专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06801998B1 Method and apparatus for presenting anonymous group names 有权
标题翻译：用于呈现匿名组名的方法和装置
公开(公告)号：US06801998B1
公开(公告)日：2004-10-05
申请号：US09439246
申请日：1999-11-12
申请人： Stephen R. Hanna , Anne H. Anderson , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan
发明人： Stephen R. Hanna , Anne H. Anderson , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan
IPC分类号： H04L900
CPC分类号： H04L63/045 , H04L63/065 , H04L63/105
摘要： A method and system for granting an applicant associated with a client computer in a client-server system access to a requested service without providing the applicant with intelligible information regarding group membership. The applicant transmits a request for service to an application server over a computer network. In response, the application server prepares an encrypted message which includes the identification of the group or groups having access privileges and transmits the encrypted message to the client along with a request that the client prove membership in at least one of the groups. The message is encrypted with an encryption key which can be decrypted by a group membership server.
摘要翻译：一种方法和系统，用于在客户机 - 服务器系统中授予与客户端计算机相关联的申请人访问所请求的服务，而不向申请人提供关于组成员身份的可理解信息。申请人通过计算机网络向应用服务器发送服务请求。作为响应，应用服务器准备加密的消息，其包括具有访问权限的组或组的标识，并且将客户端证明成员资格的请求与客户端一起发送给客户端。消息使用加密密钥进行加密，加密密钥可以由组成员服务器进行解密。

2. 发明授权

US06263434B1 Signed group criteria 有权
标题翻译：签名组标准
公开(公告)号：US06263434B1
公开(公告)日：2001-07-17
申请号：US09399899
申请日：1999-09-21
申请人： Stephen R. Hanna , Anne H. Anderson , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan
发明人： Stephen R. Hanna , Anne H. Anderson , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan
IPC分类号： A61F238
CPC分类号： H04L9/3247 , G06Q20/3821 , H04L2209/60
摘要： A method and apparatus for identifying an applicant as a member of a group without explicitly listing all possible applicants. A test is defined which specifies the criteria for group membership. The test definition and an optional group identifier code are supplied to a criterion generator. The criterion generator generates an authenticated message based, at least in part, upon said test definition. The authenticated message is delivered to one or more criterion evaluators that verify the authenticated message. In one embodiment, once the authenticated message has been verified, the applicant for access to a resource presents a credential to the criterion evaluator. If the credential satisfies the test definition, the applicant is granted access to the specified resource and denied access if the credential does not satisfy the test definition. In another embodiment, upon presentation of a suitable credential to the criterion evaluator, the criterion evaluator produces a group membership credential that may be presented to an actuator that is not in communication with the criterion evaluator. If the actuator determines that the group membership credential is authentic, the applicant is granted access to the resource.
摘要翻译：用于将申请人识别为组的成员而不明确列出所有可能的申请人的方法和装置。定义了一个测试，该测试指定了组成员资格的标准。测试定义和可选组标识符代码被提供给标准生成器。标准生成器至少部分地基于所述测试定义生成认证消息。已验证的消息被传递给验证已验证消息的一个或多个标准评估器。在一个实施例中，一旦经过认证的消息已被验证，对资源的访问的申请人向标准评估者呈现凭证。如果凭证满足测试定义，则授予申请人访问指定的资源，如果凭证不符合测试定义，则拒绝访问。在另一个实施例中，在向标准评估器呈现合适的凭证之后，标准评估器产生可以呈现给不与标准评估器通信的致动器的组成员凭证。如果执行器确定组成员凭证是真实的，则授予申请人对该资源的访问权限。

3. 发明授权

US07213262B1 Method and system for proving membership in a nested group using chains of credentials 有权
标题翻译：使用凭证链验证嵌套组成员资格的方法和系统
公开(公告)号：US07213262B1
公开(公告)日：2007-05-01
申请号：US09310165
申请日：1999-05-10
申请人： Yassir K. Elley , Anne H. Anderson , Stephen R. Hanna , Sean J. Mullan , Radia J. Perlman
发明人： Yassir K. Elley , Anne H. Anderson , Stephen R. Hanna , Sean J. Mullan , Radia J. Perlman
IPC分类号： H04L9/32 , G06F15/16 , G06F17/30
CPC分类号： G06F21/6218 , G06F2221/2115
摘要： In accordance with the invention, a presenter of credentials presents to a recipient of credentials one or more chains of group credentials to prove entity membership or non-membership in a nested group in a computer network. The ability to present a chain of credentials is particularly important when a client is attempting the prove membership or non-membership in a nested group and one or more of the group servers in the family tree are off-line. A chain of group credentials includes two or more proofs of group membership and/or proofs of group non-membership Furthermore, the proofs of group membership may include one or more group membership certificates and/or one or more group membership lists; and proofs of group non-membership may include one or more group non-membership certificates and/or one or more group membership lists.
摘要翻译：根据本发明，凭证的呈现者向凭证的接收者呈现一个或多个组凭证链以证明计算机网络中的嵌套组的实体成员资格或非成员资格。当客户端尝试证明成员身份或嵌套组中的非成员身份并且家庭树中的一个或多个组服务器离线时，呈现证书链的能力尤其重要。一组组凭证包括两个或多个组成员资格证明和/或组非会员证明。此外，组成员资格的证明可以包括一个或多个组成员证书和/或一个或多个组成员资格表; 并且组非隶属的证明可以包括一个或多个组非会员证书和/或一个或多个组成员资格列表。

