公开(公告)号：US5784560A

公开(公告)日：1998-07-21

申请号：US573034

申请日：1995-12-15

申请人： Kevin Kingdon ,  Randal Earl Childers ,  DeeAnne Higley ,  Dale R. Olds

发明人： Kevin Kingdon ,  Randal Earl Childers ,  DeeAnne Higley ,  Dale R. Olds

IPC分类号： G06F15/16 ,  G06F1/00 ,  G06F9/46 ,  G06F12/00 ,  G06F13/00 ,  G06F21/00 ,  G06F21/20 ,  H04L12/28

CPC分类号： G06F21/6218 ,  G06F21/604 ,  G06F2221/2113 ,  G06F2221/2145

摘要： A method and apparatus for providing access control to objects in a distributed network directory employing static resolution to resolve object attributes. A first object has a Security Equals attribute and a second object has an Equivalent To Me attribute. Upon receiving a request for the first object to access the second object, authorization of such access is verified by checking if the two attributes are synchronized. The attributes are synchronized when the Security Equals attribute of the first object includes the second object, and the Equivalent To Me attribute of the second object includes the first object. A method of synchronizing the two attributes is also disclosed.

摘要翻译： 一种用于提供对使用静态分辨率解析对象属性的分布式网络目录中的对象的访问控制的方法和装置。 第一个对象具有Security Equals属性，第二个对象具有“等价对象”属性。 在接收到第一对象访问第二对象的请求时，通过检查两个属性是否同步来验证这种访问的授权。 当第一个对象的Security Equals属性包含第二个对象时，属性将同步，而第二个对象的Equivalent To Me属性包含第一个对象。 还公开了一种使两个属性同步的方法。

公开(公告)号：US5677851A

公开(公告)日：1997-10-14

申请号：US357467

申请日：1994-12-15

申请人： Kevin Kingdon ,  Randal Earl Childers ,  DeeAnne Higley ,  Dale R. Olds

发明人： Kevin Kingdon ,  Randal Earl Childers ,  DeeAnne Higley ,  Dale R. Olds

IPC分类号： G06F15/16 ,  G06F1/00 ,  G06F9/46 ,  G06F12/00 ,  G06F13/00 ,  G06F21/00 ,  G06F21/20 ,  H04L9/00

CPC分类号： G06F21/6218 ,  G06F21/604 ,  G06F2221/2113 ,  G06F2221/2145

摘要： A method of providing authoritative access control to computer networks that employs a distributed network directory using a static means of resolving object attributes is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. A method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.

摘要翻译： 公开了一种向计算机网络提供权威访问控制的方法，该计算机网络采用分布式网络目录使用静态解析对象属性。 该方法使用现有目录和每个服务器的身份验证过程。 在分布式网络目录的一个分区的管理员的物理控制下的第一个对象请求访问处于分布式网络目录的另一分区的管理员的物理控制下的第二对象。 目录验证第一个对象的访问控制列表包含第二个对象。 然后检查第二对象的访问控制列表以验证其包括对作为允许访问第二对象的对象的对第一对象的引用。 因此，只有在响应出现在第二个对象的访问控制列表中的对象的请求时才允许访问。 还公开了一种基于权威访问控制列表来同步访问控制列表的方法。

公开(公告)号：US20080028093A1

公开(公告)日：2008-01-31

申请号：US11829059

申请日：2007-07-26

申请人： John Pickens ,  Hoi-Tauw Chou ,  W. Paul Sherer ,  Howard Davis ,  Kevin Kingdon

发明人： John Pickens ,  Hoi-Tauw Chou ,  W. Paul Sherer ,  Howard Davis ,  Kevin Kingdon

IPC分类号： G06F15/16

CPC分类号： H04L65/1093 ,  H04L65/4076 ,  H04N21/6377 ,  H04N21/6405

摘要： A technique for transitioning streamed digital video content between stream servers involves identifying a transition identifier that indicates a point at which streaming of the digital video content transitions from a first stream server to a second stream server and then transitioning the streaming from the first stream server the second stream server at a point in the digital video content that corresponds to the transition identifier. For example, the first stream server stops streaming the digital video content at a point in the digital video content that corresponds to the transition identifier and the second stream server starts streaming the digital video content at a point in the digital video content that corresponds to the transition identifier.

