公开(公告)号：US6161121A

公开(公告)日：2000-12-12

申请号：US673039

申请日：1996-07-01

申请人： Norman Hardy ,  E. Dean Tribble ,  Mark S. Miller ,  John D. Corbett ,  Eric C. Hill ,  Christopher T. Hibbert

发明人： Norman Hardy ,  E. Dean Tribble ,  Mark S. Miller ,  John D. Corbett ,  Eric C. Hill ,  Christopher T. Hibbert

IPC分类号： G06F21/00 ,  G06F9/00

CPC分类号： G06F21/6218 ,  G06F2221/2141

摘要： A system and method are disclosed that enable exclusive rights in generic goods to be transferred from one party to another. A party holds an exclusive right to a good through a rescindable capability. When two parties agree on a transfer of the exclusive right to the good, a goods description memorializing the agreement is created which is in synergy with the rescindable capability. The goods description includes an acquire method that is the only method that can extract rights from the rescindable capability with which it is in synergy. The object from which the generic right is being transferred sends a message to the recipient with a reference to the rescindable capability. Upon receiving the message, the recipient invokes the acquire method of the referenced goods description, which returns a new rescindable capability that encompasses the generic right just transferred. Once the recipient holds a reference to the new rescindable capability, the sender has had its rights rescinded. Because details of a transfer are implemented between a rescindable capability and a goods description, rights to goods of any type can be transferred. This is useful in escrow transactions, where a trusted third party with no knowledge of goods being exchanged can effect exchanges of exclusive rights to generic goods by two mutually-suspicious parties.

摘要翻译： 公开了一种允许通用商品的专有权力从一方转移到另一方的系统和方法。 一个党通过不可剥夺的能力拥有一个善良的独家权利。 当双方同意转让该商品的专有权时，就会形成纪念该协议的商品说明，该协议与可撤销的能力相协调。 货物描述包括一种获取方法，该方法是可以从协同作用的可撤销能力中提取权利的唯一方法。 正在转移通用权利的对象通过参考可重新登录的能力向收件人发送消息。 在接收到消息后，接收方调用所引用商品描述的获取方法，该方法返回包含刚被传送的通用权限的新的可重新命名的能力。 收件人一旦提到新的可撤销的功能，发件人已被取消权利。 由于转让的细节是在可撤销的能力和商品描述之间实现的，所以可以转让任何类型的商品的权利。 这对于托管交易是有用的，其中不知道货物被交换的可信赖的第三方可以通过两个相互怀疑的各方交换通用商品的专有权。

公开(公告)号：US6049838A

公开(公告)日：2000-04-11

申请号：US673058

申请日：1996-07-01

申请人： Mark S. Miller ,  Norman Hardy ,  E. Dean Tribble ,  Christopher T. Hibbert ,  Eric C. Hill

发明人： Mark S. Miller ,  Norman Hardy ,  E. Dean Tribble ,  Christopher T. Hibbert ,  Eric C. Hill

IPC分类号： G06F9/46 ,  G06F15/163 ,  G06F9/00

CPC分类号： G06F9/465

摘要： A system and method is disclosed that provides persistent capabilities for distributed, object-oriented applications running on generally available hardware. The disclosed system and method operate in a transparent distributed object system where inter-process messaging between the program objects is effected by paired transport managers, proxies and matched in-table and out-table slots. Each object needing to communicate with an object in another address space does so by transparently issuing messages to that object's local proxy. Each process provides a registrar that includes a secret code table wherein an object is registered with a unique, practically unguessable secret code. Anticipating the need to re-establish object-proxy links following a inter-process communications fault, proxies are made revivable, meaning that their links with corresponding remote objects can be revived following a communications interruption. This is accomplished by a makeRevivable method that stores a revivable proxy's expiration date (the date beyond which the proxy is not revivable) and its corresponding remote object's secret code into the proxy's out-table slot. Upon the occurrence of a communications fault, all transport managers and tables are nulled out and then, when the communications fault is corrected, rebuilt by the transport managers. Sometime after the restoration of communications, a revived method is invoked that restores the links between, registered objects and proxies. The objects and proxies are brought back in a consistent state based on limited checkpointed data stored by the distributed program for the registered objects.

