-
1.发明授权公开(公告)号:US07434257B2
公开(公告)日:2008-10-07
申请号:US09849093
申请日:2001-05-04
申请人: Praerit Garg , Robert P. Reichel , Richard B. Ward , Kedarnath A. Dubhashi , Jeffrey B. Hamblin , Anne C. Hopkins
发明人: Praerit Garg , Robert P. Reichel , Richard B. Ward , Kedarnath A. Dubhashi , Jeffrey B. Hamblin , Anne C. Hopkins
IPC分类号: G06F21/00
CPC分类号: G06F21/6218 , G06F9/4488 , Y10S707/99939
摘要: A dynamic authorization callback mechanism is provided that implements a dynamic authorization model. An application can thus implement virtually any authorization policy by utilizing dynamic data and flexible policy algorithms inherent in the dynamic authorization model. Dynamic data, such as client operation parameter values, client attributes stored in a time-varying or updateable data store, run-time or environmental factors such as time-of-day, and any other static or dynamic data that is managed or retrievable by the application may be evaluated in connection with access control decisions. Hence, applications may define and implement business rules that can be expressed in terms of run-time operations and dynamic data. An application thus has substantial flexibility in defining and implementing custom authorization policy, and at the same time provides standard definitions for such dynamic data and policy.
摘要翻译: 提供了实现动态授权模型的动态授权回调机制。 因此,应用程序可以通过利用动态授权模型中固有的动态数据和灵活的策略算法实现任何授权策略。 动态数据,例如客户端操作参数值,存储在时变或可更新数据存储中的客户端属性,运行时间或环境因素(例如时间)以及任何其他静态或动态数据,由 可以结合访问控制决定来评估应用。 因此,应用程序可以定义和实现可以根据运行时操作和动态数据来表达的业务规则。 因此,应用程序在定义和实施自定义授权策略方面具有很大的灵活性,同时为此类动态数据和策略提供了标准定义。
-
公开(公告)号:US07096367B2
公开(公告)日:2006-08-22
申请号:US09849099
申请日:2001-05-04
申请人: Praerit Garg , Robert P. Reichel , Richard B. Ward , Kedarnath A. Dubhashi , Jeffrey B. Hamblin , Anne C. Hopkins
发明人: Praerit Garg , Robert P. Reichel , Richard B. Ward , Kedarnath A. Dubhashi , Jeffrey B. Hamblin , Anne C. Hopkins
CPC分类号: G06F21/6218 , G06F2221/2141 , Y10S707/99939
摘要: An authorization handle is supported for each access policy determination that is likely to be repeated. In particular, an authorization handle may be assigned to access check results associated with the same discretionary access control list and the same client context. This likelihood may be determined based upon pre-set criteria for the application or service, based on usage history and the like. Once an access policy determination is assigned an authorization handle, the static maximum allowed access is cached for that policy determination. From access check to access check, the set of permissions desired by the client may change, and dynamic factors that might affect the overall privilege grant may also change; however, generally there is still a set of policies that is unaffected by the changes and common across access requests. The cached static maximum allowed access data is thus used to provide efficient operations for the evaluation of common policy sets. In systems having access policy evaluations that are repeated, authorization policy evaluations are more efficient, computer resources are free for other tasks, and performance improvements are observed.
-
公开(公告)号:US07248691B1
公开(公告)日:2007-07-24
申请号:US09704186
申请日:2000-10-31
CPC分类号: H04L9/3236 , H04L9/0643 , H04L9/3234 , H04L2209/38
摘要: A hashing structure including multiple sub-hashes is used to determine whether an input value matches one or more of multiple target values. These values can be of any form, such as security identifiers in an access control system. To make the determination, a hash key is obtained from the input value and multiple sub-hash indexes (one for each of the multiple sub-hashes) are generated based on the key. Values are identified from the multiple sub-hashes by indexing into the sub-hashes using respective ones of the sub-hash indexes. These values are then combined to generate a resultant hash value. Each of the multiple target values corresponds to one of multiple portions of the resultant hash value. If the portion corresponding to one of the target values has a particular value, then that target value is a likely match and is compared to the input value to determine if indeed the two match. This comparison can then be repeated for each target value with a corresponding portion in the resultant hash value that has the particular value.
