专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明授权

US07890771B2 Saving and retrieving data based on public key encryption 有权
标题翻译：基于公钥加密保存和检索数据
公开(公告)号：US07890771B2
公开(公告)日：2011-02-15
申请号：US10407117
申请日：2003-04-04
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： G06F11/30
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.
摘要翻译：根据某些方面，从呼叫程序接收数据。使用公钥加密来生成包含数据的密文，只允许一个或多个目标程序能够从密文获得数据。根据另一方面，从调用程序接收位串。检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。数据使用公开密钥解密解密，只有在允许调用程序访问数据的情况下才能返回到调用程序。

52. 发明授权

US07836299B2 Virtualization of software configuration registers of the TPM cryptographic processor 有权
标题翻译：虚拟化TPM加密处理器的软件配置寄存器
公开(公告)号：US07836299B2
公开(公告)日：2010-11-16
申请号：US11080906
申请日：2005-03-15
申请人： Paul England , Matthew C. Setzer
发明人： Paul England , Matthew C. Setzer
IPC分类号： H04L29/06 , G06F11/30
CPC分类号： G06F21/57
摘要： A virtual PCR (VPCR) construct is provided that can be cryptographically tagged as optionally resettable or as enduring for the life of a client (process, virtual machine, and the like) and that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform Module (TPM). The VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in number and may be given general names (UUIDs) that are less likely to collide. The VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. The VPCRs thus enable all software using the TPM to be given access to TPM functionality (sealing, quoting, etc.) without security concerns.
摘要翻译：提供虚拟PCR（VPCR）构造，其可以被加密地标记为可选择地重置或在客户端（过程，虚拟机等）的寿命中持久，并且可以将其加载到可重置的硬件PCR中以利用可信平台模块（TPM）的功能。 VPCR可以加密地反映其存储值的特性（可重置或不可复位）。此外，由于PCR被虚拟化，它们（有效地）数量无限制，并且可以被给予不太可能发生冲突的通用名称（UUID）。 VPCR可以根据需要加载到物理PCR中，但可以阻止一块软件冒充另一块软件。因此，VPCR可以使所有使用TPM的软件都能够获得TPM功能（密封，引用等），而无需安全考虑。

53. 发明授权

US07797544B2 Attesting to establish trust between computer entities 有权
标题翻译：证明在计算机实体之间建立信任
公开(公告)号：US07797544B2
公开(公告)日：2010-09-14
申请号：US10734028
申请日：2003-12-11
申请人： Blair B. Dillaway , Paul England , Marcus Peinado
发明人： Blair B. Dillaway , Paul England , Marcus Peinado
IPC分类号： H04L9/32
CPC分类号： H04L9/0825 , H04L9/3226 , H04L9/3247 , H04L9/3265 , H04L2209/56
摘要： To establish trust between first and second entities, the first entity sends an attestation message to the second entity, including a code ID, relevant data, a digital signature based on the code ID and data, and a certificate chain. The second entity verifies the signature and decides whether to in fact enter into a trust-based relationship with the first entity based on the code ID and the data in the attestation message. Upon so deciding, the second entity sends a trust message to the first entity, including a secret to be shared between the first and second entities. The first entity obtains the shared secret in the trust message and employs the shared secret to exchange information with the second entity.
摘要翻译：为了在第一和第二实体之间建立信任，第一实体向第二实体发送认证消息，包括代码ID，相关数据，基于代码ID和数据的数字签名以及证书链。第二实体验证签名，并且基于代码ID和认证消息中的数据来确定是否实际上与第一实体进行基于信任的关系。在这样确定的情况下，第二实体向第一实体发送信任消息，包括要在第一和第二实体之间共享的秘密。第一实体获取信任消息中的共享密钥，并使用共享密钥与第二实体交换信息。

54. 发明授权

US07765397B2 Generating, migrating or exporting bound keys 失效
标题翻译：生成，迁移或导出绑定键
公开(公告)号：US07765397B2
公开(公告)日：2010-07-27
申请号：US11557581
申请日：2006-11-08
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： H04L29/06
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.
摘要翻译：根据某些方面，从呼叫程序接收数据。使用公钥加密来生成包含数据的密文，只允许一个或多个目标程序能够从密文获得数据。根据另一方面，从调用程序接收位串。检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。数据使用公开密钥解密解密，只有在允许调用程序访问数据的情况下才能返回到调用程序。

