专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20060253705A1 Systems and methods for determining if applications executing on a computer system are trusted 有权
标题翻译：用于确定在计算机系统上执行的应用程序是否被信任的系统和方法
公开(公告)号：US20060253705A1
公开(公告)日：2006-11-09
申请号：US11123778
申请日：2005-05-06
申请人： Paul Roberts , Laura Benofsky , William Holt , Leslie Johnson , Bryan Willman , Madeline Bryant
发明人： Paul Roberts , Laura Benofsky , William Holt , Leslie Johnson , Bryan Willman , Madeline Bryant
IPC分类号： H04L9/00
CPC分类号： G06F21/52 , G06F21/445 , G06F21/6209
摘要： Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is “spoofed” to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.
摘要翻译：可以保护对认证图像的访问，使得只有经过身份验证的进程才能访问图像。可以显示图像以向用户验证用户界面（UI）。图像表示UI可以被信任。如果图像不显示，那么应用程序UI可能会“欺骗”欺骗用户提供敏感信息。另外，可以使用大量不同的图像作为认证图像，因此欺骗一个图像被大多数用户识别。可以提供一组原始图像以及可以产生大量变化的图像修改处理。提供了用于在虚拟机上下文中验证UI的技术。还提供了一个安全的关注序列，允许用户测试在计算机上运行的进程是否进行身份验证。

22. 发明申请

US20050257048A1 Fire locker and mechanisms for providing and using same 有权
标题翻译：消防柜和提供和使用相同的机构
公开(公告)号：US20050257048A1
公开(公告)日：2005-11-17
申请号：US10831596
申请日：2004-04-23
申请人： Bryan Willman
发明人： Bryan Willman
IPC分类号： G06F21/24 , G06F21/00 , G06F21/20 , H04L9/00
CPC分类号： G06F21/6218
摘要： A file locker manages the storage and use of protected data for software objects. A protected environment maintains the cryptographic and isolative infrastructure to support sealing of data items for use by a trusted agent. The file locker uses the protected environment's sealing functionality to seal data items for the file locker's exclusive access. The file locker seals, to itself, files received from software objects, and provides those files upon request, and upon sufficient proof of the requestor's trustworthiness, authenticity, and/or identity. The file locker may be used to extend the protected environment's sealing functionality to legacy applications, without the legacy applications having to implement agents that can run in the protected environment and access the sealing functionality directly.
摘要翻译：文件储存器管理软件对象的保护数据的存储和使用。受保护的环境维护密码和隔离基础架构，以支持数据项的密封以供受信任代理使用。文件储物柜使用受保护环境的密封功能来密封文件柜的独占访问的数据项。档案储物柜本身封装从软件对象收到的文件，并根据要求提供这些文件，并在充分证明请求者的可信赖性，真实性和/或身份证明之后。文件柜可用于将受保护环境的密封功能扩展到传统应用程序，而传统应用程序不得不实施可在受保护环境中运行并可直接访问密封功能的代理。

23. 发明申请

US20050091486A1 Providing a graphical user interface in a system with a high-assurance execution environment 有权
标题翻译：在具有高保证执行环境的系统中提供图形用户界面
公开(公告)号：US20050091486A1
公开(公告)日：2005-04-28
申请号：US10691759
申请日：2003-10-23
申请人： Idan Avraham , Christine Chew , Paul Roberts , Bryan Willman
发明人： Idan Avraham , Christine Chew , Paul Roberts , Bryan Willman
IPC分类号： G06F21/24 , G06F1/00 , G06F3/00 , G06F3/048 , G06F3/14 , G06F9/06 , G06F9/455 , G06F9/46 , G06F12/14 , G06F13/00 , G06F21/00 , G09G5/14 , H04L9/00
CPC分类号： G06F21/84
摘要： Techniques are disclosed to provide security for graphical user interface elements being displayed in a system in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Graphical user interface elements associated with the high-assurance operating system are prevented from being obscured and from any partial transparency. Additionally, a piece of secret information is stored which can be displayed upon command by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the display of all graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system, as opposed to impostor elements which are not. Where a windowing system is used, public title information is furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window is used only in the high assurance operating system.
摘要翻译：公开了技术来提供在系统中显示的图形用户界面元素的安全性，其中第一主机操作系统与第二高保证操作系统一起使用，其中第一系统为第二系统提供至少一些基础设施系统。与高保证操作系统相关联的图形用户界面元素被防止被遮蔽并且不受任何部分透明度的影响。此外，存储一个秘密信息，该秘密信息可以根据与高保证操作系统相关联的图形用户界面元素的命令显示。与高保证操作系统相关联的所有图形用户界面元素的显示的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素，而不是冒号元素。在使用窗口系统的情况下，将主题信息提供给主机操作系统窗口系统，以识别在高保证操作系统上运行的进程所拥有的窗口。与同一窗口相关联的私有标题信息仅在高保证操作系统中使用。

