公开(公告)号：JPH1083310A

公开(公告)日：1998-03-31

申请号：JP15176897

申请日：1997-06-10

Applicant: IBM

Inventor： DAN ASIT ,  RAMASWAMI RAJIV ,  SITARAM DINKAR

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/445 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  H04L9/32 ,  H04L29/06 ,  G06F9/06

Abstract: PROBLEM TO BE SOLVED: To provide an authentification system for allowing a relied third party to confirm the author of a program and to sign a certification for guaranteeing the perfection of the program. SOLUTION: A program code 140 is capsuled together with a guarantee and access control list(ACL) 150. ACL 150 describes an allowable condition and a resource required by the code 140. A forcing mechanism assigns the allowanble condition of a system and a resource according to ACL 150. For example, a code preparing system 10 communicates with a certifying organization 15 being the relied third party. The organization 15 issues the cerificate of the code 140 and the certificate of ACL 150 of the code 140. Once the certificate is issued, nobody can change the code 140 and ACL 150 without invalidating the certificate. The code 140, its ACL 150 and their certificates are stored in a server.

公开(公告)号：DE69732323T2

公开(公告)日：2005-12-22

申请号：DE69732323

申请日：1997-05-20

Applicant: IBM

Inventor： DAN ASIT ,  RAMASWAMI RAJIV ,  SITARAM DINKAR

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/445 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  H04L9/32 ,  H04L29/06 ,  G06F9/46

Abstract: A form of authentication is provided wherein a trusted third party signs a certificate to identify the author of a program and to secure its integrity. The program code is encapsulated or otherwise associated with the certificate and an access control list (ACL). The access control list describes the permissions and resources required by the code. An enforcement mechanism which allocates system permissions and resources in accordance with the ACL. In a preferred embodiment, a code production system communicates with a certification agency, which is a trusted third party. The certification agency issues a certificate for the code and a certificate for the access list of that code. Once the certificate is issued it is not possible for any party to modify the code or access list without invalidating the certificate. The code and its ACL, along with their certificates are stored on a server. A client downloading the code or access list can verify the integrity of the code/access list and the system can enforce the access list such that the permissions and resources are not exceeded.

公开(公告)号：DE69637290D1

公开(公告)日：2007-11-29

申请号：DE69637290

申请日：1996-07-03

Applicant: IBM

Inventor： RAMASWAMI RAJIV ,  SEGALL ADRIAN

IPC: H04B10/20 ,  H04Q11/00 ,  H04L12/56 ,  H04Q3/00 ,  H04Q3/66 ,  H04Q11/04

Abstract: An efficient distributed means for setting up, taking down, and updating connections in a communications network, which is robust in the presence of failures. More specifically with this invention a path for a connection is computed and reservation requests are simultaneously sent through separate channels to each of a set of nodes of the path for the connection to reserve and determine if resources are available for the connection. Upon acknowledgement that the links for the connection are available and have been reserved, a setup message is sequentially transmitted between the adjacent nodes along the path until the setup messages reaches the destination node. The switches in each node then configure themselves in response to the setup message so as to establish the connection.

公开(公告)号：DE69637290T2

公开(公告)日：2008-07-17

申请号：DE69637290

申请日：1996-07-03

Applicant: IBM

Inventor： RAMASWAMI RAJIV ,  SEGALL ADRIAN

IPC: H04B10/20 ,  H04Q11/00 ,  H04L12/56 ,  H04Q3/00 ,  H04Q3/66 ,  H04Q11/04

Abstract: An efficient distributed means for setting up, taking down, and updating connections in a communications network, which is robust in the presence of failures. More specifically with this invention a path for a connection is computed and reservation requests are simultaneously sent through separate channels to each of a set of nodes of the path for the connection to reserve and determine if resources are available for the connection. Upon acknowledgement that the links for the connection are available and have been reserved, a setup message is sequentially transmitted between the adjacent nodes along the path until the setup messages reaches the destination node. The switches in each node then configure themselves in response to the setup message so as to establish the connection.

公开(公告)号：DE69732323D1

公开(公告)日：2005-03-03

申请号：DE69732323

申请日：1997-05-20

Applicant: IBM

Inventor： DAN ASIT ,  RAMASWAMI RAJIV ,  SITARAM DINKAR

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/445 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  H04L9/32 ,  H04L29/06 ,  G06F9/46

Abstract: A form of authentication is provided wherein a trusted third party signs a certificate to identify the author of a program and to secure its integrity. The program code is encapsulated or otherwise associated with the certificate and an access control list (ACL). The access control list describes the permissions and resources required by the code. An enforcement mechanism which allocates system permissions and resources in accordance with the ACL. In a preferred embodiment, a code production system communicates with a certification agency, which is a trusted third party. The certification agency issues a certificate for the code and a certificate for the access list of that code. Once the certificate is issued it is not possible for any party to modify the code or access list without invalidating the certificate. The code and its ACL, along with their certificates are stored on a server. A client downloading the code or access list can verify the integrity of the code/access list and the system can enforce the access list such that the permissions and resources are not exceeded.