Capability security for distributed object systems
    1.
    发明授权
    Capability security for distributed object systems 失效
    分布式对象系统的能力安全

    公开(公告)号:US5852666A

    公开(公告)日:1998-12-22

    申请号:US674128

    申请日:1996-07-01

    摘要: A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination. This cryptography can be performed by objects or processes using a variety of techniques, including Diffie-Helman or public/private key cryptography. The cryptography performed in the various embodiments ensures that only the intended recipient of the message can decode the object reference and that a misbehaving object cannot convince another object that it possesses a capability it does not have. Some of the disclosed embodiments provide capability security for distributed object systems wherein the objects and processes directly handle inter-object and inter-process communications and message encryption and decryption.

    摘要翻译: 公开了一种为分布式对象系统提供能力安全性的系统。 能力安全的基本原则是,仅仅通过保持对该对象的引用来表示对对象做某事的权利(例如,调用特定对象的方法)。 在本文描述的每个优选实施例中,假定对象仅在对象知道某些未公开的(在能力安全所要求的条件下除外)与该特定对象相关联的密钥时,才能合理地保持对特定对象的引用。 也就是说,对象的关键是与对象的引用一起需要的。 因此,当对象引用在不同进程中的对象之间传递时,能够保证能力安全性,所传递的对象引用在传输时被加密,然后在到达目的地时进行解密。 该密码术可以由使用各种技术的对象或进程执行,包括Diffie-Helman或公共/私人密钥密码术。 在各种实施例中执行的密码学确保仅消息的预期接收者可以解码对象引用,并且不良行为对象不能说服另一对象具有其不具有的能力。 所公开的实施例中的一些为分布式对象系统提供能力安全性,其中对象和过程直接处理对象间和进程间通信以及消息加密和解密。

    Distributed garbage collection system and method
    2.
    发明授权
    Distributed garbage collection system and method 失效
    分布式垃圾收集系统及方法

    公开(公告)号:US5960087A

    公开(公告)日:1999-09-28

    申请号:US674114

    申请日:1996-07-01

    摘要: A distributed garbage collection system and method is disclosed that is compatible with local ref-count or full garbage collection and that ensures that no local object's storage is deleted by the local garbage collector unless it is certain that there are no actual or potential remote references to that local object. The disclosed system and method are implemented in the context of a transparent distributed object system in which communications between objects in different processes are enabled by dedicated proxy objects that are linked to corresponding remote objects via a pair of transport objects. Additional proxy holder objects and proxy holder proxies ensure that objects for which third-party object references are passed (i.e., where one object in a first process passes a remote object in a second process a reference to a third object in a third process) are not collected until a direct link is established between the remote object in the second process and the third object in the third object space. As appropriate, secret number table pointers maintained by a local registrar for each object that has been accessed via a third party message are deleted, allowing the objects to be collected when there are no other actual or pending remote references to that object. The transport managers encrypt all inter-process messages so as to provide full capability security within the distributed system. This enables the disclosed garbage collection system and methods to operate under attack from misbehaving participants.

    摘要翻译: 公开了一种与本地引用计数或完全垃圾收集兼容的分布式垃圾回收系统和方法,并且确保本地对象的存储被本地垃圾收集器删除,除非确定没有实际或潜在的远程引用 那个地方的对象。 所公开的系统和方法在透明分布式对象系统的上下文中实现,其中通过经由一对传输对象链接到对应的远程对象的专用代理对象来启用不同进程中的对象之间的通信。 其他代理持有者对象和代理持有人代理确保传递第三方对象引用的对象(即,第一个进程中的一个对象在第二个进程中的远程对象在第三个进程中对第三个对象的引用) 在第二进程中的远程对象与第三对象空间中的第三对象之间建立直接链接之前,不会被收集。 适当地,删除了由本地注册器为通过第三方消息访问的每个对象维护的秘密号码表指针,从而允许当对该对象没有其他实际或挂起的远程引用时收集对象。 运输经理加密所有进程间消息,以便在分布式系统中提供全面的能力安全性。 这使得所公开的垃圾收集系统和方法能够在行为不端的参与者的攻击下进行操作。

