专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明授权

US08701187B2 Runtime integrity chain verification 有权
标题翻译：运行时完整性链验证
公开(公告)号：US08701187B2
公开(公告)日：2014-04-15
申请号：US11729730
申请日：2007-03-29
申请人： Travis T. Schluessler , David Durham , Hormuzd Khosravi
发明人： Travis T. Schluessler , David Durham , Hormuzd Khosravi
IPC分类号： G06F21/00
CPC分类号： G06F13/28
摘要： A runtime integrity check may be implemented for a chain or execution path. When the chain or execution path calls other functions, the correctness of an entity called from the execution path is verified. As a result, attacks by malicious software that attempt to circumvent interrupt handlers can be combated.
摘要翻译：可以为链路或执行路径实现运行时完整性检查。当链或执行路径调用其他函数时，验证从执行路径调用的实体的正确性。因此，可以打击企图规避中断处理程序的恶意软件的攻击。

52. 发明申请

US20100162356A1 Hierarchical Trust Based Posture Reporting and Policy Enforcement 有权
标题翻译：基于层次信任的姿势报告和策略执行
公开(公告)号：US20100162356A1
公开(公告)日：2010-06-24
申请号：US12714979
申请日：2010-03-01
申请人： Hormuzd Khosravi , David Durham , Karanvir Grewal
发明人： Hormuzd Khosravi , David Durham , Karanvir Grewal
IPC分类号： G06F17/30
CPC分类号： H04L63/0227
摘要： A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
摘要翻译：一种方法，其包括从耦合到网络的平台上的访问请求者发起网络访问请求，所述网络访问请求发送到网络的策略决策点。该方法还包括在策略决策点和平台上的策略执行点之间的通信链路上建立安全通信信道。通过另一个通信链路建立另一个安全通信信道。另一个通信链路至少在平台上驻留的策略执行点和可管理引擎之间。可管理性引擎经由另一个安全通信信道转发与访问请求者相关联的姿势信息。然后，姿势信息经由策略执行点和策略决策点之间的安全通信信道被转发到策略决策点。策略决策点基于姿势信息与一个或多个网络管理策略的比较来指示访问请求者可以获得哪些访问到网络。

53. 发明申请

US20070234402A1 Hierarchical trust based posture reporting and policy enforcement 有权
标题翻译：基于层次信任的姿势报告和策略执行
公开(公告)号：US20070234402A1
公开(公告)日：2007-10-04
申请号：US11395504
申请日：2006-03-31
申请人： Hormuzd Khosravi , David Durham , Karanvir Grewal
发明人： Hormuzd Khosravi , David Durham , Karanvir Grewal
IPC分类号： H04L9/32
CPC分类号： H04L63/0227
摘要： A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
摘要翻译：一种方法，其包括从耦合到网络的平台上的访问请求者发起网络访问请求，所述网络访问请求发送到网络的策略决策点。该方法还包括在策略决策点和平台上的策略执行点之间的通信链路上建立安全通信信道。通过另一个通信链路建立另一个安全通信信道。另一个通信链路至少在平台上驻留的策略执行点和可管理引擎之间。可管理性引擎经由另一个安全通信信道转发与访问请求者相关联的姿势信息。然后，姿势信息经由策略执行点和策略决策点之间的安全通信信道被转发到策略决策点。策略决策点基于姿势信息与一个或多个网络管理策略的比较来指示访问请求者可以获得哪些访问到网络。

