-
公开(公告)号:US06934840B2
公开(公告)日:2005-08-23
申请号:US09746582
申请日:2000-12-21
CPC分类号: H04L9/3263 , H04L2209/56
摘要: An apparatus and method for managing keystores is implemented. A distributed keystore is established by aggregating individual. The distributed keystore may, be organized in a multi-level structure, which may be associated with an organizational structure of an enterprise, or other predetermined partitioning. Additionally, a centralized management of certificates may be provided, whereby the expiration or revocation of the certificates may be tracked, and expired or revoked certificates may be refreshed. The keystore may be updated in response to one or more update events.
摘要翻译: 实现用于管理密钥库的设备和方法。 分布式密钥库是通过聚合个体建立的。 分布式密钥库可以被组织在可以与企业的组织结构或其他预定分区相关联的多级结构中。 此外,可以提供证书的集中管理,由此可以跟踪证书的到期或撤销,并且可以刷新过期或撤销的证书。 可以响应于一个或多个更新事件来更新密钥库。
-
公开(公告)号:US06910128B1
公开(公告)日:2005-06-21
申请号:US09717524
申请日:2000-11-21
申请人: Donna Skibbie , Anthony Joseph Nadalin , Bruce Arland Rich , Theodore Jack London Shrader , Julianne Yarsa
发明人: Donna Skibbie , Anthony Joseph Nadalin , Bruce Arland Rich , Theodore Jack London Shrader , Julianne Yarsa
CPC分类号: H04L63/126 , G06F21/51 , G06F21/53 , H04L63/0428 , H04L63/20
摘要: A framework for processing signed applets that are distributed over the Internet. Using the framework, an applet that is packaged as a Netscape- or JDK-signed jar file, or as an Internet Explorer-signed cab file, is processed within the same Java runtime environment irrespective of the browser type (i.e. Netscape Communicator, Internet Explorer or JDK) used to execute the applet. When the applet is executed, the framework verifies one or more applet signatures using the same algorithm that was used to sign the applet, verifies the signer(s) of the applet, and stores information about the signers so that they can be honored by a security policy when permissions for the applet are determined.
摘要翻译: 用于处理通过互联网分发的签名小程序的框架。 使用框架,打包为Netscape或JDK签名的jar文件或作为Internet Explorer签名的cab文件的小程序在同一个Java运行时环境中处理,无论浏览器类型如Netscape Communicator,Internet Explorer 或JDK)用于执行小程序。 当小程序被执行时,框架使用用于签署小程序的相同算法验证一个或多个小程序签名,验证小应用程序的签名者,并存储关于签名者的信息,以便它们可被 确定小程序的权限时的安全策略。
-
公开(公告)号:US06473894B1
公开(公告)日:2002-10-29
申请号:US09240959
申请日:1999-01-29
IPC分类号: G06F944
CPC分类号: G06F11/3672 , G06F17/3089
摘要: A test/run program receives as input a list of identifiers for source pages referencing applets to be tested or run. The test/run program creates an array of the identifiers, together with parameters for each identifier, web browser to run the test under, and a number of times the source page is to be reloaded and the applets re-run. For each source page, and for each reload of a given source page, the test/run program starts the specified web browser process, loads the designated source page, and starts a fresh runtime environment for the applet. Support for a test class within the test/run program allows the applets to write success, failure, or informational results to an output file and to exit the web browser process when complete. Where a native implementation of the test class is employed, special security permissions need not be specified and the test/run program need not necessarily be run locally. In exiting the web browser process, the applets write a marker file to indicate that the applet run is complete, which the test/run program detects. Multiple applets may be automatically and repetitively loaded, each with a fresh runtime environment in a new web browser application, for testing of the applets or repeat execution of the applets changing system properties.
摘要翻译: 测试/运行程序作为输入接收引用要测试或运行的小程序的源页面的标识符列表。 测试/运行程序创建一个标识符数组,连同每个标识符的参数,Web浏览器运行测试,以及多次重新加载源页面,并重新运行小程序。 对于每个源页面,并且对于给定源页面的每个重新加载,测试/运行程序启动指定的Web浏览器进程,加载指定的源页面,并为该小程序启动新的运行时环境。 在测试/运行程序中支持测试类允许小程序将成功,失败或信息结果写入输出文件,并在完成时退出Web浏览器进程。 在使用测试类的本地实现的地方,不需要指定特殊的安全权限,并且测试/运行程序不一定必须在本地运行。 在退出Web浏览器进程时,小程序会写入一个标记文件,以指示小程序运行完成,测试/运行程序检测到该文件。 可以自动重复加载多个小应用程序,每个小程序在新的Web浏览器应用程序中具有新的运行时环境,用于测试小程序或重复执行小程序更改系统属性。
-
公开(公告)号:US06961855B1
公开(公告)日:2005-11-01
申请号:US09464854
申请日:1999-12-16
CPC分类号: G06F21/53 , G06F21/552
摘要: A mechanism that allows enterprise authorities to be informed when security-sensitive decisions or actions have been or are attempting to be made by users of untrusted code executing in the trusted computing base. The mechanism may be implemented as an abstract class that is part of the trusted computing base. The class provides a framework abstract enough to permit multiple possible notifications (e.g., providing an e-mail to a system operator, sending an Simple Network Management Protocol (SNMP) alert, making an entry in an online database, or the like) in the event that a given action is taken by a user of untrusted code. The abstract class may provide a default notification, or the class may be extended to enable an authority to provide its own set of customized notifications.