    Capability security for transparent distributed object systems
    3.
    发明授权
    Capability security for transparent distributed object systems 失效
    透明分布式对象系统的能力安全

    公开(公告)号:US5781633A

    公开(公告)日:1998-07-14

    申请号:US671307

    申请日:1996-07-01

    IPC分类号: G06F9/46 H04L9/32 G06F13/14

    CPC分类号: G06F9/468

    摘要: A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination. This cryptography can be performed by objects or processes using a variety of techniques, including Diffie-Helman or public/private key cryptography. The cryptography performed in the various embodiments ensures that only the intended recipient of the message can decode the object reference and that a misbehaving object cannot convince another object that it possesses a capability it does not have. Some of the disclosed embodiments provide capability security for transparent distributed object systems, wherein a pair of matched transports handle and encrypt inter-process communications between objects in their respective processes.

    摘要翻译: 公开了一种为分布式对象系统提供能力安全性的系统。 能力安全的基本原则是,仅仅通过保持对该对象的引用来表示对对象做某事的权利(例如,调用特定对象的方法)。 在本文描述的每个优选实施例中,假定对象仅在对象知道某些未公开的(在能力安全所要求的条件下除外)与该特定对象相关联的密钥时,才能合理地保持对特定对象的引用。 也就是说,对象的关键是与对象的引用一起需要的。 因此,当对象引用在不同进程中的对象之间传递时,能够保证能力安全性,所传递的对象引用在传输时被加密,然后在到达目的地时进行解密。 该密码术可以由使用各种技术的对象或进程执行,包括Diffie-Helman或公共/私人密钥密码术。 在各种实施例中执行的密码学确保仅消息的预期接收者可以解码对象引用,并且不良行为对象不能说服另一对象具有其不具有的能力。 所公开的实施例中的一些为透明分布式对象系统提供能力安全性,其中一对匹配的传输处理和加密各自进程中的对象之间的进程间通信。

    Generic transfer of exclusive rights
    4.
    发明授权
    Generic transfer of exclusive rights 失效
    一般转让专有权

    公开(公告)号:US6161121A

    公开(公告)日:2000-12-12

    申请号:US673039

    申请日:1996-07-01

    IPC分类号: G06F21/00 G06F9/00

    CPC分类号: G06F21/6218 G06F2221/2141

    摘要: A system and method are disclosed that enable exclusive rights in generic goods to be transferred from one party to another. A party holds an exclusive right to a good through a rescindable capability. When two parties agree on a transfer of the exclusive right to the good, a goods description memorializing the agreement is created which is in synergy with the rescindable capability. The goods description includes an acquire method that is the only method that can extract rights from the rescindable capability with which it is in synergy. The object from which the generic right is being transferred sends a message to the recipient with a reference to the rescindable capability. Upon receiving the message, the recipient invokes the acquire method of the referenced goods description, which returns a new rescindable capability that encompasses the generic right just transferred. Once the recipient holds a reference to the new rescindable capability, the sender has had its rights rescinded. Because details of a transfer are implemented between a rescindable capability and a goods description, rights to goods of any type can be transferred. This is useful in escrow transactions, where a trusted third party with no knowledge of goods being exchanged can effect exchanges of exclusive rights to generic goods by two mutually-suspicious parties.

