专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07543140B2 Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority 有权
标题翻译：根据授权撤销机构的撤销清单，撤销证书并排除数字版权管理（DRM）系统中的其他主体
公开(公告)号：US07543140B2
公开(公告)日：2009-06-02
申请号：US10374312
申请日：2003-02-26
申请人： Blair Brewster Dillaway , Philip Lafornara , Brian A. LaMacchia , Rushmi U. Malaviarachchi , John L. Manferdelli , Charles F. Rose, III
发明人： Blair Brewster Dillaway , Philip Lafornara , Brian A. LaMacchia , Rushmi U. Malaviarachchi , John L. Manferdelli , Charles F. Rose, III
IPC分类号： H04L29/00
CPC分类号： G06F21/10 , H04L9/3268 , H04L2209/603
摘要： A digital certificate identifies an entity as having authority over the certificate to revoke same as delegated by the issuer. The certificate also has at least one revocation condition relating to possible revocation of the certificate. To authenticate the certificate, the identification of the delegated revocation authority, a location from which a revocation list is to be obtained, and any freshness requirement to be applied to the revocation list are determined from the certificate. It is then ensured that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement, that the revocation list is promulgated by the delegated revocation authority identified in the certificate, and that the certificate is not identified in the revocation list as being revoked.
摘要翻译：数字证书将一个实体认定为具有颁发机构授权的权限，以撤销与发行人授权相同的权限。该证书还具有与可能撤销证书有关的至少一个撤销条件。为了对证书进行身份验证，从证书中确定授权撤销机构的标识，要从中获得撤销列表的位置以及应用于撤销列表的任何新鲜度要求。然后确保从该位置的撤销列表存在，并且本撤销列表满足新鲜度要求，撤销列表由证书中指定的授权撤销机构颁布，并且该证书在撤销中未被识别列表被撤销。

2. 发明授权

US07269702B2 Trusted data store for use in connection with trusted computer operating system 有权
标题翻译：可信数据存储，用于与可信计算机操作系统连接
公开(公告)号：US07269702B2
公开(公告)日：2007-09-11
申请号：US10456124
申请日：2003-06-06
申请人： Bryan Mark Willman , Paul England , Keith Kaplan , Alan Stuart Geller , Brian A. LaMacchia , Blair Brewster Dillaway , Marcus Peinado , Michael Alfred Aday , Selena Wilson
发明人： Bryan Mark Willman , Paul England , Keith Kaplan , Alan Stuart Geller , Brian A. LaMacchia , Blair Brewster Dillaway , Marcus Peinado , Michael Alfred Aday , Selena Wilson
IPC分类号： G06F12/14
CPC分类号： G06F21/78
摘要： A trusted data store is provided for use with a trusted element of a trusted operating system on a computing machine. In the trusted data store, a storage medium stores data in a pre-determined arrangement, where the data includes trusted data from the trusted element of the trusted operating system on the computing machine. An access controller writes data to and reads data from the storage medium, and a trust controller is interposed between the computing machine and the access controller. The trust controller allows only the trusted element to perform operations on the trusted data thereof on the storage medium.
摘要翻译：提供了可信赖的数据存储器，用于与计算机器上的可信操作系统的可信元件一起使用。在可信数据存储器中，存储介质以预定的布置存储数据，其中数据包括来自计算机器上的可信操作系统的可信元件的可信数据。访问控制器将数据写入存储介质并从存储介质读取数据，并且信任控制器插在计算机和访问控制器之间。信任控制器仅允许可信元素对存储介质上的可信数据执行操作。

3. 发明授权

US08024770B2 Techniques for managing security contexts 有权
标题翻译：管理安全上下文的技术
公开(公告)号：US08024770B2
公开(公告)日：2011-09-20
申请号：US11471905
申请日：2006-06-21
申请人： Gregory D. Fee , Brian A. LaMacchia , Blair Dillaway
发明人： Gregory D. Fee , Brian A. LaMacchia , Blair Dillaway
IPC分类号： H04L9/00 , H04L9/32 , G06F7/04
CPC分类号： G06F21/52
摘要： Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.
摘要翻译：可以描述用于管理安全上下文的技术。装置可以包括处理器和安全管理模块。安全管理模块可以为多个并发线程形成合并的安全上下文，其中一个线程取决于来自其他线程的多个以前的操作。描述和要求保护其他实施例。