4. 发明授权

US07085925B2 Trust ratings in group credentials 有权
公开(公告)号：US07085925B2
公开(公告)日：2006-08-01
申请号：US09825100
申请日：2001-04-03
申请人： Stephen R. Hanna , Anne H. Anderson , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan
发明人： Stephen R. Hanna , Anne H. Anderson , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L9/3263
摘要： A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings. Upon a determination that a user requesting access to a resource has an acceptable set of credentials and a satisfactory trust rating, access to the requested resource or service is granted to the user.

5. 发明授权

US07054905B1 Replacing an email attachment with an address specifying where the attachment is stored 有权
标题翻译：用指定附件存储位置的地址替换电子邮件附件
公开(公告)号：US07054905B1
公开(公告)日：2006-05-30
申请号：US09539269
申请日：2000-03-30
申请人： Stephen R. Hanna , David C. Douglas , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan , Anne H. Anderson
发明人： Stephen R. Hanna , David C. Douglas , Yassir K. Elley , Radia J. Perlman , Sean J. Mullan , Anne H. Anderson
IPC分类号： G06F15/16 , H04L9/00
CPC分类号： H04L51/08 , G06Q10/107 , H04L51/30
摘要： One embodiment of the present invention provides a system that replaces an attachment to an email message with a reference to a location where the attachment is stored. Upon receiving the email message, the system examines the email message to determine if the email message includes an attachment. If the email message includes the attachment, the system stores the attachment at a location on a communication network from which the attachment can be retrieved. The system also modifies the email message by replacing the attachment with a reference specifying the location of the attachment, and sends the modified email message to a recipient of the email message. In one embodiment of the present invention, the recipient receives the modified email message and uses the reference specifying the location of the attachment to retrieve the attachment across the communication network.
摘要翻译：本发明的一个实施例提供一种系统，该系统用参考存储附件的位置来替代电子邮件消息的附件。在接收到电子邮件消息时，系统检查电子邮件消息以确定电子邮件消息是否包括附件。如果电子邮件消息包含附件，则系统将附件存储在通信网络上可从中检索附件的位置。该系统还通过使用指定附件的位置的引用替换附件来修改电子邮件消息，并将修改的电子邮件消息发送给电子邮件的接收者。在本发明的一个实施例中，接收者接收经修改的电子邮件消息，并使用指定附件的位置的引用来检索跨越通信网络的附件。

6. 发明授权

US06883100B1 Method and system for dynamic issuance of group certificates 有权
标题翻译：动态发放集体证书的方法和制度
公开(公告)号：US06883100B1
公开(公告)日：2005-04-19
申请号：US09309045
申请日：1999-05-10
申请人： Yassir K. Elley , Anne H. Anderson , Stephen R. Hanna , Sean J. Mullan , Radia J. Perlman
发明人： Yassir K. Elley , Anne H. Anderson , Stephen R. Hanna , Sean J. Mullan , Radia J. Perlman
IPC分类号： G06F1/00 , G06F21/00 , G06F9/00
CPC分类号： G06F21/6218 , G06F21/629
摘要： In accordance with the invention, on-line group servers issue group membership or group non-membership certificates upon request. Furthermore, when a requester requests a group certificate for a particular entity, the associated group server makes a dynamic decision regarding the entity's membership in the group rather than simply referring to a membership list. These capabilities provide for, among other things, the implementation of “nested” groups, wherein an entity may indirectly prove membership in a first, or nested, group by proving membership in a second group which is a member of the first group. In the nested group situation, the dynamic decision may involve the group server of the nested group obtaining proof of the entity's membership or non-membership in the second group. Proof of membership or non-membership may include a group certificate and/or a group membership list.
摘要翻译：根据本发明，在线组服务器根据请求发布组成员或组非会员证书。此外，当请求者请求特定实体的组证书时，相关联的组服务器就组织中的实体成员进行动态决定，而不是简单地参考会员列表。这些功能尤其规定了“嵌套”组的实现，其中实体可以通过证明作为第一组的成员的第二组中的成员身份间接地证明第一组或嵌套组中的成员资格。在嵌套组的情况下，动态决策可能涉及嵌套组的组服务器获得实体成员资格的证明或第二组中的非成员资格。会籍或非会员证明可能包括团体证明和/或团体会员名单。

