公开(公告)号：US20060195690A1

公开(公告)日：2006-08-31

申请号：US11069803

申请日：2005-02-28

申请人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Pandya ,  Scott Cottrille ,  Vasantha Ravula ,  Vladimir Yarmolenko ,  Charles Rose ,  Yuhui Zhong

发明人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Pandya ,  Scott Cottrille ,  Vasantha Ravula ,  Vladimir Yarmolenko ,  Charles Rose ,  Yuhui Zhong

IPC分类号： H04L9/00

CPC分类号： H04L63/0823

摘要： An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.

公开(公告)号：US20060206707A1

公开(公告)日：2006-09-14

申请号：US11077920

申请日：2005-03-11

申请人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Pandya ,  Scott Cottrille ,  Vasantha Ravula ,  Vladimir Yarmolenko ,  Charles Rose ,  Yuhui Zhong

发明人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Pandya ,  Scott Cottrille ,  Vasantha Ravula ,  Vladimir Yarmolenko ,  Charles Rose ,  Yuhui Zhong

IPC分类号： H04L9/00

CPC分类号： G06F21/33 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/102 ,  H04L2209/68

摘要： An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.

公开(公告)号：US07509489B2

公开(公告)日：2009-03-24

申请号：US11077920

申请日：2005-03-11

申请人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

发明人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

IPC分类号： H04L9/00 ,  G06F7/04 ,  G06F17/30

CPC分类号： G06F21/33 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/102 ,  H04L2209/68

摘要： An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.

摘要翻译： 改进的证书颁发系统可以包括用于将来自证书和证书请求从第一格式转换为第二格式的证书转换引擎。 然后证书颁发引擎可以以通用格式的传入请求进行操作。 发卡引擎可以根据证书颁发政策向客户颁发证书。 该策略可以表示为可以在运行时消费的策略表达式语言中的数据，其提供了灵活且有效地改变发布策略。 发放的证书可以翻译成请求客户端使用的格式。 在将证书交付给请求的客户端之前，这种翻译可由翻译引擎执行。

公开(公告)号：US07500097B2

公开(公告)日：2009-03-03

申请号：US11069803

申请日：2005-02-28

申请人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

发明人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

IPC分类号： H04L9/00 ,  G06F7/04 ,  G06F17/30

CPC分类号： H04L63/0823

摘要： An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.

摘要翻译： 改进的证书颁发系统可以包括用于表达证书颁发策略的新颖的安排。 该策略可以以人类可读的策略表达语言表示，并且存储在例如在运行时由证书颁发系统消耗的文件中。 因此，通过改变数字文件可以容易地改变策略。 还提供了某些技术来扩展证书颁发系统的能力，以便它可以应用和执行新的策略。

公开(公告)号：US20070028096A1

公开(公告)日：2007-02-01

申请号：US11194100

申请日：2005-07-29

申请人： Paul England ,  Muthukrishnan Paramasivam ,  Thekkthalackal Kurien ,  Charles Rose ,  Ravindra Pandya

发明人： Paul England ,  Muthukrishnan Paramasivam ,  Thekkthalackal Kurien ,  Charles Rose ,  Ravindra Pandya

IPC分类号： H04L9/00

CPC分类号： H04L9/3263 ,  H04L2209/60

摘要： Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.

摘要翻译： 这里公开了一种用于认证可分发物体的技术。 该技术涉及为每个可分发对象创建一个认证，以指示对象的属性。 使用这样的认证，只能从指定的实体接受具有某些属性的对象。

公开(公告)号：US20060206925A1

公开(公告)日：2006-09-14

申请号：US11077574

申请日：2005-03-11

申请人： Blair Dillaway ,  Brian LaMacchia ,  Muthukrishnan Paramasivam ,  Charles Rose ,  Ravindra Pandya

发明人： Blair Dillaway ,  Brian LaMacchia ,  Muthukrishnan Paramasivam ,  Charles Rose ,  Ravindra Pandya

IPC分类号： H04L9/32

CPC分类号： G06F21/62 ,  G06F21/33 ,  G06F2221/2145

摘要： A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.

摘要翻译： 第一组织的资源提供对第二组织的请求者的访问。 第一个组织的第一个管理员向第二个组织的第二个管理员颁发第一个凭据，包括第二个管理员可以代表第一个管理员向请求者发出第二个凭证的策略。 第二个管理员向请求者发出第二个凭证，包括发出的第一个凭证。 请求者请求从资源的访问，并且包括发出的第一和第二凭证。 该资源验证所发出的第一个凭证将第一个管理员与第二个管理员相关联，并且发出的第二个凭证将第二个管理员与请求者联系起来。 因此，该资源知道该请求基于通过第二管理员从第一管理员委派给请求者的权限。

公开(公告)号：US20060242688A1

公开(公告)日：2006-10-26

申请号：US11112993

申请日：2005-04-22

申请人： Muthukrishnan Paramasivam ,  Charles Rose ,  Nicolas Payette

发明人： Muthukrishnan Paramasivam ,  Charles Rose ,  Nicolas Payette

IPC分类号： H04L9/32

CPC分类号： H04L63/102 ,  G06F21/335

摘要： Supporting statements are provided to help safely and efficiently construct and verify proofs necessary for deciding whether to grant a request from one entity for accessing a resource owned or administered by another entity.

