专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明申请

US20090328164A1 Method and system for a platform-based trust verifying service for multi-party verification 有权
标题翻译：用于多方验证的基于平台的信任验证服务的方法和系统
公开(公告)号：US20090328164A1
公开(公告)日：2009-12-31
申请号：US12215907
申请日：2008-06-30
申请人： Divya Naidu Sunder , Hormuzd Khosravi , David Durham , Dan Dahle , Prashant Dewan
发明人： Divya Naidu Sunder , Hormuzd Khosravi , David Durham , Dan Dahle , Prashant Dewan
IPC分类号： G06F7/58
CPC分类号： H04L63/126 , G06F21/31 , G06F21/57 , G06F21/577 , G06F2221/2129 , H04L63/0823 , H04L63/123
摘要： A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider. If the integrity manifest comparison indicates that the client platform posture is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised.
摘要翻译：一种用于多方验证的基于平台的信任验证服务的方法和系统。在一个实施例中，该方法包括通过网络访问服务提供商的客户端平台。在访问服务提供商时，客户机平台从服务提供商接收用于平台测量和验证的请求。客户端平台收集平台信息并执行测量和验证，包括执行完整性清单比较。如果完整性清单比较表示良好的客户端平台姿态，则客户端平台签署客户端平台姿态，并向服务提供商发送一个批准通知，指示客户端平台尚未被泄露。然后，客户端平台可以接收服务提供商的服务。如果完整性清单比较表明客户端平台姿势不好，那么客户端平台将向服务提供商发送一个失败通知，指示客户端平台已被破坏。

42. 发明申请

US20090249481A1 BOTNET SPAM DETECTION AND FILTRATION ON THE SOURCE MACHINE 有权
标题翻译： BOTNET垃圾邮件检测和过滤在源机上
公开(公告)号：US20090249481A1
公开(公告)日：2009-10-01
申请号：US12059877
申请日：2008-03-31
申请人： Men Long , David Durham , Hormuzd Khosravi
发明人： Men Long , David Durham , Hormuzd Khosravi
IPC分类号： G06F21/00
CPC分类号： G06F21/566 , G06F21/50 , G06F21/56 , H04L51/12 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L2463/144
摘要： A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value.
摘要翻译：公开了一种方法和装置。在一个实施例中，该方法包括确定尝试从第一计算机系统发送的分组具有可能包含垃圾邮件的人类通信消息的至少一部分。该方法然后当分组内的时间戳中的第一时间值与耦合到第一计算机系统的人类输入设备的最新活动的第二时间值之间的时间差与阈值时间差值。如果垃圾邮件计数器超出垃圾邮件出站阈值，该方法也不允许将数据包发送到远程位置。

43. 发明申请

US20080002724A1 Method and apparatus for multiple generic exclusion offsets for security protocols 审中-公开
标题翻译：用于安全协议的多个通用排除偏移的方法和装置
公开(公告)号：US20080002724A1
公开(公告)日：2008-01-03
申请号：US11479157
申请日：2006-06-30
申请人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号： H04L12/56
CPC分类号： H04L63/0428 , H04L63/104 , H04L63/164 , H04L69/22
摘要： A method and apparatus to define multiple zones in a data packet for exclusion from processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations from which the zone is protected.
摘要翻译：一种在数据分组中定义多个区域以便通过安全协议的安全操作排除在处理之外的方法和装置。在一个实施例中，每个定义的区域具有相关的安全操作列表，从该区域被保护。

44. 发明申请

US20100162356A1 Hierarchical Trust Based Posture Reporting and Policy Enforcement 有权
标题翻译：基于层次信任的姿势报告和策略执行
公开(公告)号：US20100162356A1
公开(公告)日：2010-06-24
申请号：US12714979
申请日：2010-03-01
申请人： Hormuzd Khosravi , David Durham , Karanvir Grewal
发明人： Hormuzd Khosravi , David Durham , Karanvir Grewal
IPC分类号： G06F17/30
CPC分类号： H04L63/0227
摘要： A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
摘要翻译：一种方法，其包括从耦合到网络的平台上的访问请求者发起网络访问请求，所述网络访问请求发送到网络的策略决策点。该方法还包括在策略决策点和平台上的策略执行点之间的通信链路上建立安全通信信道。通过另一个通信链路建立另一个安全通信信道。另一个通信链路至少在平台上驻留的策略执行点和可管理引擎之间。可管理性引擎经由另一个安全通信信道转发与访问请求者相关联的姿势信息。然后，姿势信息经由策略执行点和策略决策点之间的安全通信信道被转发到策略决策点。策略决策点基于姿势信息与一个或多个网络管理策略的比较来指示访问请求者可以获得哪些访问到网络。

45. 发明申请

US20080022129A1 SECURE PLATFORM VOUCHER SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
标题翻译：执行环境中软件组件的安全平台提供服务
公开(公告)号：US20080022129A1
公开(公告)日：2008-01-24
申请号：US11864573
申请日：2007-09-28
申请人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
发明人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32
CPC分类号： G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要： Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise comprised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述用于执行环境中的软件组件的安全平台凭单服务的装置，物品，方法和系统的实施例。一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证的，授权的和已验证的软件组件进行访问的存储器区域，即使在另外包含的操作系统环境的一部分。配置远程实体或网关只需要知道平台的公钥或证书层次结构，以便接收平台中任何组件的验证证明。验证证明或凭证有助于向远程实体确保在平台或网络上运行的中间人，rootkit，间谍软件或其他恶意软件将无法访问所提供的资料。代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。可以描述和要求保护其他实施例。

