-
公开(公告)号:US07558866B2
公开(公告)日:2009-07-07
申请号:US11007122
申请日:2004-12-08
申请人: Calvin C. Choe , Vivek P. Kamath
发明人: Calvin C. Choe , Vivek P. Kamath
IPC分类号: G06F15/16
CPC分类号: H04L63/0869 , H04L61/2015 , H04L63/0876 , H04L69/161
摘要: Disclosed is a mechanism for securely provisioning a client by authenticating that client during a dynamic configuration process. Rather than relying on post-configuration authentication schemes, the present invention combines security and dynamic configuration into a unified scheme. Any client device attempting to access a network may request configuration information from a configuration server associated with that network, but the server does not comply with the request until the client has successfully authenticated itself as a device authorized to receive configuration information for the network. The configuration server may provide the client with temporary configuration information that allows the client to proceed with the authentication process but that denies the client full access to the network. Upon successful authentication, the server may give the client new, non-temporary configuration information or may change the status of the information already given from temporary to a status giving fuller access.
摘要翻译: 公开了一种通过在动态配置过程期间认证该客户端来安全地配置客户端的机制。 本发明不是依赖于后配置认证方案,而是将安全性和动态配置结合到统一的方案中。 尝试访问网络的任何客户端设备可以从与该网络相关联的配置服务器请求配置信息,但是服务器不符合请求,直到客户端已经成功地认证为自己被授权接收网络的配置信息的设备。 配置服务器可以向客户端提供允许客户端继续认证过程但是拒绝客户端对网络的完全访问的临时配置信息。 成功认证后,服务器可以向客户端发送新的非临时配置信息,或者可以将已经从临时提供的信息的状态更改为更充分的访问状态。
-
公开(公告)号:US09185091B2
公开(公告)日:2015-11-10
申请号:US13630184
申请日:2012-09-28
申请人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
发明人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
IPC分类号: H04L29/06
CPC分类号: H04L63/0281 , H04L63/08 , H04L63/105 , H04L63/162 , H04L67/42
摘要: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.
摘要翻译: 用于管理网络中访问控制功能的软件。 该软件包括接收访问控制命令或信息并调用一个或多个方法的主机。 该方法执行访问控制功能并传送要发送的访问控制结果或消息。 主机可以安装在寻求对网络的访问的网络对等体中,或者在控制对网络的访问的服务器中。 当安装在对等体中时,主机接收命令并与请求者交换信息。 当安装在访问控制服务器中时,主机接收命令并与验证者交换信息。 主机具有灵活的架构,可实现多种功能,例如允许将相同的方法用于多个请求者的身份验证,提供第三方访问控制软件的即时集成,通过促进验证器软件升级和启用访问控制功能简化网络维护 除了对等认证。
-
公开(公告)号:US07793096B2
公开(公告)日:2010-09-07
申请号:US11395559
申请日:2006-03-31
IPC分类号: H04L29/06
CPC分类号: H04L9/3263 , H04L63/0823 , H04L63/20 , H04L2209/88
摘要: A method is provided for use in a computer system including a client and a health registration authority. The health registration authority is configured to accept requests for assertions, and the client has a health state described by at least one health claim. The method may include an act of including an indication of the at least one health claim of the client in a request for an assertion. A second method is provided for use in a computer system comprising a client, an assertion authority, and a plurality of health policies. The method can include an act of including an indication of at least one health policy that the health claim of the client satisfies in an assertion.
