APPLICATION SECURITY MODEL
    3.
    发明申请
    APPLICATION SECURITY MODEL 有权
    应用安全模型

    公开(公告)号:US20090126011A1

    公开(公告)日:2009-05-14

    申请号:US11939383

    申请日:2007-11-13

    IPC分类号: G06F21/00

    CPC分类号: G06F21/563 G06F21/51

    摘要: Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.

    摘要翻译: 使用应用程序安全模型执行安全敏感操作。 执行安全不可知代码。 安全性不可知代码被识别为没有执行安全敏感操作的授权。 执行安全性不可知代码包括调用被标识为安全关键代码的代码。 响应安全隐私代码调用安全安全关键代码,执行安全安全关键代码。 安全关键代码包括执行有效性检查的功能。 执行安全安全关键代码包括对安全性不可知代码执行有效性检查。 当安全不可知代码通过有效性检查时,称为安全关键代码的代码。 响应安全关键代码调用安全关键代码,执行安全关键代码。 授权安全关键代码执行安全敏感操作。

    Host control of partial trust accessibility
    4.
    发明申请
    Host control of partial trust accessibility 有权
    主机控制部分信任可访问性

    公开(公告)号:US20080282315A1

    公开(公告)日:2008-11-13

    申请号:US11801714

    申请日:2007-05-10

    IPC分类号: G06F17/00

    CPC分类号: G06F21/52

    摘要: Various technologies and techniques are disclosed for providing host control of partial trust accessibility. A framework allows libraries to be identified as partial trust callers allowed to indicate that the libraries are allowed to be called from partially trusted code by default. The framework allows libraries to be identified as partial trust callers enabled to indicate the libraries could be called from partially trusted code, but not by default. A hosting application is notified that a particular library has been loaded. If the particular library has been identified as partial trust callers allowed, then a determination is received from the hosting application on whether to remove or keep partial trust accessibility for the particular library. If the particular library has been identified as partial trust callers enabled, then a determination is received from the hosting application on whether or not to enable partial trust accessibility for the particular library.

    摘要翻译: 公开了各种技术和技术,用于提供部分信任可访问性的主机控制。 框架允许将库识别为部分信任调用者,以允许默认情况下允许从部分受信任的代码调用库。 框架允许将库识别为启用的部分信任调用者,以指示可以从部分受信任的代码调用库,但不会默认。 通知托管应用程序已加载特定的库。 如果特定图书馆已经被识别为允许的部分信任来电者,则从托管应用程序接收到是否删除或保留特定图书馆的部分信任可访问性的确定。 如果特定库被识别为启用的部分信任调用者,则从托管应用程序接收是否启用特定库的部分信任可访问性的确定。

    Application security model
    5.
    发明授权
    Application security model 有权
    应用安全模型

    公开(公告)号:US08011008B2

    公开(公告)日:2011-08-30

    申请号:US11939383

    申请日:2007-11-13

    IPC分类号: G06F17/30

    CPC分类号: G06F21/563 G06F21/51

    摘要: Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.

    摘要翻译: 使用应用程序安全模型执行安全敏感操作。 执行安全不可知代码。 安全性不可知代码被识别为没有执行安全敏感操作的授权。 执行安全性不可知代码包括调用被标识为安全关键代码的代码。 响应安全隐私代码调用安全安全关键代码,执行安全安全关键代码。 安全关键代码包括执行有效性检查的功能。 执行安全安全关键代码包括对安全性不可知代码执行有效性检查。 当安全不可知代码通过有效性检查时,称为安全关键代码的代码。 响应安全关键代码调用安全关键代码,执行安全关键代码。 授权安全关键代码执行安全敏感操作。

    Host control of partial trust accessibility
    6.
    发明授权
    Host control of partial trust accessibility 有权
    主机控制部分信任可访问性

    公开(公告)号:US08402532B2

    公开(公告)日:2013-03-19

    申请号:US11801714

    申请日:2007-05-10

    CPC分类号: G06F21/52

    摘要: Various technologies and techniques are disclosed for providing host control of partial trust accessibility. A framework allows libraries to be identified as partial trust callers allowed to indicate that the libraries are allowed to be called from partially trusted code by default. The framework allows libraries to be identified as partial trust callers enabled to indicate the libraries could be called from partially trusted code, but not by default. A hosting application is notified that a particular library has been loaded. If the particular library has been identified as partial trust callers allowed, then a determination is received from the hosting application on whether to remove or keep partial trust accessibility for the particular library. If the particular library has been identified as partial trust callers enabled, then a determination is received from the hosting application on whether or not to enable partial trust accessibility for the particular library.

