会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 22. 发明授权
    • Protected storage of core data secrets
    • 保护存储的核心数据秘密
    • US06272631B1
    • 2001-08-07
    • US08884864
    • 1997-06-30
    • Matthew W. ThomlinsonScott FieldAllan Cooper
    • Matthew W. ThomlinsonScott FieldAllan Cooper
    • G11C1100
    • H04L63/0428G06F21/6245G06F2211/007G06F2211/008G06F2221/2149H04L63/06H04L63/08H04L63/12
    • The invention provides central storage for core data secrets, referred to as data items. The architecture includes a storage server, a plurality of installable storage providers, and one or more authentication providers. Programming interfaces are exposed so that application programs can utilize the services provided by the invention without having to actually implement the features. When storing a data item using the protected storage services, an application program can specify rules that determine when to allow access to the data item. Access can, if desired, be limited to the current computer user. Access can similarly be limited to specified application programs or to certain classes of application programs. The storage server authenticates requesting application programs before returning data to them. A default authentication provider authenticates users based on their computer or network logon. A default storage provider allows storage of data items on magnetic media such as a hard disk or a floppy disk. Data items are encrypted before they are stored. The encryption optionally uses a key that is derived from the previous authentication of the user. Specifically, the key is derived from the user's password, supplied during logon. In addition, an application program or the user can specify that certain items require another password that is entered whenever access to the data is requested. The default storage provider implements a multi-level encryption scheme to minimize the amount of encryption that has to be re-done when the user changes a password. Each data item is encrypted using an item key that is generated randomly by the system. The item key is in turn encrypted with a master key that is itself encrypted with a key derived from the user-supplied password (such as the user's logon password).
    • 本发明为核心数据秘密提供了称为数据项的中央存储。 该架构包括存储服务器,多个可安装的存储提供商以及一个或多个认证提供者。 编程接口被公开,使得应用程序可以利用本发明提供的服务,而不必实际实现特征。 当使用受保护的存储服务存储数据项时,应用程序可以指定确定何时允许访问数据项的规则。 如果需要,访问可以限于当前的计算机用户。 访问可以类似地限于指定的应用程序或某些类别的应用程序。 存储服务器在向其发送数据之前对请求的应用程序进行认证。 默认身份验证提供者根据用户的计算机或网络登录信息对用户进行身份验证。 默认存储提供程序允许在磁性介质(如硬盘或软盘)上存储数据项。 数据项在存储之前被加密。 加密可选地使用从先前的用户身份验证导出的密钥。 具体来说,密钥是从登录时提供的用户密码导出的。 此外,应用程序或用户可以指定某些项目需要在请求访问数据时输入的另一个密码。 默认存储提供商实施多级加密方案,以最大限度地减少用户更改密码时必须重新完成的加密数量。 使用系统随机生成的项目密钥对每个数据项进行加密。 项目密钥依次使用主密钥进行加密,该主密钥本身使用从用户提供的密码导出的密钥(例如用户的登录密码)进行加密。
    • 27. 发明授权
    • Integrating security protection tools with computer device integrity and privacy policy
    • 将安全保护工具与计算机设备完整性和隐私政策集成
    • US08117441B2
    • 2012-02-14
    • US11472052
    • 2006-06-20
    • Thekkthalackal Varugis KurienJeffrey B HamblinNarasimha Rao NagampalliPeter T BrundrettScott Field
    • Thekkthalackal Varugis KurienJeffrey B HamblinNarasimha Rao NagampalliPeter T BrundrettScott Field
    • H04L29/00H04L29/06
    • G06F21/50G06F21/51G06F21/53
    • At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
    • 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
    • 30. 发明申请
    • System and method of selectively scanning a file on a computing device for malware
    • 有选择地扫描计算设备上的恶意软件文件的系统和方法
    • US20060218637A1
    • 2006-09-28
    • US11090086
    • 2005-03-24
    • Anil ThomasMichael KramerScott Field
    • Anil ThomasMichael KramerScott Field
    • G06F12/14
    • G06F21/51G06F21/564
    • In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One or more files may be sent from a trusted source to a computing device that implements the present invention. The integrity of the files that originate from a trusted source is validated using a signature-based hashing function. Any modifications made to files stored on the computing device are tracked by a component of the operating system. In instances when the file is not modified after being validated, an aspect of the present invention prevents the file from being scanned for malware when a scanning event is directed to the file. As a result, the performance of the computing device is improved as static files from trusted sources are not repeatedly scanned for malware.
    • 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 一个或多个文件可以从可信源发送到实现本发明的计算设备。 源自可信源的文件的完整性使用基于签名的散列函数进行验证。 对存储在计算设备上的文件的任何修改由操作系统的组件跟踪。 在文件在被验证之后未被修改的情况下,本发明的一个方面防止当扫描事件被引导到该文件时该文件被扫描恶意软件。 因此,由于来自可信源的静态文件不会重复扫描恶意软件,因此计算设备的性能得到改善。