摘要翻译: 提供了一种在包括客户端和健康注册机构的计算机系统中使用的方法。 健康注册机构被配置为接受断言请求,并且客户端具有由至少一个健康声明描述的健康状态。 该方法可以包括在请求断言中包括客户端的至少一个健康声明的指示的动作。 提供了一种在计算机系统中使用的第二种方法,该计算机系统包括客户端,断言权限以及多个健康策略。 该方法可以包括包括在断言中满足客户的健康声明的至少一个健康策略的指示的动作。
-
公开(公告)号:US07542999B2
公开(公告)日:2009-06-02
申请号:US10819624
申请日:2004-04-07
申请人: Vivek P. Kamath , Craig S. Brown , John B. Pence , M. Chandra Shekaran , Thomas G. Lorimor , Thomas R. Firman , Elizabeth J. Gentile , Keith M. Toussaint
发明人: Vivek P. Kamath , Craig S. Brown , John B. Pence , M. Chandra Shekaran , Thomas G. Lorimor , Thomas R. Firman , Elizabeth J. Gentile , Keith M. Toussaint
CPC分类号: G06F17/30067 , Y10S707/99933 , Y10S707/99952 , Y10S707/99953
摘要: A method and system for transparently combining remote and local storage to provide an extended file system such as a virtual local drive for a computer system client/user, e.g., a user of a pocket sized personal computer or a cable set-top box. A client device may load file system object data, storing the directories and files remotely, and retrieving the files only when required. Via its local storage, the extended file system handles unreliable connections and delays. When a connection to an extended file system server is present, the extended file system provides automatic downloading of information that is not locally cached, and automatically uploading of information that has been modified on the client. Extended file system attributes are employed to determine the actual location of file system data, and a lightweight protocol is defined to download or upload remote data by low-level components that make the remote source transparent from the perspective of the application. The system scales to large networks as it employs the lightweight protocol and establishes a connection only to retrieve and submit data.
摘要翻译: 一种用于透明地组合远程和本地存储器以提供扩展文件系统的方法和系统,例如用于计算机系统客户端/用户的虚拟本地驱动器,例如袖珍型个人计算机或有线机顶盒的用户。 客户端设备可以加载文件系统对象数据,远程存储目录和文件,只有在需要时才能检索文件。 通过其本地存储,扩展文件系统处理不可靠的连接和延迟。 当与扩展文件系统服务器的连接存在时,扩展文件系统提供自动下载不是本地缓存的信息,并自动上传已在客户端上修改的信息。 使用扩展文件系统属性来确定文件系统数据的实际位置,并且定义了一个轻量级协议,以便从应用程序的角度使远程源透明的低级组件下载或上传远程数据。 该系统使用轻量级协议扩展到大型网络,并建立一个仅用于检索和提交数据的连接。
-
公开(公告)号:US20070234040A1
公开(公告)日:2007-10-04
申请号:US11395559
申请日:2006-03-31
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L63/0823 , H04L63/20 , H04L2209/88
摘要: A method is provided for use in a computer system including a client and a health registration authority. The health registration authority is configured to accept requests for assertions, and the client has a health state described by at least one health claim. The method may include an act of including an indication of the at least one health claim of the client in a request for an assertion. A second method is provided for use in a computer system comprising a client, an assertion authority, and a plurality of health policies. The method can include an act of including an indication of at least one health policy that the health claim of the client satisfies in an assertion.
摘要翻译: 提供了一种在包括客户端和健康注册机构的计算机系统中使用的方法。 健康注册机构被配置为接受断言请求,并且客户端具有由至少一个健康声明描述的健康状态。 该方法可以包括在请求断言中包括客户端的至少一个健康声明的指示的动作。 提供了一种在计算机系统中使用的第二种方法,该计算机系统包括客户端,断言权限以及多个健康策略。 该方法可以包括包括在断言中满足客户的健康声明的至少一个健康策略的指示的动作。
-
公开(公告)号:US20130024911A1
公开(公告)日:2013-01-24
申请号:US13630184
申请日:2012-09-28
申请人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
发明人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
IPC分类号: G06F21/20
CPC分类号: H04L63/0281 , H04L63/08 , H04L63/105 , H04L63/162 , H04L67/42
摘要: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.
