专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08505065B2 Access control policy in a weakly-coherent distributed collection 有权
标题翻译：访问控制策略在弱连贯的分布式集合中
公开(公告)号：US08505065B2
公开(公告)日：2013-08-06
申请号：US11765886
申请日：2007-06-20
申请人： Edward P. Wobber , Martin Abadi , Thomas L. Rodeheffer
发明人： Edward P. Wobber , Martin Abadi , Thomas L. Rodeheffer
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： G06F17/30578 , H04L9/12 , H04L9/321 , H04L9/3268 , H04L2209/60 , H04L2209/80
摘要： A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.
摘要翻译：公开了一种用于在弱相关分布式集合中创建和实现访问控制策略框架的系统。收集管理员可以签署形成共享特定权限的副本的等价类的证书。收集管理员和/或某些特权副本可能会颁发授权来管理项目策略和副本策略的证书。可以签署创建一个或多个项目的其他证书，为这些一个或多个项目设置策略，并且定义一个或多个项目授权的一组操作。根据本制度制定的颁发和实施控制政策框架的证书不能修改或简单地覆盖。颁发政策证书后，只能由收款经理或具有撤销授权的副本撤销。

2. 发明申请

US20080320299A1 ACCESS CONTROL POLICY IN A WEAKLY-COHERENT DISTRIBUTED COLLECTION 有权
标题翻译：弱智分布式收集中的访问控制策略
公开(公告)号：US20080320299A1
公开(公告)日：2008-12-25
申请号：US11765886
申请日：2007-06-20
申请人： Edward P. Wobber , Martin Abadi , Thomas L. Rodeheffer
发明人： Edward P. Wobber , Martin Abadi , Thomas L. Rodeheffer
IPC分类号： H04L9/00
CPC分类号： G06F17/30578 , H04L9/12 , H04L9/321 , H04L9/3268 , H04L2209/60 , H04L2209/80
摘要： A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.
摘要翻译：公开了一种用于在弱相关分布式集合中创建和实现访问控制策略框架的系统。收集管理员可以签署形成共享特定权限的副本的等价类的证书。收集管理员和/或某些特权副本可能会颁发授权来管理项目策略和副本策略的证书。可以签署创建一个或多个项目的其他证书，为这些一个或多个项目设置策略，并且定义在一个或多个项目上授权的一组操作。根据本制度制定的颁发和实施控制政策框架的证书不能修改或简单地覆盖。颁发政策证书后，只能由收款经理或具有撤销授权的副本撤销。

3. 发明授权

US07600232B2 Inter-process communications employing bi-directional message conduits 有权
标题翻译：使用双向消息通道的进程间通信
公开(公告)号：US07600232B2
公开(公告)日：2009-10-06
申请号：US11007655
申请日：2004-12-07
申请人： Galen C. Hunt , James R. Larus , Manuel Fahndrich , Edward P. Wobber , Martin Abadi , John D. DeTreville
发明人： Galen C. Hunt , James R. Larus , Manuel Fahndrich , Edward P. Wobber , Martin Abadi , John D. DeTreville
IPC分类号： G06F3/00 , G06F9/44 , G06F9/46 , G06F13/00
CPC分类号： G06F9/546 , G06F2209/547
摘要： Described herein is an implementation of an inter-process communications technology. One or more implementations, described herein, facilitate creation of a bi-directional message conduit having exactly two endpoints. A first endpoint is owned by a first software process and a second endpoint is owned by a second software process. One or more implementations, described herein, maintain the bi-directional message conduit for passing multiple messages via the bi-directional message conduit from the first process to the second process, according to established rules that can be checked.
摘要翻译：这里描述的是进程间通信技术的实现。本文描述的一个或多个实施方式有助于创建具有正好两个端点的双向消息导管。第一端点由第一软件进程拥有，第二端点由第二软件进程所拥有。根据已经可以检查的规则，本文描述的一个或多个实施方案维护双向消息管道，用于经由双向消息管道将多个消息从第一进程传递到第二进程。