摘要翻译: 一种机制,允许企业当局在安全敏感的决策或动作已经或正在尝试由可信计算基础中执行的不受信任的代码的用户进行通知。 该机制可以被实现为作为可信计算基础的一部分的抽象类。 该类提供足够的框架摘要,以允许多个可能的通知(例如,向系统运营商提供电子邮件,发送简单网络管理协议(SNMP)警报,在线数据库中创建条目等) 事件是由不受信任的代码的用户采取给定的动作。 抽象类可以提供默认通知,或者可以扩展该类以使权限能够提供其自己的一组定制通知。
-
公开(公告)号:US06760912B1
公开(公告)日:2004-07-06
申请号:US09366463
申请日:1999-08-03
IPC分类号: G06F944
CPC分类号: G06F9/44526 , G06F17/30899
摘要: A method is provided for determining an identity of a browser in an Java environment in which an intermediary program masks the browser's identity. The method begins by querying an operating system process table for information identifying the browser. Thereafter, a Java properties table including the information from the process table is set. In response to a request from a calling program (e.g., an applet class) for the browser identity, a getProperty method is then called to retrieve the browser identity from the properties table. The browser identity is then returned to the calling program.
摘要翻译: 提供了一种用于确定Java环境中的浏览器的身份的方法,其中中间程序掩盖了浏览器的身份。 该方法开始于查询操作系统进程表以获取标识浏览器的信息。 此后,设置包括来自进程表的信息的Java属性表。 响应来自用于浏览器标识的调用程序(例如,applet类)的请求,然后调用getProperty方法以从属性表中检索浏览器标识。 然后将浏览器身份返回给调用程序。
-
公开(公告)号:US06708276B1
公开(公告)日:2004-03-16
申请号:US09366403
申请日:1999-08-03
IPC分类号: G06F944
CPC分类号: G06F21/53 , Y10S707/99943 , Y10S707/99945
摘要: An architecture for extending the Java security model to allow a user or administrator to explicitly deny permissions. By itself, the Java 2 security model does not allow additions to the collections of policy permissions after they have been loaded from the Java policy file. The inventive architecture allows Java applets and applications to dynamically prompt the user to deny a permission that does not exist in the Java policy file. If the user denies the permission, the present invention denies the permission for the ProtectionDomain to which the class asking for the permission belongs. Attributes for the denied permission may be set during runtime and saved across browser sessions.
摘要翻译: 用于扩展Java安全模型以允许用户或管理员明确拒绝权限的体系结构。 自己,Java 2安全模型在从Java策略文件加载后不允许添加策略权限集合。 本发明的架构允许Java小应用程序和应用程序动态地提示用户拒绝Java策略文件中不存在的权限。 如果用户拒绝该权限,则本发明拒绝对请求该权限的类所属的ProtectionDomain的许可。 被拒绝的权限的属性可以在运行时设置并保存在浏览器会话之间。
-
公开(公告)号:US06526513B1
公开(公告)日:2003-02-25
申请号:US09366465
申请日:1999-08-03
IPC分类号: G06F1330
摘要: An architecture for extending the Java security model to allow a user or administrator to grant permissions dynamically. By itself, the Java 2 security model does not allow additions to the collections of policy permissions after they have been loaded from the Java policy file. The inventive architecture allows Java applets and applications to dynamically prompt the user to grant a permission that does not exist in the Java policy file. If the user grants the permission, the present invention grants the permission for the ProtectionDomain to which the class asking for the permission belongs. Attributes for the dynamic permission may be set during runtime and saved across browser sessions.
摘要翻译: 用于扩展Java安全模型以允许用户或管理员动态授予权限的体系结构。 自己,Java 2安全模型在从Java策略文件加载后不允许添加策略权限集合。 本发明的架构允许Java小应用程序和应用程序动态地提示用户授予Java策略文件中不存在的权限。 如果用户授予权限,则本发明授予对请求该许可所属的类的ProtectionDomain的许可。 可以在运行时设置动态权限的属性,并在浏览器会话之间进行保存。
-
8.发明申请公开(公告)号:US20080052762A1
公开(公告)日:2008-02-28
申请号:US11930509
申请日:2007-10-31
申请人: David Hemsath , Donna Skibbie
发明人: David Hemsath , Donna Skibbie
IPC分类号: G06F9/44
CPC分类号: G06F21/6218 , G06F21/604
摘要: A method, system, apparatus, and computer program product is presented for plugging in a standard authorization system in a manner such that legacy applications can use the authorization APIs and backend remote interfaces of a legacy authorization system. When a legacy application makes a call intended for a routine within the legacy authorization system, the call is redirected to make the appropriate calls to the APIs of the standard authorization system.
摘要翻译: 提出了一种方法,系统,装置和计算机程序产品,用于插入标准授权系统,使得遗留应用可以使用授权API和后端的遗留授权系统的远程接口。 当遗留应用程序进行传统授权系统中的例程的呼叫时,呼叫被重定向以对标准授权系统的API进行适当的调用。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.02 秒)
