专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20080002724A1 Method and apparatus for multiple generic exclusion offsets for security protocols 审中-公开
标题翻译：用于安全协议的多个通用排除偏移的方法和装置
公开(公告)号：US20080002724A1
公开(公告)日：2008-01-03
申请号：US11479157
申请日：2006-06-30
申请人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号： H04L12/56
CPC分类号： H04L63/0428 , H04L63/104 , H04L63/164 , H04L69/22
摘要： A method and apparatus to define multiple zones in a data packet for exclusion from processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations from which the zone is protected.
摘要翻译：一种在数据分组中定义多个区域以便通过安全协议的安全操作排除在处理之外的方法和装置。在一个实施例中，每个定义的区域具有相关的安全操作列表，从该区域被保护。

22. 发明申请

US20140044258A1 METHODS AND SYSTEMS FOR CRYPTOGRAPHIC ACCESS CONTROL OF VIDEO 有权
标题翻译：视频录像访问控制的方法与系统
公开(公告)号：US20140044258A1
公开(公告)日：2014-02-13
申请号：US13977529
申请日：2012-03-31
申请人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
发明人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
IPC分类号： H04N21/647
CPC分类号： H04N21/64715 , H04N21/23476 , H04N21/2541 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355
摘要： Methods and systems for cryptographic access control of multimedia video, include embedding as metadata access control policy (ACP) information, including authorization rules and cryptographic information tied to an encryption policy, into encrypted video. An authorized receiver device having credentials and/or capabilities matched to the authorization rules is able to extract the ACP information from the encrypted video and use it to decrypt and properly render the video.
摘要翻译：多媒体视频的密码访问控制方法和系统包括嵌入作为元数据访问控制策略（ACP）信息，包括与加密策略相关的授权规则和加密信息，加密视频。具有与授权规则匹配的凭证和/或能力的授权的接收机设备能够从加密的视频中提取ACP信息，并使用它来解密并适当地呈现视频。

23. 发明申请

US20090119510A1 END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY 审中-公开
标题翻译：具有交通可见性的端到端网络安全
公开(公告)号：US20090119510A1
公开(公告)日：2009-05-07
申请号：US11935783
申请日：2007-11-06
申请人： Men Long , Jesse Walker , David Durham , Marc Millier , Karanvir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
发明人： Men Long , Jesse Walker , David Durham , Marc Millier , Karanvir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
IPC分类号： H04L9/32
CPC分类号： H04L63/0428 , H04L9/0631 , H04L9/3242 , H04L63/08 , H04L63/1466 , H04L63/168 , H04L2209/12 , H04L2209/38
摘要： End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.
摘要翻译：公开了客户机与服务器之间的端到端安全性，以及通过组合模式，单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。在各种实施例中，组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元，并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签，其中认证和加密密钥具有不同的密钥值。在各种实施例中，密码单元以AES计数器模式运行，并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能，同时允许中间设备访问用于解密数据的加密密钥，而不提供该设备损害数据完整性的能力，这在端到端设备之间保留。

24. 发明授权

US09094733B2 Methods and systems for cryptographic access control of video 有权
标题翻译：视频加密访问控制的方法和系统
公开(公告)号：US09094733B2
公开(公告)日：2015-07-28
申请号：US13977529
申请日：2012-03-31
申请人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
发明人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
IPC分类号： G06F21/62 , H04N21/647 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355 , H04L9/18
CPC分类号： H04N21/64715 , H04N21/23476 , H04N21/2541 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355
摘要： Cryptographic access control of multimedia video is presented. A method includes generating as metadata an access control policy (ACP) associated with video, the ACP including authorization rules and cryptographic information associated with an encryption policy; encrypting the video according to the encryption policy; and encoding the encrypted video with the authorization rules and the cryptographic information, which may be used to decrypt and render the encoded video. As an example, an authorized receiver device having credentials and/or capabilities matched to the authorization rules may extract the ACP information from the encrypted video and use it to decrypt and properly render the video. The method may further include visually encoding the encrypted video with at least portions of the authorization rules and the cryptographic information, such that the visually encoded video is renderable as the video by an authorized device, but is renderable as visually unintelligible video by an unauthorized device.
摘要翻译：介绍了多媒体视频的密码访问控制。一种方法包括：生成与视频相关联的访问控制策略（ACP）作为元数据，所述ACP包括与加密策略相关联的授权规则和加密信息; 根据加密策略加密视频; 并使用可用于解密和呈现编码视频的授权规则和密码信息对加密的视频进行编码。作为示例，具有与授权规则匹配的凭证和/或能力的授权接收机设备可以从加密的视频中提取ACP信息，并使用它来解密并适当地呈现视频。该方法还可以包括使用授权规则和密码信息的至少一部分来视觉地编码加密的视频，使得视觉编码的视频可以由授权设备呈现为视频，但是可被未经授权的设备呈现为视觉上难以理解的视频。