摘要翻译： 公开了一种系统和方法，其为在通常可用的硬件上运行的分布式面向对象应用程序提供持久性能力。 所公开的系统和方法在透明分布式对象系统中操作，其中程序对象之间的进程间消息通过配对的传输管理器，代理以及匹配的表内和表外时隙来实现。 需要与其他地址空间中的对象进行通信的每个对象通过透明地向该对象的本地代理发送消息来实现。 每个进程提供一个注册器，其中包括一个密码表，其中一个对象被注册了一个唯一的，几乎不可靠的密码。 考虑到在进程间通信故障之后重新建立对象 - 代理链路的需要，代理被修改，意味着它们与对应的远程对象的链接可以在通信中断之后复原。 这是通过一个makeRevivable方法实现的，该方法将可修改代理的有效期限（代理不可再生的日期）及其对应的远程对象的密码存储到代理的外表时隙中。 在发生通信故障时，所有运输管理人员和表格都将被清除，然后，当通信故障得到纠正时，由运输经理进行重建。 在恢复通信之后的某个时刻，调用了恢复的方法，恢复了注册对象和代理之间的链接。 基于由注册对象的分布式程序存储的有限检查点数据，对象和代理被恢复到一致的状态。

公开(公告)号：US5852666A

公开(公告)日：1998-12-22

申请号：US674128

申请日：1996-07-01

申请人： Mark S. Miller ,  E. Dean Tribble ,  Norman Hardy ,  Eric C. Hill ,  Christopher T. Hibbert

发明人： Mark S. Miller ,  E. Dean Tribble ,  Norman Hardy ,  Eric C. Hill ,  Christopher T. Hibbert

IPC分类号： G06F1/00 ,  G06F9/46 ,  G06F12/14 ,  G06F21/00 ,  G06F15/163

CPC分类号： G06F9/468 ,  G06F21/62 ,  G06F12/1483 ,  G06F2211/008 ,  G06F2221/2107 ,  G06F2221/2145

摘要： A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination. This cryptography can be performed by objects or processes using a variety of techniques, including Diffie-Helman or public/private key cryptography. The cryptography performed in the various embodiments ensures that only the intended recipient of the message can decode the object reference and that a misbehaving object cannot convince another object that it possesses a capability it does not have. Some of the disclosed embodiments provide capability security for distributed object systems wherein the objects and processes directly handle inter-object and inter-process communications and message encryption and decryption.

摘要翻译： 公开了一种为分布式对象系统提供能力安全性的系统。 能力安全的基本原则是，仅仅通过保持对该对象的引用来表示对对象做某事的权利（例如，调用特定对象的方法）。 在本文描述的每个优选实施例中，假定对象仅在对象知道某些未公开的（在能力安全所要求的条件下除外）与该特定对象相关联的密钥时，才能合理地保持对特定对象的引用。 也就是说，对象的关键是与对象的引用一起需要的。 因此，当对象引用在不同进程中的对象之间传递时，能够保证能力安全性，所传递的对象引用在传输时被加密，然后在到达目的地时进行解密。 该密码术可以由使用各种技术的对象或进程执行，包括Diffie-Helman或公共/私人密钥密码术。 在各种实施例中执行的密码学确保仅消息的预期接收者可以解码对象引用，并且不良行为对象不能说服另一对象具有其不具有的能力。 所公开的实施例中的一些为分布式对象系统提供能力安全性，其中对象和过程直接处理对象间和进程间通信以及消息加密和解密。

公开(公告)号：US5960087A

公开(公告)日：1999-09-28

申请号：US674114

申请日：1996-07-01

申请人： E. Dean Tribble ,  Mark S. Miller ,  Norman Hardy ,  Jacob Y. Levy ,  Eric C. Hill ,  Christopher T. Hibbert

发明人： E. Dean Tribble ,  Mark S. Miller ,  Norman Hardy ,  Jacob Y. Levy ,  Eric C. Hill ,  Christopher T. Hibbert

