专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07149801B2 Memory bound functions for spam deterrence and the like 有权
标题翻译：用于垃圾邮件威慑的内存绑定功能等
公开(公告)号：US07149801B2
公开(公告)日：2006-12-12
申请号：US10290879
申请日：2002-11-08
申请人： Michael Burrows , Martin Abadi , Mark Steven Manasse , Edward P. Wobber , Daniel Ron Simon
发明人： Michael Burrows , Martin Abadi , Mark Steven Manasse , Edward P. Wobber , Daniel Ron Simon
IPC分类号： G06F15/173 , H04K1/00
CPC分类号： H04L63/126 , H04L51/12
摘要： A resource may be abused if its users incur little or no cost. For example, e-mail abuse is rampant because sending an e-mail has negligible cost for the sender. Such abuse may be discouraged by introducing an artificial cost in the form of a moderately expensive computation. Thus, the sender of an e-mail might be required to pay by computing for a few seconds before the e-mail is accepted. Unfortunately, because of sharp disparities across computer systems, this approach may be ineffective against malicious users with high-end systems, prohibitively slow for legitimate users with low-end systems, or both. Starting from this observation, we identify moderately hard, memory bound functions that most recent computer systems will evaluate at about the same speed, and we explain how to use them for protecting against abuses.
摘要翻译：如果用户投入很少或没有成本，资源可能会被滥用。例如，电子邮件滥用是猖獗的，因为发送电子邮件对发件人的成本可以忽略不计。通过以中等昂贵的计算的形式引入人造成本，可能不鼓励这种滥用。因此，电子邮件的发件人可能需要在电子邮件被接受之前几秒计算才能付款。不幸的是，由于计算机系统之间的差异很大，对于具有高端系统的恶意用户来说，这种方法可能无效，对于具有低端系统的合法用户或者两者都是非常缓慢的。从这个观察开始，我们确定了最近的计算机系统以相同的速度评估的适度硬的记忆绑定功能，我们解释如何使用它们来防止滥用。

2. 发明授权

US5173939A Access control subsystem and method for distributed computer system using compound principals 失效
标题翻译：使用复合主体的分布式计算机系统的访问控制子系统和方法
公开(公告)号：US5173939A
公开(公告)日：1992-12-22
申请号：US783361
申请日：1991-10-28
申请人： Martin Abadi , Michael Burrows , Edward P. Wobber
发明人： Martin Abadi , Michael Burrows , Edward P. Wobber
IPC分类号： G06F9/46
CPC分类号： G06F9/468 , Y10S707/99939
摘要： A distributed computer system has a number of computers coupled thereto at distinct nodes and a naming service with a membership table that defines a list of assumptions concerning which principals in the system are stronger than other principals, and which roles adopted by principals are stronger than other roles. Each object in the system has an access control list (ACL) having a list of entries. Each entry is either a simple principal or a compound principal. The set of allowed compound principals is limited to a predefined set of allowed combinations of simple principals, roles, delegations and conjunctions in accordance with a defined hierarchical ordering of the conjunction, delegation and role portions of each compound principal. The assumptions in the membership table reduce the number of entries needed in an ACL by allowing an entry to state only the weakest principals and roles that are to be allowed access. The reference checking process, handled by a reference monitor found at each node of the distributed system, grants an access request if the requestor is stronger than any one of the entries in the access control list for the resource requested. Furthermore, one entry is stronger than another entry if for each of the conjuncts in the latter entry there is a stronger conjunct in the former. Additional rules used by the reference monitor during the reference checking process govern the processes of comparing conjuncts in a requestor principal with the conjuncts in an access control list entry and of using assumptions to compare the relative strengths of principals and roles.
摘要翻译：分布式计算机系统具有多个与不同节点耦合的计算机，以及具有会员表的命名服务，该成员表定义了系统中哪些主体比其他主体更强的假设列表，以及由主体采用的角色比其他主体更强角色。系统中的每个对象都具有一个具有条目列表的访问控制列表（ACL）。每个条目都是简单的主体或复合主体。允许的复合主体的集合被限制为根据每个复合主体的连接，委派和角色部分的定义的分级顺序的简单主体，角色，委托和连接的允许的组合的预定义集合。成员资格表中的假设通过允许条目仅指定允许访问的最弱主体和角色来减少ACL中所需的条目数。如果请求者比所请求的资源的访问控制列表中的任何一个条目更强，由在分布式系统的每个节点处发现的参考监视器处理的参考检查过程就会授予访问请求。此外，如果对于前一个条目中的每个连词都有一个更强的连接，则一个条目比另一个条目更强。引用检查过程中参考监视器使用的附加规则管理将请求方主体中的连接与访问控制列表条目中的连接进行比较的过程，以及使用假设来比较主体和角色的相对强度。