摘要翻译: 用于管理网络中访问控制功能的软件。 该软件包括接收访问控制命令或信息并调用一个或多个方法的主机。 该方法执行访问控制功能并传送要发送的访问控制结果或消息。 主机可以安装在寻求对网络的访问的网络对等体中,或者在控制对网络的访问的服务器中。 当安装在对等体中时,主机接收命令并与请求者交换信息。 当安装在访问控制服务器中时,主机接收命令并与验证者交换信息。 主机具有灵活的架构,可实现多种功能,例如允许将相同的方法用于多个请求者的身份验证,提供第三方访问控制软件的即时集成,通过促进验证器软件升级和启用访问控制功能简化网络维护 除了对等认证。
-
公开(公告)号:US08286223B2
公开(公告)日:2012-10-09
申请号:US11177757
申请日:2005-07-08
申请人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
发明人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
IPC分类号: G06F13/00
CPC分类号: H04L63/0281 , H04L63/08 , H04L63/105 , H04L63/162 , H04L67/42
摘要: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.
摘要翻译: 用于管理网络中访问控制功能的软件。 该软件包括接收访问控制命令或信息并调用一个或多个方法的主机。 该方法执行访问控制功能并传送要发送的访问控制结果或消息。 主机可以安装在寻求对网络的访问的网络对等体中,或者在控制对网络的访问的服务器中。 当安装在对等体中时,主机接收命令并与请求者交换信息。 当安装在访问控制服务器中时,主机接收命令并与验证者交换信息。 主机具有灵活的架构,可实现多种功能,例如允许将相同的方法用于多个请求者的身份验证,提供第三方访问控制软件的即时集成,通过促进验证器软件升级和启用访问控制功能简化网络维护 除了对等认证。
-
公开(公告)号:US06754696B1
公开(公告)日:2004-06-22
申请号:US09535058
申请日:2000-03-24
申请人: Vivek P. Kamath , Craig S. Brown , John B. Pence , M. Chandra Shekaran , Thomas G. Lorimor , Thomas R. Firman , Elizabeth J. Gentile , Keith M. Toussaint
发明人: Vivek P. Kamath , Craig S. Brown , John B. Pence , M. Chandra Shekaran , Thomas G. Lorimor , Thomas R. Firman , Elizabeth J. Gentile , Keith M. Toussaint
IPC分类号: G06F15167
CPC分类号: G06F17/30067 , Y10S707/99933 , Y10S707/99952 , Y10S707/99953
摘要: A method and system for transparently combining remote and local storage to provide an extended file system such as a virtual local drive for a computer system client/user, e.g., a user of a pocket sized personal computer or a cable set-top box. A client device may load file system object data, storing the directories and files remotely, and retrieving the files only when required. Via its local storage, the extended file system handles unreliable connections and delays. When a connection to an extended file system server is present, the extended file system provides automatic downloading of information that is not locally cached, and automatically uploading of information that has been modified on the client. Extended file system attributes are employed to determine the actual location of file system data, and a lightweight protocol is defined to download or upload remote data by low-level components that make the remote source transparent from the perspective of the application. The system scales to large networks as it employs the lightweight protocol and establishes a connection only to retrieve and submit data.
摘要翻译: 一种用于透明地组合远程和本地存储以提供扩展文件系统的方法和系统,例如用于计算机系统客户端/用户的虚拟本地驱动器,例如袖珍型个人计算机或有线机顶盒的用户。 客户端设备可以加载文件系统对象数据,远程存储目录和文件,只有在需要时才能检索文件。 通过其本地存储,扩展文件系统处理不可靠的连接和延迟。 当与扩展文件系统服务器的连接存在时,扩展文件系统提供自动下载不是本地缓存的信息,并自动上传已在客户端上修改的信息。 使用扩展文件系统属性来确定文件系统数据的实际位置,并且定义了一个轻量级协议,以便从应用程序的角度使远程源透明的低级组件下载或上传远程数据。 该系统使用轻量级协议扩展到大型网络,并建立一个仅用于检索和提交数据的连接。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.018 秒)