    摘要翻译: 公开了一种允许通用商品的专有权力从一方转移到另一方的系统和方法。 一个党通过不可剥夺的能力拥有一个善良的独家权利。 当双方同意转让该商品的专有权时,就会形成纪念该协议的商品说明,该协议与可撤销的能力相协调。 货物描述包括一种获取方法,该方法是可以从协同作用的可撤销能力中提取权利的唯一方法。 正在转移通用权利的对象通过参考可重新登录的能力向收件人发送消息。 在接收到消息后,接收方调用所引用商品描述的获取方法,该方法返回包含刚被传送的通用权限的新的可重新命名的能力。 收件人一旦提到新的可撤销的功能,发件人已被取消权利。 由于转让的细节是在可撤销的能力和商品描述之间实现的,所以可以转让任何类型的商品的权利。 这对于托管交易是有用的,其中不知道货物被交换的可信赖的第三方可以通过两个相互怀疑的各方交换通用商品的专有权。

    Persistent distributed capabilities
    5.
    发明授权
    Persistent distributed capabilities 失效
    持久的分布式功能

    公开(公告)号:US6049838A

    公开(公告)日:2000-04-11

    申请号:US673058

    申请日:1996-07-01

    IPC分类号: G06F9/46 G06F15/163 G06F9/00

    CPC分类号: G06F9/465

    摘要: A system and method is disclosed that provides persistent capabilities for distributed, object-oriented applications running on generally available hardware. The disclosed system and method operate in a transparent distributed object system where inter-process messaging between the program objects is effected by paired transport managers, proxies and matched in-table and out-table slots. Each object needing to communicate with an object in another address space does so by transparently issuing messages to that object's local proxy. Each process provides a registrar that includes a secret code table wherein an object is registered with a unique, practically unguessable secret code. Anticipating the need to re-establish object-proxy links following a inter-process communications fault, proxies are made revivable, meaning that their links with corresponding remote objects can be revived following a communications interruption. This is accomplished by a makeRevivable method that stores a revivable proxy's expiration date (the date beyond which the proxy is not revivable) and its corresponding remote object's secret code into the proxy's out-table slot. Upon the occurrence of a communications fault, all transport managers and tables are nulled out and then, when the communications fault is corrected, rebuilt by the transport managers. Sometime after the restoration of communications, a revived method is invoked that restores the links between, registered objects and proxies. The objects and proxies are brought back in a consistent state based on limited checkpointed data stored by the distributed program for the registered objects.

    摘要翻译: 公开了一种系统和方法,其为在通常可用的硬件上运行的分布式面向对象应用程序提供持久性能力。 所公开的系统和方法在透明分布式对象系统中操作,其中程序对象之间的进程间消息通过配对的传输管理器,代理以及匹配的表内和表外时隙来实现。 需要与其他地址空间中的对象进行通信的每个对象通过透明地向该对象的本地代理发送消息来实现。 每个进程提供一个注册器,其中包括一个密码表,其中一个对象被注册了一个唯一的,几乎不可靠的密码。 考虑到在进程间通信故障之后重新建立对象 - 代理链路的需要,代理被修改,意味着它们与对应的远程对象的链接可以在通信中断之后复原。 这是通过一个makeRevivable方法实现的,该方法将可修改代理的有效期限(代理不可再生的日期)及其对应的远程对象的密码存储到代理的外表时隙中。 在发生通信故障时,所有运输管理人员和表格都将被清除,然后,当通信故障得到纠正时,由运输经理进行重建。 在恢复通信之后的某个时刻,调用了恢复的方法,恢复了注册对象和代理之间的链接。 基于由注册对象的分布式程序存储的有限检查点数据,对象和代理被恢复到一致的状态。

    Diverse goods arbitration system and method for allocating resources in
a distributed computer system
    6.
    发明授权
    Diverse goods arbitration system and method for allocating resources in a distributed computer system 失效
    多元化商品仲裁系统和分布式计算机系统资源分配方法

