专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08619971B2 Local secure service partitions for operating system security 有权
标题翻译：用于操作系统安全的本地安全服务分区
公开(公告)号：US08619971B2
公开(公告)日：2013-12-31
申请号：US11097697
申请日：2005-04-01
申请人： Thekkthalackal Varugis Kurien , Paul England , Ravindra Nath Pandya , Niels Ferguson
发明人： Thekkthalackal Varugis Kurien , Paul England , Ravindra Nath Pandya , Niels Ferguson
IPC分类号： H04K1/04 , H04K1/06
CPC分类号： G06F21/57 , G06F9/5077 , G06F2221/2149
摘要： Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.
摘要翻译：系统和方法提供了诸如管理程序之类的隔离技术上托管的多个分区，其中至少一个分区本地安全服务分区（LSSP）为其他分区提供安全服务。服务分区（LSSP）承载需要严格安全隔离的高保证服务，即使在用户未连接到网络时，也可以跨分区共享服务并进行访问。 LSSP还可以使用由TPM认证身份密钥（AIK）签名的密钥或由管理程序或服务分区安全地保存的其他密钥来证明任何计算的结果。可以将LSSP配置为提供可信的审核日志，可信的安全扫描，可信密码服务，可信的编译和测试，可信登录服务等。

12. 发明授权

US08601286B2 Saving and retrieving data based on public key encryption 有权
标题翻译：基于公钥加密保存和检索数据
公开(公告)号：US08601286B2
公开(公告)日：2013-12-03
申请号：US13015440
申请日：2011-01-27
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： G06F12/14
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译：根据某些方面，接收数据并生成并输出数字签名。数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件，或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名一个或多个处理器。

13. 发明授权

US08352740B2 Secure execution environment on external device 有权
标题翻译：外部设备上的安全执行环境
公开(公告)号：US08352740B2
公开(公告)日：2013-01-08
申请号：US12125929
申请日：2008-05-23
申请人： Paul England
发明人： Paul England
IPC分类号： G06F21/00
CPC分类号： H04L9/0897 , H04L9/3234 , H04L9/3263 , H04L9/3271 , H04L2209/76
摘要： A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM.
摘要翻译：诸如智能卡的设备可以被外部连接到主机平台，并且可以用于增强或扩展由主机平台的可信平台模块（TPM）提供的安全服务。设备和平台交换密钥，以便于设备对平台的可靠识别，反之亦然，并支持加密隧道。主机上的代理组件可以在平台和设备之间隧道传输信息，还可以让设备访问TPM的服务，如密封和认证。该设备可以向平台提供安全服务，并且可以在诸如通过交换的密钥确认平台的身份或由TPM报告的平台状态测量的条件下对这些服务的提供进行调节。

14. 发明申请

US20110307888A1 PROTECTION OF VIRTUAL MACHINES EXECUTING ON A HOST DEVICE 有权
标题翻译：在主机设备上执行虚拟机的保护
公开(公告)号：US20110307888A1
公开(公告)日：2011-12-15
申请号：US12815415
申请日：2010-06-15
申请人： Himanshu Raj , Paul England
发明人： Himanshu Raj , Paul England
IPC分类号： G06F9/455 , G06F12/02 , G06F12/00
CPC分类号： G06F21/74 , G06F9/45558 , G06F2009/45587
摘要： Technology is described for protection of virtual machines executing on a host device having host processors and host memory. The system can include a hypervisor configured to enable the virtual machines to execute concurrently on the host device. An emancipated partition can be provided with a communication channel to the hypervisor. A primary partition can be configured to interface with the emancipated partition through the communication channel via the hypervisor. In addition, an emancipated memory space and virtual register state for the emancipated partition can be protected from direct access by the primary partition.
摘要翻译：描述了用于保护在具有主机处理器和主机存储器的主机设备上执行的虚拟机的技术。该系统可以包括配置为使虚拟机能够在主机设备上同时执行的管理程序。可以向解放的分区提供与管理程序的通信信道。主分区可以配置为通过管理程序通过通信通道与解放的分区进行接口。此外，解放的分区的解放存储空间和虚拟寄存器状态可以被保护免受主分区的直接访问。

