公开(公告)号：US20080022093A1

公开(公告)日：2008-01-24

申请号：US11472052

申请日：2006-06-20

申请人： Thekkthalackal Varugis Kurien ,  Jeffrey B. Hamblin ,  Narasimha Rao Nagampalli ,  Peter T. Brundrett ,  Scott Field

发明人： Thekkthalackal Varugis Kurien ,  Jeffrey B. Hamblin ,  Narasimha Rao Nagampalli ,  Peter T. Brundrett ,  Scott Field

IPC分类号： H04L9/00

CPC分类号： G06F21/50 ,  G06F21/51 ,  G06F21/53

摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

摘要翻译： 在计算机设备上电时，计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象（统称为“程序”）分配监视程序，以监视程序的活动。 当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为“完整性标签”）。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

公开(公告)号：US20120102577A1

公开(公告)日：2012-04-26

申请号：US13341855

申请日：2011-12-30

申请人： Thekkthalackal Varugis Kurien ,  Jeffrey B. Hamblin ,  Narasimha Rao Nagampalli ,  Peter T. Brundrett ,  Scott Field

发明人： Thekkthalackal Varugis Kurien ,  Jeffrey B. Hamblin ,  Narasimha Rao Nagampalli ,  Peter T. Brundrett ,  Scott Field

IPC分类号： G06F21/24

CPC分类号： G06F21/50 ,  G06F21/51 ,  G06F21/53

摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

摘要翻译： 在计算机设备上电时，计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象（统称为“程序”）分配监视程序，以监视程序的活动。 当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为“完整性标签”）。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

公开(公告)号：US07636851B2

公开(公告)日：2009-12-22

申请号：US11171744

申请日：2005-06-30

申请人： Jeffrey B. Hamblin ,  Jonathan Schwartz ,  Kedarnath A. Dubhashi ,  Klaus U. Schutz ,  Peter T. Brundrett ,  Richard B. Ward ,  Thomas C. Jones

发明人： Jeffrey B. Hamblin ,  Jonathan Schwartz ,  Kedarnath A. Dubhashi ,  Klaus U. Schutz ,  Peter T. Brundrett ,  Richard B. Ward ,  Thomas C. Jones

IPC分类号： G06F21/00

CPC分类号： G06F21/62 ,  G06F2221/2145 ,  G06F2221/2149

摘要： An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.

摘要翻译： 用于计算设备的操作系统具有用于用户的第一会话，所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。 第一权限令牌在操作系统上基本上包括用户的一整套特权。 操作系统还具有用户的第二会话，其包括具有附加到其的第二权限令牌的第二基本进程。 第二个权限令牌是从第一个权限令牌导出的，并且仅包含操作系统上用户的一组最小权限。 因此，第二个有限令牌不具有与第一个完整令牌相关联的所有权限，而是具有一组有限的权限，而不是可以用于采取有害，欺骗性或恶意行为的额外权限。

公开(公告)号：US07434257B2

公开(公告)日：2008-10-07

申请号：US09849093

申请日：2001-05-04

申请人： Praerit Garg ,  Robert P. Reichel ,  Richard B. Ward ,  Kedarnath A. Dubhashi ,  Jeffrey B. Hamblin ,  Anne C. Hopkins

发明人： Praerit Garg ,  Robert P. Reichel ,  Richard B. Ward ,  Kedarnath A. Dubhashi ,  Jeffrey B. Hamblin ,  Anne C. Hopkins

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F9/4488 ,  Y10S707/99939

摘要： A dynamic authorization callback mechanism is provided that implements a dynamic authorization model. An application can thus implement virtually any authorization policy by utilizing dynamic data and flexible policy algorithms inherent in the dynamic authorization model. Dynamic data, such as client operation parameter values, client attributes stored in a time-varying or updateable data store, run-time or environmental factors such as time-of-day, and any other static or dynamic data that is managed or retrievable by the application may be evaluated in connection with access control decisions. Hence, applications may define and implement business rules that can be expressed in terms of run-time operations and dynamic data. An application thus has substantial flexibility in defining and implementing custom authorization policy, and at the same time provides standard definitions for such dynamic data and policy.

