公开(公告)号：US08407703B1

公开(公告)日：2013-03-26

申请号：US08733997

申请日：1996-10-29

申请人： Donald Fred Ault ,  Ernest Scott Bender ,  Jon Kevin Franks ,  John Arthur Helmbold

发明人： Donald Fred Ault ,  Ernest Scott Bender ,  Jon Kevin Franks ,  John Arthur Helmbold

IPC分类号： G06F9/44

CPC分类号： G06F11/3632 ,  G06F9/485 ,  G06F9/542 ,  G06F2209/543

摘要： In response to the detection of an external event by the first thread, the first thread sends a quiesce event to each additional thread of the application and suspends execution. The quiesce event may be either a suspension event requesting suspension of the additional threads or a termination event requesting termination of the additional threads. Each additional thread, upon receiving the quiesce event, checks its environment to determine whether it is holding any critical system resource. If the additional thread determines that is not holding any critical system resource and that it is therefore safe to quiesce, the additional thread quiesces. Before quiescing, the last additional thread to quiesce resumes the first thread, which is now free to perform critical operations without interference from the additional threads. If the quiesce type is suspension, the first thread resumes the additional threads upon completing its critical operations, whereupon the application resumes its normal operation.

摘要翻译： 响应于第一个线程检测到外部事件，第一个线程向应用程序的每个附加线程发送静默事件并暂停执行。 停顿事件可以是请求暂停附加线程的暂停事件或请求终止附加线程的终止事件。 每个额外的线程在接收到静默事件后，会检查其环境，以确定它是否持有任何关键的系统资源。 如果附加线程确定没有持有任何关键的系统资源，并且因此安静地停顿，则附加线程静止。 在停顿之前，最后一个静态线程恢复了第一个线程，该线程现在可以免费执行关键操作，而不会受到附加线程的干扰。 如果停顿类型是暂停的，则在完成其关键操作时，第一个线程恢复附加线程，于是应用程序恢复正常运行。

公开(公告)号：US5764889A

公开(公告)日：1998-06-09

申请号：US721145

申请日：1996-09-26

申请人： Donald Fred Ault ,  Ernest Scott Bender ,  Michael Gary Spiegel

发明人： Donald Fred Ault ,  Ernest Scott Bender ,  Michael Gary Spiegel

IPC分类号： G06F12/14 ,  G06F9/46 ,  G06F9/48 ,  G06F21/00 ,  G06F21/24 ,  G06F13/00 ,  H04L9/00

CPC分类号： G06F9/468 ,  G06F21/6281

摘要： A method and apparatus for enabling a listening daemon in a client/server system to execute a specified task on behalf of a user. Upon receiving a user request, the listening daemon sets an environment variable in accordance with the user identity specified in the request and issues a system call to the operating system kernel to spawn the user task specified in the request. In response to the system call, the operating system kernel creates a new address space for the specified user task and creates a security environment for the user task in accordance with the environment variable before starting the user task in the new address space.

摘要翻译： 一种使客户机/服务器系统中的监听守护进程能够代表用户执行指定任务的方法和装置。 监听守护程序在接收到用户请求后，根据请求中指定的用户身份设置环境变量，并向操作系统内核发出系统调用，以产生请求中指定的用户任务。 响应于系统调用，操作系统内核为指定的用户任务创建一个新的地址空间，并在新地址空间中启动用户任务之前，根据环境变量为用户任务创建一个安全环境。

公开(公告)号：US06377994B1

公开(公告)日：2002-04-23

申请号：US08632251

申请日：1996-04-15

申请人： Donald Fred Ault ,  John Carr Dayka ,  Eric Charles Finkelstein ,  Richard Henry Guski

发明人： Donald Fred Ault ,  John Carr Dayka ,  Eric Charles Finkelstein ,  Richard Henry Guski

IPC分类号： G06F1516

CPC分类号： H04L63/10 ,  H04L63/1441 ,  Y10S707/99939 ,  Y10S707/99945

摘要： In a client/server system, a method and apparatus for handing requests for access to a host resource purportedly on behalf of a client from an untrusted application server that may be capable of operating as a “rogue” server. Upon receiving a service request from a client, an untrusted application server creates a new thread within its address space for the client and obtains from the security server a client security context, which is anchored to the task control block (TCB) for that thread. The client security context specifies the client and indicates whether the client is an authenticated client or an unauthenticated client. When the application server makes a request for access to a host resource purportedly on behalf of the client, the security server examines the security context created for the requesting thread. If the client security context indicates that the client is an authenticated client, the security server grants access to the host resource if the client specified in the client security context is authorized to make the requested access to the host resource. If the client security context indicates that the client is an authenticated client, the security server grants access to the host resource only if both the client specified in the client security context and the application server are authorized to make the requested access to the host resource.

摘要翻译： 在客户/服务器系统中，一种方法和装置，用于从可能能够作为“流氓”服务器操作的不信任的应用服务器处理代表客户机的代理访问主机资源的请求。 在从客户机接收到服务请求之后，不可信应用服务器在其用于客户端的地址空间内创建一个新线程，并从安全服务器获得锚定到该线程的任务控制块（TCB）的客户端安全上下文。 客户机安全上下文指定客户端，并指示客户端是经过身份验证的客户端还是未经身份验证的客户端。 当应用程序服务器请求访问代表客户端的主机资源时，安全服务器检查为请求的线程创建的安全上下文。 如果客户端安全上下文指示客户端是经过身份验证的客户端，则如果在客户端安全上下文中指定的客户端被授权进行主机资源的请求访问，则安全服务器授予对主机资源的访问权限。 如果客户端安全上下文指示客户端是经过身份验证的客户端，则只有当客户端安全上下文中指定的客户端和应用程序服务器都被授权才能请求访问主机资源时，安全服务器就会授予对主机资源的访问权限。

公开(公告)号：US06289432B1

公开(公告)日：2001-09-11

申请号：US09047733

申请日：1998-03-25

申请人： Donald Fred Ault ,  Harris M. Morgenstern ,  Danny Ray Sutherland

发明人： Donald Fred Ault ,  Harris M. Morgenstern ,  Danny Ray Sutherland

IPC分类号： G06F1202

CPC分类号： G06F12/109

摘要： Segments of storage of a computer system are shared among any number of users at varying virtual addresses. The virtual addresses can be in the same address space or different address spaces. The sharing of a segment of storage is provided by storing the real address of a page table corresponding to the segment of storage to be shared at different virtual addresses. This allows users of the same or different address spaces to share the same segment of storage by referencing the same page table.

摘要翻译： 计算机系统的存储部分在变化的虚拟地址的任何数量的用户之间共享。 虚拟地址可以在相同的地址空间或不同的地址空间中。 通过存储与要在不同虚拟地址共享的存储段相对应的页表的实际地址来提供存储段的共享。 这允许相同或不同的地址空间的用户通过引用相同的页表来共享相同的存储段。