专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

81. 发明申请

US20080104698A1 METHOD AND APPARATUS FOR ADOPTING AUTHORIZATIONS 失效
标题翻译：通过授权的方法和装置
公开(公告)号：US20080104698A1
公开(公告)日：2008-05-01
申请号：US11968673
申请日：2008-01-03
申请人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
发明人： Lawrence Koved , Anthony Nadalin , Marco Pistoia
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.
摘要翻译：提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。该方法和设备提供了一个AdoptPermission权限类型，允许一种方法传递Java 2授权测试，而不会明确授予该方法的特定所需权限，而不授予其授予AllPermission权限的方法。使用设备和方法，定义了一个AdoptPermission权限类型，该类型用于允许ProtectionDomain“采用”所需的权限。但是，只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时，才能执行所需的权限。因此，AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制，并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。

82. 发明授权

US07308717B2 System and method for supporting digital rights management in an enhanced Java™ 2 runtime environment 失效
标题翻译：在增强的Java（TM）2运行时环境中支持数字版权管理的系统和方法
公开(公告)号：US07308717B2
公开(公告)日：2007-12-11
申请号：US09792154
申请日：2001-02-23
申请人： Lawrence Koved , Magda M. Mourad , Jonathan P. Munson , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
发明人： Lawrence Koved , Magda M. Mourad , Jonathan P. Munson , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
IPC分类号： G06F7/04
CPC分类号： G06F21/52 , G06F21/10 , G06F2221/0748
摘要： A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights. By providing a Ad DRM-enabled Java runtime, which does not affect the way non-DRM-related programs work, DRM content providers will not require the installation of customized players. By securing the runtime, every Java™ player automatically and transparently becomes a DRM-enabled player.
摘要翻译：实现Java运行时环境（JRE）的Java客户端的数字版权管理（DRM）系统和方法。 JRE包括Java虚拟机（JVM）和Java运行时库组件，并且能够执行播放器应用程序来呈现可以通过Java程序呈现的内容（例如，Java应用程序，小程序，servlet，bean等）并从内容服务器下载到客户端。 DRM系统包括用于接收下载的受保护内容的获取组件; 以及位于JRE和播放器应用之间的动态版权管理层，用于接收从播放器查看或播放下载的受保护内容的请求，并且响应于每个请求，确定与受保护内容相关联的权限，并且使得能够观看或播放受保护的内容内容通过玩家申请，如果允许，根据权利。通过提供支持广告DRM的Java运行时，不影响非DRM相关程序的工作方式，DRM内容提供商将不需要安装自定义播放器。通过确保运行时间，每个Java（TM）播放器自动且透明地成为启用DRM的播放器。

83. 发明授权

US07171558B1 Transparent digital rights management for extendible content viewers 失效
标题翻译：透明的数字版权管理可扩展内容观众
公开(公告)号：US07171558B1
公开(公告)日：2007-01-30
申请号：US09667286
申请日：2000-09-22
申请人： Magda M. Mourad , Jonathan P. Munson , Tamer Nadeem , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
发明人： Magda M. Mourad , Jonathan P. Munson , Tamer Nadeem , Giovanni Pacifici , Marco Pistoia , Alaa S. Youssef
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/10
摘要： A digital rights management system for controlling the distribution of digital content to player applications. The system comprises a verification system, a trusted content handler, and a user interface control. The verification system is provided to validate the integrity of the player applications; and the trusted content handler is used to decrypt content and to transmit the decrypted content to the player applications, and to enforce usage rights associated with the content. The user interface control module is provided to ensure that users of the player applications are not exposed to actions that violate the usage rights. The preferred embodiment of the present invention provides a system that enables existing content viewers, such as Web browsers, document viewers, and Java Virtual Machines running content-viewing applications, with digital rights management capabilities, in a manner that is transparent to the viewer. Extending content viewers with such capabilities enables and facilitates the free exchange of digital content over open networks, such as the Internet, while protecting the rights of content owners, authors, and distributors. This protection is achieved by controlling access to the content and constraining it according to the rights and privileges granted to the user during the content acquisition phase.
摘要翻译：数字版权管理系统，用于控制数字内容到玩家应用程序的分发。系统包括验证系统，可信内容处理程序和用户界面控制。提供验证系统以验证玩家申请的完整性; 并且可信内容处理程序用于解密内容并将解密的内容传送给播放器应用，并且执行与内容相关联的使用权限。提供用户界面控制模块以确保玩家应用的用户不会暴露于违反使用权限的动作。本发明的优选实施例提供了一种系统，其以对观看者透明的方式，使具有数字权限管理功能的现有内容观众（诸如Web浏览器，文档查看器和运行内容观看应用的Java虚拟机）成为可能。扩展具有此类功能的内容观众能够实现和促进数字内容在互联网等开放网络上的自由交换，同时保护内容所有者，作者和分销商的权利。该保护通过控制对内容的访问并根据在内容获取阶段中授予用户的权限和特权来约束来实现。