15. 发明授权

US07975117B2 Enforcing isolation among plural operating systems 有权
标题翻译：在多个操作系统之间实现隔离
公开(公告)号：US07975117B2
公开(公告)日：2011-07-05
申请号：US10741629
申请日：2003-12-19
申请人： Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
发明人： Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
IPC分类号： G06F13/00
CPC分类号： G06F21/78 , G06F12/1425 , G06F12/1483
摘要： Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译：多个客户机操作系统在计算机上运行，其中安全内核在客户机操作系统之间执行隔离策略。排除向量定义了一组不能被直接存储器访问（DMA）设备访问的页面。安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。因此，允许来宾操作系统中的设备驱动程序直接控制DMA设备，而不会对这些设备进行虚拟化，同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。

16. 发明申请

US20090313397A1 Methods and Systems for Protecting Data in USB Systems 审中-公开
标题翻译： USB系统数据保护方法与系统
公开(公告)号：US20090313397A1
公开(公告)日：2009-12-17
申请号：US12348487
申请日：2009-01-05
申请人： Paul England , Kenneth D. Ray , Marcus Peinado , John C. Dunn , Glen Slick , Bryan Willman
发明人： Paul England , Kenneth D. Ray , Marcus Peinado , John C. Dunn , Glen Slick , Bryan Willman
IPC分类号： G06F13/28
CPC分类号： G06F12/1408 , G06F3/065 , G06F13/28 , G06F13/362 , G06F13/4282 , G06F21/606 , G06F21/72 , G06F21/73 , G06F21/78 , G06F21/85 , G06F2212/1052 , G06F2221/0704 , G06F2221/2105 , G06F2221/2129 , G06F2221/2147 , G06F2221/2153
摘要： The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
摘要翻译：下面描述的各种实施例旨在从在USB总线上操作的I / O设备到主机（例如安全软件应用或安全内核）上执行的软件提供经认证和保密的消息传递。这些实施例可以防止在主计算机上执行的软件所征收的攻击。在一些实施例中，提供了安全的功能部件或模块，并且可以使用加密技术来提供对USB数据的观察和操纵的保护。在其他实施例中，USB数据可以通过不被利用（或不需要利用）加密技术的技术来保护。根据这些实施例，USB设备可以被指定为“安全”，因此，可以通过USB向这些指定设备发送和从这些指定设备发送的数据提供到受保护的存储器中。可以利用内存间接技术来确保进出安全设备的数据受到保护。

17. 发明申请

US20090292919A1 SECURE EXECUTION ENVIRONMENT ON EXTERNAL DEVICE 有权
标题翻译：外部设备安全执行环境
公开(公告)号：US20090292919A1
公开(公告)日：2009-11-26
申请号：US12125929
申请日：2008-05-23
申请人： Paul England
发明人： Paul England
IPC分类号： H04L9/32
CPC分类号： H04L9/0897 , H04L9/3234 , H04L9/3263 , H04L9/3271 , H04L2209/76
摘要： A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM.
摘要翻译：诸如智能卡的设备可以被外部连接到主机平台，并且可以用于增强或扩展由主机平台的可信平台模块（TPM）提供的安全服务。设备和平台交换密钥，以便于设备对平台的可靠识别，反之亦然，并支持加密隧道。主机上的代理组件可以在平台和设备之间隧道传输信息，还可以让设备访问TPM的服务，如密封和认证。该设备可以向平台提供安全服务，并且可以在诸如通过交换的密钥确认平台的身份或由TPM报告的平台状态测量的条件下对这些服务的提供进行调节。

18. 发明授权

US07587589B2 Saving and retrieving data based on symmetric key encryption 有权
标题翻译：基于对称密钥加密保存和检索数据
公开(公告)号：US07587589B2
公开(公告)日：2009-09-08
申请号：US11557641
申请日：2006-11-08
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： H04L29/06
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
摘要翻译：根据某些方面，从呼叫程序接收数据。使用对称密码，以允许只有一个或多个目标程序能够从密文获得数据的方式生成包含数据的密文。根据其他方面，从呼叫程序接收到位串。检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。还验证数据的完整性，并使用对称密钥对数据进行解密。只有当主叫程序被允许访问数据并且数据的完整性被成功验证时，才将数据返回给调用程序。

