-
公开(公告)号:US07210167B2
公开(公告)日:2007-04-24
申请号:US09757058
申请日:2001-01-08
IPC分类号: G06F3/00
CPC分类号: H04L63/0815 , H04L63/0823 , H04L63/083 , H04L63/0861
摘要: Described herein is an implementation of a technology for managing credentials. With an implementation, a credential manager is domain-authentication aware and concurrent authentications with multiple independent networks (e.g., domains) may be established and maintained. Moreover, a credential manager provides a credential model retrofit for legacy applications that only understand the password model. The manager provides a mechanism where the application is only a “blind courier” of credentials between the trusted part of the OS to the network and/or network resource. The manager fully insulates the application from “read” access to the credentials. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.
摘要翻译: 这里描述了用于管理凭证的技术的实现。 通过实现,凭证管理器是域认证感知的,并且可以建立和维护具有多个独立网络(例如域)的并发验证。 此外,凭证管理器为只能理解密码模型的遗留应用程序提供证书模型改造。 管理员提供了一种机制,其中应用程序只是操作系统的受信任部分与网络和/或网络资源之间的凭据的“盲快递”。 管理员完全将应用程序从“读取”访问权限隔离到凭据。 本摘要本身并不旨在限制本专利的范围。 在所附权利要求中指出了本发明的范围。
-
公开(公告)号:US07617522B2
公开(公告)日:2009-11-10
申请号:US11379998
申请日:2006-04-24
CPC分类号: H04L63/0815 , H04L63/083
摘要: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
摘要翻译: 企业网络架构具有建立在两个自主网络系统之间的信任链路,能够实现两个网络系统的网络域之间的传递资源访问。 信任链接由相应网络系统中的每一个维护的数据结构来定义。 第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器,或者第一网络系统管理员指示是否信任个体命名空间。 由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。 第一网络系统从信任链路确定将认证请求传送到第二网络系统。 当管理员管理组成员身份和访问控制列表时,第一个网络系统还从信任链接确定何处传达授权请求。
-
3.发明授权Method and apparatus for Migrating from a source domain network controller to a target domain network controller 失效从源域网络控制器迁移到目标域网络控制器的方法和装置
公开(公告)号:US5708812A
公开(公告)日:1998-01-13
申请号:US588344
申请日:1996-01-18
CPC分类号: G06F8/00 , Y10S707/99939 , Y10S707/99953
摘要: A method and apparatus are described for facilitating the migration of accounts from a source domain to a target domain in a computer network without affecting the capability of users and services associated with the source domain to access source domain resources after the users' and services' accounts have been migrated to the target domain. Migrating source domain accounts is facilitated by a dual-identity Domain Controller having simultaneous access to replicating mechanisms of both the source domain and the target domain. When accounts are migrated to a directory service of objects for the target domain, the accounts are modified to include security information defining access rights of the migrated accounts within the target domain. Security information relating to an account's access rights in the source domain is preserved in the migrated account stored in the target domain directory service of objects databases.
摘要翻译: 描述了一种方法和装置,用于促进帐户从计算机网络中的源域迁移到目标域,而不影响用户和服务帐户之后的与源域相关联的用户和服务的访问源域资源的能力 已迁移到目标域。 双域身份域控制器可以同时访问源域和目标域的复制机制来促进迁移源域帐户。 当帐户迁移到目标域的对象的目录服务时,会修改帐户以包括定义目标域中已迁移帐户的访问权限的安全信息。 与存储在对象数据库的目标域目录服务中的迁移帐户中保留与源域中帐户访问权限相关的安全信息。
-
公开(公告)号:US08781969B2
公开(公告)日:2014-07-15
申请号:US12835569
申请日:2010-07-13
申请人: Vikas Khandelwal , Eduardo P. Oliveira , Clifford P. Van Dyke , Mark D. VanAntwerp , Clifford P. Storm , James M. Alkove
发明人: Vikas Khandelwal , Eduardo P. Oliveira , Clifford P. Van Dyke , Mark D. VanAntwerp , Clifford P. Storm , James M. Alkove
CPC分类号: H04L9/08 , G06F21/10 , G06F2221/2135 , G06F2221/2137 , G06F2221/2149 , H04L63/08 , H04L2209/603
摘要: A DRM System. A DRM system comprising a service provider, a CE device coupled to the service provider, and an XMR license disposed upon the CE device.