摘要翻译： 用于在流服务器之间转换流式数字视频内容的技术涉及识别转换标识符，其指示数字视频内容的流传输从第一流服务器转换到第二流服务器的点，然后从第一流服务器转换流 在数字视频内容中与转换标识符相对应的点处的第二流服务器。 例如，第一流服务器停止在与转换标识符相对应的数字视频内容中的点处流式传输数字视频内容，并且第二流服务器在数字视频内容中对应于数字视频内容的点开始流式传输数字视频内容 转换标识符

公开(公告)号：US08145778B2

公开(公告)日：2012-03-27

申请号：US11829059

申请日：2007-07-26

申请人： John Pickens ,  Hoi-Tauw Chou ,  W. Paul Sherer ,  Howard Davis ,  Kevin Kingdon

发明人： John Pickens ,  Hoi-Tauw Chou ,  W. Paul Sherer ,  Howard Davis ,  Kevin Kingdon

IPC分类号： G06F15/16

CPC分类号： H04L65/1093 ,  H04L65/4076 ,  H04N21/6377 ,  H04N21/6405

摘要： A technique for transitioning streamed digital video content between stream servers involves identifying a transition identifier that indicates a point at which streaming of the digital video content transitions from a first stream server to a second stream server and then transitioning the streaming from the first stream server the second stream server at a point in the digital video content that corresponds to the transition identifier. For example, the first stream server stops streaming the digital video content at a point in the digital video content that corresponds to the transition identifier and the second stream server starts streaming the digital video content at a point in the digital video content that corresponds to the transition identifier.

摘要翻译： 用于在流服务器之间转换流式数字视频内容的技术涉及识别转换标识符，其指示数字视频内容的流传输从第一流服务器转换到第二流服务器的点，然后从第一流服务器转换流 在数字视频内容中与转换标识符相对应的点处的第二流服务器。 例如，第一流服务器停止在与转换标识符相对应的数字视频内容中的点处流式传输数字视频内容，并且第二流服务器在对应于数字视频内容的数字视频内容中的点开始流式传输数字视频内容 转换标识符

公开(公告)号：USRE37178E1

公开(公告)日：2001-05-15

申请号：US08778151

申请日：1996-09-20

申请人： Kevin Kingdon

发明人： Kevin Kingdon

IPC分类号： H04L928

CPC分类号： H04L69/16 ,  H04L9/0827 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/061 ,  H04L63/067 ,  H04L63/083 ,  H04L63/12

摘要： The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of the present invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key) is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.

摘要翻译： 本发明提供了一种用于消息分组认证的方法和装置，以防止消息分组的伪造。 在创建消息分组之后，将秘密会话密钥预先插入消息，并且对改变的消息执行消息摘要算法以创建消息摘要。 当通过电线发送时，将消息摘要的一部分（称为签名）附加到实际消息。 接收站从消息中剥离签名，预先安装相同的秘密会话密钥并创建自己的消息摘要。 由接收站创建的摘要的签名与由发送站附加的摘要的签名进行比较。 如果有匹配，则假定一个真实的消息。 如果没有匹配，该消息被认为是无效的并被丢弃。 本发明的优点是会话密钥从不通过线路传输。 接收站（服务器）已经具有密钥并且随着消息数据使用该密钥，以便在接收到该数据包时重新计算消息摘要。 共享密钥（会话密钥）是在NCP会话开始期间生成的。 此外，发送站和接收站两者都维持累积状态信息。 该状态信息也用于验证消息。

公开(公告)号：US5349642A

公开(公告)日：1994-09-20

申请号：US970611

申请日：1992-11-03

申请人： Kevin Kingdon

发明人： Kevin Kingdon

IPC分类号： G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04L9/28

CPC分类号： H04L69/16 ,  H04L63/061 ,  H04L63/067 ,  H04L63/083 ,  H04L63/12 ,  H04L9/0827 ,  H04L9/3236 ,  H04L9/3247

摘要： The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded. An advantage of the present invention is that the session key is never transmitted over the wire. The receiving station (server) already has the key and uses the key along with the message data to recalculate the message digest upon receiving the packet. The shared secret key (session key) is generated during initiation of the NCP session. In addition, cumulative state information is maintained by both the sending station and the receiving station. This state information is also used to authenticate messages.

摘要翻译： 本发明提供了一种用于消息分组认证的方法和装置，以防止消息分组的伪造。 在创建消息分组之后，将秘密会话密钥预先插入消息，并且对改变的消息执行消息摘要算法以创建消息摘要。 当通过电线发送时，将消息摘要的一部分（称为签名）附加到实际消息。 接收站从消息中剥离签名，预先安装相同的秘密会话密钥并创建自己的消息摘要。 由接收站创建的摘要的签名与由发送站附加的摘要的签名进行比较。 如果有匹配，则假定一个真实的消息。 如果没有匹配，该消息被认为是无效的并被丢弃。 本发明的优点是会话密钥从不通过线路传输。 接收站（服务器）已经具有密钥并且随着消息数据使用该密钥，以便在接收到该数据包时重新计算消息摘要。 共享密钥（会话密钥）是在NCP会话开始期间生成的。 此外，发送站和接收站两者都维持累积状态信息。 该状态信息也用于验证消息。