专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06345361B1 Directional set operations for permission based security in a computer system 失效
标题翻译：计算机系统中基于权限的安全性的定向集操作
公开(公告)号：US06345361B1
公开(公告)日：2002-02-05
申请号：US09116515
申请日：1998-07-15
申请人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
发明人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
IPC分类号： G06F1130
CPC分类号： G06F21/62
摘要： Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives associated with parameters. A requested permission set is provided by the publisher of active content that lists the permissions that the active content requires in order to run on the host system. The requested permission set is automatically compared to one or more user permission sets to determine the permissions, if any that will be granted on the host system. The automated set comparisons includes determining a directional permissions sets comparison result, which is “directional” in that it maintains the distinction between the “superior” user-defined set and the “inferior” requested set. Determining the directional permissions sets comparison result may include determining directional primitive comparison results and merging them into a directional parameter comparison result; and determining directional parameter comparison results and merging them into a directional permission comparison result; and, determining directional permission comparison results and merging them into a directional permissions sets comparison result. The disclosed method may be practiced in the comparison of any two sets where a directional result is desirable.
摘要翻译：公开了基于计算机的系统和方法，用于管理从计算机网络下载的活动内容的综合安全模型。安全模型包括存储在主机上的系统安全策略的配置。系统安全策略由安全区域逐步“细粒度”级配置，每个级别与先前级别相关联并定义。这些级别可能包括：受保护的操作; 用户权限集，权限，与参数关联的参数和原语。所请求的权限集由活动内容的发布者提供，列出活动内容在主机系统上运行所需的权限。所请求的权限集合将自动与一个或多个用户权限集进行比较，以确定在主机系统上授予的权限。自动设置比较包括确定方向权限集合比较结果，其是“方向性的”，因为它维护“上级”用户定义集和“下级”请求集之间的区别。确定方向权限集比较结果可以包括确定方向性原语比较结果并将它们合并成方向参数比较结果; 并确定方向参数比较结果并将其合并成方向权限比较结果; 并且确定方向权限比较结果并将它们合并成方向权限集比较结果。所公开的方法可以在需要方向结果的任何两组的比较中实践。

2. 发明授权

US06473800B1 Declarative permission requests in a computer system 失效
标题翻译：计算机系统中的声明权限请求
公开(公告)号：US06473800B1
公开(公告)日：2002-10-29
申请号：US09116551
申请日：1998-07-15
申请人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
发明人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
IPC分类号： G06F1730
CPC分类号： G06F21/52
摘要： Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives. In the disclosed method and systems, a publisher of active content specifies a requested permission set that includes a list the permissions (defined by parameters, which are defined by primitives) that the active content requires in order to run on the host system. The requested permission set is external to the active content so that it is not necessary to run the active content in order to discover the permissions that the active content requires in order to run. The requested permission set may be included in a signed code package wherein the identity of the active content publisher is guaranteed. A digital signature of the signed code package also guarantees that the contents of the signed code package, including active content, support files, and the requested permission set have not been altered or otherwise corrupted since the signed code package was published. The requested permission set may also be included in a catalog file that can be downloaded separately from the active content.
摘要翻译：公开了基于计算机的系统和方法，用于管理从计算机网络下载的活动内容的综合安全模型。安全模型包括存储在主机上的系统安全策略的配置。系统安全策略由安全区域逐步“细粒度”级配置，每个级别与先前级别相关联并定义。这些级别可能包括：受保护的操作; 用户权限集，权限，参数和原语。在公开的方法和系统中，活动内容的发布者指定所请求的权限集合，其包括活动内容为了在主机系统上运行而需要的权限（由基元定义的参数定义）的列表。所请求的权限集合在活动内容的外部，因此不需要运行活动内容，以便发现活动内容为了运行而需要的权限。所请求的权限集可以被包括在签名的代码包中，其中有效内容发布者的身份被保证。签名代码包的数字签名还保证签名的代码包的内容，包括活动内容，支持文件和请求的权限集合，因为已签发的代码包已发布，所以未被更改或损坏。所请求的权限集还可以被包括在可以与活动内容分开地下载的目录文件中。

3. 发明授权

US06321334B1 Administering permissions associated with a security zone in a computer system security model 失效
标题翻译：管理与计算机系统安全模型中的安全区域相关联的权限
公开(公告)号：US06321334B1
公开(公告)日：2001-11-20
申请号：US09116514
申请日：1998-07-15
申请人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
发明人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
IPC分类号： G06F1224
CPC分类号： G06F21/54
摘要： Computer-based systems and methods are disclosed for a comprehensive security model for managing foreign content downloaded from a computer network. The methods and systems include the configuration of a system security policy that is stored on a host computer. The system security policy includes one or more independently configurable security zones. Each security zone corresponds to a group of network locations and may have one or more associated configurable protected operations that control the access to the host system by foreign content downloaded from the computer network. A protected operations may have one or more associated configurable permissions that define the capabilities of the protected operation. Each permission may be defined by one or more parameters and each parameter may be defined by one or more primitives. The permissions may be defined to enable the permission, disable the permission, or prompt the user when the permission is required. The permission may also be configured to the “fine grained” level of the primitives. Default permission levels that provide predefined parameter and primitive entries that are grouped as high security, medium security, and low security may be selected by the user at most levels of the configuration.
摘要翻译：公开了基于计算机的系统和方法，用于管理从计算机网络下载的外部内容的综合安全模型。方法和系统包括存储在主机上的系统安全策略的配置。系统安全策略包括一个或多个可独立配置的安全区域。每个安全区域对应于一组网络位置，并且可以具有一个或多个相关联的可配置保护操作，其通过从计算机网络下载的外部内容来控制对主机系统的访问。受保护的操作可以具有定义受保护操作的能力的一个或多个相关联的可配置许可。每个权限可以由一个或多个参数定义，并且每个参数可以由一个或多个基元定义。可以定义权限以启用权限，禁用权限，或在需要权限时提示用户。许可也可以被配置为基元的“细粒度”级别。可以由用户在配置的大多数级别选择提供分组为高安全性，中等安全性和低安全性的预定义参数和原语条目的默认权限级别。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式