7. 发明授权

US06560705B1 Content screening with end-to-end encryption prior to reaching a destination 有权
标题翻译：在到达目的地之前进行端到端加密的内容筛选
公开(公告)号：US06560705B1
公开(公告)日：2003-05-06
申请号：US09511541
申请日：2000-02-23
申请人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
发明人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
IPC分类号： H04L936
CPC分类号： H04L63/0209 , H04L63/0442 , H04L63/1408
摘要： One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a content screener from a firewall, the firewall having previously received the encrypted message and the encrypted message key from a source outside the firewall. The content screener decrypts the encrypted message key to restore the message key, and decrypts the encrypted message with the message key to restore the message. Next, the content screener screens the message to determine whether the message satisfies a screening criterion. If so, the system forwards the message to a destination within the firewall in a secure manner. In one embodiment of the present invention, the system decrypts the encrypted message key by sending the encrypted message key to the destination. Upon receiving the encrypted message key, the destination decrypts the encrypted message key and returns the message key to the content screener in a secure manner.
摘要翻译：本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。该系统通过从防火墙在内容筛选器处接收加密消息和加密消息密钥来操作，防火墙先前从防火墙外部的源接收到加密消息和加密消息密钥。内容筛选器解密加密的消息密钥以恢复消息密钥，并用消息密钥解密加密的消息以恢复消息。接下来，内容筛选器筛选消息以确定消息是否满足筛选标准。如果是这样，系统会以安全的方式将消息转发到防火墙内的目的地。在本发明的一个实施例中，系统通过将加密的消息密钥发送到目的地来解密加密的消息密钥。在接收到加密的消息密钥时，目的地解密加密的消息密钥，并以安全的方式将消息密钥返回给内容筛选器。

8. 发明授权

US06636838B1 Content screening with end-to-end encryption 有权
标题翻译：端到端加密的内容筛选
公开(公告)号：US06636838B1
公开(公告)日：2003-10-21
申请号：US09511542
申请日：2000-02-23
申请人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
发明人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
IPC分类号： H04L900
CPC分类号： H04L63/0245 , H04L63/045 , H04L63/0464 , H04L63/061 , H04L63/062 , H04L63/067 , H04L63/1408
摘要： One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a destination from a source; the encrypted message having been formed by encrypting the message with a message key; the encrypted message key having been formed by encrypting the message key. The destination forwards the message to a content screener in a secure manner, and allows the content screener to screen the message to determine whether the message satisfies a screening criterion. If the message satisfies the screening criterion, the destination receives a communication from the content screener that enables the destination to process the message. In one embodiment of the present invention, the system decrypts the encrypted message key at the destination to restore the message key, and forwards the message key along with the encrypted message to the content screener. This enables the content screener to decrypt the encrypted message using the message key. In one embodiment of the present invention, the system decrypts the encrypted message key at the destination to restore the message key, and then decrypts the encrypted message with the message key to restore the message before sending the message to the content screener.
摘要翻译：本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。该系统通过从源头在目的地接收加密消息和加密消息密钥来操作; 已经通过用消息密钥加密消息形成加密消息; 已经通过加密消息密钥形成的加密消息密钥。目的地以安全的方式将消息转发到内容筛选器，并且允许内容筛选器屏蔽消息以确定该消息是否满足筛选标准。如果消息满足筛选标准，则目的地从内容筛选器接收使能目的地处理消息的通信。在本发明的一个实施例中，系统解密目的地的加密消息密钥以恢复消息密钥，并将消息密钥与加密消息一起转发到内容筛选器。这使得内容筛选器能够使用消息密钥解密加密的消息。在本发明的一个实施例中，系统解密目的地的加密消息密钥以恢复消息密钥，然后用消息密钥对加密的消息进行解密，以在将消息发送到内容筛选器之前恢复该消息。