46. 发明授权

US08489686B2 Method and apparatus allowing scan of data storage device from remote server 有权
标题翻译：允许从远程服务器扫描数据存储设备的方法和装置
公开(公告)号：US08489686B2
公开(公告)日：2013-07-16
申请号：US12785131
申请日：2010-05-21
申请人： Hormuzd Khosravi , David Durham , David A. Edwards , Venkat R. Gokulrangan , Men Long , Yasser Rasheed
发明人： Hormuzd Khosravi , David Durham , David A. Edwards , Venkat R. Gokulrangan , Men Long , Yasser Rasheed
IPC分类号： G06F15/16
CPC分类号： G06F21/57 , G06F21/56
摘要： A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value.
摘要翻译：公开了允许从远程服务器扫描数据存储设备的方法和设备。在一些实施例中，计算设备可以包括带外（OOB），其被配置为在第一时间对存储在数据存储设备的一个或多个扇区中的数据计算第一散列值; 接收使用通信电路的请求，以在第二时间之后的第二时间第二时间发送存储在数据存储装置的一个或多个扇区中的数据的一部分的请求; 在第二次计算存储在数据存储设备的一个或多个扇区中的数据的第二哈希值; 并且仅当所述第二散列值与所述第一散列值不匹配时，才使用所述通信电路来发送所请求的数据部分。

47. 发明申请

US20090038017A1 SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
标题翻译：执行环境中软件组件的安全维护服务
公开(公告)号：US20090038017A1
公开(公告)日：2009-02-05
申请号：US11833073
申请日：2007-08-02
申请人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
发明人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
IPC分类号： H04L9/32 , G06F12/14
CPC分类号： G06F21/6209 , G06F12/1408 , G06F12/1466 , G06F12/1475 , G06F21/52 , G06F21/53
摘要： Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置，物品，方法和系统的实施例。一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制存储器区域，以便仅通过特定认证的，授权的和已验证的软件组件进行访问，即使在其他受损的操作系统环境的一部分。代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。可以描述和要求保护其他实施例。

48. 发明申请

US20070234402A1 Hierarchical trust based posture reporting and policy enforcement 有权
标题翻译：基于层次信任的姿势报告和策略执行
公开(公告)号：US20070234402A1
公开(公告)日：2007-10-04
申请号：US11395504
申请日：2006-03-31
申请人： Hormuzd Khosravi , David Durham , Karanvir Grewal
发明人： Hormuzd Khosravi , David Durham , Karanvir Grewal
IPC分类号： H04L9/32
CPC分类号： H04L63/0227
摘要： A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
摘要翻译：一种方法，其包括从耦合到网络的平台上的访问请求者发起网络访问请求，所述网络访问请求发送到网络的策略决策点。该方法还包括在策略决策点和平台上的策略执行点之间的通信链路上建立安全通信信道。通过另一个通信链路建立另一个安全通信信道。另一个通信链路至少在平台上驻留的策略执行点和可管理引擎之间。可管理性引擎经由另一个安全通信信道转发与访问请求者相关联的姿势信息。然后，姿势信息经由策略执行点和策略决策点之间的安全通信信道被转发到策略决策点。策略决策点基于姿势信息与一个或多个网络管理策略的比较来指示访问请求者可以获得哪些访问到网络。

49. 发明授权

US08826035B2 Cumulative integrity check value (ICV) processor based memory content protection 有权
标题翻译：累积完整性检查值（ICV）处理器内存保护
公开(公告)号：US08826035B2
公开(公告)日：2014-09-02
申请号：US12646028
申请日：2009-12-23
申请人： David Durham , Men Long , Uday Savagaonkar
发明人： David Durham , Men Long , Uday Savagaonkar
IPC分类号： G06F21/00
CPC分类号： G06F21/79 , G06F21/72
摘要： In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.
摘要翻译：通常，在一个方面，本公开描述了包括密码引擎和第一和第二寄存器的过程。加密引擎是对要写入存储器的数据进行加密，解密从存储器读取的数据，生成读取完整性检查值（ICV），并为存储器访问写入ICV。密码引擎还通过分别用当前读取的MAC和当前的写入ICV异或生成的读取ICV和产生的写ICV来创建累积读取ICV和累积写入ICV，并通过比较累积读取ICV和累积写ICV。第一和第二寄存器分别在处理器处存储累积读和写ICV。描述和要求保护其他实施例。

50. 发明申请

US20120096270A1 END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY 审中-公开
标题翻译：具有交通可见性的端到端网络安全
公开(公告)号：US20120096270A1
公开(公告)日：2012-04-19
申请号：US13337919
申请日：2011-12-27
申请人： Men Long , Jesse Walker , David Durham , Marc Millier , Karavir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
发明人： Men Long , Jesse Walker , David Durham , Marc Millier , Karavir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
IPC分类号： H04L9/32
CPC分类号： H04L63/0428 , H04L9/0631 , H04L9/3242 , H04L63/08 , H04L63/1466 , H04L63/168 , H04L2209/12 , H04L2209/38
摘要： End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.
摘要翻译：公开了客户机与服务器之间的端到端安全性，以及通过组合模式，单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。在各种实施例中，组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元，并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签，其中认证和加密密钥具有不同的密钥值。在各种实施例中，密码单元以AES计数器模式运行，并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能，同时允许中间设备访问用于解密数据的加密密钥，而不提供该设备损害数据完整性的能力，这在端到端设备之间保留。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式