-
公开(公告)号:US07444509B2
公开(公告)日:2008-10-28
申请号:US10855728
申请日:2004-05-27
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L2209/56 , H04L2209/60
摘要: A method, an apparatus, a system, and a computer program product are presented for validating certificates. A certificate validation service receives a certificate validation request for a target certificate from a client, thereby allowing the client to offload certificate validation tasks into an online certificate validation service that is accessible and sharable by multiple components within a data processing system. In response to a determination that the target certificate is valid or invalid, the certificate validation service sends a certificate validation response with an indicating status value that the target certificate is valid or invalid. The certificate validation service is able to cache information about previously validated certificates and the associated certificate chains, thereby enhancing the efficiency of the service. Different certificate validation policies may be applied against target certificates based upon information associated with the target certificates.
摘要翻译: 提供了验证证书的方法,装置,系统和计算机程序产品。 证书验证服务从客户端接收目标证书的证书验证请求,从而允许客户端将证书验证任务卸载到可由数据处理系统内的多个组件访问和共享的在线证书验证服务。 响应于目标证书有效或无效的确定,证书验证服务发送具有目标证书有效或无效的指示状态值的证书验证响应。 证书验证服务能够缓存有关以前验证的证书和关联的证书链的信息,从而提高服务的效率。 可以根据与目标证书相关的信息,针对目标证书应用不同的证书验证策略。
-
2.发明授权Method and apparatus for time synchronization in a network data processing system 有权网络数据处理系统中时间同步的方法和装置公开(公告)号:US07818562B2
公开(公告)日:2010-10-19
申请号:US12129490
申请日:2008-05-29
申请人: Bruce Arland Rich , Xiaoyan Zhang
发明人: Bruce Arland Rich , Xiaoyan Zhang
CPC分类号: H04L9/3297 , H04J3/0667 , H04L9/083 , H04L9/12
摘要: A method, apparatus, and computer implemented instructions for synchronizing time in a network data processing system. A request for time synchronization is received at a target data processing system. A current target time at the target data processing system is placed in a reply. The reply is sent to the source data processing system. A current source time from when the reply is received at the source data processing system is compared to the current target time to generate a comparison. A synchronization factor is generated using the comparison.
摘要翻译: 一种用于在网络数据处理系统中同步时间的方法,装置和计算机实现的指令。 在目标数据处理系统处接收到时间同步请求。 在目标数据处理系统中的当前目标时间被放置在回复中。 答复发送到源数据处理系统。 从源数据处理系统接收到应答的当前源时间与当前目标时间进行比较以生成比较。 使用比较生成同步因子。
-
公开(公告)号:US08340283B2
公开(公告)日:2012-12-25
申请号:US10881978
申请日:2004-06-30
IPC分类号: H04L29/06
CPC分类号: H04L63/02 , H04L9/006 , H04L9/0825 , H04L9/3213 , H04L9/3247 , H04L9/3268 , H04L63/0807 , H04L63/0823 , H04L2209/76 , H04L2463/062
摘要: A client generates a session key and a delegation ticket containing information for a requested delegation operation. The client generates a first copy of the session key and encrypts it using a public key of a proxy. The client generates a second copy of the session key and encrypts it using a public key of a server. The client then puts the encrypted session keys and delegation ticket into a first message that is sent to the proxy. The proxy extracts and decrypts its copy of the session key from the first message. The proxy then encrypts a proof-of-delegation data item with the session key and places it and the delegation ticket along with the encrypted copy of the session key for the server into a second message, which is sent to the server. The server extracts and decrypts its copy of the session key from the second message and uses the session key to obtain the proof-of-delegation data. Authority is successfully delegated to the proxy only if the server can verify the proof-of-delegation data.
