Kevin F Kingdon, Age 68531 S 1200 E, Salt Lake City, UT 84102

6532451, Mar 11, 2003

Mar 23, 1999

09/274532

Roger R. Schell - Orem UT
Kevin W. Kingdon - San Mateo CA
Thomas A. Berson - Palo Alto CA

Novell, Inc. - Provo UT

H04L 900

705 54, 705 1, 705 7, 705 8, 705 9, 705 57, 705 67, 705 74, 705 75, 713159, 713164, 713180, 713184, 713200

An apparatus and method provides one or more controlled, dynamically loaded, modular, cryptographic fillers. Fillers may be loaded by a single loader, multiple independent loaders, or nested loaders. Loaders may be adapted to load other loaders, within cryptographic controls extant and applicable thereto. Integration into a base executable having one or more slots, minimizes, controls, and links the interface between the fillers and base executables. The filler may itself operate recursively to load another filler in nested operations, whether or not the fillers are in nested relation to one another. An ability of any filler to be loaded may be controlled by the base executable verifying the integrity, authorization, or both for any filler. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy may limit each modules function, access, and potential for modification or substitution.

6701433, Mar 2, 2004

Mar 23, 1999

09/274696

Roger R. Schell - Orem UT
Kevin W. Kingdon - San Mateo CA
Thomas A. Berson - Palo Alto CA
Robert R. Jueneman - Provo UT

Novell, Inc. - Provo UT

H04L 900

713164, 713171, 713189, 380277, 380286

An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic implementation for integration of flexible policy implementations on policy engines, and the like, into a base executable having at least one slot. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy module may be included for use in limiting each modules function, access, and potential for modification or substitution. The policy may be implemented organically within a manager layer or may be modularized further in an underlying engine layer as an independent policy, or as a policy created by a policy engine existing in an engine layer. The policy module is subordinate to the manager module in the manager layer in that the manager module calls the policy module when it is needed by the manager module. The policy module is preferably dynamically linkable, providing flexibility, and is layered deeper within the filler module than the manager module.

6751735, Jun 15, 2004

May 26, 1999

09/320423

Roger R. Schell - Orem UT
Kevin W. Kingdon - San Mateo CA
Thomas A. Berson - Palo Alto CA
Robert R. Jueneman - Provo UT

Novell, Inc. - Provo UT

G06F 1130

713189, 713194, 717100, 717162, 717163, 717166, 706 47, 706 50, 706919, 706921, 706922, 380277, 380286

An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic implementation for integration of flexible policy implementations on policy engines, and the like, into a base executable having at least one slot. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy module may be included for use in limiting each modules function, access, and potential for modification or substitution. The policy may be implemented organically within a manager layer or may be modularized further in an underlying engine layer as an independent policy, or as a policy created by a policy engine existing in an engine layer. The policy module is subordinate to the manager module in the manager layer in that the manager module calls the policy module when it is needed by the manager module. The policy module is preferably dynamically linkable, providing flexibility, and is layered deeper within the filler module than the manager module.

7383442, Jun 3, 2008

Oct 24, 2002

10/279517

Roger R. Schell - Orem UT, US
Kevin W. Kingdon - San Mateo CA, US
Thomas A. Berson - Palo Alto CA, US

Novell, Inc. - Provo UT

G06F 11/30
G06F 12/14
H04K 9/32
H04L 9/14
H04L 9/00
H04K 9/00

713188, 713180, 713164, 380 3, 380 4, 380 25, 380277

An apparatus and method provides one or more controlled, dynamically loaded, modular, cryptographic fillers. Fillers may be loaded by a single loader, multiple independent loaders, or nested loaders. Loaders may be adapted to load other loaders, within cryptographic controls extant and applicable thereto. Integration into a base executable having one or more slots, minimizes, controls, and links the interface between the fillers and base executables. The filler may itself operate recursively to load another filler in nested operations, whether or not the fillers are in nested relation to one another. An ability of any filler to be loaded may be controlled by the base executable verifying the integrity, authorization, or both for any filler. The base executable may rely on an integrated loader to control loading and linking of fillers and submodules. A policy may limit each module function, access, and potential for modification or substitution.