25. 发明授权

US08423747B2 Copy equivalent protection using secure page flipping for software components within an execution environment 有权
标题翻译：使用执行环境中软件组件的安全页面翻转复制等效保护
公开(公告)号：US08423747B2
公开(公告)日：2013-04-16
申请号：US12164489
申请日：2008-06-30
申请人： David Durham , Prashant Dewan
发明人： David Durham , Prashant Dewan
IPC分类号： G06F12/00
CPC分类号： G06F9/455 , G06F12/145 , G06F12/1491
摘要： Embodiments of copy equivalent protection using secure page flipping for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor (VMM), Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. In an embodiment, an embedded VM is allowed to directly manipulate page table mappings so that, even without running the VMM or obtaining VMXRoot privilege, the embedded VM can directly flip pages of memory into its direct/exclusive control and back. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述使用执行环境中的软件组件的安全页面翻转的复制等效保护的实施例。一个实施例包括虚拟机监视器（VMM），操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证，授权和验证的软件组件进行访问的存储区域，即使在其他方面受到损害的操作系统环境的一部分。在一个实施例中，嵌入式VM被允许直接操纵页表映射，使得即使没有运行VMM或获得VMXRoot特权，嵌入式VM也可以将存储器的页面直接翻转为其直接/排他控制和返回。可以描述和要求保护其他实施例。

26. 发明申请

US20090327575A1 COPY EQUIVALENT PROTECTION USING SECURE PAGE FLIPPING FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
标题翻译：使用执行环境中软件组件的安全页面转移的复制等效保护
公开(公告)号：US20090327575A1
公开(公告)日：2009-12-31
申请号：US12164489
申请日：2008-06-30
申请人： David Durham , Prashant Dewan
发明人： David Durham , Prashant Dewan
IPC分类号： G06F12/08
CPC分类号： G06F9/455 , G06F12/145 , G06F12/1491
摘要： Embodiments of copy equivalent protection using secure page flipping for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor (VMM), Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. In an embodiment, an embedded VM is allowed to directly manipulate page table mappings so that, even without running the VMM or obtaining VMXRoot privilege, the embedded VM can directly flip pages of memory into its direct/exclusive control and back. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述使用执行环境中的软件组件的安全页面翻转的复制等效保护的实施例。一个实施例包括虚拟机监视器（VMM），操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证，授权和验证的软件组件进行访问的存储区域，即使在其他方面受到损害的操作系统环境的一部分。在一个实施例中，嵌入式VM被允许直接操纵页表映射，使得即使没有运行VMM或获得VMXRoot特权，嵌入式VM也可以将存储器的页面直接翻转为其直接/排他控制和返回。可以描述和要求保护其他实施例。

27. 发明申请

US20080244268A1 End-to-end network security with traffic visibility 审中-公开
标题翻译：具有流量可见性的端到端网络安全
公开(公告)号：US20080244268A1
公开(公告)日：2008-10-02
申请号：US11731562
申请日：2007-03-30
申请人： David Durham , Men Long , Prashant Dewan , Karanvir Grewal
发明人： David Durham , Men Long , Prashant Dewan , Karanvir Grewal
IPC分类号： H04L9/00
CPC分类号： H04L9/0866 , H04L63/062 , H04L2463/061
摘要： Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. The key may be derived using a cryptographic one way function and a client identifier so that end-to-end security may be achieved.
摘要翻译：端到端安全性和流量可见性可以由使用控制器的系统来实现，所述控制器基于在每个数据分组中传送的导出密钥和客户端标识符来导出每个客户端不同的密码密钥。控制器将派生密钥分发到信息技术监控设备和服务器，以提供流量可视性。可以使用密码单向函数和客户端标识来导出密钥，使得可以实现端到端的安全性。