摘要翻译: 使用包括多个子哈希的哈希结构来确定输入值是否匹配多个目标值中的一个或多个。 这些值可以是任何形式,例如访问控制系统中的安全标识符。 为了确定,从输入值获得散列密钥,并且基于密钥生成多个子散列索引(对于多个子哈希中的每一个分别为一个)。 通过使用相应的子哈希索引索引到子哈希中,从多个子哈希识别值。 然后将这些值组合以生成合成的散列值。 多个目标值中的每一个对应于所得到的散列值的多个部分之一。 如果对应于目标值之一的部分具有特定值,则该目标值是可能的匹配,并且与输入值进行比较以确定两者是否匹配。 然后可以对具有特定值的合成哈希值中的相应部分对每个目标值重复该比较。
-
4.发明授权Providing user on computer operating system with full privileges token and limited privileges token 有权在计算机操作系统上为用户提供完全权限令牌和有限权限令牌公开(公告)号:US07636851B2
公开(公告)日:2009-12-22
申请号:US11171744
申请日:2005-06-30
申请人: Jeffrey B. Hamblin , Jonathan Schwartz , Kedarnath A. Dubhashi , Klaus U. Schutz , Peter T. Brundrett , Richard B. Ward , Thomas C. Jones
发明人: Jeffrey B. Hamblin , Jonathan Schwartz , Kedarnath A. Dubhashi , Klaus U. Schutz , Peter T. Brundrett , Richard B. Ward , Thomas C. Jones
IPC分类号: G06F21/00
CPC分类号: G06F21/62 , G06F2221/2145 , G06F2221/2149
摘要: An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.
摘要翻译: 用于计算设备的操作系统具有用于用户的第一会话,所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。 第一权限令牌在操作系统上基本上包括用户的一整套特权。 操作系统还具有用户的第二会话,其包括具有附加到其的第二权限令牌的第二基本进程。 第二个权限令牌是从第一个权限令牌导出的,并且仅包含操作系统上用户的一组最小权限。 因此,第二个有限令牌不具有与第一个完整令牌相关联的所有权限,而是具有一组有限的权限,而不是可以用于采取有害,欺骗性或恶意行为的额外权限。
-
公开(公告)号:US20100191974A1
公开(公告)日:2010-07-29
申请号:US12360943
申请日:2009-01-28
IPC分类号: H04L9/32
CPC分类号: H04L9/3273 , G06F21/10 , G06F21/121 , H04L9/3247 , H04L2209/603
摘要: Various embodiments for software application verification are disclosed. Software application verification applies digital rights management to applications that run protected content on a playback device. In this way, protected content may be provided to approved applications and withheld from applications that have not been approved to run the protected content.
摘要翻译: 公开了用于软件应用验证的各种实施例。 软件应用程序验证将数字权限管理应用于在播放设备上运行受保护内容的应用程序。 以这种方式,受保护的内容可以被提供给已批准的应用,并且从未被批准来运行受保护的内容的应用中被保留。
-
公开(公告)号:US20090265178A1
公开(公告)日:2009-10-22
申请号:US12104416
申请日:2008-04-16
CPC分类号: G06Q30/02 , G06Q10/06 , G06Q10/0833
摘要: Various embodiments described above can enable referral lists to be used in connection with distributed content to protect a referral infrastructure that is used with such content. In at least some embodiments, referral lists are protected using digital rights management (DRM) techniques. The DRM techniques can be used for a number of purposes including securely establishing a referring consumer, securely maintaining a chain of referring entities through distribution tracking, and maintaining control over the referral lists associated with distributed content. In at least some embodiments, DRM techniques are utilized to protect referral lists that are used in multi-level marketing networks.
摘要翻译: 上述各种实施例可以使转介列表与分布式内容结合使用,以保护与此类内容一起使用的转介基础结构。 在至少一些实施例中,使用数字版权管理(DRM)技术来保护推荐列表。 DRM技术可以用于许多目的,包括安全地建立引用消费者,通过分发跟踪安全地维护参考实体链,并且保持对与分布式内容相关联的推荐列表的控制。 在至少一些实施例中,DRM技术被用于保护在多级营销网络中使用的引用列表。
-
公开(公告)号:US08869289B2
公开(公告)日:2014-10-21
申请号:US12360943
申请日:2009-01-28
CPC分类号: H04L9/3273 , G06F21/10 , G06F21/121 , H04L9/3247 , H04L2209/603
摘要: Various embodiments for software application verification are disclosed. Software application verification applies digital rights management to applications that run protected content on a playback device. In this way, protected content may be provided to approved applications and withheld from applications that have not been approved to run the protected content.
