-
公开(公告)号:US5761669A
公开(公告)日:1998-06-02
申请号:US534197
申请日:1995-09-26
CPC分类号: H04L29/06 , G06F21/604 , G06F21/6236 , H04L63/101 , H04L63/20 , G06F2221/2101 , G06F2221/2141 , G06F2221/2145 , Y10S707/959 , Y10S707/99944
摘要: A method and system for controlling access to entities on a network on which a plurality of servers are installed that use different operating systems. A request is entered by a user at a workstation on the network to set access permissions to an entity on the network in regard to a trustee. In response to the request, various application programming interfaces (APIs) are called to translate the generic request to set permissions on the entity into a format appropriate for the operating system that controls the entity. Assuming that the user has the appropriate rights to set access permissions to the entity as requested, and assuming that the trustee identified by the user is among those who can have rights set to the entity, the request made by the user is granted. Entities include both "containers" and "objects." Entities are either software, such as directories (containers) and files (objects), or hardware, such as printers (objects).
摘要翻译: 一种用于控制对其上安装有使用不同操作系统的多个服务器的网络上的实体的访问的方法和系统。 用户在网络上的工作站输入请求,以设置关于受信任者对网络上的实体的访问权限。 为响应该请求,调用各种应用程序编程接口(API)来转换通用请求以将该实体的权限设置为适用于控制该实体的操作系统的格式。 假设用户具有根据请求设置对实体的访问许可的适当权限,并且假设用户标识的受信者是可以具有设置到该实体的权限的用户,则授予用户的请求。 实体包括“容器”和“对象”。 实体是软件,如目录(容器)和文件(对象)或硬件,如打印机(对象)。
-
公开(公告)号:US5675782A
公开(公告)日:1997-10-07
申请号:US465990
申请日:1995-06-06
CPC分类号: H04L63/20 , G06F21/604 , G06F21/6236 , H04L29/06 , H04L63/101 , G06F2221/2101 , G06F2221/2141 , G06F2221/2145
摘要: A method and system for controlling access to entities on a network on which a plurality of servers are installed that use different operating systems. A request is entered by a user at a workstation on the network to set access permissions to an entity on the network in regard to a trustee. In response to the request, various application programming interfaces (APIs) are called to translate the generic request to set permissions on the entity into a format appropriate for the operating system that controls the entity. Assuming that the user has the appropriate rights to set access permissions to the entity as requested, and assuming that the trustee identified by the user is among those who can have rights set to the entity, the request made by the user is granted. Entities include both "containers" and "objects." Entities are either software, such as directories (containers) and files (objects), or hardware, such as printers (objects).
摘要翻译: 一种用于控制对其上安装有使用不同操作系统的多个服务器的网络上的实体的访问的方法和系统。 用户在网络上的工作站输入请求,以设置关于受信任者对网络上的实体的访问权限。 为响应该请求,调用各种应用程序编程接口(API)来转换通用请求以将该实体的权限设置为适用于控制该实体的操作系统的格式。 假设用户具有根据请求设置对实体的访问许可的适当权限,并且假设用户标识的受信者是可以具有设置权限的用户之一,则授予用户的请求。 实体包括“容器”和“对象”。 实体是软件,如目录(容器)和文件(对象)或硬件,如打印机(对象)。
-
3.发明授权Method and apparatus for Migrating from a source domain network controller to a target domain network controller 失效从源域网络控制器迁移到目标域网络控制器的方法和装置
公开(公告)号:US5708812A
公开(公告)日:1998-01-13
申请号:US588344
申请日:1996-01-18
CPC分类号: G06F8/00 , Y10S707/99939 , Y10S707/99953
摘要: A method and apparatus are described for facilitating the migration of accounts from a source domain to a target domain in a computer network without affecting the capability of users and services associated with the source domain to access source domain resources after the users' and services' accounts have been migrated to the target domain. Migrating source domain accounts is facilitated by a dual-identity Domain Controller having simultaneous access to replicating mechanisms of both the source domain and the target domain. When accounts are migrated to a directory service of objects for the target domain, the accounts are modified to include security information defining access rights of the migrated accounts within the target domain. Security information relating to an account's access rights in the source domain is preserved in the migrated account stored in the target domain directory service of objects databases.