28. 发明申请

US20190342093A1 CONVERGED CRYPTOGRAPHIC ENGINE 审中-公开
公开(公告)号：US20190342093A1
公开(公告)日：2019-11-07
申请号：US16457909
申请日：2019-06-28
申请人： Siddhartha Chhabra , Prashant Dewan
发明人： Siddhartha Chhabra , Prashant Dewan
IPC分类号： H04L9/08 , G06F21/60
摘要： An apparatus of a computing system, a computer-readable medium, a method and a system. The apparatus comprises one or more processors that are to communicate with a computing engine of the computing system and to: receive an instruction including information on a cryptographic key; determine whether a no-decrypt mode is to be active or inactive with respect to a read request from the computing engine; when receiving the read request to read content from a memory, and in response to a determination that the no-decrypt mode is inactive, decrypt the content using the key to generate a decrypted content and send the decrypted content to the computing engine; and in response to receiving the read request, and in response to a determination that the no-decrypt mode is active, send the content to the computing engine without decrypting the content.

29. 发明授权

US09189620B2 Protecting a software component using a transition point wrapper 有权
标题翻译：使用转换点包装器保护软件组件
公开(公告)号：US09189620B2
公开(公告)日：2015-11-17
申请号：US12459359
申请日：2009-06-30
申请人： Prashant Dewan , Vedvyas Shanbhogue
发明人： Prashant Dewan , Vedvyas Shanbhogue
IPC分类号： H04L29/06 , G06F21/53 , G06F12/10
CPC分类号： G06F21/53 , G06F12/1009 , G06F12/1027
摘要： Embodiments of apparatuses, articles, methods, and systems for protecting software components using transition point wrappers are generally described herein. In one embodiment, an apparatus includes a first component, a wrapper component, and a management module. The wrapper component is to transform a transition point between the first component and a second component. The management module is to control access to the first component through the transformed transition point. Other embodiments may be described and claimed.
摘要翻译：这里通常描述使用转换点包装器来保护软件组件的装置，物品，方法和系统的实施例。在一个实施例中，装置包括第一部件，包装部件和管理模块。包装部件是转换第一组件和第二组件之间的转换点。管理模块是通过转换的转换点来控制对第一个组件的访问。可以描述和要求保护其他实施例。

30. 发明申请

US20140095870A1 DEVICE, METHOD, AND SYSTEM FOR CONTROLLING ACCESS TO WEB OBJECTS OF A WEBPAGE OR WEB-BROWSER APPLICATION 审中-公开
标题翻译：用于控制访问网页或网络浏览器应用程序的WEB对象的设备，方法和系统
公开(公告)号：US20140095870A1
公开(公告)日：2014-04-03
申请号：US13631419
申请日：2012-09-28
申请人： Prashant Dewan , David M. Durham
发明人： Prashant Dewan , David M. Durham
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： H04L9/3231 , G06F21/32 , H04L9/0866 , H04L63/0428 , H04L63/0861 , H04L67/02 , H04L67/42
摘要： A method and device for securely displaying web content with secure web objects across untrusted channels includes downloading web content from a web server. The web content includes tags that a web browser uses to authenticate the current user and identify encrypted web objects packaged in the web content. The computing device authenticates the current user using a biometric recognition procedure. If the current user is authenticated and determined to be authorized to view the decrypted web object, the encrypted web object is decrypted and displayed to the user. If the user is unauthenticated, the encrypted web object is displayed in place of the encrypted web object such that the decrypted web object is displayed for only authorized persons physically present at the computing device. The biometric recognition procedure and web object decryption processes are protected through secure media path circuitry and secure memory.
摘要翻译：用于在不受信任的频道上安全地显示具有安全web对象的web内容的方法和装置包括从Web服务器下载web内容。网页内容包括网页浏览器用来验证当前用户并识别打包在网页内容中的加密网页对象的标签。计算设备使用生物识别程序认证当前用户。如果当前用户被认证并被确定为被授权以查看解密的web对象，则加密的web对象被解密并显示给用户。如果用户未经身份验证，则加密的web对象被显示代替加密的web对象，使得被解密的web对象被显示给仅在物理存在于计算设备处的授权人员。生物识别程序和web对象解密过程通过安全媒体路径电路和安全存储器进行保护。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式