54. 发明申请

US20100169666A1 METHODS AND SYSTEMS TO DIRECLTY RENDER AN IMAGE AND CORRELATE CORRESPONDING USER INPUT IN A SECUIRE MEMORY DOMAIN 有权
标题翻译：方法和系统直接渲染图像和相关的用户输入在一个SECUIRE记忆体域
公开(公告)号：US20100169666A1
公开(公告)日：2010-07-01
申请号：US12347576
申请日：2008-12-31
申请人： Prashant Dewan , David Durham
发明人： Prashant Dewan , David Durham
IPC分类号： G06F12/14 , G06F3/048 , H04L9/32 , G06F12/10
CPC分类号： G06F21/36
摘要： Methods and systems to assign an application and a video frame buffer to a protected memory domain to render an image of a keyboard from the protected memory domain to a random position of the video frame buffer and correlate user input from a pointing device to the rendered keyboard image. The keyboard image may be randomly repositioned following a user input. The keyboard image may be rendered over a secure user image. An acknowledgment image may be rendered from the protected memory domain to a random position of the video frame buffer, and may be randomly repositioned in response to a user input that does not correlate to the acknowledgment image. User inputs that do not correlate to a randomly positioned image may be counted, and one or more processes may be aborted when the number of non-correlated user inputs exceeds a threshold.
摘要翻译：将应用程序和视频帧缓冲区分配给受保护的存储器域以将键盘的图像从受保护的存储器域呈现到视频帧缓冲器的随机位置并将来自指示设备的用户输入与所渲染的键盘相关联的方法和系统图片。键盘图像可以在用户输入之后被随机重新定位。键盘图像可以通过安全的用户图像呈现。确认图像可以从受保护的存储器域呈现到视频帧缓冲器的随机位置，并且可以响应于与确认图像不相关的用户输入而被随机地重新定位。可以计数与随机定位的图像不相关的用户输入，并且当非相关用户输入的数量超过阈值时，可以中止一个或多个进程。

55. 发明申请

US20130298120A1 Copy Equivalent Protection Using Secure Page Flipping For Software Components Within An Execution Environment 有权
标题翻译：在执行环境中使用安全页面翻转软件组件复制等效保护
公开(公告)号：US20130298120A1
公开(公告)日：2013-11-07
申请号：US13860912
申请日：2013-04-11
申请人： David Durham , Prashant Dewan
发明人： David Durham , Prashant Dewan
IPC分类号： G06F9/455
CPC分类号： G06F9/455 , G06F12/145 , G06F12/1491
摘要： Embodiments of copy equivalent protection using secure page flipping for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor (VMM), Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. In an embodiment, an embedded VM is allowed to directly manipulate page table mappings so that, even without running the VMM or obtaining VMXRoot privilege, the embedded VM can directly flip pages of memory into its direct/exclusive control and back. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述使用执行环境中的软件组件的安全页面翻转的复制等效保护的实施例。一个实施例包括虚拟机监视器（VMM），操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证，授权和验证的软件组件进行访问的存储区域，即使在其他方面受到损害的操作系统环境。在一个实施例中，嵌入式VM被允许直接操纵页表映射，使得即使没有运行VMM或获得VMXRoot特权，嵌入式VM也可以将存储器的页面直接翻转为其直接/排他控制和返回。可以描述和要求保护其他实施例。

56. 发明授权

US08364601B2 Methods and systems to directly render an image and correlate corresponding user input in a secure memory domain 有权
标题翻译：直接呈现图像并将相应的用户输入关联到安全存储器域中的方法和系统
公开(公告)号：US08364601B2
公开(公告)日：2013-01-29
申请号：US12347576
申请日：2008-12-31
申请人： Prashant Dewan , David Durham
发明人： Prashant Dewan , David Durham
IPC分类号： G06F7/04 , G06F17/30 , H04N7/16
CPC分类号： G06F21/36
摘要： Methods and systems to assign an application and a video frame buffer to a protected memory domain to render an image of a keyboard from the protected memory domain to a random position of the video frame buffer and correlate user input from a pointing device to the rendered keyboard image. The keyboard image may be randomly repositioned following a user input. The keyboard image may be rendered over a secure user image. An acknowledgment image may be rendered from the protected memory domain to a random position of the video frame buffer, and may be randomly repositioned in response to a user input that does not correlate to the acknowledgment image. User inputs that do not correlate to a randomly positioned image may be counted, and one or more processes may be aborted when the number of non-correlated user inputs exceeds a threshold.
摘要翻译：将应用程序和视频帧缓冲区分配给受保护的存储器域以将键盘的图像从受保护的存储器域呈现到视频帧缓冲器的随机位置并将来自指示设备的用户输入与所渲染的键盘相关联的方法和系统图片。键盘图像可以在用户输入之后被随机重新定位。键盘图像可以通过安全的用户图像呈现。确认图像可以从受保护的存储器域呈现到视频帧缓冲器的随机位置，并且可以响应于与确认图像不相关的用户输入而被随机地重新定位。可以计数与随机定位的图像不相关的用户输入，并且当非相关用户输入的数量超过阈值时，可以中止一个或多个进程。

