Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-03-20
2001-05-01
Etienne, Ario (Department: 2155)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C710S107000
Reexamination Certificate
active
06226746
ABSTRACT:
RELATED APPLICATIONS
The following identified U.S. patent applications are relied upon and are incorporated by reference in this application.
U.S. patent application entitled “Controlling Access to a Resource,” filed on Dec. 11, 1997, and accorded Ser. No. 08/988,431.
U.S. patent application entitled “Protection Domains to Provide Security in a Computer System,” filed on Dec. 11, 1997, and accorded Ser. No. 08/988,439.
U.S. patent application entitled “Secure Class Resolution, Loading and Definition,” filed on Dec. 11, 1997, and accorded Ser. No. 08/988/660.
U.S. patent application entitled “Typed, Parameterized, and Extensible Access Control Permissions,” filed on Dec. 11, 1997, and accorded Ser. No. 08/988,857.
U.S. patent application entitled “Layer-Independent Security for Communication Channels,” filed on Jun. 26, 1997, and accorded Ser. No. 08/883,636.
Provisional U.S. patent application Ser. No. 60/076,048, entitled “Distributed Computing System,” filed on Feb. 26, 1998.
U.S. patent application Ser. No. 09/044,923, entitled “Method and System for Leasing Storage,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,838, entitled “Method, Apparatus, and Product for Leasing of Delegation Certificates in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,834, entitled “Method, Apparatus and Product for Leasing of Group Membership in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,916, entitled “Leasing for Failure Detection,” filed on the same date herewith.
U.S. patent application Ser. No. 09/044,933, entitled “Method for Transporting Behavior in Event Based System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,918, entitled “Deferred Reconstruction of Objects and Remote Loading for Event Notification in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,938, entitled “Methods and Apparatus for Remote Method Invocation,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/045,652, entitled “Method and System for Deterministic Hashes to Identify Remote Methods,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,790, entitled “Method and Apparatus for Determining Status of Remote Objects in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,930, entitled “Downloadable Smart Proxies for Performing Processing Associated with a Remote Procedure Call in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,917, entitled “Suspension and Continuation of Remote Methods,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,835, entitled “Method and System for Multi-Entry and Multi-Template Matching in a Database,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,839, entitled “Method and System for In-Place Modifications in a Database,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,945, entitled “Method and System for Typesafe Attribute Matching in a Database,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,931, entitled “Dynamic Lookup Service in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,939, entitled “Apparatus and Method for Providing Downloadable Code for Use in Communicating with a Device in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,826, entitled “Method and System for Facilitating Access to a Lookup Service,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,932, entitled “Apparatus and Method for Dynamically Verifying Information in a Distributed System,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/030,840, entitled “Method and Apparatus for Dynamic Distributed Computing Over a Network,” and filed on Feb. 26, 1998.
U.S. patent application Ser. No. 09/044,936, entitled “An Interactive Design Tool for Persistent Shared Memory Spaces,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,934, entitled “Polymorphic Token-Based Control,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,915, entitled “Stack-Based Access Control,” and filed on the same date herewith.
U.S. patent application Ser. No. 09/044,837, entitled “Per-Method Designation of Security Requirements,” and filed on the same date herewith.
BACKGROUND OF THE INVENTION
The present invention is directed to security measures in a computer system and, more particularly, to systems and methods that combine security requirements of methods in a calling hierarchy of a thread executing on a computer.
Distributed systems usually contain a number of different computers interconnected by communications networks. Oftentimes, a client-server relationship is established between communicating computers. Typically, a “client” is defined as a process making a call to request resources located or controlled by a “server” process. In this context, the computers executing the requesting process and the server process may also be referred to as a client and server, respectively. However, these roles may change depending on the context of information and particular processing taking place.
One mechanism that facilitates the client-server relationship is the Remote Procedure Call (RPC) where the client invokes a function of the server. The RPC is a mechanism that provides synchronized communication between two processes operating on the same or different computers. The RPC mechanism is usually implemented in two parts: one part on the client side and the other part on the server side.
Security is an issue that always arises when client and server computers communicate. A breach in security can severely hamper the operation of both the client's and server's computers. Thus, organizations that use computer systems are vulnerable to persons who may intentionally or unintentionally cause the computer systems to malfunction or who may steal the organizations' confidential information.
System operators typically address three types of security issues: (1) preventing interception and alteration of messages; (2) controlling access to a server; and (3) authenticating a server by a client. System operators have conventionally addressed these issues in object-oriented programming enviromnents by defining a security class that provides methods for setting communication requirements. One such object-oriented programming environment is Sun Microsystems™Java™object-oriented programming environment described in Jaworski,
Java
1.1
Developer's Guide,
Sams.net, 1997, which is hereby incorporated by reference.
The security class includes five communication requirements: CONFIDENTIALITY, INTEGRITY, ANONYMITY, AUTHENTICATE_SERVER, and NO_DELEGATION. CONFIDENTIALITY ensures that message contents are private. System operators use encryption techniques to assure that only parties with the proper decryption key can decipher the message. INTEGRITY detects when message contents (both requests and replies) have been altered, and refuses to process altered messages. System operators may accomplish this through the use of checksums, or the like, at both the client and server locations.
ANONYMITY represents the client desiring to remain anonymous. In other words, the client does not want to be authenticated by the server. AUTHENTICATE_SERVER represents the client needing to authenticate the server before invoking a remote method. Through this communication requirement, the client ensures that it is communicating with the correct server. NO_DELEGATION refers to the server not being permitted to delegate under the client's identity in calls that it makes. In other words, the server is not authorized to make calls to other computer systems pretending to be the client.
Etienne Ario
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
Sun Microsystems Inc.
LandOfFree
Stack-based system and method to combine security... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Stack-based system and method to combine security..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Stack-based system and method to combine security... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2570991