Abstract: A system and method are disclosed that enable exclusive rights in generic goods to be transferred from one party to another. A party holds an exclusive right to a good through a rescindable capability. When two parties agree on a transfer of the exclusive right to the good, a goods description memorializing the agreement is created which is in synergy with the rescindable capability. The goods description includes an acquire method that is the only method that can extract rights from the rescindable capability with which it is in synergy. The object from which the generic right is being transferred sends a message to the recipient with a reference to the rescindable capability. Upon receiving the message, the recipient invokes the acquire method of the referenced goods description, which returns a new rescindable capability that encompasses the generic right just transferred. Once the recipient holds a reference to the new rescindable capability, the sender has had its rights rescinded.

Abstract: A document is digitally signed with a digital signature that is unique to the signer/document pair. A document digest is generated by applying a predefined one-way hash function to the document. A pseudo-random key is generated by combining the document digest with at least one other value in accordance with a predefined computational procedure. The digital signature is then generated as a predefined function of the private key, the document digest, and the pseudo-random key k. A distinct pseudo-random key is generated for each distinct specified document, and for a given value of the private key, a distinct digital signature is generated for each distinct specified document. In a preferred embodiment the pseudo-random key generating step includes combining the document digest with a value corresponding to the private key to generate an intermediate value, and hashing the intermediate value with the predefined one-way hash function to generate the pseudo-random key k.

Abstract: An electronic communication authority server that provides centralized key management, implementation of role-based enterprise policies and workflow and projection of corporate authorities over trusted networks. The authority server includes a key database that associates keys, signatures and indicators of corporate authority (such as letterhead) with particular corporate roles. There can be multiple roles or a single role (e.g., employee) for each authority server. Users associated with one or more roles are permitted by the authority server to exercise authority or include the indicators of authority in their communications. The authority server also encrypts/decrypts and signs/verifies communications from/to a user using the keys and signatures associated with the role being exercised by the user for that communication. The authority server permits roles to be delegated or transferred, which facilitates the execution by the authority server of role-dependent workflow procedures.

Abstract: A system and method is disclosed that provides persistent capabilities for distributed, object-oriented applications running on generally available hardware. The disclosed system and method operate in a transparent distributed object system where inter-process messaging between the program objects is effected by paired transport managers, proxies and matched in-table and out-table slots. Each object needing to communicate with an object in another address space does so by transparently issuing messages to that object's local proxy. Each process provides a registrar that includes a secret code table wherein an object is registered with a unique, practically unguessable secret code. Anticipating the need to re-establish object-proxy links following a inter-process communications fault, proxies are made revivable, meaning that their links with corresponding remote objects can be revived following a communications interruption.

Abstract: A distributed garbage collection system and method is disclosed that is compatible with local ref-count or full garbage collection and that ensures that no local object's storage is deleted by the local garbage collector unless it is certain that there are no actual or potential remote references to that local object. The disclosed system and method are implemented in the context of a transparent distributed object system in which communications between objects in different processes are enabled by dedicated proxy objects that are linked to corresponding remote objects via a pair of transport objects. Additional proxy holder objects and proxy holder proxies ensure that objects for which third-party object references are passed (i.e., where one object in a first process passes a remote object in a second process a reference to a third object in a third process) are not collected until a direct link is established between the remote object in the second process and the third object in the third object space.

Abstract: A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination.

Abstract: A system and method is disclosed that provides lightweight non-repudiability for networked computer systems. Each party to a two-party communication maintains hashes on its incoming and outgoing messages. At its discretion, either party can request that the other party commit to the conversation. The second party (if it agrees) then sends signed hashes that third parties can use to verify the content of the conversation. The party requesting the commitment stores its corresponding hashes when it sends the request. If the hashes from both parties are the same for the same positions in their conversation, the two parties can verify that their conversation is error-free. If the sending party also maintains logs of both sides (incoming and outgoing) of the conversation and stores hashes corresponding to the beginning of the logs, the sending party is also able to verify to a third party that the logged portion of the conversation was between the first party and the second party.

Abstract: A system providing capability security for distributed object systems is disclosed. The basic tenet of capability security is that the right to do something to an object (e.g., invoke a particular object's methods) is represented solely by the holding of a reference to that object. In each of the preferred embodiments described herein, an object is presumed to hold legitimately a reference to a particular object only if the object knows some unpublicized (except under the conditions required by capability security) key associated with the particular object. That is, an object's key is required along with the object's reference. So that capability security is preserved when object references are passed between objects in different processes, the object references being passed are encrypted upon transmission and then decrypted upon arrival at their intended destination.

Abstract: A diverse goods arbitration system and method allocates computer resources among bidding requesters. Bid slates are transmitted to an arbiter by users (requesters) requesting use of specified portions of the available computer resources. Each bid slate may contain a plurality of bids, each bid representing a requested set of resources and a bid price. The arbiter selects combinations of bids from the bid slates, where each bid combination consists of no more than one bid from each of the received bid slates. The arbiter rejects all bid combinations whose constituent bids exceed an established maximum allocation level for any computer resource. It then selects as a winning bid combination the bid combination having the highest total bid price. Computer resources are then allocated for a next time period based on the winning bid. Costs are allocating to each successful requester in accordance with a predefined opportunity cost function.