Access control subsystem and method for distributed computer system
using locally cached authentication credentials
    1.
    发明授权
    Access control subsystem and method for distributed computer system using locally cached authentication credentials 失效
    使用本地缓存认证凭证的分布式计算机系统的访问控制子系统和方法

    公开(公告)号:US5235642A

    公开(公告)日:1993-08-10

    申请号:US917767

    申请日:1992-07-21

    摘要: A distributed computer system has a number of computers coupled thereto at distinct nodes. The computer at each node of the distributed system has a trusted computing base that includes an authentication agent for authenticating requests received from principals at other nodes in the system. Requests are transmitted to servers as messages that include a first identifier provided by the requester and a second identifier provided by the authentication agent of the requester node. Each server process is provided with a local cache of authentication data that identifies requesters whose previous request messages have been authenticated. When a request is received, the server checks the request's first and second identifiers against the entries in its local cache. If there is a match, then the request is known to be authentic. Otherwise, the server node's authentication agent is called to obtain authentication credentials from the requester's node to authenticate the request message. The principal identifier of the requester and the received credentials are stored in a local cache by the server node's authentication agent. The server process also stores a record in its local cache indicating that request messages from the specified requester are known to be authentic, thereby expediting the process of authenticating received requests.

    Systems and methods for identifying principals to control access to computing resources
    2.
    发明申请
    Systems and methods for identifying principals to control access to computing resources 审中-公开
    用于识别主体以控制对计算资源的访问的系统和方法

    公开(公告)号:US20060265759A1

    公开(公告)日:2006-11-23

    申请号:US11134760

    申请日:2005-05-19

    IPC分类号: H04L9/32

    CPC分类号: G06F21/6218

    摘要: Systems and methods are provided for resource access control in computer systems. Our approach includes new techniques for composing and authenticating principals in an access control system. Our principals may comprise information that identifies the role of the user of a computer system, the mechanism by which the user was authenticated, and program execution history. Thus, when a principal makes a request, access control determinations can be made based on the principal's identity. Access control lists may provide patterns that are used to recognize principals, thereby ensuring a level of security without enumerating precise identifiers for all of the possible principles that may request a particular resource.

    摘要翻译: 为计算机系统中的资源访问控制提供了系统和方法。 我们的方法包括在访问控制系统中组合和验证主体的新技术。 我们的主体可以包括识别计算机系统的用户的角色,用户被认证的机制以及程序执行历史的信息。 因此,当委托人发出请求时,可以基于主体的身份进行访问控制确定。 访问控制列表可以提供用于识别主体的模式,从而确保安全级别,而不需要列举可能请求特定资源的所有可能原则的精确标识符。

    Systems and methods for pattern matching on principal names to control access to computing resources
    3.
    发明申请
    Systems and methods for pattern matching on principal names to control access to computing resources 有权
    用于主体名称上的模式匹配的系统和方法,以控制对计算资源的访问

    公开(公告)号:US20060265754A1

    公开(公告)日:2006-11-23

    申请号:US11133806

    申请日:2005-05-19

    IPC分类号: H04N7/16

    CPC分类号: G06F21/6218

    摘要: Systems and methods are provided for resource access control in computer systems. Our approach includes new techniques for composing and authenticating principals in an access control system. Our principals may comprise information that identifies the role of the user of a computer system, the mechanism by which the user was authenticated, and program execution history. Thus, when a principal makes a request, access control determinations can be made based on the principal's identity. Access control lists may provide patterns that are used to recognize principals, thereby ensuring a level of security without enumerating precise identifiers for all of the possible principles that may request a particular resource.

    摘要翻译: 为计算机系统中的资源访问控制提供了系统和方法。 我们的方法包括在访问控制系统中组合和验证主体的新技术。 我们的主体可以包括识别计算机系统的用户的角色,用户被认证的机制以及程序执行历史的信息。 因此,当委托人发出请求时,可以基于主体的身份进行访问控制确定。 访问控制列表可以提供用于识别主体的模式,从而确保安全级别,而不需要列举可能请求特定资源的所有可能原则的精确标识符。

    System and methods for an overlay disk and cache using portable flash memory
    4.
    发明申请
    System and methods for an overlay disk and cache using portable flash memory 有权
    使用便携式闪存的重叠磁盘和缓存的系统和方法

    公开(公告)号:US20060155930A1

    公开(公告)日:2006-07-13

    申请号:US11059124

    申请日:2005-02-15

    IPC分类号: G06F13/00

    摘要: A lifting and shaping system for a bra is disclosed. The system uses lift platforms shaped to fit into the cups of the bra and formed from thin material such as plastic. The lift platforms are attached to the bra toward the center of the bra. Connectors having one end attached to the lift platform and the other end attached to a slide on the shoulder strap adjust the lift of the lift platform when the slide is moved. Flexible shaping members distribute the lift of the lift platforms and maintain the natural shape of the breasts as they are lifted. Smoothing shields ease the movement of the lift platforms and connectors within the cloth confines of the breast cups. The flexible shaping members may also perform some of the functions of a smoothing shield.