摘要翻译: 客户端生成会话密钥和包含所请求的委派操作的信息的委托票证。 客户端生成会话密钥的第一个副本,并使用代理的公钥对其进行加密。 客户端生成会话密钥的第二个副本,并使用服务器的公钥对其进行加密。 然后,客户端将加密的会话密钥和委派票证放入发送到代理的第一条消息中。 代理从第一条消息中提取并解密会话密钥的副本。 然后,代理使用会话密钥对代理证件数据项进行加密,并将其和委托凭证以及服务器的会话密钥的加密副本一起放入发送到服务器的第二个消息中。 服务器从第二个消息中提取和解密其会话密钥的副本,并使用会话密钥获取授权证明数据。 只有当服务器可以验证授权证明数据时,才将成功委托给代理。
-
4.发明申请Method and Apparatus for Time Synchronization in a Network Data Processing System 有权网络数据处理系统中时间同步的方法与装置公开(公告)号:US20080244094A1
公开(公告)日:2008-10-02
申请号:US12129490
申请日:2008-05-29
申请人: Bruce Arland Rich , Xiaoyan Zhang
发明人: Bruce Arland Rich , Xiaoyan Zhang
IPC分类号: G06F15/177
CPC分类号: H04L9/3297 , H04J3/0667 , H04L9/083 , H04L9/12
摘要: A method, apparatus, and computer implemented instructions for synchronizing time in a network data processing system. A request for time synchronization is received at a target data processing system. A current target time at the target data processing system is placed in a reply. The reply is sent to the source data processing system. A current source time from when the reply is received at the source data processing system is compared to the current target time to generate a comparison. A synchronization factor is generated using the comparison.
摘要翻译: 一种用于在网络数据处理系统中同步时间的方法,装置和计算机实现的指令。 在目标数据处理系统处接收到时间同步请求。 在目标数据处理系统中的当前目标时间被放置在回复中。 答复发送到源数据处理系统。 从源数据处理系统接收到应答的当前源时间与当前目标时间进行比较以生成比较。 使用比较生成同步因子。
-
公开(公告)号:US06910128B1
公开(公告)日:2005-06-21
申请号:US09717524
申请日:2000-11-21
申请人: Donna Skibbie , Anthony Joseph Nadalin , Bruce Arland Rich , Theodore Jack London Shrader , Julianne Yarsa
发明人: Donna Skibbie , Anthony Joseph Nadalin , Bruce Arland Rich , Theodore Jack London Shrader , Julianne Yarsa
CPC分类号: H04L63/126 , G06F21/51 , G06F21/53 , H04L63/0428 , H04L63/20
摘要: A framework for processing signed applets that are distributed over the Internet. Using the framework, an applet that is packaged as a Netscape- or JDK-signed jar file, or as an Internet Explorer-signed cab file, is processed within the same Java runtime environment irrespective of the browser type (i.e. Netscape Communicator, Internet Explorer or JDK) used to execute the applet. When the applet is executed, the framework verifies one or more applet signatures using the same algorithm that was used to sign the applet, verifies the signer(s) of the applet, and stores information about the signers so that they can be honored by a security policy when permissions for the applet are determined.
摘要翻译: 用于处理通过互联网分发的签名小程序的框架。 使用框架,打包为Netscape或JDK签名的jar文件或作为Internet Explorer签名的cab文件的小程序在同一个Java运行时环境中处理,无论浏览器类型如Netscape Communicator,Internet Explorer 或JDK)用于执行小程序。 当小程序被执行时,框架使用用于签署小程序的相同算法验证一个或多个小程序签名,验证小应用程序的签名者,并存储关于签名者的信息,以便它们可被 确定小程序的权限时的安全策略。
-
公开(公告)号:US06473894B1
公开(公告)日:2002-10-29
申请号:US09240959
申请日:1999-01-29
IPC分类号: G06F944
CPC分类号: G06F11/3672 , G06F17/3089
摘要: A test/run program receives as input a list of identifiers for source pages referencing applets to be tested or run. The test/run program creates an array of the identifiers, together with parameters for each identifier, web browser to run the test under, and a number of times the source page is to be reloaded and the applets re-run. For each source page, and for each reload of a given source page, the test/run program starts the specified web browser process, loads the designated source page, and starts a fresh runtime environment for the applet. Support for a test class within the test/run program allows the applets to write success, failure, or informational results to an output file and to exit the web browser process when complete. Where a native implementation of the test class is employed, special security permissions need not be specified and the test/run program need not necessarily be run locally. In exiting the web browser process, the applets write a marker file to indicate that the applet run is complete, which the test/run program detects. Multiple applets may be automatically and repetitively loaded, each with a fresh runtime environment in a new web browser application, for testing of the applets or repeat execution of the applets changing system properties.