9. 发明授权

US06546486B1 Content screening with end-to-end encryption within a firewall 有权
标题翻译：在防火墙内进行端到端加密的内容筛选
公开(公告)号：US06546486B1
公开(公告)日：2003-04-08
申请号：US09510912
申请日：2000-02-23
申请人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
发明人： Radia J. Perlman , Stephen R. Hanna , Yassir K. Elley
IPC分类号： H04L936
CPC分类号： H04L63/0209 , H04L63/0442 , H04L63/1408
摘要： One embodiment of the present invention provides a system that performs, content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message at a firewall from a source outside of the firewall, the encrypted message having been formed by encrypting the message with a message key. In order to restore the message, the system procures the message key and decrypts the encrypted message with the message key. Next, the system screens the message within the firewall to determine whether the message satisfies a screening criterion. If so, the system allows a destination within the firewall to process the message. In one embodiment of the present invention, procuring the message key includes allowing the source and the destination to negotiate the message key, which is then sent to the firewall. In one embodiment of the present invention, the firewall procures the message key by receiving an encrypted message key along with the encrypted message, the encrypted message key having been formed by encrypting the message key. Next, the firewall sends the encrypted message key to the destination, and allows the destination to decrypt the encrypted message key to restore the message key. Finally, the destination returns the message key to the firewall so that the firewall can decrypt the message.
摘要翻译：本发明的一个实施例提供一种对通过端到端加密保护的消息执行内容筛选的系统。该系统通过从防火墙之外的源接收来自防火墙的加密消息，通过用消息密钥加密消息形成加密消息。为了恢复消息，系统采用消息密钥，并使用消息密钥解密加密的消息。接下来，系统在防火墙内屏蔽消息，以确定消息是否满足筛选标准。如果是这样，系统允许防火墙内的目的地处理消息。在本发明的一个实施例中，采购消息密钥包括允许源和目的地协商消息密钥，然后将消息密钥发送到防火墙。在本发明的一个实施例中，防火墙通过接收加密的消息密钥以及加密的消息来获取消息密钥，加密的消息密钥是通过加密消息密钥形成的。接下来，防火墙将加密的消息密钥发送到目的地，并允许目的地解密加密的消息密钥以恢复消息密钥。最后，目的地将消息密钥返回给防火墙，以便防火墙能够解密该消息。

10. 发明授权

US07178021B1 Method and apparatus for using non-secure file servers for secure information storage 有权
标题翻译：使用非安全文件服务器进行安全信息存储的方法和装置
公开(公告)号：US07178021B1
公开(公告)日：2007-02-13
申请号：US09517410
申请日：2000-03-02
申请人： Stephen R. Hanna , Radia J. Perlman
发明人： Stephen R. Hanna , Radia J. Perlman
IPC分类号： G06F17/30
CPC分类号： G06F21/6209 , G06F2221/2107 , H04L9/0822 , H04L9/0825 , H04L9/0833 , H04L9/0894 , H04L9/321
摘要： A method and apparatus for utilizing a non-secure file server for storing and sharing data securely only among clients and groups authorized to read and modify the data. A first client that desires to store data on the file server encrypts the data with a first encryption key having an associated first decryption key. The client encrypts the first decryption key with a second encryption key having an associated second decryption key known to the first client. Additionally, the first decryption key is encrypted with respective encryption keys of other clients or groups intended to have access to the data stored on the file server and the clients and groups retain their respective decryption keys. All of the encrypted first decryption keys are stored within an access control list in association with the encrypted data on the non-secure file server. In response to an indication that the data should be transmitted to one of the clients, the file server returns to the client the encrypted data along with at least the applicable encrypted first decryption key for the respective client. The client is able to decrypt the first decryption key and decrypt the data using the unencrypted first decryption key. The data may then be modified and securely stored on the file server as described above. The first decryption key may also be encrypted with a second encryption key having a second decryption key known to members of a group or a group server. The first encryption key encrypted with the group second encryption key is stored in the access control list so that group members can obtain access to the encrypted data stored on the file server.
摘要翻译：一种利用非安全文件服务器的方法和装置，用于仅在授权读取和修改数据的客户端和组之间安全地存储和共享数据。希望在文件服务器上存储数据的第一客户端使用具有关联的第一解密密钥的第一加密密钥加密数据。客户端用具有第一客户端已知的相关联的第二解密密钥的第二加密密钥来加密第一解密密钥。此外，第一解密密钥用其他客户端或组的相应加密密钥进行加密，这些客户端或组旨在访问存储在文件服务器上的数据，并且客户端和组保留其各自的解密密钥。所有加密的第一解密密钥与非安全文件服务器上的加密数据相关联地存储在访问控制列表内。响应于将数据发送到客户端之一的指示，文件服务器返回客户端加密数据以及相应客户端的至少可应用的加密的第一解密密钥。客户端能够解密第一解密密钥并使用未加密的第一解密密钥解密数据。然后可以如上所述将数据修改并安全地存储在文件服务器上。第一解密密钥也可以用具有组或组服务器的成员已知的第二解密密钥的第二加密密钥来加密。利用组第二加密密钥加密的第一加密密钥存储在访问控制列表中，使得组成员可以获得对存储在文件服务器上的加密数据的访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式