会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Efficient computer based virtual machine object structure
    • 高效的基于计算机的虚拟机对象结构
    • US5920720A
    • 1999-07-06
    • US803958
    • 1997-02-25
    • Michael J. ToutonghiPeter KukolPatrick Dussud
    • Michael J. ToutonghiPeter KukolPatrick Dussud
    • G06F9/42G06F9/45G06F9/455G06F9/06
    • G06F9/443G06F9/45508
    • Method and apparatus for implementing a virtual machine interpreter such as an interpreter for interpreting Java compiled bytecodes. The Java language supports class structures and a hierarchy of such structures. As the Java software virtual machine loads the class file containing the Java bytecodes it allocates a first block, of memory based on the class definition for all dynamic methods implemented by a class hierarchy that includes a base class and any additional classes derived from the base class. The virtual machine instantiates instances of classes within a class hierarchy derived from the base class in other memory blocks by initializing a method table pointer at a base location in that other memory block for each such instance in the class hierarchy. The method table pointer is initialized to point to the first block of memory defining the dynamic methods for the class hierarchy. The interpreter also initializes other data unique to each instance at offsets relative to the method table pointer within the other memory block for said class instance. Practice of the invention enhances the speed with which the virtual machine accesses dynamic methods of objects within the class hierarchy.
    • 用于实现虚拟机解释器的方法和装置,例如用于解释Java编译的字节码的解释器。 Java语言支持类结构和这种结构的层次结构。 由于Java软件虚拟机加载了包含Java字节码的类文件,所以它会根据包含基类的类层次结构所实现的所有动态方法的类定义以及从基类派生的任何附加类,分配第一个内存块 。 虚拟机通过在类层次结构中的每个这样的实例的初始化另一个内存块的基本位置的方法表指针来实例化从其他内存块中的基类派生的类层次结构中的类实例。 方法表指针被初始化为指向定义类层次结构的动态方法的第一个内存块。 解释器还初始化相对于所述类实例的其他存储器块内的方法表指针的偏移的每个实例唯一的其他数据。 本发明的实践增强了虚拟机访问类层次结构内的对象的动态方法的速度。
    • 3. 发明授权
    • Evidence-based security policy manager
    • 以证据为基础的安全策略经理
    • US07051366B1
    • 2006-05-23
    • US09598534
    • 2000-06-21
    • Brian A LaMacchiaLoren M. KohnfelderGregory Darrell FeeMichael J. Toutonghi
    • Brian A LaMacchiaLoren M. KohnfelderGregory Darrell FeeMichael J. Toutonghi
    • G06F15/16G06F17/30H04L9/32
    • G06F21/6218G06F21/6209G06F2221/2141
    • An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). The policy manager may comprise execution modules for parsing a security policy specification, generating a one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.
    • 基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。 策略管理器与计算机系统(例如,Web客户端或服务器)结合运行时环境的验证模块和类加载器一起执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中,以帮助系统确定代码组件的给定系统操作是否被授权。 代码集合和证据可以经由网络(例如,因特网)从本地来源或远程资源位置接收。 策略管理器可以包括用于解析安全策略规范的执行模块,生成一个或多个代码层次,评估在一个或多个代码组中接收的代码组合的成员资格,以及基于该成员资格评估生成许可授权集合。
    • 6. 发明授权
    • Declarative permission requests in a computer system
    • 计算机系统中的声明权限请求
    • US06473800B1
    • 2002-10-29
    • US09116551
    • 1998-07-15
    • Michael S. JergerJeffrey A. BissetCraig T. SinclairMichael J. Toutonghi
    • Michael S. JergerJeffrey A. BissetCraig T. SinclairMichael J. Toutonghi
    • G06F1730
    • G06F21/52
    • Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives. In the disclosed method and systems, a publisher of active content specifies a requested permission set that includes a list the permissions (defined by parameters, which are defined by primitives) that the active content requires in order to run on the host system. The requested permission set is external to the active content so that it is not necessary to run the active content in order to discover the permissions that the active content requires in order to run. The requested permission set may be included in a signed code package wherein the identity of the active content publisher is guaranteed. A digital signature of the signed code package also guarantees that the contents of the signed code package, including active content, support files, and the requested permission set have not been altered or otherwise corrupted since the signed code package was published. The requested permission set may also be included in a catalog file that can be downloaded separately from the active content.