摘要翻译: 测试/运行程序作为输入接收引用要测试或运行的小程序的源页面的标识符列表。 测试/运行程序创建一个标识符数组,连同每个标识符的参数,Web浏览器运行测试,以及多次重新加载源页面,并重新运行小程序。 对于每个源页面,并且对于给定源页面的每个重新加载,测试/运行程序启动指定的Web浏览器进程,加载指定的源页面,并为该小程序启动新的运行时环境。 在测试/运行程序中支持测试类允许小程序将成功,失败或信息结果写入输出文件,并在完成时退出Web浏览器进程。 在使用测试类的本地实现的地方,不需要指定特殊的安全权限,并且测试/运行程序不一定必须在本地运行。 在退出Web浏览器进程时,小程序会写入一个标记文件,以指示小程序运行完成,测试/运行程序检测到该文件。 可以自动重复加载多个小应用程序,每个小程序在新的Web浏览器应用程序中具有新的运行时环境,用于测试小程序或重复执行小程序更改系统属性。
-
7.发明授权Method for enabling a program written in untrusted code to interact with a security subsystem of a hosting operating system 失效使用不可信代码编写的程序能够与主机操作系统的安全子系统进行交互的方法公开(公告)号:US07451484B1
公开(公告)日:2008-11-11
申请号:US09321788
申请日:1999-05-27
IPC分类号: G06F12/14
CPC分类号: G06F21/31
摘要: A program written in untrusted code (e.g., JAVA) is enabled to access a native operating system resource (e.g., supported in WINDOWS NT) through a staged login protocol. In operation, a trusted login service listens, e.g., on a named pipe, for requests for login credentials. In response to a login request, the trusted login service requests a native operating system identifier. The native operating system identifier is then sent to the program. Using this identifier, a credential object is then created within an authentication framework. The credential object is then used to login to the native operating system to enable the program to access the resource. This technique enables a JAVA program to access a WINDOWS NT operating system resource under the identity of the user running the JAVA program.
摘要翻译: 使用不可信代码(例如,JAVA)编写的程序能够通过分段登录协议来访问本地操作系统资源(例如,在WINDOWS NT中支持)。 在操作中,信任的登录服务例如在命名管道上侦听用于登录凭证的请求。 响应于登录请求,可信登录服务请求本机操作系统标识符。 然后将本地操作系统标识符发送到程序。 使用此标识符,然后在认证框架内创建凭证对象。 然后,凭证对象用于登录到本机操作系统,以使程序能够访问该资源。 该技术使JAVA程序能够在运行JAVA程序的用户的身份下访问WINDOWS NT操作系统资源。
-
公开(公告)号:US06934840B2
公开(公告)日:2005-08-23
申请号:US09746582
申请日:2000-12-21
CPC分类号: H04L9/3263 , H04L2209/56
摘要: An apparatus and method for managing keystores is implemented. A distributed keystore is established by aggregating individual. The distributed keystore may, be organized in a multi-level structure, which may be associated with an organizational structure of an enterprise, or other predetermined partitioning. Additionally, a centralized management of certificates may be provided, whereby the expiration or revocation of the certificates may be tracked, and expired or revoked certificates may be refreshed. The keystore may be updated in response to one or more update events.
