公开(公告)号：US07809938B2

公开(公告)日：2010-10-05

申请号：US11254545

申请日：2005-10-20

申请人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

发明人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  G06Q20/3676 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2823

摘要： A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

摘要翻译： 提供分布式安全系统。 分布式安全系统使用以政策语言编写的安全策略，该策略语言是传输和安全协议独立的，而与密码技术无关。 该安全策略可以用语言来表示，以创建不同的安全组件，从而实现更大的可扩展性和灵活性。 通过抽象底层协议和技术，可以支持多个环境和平台。

公开(公告)号：US08302149B2

公开(公告)日：2012-10-30

申请号：US11254519

申请日：2005-10-20

申请人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

发明人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  G06Q20/3676 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2823

摘要： A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

摘要翻译： 提供分布式安全系统。 分布式安全系统使用以政策语言编写的安全策略，该策略语言是传输和安全协议独立的，而与密码技术无关。 该安全策略可以用语言来表示，以创建不同的安全组件，从而实现更大的可扩展性和灵活性。 通过抽象底层协议和技术，可以支持多个环境和平台。

公开(公告)号：US07752431B2

公开(公告)日：2010-07-06

申请号：US11254264

申请日：2005-10-20

申请人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

发明人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

IPC分类号： H04L29/06

CPC分类号： H04L63/08 ,  G06Q20/3676 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2823

摘要： A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

公开(公告)号：US07752442B2

公开(公告)日：2010-07-06

申请号：US11254539

申请日：2005-10-20

申请人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Luocco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

发明人： Giovanni M. Della-Libera ,  Christopher G. Kaler ,  Scott A. Konersmann ,  Butler W. Lampson ,  Paul J. Leach ,  Bradford H. Lovering ,  Steven E. Luocco ,  Stephen J. Millet ,  Richard F. Rashid ,  John P. Shewchuk

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  G06Q20/3676 ,  H04L63/10 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2823

摘要： A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

公开(公告)号：US07899047B2

公开(公告)日：2011-03-01

申请号：US11838161

申请日：2007-08-13

申请人： Luis F. Cabrera ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  Christopher G. Kaler ,  David E. Levin ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  John P. Shewchuk ,  Robert S. Wahbe ,  David A. Wortendyke

发明人： Luis F. Cabrera ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  Christopher G. Kaler ,  David E. Levin ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  John P. Shewchuk ,  Robert S. Wahbe ,  David A. Wortendyke

IPC分类号： H04L12/56

CPC分类号： H04L61/15 ,  H04L29/12047 ,  H04L67/327 ,  H04L69/32

摘要： Methods and systems for providing a virtual network are disclosed. At least one layer of abstraction is created between network service applications and conventional network protocols by inserting an adaptive dispatcher between applications and network transport services on each machine in a network. The message protocol in the virtual network is extensible, allowing application programs to create new headers within any message as needed. The adaptive dispatcher contains handlers that route and dispatch messages within the virtual network based on arbitrary content within each message, including any combination of headers and/or data content. Each device on the virtual network has a virtual address to which messages are directed, allowing devices to move within the network without reconfiguring routing tables. Handlers may be automatically created when an event meeting predefined criteria occurs, including the non-occurrence of a condition, making the virtual network self-healing and adaptive to reconfiguration.

摘要翻译： 公开了用于提供虚拟网络的方法和系统。 通过在网络中的每台机器上的应用程序和网络传输服务之间插入自适应调度器，在网络服务应用程序和常规网络协议之间创建至少一个抽象层。 虚拟网络中的消息协议是可扩展的，允许应用程序根据需要在任何消息内创建新头。 自适应调度器包含基于每个消息内的任意内容（包括报头和/或数据内容的任何组合）在虚拟网络内路由和调度消息的处理程序。 虚拟网络上的每个设备都具有指向消息的虚拟地址，允许设备在网络内移动而不重新配置路由表。 当满足预定义标准的事件发生时，可以自动创建处理程序，包括不发生条件，使虚拟网络自我修复并适应重新配置。

公开(公告)号：US20090046726A1

公开(公告)日：2009-02-19

申请号：US11838161

申请日：2007-08-13

申请人： Luis Felipe Cabrera ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  Christopher G. Kaler ,  David E. Levin ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  John P. Shewchuk ,  Robert S. Wahbe ,  David A. Wortendyke