摘要翻译： 提供了实现动态授权模型的动态授权回调机制。 因此，应用程序可以通过利用动态授权模型中固有的动态数据和灵活的策略算法实现任何授权策略。 动态数据，例如客户端操作参数值，存储在时变或可更新数据存储中的客户端属性，运行时间或环境因素（例如时间）以及任何其他静态或动态数据，由 可以结合访问控制决定来评估应用。 因此，应用程序可以定义和实现可以根据运行时操作和动态数据来表达的业务规则。 因此，应用程序在定义和实施自定义授权策略方面具有很大的灵活性，同时为此类动态数据和策略提供了标准定义。

公开(公告)号：US20110231940A1

公开(公告)日：2011-09-22

申请号：US12727763

申请日：2010-03-19

申请人： Raja Pazhanivel Perumal ,  Jeffrey B. Hamblin

发明人： Raja Pazhanivel Perumal ,  Jeffrey B. Hamblin

IPC分类号： G06F21/24 ,  G06F17/30

CPC分类号： G06F21/335 ,  G06F2221/2103 ,  G06F2221/2143 ,  G06F2221/2145 ,  H04L63/101

摘要： Existing mechanisms that control access to data based upon whether the user seeking to access the data is identified among the users that are allowed to access the data, can be extended to further control access based upon the provision of credential data by the user, or processes associated therewith. Access control entries can limit access based upon Boolean conditionals, including those referencing credential data, such that access can be granted only to specific users that provide the credential data or, alternatively, to any user that provides it. The referenced credential data can be specified in the access control information in an obfuscated form for security purposes. Information associated with the user, such as a user token, can be temporarily updated to include credential data when provided by the user, so as to enable access to the data but to prevent such access from remaining open too long.

摘要翻译： 可以根据用户访问数据的用户是否识别访问数据的现有机制，可以扩展为进一步控制访问，这是基于用户提供的凭据数据或处理 相关联。 访问控制条目可以基于布尔条件（包括引用凭证数据的那些）来限制访问，使得仅可以向提供证书数据的特定用户授予访问权，或者替代地，授予提供证书数据的任何用户的访问。 为了安全起见，引用的凭证数据可以以混淆形式在访问控制信息中指定。 与用户相关联的信息（例如用户令牌）可以被临时更新，以在由用户提供时包括凭证数据，以便能够访问数据，但是防止这种访问保持打开太久。

公开(公告)号：US08464319B2

公开(公告)日：2013-06-11

申请号：US12684426

申请日：2010-01-08

申请人： Raja P. Perumal ,  Jeffrey B. Hamblin ,  Paul J. Leach

发明人： Raja P. Perumal ,  Jeffrey B. Hamblin ,  Paul J. Leach

IPC分类号： G06F21/00

CPC分类号： G06F21/30 ,  G06F21/6218 ,  G06F2221/2113 ,  G06F2221/2141

摘要： A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted.

公开(公告)号：US20110173679A1

公开(公告)日：2011-07-14

申请号：US12684426

申请日：2010-01-08

申请人： Raja P. Perumal ,  Jeffrey B. Hamblin ,  Paul J. Leach

发明人： Raja P. Perumal ,  Jeffrey B. Hamblin ,  Paul J. Leach

IPC分类号： G06F21/20 ,  G06F21/00

CPC分类号： G06F21/30 ,  G06F21/6218 ,  G06F2221/2113 ,  G06F2221/2141

摘要： A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted.

摘要翻译： 识别与要求访问类型的资源对应的范围层级，范围层级包括多个范围级别，每个范围级别都具有相关联的访问控制列表。 与较低范围级别相关联的访问控制列表可以通过与较高范围级别相关联的访问控制列表进一步限制对资源的访问。 至少部分地基于与多范围级别相关联的一个或多个访问控制列表，确定是否允许所请求的对资源的访问类型。

公开(公告)号：US07248691B1

公开(公告)日：2007-07-24

申请号：US09704186

申请日：2000-10-31

申请人： Bhalchandra S. Pandit ,  Robert P. Reichel ,  Jeffrey B. Hamblin ,  Kedarnath A. Dubhashi

发明人： Bhalchandra S. Pandit ,  Robert P. Reichel ,  Jeffrey B. Hamblin ,  Kedarnath A. Dubhashi

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： H04L9/3236 ,  H04L9/0643 ,  H04L9/3234 ,  H04L2209/38

