专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

5. 发明授权

US07155703B2 Virtual method protection 有权
标题翻译：虚拟方法保护
公开(公告)号：US07155703B2
公开(公告)日：2006-12-26
申请号：US10622413
申请日：2003-07-18
申请人： Erik Meijer , Craig T. Sinclair , James H. Hogg , Peter H. Golde , Serge Lidin , Christopher W. Brumme
发明人： Erik Meijer , Craig T. Sinclair , James H. Hogg , Peter H. Golde , Serge Lidin , Christopher W. Brumme
IPC分类号： G06F9/44
CPC分类号： G06F8/433 , G06F9/449
摘要： Performing validation of a derived virtual method includes receiving program code where the derived virtual method is derived from a virtual method of the program language used to generate the program code, compiling the program code to an intermediate language expression, generating metadata descriptive of the compiled program code, validating the use of the derived virtual method by accessing the metadata, and permitting the use of the derived virtual method if the metadata grants override permissions concerning the virtual method of the programming language. The metadata indicating access and override permissions may be generated while compiling the program code in the common language infrastructure. Alternately, the flag may use pre-existing values indicative of the access and override permissions concerning the virtual method of the programming language.
摘要翻译：执行衍生虚拟方法的验证包括接收程序代码，其中派生虚拟方法从用于生成程序代码的程序语言的虚拟方法导出，将程序代码编译为中间语言表达，生成描述编译程序的元数据代码，通过访问元数据来验证导出的虚拟方法的使用，以及如果元数据授予涉及编程语言的虚拟方法的覆盖许可，则允许使用导出的虚拟方法。可以在公共语言基础设施中编译程序代码时生成指示访问和覆盖权限的元数据。或者，标志可以使用指示关于编程语言的虚拟方法的访问和覆盖许可的预先存在的值。

6. 发明授权

US07152223B1 Methods and systems for compiling and interpreting one or more associations between declarations and implementations in a language neutral fashion 失效
标题翻译：用于以语言中立的方式编译和解释声明和实现之间的一个或多个关联的方法和系统
公开(公告)号：US07152223B1
公开(公告)日：2006-12-19
申请号：US09873700
申请日：2001-06-04
申请人： Christopher W. Brumme , James H. Hogg , Craig T. Sinclair
发明人： Christopher W. Brumme , James H. Hogg , Craig T. Sinclair
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/41
摘要： Methods and systems are provided for expressing one or more associations between source language declarations and implementations in a language neutral fashion. A determination is made as to whether a source language association rule related to a declaration is different from a default association rule for a target runtime. If so, an override association is expressed between the declaration and the implementation, and if not, a default association is expressed. Methods and systems are also provided for interpreting an association between a declaration and an implementation in a runtime system, wherein a determination is made as to whether the association comprises an override association. If so, the association is interpreted according to an override association rule for the runtime system, and if not, the association is interpreted according to a default association rule.
摘要翻译：提供方法和系统用于表达源语言声明和语言中立方式的实现之间的一个或多个关联。确定与声明相关的源语言关联规则是否与目标运行时间的默认关联规则不同。如果是这样，则在声明和实现之间表示超越关联，如果不是，则表示默认关联。还提供了用于解释运行时系统中的声明和实现之间的关联的方法和系统，其中确定关联是否包括超驰关联。如果是，则根据运行时系统的重写关联规则来解释关联，如果不是，则根据默认关联规则解释关联。

7. 发明授权

US06473800B1 Declarative permission requests in a computer system 失效
标题翻译：计算机系统中的声明权限请求
公开(公告)号：US06473800B1
公开(公告)日：2002-10-29
申请号：US09116551
申请日：1998-07-15
申请人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
发明人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
IPC分类号： G06F1730
CPC分类号： G06F21/52
摘要： Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives. In the disclosed method and systems, a publisher of active content specifies a requested permission set that includes a list the permissions (defined by parameters, which are defined by primitives) that the active content requires in order to run on the host system. The requested permission set is external to the active content so that it is not necessary to run the active content in order to discover the permissions that the active content requires in order to run. The requested permission set may be included in a signed code package wherein the identity of the active content publisher is guaranteed. A digital signature of the signed code package also guarantees that the contents of the signed code package, including active content, support files, and the requested permission set have not been altered or otherwise corrupted since the signed code package was published. The requested permission set may also be included in a catalog file that can be downloaded separately from the active content.
摘要翻译：公开了基于计算机的系统和方法，用于管理从计算机网络下载的活动内容的综合安全模型。安全模型包括存储在主机上的系统安全策略的配置。系统安全策略由安全区域逐步“细粒度”级配置，每个级别与先前级别相关联并定义。这些级别可能包括：受保护的操作; 用户权限集，权限，参数和原语。在公开的方法和系统中，活动内容的发布者指定所请求的权限集合，其包括活动内容为了在主机系统上运行而需要的权限（由基元定义的参数定义）的列表。所请求的权限集合在活动内容的外部，因此不需要运行活动内容，以便发现活动内容为了运行而需要的权限。所请求的权限集可以被包括在签名的代码包中，其中有效内容发布者的身份被保证。签名代码包的数字签名还保证签名的代码包的内容，包括活动内容，支持文件和请求的权限集合，因为已签发的代码包已发布，所以未被更改或损坏。所请求的权限集还可以被包括在可以与活动内容分开地下载的目录文件中。