    摘要翻译: 公开了各种技术和技术,用于提供部分信任可访问性的主机控制。 框架允许将库识别为部分信任调用者,以允许默认情况下允许从部分受信任的代码调用库。 框架允许将库识别为启用的部分信任调用者,以指示可以从部分受信任的代码调用库,但不会默认。 通知托管应用程序已加载特定的库。 如果特定图书馆已经被识别为允许的部分信任来电者,则从主机应用程序接收到是否删除或保留特定图书馆的部分信任可访问性的确定。 如果特定库被识别为启用的部分信任调用者,则从托管应用程序接收是否启用特定库的部分信任可访问性的确定。

    VERSION-RESILIENCE BETWEEN A MANAGED ENVIRONMENT AND A SECURITY POLICY
    7.
    发明申请
    VERSION-RESILIENCE BETWEEN A MANAGED ENVIRONMENT AND A SECURITY POLICY 审中-公开
    管理环境与安全政策之间的版本恢复

    公开(公告)号:US20080201759A1

    公开(公告)日:2008-08-21

    申请号:US11675611

    申请日:2007-02-15

    IPC分类号: G06F17/00

    CPC分类号: G06F21/53

    摘要: A method and system for enforcing a security policy that is version-independent of a managed environment when loading custom code for a host application is provided. A security system of the managed environment receives an identifier of custom code to be loaded by the host application. Before loading the identified custom code, the managed environment enforces the security policy using the security system. The security system applies the security policy expressed using a version-independent indication of identifiers of untrusted custom code. If the security system determines that the trust of the custom code is unknown, then the security system requests a trust manager associated with the host application to enforce a host application-specific security policy. When the custom code is trusted, the managed environment loads the custom code.

    摘要翻译: 提供了一种方法和系统,用于在加载主机应用程序的自定义代码时,执行与受管环境版本无关的安全策略。 受管环境的安全系统接收要由主机应用程序加载的自定义代码的标识符。 在加载标识的自定义代码之前,受管环境使用安全系统强制执行安全策略。 安全系统应用使用与版本无关的不可信定制代码标识符表示的安全策略。 如果安全系统确定自定义代码的信任是未知的,则安全系统请求与主机应用程序相关联的信任管理器来强制执行主机特定于应用程序的安全策略。 当自定义代码被信任时,受管环境加载自定义代码。

    API for Diffie-Hellman secret agreement
    8.
    发明申请
    API for Diffie-Hellman secret agreement 审中-公开
    API为Diffie-Hellman秘密协议

    公开(公告)号:US20100023767A1

    公开(公告)日:2010-01-28

    申请号:US11804357

    申请日:2007-05-18

    IPC分类号: H04L9/32

    CPC分类号: H04L9/0841

    摘要: Various technologies and techniques are disclosed for implementing a Diffie-Hellman secret agreement. An application programming interface is provided that is operable to allow a first computer to generate a Diffie-Hellman secret agreement for communicating securely with a second computer over an insecure channel. A get public key operation is performed upon receiving a request to perform the get public key operation. The get public key operation gets a public key of the first computer. A retrieval operation is performed upon receiving a request to perform the retrieval operation. The retrieval operation retrieves the Diffie-Hellman secret agreement upon supplying a public key of the second computer.

    摘要翻译: 披露了实施Diffie-Hellman秘密协议的各种技术和技术。 提供了一种应用编程接口,其可操作以允许第一计算机生成用于通过不安全信道与第二计算机进行安全通信的Diffie-Hellman秘密协议。 在接收到执行获取公共密钥操作的请求时执行获取公钥操作。 获取公钥操作获得第一台计算机的公钥。 在接收到执行检索操作的请求时执行检索操作。 检索操作在提供第二台计算机的公钥时检索Diffie-Hellman秘密协议。