摘要： A hashing structure including multiple sub-hashes is used to determine whether an input value matches one or more of multiple target values. These values can be of any form, such as security identifiers in an access control system. To make the determination, a hash key is obtained from the input value and multiple sub-hash indexes (one for each of the multiple sub-hashes) are generated based on the key. Values are identified from the multiple sub-hashes by indexing into the sub-hashes using respective ones of the sub-hash indexes. These values are then combined to generate a resultant hash value. Each of the multiple target values corresponds to one of multiple portions of the resultant hash value. If the portion corresponding to one of the target values has a particular value, then that target value is a likely match and is compared to the input value to determine if indeed the two match. This comparison can then be repeated for each target value with a corresponding portion in the resultant hash value that has the particular value.

摘要翻译： 使用包括多个子哈希的哈希结构来确定输入值是否匹配多个目标值中的一个或多个。 这些值可以是任何形式，例如访问控制系统中的安全标识符。 为了确定，从输入值获得散列密钥，并且基于密钥生成多个子散列索引（对于多个子哈希中的每一个分别为一个）。 通过使用相应的子哈希索引索引到子哈希中，从多个子哈希识别值。 然后将这些值组合以生成合成的散列值。 多个目标值中的每一个对应于所得到的散列值的多个部分之一。 如果对应于目标值之一的部分具有特定值，则该目标值是可能的匹配，并且与输入值进行比较以确定两者是否匹配。 然后可以对具有特定值的合成哈希值中的相应部分对每个目标值重复该比较。

公开(公告)号：US07096367B2

公开(公告)日：2006-08-22

申请号：US09849099

申请日：2001-05-04

申请人： Praerit Garg ,  Robert P. Reichel ,  Richard B. Ward ,  Kedarnath A. Dubhashi ,  Jeffrey B. Hamblin ,  Anne C. Hopkins

发明人： Praerit Garg ,  Robert P. Reichel ,  Richard B. Ward ,  Kedarnath A. Dubhashi ,  Jeffrey B. Hamblin ,  Anne C. Hopkins

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： G06F21/6218 ,  G06F2221/2141 ,  Y10S707/99939

摘要： An authorization handle is supported for each access policy determination that is likely to be repeated. In particular, an authorization handle may be assigned to access check results associated with the same discretionary access control list and the same client context. This likelihood may be determined based upon pre-set criteria for the application or service, based on usage history and the like. Once an access policy determination is assigned an authorization handle, the static maximum allowed access is cached for that policy determination. From access check to access check, the set of permissions desired by the client may change, and dynamic factors that might affect the overall privilege grant may also change; however, generally there is still a set of policies that is unaffected by the changes and common across access requests. The cached static maximum allowed access data is thus used to provide efficient operations for the evaluation of common policy sets. In systems having access policy evaluations that are repeated, authorization policy evaluations are more efficient, computer resources are free for other tasks, and performance improvements are observed.

公开(公告)号：US09038168B2

公开(公告)日：2015-05-19

申请号：US12622441

申请日：2009-11-20

申请人： Nir Ben-Zvi ,  Raja Pazhanivel Perumal ,  Anders Samuelsson ,  Jeffrey B. Hamblin ,  Ran Kalach ,  Ziquan Li ,  Matthias H. Wollnik ,  Clyde Law ,  Paul Adrian Oltean

发明人： Nir Ben-Zvi ,  Raja Pazhanivel Perumal ,  Anders Samuelsson ,  Jeffrey B. Hamblin ,  Ran Kalach ,  Ziquan Li ,  Matthias H. Wollnik ,  Clyde Law ,  Paul Adrian Oltean

IPC分类号： G06F12/14 ,  G06F21/62

CPC分类号： G06F21/6218 ,  G06F2221/2141

摘要： Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource.

摘要翻译： 描述了根据从资源分离的策略来评估资源的资源标签以针对访问请求的用户权利要求来确定对资源的访问的技术。 资源可以是文件，并且可以通过将文件分类为分类属性来获得资源标签，使得文件的改变可以改变其资源标签，从而改变哪些用户有权访问该文件。 基于资源标签的访问评估可以逻辑地与传统的基于ACL的访问评估组合以确定是否授予或拒绝对资源的访问。