-
公开(公告)号:US20080155642A1
公开(公告)日:2008-06-26
申请号:US11614943
申请日:2006-12-21
申请人: Stefan N. Schackow , Nikhil Kothari
发明人: Stefan N. Schackow , Nikhil Kothari
CPC分类号: G06F21/51
摘要: In one embodiment, a computer system performs a method for accessing a trusted assembly from a virtualized location. A computer system detects receipt of a request to access an assembly. The address of the assembly is expressed in the request as a virtualized location. The computer system resolves the virtualized location to a physical location where the assembly is physically stored. The resolving includes accessing an information store that maintains the current physical location corresponding to the requested assembly's virtualized location. The computer system determines whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly. Lastly, upon determining that the requested assembly is trusted, the computer system accesses the requested assembly from the physical location.
摘要翻译: 在一个实施例中,计算机系统执行从虚拟化位置访问受信任的组件的方法。 计算机系统检测到接收到访问组件的请求。 组件的地址在请求中表示为虚拟化位置。 计算机系统将虚拟化位置解析为物理存储组件的物理位置。 解决包括访问维护与所请求的组件的虚拟化位置相对应的当前物理位置的信息存储。 计算机系统通过验证组件是否充分符合在组件内编码的信息来确定请求的组件是否符合信任的组件。 最后,在确定请求的程序集被信任之后,计算机系统从物理位置访问所请求的程序集。
-
公开(公告)号:US20080155554A1
公开(公告)日:2008-06-26
申请号:US11614945
申请日:2006-12-21
申请人: Nikhil Kothari , Stefan N. Schackow
发明人: Nikhil Kothari , Stefan N. Schackow
IPC分类号: G06F9/46
CPC分类号: G06F8/65 , G06F9/44526 , G06F9/45529 , G06F9/541 , H04L67/34
摘要: Some embodiments are directed to controlling interactions between a host software program and a computer system by providing a managed execution environment running within the host software program. In one embodiment, a computer system integrates a managed execution environment within a host software program. The computer system uses the managed execution environment to interact with one or more features of the host software program. The managed execution environment includes interface controls configured to interface between the computer system and the host software program. The compute system alters one or more of the various software program features based on code that is identified in downloaded content.
摘要翻译: 一些实施例旨在通过提供在主机软件程序内运行的受管执行环境来控制主机软件程序与计算机系统之间的交互。 在一个实施例中,计算机系统将托管执行环境集成在主机软件程序内。 计算机系统使用受管执行环境与主机软件程序的一个或多个特征进行交互。 被管理执行环境包括被配置为在计算机系统和主机软件程序之间进行接口的接口控制。 计算系统基于在下载内容中识别的代码来改变各种软件程序特征中的一个或多个。
-
公开(公告)号:US07870596B2
公开(公告)日:2011-01-11
申请号:US11670135
申请日:2007-02-01
申请人: Stefan N. Schackow , Nikhil Kothari
发明人: Stefan N. Schackow , Nikhil Kothari
摘要: The present invention extends to methods, systems, and computer program products for accessing network resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to network resources at computer systems other than the computer system where the module originated. When network access is permitted, the properties of network request can be adjusted so that security information of the client system and the originating computer system for the module are not divulged. Thus, a module can obtain content for inclusion in a Web page from third party servers in a more secure meaner. Network e access decisions can be made based on ambient data already accessible to a host environment such that network access decisions can be made in a more automated manner.
摘要翻译: 本发明扩展到用于访问安全边界之外的网络资源的方法,系统和计算机程序产品。 本发明可以提供在安全边界内运行的模块(例如沙盒客户端脚本)访问计算机系统以外的计算机系统的网络资源。 当允许网络访问时,可以调整网络请求的属性,使得客户端系统和模块的始发计算机系统的安全信息不被泄露。 因此,模块可以以更安全的方式从第三方服务器获得用于包含在网页中的内容。 可以基于主机环境已经可访问的环境数据来进行网络接入决策,使得可以以更自动化的方式进行网络接入决策。
-
公开(公告)号:US20080189767A1
公开(公告)日:2008-08-07
申请号:US11670142
申请日:2007-02-01
申请人: Nikhil Kothari , Stefan N. Schackow
发明人: Nikhil Kothari , Stefan N. Schackow
IPC分类号: G06F21/22
CPC分类号: G06F21/52
摘要: The present invention extends to methods, systems, and computer program products for accessing file resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to a file outside the security boundary without divulging security information related the file. When file access is permitted, a file stream including relevant portions of the file (and potentially only those portions needed) for performing a requested file operation is generated. The module is returned a reference to file stream to give the module access to the relevant portions of the file. File access decisions can be made based on ambient data already accessible to a host environment such that file access decisions can be made in a more automated manner.
