Abstract: A security protocol entity (20) is provided that includes a mechanism for enabling a first party (11) to communicate securely with a second party (60) through an access-controlling intermediate party (13) by nesting within a first security session (64) established with the intermediate party (13) a second security session (65) with the second party (60). The protocol data units, PDUs, associated with the second security session (65) are encapsulated in PDUs associated with the first security session (64) when sent out by the first party, the intermediate party extracting the encapsulated PDUs for sending on to the second party (possibly with a change to the destination address included in the PDU to be sent on). Each PDU includes a message type field explicitly indicating to the intermediate party (13) if a received PDU encapsulates another PDU intended to be sent on.

Abstract: A method is disclosed for discovering a trust chain that imparts a required attribute to a subject and is grounded in a trusted principal that is the issuer of a known trusted attribute delegation. The method involves setting as a primary goal to be proved an attribute delegation from a trusted principal to the subj ect and then seeking a backwards proof of the primary goal by a process of recursively taking a goal to be proved, starting with the primary goal, and decomposing it into subgoals one of which corresponds to an attribute delegation already proved by an available certificate. If it is not possible to decompose a subgoal that has not been proved, the process backtracks to a previous subgoal to seek a new decomposition of the latter. A trust chain is taken as found when the process produces a chain of subgoals proved by corresponding certificates, that grounds in a subgoal proved by a trusted attribute delegation. Name mappings are also permitted.

Abstract: A security protocol system is provided in which at least some of the protocol PDUs are exchanged between the parties operating the protocol in the form of electronic documents formatted according to a self-describing markup language such as XML.

Abstract: An electronic certificate has content data specifying an attribute delegation from an identified issuer to an identified subject, and an electronic signature for confirming the content data. The content data includes a condition (70) requiring that a particular subject must have a particular attribute in order for the delegation to be valid. This particular subject may be the same as or different from the identified subject. More than one such subject-directed condition can be included in the certificate, the conditions being combined in a predetermined logical relationship.

Abstract: A system has a local client application (10) and a communications stack (20, 14) by which the local application can communicate with remote peer applications on other systems. The communications stack includes a transport entity (14) for providing transport services, and a transport-independent, session-level security entity (20) logically positioned above the transport entity and visible to the local application. The security entity has a key-exchange handshake protocol engine (24) for conducting a handshake with a peer security entity (30) associated with a particular remote application (12) with which the local application (10) wishes to communicate, this handshake involving the exchange of key-related data for use in generating session keys. The security entity (20) also has a secure channel engine (25) for enabling messages to be passed between the local application and the target remote application with authentication and/or encryption.

Abstract: A game board for simulating a football game. The inventive device includes a main panel having lateral panels pivotally attached to opposed longitudinal sides thereof. A track extends along a center of the main panel and supports a ball member for longitudinal movement relative to the board. The track extends between uprights of goal posts positioned at opposed ends of the main panel.