57. 发明授权

US08423747B2 Copy equivalent protection using secure page flipping for software components within an execution environment 有权
标题翻译：使用执行环境中软件组件的安全页面翻转复制等效保护
公开(公告)号：US08423747B2
公开(公告)日：2013-04-16
申请号：US12164489
申请日：2008-06-30
申请人： David Durham , Prashant Dewan
发明人： David Durham , Prashant Dewan
IPC分类号： G06F12/00
CPC分类号： G06F9/455 , G06F12/145 , G06F12/1491
摘要： Embodiments of copy equivalent protection using secure page flipping for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor (VMM), Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. In an embodiment, an embedded VM is allowed to directly manipulate page table mappings so that, even without running the VMM or obtaining VMXRoot privilege, the embedded VM can directly flip pages of memory into its direct/exclusive control and back. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述使用执行环境中的软件组件的安全页面翻转的复制等效保护的实施例。一个实施例包括虚拟机监视器（VMM），操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证，授权和验证的软件组件进行访问的存储区域，即使在其他方面受到损害的操作系统环境的一部分。在一个实施例中，嵌入式VM被允许直接操纵页表映射，使得即使没有运行VMM或获得VMXRoot特权，嵌入式VM也可以将存储器的页面直接翻转为其直接/排他控制和返回。可以描述和要求保护其他实施例。

58. 发明申请

US20090327575A1 COPY EQUIVALENT PROTECTION USING SECURE PAGE FLIPPING FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
标题翻译：使用执行环境中软件组件的安全页面转移的复制等效保护
公开(公告)号：US20090327575A1
公开(公告)日：2009-12-31
申请号：US12164489
申请日：2008-06-30
申请人： David Durham , Prashant Dewan
发明人： David Durham , Prashant Dewan
IPC分类号： G06F12/08
CPC分类号： G06F9/455 , G06F12/145 , G06F12/1491
摘要： Embodiments of copy equivalent protection using secure page flipping for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor (VMM), Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. In an embodiment, an embedded VM is allowed to directly manipulate page table mappings so that, even without running the VMM or obtaining VMXRoot privilege, the embedded VM can directly flip pages of memory into its direct/exclusive control and back. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述使用执行环境中的软件组件的安全页面翻转的复制等效保护的实施例。一个实施例包括虚拟机监视器（VMM），操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证，授权和验证的软件组件进行访问的存储区域，即使在其他方面受到损害的操作系统环境的一部分。在一个实施例中，嵌入式VM被允许直接操纵页表映射，使得即使没有运行VMM或获得VMXRoot特权，嵌入式VM也可以将存储器的页面直接翻转为其直接/排他控制和返回。可以描述和要求保护其他实施例。

59. 发明授权

US08671439B2 Techniques for authenticated posture reporting and associated enforcement of network access 有权
标题翻译：用于认证状态报告和网络访问相关实施的技术
公开(公告)号：US08671439B2
公开(公告)日：2014-03-11
申请号：US12460736
申请日：2009-07-23
申请人： David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人： David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号： G06F21/00
CPC分类号： H04L63/10 , G06F2221/2141 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/0209 , H04L63/08 , H04L63/20
摘要： Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
摘要翻译：允许固件代理在主机平台上作为防篡改代理操作的体系结构和技术，可在主机平台上用作受信任的策略执行点（PEP），即使主机操作系统受到威胁也可执行策略。 PEP可用于在主机平台上打开访问控制和/或修复通道。固件代理还可以根据授权的企业PDP实体在主机平台上作为本地策略决策点（PDP），通过在主机信任代理不响应时提供策略，并且当主机信任时可以用作被动代理代理功能。

60. 发明授权

US08584204B2 Techniques for authenticated posture reporting and associated enforcement of network access 有权
公开(公告)号：US08584204B2
公开(公告)日：2013-11-12
申请号：US12460736
申请日：2009-07-23
申请人： David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人： David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号： G06F21/00
摘要： Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式