摘要翻译: 实现用于管理密钥库的设备和方法。 分布式密钥库是通过聚合个体建立的。 分布式密钥库可以被组织在可以与企业的组织结构或其他预定分区相关联的多级结构中。 此外,可以提供证书的集中管理,由此可以跟踪证书的到期或撤销,并且可以刷新过期或撤销的证书。 可以响应于一个或多个更新事件来更新密钥库。
-
9.发明授权Web client scripting test architecture for web server-based authentication 失效用于基于Web服务器的认证的Web客户端脚本测试体系结构
公开(公告)号:US06151599A
公开(公告)日:2000-11-21
申请号:US118561
申请日:1998-07-17
申请人: Theodore Jack London Shrader , Michael Bradford Ault , Garry L. Child , Ernst Robert Plassmann , Bruce Arland Rich , Davis Kent Soper
发明人: Theodore Jack London Shrader , Michael Bradford Ault , Garry L. Child , Ernst Robert Plassmann , Bruce Arland Rich , Davis Kent Soper
IPC分类号: G06F21/00 , G06F15/173
CPC分类号: G06F21/577 , G06F21/6218 , Y10S707/99939
摘要: A test page including a statement invoking an executable periodically reloading the test page is placed on a Web server having a security plug-in to be tested. The test page may include multiple frames, each containing a reference requesting access to the same test page or each performing a different testing function. The test page may be placed in a protected directory, may include an attempt to access the contents of a file within a different protected directory, and may include attempts to access protected CGI executables or other programs or modules which may be run on the Web server. A remote browser is employed to attempt to access the test page using the userid and password employed to login to the browser. Successful or unsuccessful access to the test page verifies proper operation of the security plug-in. The test page is automatically reloaded by the browser at a selected interval, and multiple frames or multiple browser instances each accessing the test page results in stress testing of the security plug-in.
摘要翻译: 包括调用可执行程序的语句的测试页面将定期重新加载测试页面放在具有要测试的安全插件的Web服务器上。 测试页可以包括多个帧,每个帧包含请求访问相同测试页面或者每个执行不同测试功能的参考。 测试页面可能被放置在受保护的目录中,可能包括尝试访问不同的受保护目录中的文件的内容,并且可能包括尝试访问受保护的CGI可执行文件或可能在Web服务器上运行的其他程序或模块 。 使用远程浏览器尝试使用用于登录浏览器的用户名和密码访问测试页面。 成功访问或不成功访问测试页验证安全插件的正确操作。 测试页由浏览器以选定的间隔自动重新加载,并且每个访问测试页面的多个框架或多个浏览器实例会导致安全插件的压力测试。
-
10.发明授权Method and apparatus for providing persistent fault-tolerant proxy login to a web-based distributed file service 失效用于向基于Web的分布式文件服务提供持久的容错代理登录的方法和装置
公开(公告)号:US5974566A
公开(公告)日:1999-10-26
申请号:US946077
申请日:1997-10-07
申请人: Michael Bradford Ault , Ernst Robert Plassmann , Bruce Arland Rich , Shaw-Ben Shi , Theodore Jack London Shrader
发明人: Michael Bradford Ault , Ernst Robert Plassmann , Bruce Arland Rich , Shaw-Ben Shi , Theodore Jack London Shrader
摘要: A method of enabling persistent access by a Web server to files stored in a distributed file system of a distributed computing environment that includes a security service. A session manager is used to perform a proxy login to the security service on behalf of the Web server. Persistent operation of the session manager is ensured by periodically spawning new instances of the session manager process. Each new instance preferably initializes itself against a binding file. A prior instance of the session manager is maintained in an active state for at least a period of time during which the new instance of the session manager initializes itself. Upon receipt of a given transaction request from a Web client to the Web server, a determination is made regarding whether a new instance of the session manager process has been spawned while the Web server was otherwise idle. If so, the Web server is re-bound to the new instance of the session manager process so that the new instance of the session manager process can respond to the transaction request.
摘要翻译: 一种使Web服务器能够持久访问存储在包括安全服务的分布式计算环境的分布式文件系统中的文件的方法。 会话管理器用于代表Web服务器执行代理登录到安全服务。 通过定期产生会话管理器进程的新实例来确保会话管理器的持续操作。 每个新实例都优选地针对绑定文件初始化本身。 会话管理器的先前实例被保持在活动状态中至少一段时间,在该时间段期间,会话管理器的新实例自身初始化。 在从Web客户端向Web服务器接收到给定的事务请求时,确定在Web服务器否则空闲时是否已经产生了会话管理器进程的新实例。 如果是,则将Web服务器重新绑定到会话管理器进程的新实例,以便会话管理器进程的新实例可以响应事务请求。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.043 秒)