4. 发明授权

US5805803A Secure web tunnel 失效
标题翻译：安全的网络隧道
公开(公告)号：US5805803A
公开(公告)日：1998-09-08
申请号：US855025
申请日：1997-05-13
申请人： Andrew D. Birrell , Edward P. Wobber , Martin Abadi , Raymond P. Stata
发明人： Andrew D. Birrell , Edward P. Wobber , Martin Abadi , Raymond P. Stata
IPC分类号： H04L29/06 , G06F13/14
CPC分类号： H04L63/0272 , H04L63/029 , H04L63/0823 , H04L63/0884
摘要： In a computer implemented method, a client computer connected to a public network such as the Internet makes a request for an intranet resource to a tunnel of a firewall isolating the intranet from the Internet. The request is made in a public message. The tunnel sends a message to the client computer to redirect to a proxy server of the tunnel. The client computer send a token and the request for the resource the proxy server. If the token is valid, the request is forwarded to the intranet, otherwise, the user of the client computer must first be authenticated.
摘要翻译：在计算机实现的方法中，连接到公共网络（例如因特网）的客户端计算机向内部网络与因特网隔离的防火墙的隧道请求内部网资源。请求是在公开消息中发出的。隧道向客户端计算机发送消息以重定向到隧道的代理服务器。客户端计算机向代理服务器发送令牌和资源请求。如果令牌有效，请求将转发到内部网，否则客户端计算机的用户必须首先被认证。

5. 发明授权

US07865934B2 Access-control permissions with inter-process message-based communications 有权
标题翻译：基于进程间消息通信的访问控制权限
公开(公告)号：US07865934B2
公开(公告)日：2011-01-04
申请号：US11419145
申请日：2006-05-18
申请人： Edward P. Wobber , Manuel A Fahndrich , Ulfar Erlingsson , Martin Abadi
发明人： Edward P. Wobber , Manuel A Fahndrich , Ulfar Erlingsson , Martin Abadi
IPC分类号： H04L29/00
CPC分类号： G06F21/6281
摘要： Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.
摘要翻译：这里描述了一种或多种实现，其便于在计算环境中的软件进程之间通过通信导线进行消息传递。更具体地，所描述的实施方式通过在连接过程的特定管道上传递的消息来限制一个进程的访问，并且访问控制限制由与该特定管道相关联的合同定义。

6. 发明授权

US07149801B2 Memory bound functions for spam deterrence and the like 有权
标题翻译：用于垃圾邮件威慑的内存绑定功能等
公开(公告)号：US07149801B2
公开(公告)日：2006-12-12
申请号：US10290879
申请日：2002-11-08
申请人： Michael Burrows , Martin Abadi , Mark Steven Manasse , Edward P. Wobber , Daniel Ron Simon
发明人： Michael Burrows , Martin Abadi , Mark Steven Manasse , Edward P. Wobber , Daniel Ron Simon
IPC分类号： G06F15/173 , H04K1/00
CPC分类号： H04L63/126 , H04L51/12
摘要： A resource may be abused if its users incur little or no cost. For example, e-mail abuse is rampant because sending an e-mail has negligible cost for the sender. Such abuse may be discouraged by introducing an artificial cost in the form of a moderately expensive computation. Thus, the sender of an e-mail might be required to pay by computing for a few seconds before the e-mail is accepted. Unfortunately, because of sharp disparities across computer systems, this approach may be ineffective against malicious users with high-end systems, prohibitively slow for legitimate users with low-end systems, or both. Starting from this observation, we identify moderately hard, memory bound functions that most recent computer systems will evaluate at about the same speed, and we explain how to use them for protecting against abuses.
摘要翻译：如果用户投入很少或没有成本，资源可能会被滥用。例如，电子邮件滥用是猖獗的，因为发送电子邮件对发件人的成本可以忽略不计。通过以中等昂贵的计算的形式引入人造成本，可能不鼓励这种滥用。因此，电子邮件的发件人可能需要在电子邮件被接受之前几秒计算才能付款。不幸的是，由于计算机系统之间的差异很大，对于具有高端系统的恶意用户来说，这种方法可能无效，对于具有低端系统的合法用户或者两者都是非常缓慢的。从这个观察开始，我们确定了最近的计算机系统以相同的速度评估的适度硬的记忆绑定功能，我们解释如何使用它们来防止滥用。