24. 发明申请

US20060158690A1 Code and thread differential addressing via multiplex page maps 有权
标题翻译：通过复用页面映射的代码和线程差分寻址
公开(公告)号：US20060158690A1
公开(公告)日：2006-07-20
申请号：US11320499
申请日：2005-12-27
申请人： Bryan Willman
发明人： Bryan Willman
IPC分类号： G06K15/00
CPC分类号： G06F12/145 , G06F9/468 , G06F12/0284 , G06F12/1491
摘要： Described is a system and method whereby processes may have multiple memory maps associated therewith to provide curtained memory and overcome other memory-related problems. Multiple maps are used to restrict memory access of existing code such as drivers, without changing that code, and without changing existing microprocessors. A thread of a process is associated with one memory map at a time, which by mapping to different memory locations, provides memory isolation without requiring a process switch. Memory isolation may be combined with controlled, closed memory map switching performed only by trusted code, to ensure that some protected memory is inaccessible to all but the trusted code (curtained memory). For example, the threads of the process may ordinarily run at one privilege level with a restricted map, with map switching is only allowed at a higher privilege level. As the threads run through code, the map may be appropriately changed on entering and leaving the trusted code, thus controlling what memory addresses are accessible based on what code is currently being executed. Map switching among multiple maps eliminates the need to change a process in order to access different memory, thereby allowing expanded memory addressing in a single process and isolating untrusted code run in process from certain memory of that process.
摘要翻译：描述了一种系统和方法，其中过程可以具有与其相关联的多个存储器映射，以提供窗帘存储器并克服其他存储器相关问题。多个地图用于限制现有代码（如驱动程序）的内存访问，而不需要更改代码，而不需要更改现有的微处理器。过程的线程一次与一个存储器映射相关联，通过映射到不同的存储器位置，提供存储器隔离，而不需要过程切换。内存隔离可以与仅由可信代码执行的受控的，闭合的存储器映射切换组合，以确保除了可信代码（窗帘存储器）之外的所有受保护的存储器都不可访问。例如，进程的线程通常可以在具有受限映射的一个特权级别上运行，只有在较高权限级别才可以进行映射切换。当线程运行代码时，可以在进入和离开可信代码时适当地改变映射，从而基于当前正在执行的代码来控制什么存储器地址可被访问。多个映射之间的映射切换消除了改变进程以访问不同内存的需要，从而允许在单个进程中扩展内存寻址，并且将进程中的不受信任的代码与该进程的某些内存隔离开来。

25. 发明申请

US20060075264A1 Security state watcher 有权
公开(公告)号：US20060075264A1
公开(公告)日：2006-04-06
申请号：US10954917
申请日：2004-09-30
申请人： Bryan Willman , Christine Chew , Paul Roberts , David Wooten , John Paff
发明人： Bryan Willman , Christine Chew , Paul Roberts , David Wooten , John Paff
IPC分类号： G06F12/14
CPC分类号： G06F21/577 , Y10S257/922
摘要： A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret. Where there is more than one element of secure functionality in the computer system, the security device may separately watch and report on more than one element of secure functionality. The security device may also display status information regarding the computer system. Some or all of the security device may be distributed via a trusted distribution infrastructure.

26. 发明申请

US20050172335A1 System and method for assigning quality to cryptographic identities used in a digital transaction 有权
标题翻译：用于将质量分配给数字交易中使用的加密身份的系统和方法
公开(公告)号：US20050172335A1
公开(公告)日：2005-08-04
申请号：US10769314
申请日：2004-01-30
申请人： Michael Aday , Bryan Willman
发明人： Michael Aday , Bryan Willman
IPC分类号： G07F7/08 , H04K1/00
CPC分类号： H04L63/0823 , G06F21/33 , G06F21/64 , G06Q20/38215 , G06Q20/4016 , G06Q20/4037 , G07F7/08
摘要： A method of assessing risk in an electronic transaction involves assignment of quality attributes to cryptographic identities presented in a digital transaction. The quality assignment supports assessment of risk in the transaction. The evaluation of risk in the transaction is made by assessing machine readable attributes of the digital identities along with transaction details. The digital identity attributes may be constructed using extensions of existing standards. A guarantee against risk of loss may be obtained by procuring insurance on the transaction before execution. Third party insurers may analyze the risk of loss in a transaction by assessing the attributes of digital identities along with transaction details and may provide a requestor with an insurance premium quote. Based on the value of the quote, the transaction participants may decide whether or not to execute the transaction.
摘要翻译：在电子交易中评估风险的方法涉及将质量属性分配给数字交易中呈现的加密身份。质量分配支持交易风险评估。通过评估数字身份的机器可读属性以及交易细节来进行交易中的风险评估。可以使用现有标准的扩展来构建数字身份属性。在执行前通过采购交易保险可以获得损失风险的保证。第三方保险公司可以通过评估数字身份的属性以及交易细节来分析交易中的损失风险，并可向请求方提供保险费报价。根据报价的价值，交易参与者可以决定是否执行交易。

27. 发明授权

US5684993A Segregation of thread-specific information from shared task information 失效
标题翻译：来自共享任务信息的线程特定信息的分离
公开(公告)号：US5684993A
公开(公告)日：1997-11-04
申请号：US632750
申请日：1996-04-16
申请人： Bryan Willman
发明人： Bryan Willman
IPC分类号： G06F9/46 , G06F9/48 , G06F13/00
CPC分类号： G06F9/4843 , G06F9/544
摘要： A multi-processor system includes memory and at least two central processing units (CPUs) that may execute different threads of computation of a same task at the same time. CPU-specific data is segregated from shared task information of different threads of computation of the task. In particular, the shared task information is placed in memory locations of the memory that are directly addressable by both CPUs, and CPU-specific data are placed in memory locations that are directly addressable by only the associated CPU. No additional hardware is needed, and the memory and run-time costs of the invention are miniscule.
摘要翻译：多处理器系统包括可同时执行相同任务的不同计算线程的存储器和至少两个中央处理单元（CPU）。 CPU特定数据与任务计算的不同线程的共享任务信息分离。特别地，共享任务信息被放置在可由两个CPU直接寻址的存储器的存储器位置中，并且CPU特定的数据被放置在仅由关联的CPU直接寻址的存储单元中。不需要额外的硬件，并且本发明的存储器和运行时成本是微不足道的。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式