    摘要翻译: 公开了一种用于胸罩的提升和成形系统。 该系统使用升降平台,其形状适合于胸罩杯中,并由诸如塑料的薄材料形成。 电梯平台将胸罩连接到胸罩的中心。 具有一端连接到升降平台的连接器和附接到肩带上的滑块的另一端在滑动件移动时调节升降平台的升程。 柔性成形构件分配升降平台的升降机,并在升起时保持乳房的自然形状。 平滑屏蔽可以缓解胸前布置的升降平台和连接器的运动。 柔性成形构件还可以执行平滑屏蔽的一些功能。

    Cryptographic puzzle cancellation service for deterring bulk electronic mail messages
    5.
    发明申请
    Cryptographic puzzle cancellation service for deterring bulk electronic mail messages 失效
    密码拼图取消服务,用于阻止大量电子邮件

    公开(公告)号:US20050210258A1

    公开(公告)日:2005-09-22

    申请号:US10806020

    申请日:2004-03-22

    摘要: Methods and systems are provided for a cancellation server maintaining a database of identifiers of cryptographic puzzles. A cryptographic puzzle is created from a unique identifier and a timestamp, and is attached to an electronic mail message, along with the puzzle's solution. The recipient verifies that the solution is correct and that the timestamp is current, and further queries the cancellation server with the puzzle identifier. If the identifier does not exist in the database, then the recipient knows the received message is legitimate. If the identifier already appears in the database, the received message can be automatically removed from the recipient's computer.

    摘要翻译: 提供了用于维护密码拼图标识符数据库的取消服务器的方法和系统。 密码拼图是从唯一标识符和时间戳创建的,并附加到电子邮件消息以及拼图的解决方案。 收件人验证解决方案是否正确,并且时间戳是最新的,并且进一步使用拼图标识符查询取消服务器。 如果数据库中不存在标识符,则接收方知道接收到的消息是合法的。 如果标识符已经出现在数据库中,则可以从收件人的计算机中自动删除接收到的消息。

    Flash memory management
    8.
    发明申请
    Flash memory management 审中-公开
    闪存管理

    公开(公告)号:US20070083697A1

    公开(公告)日:2007-04-12

    申请号:US11245919

    申请日:2005-10-07

    IPC分类号: G06F12/00

    CPC分类号: G06F12/0246

    摘要: Flash memory is managed utilizing memory management data structures residing in volatile memory of a flash memory device. The memory management data structures are created and updated each time power is supplied to the memory device. During write operations to the flash memory, specific locations in the flash memory are updated to reflect the current status of the flash memory. When power is interrupted, the memory management data structures are recreated upon reapplication of power. The flash memory is scanned and the information obtained from the specific locations in the flash memory is utilized to construct the memory management data structures. No bad block tables are required. Flash memory is managed to provide relatively good random write performance and to accommodate power interruptions. Applications include the use of flash memory for general purpose computing and devices in which power can fail at any time (due to being unplugged for example).

    摘要翻译: 使用存储在闪速存储器件的易失性存储器中的存储器管理数据结构来管理闪存。 每当向存储器件供电时,创建和更新存储器管理数据结构。 在对闪存的写入操作期间,闪存中的特定位置被更新以反映闪存的当前状态。 当电源中断时,在重新应用电源时重新创建内存管理数据结构。 闪存被扫描,并且利用从闪速存储器中的特定位置获得的信息来构建存储器管理数据结构。 不需要坏块表。 管理闪存以提供相对较好的随机写入性能并适应电源中断。 应用包括使用闪存进行通用计算和其中电源可能在任何时候故障(例如由于拔掉电源)的设备。

    Access control based on program properties
    9.
    发明授权
    Access control based on program properties 有权
    基于程序属性的访问控制

    公开(公告)号:US08239954B2

    公开(公告)日:2012-08-07

    申请号:US11745048

    申请日:2007-05-07

    IPC分类号: H04L29/06

    CPC分类号: H04L63/101 G06F21/6218

    摘要: A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access.

    摘要翻译: 模式匹配访问控制系统基于主体的应用程序的属性确定是否应授予主体访问权限以使用资源。 可以在应用程序加载时调用主体名称,调用其他应用程序(或程序)和/或假定新的角色上下文。 访问是基于每个应用程序,发布者是否被系统策略授权以根据应用程序请求授予特权来提供访问。 当一个委托人请求一个需要该权限的资源时,该资源的访问控制列表(ACL)会被扩展,并通过其发布者授权的应用程序列表来声明该权限。 将扩展的ACL与主体名称进行比较以确定资源访问。

    ACCESS CONTROL BASED ON PROGRAM PROPERTIES
    10.
    发明申请
    ACCESS CONTROL BASED ON PROGRAM PROPERTIES 有权
    基于程序属性的访问控制

    公开(公告)号:US20080282354A1

    公开(公告)日:2008-11-13

    申请号:US11745048

    申请日:2007-05-07

    IPC分类号: H04L9/00

    CPC分类号: H04L63/101 G06F21/6218

    摘要: A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access.

    摘要翻译: 模式匹配访问控制系统基于主体的应用程序的属性确定是否应授予主体访问权限以使用资源。 可以在应用程序加载时调用主体名称,调用其他应用程序(或程序)和/或假定新的角色上下文。 访问是基于每个应用程序,发布者是否被系统策略授权以根据应用程序请求授予特权来提供访问。 当一个委托人请求一个需要该权限的资源时,该资源的访问控制列表(ACL)会被扩展,并通过其发布者授权的应用程序列表来声明该权限。 将扩展的ACL与主体名称进行比较以确定资源访问。