84. 发明授权

US09459990B2 Automatic and transparent application logging 有权
标题翻译：自动和透明的应用程序日志记录
公开(公告)号：US09459990B2
公开(公告)日：2016-10-04
申请号：US13431422
申请日：2012-03-27
申请人： Joseph W. Ligman , Marco Pistoia , John J. Ponzo , Umut Topkara
发明人： Joseph W. Ligman , Marco Pistoia , John J. Ponzo , Umut Topkara
IPC分类号： G06F11/36 , G06F11/34
CPC分类号： G06F11/3644 , G06F11/3466 , G06F11/3476 , G06F2201/865
摘要： Automatic application logging, in one aspect, may receive a directive for logging data associated with an application. One or more runtime objects of an instance of the application running on a processor may be modified according to the directive to collect the data. The data may be collected via the modified one or more runtime objects.
摘要翻译：在一个方面，自动应用程序日志记录可以接收用于记录与应用程序相关联的数据的指令。可以根据指令来修改在处理器上运行的应用的实例的一个或多个运行时对象以收集数据。可以经由修改的一个或多个运行时对象来收集数据。

85. 发明授权

US08910293B2 Determining the vulnerability of computer software applications to privilege-escalation attacks 有权
标题翻译：确定计算机软件应用程序对特权升级攻击的脆弱性
公开(公告)号：US08910293B2
公开(公告)日：2014-12-09
申请号：US13542214
申请日：2012-07-05
申请人： Marco Pistoia , Ori Segal , Omer Tripp
发明人： Marco Pistoia , Ori Segal , Omer Tripp
IPC分类号： G06F11/00 , G06F21/56 , H04L29/06 , G06F21/57
CPC分类号： G06F21/563 , G06F21/577 , H04L63/1433
摘要： Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.
摘要翻译：确定计算机软件应用程序对特权升级攻击的脆弱性，例如将指令分类器配置为用于识别计算机软件应用程序的指令的候选访问受限区域的位置以及静态分析器，以进行静态分析候选访问限制区域，以确定是否存在控制进入候选访问受限区域的执行流程的条件指令，执行静态分析以确定条件指令是否依赖于计算机软件应用程序内的数据源，并指定候选访问限制区域容易受到特权升级攻击的攻击，不存在条件指令和日期源。

86. 发明授权

US08875297B2 Interactive analysis of a security specification 有权
标题翻译：交互式分析安全规范
公开(公告)号：US08875297B2
公开(公告)日：2014-10-28
申请号：US13448029
申请日：2012-04-16
申请人： Marco Pistoia , Takaaki Tateishi , Omer Tripp
发明人： Marco Pistoia , Takaaki Tateishi , Omer Tripp
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F9/445 , G06F11/36 , G06F21/56 , G06F21/52 , G06F9/45
CPC分类号： G06F11/3604 , G06F8/43 , G06F9/44589 , G06F11/3672 , G06F11/3684 , G06F11/3688 , G06F21/52 , G06F21/562 , G06F21/577
摘要： Analyzing a security specification. An embodiment can include identifying a downgrader in a computer program under test. Via a processor, testing on the downgrader can be performed in a first level of analysis. Responsive to the downgrader not passing the testing performed in the first level of analysis, a counter example for the downgrader can be automatically synthesized. Further, a test unit can be created for the downgrader using the counter example as an input parameter to the downgrader. The test unit can be executed to perform testing on the downgrader in a second level of analysis. Responsive to the downgrader passing the testing performed in the second level of analysis, a user can be prompted to simplify a model of the downgrader.
摘要翻译：分析安全规范。一个实施例可以包括识别被测试的计算机程序中的降级器。通过处理器，可以在第一级分析中对降级器进行测试。对于在第一级分析中没有通过测试的降级分析器，可以自动合成降级器的反例。此外，可以使用计数器示例作为降级器的输入参数来为降级器创建测试单元。可以执行测试单元以在第二级分析中对降级器进行测试。响应于在第二级分析中通过测试的降级者，可以提示用户简化降级的模型。

87. 发明授权

US08863292B2 Interactive analysis of a security specification 有权
标题翻译：交互式分析安全规范
公开(公告)号：US08863292B2
公开(公告)日：2014-10-14
申请号：US13313757
申请日：2011-12-07
申请人： Marco Pistoia , Omer Tripp , Takaaki Tateishi
发明人： Marco Pistoia , Omer Tripp , Takaaki Tateishi
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F9/45 , G06F9/445 , G06F21/52 , G06F21/56 , G06F11/36
CPC分类号： G06F11/3604 , G06F8/43 , G06F9/44589 , G06F11/3672 , G06F11/3684 , G06F11/3688 , G06F21/52 , G06F21/562 , G06F21/577
摘要： Analyzing a security specification. An embodiment can include identifying a downgrader in a computer program under test. Testing on the downgrader can be performed in a first level of analysis. Responsive to the downgrader not passing the testing performed in the first level of analysis, a counter example for the downgrader can be automatically synthesized. Further, a test unit can be created for the downgrader using the counter example as an input parameter to the downgrader. The test unit can be executed to perform testing on the downgrader in a second level of analysis. Responsive to the downgrader passing the testing performed in the second level of analysis, a user can be prompted to simplify a model of the downgrader.
摘要翻译：分析安全规范。一个实施例可以包括识别被测试的计算机程序中的降级器。降级测试可以在第一级分析中进行。对于在第一级分析中没有通过测试的降级分析器，可以自动合成降级器的反例。此外，可以使用计数器示例作为降级器的输入参数来为降级器创建测试单元。可以执行测试单元以在第二级分析中对降级器进行测试。响应于在第二级分析中通过测试的降级者，可以提示用户简化降级的模型。