摘要翻译: 本发明扩展到用于访问安全边界外的文件资源的方法,系统和计算机程序产品。 本发明可以提供在安全边界内运行的模块(例如,沙盒客户端脚本)对安全边界外的文件的访问,而不泄漏与文件相关的安全信息。 当允许文件访问时,生成包括用于执行所请求的文件操作的文件的相关部分(并且可能仅仅需要那些部分)的文件流。 该模块返回对文件流的引用,以使模块访问该文件的相关部分。 可以基于主机环境已经可访问的环境数据来进行文件访问决定,使得可以以更自动化的方式进行文件访问决定。
-
公开(公告)号:US20080189757A1
公开(公告)日:2008-08-07
申请号:US11670135
申请日:2007-02-01
申请人: Stefan N. Schackow , Nikhil Kothari
发明人: Stefan N. Schackow , Nikhil Kothari
IPC分类号: G06F21/00
摘要: The present invention extends to methods, systems, and computer program products for accessing network resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to network resources at computer systems other than the computer system where the module originated. When network access is permitted, the properties of network request can be adjusted so that security information of the client system and the originating computer system for the module are not divulged. Thus, a module can obtain content for inclusion in a Web page from third party servers in a more secure meaner. Network e access decisions can be made based on ambient data already accessible to a host environment such that network access decisions can be made in a more automated manner.
摘要翻译: 本发明扩展到用于访问安全边界之外的网络资源的方法,系统和计算机程序产品。 本发明可以提供在安全边界内运行的模块(例如沙盒客户端脚本)访问计算机系统以外的计算机系统的网络资源。 当允许网络访问时,可以调整网络请求的属性,使得客户端系统和模块的始发计算机系统的安全信息不被泄露。 因此,模块可以以更安全的方式从第三方服务器获得用于包含在网页中的内容。 可以基于主机环境已经可访问的环境数据来进行网络接入决策,使得可以以更自动化的方式进行网络接入决策。
-
公开(公告)号:US08584147B2
公开(公告)日:2013-11-12
申请号:US11614945
申请日:2006-12-21
申请人: Nikhil Kothari , Stefan N. Schackow
发明人: Nikhil Kothari , Stefan N. Schackow
IPC分类号: G06F9/54
CPC分类号: G06F8/65 , G06F9/44526 , G06F9/45529 , G06F9/541 , H04L67/34
摘要: Some embodiments are directed to controlling interactions between a host software program and a computer system by providing a managed execution environment running within the host software program. In one embodiment, a computer system integrates a managed execution environment within a host software program. The computer system uses the managed execution environment to interact with one or more features of the host software program. The managed execution environment includes interface controls configured to interface between the computer system and the host software program. The compute system alters one or more of the various software program features based on code that is identified in downloaded content.
-
公开(公告)号:US08006281B2
公开(公告)日:2011-08-23
申请号:US11614943
申请日:2006-12-21
申请人: Stefan N. Schackow , Nikhil Kothari
发明人: Stefan N. Schackow , Nikhil Kothari
CPC分类号: G06F21/51
摘要: In one embodiment, a computer system performs a method for accessing a trusted assembly from a virtualized location. A computer system detects receipt of a request to access an assembly. The address of the assembly is expressed in the request as a virtualized location. The computer system resolves the virtualized location to a physical location where the assembly is physically stored. The resolving includes accessing an information store that maintains the current physical location corresponding to the requested assembly's virtualized location. The computer system determines whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly. Lastly, upon determining that the requested assembly is trusted, the computer system accesses the requested assembly from the physical location.
摘要翻译: 在一个实施例中,计算机系统执行从虚拟化位置访问受信任的组件的方法。 计算机系统检测到接收到访问组件的请求。 组件的地址在请求中表示为虚拟化位置。 计算机系统将虚拟化位置解析为物理存储组件的物理位置。 解决包括访问维护与所请求的组件的虚拟化位置相对应的当前物理位置的信息存储。 计算机系统通过验证组件是否充分符合在组件内编码的信息来确定请求的组件是否符合信任的组件。 最后,在确定请求的程序集被信任之后,计算机系统从物理位置访问所请求的程序集。
-
公开(公告)号:US07869585B2
公开(公告)日:2011-01-11
申请号:US11378711
申请日:2006-03-17
CPC分类号: G06F9/541
摘要: A declarative model for specifying appropriate transformations that may occur at the input and output of each service of a sequence of services that accomplish a more complex task. Each of the services may have access to the appropriate transformation declarations, and may interpret the declarations to thereby be appropriate directed on transforms to occur in its input data and/or output data. In order to change a transformation, the transformation declaration may be altered.
摘要翻译: 用于指定可能发生在完成更复杂任务的服务序列的每个服务的输入和输出的适当变换的声明性模型。 每个服务可以访问适当的转换声明,并且可以解释声明,从而适合于在其输入数据和/或输出数据中发生变换。 为了更改转换,转换声明可能会被更改。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.013 秒)