摘要翻译： 提供支持性声明，以帮助安全有效地构建和验证必要的证明，以确定是否从一个实体授予访问由另一个实体拥有或管理的资源的请求。

公开(公告)号：US20080301758A1

公开(公告)日：2008-12-04

申请号：US11809856

申请日：2007-05-31

申请人： Yuri Gurevich ,  Muthukrishnan Paramasivam ,  Itay Neeman

发明人： Yuri Gurevich ,  Muthukrishnan Paramasivam ,  Itay Neeman

IPC分类号： H04L9/00

CPC分类号： G06F21/604

摘要： Techniques for distributed knowledge access control are disclosed herein. These techniques may enable access control information to be provided in the form of a statement that includes an assertion and a construct that targets the assertion to one or more intended entities. By targeting the statement to intended entities, the construct may help protect resources from unauthorized use and may also help protect the issuer of the statement from accountability resulting from misuse of the statement.

摘要翻译： 本文公开了用于分布式知识访问控制的技术。 这些技术可以使访问控制信息能够以声明的形式提供，该语句包括断言和针对一个或多个预期实体的断言的构造。 通过将该声明定位到预期实体，该构造可以帮助保护资源免遭未经授权的使用，并且还可以帮助保护声明的发行者不被滥用声明所导致的问题。

公开(公告)号：US20060173788A1

公开(公告)日：2006-08-03

申请号：US11048087

申请日：2005-02-01

申请人： Ravindra Nath Pandya ,  Peter Waxman ,  Vinay Krishnaswamy ,  Muthukrishnan Paramasivam ,  Marco DeMello ,  Steven Bourne

发明人： Ravindra Nath Pandya ,  Peter Waxman ,  Vinay Krishnaswamy ,  Muthukrishnan Paramasivam ,  Marco DeMello ,  Steven Bourne

IPC分类号： H04L9/00

CPC分类号： G06F21/10

摘要： A license is issued to a user as decryption and authorization portions. The decryption portion is accessible only by such user and has a decryption key (KD) for decrypting corresponding encrypted digital content and validating information including an identification of a root trust authority. The authorization portion sets forth rights granted in connection with the digital content and conditions that must be satisfied to exercise the rights granted, and has a digital signature that is validated according to the identified root trust authority in the decryption portion. The user issued accesses the decryption portion and employs the validation information therein to validate the digital signature of the authorization portion. If the conditions in the authorization portion so allow, the rights in the authorization portion are exercised by decrypting the encrypted content with the decryption key (KD) from the decryption portion and rendering the decrypted content.

摘要翻译： 向用户颁发许可证作为解密和授权部分。 解密部分仅由该用户访问，并且具有用于解密对应的加密数字内容的解密密钥（KD）以及验证包括根信任授权的标识的信息。 授权部分列出与数字内容和条件相关的权利，该数字内容和条件必须满足以行使所授予的权利，并且具有根据所述解密部分中确定的根信任权限验证的数字签名。 用户发出访问解密部分并在其中采用验证信息来验证授权部分的数字签名。 如果授权部分中的条件允许，则通过使用来自解密部分的解密密钥（KD）解密加密内容并呈现解密内容来执行授权部分中的权限。

公开(公告)号：US07770206B2

公开(公告)日：2010-08-03

申请号：US11077574

申请日：2005-03-11

申请人： Blair Brewster Dillaway ,  Brian LaMacchia ,  Muthukrishnan Paramasivam ,  Charles F. Rose, III ,  Ravindra Nath Pandya

发明人： Blair Brewster Dillaway ,  Brian LaMacchia ,  Muthukrishnan Paramasivam ,  Charles F. Rose, III ,  Ravindra Nath Pandya

IPC分类号： G06F7/04

CPC分类号： G06F21/62 ,  G06F21/33 ,  G06F2221/2145

摘要： A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.

摘要翻译： 第一组织的资源提供对第二组织的请求者的访问。 第一个组织的第一个管理员向第二个组织的第二个管理员颁发第一个凭据，包括第二个管理员可以代表第一个管理员向请求者发出第二个凭证的策略。 第二个管理员向请求者发出第二个凭证，包括发出的第一个凭证。 请求者请求从资源的访问，并且包括发出的第一和第二凭证。 该资源验证所发出的第一个凭证将第一个管理员与第二个管理员相关联，并且发出的第二个凭证将第二个管理员与请求者联系起来。 因此，该资源知道该请求基于通过第二管理员从第一管理员委派给请求者的权限。