摘要翻译: 公开了用于软件应用验证的各种实施例。 软件应用程序验证将数字权限管理应用于在播放设备上运行受保护内容的应用程序。 以这种方式,受保护的内容可以被提供给已批准的应用,并且从未被批准来运行受保护的内容的应用中被保留。
-
公开(公告)号:US08539543B2
公开(公告)日:2013-09-17
申请号:US11734715
申请日:2007-04-12
申请人: Patrik Schnell , Clifford P. Strom , Kedarnath A. Dubhashi , Daniel Rosenstein , Mark L Beaubien , Alex McKelvey , Alexandre V. Grigorovitch , Anand Paka , Satvir Randhawa
发明人: Patrik Schnell , Clifford P. Strom , Kedarnath A. Dubhashi , Daniel Rosenstein , Mark L Beaubien , Alex McKelvey , Alexandre V. Grigorovitch , Anand Paka , Satvir Randhawa
IPC分类号: G06F17/00
CPC分类号: G06F21/10 , G06F2221/0706
摘要: Techniques enable building a collection of data that defines an asset, with the data possibly having differing data types. These techniques are then capable of assigning arbitrary policy to that asset, regardless of which data types are present within the asset. In addition, these techniques enable packaging of this first asset with one or more additional assets in a self-contained envelope. Each asset within the envelope may similarly include data of differing data types. Furthermore, each of these assets may be assigned a policy that may be different than the policy assigned to the first asset. This envelope, or a collection of envelopes, may then be provided to a content-consuming device to consume the assets in accordance with each asset's specified policy.
摘要翻译: 技术可以构建定义资产的数据集合,数据可能具有不同的数据类型。 然后,这些技术能够为该资产分配任意策略,无论资产中存在哪些数据类型。 此外,这些技术使得第一资产与一个或多个额外的资产在自包含的信封中进行包装。 信封内的每个资产可以类似地包括不同数据类型的数据。 此外,这些资产中的每一个可能被分配一个可能与分配给第一个资产的策略不同的策略。 然后可以将该信封或信封集合提供给消费内容的设备,以根据每个资产的指定策略来消费资产。
-
公开(公告)号:US20110173454A1
公开(公告)日:2011-07-14
申请号:US12684522
申请日:2010-01-08
CPC分类号: H04L9/0825 , H04L9/3247 , H04L63/10 , H04L63/20 , H04L2209/60
摘要: A content license associated with unencrypted digital content is generated, the content license including both an identifier of the unencrypted digital content and a content policy. At a user device, a determination is made as to whether the content license corresponds to particular unencrypted digital content. Use of the particular unencrypted digital content by the computing device is permitted in accordance with the content policy if the content license corresponds to the particular unencrypted digital content. However, use of the particular unencrypted digital content by the computing device based on the content license is prohibited if the content license does not correspond to the particular unencrypted digital content.
摘要翻译: 产生与未加密的数字内容相关联的内容许可证,内容许可证包括未加密的数字内容的标识符和内容策略。 在用户设备中,确定内容许可证是否对应于特定的未加密的数字内容。 如果内容许可证对应于特定的未加密的数字内容,则根据内容策略允许计算设备使用特定的未加密的数字内容。 然而,如果内容许可证不对应于特定的未加密的数字内容,则禁止由计算设备基于内容许可证使用特定的未加密的数字内容。
-
公开(公告)号:US20100212016A1
公开(公告)日:2010-08-19
申请号:US12388285
申请日:2009-02-18
IPC分类号: G06F21/00
CPC分类号: H04L63/126 , G06F21/10 , G06F21/57 , G06F2221/2105 , H04L63/10 , H04L67/06 , H04L2463/101
摘要: Various embodiments provide content protection interoperability techniques which support secure distribution of content for multiple content protection technologies. In one or more embodiments a source digital rights management (DRM) system can associate trust data with content to be exported to a target digital rights management (DRM) system. The trust data describes a trust state for the content to enable the target DRM system to maintain the trust state for the exported content. In at least some embodiments, the source DRM system can also associate tracing data with the content to, in the event of a breach in the chain of trust, enable an identification to be made of a source of the exported content and/or a party responsible for exporting the content.
摘要翻译: 各种实施例提供了支持多内容保护技术的内容的安全分发的内容保护互操作性技术。 在一个或多个实施例中,源数字版权管理(DRM)系统可以将信任数据与要导出到目标数字版权管理(DRM)系统的内容相关联。 信任数据描述了内容的信任状态,以使目标DRM系统能够维护导出的内容的信任状态。 在至少一些实施例中,源DRM系统还可以将跟踪数据与内容相关联,以便在信任链中的违反情况下使得能够对导出的内容的源和/或一方进行识别 负责出口内容。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.038 秒)