55. 发明授权

US07650478B2 Using limits on address translation to control access to an addressable entity 有权
标题翻译：使用地址转换限制来控制对可寻址实体的访问
公开(公告)号：US07650478B2
公开(公告)日：2010-01-19
申请号：US11299083
申请日：2005-12-09
申请人： Marcus Peinado , Paul England , Bryan Mark Willman
发明人： Marcus Peinado , Paul England , Bryan Mark Willman
IPC分类号： G06F12/00
CPC分类号： G06F12/145
摘要： A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.
摘要翻译：数据存储资源可以通过物理地址和可选的虚拟地址来识别。策略定义哪些资源是可访问的，哪些资源不可访问。如果策略允许对资源的访问，则允许访问资源的请求，并且如果执行访问不会导致将虚拟地址分配给策略不允许访问的资源。由于不允许访问的资源没有虚拟地址，因此可以允许在不咨询策略的情况下识别虚拟地址的资源的某些类型的访问请求。

56. 发明授权

US07634661B2 Manifest-based trusted agent management in a trusted operating system environment 有权
标题翻译：在受信任的操作系统环境中进行基于清单的可信代理管理
公开(公告)号：US07634661B2
公开(公告)日：2009-12-15
申请号：US11206585
申请日：2005-08-18
申请人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号： G06F12/14 , H04L9/32 , H04L29/06
CPC分类号： G06F21/54 , G06F21/53 , G06F21/57
摘要： Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
摘要翻译：在受信任的操作系统环境中的基于清单的可信代理管理包括接收接收到的执行进程的请求，并为进程设置虚拟内存空间。此外，访问对应于进程的清单，并且可以基于二进制文件中包括在清单中的指示符限制在虚拟存储器空间中执行多个二进制文件中的哪一个。

57. 发明授权

US07577840B2 Transferring application secrets in a trusted operating system environment 有权
公开(公告)号：US07577840B2
公开(公告)日：2009-08-18
申请号：US11068007
申请日：2005-02-28
申请人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/606
摘要： Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

58. 发明授权

US07529946B2 Enabling bits sealed to an enforceably-isolated environment 有权
标题翻译：使密封到可强制隔离环境的位
公开(公告)号：US07529946B2
公开(公告)日：2009-05-05
申请号：US11155071
申请日：2005-06-16
申请人： Kenneth D. Ray , Paul England , Peter Nicholas Biddle
发明人： Kenneth D. Ray , Paul England , Peter Nicholas Biddle
IPC分类号： G06F11/30 , G06F12/14 , H04L9/32
CPC分类号： G06F21/53 , G06F21/10 , G06F2221/2149
摘要： Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.
摘要翻译：通过将启用比特密封到环境来实现防止未使用的使能位，使得这些比特仅能够被环境打开，或者通过使用隔离机制将环境与机器上的其它环境隔离开来环境运行。环境被信任不使用启用位，除了根据一组管理位的规则。启用位可以是用于受DRM保护的内容的解密密钥，并且规则可以是管理该内容的使用的许可证。相信启用位不会被滥用是通过信任环境不使用与规则相反的使能位来建立的，相信隔离机制来隔离环境，并且信任开封机制仅仅是为了解开环境的位。

59. 发明授权

US07502471B2 System and method for protecting data streams in hardware components 有权
标题翻译：用于保护硬件组件中数据流的系统和方法
公开(公告)号：US07502471B2
公开(公告)日：2009-03-10
申请号：US11277012
申请日：2006-03-20
申请人： Henrique Malvar , Paul England
发明人： Henrique Malvar , Paul England
IPC分类号： H04N7/167
CPC分类号： H04K1/02 , G11B20/00086 , G11B20/0021 , H04N5/913 , H04N7/1675 , H04N2005/91364
摘要： A scrambling architecture protects data streams in the operating system and hardware components of a computer by scrambling the otherwise raw data prior to the data being handled by the operating system. Scrambled content is passed to a filter graph (or other processing system) where the content is processed while scrambled. A scrambler also generates a random signal based on a first key and a second key. After processing, the scrambled data is passed to a driver for output. A driver may implement a descrambler to detect tone patterns in the content and recovers the first key from varying amplitudes of the tone patterns. The descrambler may also receive the second key via a separate channel and generates the same random signal using the recovered first key and the second key. The descrambler subtracts the tone patterns and the random signal from the scrambled content to restore the content.
摘要翻译：加扰架构通过在操作系统处理数据之前加扰原始数据来保护计算机的操作系统和硬件组件中的数据流。加扰的内容被传递到滤波器图（或其他处理系统），其中内容被加扰处理。加扰器还基于第一密钥和第二密钥生成随机信号。处理后，将加扰的数据传递给驱动程序进行输出。驱动器可以实现解扰器来检测内容中的音调模式，并从不同的音调模式的幅度恢复第一个键。解扰器还可以经由单独的信道接收第二密钥，并使用恢复的第一密钥和第二密钥生成相同的随机信号。解扰器从加扰的内容中减去音调模式和随机信号以恢复内容。

60. 发明授权

US07487365B2 Saving and retrieving data based on symmetric key encryption 有权
公开(公告)号：US07487365B2
公开(公告)日：2009-02-03
申请号：US10406861
申请日：2003-04-04
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： H04L9/00 , H04N7/167
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式