摘要翻译: 描述了一种方法和装置,用于促进帐户从计算机网络中的源域迁移到目标域,而不影响用户和服务帐户之后的与源域相关联的用户和服务的访问源域资源的能力 已迁移到目标域。 双域身份域控制器可以同时访问源域和目标域的复制机制来促进迁移源域帐户。 当帐户迁移到目标域的对象的目录服务时,会修改帐户以包括定义目标域中已迁移帐户的访问权限的安全信息。 与存储在对象数据库的目标域目录服务中的迁移帐户中保留与源域中帐户访问权限相关的安全信息。
-
4.发明授权Method and apparatus for merging user accounts from a source security domain into a target security domain 失效将用户帐户从源安全域合并到目标安全域中的方法和装置
公开(公告)号:US5768519A
公开(公告)日:1998-06-16
申请号:US587275
申请日:1996-01-18
申请人: Michael M. Swift , Robert Reichel , Pradyumna K. Misra , Michael R.C. Seaman , James William Kelly
发明人: Michael M. Swift , Robert Reichel , Pradyumna K. Misra , Michael R.C. Seaman , James William Kelly
CPC分类号: H04L63/0823 , G06F21/6218 , H04L29/06 , H04L63/101 , H04W12/08 , Y10S707/99939
摘要: A method is provided, in accordance with the present invention, for merging a source domain into a target domain in a network. Merging domains comprises replacing a first account identification for each account associated with the source domain by a second account identification associated with the target domain. Next, in accordance with the present invention, for each account associated with the source domain, the first account identification is added to an account security data structure storing account identifications with which the account has previously been associated when associated with a former, merged domain.
摘要翻译: 根据本发明,提供一种用于将源域合并到网络中的目标域中的方法。 合并域包括通过与目标域相关联的第二帐户标识替换与源域相关联的每个帐户的第一帐户标识。 接下来,根据本发明,对于与源域相关联的每个帐户,将第一帐户标识添加到存储帐户标识的帐户安全数据结构中,该账户标识与前一个合并的域相关联时该帐户先前已经被关联。
-
公开(公告)号:US5649194A
公开(公告)日:1997-07-15
申请号:US459809
申请日:1995-06-02
申请人: Arnold Miller , Yuval Neeman , Aaron M. Contorer , Pradyumna K. Misra , Michael R. C. Seaman , Darryl E. Rubin
发明人: Arnold Miller , Yuval Neeman , Aaron M. Contorer , Pradyumna K. Misra , Michael R. C. Seaman , Darryl E. Rubin
CPC分类号: G06F21/6218 , G06F17/30067 , G06F21/6236 , Y10S707/966 , Y10S707/99939 , Y10S707/99945 , Y10S707/99948
摘要: A software system unifies directory services with the file system. Directory service entries and other files are all stored in a common logical format, such as an object format. The unification of files with directory service entries allows a common set of tools to operate on both such entities and allows a common name space to be utilized. Security measures are taken so as to prevent unauthorized access to the directory service entries.
摘要翻译: 软件系统将目录服务与文件系统进行统一。 目录服务条目和其他文件都以普通逻辑格式存储,例如对象格式。 文件与目录服务条目的统一允许一组通用工具对这两个实体进行操作,并允许使用通用名称空间。 采取安全措施,以防止未经授权的访问目录服务条目。
-
公开(公告)号:US07788678B2
公开(公告)日:2010-08-31
申请号:US11688760
申请日:2007-03-20
申请人: Dave D. Straube , Aaron M. Contorer , Arnold S. Miller , Balan S. Raman , Pradyumna K. Misra , Michael R. C. Seaman
发明人: Dave D. Straube , Aaron M. Contorer , Arnold S. Miller , Balan S. Raman , Pradyumna K. Misra , Michael R. C. Seaman
CPC分类号: G06F9/54 , G06F17/30215
摘要: A system and method for expediting the replication of at least one specified object to a replica in a distributed computer system. A source object of a source replica determines that it has an urgent change to propagate through the distributed system, and informs a replication facility at the source replica of the urgent change. The facility extracts, or is provided with, the change information from that object, and the source replica communicates information representative of the change to a destination replica. A replication facility at the destination replica provides the change information to a destination replica object, which uses the information to make itself consistent with the source replica object.
摘要翻译: 一种用于在分布式计算机系统中加速复制至少一个指定对象到副本的系统和方法。 源副本的源对象确定它具有通过分布式系统传播的紧急更改,并在紧急更改的源副本上通知复制设备。 该设施从该对象提取或提供变更信息,并且源副本将表示该更改的信息传达到目的地副本。 目标副本上的复制工具将更改信息提供给目标副本对象,该对象使用该信息使其自身与源副本对象一致。
-
7.发明授权
公开(公告)号:US5968121A
公开(公告)日:1999-10-19
申请号:US910412
申请日:1997-08-13
申请人: Keith W. Logan , Pradyumna K. Misra , Paul J. Leach , Clifford P. Van Dyke , Dave D. Straube , Arnold S. Miller
发明人: Keith W. Logan , Pradyumna K. Misra , Paul J. Leach , Clifford P. Van Dyke , Dave D. Straube , Arnold S. Miller
CPC分类号: H04L29/12047 , H04L29/12009 , H04L41/0893 , H04L41/12 , H04L61/15 , H04L67/1002 , H04L67/1008 , H04L67/101 , H04L67/1021 , H04L67/16 , H04L67/18 , H04L41/0233 , H04L67/1095 , H04L69/329
摘要: A network directory and naming service include fields for identifying instances of network resources and other objects by both logical and topological grouping. This combination of information facilitates automated efficient decision making with regard to replication of resources and updating the replicas in response to changes. The combination of logical and topological identification for resources also facilitates selection of a close replica in instances where a client requests access to a resource, such as a server, for which communicatively local and remote instances exist.
