scott R. Shell ,  Yadhu N. Gopalan ,  Neil R. Coles ,  John S. Camilleri ,  Loren Kohnfelder ,  Andrew M. Rogers ,  Sha Viswanathan

IPC分类号： G06F21/20

CPC分类号： G06F21/57

摘要： A User Brokered Authorization (UBA) mechanism for policy decisions in a computing device is provided. The authorization mechanism interacts with an authorization layer of the computing device's operating system and enables a determination of whether an authorization decision can be made programmatically or by end user decision based on generalized device policy.

摘要翻译： 提供了一种用于计算设备中策略决策的用户代理授权（UBA）机制。 授权机制与计算设备的操作系统的授权层交互，并且能够基于通用设备策略确定授权决策是可编程地还是通过最终用户决定。

公开(公告)号：US07207064B2

公开(公告)日：2007-04-17

申请号：US10162260

申请日：2002-06-05

申请人： Gregory D. Fee ,  Brian Pratt ,  Sebastian Lange ,  Loren Kohnfelder

发明人： Gregory D. Fee ,  Brian Pratt ,  Sebastian Lange ,  Loren Kohnfelder

IPC分类号： G06F19/00 ,  G06F7/04

CPC分类号： G06F21/6218 ,  G06F21/6209 ,  G06F2221/2141

摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. The policy manager may determine a subset of the permission grant set based on a subset of the received code assembly's evidence, in order to expedite processing of the code assembly. When the evidence subset does not yield the desired permission subset, the policy manager may then perform an evaluation of all evidence received.

摘要翻译： 基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。 策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。 策略管理器可以基于所接收的代码组件的证据的子集来确定许可授权集合的子集，以便加速代码组合的处理。 当证据子集不产生期望的许可子集时，策略管理器然后可以对所接收的所有证据进行评估。

公开(公告)号：US20060037082A1

公开(公告)日：2006-02-16

申请号：US11254839

申请日：2005-10-20

申请人： Brian LaMacchia ,  Loren Kohnfelder ,  Gregory Fee ,  Michael Toutonghi

发明人： Brian LaMacchia ,  Loren Kohnfelder ,  Gregory Fee ,  Michael Toutonghi

IPC分类号： H04L9/32 ,  G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00 ,  H04L9/00 ,  H04N7/16

CPC分类号： G06F21/52

摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.

公开(公告)号：US20050246716A1

公开(公告)日：2005-11-03

申请号：US11159853

申请日：2005-06-23

申请人： Adam Smith ,  Anthony Moore ,  Brian LaMacchia ,  Anders Hejlsberg ,  Brian Grunkemeyer ,  Caleb Doise ,  Christopher Brumme ,  Christopher Anderson ,  Corina Feuerstein ,  Craig Sinclair ,  Daniel Takacs ,  David Ebbo ,  David Driver ,  David Mortenson ,  Erik Christensen ,  Erik Olson ,  Fabio Yeon ,  Gopala Kakivaya ,  Gregory Fee ,  Hany Ramadan ,  Henry Sanders ,  Jayanth Rajan ,  Jeffrey Cooperstein ,  Jonathan Hawkins ,  James Hogg ,  Joe Long ,  John McConnell ,  Jesus Ruiz-Scougall ,  James Miller ,  Julie Bennett ,  Krzysztof Cwalina ,  Lance Olson ,  Loren Kohnfelder ,  Michael Magruder ,  Manish Prabhu ,  Radu Palanca ,  Raja Krishnaswamy ,  Shawn Burke ,  Sean Trowbridge ,  Seth Demsey ,  Shajan Dasan ,  Stefan Pharies ,  Suzanne Cook ,  Tarun Anand ,  Travis Muhlestein ,  Yann Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

发明人： Adam Smith ,  Anthony Moore ,  Brian LaMacchia ,  Anders Hejlsberg ,  Brian Grunkemeyer ,  Caleb Doise ,  Christopher Brumme ,  Christopher Anderson ,  Corina Feuerstein ,  Craig Sinclair ,  Daniel Takacs ,  David Ebbo ,  David Driver ,  David Mortenson ,  Erik Christensen ,  Erik Olson ,  Fabio Yeon ,  Gopala Kakivaya ,  Gregory Fee ,  Hany Ramadan ,  Henry Sanders ,  Jayanth Rajan ,  Jeffrey Cooperstein ,  Jonathan Hawkins ,  James Hogg ,  Joe Long ,  John McConnell ,  Jesus Ruiz-Scougall ,  James Miller ,  Julie Bennett ,  Krzysztof Cwalina ,  Lance Olson ,  Loren Kohnfelder ,  Michael Magruder ,  Manish Prabhu ,  Radu Palanca ,  Raja Krishnaswamy ,  Shawn Burke ,  Sean Trowbridge ,  Seth Demsey ,  Shajan Dasan ,  Stefan Pharies ,  Suzanne Cook ,  Tarun Anand ,  Travis Muhlestein ,  Yann Christensen ,  Yung-shin Lin ,  Ramasamy Krishnaswamy ,  Joseph Roxe ,  Alan Boshier ,  David Bau

IPC分类号： G06F9/00 ,  G06F9/44 ,  G06F9/46

CPC分类号： G06F3/00 ,  G06F9/46 ,  G06F9/465 ,  G06F9/541 ,  G06F2209/463

摘要： An application program interface (API) provides a set of functions, including a set of base classes and types that are used in substantially all applications accessing the API, for application developers who build Web applications on Microsoft Corporation's .NET™ platform.