8. 发明授权

US07117371B1 Shared names 有权
标题翻译：共享名称
公开(公告)号：US07117371B1
公开(公告)日：2006-10-03
申请号：US09605602
申请日：2000-06-28
申请人： Srivatsan Parthasarathy , Steven J. Pratschner , Craig T. Sinclair
发明人： Srivatsan Parthasarathy , Steven J. Pratschner , Craig T. Sinclair
IPC分类号： G06F12/14 , G06F9/445 , G06F9/455
CPC分类号： G06F21/51
摘要： A system and method is provided for providing security to components or assemblies employed by application programs during runtime. The present invention employs digital signature keys to ensure that an assembly name that is published is unique because the assembly is published with a publisher's public key. This prevents others from publishing an updated version of an assembly that claims to be published from the same publisher. The present invention guarantees name uniqueness and prevents name spoofing because the original publisher is the only one with the private key matching the public key related to a published assembly. Due to the fact that the public keys are stored in each reference, the caller can be assured that the assembly that the caller is binding to at runtime comes from the same publisher that owns the private key.
摘要翻译：提供了一种系统和方法，用于为运行时期间由应用程序采用的组件或组件提供安全性。本发明使用数字签名密钥来确保所发布的组件名称是唯一的，因为组装是用发布者的公共密钥发布的。这可以防止其他人发布声明从同一发行商发布的程序集的更新版本。本发明保证名称唯一性并且防止名称欺骗，因为原始发布者是唯一具有与发布的程序集相关的公钥的私钥。由于公钥存储在每个引用中，调用者可以确保调用者在运行时绑定的程序集来自拥有私钥的同一发行者。

9. 发明授权

US06345361B1 Directional set operations for permission based security in a computer system 失效
标题翻译：计算机系统中基于权限的安全性的定向集操作
公开(公告)号：US06345361B1
公开(公告)日：2002-02-05
申请号：US09116515
申请日：1998-07-15
申请人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
发明人： Michael S. Jerger , Jeffrey A. Bisset , Craig T. Sinclair , Michael J. Toutonghi
IPC分类号： G06F1130
CPC分类号： G06F21/62
摘要： Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives associated with parameters. A requested permission set is provided by the publisher of active content that lists the permissions that the active content requires in order to run on the host system. The requested permission set is automatically compared to one or more user permission sets to determine the permissions, if any that will be granted on the host system. The automated set comparisons includes determining a directional permissions sets comparison result, which is “directional” in that it maintains the distinction between the “superior” user-defined set and the “inferior” requested set. Determining the directional permissions sets comparison result may include determining directional primitive comparison results and merging them into a directional parameter comparison result; and determining directional parameter comparison results and merging them into a directional permission comparison result; and, determining directional permission comparison results and merging them into a directional permissions sets comparison result. The disclosed method may be practiced in the comparison of any two sets where a directional result is desirable.
摘要翻译：公开了基于计算机的系统和方法，用于管理从计算机网络下载的活动内容的综合安全模型。安全模型包括存储在主机上的系统安全策略的配置。系统安全策略由安全区域逐步“细粒度”级配置，每个级别与先前级别相关联并定义。这些级别可能包括：受保护的操作; 用户权限集，权限，与参数关联的参数和原语。所请求的权限集由活动内容的发布者提供，列出活动内容在主机系统上运行所需的权限。所请求的权限集合将自动与一个或多个用户权限集进行比较，以确定在主机系统上授予的权限。自动设置比较包括确定方向权限集合比较结果，其是“方向性的”，因为它维护“上级”用户定义集和“下级”请求集之间的区别。确定方向权限集比较结果可以包括确定方向性原语比较结果并将它们合并成方向参数比较结果; 并确定方向参数比较结果并将其合并成方向权限比较结果; 并且确定方向权限比较结果并将它们合并成方向权限集比较结果。所公开的方法可以在需要方向结果的任何两组的比较中实践。

10. 发明授权

US07124408B1 Binding by hash 有权
标题翻译：通过哈希绑定
公开(公告)号：US07124408B1
公开(公告)日：2006-10-17
申请号：US09604987
申请日：2000-06-28
申请人： Srivatsan Parthasarathy , Steven J. Pratschner , Craig T. Sinclair
发明人： Srivatsan Parthasarathy , Steven J. Pratschner , Craig T. Sinclair
IPC分类号： G06F9/44 , H04L9/00
CPC分类号： G06F21/64 , G06F9/44521 , G06F9/4494 , G06F21/51 , G06F2221/2145
摘要： A system and method is provided for providing security to components or assemblies employed by application programs during runtime. Assemblies carry version information that can be used to enforce the versioning rules described by the application program. At runtime, version numbers requested by the application programs are compared with those version numbers of the assemblies that are actually found. In addition to comparing version numbers, the present invention offers a stricter form of version checking based on cryptographic hashes. An assembly is provided with module information that contains a list of the files that make up the assembly. Part of the information recorded about each module is a hash of the module's contents at the time the manifest was built. An assembly referencing another assembly computes the hash of the manifest of the referenced assembly. An assembly manifest may include dependency information, which is information about other assemblies that the assembly depends on or references. Part of the information stored as part of an assembly reference or manifest is a hash of the dependent assembly's manifest.
摘要翻译：提供了一种系统和方法，用于为运行时期间由应用程序采用的组件或组件提供安全性。组件携带可用于强制应用程序描述的版本控制规则的版本信息。在运行时，将应用程序请求的版本号与实际找到的程序集的版本号进行比较。除了比较版本号之外，本发明还提供了基于加密散列的更严格的版本检查形式。提供了一个组件，其中包含组成组件的文件的列表的模块信息。关于每个模块记录的部分信息是在清单构建时的模块内容的哈希。引用另一个程序集的程序集计算引用程序集的清单的哈希值。组装清单可以包括依赖关系信息，其是关于组件依赖于或引用的其他程序集的信息。作为程序集引用或清单的一部分存储的信息的一部分是依赖程序集的清单的散列。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式