Abstract: An electronic certificate has content data specifying an attribute delegation from an identified issuer to an identified subject, and an electronic signature for confirming the content data. The content data includes a condition requiring that a particular subject must have a particular attribute in order for the delegation to be valid. This particular subject may be the same as or different from the identified subject. More than one such subject-directed condition can be included in the certificate, the conditions being combined in a predetermined logical relationship.

Abstract: A virtual network has virtual machines on physical devices connected to network interfaces each coupled by tunnels (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can deliver the data packet to the remote physical device having that forwarding address. Such encapsulation enables virtual machines on different physical devices to communicate transparently to the underlying forwarding network. Virtual networks can be created to suit their applications yet use or share existing forwarding networks, while protecting the forwarding network from interference by the virtual machines, and maintaining isolation between virtual machines.

Abstract: A method is disclosed for discovering a trust chain that imparts a required attribute to a subject and is grounded in a trusted principal that is the issuer of a known trusted attribute delegation. The method involves setting as a primary goal to be proved an attribute delegation from a trusted principal to the subject and then seeking a backwards proof of the primary goal by a process of recursively taking a goal to be proved, starting with the primary goal, and decomposing it into subgoals one of which corresponds to an attribute delegation already proved by an available certificate. If it is not possible to decompose a subgoal that has not been proved, the process backtracks to a previous subgoal to seek a new decomposition of the latter. A trust chain is taken as found when the process produces a chain of subgoals proved by corresponding certificates, that grounds in a subgoal proved by a trusted attribute delegation. Name mappings are also permitted.

Abstract: A security protocol entity (20) is provided that includes a mechanism for enabling a first party (11) to communicate securely with a second party (60) through an access-controlling intermediate party (13) by nesting within a first security session (64) established with the intermediate party (13) a second security session (65) with the second party (60). The protocol data units, PDUs, associated with the second security session (65) are encapsulated in PDUs associated with the first security session (64) when sent out by the first party, the intermediate party extracting the encapsulated PDUs for sending on to the second party (possibly with a change to the destination address included in the PDU to be sent on). Each PDU includes a message type field explicitly indicating to the intermediate party (13) if a received PDU encapsulates another PDU intended to be sent on.

Abstract: A system has a local client application (10) and a communications stack (20, 14) by which the local application can communicate with remote peer applications on other systems. The communications stack includes a transport entity (14) for providing transport services, and a transport-independent, session-level security entity (20) logically positioned above the transport entity and visible to the local application. The security entity has a key-exchange handshake protocol engine (24) for conducting a handshake with a peer security entity (30) associated with a particular remote application (12) with which the local application (10) wishes to communicate, this handshake involving the exchange of key-related data for use in generating session keys. The security entity (20) also has a secure channel engine (25) for enabling messages to be passed between the local application and the target remote application with authentication and/or encryption.

Abstract: A security protocol system is provided in which at least some of the protocol PDUs are exchanged between the parties operating the protocol in the form of electronic documents formatted according to a self-describing markup language such as XML.

Abstract: A system and method for resolving a rule conflict within a security policy applied to a trusted computing platform, wherein the fileset to which each of the conflicting rules v and s refers (or “scope”) is determined (step 10). It is then determined (at step 12) if the scope of one of the rules s is a complete subset of the scope of rule r. If so, rule s is applied to the accessed file f (at step 14). If not, the conflict is resolved in another way, for example, by determining the most restrictive of rules r and s (at step 16) and applying the result accordingly (step 18).

Abstract: A system comprising a trusted computing platform including one or more logically protected computing environments, each of which is associated with at least one service or process supported by said system, the system being arranged to load onto said trusted computing platform a predetermined security policy including one or more security rules for controlling the operation of each of said logically protected computing environments, the security rules for at least one of said logically protected computing environments including an execution control rule which defines the security attributes to be applied to a service or process associated with said logically protected computing environment when said service or process is started.

Abstract: A method for a user to authenticate to a first computer on a computer network comprises:

Abstract: A security protocol entity (20) is provided that includes a mechanism for enabling a first party (11) to communicate securely with a second party (60) through an access-controlling intermediate party (13) by nesting within a first security session (64) established with the intermediate party (13) a second security session (65) with the second party (60). The protocol data units, PDUs, associated with the second security session (65) are encapsulated in PDUs associated with the first security session (64) when sent out by the first party, the intermediate party extracting the encapsulated PDUs for sending on to the second party (possibly with a change to the destination address included in the PDU to be sent on). Each PDU includes a message type field explicitly indicating to the intermediate party (13) if a received PDU encapsulates another PDU intended to be sent on.

Abstract: A method is disclosed for discovering a trust chain that imparts a required attribute to a subject and is grounded in a trusted principal that is the issuer of a known trusted attribute delegation. The method involves setting as a primary goal to be proved an attribute delegation from a trusted principal to the subj ect and then seeking a backwards proof of the primary goal by a process of recursively taking a goal to be proved, starting with the primary goal, and decomposing it into subgoals one of which corresponds to an attribute delegation already proved by an available certificate. If it is not possible to decompose a subgoal that has not been proved, the process backtracks to a previous subgoal to seek a new decomposition of the latter. A trust chain is taken as found when the process produces a chain of subgoals proved by corresponding certificates, that grounds in a subgoal proved by a trusted attribute delegation. Name mappings are also permitted.

Abstract: A security protocol system is provided in which at least some of the protocol PDUs are exchanged between the parties operating the protocol in the form of electronic documents formatted according to a self-describing markup language such as XML.

Abstract: An electronic certificate has content data specifying an attribute delegation from an identified issuer to an identified subject, and an electronic signature for confirming the content data. The content data includes a condition (70) requiring that a particular subject must have a particular attribute in order for the delegation to be valid. This particular subject may be the same as or different from the identified subject. More than one such subject-directed condition can be included in the certificate, the conditions being combined in a predetermined logical relationship.

Abstract: A system has a local client application (10) and a communications stack (20, 14) by which the local application can communicate with remote peer applications on other systems. The communications stack includes a transport entity (14) for providing transport services, and a transport-independent, session-level security entity (20) logically positioned above the transport entity and visible to the local application. The security entity has a key-exchange handshake protocol engine (24) for conducting a handshake with a peer security entity (30) associated with a particular remote application (12) with which the local application (10) wishes to communicate, this handshake involving the exchange of key-related data for use in generating session keys. The security entity (20) also has a secure channel engine (25) for enabling messages to be passed between the local application and the target remote application with authentication and/or encryption.