    • 公开了基于计算机的系统和方法,用于管理从计算机网络下载的活动内容的综合安全模型。 安全模型包括存储在主机上的系统安全策略的配置。 系统安全策略由安全区域逐步“细粒度”级配置,每个级别与先前级别相关联并定义。 这些级别可能包括:受保护的操作; 用户权限集,权限,参数和原语。 在公开的方法和系统中,活动内容的发布者指定所请求的权限集合,其包括活动内容为了在主机系统上运行而需要的权限(由基元定义的参数定义)的列表。 所请求的权限集合在活动内容的外部,因此不需要运行活动内容,以便发现活动内容为了运行而需要的权限。 所请求的权限集可以被包括在签名的代码包中,其中有效内容发布者的身份被保证。 签名代码包的数字签名还保证签名的代码包的内容,包括活动内容,支持文件和请求的权限集合,因为已签发的代码包已发布,所以未被更改或损坏。 所请求的权限集还可以被包括在可以与活动内容分开地下载的目录文件中。
    • 8. 发明授权
    • Isolated persistent storage
    • 隔离持久存储
    • US07620731B1
    • 2009-11-17
    • US09790840
    • 2001-02-21
    • Shajan DasanLoren M. KohnfelderMichael J. Toutonghi
    • Shajan DasanLoren M. KohnfelderMichael J. Toutonghi
    • G06F15/173
    • G06F9/52
    • An isolated persistent storage object accesses an isolated persistent storage region using identities of the application, an underlying component of the application, and optionally the user. Direct access to the isolated persistent storage region is available only to the isolated persistent storage object and is unavailable to other components. Accordingly, other components access the isolated persistent storage region through the isolated persistent storage object, which determines the specific location (e.g., specified by an internally constructed path name) and performs the access operation on behalf of the calling component. The application identity and the component identity are converted to typed identity names for use in the construction of the path name.
    • 孤立的持久存储对象使用应用程序的标识,应用程序的底层组件以及可选的用户来访问隔离的持久存储区域。 对隔离的持久存储区域的直接访问仅对隔离的持久存储对象可用,对其他组件不可用。 因此,其他组件通过隔离的持久存储对象访问隔离的持久存储区域,该隔离的持久存储对象确定特定位置(例如,由内部构造的路径名称指定),并代表主叫组件执行访问操作。 应用程序标识和组件标识将转换为类型化的标识名称,以用于构建路径名。
    • 10. 发明授权
    • Filtering a permission set using permission requests associated with a code assembly
    • 使用与代码程序集相关联的权限请求过滤权限集
    • US06981281B1
    • 2005-12-27
    • US09599015
    • 2000-06-21
    • Brian A. LaMacchiaLoren M. KohnfelderGregory Darrell FeeMichael J. Toutonghi
    • Brian A. LaMacchiaLoren M. KohnfelderGregory Darrell FeeMichael J. Toutonghi
    • G06F21/22G06F1/00G06F21/00H04L9/00G06F11/30G06F12/14H04L9/32
    • G06F21/52
    • A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.
    • 安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。 策略管理器可以与计算机系统(例如,Web客户机)一起在运行时环境的验证模块和类加载器的组合中执行。 为代码组合生成的许可授权集合被应用于运行时调用堆栈中,以帮助系统确定代码组件的给定系统操作是否被授权。 还可以与代码组合相关联地接收许可请求集合。 许可请求集可以包括最小请求集,指定代码组件正确运行所需的权限。 许可请求集还可以包括可选的请求集合,指定代码组件请求的许可以提供替代级别的功能。 此外,许可请求集合可以包括垃圾请求集合,指定不被授予代码组件的权限。 权限请求用于过滤权限集以生成权限授予集。