    公开(公告)号:US5640569A

    公开(公告)日:1997-06-17

    申请号:US431021

    申请日:1995-04-28

    CPC分类号: G06F9/50 G06F13/362 G06Q40/04

    摘要: A diverse goods arbitration system and method allocates computer resources among bidding requesters. Bid slates are transmitted to an arbiter by users (requesters) requesting use of specified portions of the available computer resources. Each bid slate may contain a plurality of bids, each bid representing a requested set of resources and a bid price. The arbiter selects combinations of bids from the bid slates, where each bid combination consists of no more than one bid from each of the received bid slates. The arbiter rejects all bid combinations whose constituent bids exceed an established maximum allocation level for any computer resource. It then selects as a winning bid combination the bid combination having the highest total bid price. Computer resources are then allocated for a next time period based on the winning bid. Costs are allocating to each successful requester in accordance with a predefined opportunity cost function. In particular, for each successful requester, the arbitration process is repeated while excluding that successful requester's bid slate from the set of bid slates considered, resulting in the selection of a second winning bid that excludes the successful requester. The successful requester is then assessed a cost corresponding to the difference between the winning bid's total bid prices, excluding the price in the successful requester's granted bid, and the total bid prices associated with the second winning bid.

    摘要翻译: 多样化的商品仲裁系统和方法在投标请求者之间分配计算机资源。 用户(请求者)请求使用可用计算机资源的指定部分的投标标准被传送给仲裁者。 每个出价平均值可能包含多个出价,每个出价代表所要求的一组资源和一个投标价格。 仲裁者从出价板中选择出价的组合,其中每个出价组合由每个收到的出价格式不超过一个出价。 仲裁人拒绝其组合出价超过任何计算机资源的既定最大分配水平的所有投标组合。 然后选择具有最高总出价价格的投标组合作为中标投标组合。 然后根据获胜的出价,计算机资源分配下一个时间段。 成本根据预定义的机会成本函数分配给每个成功的请求者。 特别地,对于每个成功的请求者,重复仲裁过程,而不考虑所考虑的一组投标标准中的成功请求者的投标价格,导致选择排除成功请求者的第二中标。 然后,对成功的请求者进行评估,对应于获胜投标的总出价价格(不包括成功的请求者授权出价中的价格)与与第二中标投标相关的总投标价格之间的差额的成本。

    Lightweight non-repudiation system and method
    7.
    发明授权
    Lightweight non-repudiation system and method 失效
    轻量不可否认的系统和方法

    公开(公告)号:US5790669A

    公开(公告)日:1998-08-04

    申请号:US675258

    申请日:1996-07-01

    IPC分类号: H04L9/32

    摘要: A system and method is disclosed that provides lightweight non-repudiability for networked computer systems. Each party to a two-party communication maintains hashes on its incoming and outgoing messages. At its discretion, either party can request that the other party commit to the conversation. The second party (if it agrees) then sends signed hashes that third parties can use to verify the content of the conversation. The party requesting the commitment stores its corresponding hashes when it sends the request. If the hashes from both parties are the same for the same positions in their conversation, the two parties can verify that their conversation is error-free. If the sending party also maintains logs of both sides (incoming and outgoing) of the conversation and stores hashes corresponding to the beginning of the logs, the sending party is also able to verify to a third party that the logged portion of the conversation was between the first party and the second party. Non-repudiability for entire conversations consisting of millions of messages can therefore be provided using a single pair of commit message and commitment/signature messages.

    摘要翻译: 公开了一种为网络计算机系统提供轻量级不可否认性的系统和方法。 双方通信的每一方都会对其传入和传出的消息进行散列。 任何一方可以自行决定是否要求对方承诺对话。 第二方(如果同意)则发送第三方可以用来验证会话内容的签名哈希值。 请求承诺的方在发送请求时存储其对应的哈希值。 如果来自双方的散列与对话中相同的位置相同,双方可以验证他们的对话是否无误。 如果发送方还维护会话的双方的日志(传入和传出),并且存储对应于日志开始的哈希,则发送方还能够向第三方验证所记录的对话部分在 第一党和第二党。 因此,可以使用一对提交消息和承诺/签名消息来提供包含数百万条消息的整个对话的不可否认性。