5553143, Sep 3, 1996

Feb 4, 1994

8/192166

Cliff D. Ross - Pleasant Grove UT
Neil W. Taylor - Springville UT
Kevin W. Kingdon - Orem UT
Howard R. Davis - Salem UT
Drew Major - Orem UT

Novell, Inc.

H04K 100

380 25

The present invention allows for the electronic management and enforcement of software licenses. The present invention can be used in a network or non-network environment to facilitate product licensing and upgrades. Further, the present invention accommodates the use of compact disc read-only memory (CD ROM) product distribution. Further, the present invention can retain useful, after-market information. The present invention provides the ability to implement a license policy. Further, the license policy can be implemented or modified without requiring a new version of the associated product. The present invention provides the ability to create electronic licenses. Further, the present invention provides the ability to extract and transfer licenses from an inventory of licenses to a final distribution media. Licenses can be transferred to a reseller in batches. A reseller can extract unused licenses from these batches to generate licenses.

5677851, Oct 14, 1997

Dec 15, 1994

8/357467

Kevin Kingdon - Orem UT
Randal Earl Childers - Orem UT
DeeAnne Higley - Provo UT
Dale R. Olds - Sandy UT

Novell, Inc. - Orem UT

H04L 900

364514C

A method of providing authoritative access control to computer networks that employs a distributed network directory using a static means of resolving object attributes is disclosed. The method employs the existing directories and an authentication procedure for each server. A first object that is under the physical control of the administrator of one partition of the distributed network directory requests access to a second object that is under the physical control of the administrator of another partition of the distributed network directory. The directory verifies that the access control list of the first object includes the second object. The access control list of the second object is then checked to verify that it includes a reference to the first object as an object that is permitted access to the second object. As a result, access is only granted in response to requests from objects that appear in the access control list of the second object. A method of synchronizing the access control lists based upon an authoritative access control list is also disclosed.

5933503, Aug 3, 1999

Mar 15, 1996

8/618411

Roger R. Schell - Orem UT
Kevin W. Kingdon - Fremont CA
Thomas A. Berson - Palo Alto CA

Novell, Inc - Provo UT

H04K 100

380 25

An apparatus and method provide a controlled, dynamically loaded, modular, cryptographic filler for integration into a base executable having a "slot" minimizing the interface between the filler and the base executable, and between individual component modules in the filler. Cryptographic engines provide for security (privacy and integrity) of data. The base executable having potential cryptographic capability may rely on an integrated loader to control linking of the filler and its modules according to a controlling policy set by export or import laws. A base executable may be a network operating system having a "slot" for dynamically linking the filler and its modules. Modules may be created by a third party vendor within controls enforced by the loader and a management module in the filler. Asymmetric key cryptography may assure that modules have not been modified, functionally extended, or created by unauthorized sources, and may ensure that keys used in the modules come only from authorized sources. The policy may limit each module's function, access, and potential for modification or substitution.

5349642, Sep 20, 1994

Nov 3, 1992

7/970611

Kevin Kingdon - Orem UT

Novell, Inc. - Provo UT

H04L 928

380 25

The present invention provides a method and apparatus for message packet authentication to prevent the forging of message packets. After a message packet is created, a secret session key is preappended to the message, and a message digesting algorithm is executed on the altered message to create a message digest. A portion of the message digest, referred to as the signature, is then appended to the actual message when it is sent over the wire. The receiving station strips the signature from the message, preappends the same secret session key and creates its own message digest. The signature of the digest created by the receiving station is compared to the signature of the digest appended by the sending station. If there is a match, an authentic message is assumed. If there is no match, the message is considered as invalid and discarded.