3. 发明授权

US07600232B2 Inter-process communications employing bi-directional message conduits 有权
标题翻译：使用双向消息通道的进程间通信
公开(公告)号：US07600232B2
公开(公告)日：2009-10-06
申请号：US11007655
申请日：2004-12-07
申请人： Galen C. Hunt , James R. Larus , Manuel Fahndrich , Edward P. Wobber , Martin Abadi , John D. DeTreville
发明人： Galen C. Hunt , James R. Larus , Manuel Fahndrich , Edward P. Wobber , Martin Abadi , John D. DeTreville
IPC分类号： G06F3/00 , G06F9/44 , G06F9/46 , G06F13/00
CPC分类号： G06F9/546 , G06F2209/547
摘要： Described herein is an implementation of an inter-process communications technology. One or more implementations, described herein, facilitate creation of a bi-directional message conduit having exactly two endpoints. A first endpoint is owned by a first software process and a second endpoint is owned by a second software process. One or more implementations, described herein, maintain the bi-directional message conduit for passing multiple messages via the bi-directional message conduit from the first process to the second process, according to established rules that can be checked.
摘要翻译：这里描述的是进程间通信技术的实现。本文描述的一个或多个实施方式有助于创建具有正好两个端点的双向消息导管。第一端点由第一软件进程拥有，第二端点由第二软件进程所拥有。根据已经可以检查的规则，本文描述的一个或多个实施方案维护双向消息管道，用于经由双向消息管道将多个消息从第一进程传递到第二进程。

4. 发明授权

US5805803A Secure web tunnel 失效
标题翻译：安全的网络隧道
公开(公告)号：US5805803A
公开(公告)日：1998-09-08
申请号：US855025
申请日：1997-05-13
申请人： Andrew D. Birrell , Edward P. Wobber , Martin Abadi , Raymond P. Stata
发明人： Andrew D. Birrell , Edward P. Wobber , Martin Abadi , Raymond P. Stata
IPC分类号： H04L29/06 , G06F13/14
CPC分类号： H04L63/0272 , H04L63/029 , H04L63/0823 , H04L63/0884
摘要： In a computer implemented method, a client computer connected to a public network such as the Internet makes a request for an intranet resource to a tunnel of a firewall isolating the intranet from the Internet. The request is made in a public message. The tunnel sends a message to the client computer to redirect to a proxy server of the tunnel. The client computer send a token and the request for the resource the proxy server. If the token is valid, the request is forwarded to the intranet, otherwise, the user of the client computer must first be authenticated.
摘要翻译：在计算机实现的方法中，连接到公共网络（例如因特网）的客户端计算机向内部网络与因特网隔离的防火墙的隧道请求内部网资源。请求是在公开消息中发出的。隧道向客户端计算机发送消息以重定向到隧道的代理服务器。客户端计算机向代理服务器发送令牌和资源请求。如果令牌有效，请求将转发到内部网，否则客户端计算机的用户必须首先被认证。

5. 发明授权

US07730058B2 Searching for information utilizing a probabilistic detector 失效
标题翻译：使用概率检测器搜索信息
公开(公告)号：US07730058B2
公开(公告)日：2010-06-01
申请号：US11243924
申请日：2005-10-05
申请人： Gaurav Sareen , Mark Steven Manasse , Martin Abadi , Michael A. Isard
发明人： Gaurav Sareen , Mark Steven Manasse , Martin Abadi , Michael A. Isard
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： G06F17/30687
摘要： A probabilistic detector is utilized to query a database. Utilization of a probabilistic detector provides assurance with 100 per cent probability that a search expression in the query is not in the database index. The probabilistic detector is implemented in the form of a Bloom filter. The probabilistic detector is created by hashing expressions in the database index and mapping the resulting hash values into the probabilistic detector. Upon receiving a query, expressions of the query are hashed. The probabilistic detector is queried using these hash values. If the results of querying the probabilistic detector indicate that searched for information may be in the database, the database is not queried. If the results of querying the probabilistic detector indicate that the information may be in the database, the database is queried for the information using the original query. This technique is advantageous in mitigating detrimental effects of denial of service attacks.
摘要翻译：利用概率检测器查询数据库。概率检测器的利用率提供了100％的可能性，即查询中的搜索表达式不在数据库索引中。概率检测器以Bloom滤波器的形式实现。概率检测器是通过在数据库索引中散列表达式并将生成的散列值映射到概率检测器中创建的。在接收到查询后，查询的表达式将被哈希。使用这些散列值查询概率检测器。如果查询概率检测器的结果表明搜索到的信息可能在数据库中，则不会查询数据库。如果查询概率检测器的结果表明信息可能在数据库中，则使用原始查询查询数据库中的信息。这种技术有利于减轻拒绝服务攻击的有害影响。