7. 发明授权

US07788637B2 Operating system process identification 有权
标题翻译：操作系统进程识别
公开(公告)号：US07788637B2
公开(公告)日：2010-08-31
申请号：US11118690
申请日：2005-04-29
申请人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P Wobber , Martin Abadi , Michael B. Jones , Trishul A. Chilimbi
发明人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P Wobber , Martin Abadi , Michael B. Jones , Trishul A. Chilimbi
IPC分类号： G06F9/44
CPC分类号： G06F21/562 , G06F21/566 , G06F21/57
摘要： Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译：这里描述了用于构建，识别和/或优化操作系统过程的技术的实现。这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。一旦构建，操作系统过程是不可改变的。

8. 发明授权

US07716734B2 Systems and methods for pattern matching on principal names to control access to computing resources 有权
标题翻译：用于主体名称上的模式匹配的系统和方法，以控制对计算资源的访问
公开(公告)号：US07716734B2
公开(公告)日：2010-05-11
申请号：US11133806
申请日：2005-05-19
申请人： Andrew David Birrell , Edward P. Wobber , Martin Abadi
发明人： Andrew David Birrell , Edward P. Wobber , Martin Abadi
IPC分类号： G06F7/04 , G06F21/00
CPC分类号： G06F21/6218
摘要： Systems and methods are provided for resource access control in computer systems. Our approach includes new techniques for composing and authenticating principals in an access control system. Our principals may comprise information that identifies the role of the user of a computer system, the mechanism by which the user was authenticated, and program execution history. Thus, when a principal makes a request, access control determinations can be made based on the principal's identity. Access control lists may provide patterns that are used to recognize principals, thereby ensuring a level of security without enumerating precise identifiers for all of the possible principles that may request a particular resource.
摘要翻译：为计算机系统中的资源访问控制提供了系统和方法。我们的方法包括在访问控制系统中组合和验证主体的新技术。我们的主体可以包括识别计算机系统的用户的角色，用户被认证的机制以及程序执行历史的信息。因此，当委托人发出请求时，可以基于主体的身份进行访问控制确定。访问控制列表可以提供用于识别主体的模式，从而确保安全级别，而不需要列举可能请求特定资源的所有可能原则的精确标识符。

9. 发明授权

US08020141B2 Operating-system process construction 有权
标题翻译：操作系统过程建设
公开(公告)号：US08020141B2
公开(公告)日：2011-09-13
申请号：US11005562
申请日：2004-12-06
申请人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P. Wobber , Martin Abadi , Michael B. Jones , Trishul Chilimbi
发明人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P. Wobber , Martin Abadi , Michael B. Jones , Trishul Chilimbi
IPC分类号： G06F9/44 , G06F9/445
CPC分类号： G06F21/562 , G06F21/566 , G06F21/57
摘要： Described herein is an implementation of a technology for the construction, identity, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译：这里描述了用于构建，识别和/或优化操作系统过程的技术的实现。这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。一旦构建，操作系统过程是不可改变的。

10. 发明申请

US20080282354A1 ACCESS CONTROL BASED ON PROGRAM PROPERTIES 有权
标题翻译：基于程序属性的访问控制
公开(公告)号：US20080282354A1
公开(公告)日：2008-11-13
申请号：US11745048
申请日：2007-05-07
申请人： Edward P. Wobber , Andrew Birrell , Martin Abadi
发明人： Edward P. Wobber , Andrew Birrell , Martin Abadi
IPC分类号： H04L9/00
CPC分类号： H04L63/101 , G06F21/6218
摘要： A pattern matching access control system determines whether a principal should be granted access to use a resource based on properties of applications comprised by the principal. The principal name may be created when an application is loaded, invokes other applications (or programs) and/or assumes a new role context. Access is provided based on whether, for each application, the publisher is authorized by system policy to grant privilege as requested by the application. When a resource which requires the privilege is requested by a principal, an access control list (ACL) for the resource is expanded with a list of applications that have been authorized through their publisher to assert the privilege. The expanded ACL is compared to the principal name to determine resource access.
摘要翻译：模式匹配访问控制系统基于主体的应用程序的属性确定是否应授予主体访问权限以使用资源。可以在应用程序加载时调用主体名称，调用其他应用程序（或程序）和/或假定新的角色上下文。访问是基于每个应用程序，发布者是否被系统策略授权以根据应用程序请求授予特权来提供访问。当一个委托人请求一个需要该权限的资源时，该资源的访问控制列表（ACL）会被扩展，并通过其发布者授权的应用程序列表来声明该权限。将扩展的ACL与主体名称进行比较以确定资源访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式