发明人： Luis Felipe Cabrera ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  Christopher G. Kaler ,  David E. Levin ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  John P. Shewchuk ,  Robert S. Wahbe ,  David A. Wortendyke

IPC分类号： H04L12/56

CPC分类号： H04L61/15 ,  H04L29/12047 ,  H04L67/327 ,  H04L69/32

摘要： Methods and systems for providing a virtual network are disclosed. At least one layer of abstraction is created between network service applications and conventional network protocols by inserting an adaptive dispatcher between applications and network transport services on each machine in a network. The message protocol in the virtual network is extensible, allowing application programs to create new headers within any message as needed. The adaptive dispatcher contains handlers that route and dispatch messages within the virtual network based on arbitrary content within each message, including any combination of headers and/or data content. Each device on the virtual network has a virtual address to which messages are directed, allowing devices to move within the network without reconfiguring routing tables. Handlers may be automatically created when an event meeting predefined criteria occurs, including the non-occurrence of a condition, making the virtual network self-healing and adaptive to reconfiguration.

摘要翻译： 公开了用于提供虚拟网络的方法和系统。 通过在网络中的每台机器上的应用程序和网络传输服务之间插入自适应调度器，在网络服务应用程序和常规网络协议之间创建至少一个抽象层。 虚拟网络中的消息协议是可扩展的，允许应用程序根据需要在任何消息内创建新头。 自适应调度器包含基于每个消息内的任意内容（包括报头和/或数据内容的任何组合）在虚拟网络内路由和调度消息的处理程序。 虚拟网络上的每个设备都具有指向消息的虚拟地址，允许设备在网络内移动而不重新配置路由表。 当满足预定义标准的事件发生时，可以自动创建处理程序，包括不发生条件，使虚拟网络自我修复并适应重新配置。

公开(公告)号：US07257817B2

公开(公告)日：2007-08-14

申请号：US09993656

申请日：2001-11-27

申请人： Luis F. Cabrera ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  Christopher G. Kaler ,  David E. Levin ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  John P. Shewchuk ,  Robert S. Wahbe ,  David A. Wortendyke

发明人： Luis F. Cabrera ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  Christopher G. Kaler ,  David E. Levin ,  Bradford H. Lovering ,  Steven E. Lucco ,  Stephen J. Millet ,  John P. Shewchuk ,  Robert S. Wahbe ,  David A. Wortendyke

IPC分类号： G06F3/00

CPC分类号： H04L45/00 ,  H04L43/0811 ,  H04L45/306 ,  H04L45/308 ,  H04L45/34 ,  H04L45/56 ,  H04L45/566 ,  H04L67/02 ,  H04L67/327 ,  H04L69/08

摘要： Methods and systems for providing a virtual network are disclosed. At least one layer of abstraction is created between network service applications and conventional network protocols by inserting an adaptive dispatcher between applications and network transport services on each machine in a network. The message protocol in the virtual network is extensible, allowing application programs to create new headers within any message as needed. The adaptive dispatcher contains handlers that route and dispatch messages within the virtual network based on arbitrary content within each message, including any combination of headers and/or data content. Each device on the virtual network has a virtual address to which messages are directed, allowing devices to move within the network without reconfiguring routing tables. Handlers may be automatically created when an event meeting predefined criteria occurs, including the non-occurrence of a condition, making the virtual network self-healing and adaptive to reconfiguration.

摘要翻译： 公开了用于提供虚拟网络的方法和系统。 通过在网络中的每台机器上的应用程序和网络传输服务之间插入自适应调度器，在网络服务应用程序和常规网络协议之间创建至少一个抽象层。 虚拟网络中的消息协议是可扩展的，允许应用程序根据需要在任何消息内创建新头。 自适应调度器包含基于每个消息内的任意内容（包括报头和/或数据内容的任何组合）在虚拟网络内路由和调度消息的处理程序。 虚拟网络上的每个设备都具有指向消息的虚拟地址，允许设备在网络内移动而不重新配置路由表。 当满足预定义标准的事件发生时，可以自动创建处理程序，包括不发生条件，使虚拟网络自我修复并适应重新配置。