摘要翻译: DRM系统。 包括服务提供商,耦合到服务提供商的CE设备和设置在CE设备上的XMR许可的DRM系统。
-
5.发明授权Automatic update of computer-readable components to support a trusted environment 有权自动更新计算机可读组件以支持受信任的环境公开(公告)号:US07650492B2
公开(公告)日:2010-01-19
申请号:US11184556
申请日:2005-07-19
申请人: Adil A. Sherwani , Pranavakumar Punniamoorthy , Rajesh A Deshpande , Sumedh N. Barde , Geoffrey T. Dunbar , Reid J. Kuhn , Clifford P. Van Dyke
发明人: Adil A. Sherwani , Pranavakumar Punniamoorthy , Rajesh A Deshpande , Sumedh N. Barde , Geoffrey T. Dunbar , Reid J. Kuhn , Clifford P. Van Dyke
IPC分类号: G06F9/00
CPC分类号: G06F21/57
摘要: The present automatic update mechanism provides a method for determining whether computer-readable components loaded within a memory device are at a level of protection specified for protected content that a media application is attempting to process. If a current level of protection provides lower protection that the level specified, a file is updated to achieve at least the level of protection specified by the protected content. Updating the file to achieve the level of protection is performed in a manner that minimizes rebooting of a computing device.
摘要翻译: 本自动更新机制提供了一种用于确定加载在存储器设备内的计算机可读组件是否处于为媒体应用正在尝试处理的受保护内容指定的保护级别的方法。 如果当前的保护级别对指定的级别提供较低的保护,则文件将被更新,以至少达到受保护内容指定的保护级别。 以最小化计算设备的重新启动的方式来执行更新文件以实现保护级别。
-
6.发明授权
公开(公告)号:US5968121A
公开(公告)日:1999-10-19
申请号:US910412
申请日:1997-08-13
申请人: Keith W. Logan , Pradyumna K. Misra , Paul J. Leach , Clifford P. Van Dyke , Dave D. Straube , Arnold S. Miller
发明人: Keith W. Logan , Pradyumna K. Misra , Paul J. Leach , Clifford P. Van Dyke , Dave D. Straube , Arnold S. Miller
CPC分类号: H04L29/12047 , H04L29/12009 , H04L41/0893 , H04L41/12 , H04L61/15 , H04L67/1002 , H04L67/1008 , H04L67/101 , H04L67/1021 , H04L67/16 , H04L67/18 , H04L41/0233 , H04L67/1095 , H04L69/329
摘要: A network directory and naming service include fields for identifying instances of network resources and other objects by both logical and topological grouping. This combination of information facilitates automated efficient decision making with regard to replication of resources and updating the replicas in response to changes. The combination of logical and topological identification for resources also facilitates selection of a close replica in instances where a client requests access to a resource, such as a server, for which communicatively local and remote instances exist.
摘要翻译: 网络目录和命名服务包括用于通过逻辑和拓扑分组来标识网络资源和其他对象的实例的字段。 信息的这种组合促进了关于资源的复制和响应于变化来更新副本的自动化的有效决策。 资源的逻辑和拓扑识别的组合还有助于在客户端请求访问诸如服务器的资源的实例中选择紧密副本,对于通信本地和远程实例存在的资源。
-
公开(公告)号:US20100280954A1
公开(公告)日:2010-11-04
申请号:US12835569
申请日:2010-07-13
申请人: Vikas Khandelwal , Eduardo P. Oliveira , Clifford P. Van Dyke , Mark D. VanAntwerp , Clifford Paul Storm , James M. Alkove
发明人: Vikas Khandelwal , Eduardo P. Oliveira , Clifford P. Van Dyke , Mark D. VanAntwerp , Clifford Paul Storm , James M. Alkove
CPC分类号: H04L9/08 , G06F21/10 , G06F2221/2135 , G06F2221/2137 , G06F2221/2149 , H04L63/08 , H04L2209/603
摘要: A DRM System. A DRM system comprising a service provider, a CE device coupled to the service provider, and an XMR license disposed upon the CE device.