19. 发明授权

US07580526B2 Methods and apparatus for protecting signals transmitted between a source and destination device over multiple signals lines 失效
标题翻译：用于保护在多个信号线上在源和目的地设备之间传输的信号的方法和装置
公开(公告)号：US07580526B2
公开(公告)日：2009-08-25
申请号：US11134111
申请日：2005-05-20
申请人： Paul England , Andrew D. Rosen , Yacov Yacobi , Gideon A. Yuval
发明人： Paul England , Andrew D. Rosen , Yacov Yacobi , Gideon A. Yuval
IPC分类号： H04K1/00 , H04N7/167
CPC分类号： H04N9/641 , H04N5/765 , H04N5/775 , H04N5/913 , H04N7/163 , H04N7/1675 , H04N9/8042 , H04N21/2541 , H04N21/4122 , H04N21/4367 , H04N21/835 , H04N2005/91328 , H04N2005/91364
摘要： Methods and apparatus for protecting copyrighted information, e.g., video signals, from unauthorized use are described. Encrypted video signals are transmitted from a source device, e.g., display adapter, to a display device, e.g., monitor, over analog signal lines after the identity of the destination device is confirmed by receipt of a certificate assigned to the destination device. A session key, used for encrypting the analog signals, is generated and exchanged between the source and destination devices. The source and destination devices each include a pseudo-random number generator driven by the session key. As part of the encryption process a false video signal is generated. The false video signal and R, G, B video signals are transmitted to the display device over four lines. The lines used to transmit the R, G, B and false video signals are periodically swapped as a function of the output of the pseudo random number generator to encrypt, e.g., scramble, the video signals. To avoid having to provide an additional line between the display adapter and the display device beyond those used in conventional displays, horizontal synchronization information is combined with, e.g., modulated on, one or more of the other signals transmitted to the display. The horizontal sync line is then used to convey one of the four video signals. The display device extracts the horizontal timing information from the received video signals and decrypts the signals using the output of its pseudo random number generator to reverse the scrambling process used to encrypt the transmitted video signals.
摘要翻译：描述用于保护未经授权的使用的受版权保护的信息（例如，视频信号）的方法和装置。在通过接收到分配给目的地设备的证书来确认目的地设备的身份之后，加密的视频信号通过模拟信号线从源设备（例如，显示适配器）发送到显示设备，例如监视器。用于加密模拟信号的会话密钥在源设备和目的设备之间生成和交换。源和目的地设备每个都包括由会话密钥驱动的伪随机数发生器。作为加密处理的一部分，生成假视频信号。伪视频信号和R，G，B视频信号通过四行传输到显示设备。用于传输R，G，B和假视频信号的线路作为伪随机数发生器的输出的周期性交换，以加密（例如）加扰视频信号。为了避免在显示适配器和显示设备之间提供除了传统显示器中使用的显示适配器和显示设备之外的附加线路，水平同步信息与例如调制在传输到显示器的其它信号中的一个或多个相结合。然后，水平同步线用于传送四个视频信号中的一个。显示装置从接收到的视频信号中提取水平定时信息，并使用其伪随机数发生器的输出对信号进行解密，以反转用于加密所发送的视频信号的加扰处理。

20. 发明授权

US07457412B2 System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权
标题翻译：将操作系统认证到中央处理单元的系统和方法，向CPU / OS提供安全存储，并将CPU / OS认证给第三方
公开(公告)号：US07457412B2
公开(公告)日：2008-11-25
申请号：US11615266
申请日：2006-12-22
申请人： Paul England , Butler W. Lampson , John D. DeTreville
发明人： Paul England , Butler W. Lampson , John D. DeTreville
IPC分类号： H04L9/00
CPC分类号： G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要： In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.
摘要翻译：根据某些方面，计算机系统具有中央处理单元（CPU）和操作系统（OS），所述CPU具有一对专用和公共密钥以及保存操作系统的身份的软件身份寄存器。创建一个OS证书，包括软件身份登记器的身份，描述操作系统的信息和CPU公钥。创建的OS证书使用CPU私钥进行签名。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式