88. 发明授权

US08769696B2 Automated detection of flaws and incompatibility problems in information flow downgraders 有权
标题翻译：自动检测信息流下载中的缺陷和不兼容问题
公开(公告)号：US08769696B2
公开(公告)日：2014-07-01
申请号：US13248724
申请日：2011-09-29
申请人： Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
发明人： Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/577 , G06F21/00 , G06F21/50
摘要： Mechanisms for evaluating downgrader code in application code with regard to a target deployment environment. Downgrader code in the application code is identified. Based on an input string, an output string that the downgrader code outputs in response to receiving the input string is identified. One or more sets of illegal string patterns are retrieved. Each of the one or more sets of illegal string patterns is associated with a corresponding deployment environment. The illegal string patterns are string patterns that a downgrader identifies in the information flow for security purposes. A determination is made as to whether the downgrader code is compatible with the target deployment environment based on the one or more sets of illegal string patterns and the output string. An output indicative of the results of the determining is generated.
摘要翻译：评估应用程序代码中关于目标部署环境的降级代码的机制。识别应用程序代码中的降级代码。基于输入字符串，识别降级代码响应于输入字符串而输出的输出字符串。检索一组或多组非法字符串模式。一组或多组非法字符串模式中的每一个与相应的部署环境相关联。非法字符串模式是为了安全起见，降级标识在信息流中的字符串模式。基于一组或多组非法字符串模式和输出字符串，确定降级代码是否与目标部署环境兼容。产生指示确定结果的输出。

89. 发明授权

US08695098B2 Detecting security vulnerabilities in web applications 有权
标题翻译：检测Web应用程序中的安全漏洞
公开(公告)号：US08695098B2
公开(公告)日：2014-04-08
申请号：US13174628
申请日：2011-06-30
申请人： Marco Pistoia , Ori Segal , Omer Tripp
发明人： Marco Pistoia , Ori Segal , Omer Tripp
IPC分类号： G06F11/00
CPC分类号： G06F21/577 , H04L63/1433
摘要： Method to detect security vulnerabilities includes: interacting with a web application during its execution to identify a web page exposed by the web application; statically analyzing the web page to identify a parameter within the web page that is constrained by a client-side validation measure and that is to be sent to the web application; determining a server-side validation measure to be applied to the parameter in view of the constraint placed upon the parameter by the client-side validation measure; statically analyzing the web application to identify a location within the web application where the parameter is input into the web application; determining whether the parameter is constrained by the server-side validation measure prior to the parameter being used in a security-sensitive operation; and identifying the parameter as a security vulnerability.
摘要翻译：检测安全漏洞的方法包括：在执行期间与Web应用程序进行交互以识别Web应用程序公开的网页; 静态地分析网页以识别受到客户端验证措施约束并且要发送到Web应用程序的网页内的参数; 鉴于通过客户端验证措施对参数的约束，确定要应用于参数的服务器端验证度量; 静态分析Web应用程序以识别Web应用程序中将参数输入到Web应用程序中的位置; 在参数在安全敏感操作中使用之前，确定参数是否受到服务器端验证度量的约束; 并将该参数识别为安全漏洞。

90. 发明授权

US08667584B2 Formal analysis of the quality and conformance of information flow downgraders 有权
公开(公告)号：US08667584B2
公开(公告)日：2014-03-04
申请号：US12968646
申请日：2010-12-15
申请人： Ryan J. Berg , Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
发明人： Ryan J. Berg , Marco Pistoia , Takaaki Tateishi , Stephen D. Teilhet , Omer Tripp
IPC分类号： G06F21/00
CPC分类号： G06F21/50 , G06F21/577
摘要： Mechanisms for evaluating downgrader code in application code with regard to one or more security guidelines are provided. Downgrader code in application code is identified, where the downgrader code is a portion of code in the application code that operates on an information flow of the application code to ensure confidentiality of information input to the downgrader code, in the output of the downgrader code. Processes of the downgrader code are evaluated against security guidelines to determine if the processes violate the security guidelines. A notification is generated in response to the evaluation indicating that the processes of the downgrader code violate the security guidelines. The notification is output to a computing device for consideration.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式