摘要翻译: DRM系统。 包括服务提供商,耦合到服务提供商的CE设备和设置在CE设备上的XMR许可的DRM系统。
-
公开(公告)号:US07185359B2
公开(公告)日:2007-02-27
申请号:US10029426
申请日:2001-12-21
CPC分类号: H04L63/0815 , H04L63/083
摘要: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
摘要翻译: 企业网络架构具有建立在两个自主网络系统之间的信任链路,能够实现两个网络系统的网络域之间的传递资源访问。 信任链接由相应网络系统中的每一个维护的数据结构来定义。 第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器,或者第一网络系统管理员指示是否信任个体命名空间。 由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。 第一网络系统从信任链路确定将认证请求传送到第二网络系统。 当管理员管理组成员身份和访问控制列表时,第一个网络系统还从信任链接确定何处传达授权请求。
-
公开(公告)号:US06751674B1
公开(公告)日:2004-06-15
申请号:US09360498
申请日:1999-07-26
IPC分类号: G06F1516
CPC分类号: H04L29/06 , H04L67/1095 , H04L69/329 , Y10S707/99953
摘要: Method and system for networking multiple-master servers, including multiple-master servers, with single-master servers are described. A checkpoint-flag is used to identify a state when the same changes are present in the change-log of a first multiple-master server, which is emulating a primary server for the single master servers in the network, and a second multiple master server in the network. This done by identifying a replication cycle in which no changes are made to either the first multiple-master server or the second multiple master serve. The change-log of the first multiple master server is adopted by the second multiple master server, thus ensuring that the multiple master server in the network have their change-logs converge to reflect the order in the change-log of the multiple master server emulating a primary server. Thus any of the multiple master servers can takeover the task of the primary server in the event such a promotion is required without inconveniencing the single master servers in the network. This strategy helps in realization of hybrid networks that retain both single master and multiple master functionality and, moreover, facilitate a smooth and economical switch to a multiple master server based network from a single master server based network.
摘要翻译: 描述了使用单主服务器联网多主服务器(包括多主服务器)的方法和系统。 当第一个多主服务器的更改日志中存在相同的更改时,检查点标志用于标识状态,该第一多主服务器正在模拟网络中单个主服务器的主服务器,第二个多主服务器 在网络中。 这是通过识别不对第一个多主服务器或第二个多主服务器进行任何更改的复制周期来实现的。 第一个多主服务器的变更日志由第二个多主服务器采用,从而确保网络中的多个主服务器的变更日志收敛,以反映多主服务器的更改日志中的顺序 一个主服务器。 因此,在需要这样的促销的情况下,任何多个主服务器可以接管主服务器的任务,而不会使网络中的单个主服务器不受影响。 这种策略有助于实现保留单主机和多主机功能的混合网络,此外,有助于平滑和经济地从基于单个主服务器的网络切换到基于主服务器的多个网络。
-
10.发明授权Extensible security system and method for controlling access to objects in a computing environment 有权用于控制计算环境中对象访问的可扩展安全系统和方法公开(公告)号:US06412070B1
公开(公告)日:2002-06-25
申请号:US09157882
申请日:1998-09-21
IPC分类号: G06F1214
CPC分类号: G06F9/468 , G06F21/604 , G06F21/6218 , G06F2221/2141 , Y10S707/99939
摘要: A method and computing system for extending access control of system objects in a computing environment beyond traditional rights such as read, write, create and delete. According to the invention, a system administrator or user application is able to create control rights that are unique to the type of object. Rights can be created that do not relate to any specific property of the object, but rather define how a user may control the object. A novel object, referred to as a control access data structure, is defined for each unique control right and associates the control right with one or more objects of the computing environment. In order to grant the right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.
摘要翻译: 一种用于在计算环境中扩展系统对象的访问控制的方法和计算系统,超越传统权限,如读取,写入,创建和删除。 根据本发明,系统管理员或用户应用程序能够创建对象类型唯一的控制权限。 可以创建与对象的任何特定属性无关的权限,而是定义用户如何控制对象。 被称为控制访问数据结构的一个新对象是为每个唯一的控制权定义的,并将控制权与计算环境的一个或多个对象相关联。 为了授予对信任用户的权利,定义了改进的访问控制条目(ACE),其保存受信任用户的唯一标识符和控制访问数据结构的唯一标识符。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.036 秒)