6. 发明授权

US07865934B2 Access-control permissions with inter-process message-based communications 有权
标题翻译：基于进程间消息通信的访问控制权限
公开(公告)号：US07865934B2
公开(公告)日：2011-01-04
申请号：US11419145
申请日：2006-05-18
申请人： Edward P. Wobber , Manuel A Fahndrich , Ulfar Erlingsson , Martin Abadi
发明人： Edward P. Wobber , Manuel A Fahndrich , Ulfar Erlingsson , Martin Abadi
IPC分类号： H04L29/00
CPC分类号： G06F21/6281
摘要： Described herein are one or more implementations that facilitate message-passing over a communication conduit between software processes in a computing environment. More particularly, the implementations described restrict access of one process to another via messages passed over a particular conduit connecting the processes and the access-control restrictions are defined by a contract associated with that particular conduit.
摘要翻译：这里描述了一种或多种实现，其便于在计算环境中的软件进程之间通过通信导线进行消息传递。更具体地，所描述的实施方式通过在连接过程的特定管道上传递的消息来限制一个进程的访问，并且访问控制限制由与该特定管道相关联的合同定义。

7. 发明授权

US07788637B2 Operating system process identification 有权
标题翻译：操作系统进程识别
公开(公告)号：US07788637B2
公开(公告)日：2010-08-31
申请号：US11118690
申请日：2005-04-29
申请人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P Wobber , Martin Abadi , Michael B. Jones , Trishul A. Chilimbi
发明人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P Wobber , Martin Abadi , Michael B. Jones , Trishul A. Chilimbi
IPC分类号： G06F9/44
CPC分类号： G06F21/562 , G06F21/566 , G06F21/57
摘要： Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译：这里描述了用于构建，识别和/或优化操作系统过程的技术的实现。这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。一旦构建，操作系统过程是不可改变的。

8. 发明授权

US07716734B2 Systems and methods for pattern matching on principal names to control access to computing resources 有权
标题翻译：用于主体名称上的模式匹配的系统和方法，以控制对计算资源的访问
公开(公告)号：US07716734B2
公开(公告)日：2010-05-11
申请号：US11133806
申请日：2005-05-19
申请人： Andrew David Birrell , Edward P. Wobber , Martin Abadi
发明人： Andrew David Birrell , Edward P. Wobber , Martin Abadi
IPC分类号： G06F7/04 , G06F21/00
CPC分类号： G06F21/6218
摘要： Systems and methods are provided for resource access control in computer systems. Our approach includes new techniques for composing and authenticating principals in an access control system. Our principals may comprise information that identifies the role of the user of a computer system, the mechanism by which the user was authenticated, and program execution history. Thus, when a principal makes a request, access control determinations can be made based on the principal's identity. Access control lists may provide patterns that are used to recognize principals, thereby ensuring a level of security without enumerating precise identifiers for all of the possible principles that may request a particular resource.
摘要翻译：为计算机系统中的资源访问控制提供了系统和方法。我们的方法包括在访问控制系统中组合和验证主体的新技术。我们的主体可以包括识别计算机系统的用户的角色，用户被认证的机制以及程序执行历史的信息。因此，当委托人发出请求时，可以基于主体的身份进行访问控制确定。访问控制列表可以提供用于识别主体的模式，从而确保安全级别，而不需要列举可能请求特定资源的所有可能原则的精确标识符。

9. 发明授权

US08505065B2 Access control policy in a weakly-coherent distributed collection 有权
标题翻译：访问控制策略在弱连贯的分布式集合中
公开(公告)号：US08505065B2
公开(公告)日：2013-08-06
申请号：US11765886
申请日：2007-06-20
申请人： Edward P. Wobber , Martin Abadi , Thomas L. Rodeheffer
发明人： Edward P. Wobber , Martin Abadi , Thomas L. Rodeheffer
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： G06F17/30578 , H04L9/12 , H04L9/321 , H04L9/3268 , H04L2209/60 , H04L2209/80
摘要： A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.
摘要翻译：公开了一种用于在弱相关分布式集合中创建和实现访问控制策略框架的系统。收集管理员可以签署形成共享特定权限的副本的等价类的证书。收集管理员和/或某些特权副本可能会颁发授权来管理项目策略和副本策略的证书。可以签署创建一个或多个项目的其他证书，为这些一个或多个项目设置策略，并且定义一个或多个项目授权的一组操作。根据本制度制定的颁发和实施控制政策框架的证书不能修改或简单地覆盖。颁发政策证书后，只能由收款经理或具有撤销授权的副本撤销。

10. 发明授权

US08020141B2 Operating-system process construction 有权
标题翻译：操作系统过程建设
公开(公告)号：US08020141B2
公开(公告)日：2011-09-13
申请号：US11005562
申请日：2004-12-06
申请人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P. Wobber , Martin Abadi , Michael B. Jones , Trishul Chilimbi
发明人： Galen C. Hunt , James R. Larus , John D. DeTreville , Edward P. Wobber , Martin Abadi , Michael B. Jones , Trishul Chilimbi
IPC分类号： G06F9/44 , G06F9/445
CPC分类号： G06F21/562 , G06F21/566 , G06F21/57
摘要： Described herein is an implementation of a technology for the construction, identity, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译：这里描述了用于构建，识别和/或优化操作系统过程的技术的实现。这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。一旦构建，操作系统过程是不可改变的。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式