公开(公告)号：US07447785B2

公开(公告)日：2008-11-04

申请号：US10403857

申请日：2003-03-31

申请人： Christopher G. Kaler ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  John P. Shewchuk ,  Stephen J. Millet ,  Steven E. Lucco

发明人： Christopher G. Kaler ,  Erik B. Christensen ,  Giovanni M. Della-Libera ,  John P. Shewchuk ,  Stephen J. Millet ,  Steven E. Lucco

IPC分类号： G06F15/16

CPC分类号： H04L63/102 ,  H04L67/327 ,  H04L69/329 ,  H04L2463/102

摘要： A network site often provides multiple offerings, each having their own context. The complete context for one of the offerings is stored. That complete context represents a root node in a hierarchical tree of context nodes, each node representing the context information for one or more of the offerings. Each node in the tree includes a reference to its parent node, and then a description of incremental changes to the context information as compared to the context information from the parent node. Accordingly, the context information for a particular node in the tree may be obtained by combining the complete context for the root node offering with incremental changes described in other nodes in the ancestral chain that leads from the particular offering to the root offering.

摘要翻译： 网络站点通常提供多个产品，每个产品都有自己的上下文。 存储其中一个产品的完整上下文。 该完整上下文表示上下文节点的分层树中的根节点，每个节点表示一个或多个提供的上下文信息。 树中的每个节点都包含对其父节点的引用，然后是与父节点的上下文信息相比较，对上下文信息的增量更改的描述。 因此，可以通过将根节点提供的完整上下文与从特定产品引导到根产品的祖先链中的其他节点中描述的增量变化相结合来获得树中的特定节点的上下文信息。

公开(公告)号：US07353535B2

公开(公告)日：2008-04-01

申请号：US10404733

申请日：2003-03-31

申请人： Christopher G. Kaler ,  John P. Shewchuk ,  Giovanni M. Della-Libera ,  Praerit Garg ,  Brendan W. Dixon

发明人： Christopher G. Kaler ,  John P. Shewchuk ,  Giovanni M. Della-Libera ,  Praerit Garg ,  Brendan W. Dixon

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： G06F21/64

摘要： A flexible way of expressing trust policies using, for example, XML. Multiple statement types may be expressed for a single authority type. Statement types may include less than all of the statements made by an authority type. Authority types may be defined using any manner interpretable by the computing system using the trust policy. In addition, trust policies may be updated as trust levels change. Even multiple trust policies may be used with reconciliation between the multiple trust policies being accomplished by using the more restrictive trust policy with respect to an assertion.

摘要翻译： 使用例如XML来表达信任策略的灵活方式。 单个授权类型可以表示多个语句类型。 语句类型可能包括少于由权限类型所做的全部语句。 可以使用使用信任策略的计算系统可解释的任何方式定义权限类型。 此外，信任策略可能随着信任级别的变化而更新。 甚至可以使用多个信任策略，以便通过使用关于断言的更严格的信任策略来实现多个信任策略之间的对帐。

公开(公告)号：US07313687B2

公开(公告)日：2007-12-25

申请号：US10340694

申请日：2003-01-10

申请人： Christopher G. Kaler ,  Giovanni M. Della-Libera ,  John P. Shewchuk

发明人： Christopher G. Kaler ,  Giovanni M. Della-Libera ,  John P. Shewchuk

IPC分类号： H04L9/00

CPC分类号： H04L67/34 ,  H04L29/06 ,  H04L63/12 ,  H04L67/327 ,  H04L69/329

摘要： A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.

摘要翻译： 第一消息处理器处的第一应用层识别上下文信息的第一部分。 第二消息处理器接收上下文信息的第一部分。 第二消息处理器处的第二应用层识别上下文信息的第二部分。 第二消息处理器发送上下文信息的第二部分以及从上下文信息的第一和第二部分创建的第一数字签名。 第一消息处理器接收上下文信息和第一数字签名的第二部分。 第一消息处理器将从上下文信息的第一和第二部分创建的第二数字签名发送到第二消息处理器。 如果第一和第二数字签名都被认证，则可以在第一和第二应用层之间建立安全上下文。