摘要翻译: 网络目录和命名服务包括用于通过逻辑和拓扑分组来标识网络资源和其他对象的实例的字段。 信息的这种组合促进了关于资源的复制和响应于变化来更新副本的自动化的有效决策。 资源的逻辑和拓扑识别的组合还有助于在客户端请求访问诸如服务器的资源的实例中选择紧密副本,对于通信本地和远程实例存在的资源。
-
公开(公告)号:US5802367A
公开(公告)日:1998-09-01
申请号:US585511
申请日:1996-01-16
申请人: Andrew F. Held , Edward K. Jung , Paul Leach , Pradyumna K. Misra , Richard K. Sailor , Michael R. C. Seaman , Nathaniel S. Brown
发明人: Andrew F. Held , Edward K. Jung , Paul Leach , Pradyumna K. Misra , Richard K. Sailor , Michael R. C. Seaman , Nathaniel S. Brown
CPC分类号: G06F9/4843 , G06F9/445 , G06F9/44521 , G06F9/465 , G06F9/544 , G06F9/547
摘要: A method and system for transparently executing code using a surrogate process is provided. In a preferred embodiment, the underlying system provides a surrogate program that can execute server dynamic-link libraries. When a client program wishes to access an object of a sharable class or a class factory object, the client program requests a service control manager to execute the server code for the sharable class. In response, the service control manager determines from a registration database whether the server code is available in the form of a server executable or a server dynamic-link library. If the server code is implemented as a server dynamic-link library, the service control manager either returns the location of the server dynamic-link library to the client program to be run in the execution context of the client program or the service control manager launches the surrogate program and requests it to load the server dynamic-link library, thereby isolating the server dynamic-link library from the client program execution context. When the surrogate process is launched, the surrogate process loads the requested server dynamic-link library and instantiates class factory objects corresponding to the sharable classes implemented by the server dynamic-link library. In one embodiment, multiple server dynamic-link libraries can be loaded within the same surrogate process. According to this embodiment, when the client program requests access to an object of a sharable class or to a class factory object, the service control manager determines whether the server code that implements the object can be loaded in a surrogate process that is already executing or whether a new surrogate process needs to be launched. Once the server dynamic-link library is loaded in the surrogate process and a reference to a server object returned to the client program, the client program can communicate with the server code in the same manner as if the server code had been loaded into the execution context of the client program.
-
公开(公告)号:US5757920A
公开(公告)日:1998-05-26
申请号:US816386
申请日:1997-03-13
CPC分类号: H04L63/0823 , G06F21/33 , G06F21/6236 , G06Q20/3821 , H04L63/12 , H04L63/0428
摘要: Logon certificates are provided to support disconnected operation within the distributed system. Each logon certificate is a secure package holding credentials information sufficient to establish the identity and rights and privileges for a user/machine in a domain that is not their home domain. When a user/machine attempts to connect to the system at a domain other than the home domain of the user/machine, the user/machine presents a logon certificate that evidences his credentials. The domain where the user/machine attempts to connect to the system, decrypts and unseals the secure package as required to obtain the credentials information contained therein. If the user/machine has sufficient credentials, the user/machine is permitted to connect to the system. If the user/machine lacks sufficient credentials, the user/machine is not permitted to connect to the system.
摘要翻译: 提供登录证书以支持分布式系统中的断开连接操作。 每个登录证书都是一个安全的软件包,其中包含足够的证书信息,可以为不是其归属域的域中的用户/计算机建立身份和权限和权限。 当用户/机器尝试在除用户/机器的归属域之外的域连接到系统时,用户/机器呈现证明其凭证的登录证书。 用户/机器尝试连接到系统的域,根据需要解密和解密安全包,以获取其中包含的凭据信息。 如果用户/机器具有足够的凭证,则允许用户/机器连接到系统。 如果用户/机器缺少足够的凭证,则不允许用户/机器连接到系统。
-
公开(公告)号:US5675787A
公开(公告)日:1997-10-07
申请号:US460137
申请日:1995-06-02
申请人: Arnold Miller , Yuval Neeman , Aaron M. Contorer , Pradyumna K. Misra , Michael R. C. Seaman , Darryl E. Rubin
发明人: Arnold Miller , Yuval Neeman , Aaron M. Contorer , Pradyumna K. Misra , Michael R. C. Seaman , Darryl E. Rubin
CPC分类号: G06F21/6218 , G06F17/30067 , G06F21/6236 , Y10S707/966 , Y10S707/99939 , Y10S707/99945 , Y10S707/99948
摘要: A software system unifies directory services with the file system. Directory service entries and other files are all stored in a common logical format, such as an object format. The unification of files with directory service entries allows a common set of tools to operate on both such entities and allows a common name space to be utilized. Security measures are taken so as to prevent unauthorized access to the directory service entries.
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.029 秒)