IPC分类号： G06F12/02 ,  H04L9/30 ,  H04L9/00 ,  G06F17/30

CPC分类号： G06F12/0269 ,  G06F12/0261 ,  Y10S707/99953

摘要： A distributed garbage collection system and method is disclosed that is compatible with local ref-count or full garbage collection and that ensures that no local object's storage is deleted by the local garbage collector unless it is certain that there are no actual or potential remote references to that local object. The disclosed system and method are implemented in the context of a transparent distributed object system in which communications between objects in different processes are enabled by dedicated proxy objects that are linked to corresponding remote objects via a pair of transport objects. Additional proxy holder objects and proxy holder proxies ensure that objects for which third-party object references are passed (i.e., where one object in a first process passes a remote object in a second process a reference to a third object in a third process) are not collected until a direct link is established between the remote object in the second process and the third object in the third object space. As appropriate, secret number table pointers maintained by a local registrar for each object that has been accessed via a third party message are deleted, allowing the objects to be collected when there are no other actual or pending remote references to that object. The transport managers encrypt all inter-process messages so as to provide full capability security within the distributed system. This enables the disclosed garbage collection system and methods to operate under attack from misbehaving participants.

摘要翻译： 公开了一种与本地引用计数或完全垃圾收集兼容的分布式垃圾回收系统和方法，并且确保本地对象的存储被本地垃圾收集器删除，除非确定没有实际或潜在的远程引用 那个地方的对象。 所公开的系统和方法在透明分布式对象系统的上下文中实现，其中通过经由一对传输对象链接到对应的远程对象的专用代理对象来启用不同进程中的对象之间的通信。 其他代理持有者对象和代理持有人代理确保传递第三方对象引用的对象（即，第一个进程中的一个对象在第二个进程中的远程对象在第三个进程中对第三个对象的引用） 在第二进程中的远程对象与第三对象空间中的第三对象之间建立直接链接之前，不会被收集。 适当地，删除了由本地注册器为通过第三方消息访问的每个对象维护的秘密号码表指针，从而允许当对该对象没有其他实际或挂起的远程引用时收集对象。 运输经理加密所有进程间消息，以便在分布式系统中提供全面的能力安全性。 这使得所公开的垃圾收集系统和方法能够在行为不端的参与者的攻击下进行操作。

公开(公告)号：US5781633A

公开(公告)日：1998-07-14

申请号：US671307

申请日：1996-07-01

申请人： E. Dean Tribble ,  Mark S. Miller ,  Norman Hardy ,  Christopher T. Hibbert ,  Eric C. Hill

发明人： E. Dean Tribble ,  Mark S. Miller ,  Norman Hardy ,  Christopher T. Hibbert ,  Eric C. Hill

IPC分类号： G06F9/46 ,  H04L9/32 ,  G06F13/14

CPC分类号： G06F9/468

摘要： A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination. This cryptography can be performed by objects or processes using a variety of techniques, including Diffie-Helman or public/private key cryptography. The cryptography performed in the various embodiments ensures that only the intended recipient of the message can decode the object reference and that a misbehaving object cannot convince another object that it possesses a capability it does not have. Some of the disclosed embodiments provide capability security for transparent distributed object systems, wherein a pair of matched transports handle and encrypt inter-process communications between objects in their respective processes.

摘要翻译： 公开了一种为分布式对象系统提供能力安全性的系统。 能力安全的基本原则是，仅仅通过保持对该对象的引用来表示对对象做某事的权利（例如，调用特定对象的方法）。 在本文描述的每个优选实施例中，假定对象仅在对象知道某些未公开的（在能力安全所要求的条件下除外）与该特定对象相关联的密钥时，才能合理地保持对特定对象的引用。 也就是说，对象的关键是与对象的引用一起需要的。 因此，当对象引用在不同进程中的对象之间传递时，能够保证能力安全性，所传递的对象引用在传输时被加密，然后在到达目的地时进行解密。 该密码术可以由使用各种技术的对象或进程执行，包括Diffie-Helman或公共/私人密钥密码术。 在各种实施例中执行的密码学确保仅消息的预期接收者可以解码对象引用，并且不良行为对象不能说服另一对象具有其不具有的能力。 所公开的实施例中的一些为透明分布式对象系统提供能力安全性，其中一对匹配的传输处理和加密各自进程中的对象之间的进程间通信。