4. 发明授权

US07596692B2 Cryptographic audit 失效
标题翻译：密码审核
公开(公告)号：US07596692B2
公开(公告)日：2009-09-29
申请号：US10163223
申请日：2002-06-05
申请人： Barbara Lynch Fox , David G. Conroy , Brian A. LaMacchia
发明人： Barbara Lynch Fox , David G. Conroy , Brian A. LaMacchia
IPC分类号： H04L29/00 , H04L29/12 , H04L29/06
CPC分类号： H04L12/18 , H04L63/08 , H04L63/0876
摘要： Method, system, and computer program products for identifying potentially fraudulent receivers of digital content. A receiver authenticates to an auditing service with data that should be unique to the receiver. The auditing service detects when multiple receivers attempt to authenticate with the same data, suggesting that a receiver has been cloned or duplicated. The audit service also detects when a receiver authenticates improperly, suggesting an unsuccessful and unauthorized attempt to duplicate an authorized receiver. Individual receivers may be networked together. To help protect a receiver's authentication data from tampering, at least a portion of the data may be digitally signed with a private key. The audit service may then verify the digital signature with a corresponding public key. Varying the order in which data is signed or where the data is stored from one receiver or group of receivers to another may provide an additional level of security.
摘要翻译：用于识别数字内容的潜在欺诈接收者的方法，系统和计算机程序产品。接收者使用接收机唯一的数据对审计服务进行认证。审计服务检测多个接收方何时尝试使用相同的数据进行身份验证，提示接收方已被克隆或复制。审计服务还检测接收者何时不正确地认证，这表明未经授权的尝试复制授权的接收方。单个接收器可以联网在一起。为了帮助保护接收者的认证数据免受篡改，至少一部分数据可以用私钥进行数字签名。然后，审计服务可以用对应的公钥验证数字签名。将数据签名顺序或数据从一个接收器或一组接收器存储到另一个接收器或接收器组的顺序可能会提供额外的安全级别。

6. 发明授权

US07251834B2 Filtering a permission set using permission requests associated with a code assembly 有权
标题翻译：使用与代码程序集相关联的权限请求过滤权限集
公开(公告)号：US07251834B2
公开(公告)日：2007-07-31
申请号：US11254839
申请日：2005-10-20
申请人： Brian A. LaMacchia , Loren M. Kohnfelder , Gregory D. Fee , Michael J. Toutonghi
发明人： Brian A. LaMacchia , Loren M. Kohnfelder , Gregory D. Fee , Michael J. Toutonghi
IPC分类号： G06F7/04 , G06F17/30 , G06K9/00 , H03M1/68 , H04K1/00 , H04L9/00 , H04L9/32
CPC分类号： G06F21/52
摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.
摘要翻译：安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。策略管理器可以与计算机系统（例如，Web客户机）一起在运行时环境的验证模块和类加载器的组合中执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。还可以与代码组合相关联地接收许可请求集合。许可请求集可以包括最小请求集，指定代码组件正确运行所需的权限。许可请求集还可以包括可选的请求集合，指定代码组件请求的许可以提供替代级别的功能。此外，许可请求集合可以包括垃圾请求集合，指定不被授予代码组件的权限。权限请求用于过滤权限集以生成权限授予集。

7. 发明授权

US08355970B2 Intelligent trust management method and system 有权
标题翻译：智能信任管理方法与系统
公开(公告)号：US08355970B2
公开(公告)日：2013-01-15
申请号：US12979162
申请日：2010-12-27
申请人： Barbara L. Fox , Brian A. LaMacchia
发明人： Barbara L. Fox , Brian A. LaMacchia
IPC分类号： G06Q40/00
CPC分类号： G06F21/50 , G06F21/52 , G06F21/604 , G06Q40/00
摘要： Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.
摘要翻译：智能信任管理提供了一个集中的安全设施，为系统组件提供了实施安全策略的灵活机制。系统组件（如应用程序）创建一个描述需要根据适当的安全策略进行检查的操作的请求。该请求被提供给确定哪个策略对象适用于请求的信任系统，并且可以将请求参数传递给该策略。策略对象包括使用任何参数以及动态获取的变量信息进行决策的可执行代码。该决定返回到系统组件，然后系统组件相应地进行操作。策略对象可以保持状态并且与用户无关的系统组件的接口，以便获取信息以作出决定。策略对象可以调用其他策略对象和/或以数学方式组合其他策略对象的结果作出决定。

8. 发明授权

US08190895B2 Authenticated key exchange with derived ephemeral keys 有权
标题翻译：使用衍生的短暂密钥进行认证密钥交换
公开(公告)号：US08190895B2
公开(公告)日：2012-05-29
申请号：US11207686
申请日：2005-08-18
申请人： Kristin E. Lauter , Brian A. LaMacchia , Anton Mityagin
发明人： Kristin E. Lauter , Brian A. LaMacchia , Anton Mityagin
IPC分类号： H04L29/06
CPC分类号： H04L9/0844 , H04L9/3066 , H04L63/06
摘要： AKE with derived ephemeral keys is described. In one aspect, a first party computes a derived ephemeral public-key based on a derived ephemeral secret key and a mathematical group. The derived ephemeral secret key is based on an ephemeral secret key and a long-term secret key. The first party generates a session key for secure exchange of information with a second party. The session key is generated using the derived ephemeral secret key and a second party derived ephemeral public-key key to demonstrate to the second party that the first party possesses the long-term secret key.
摘要翻译：描述了具有派生短暂键的AKE。一方面，第一方基于导出的临时秘密密钥和数学组来计算衍生的临时公钥。衍生的短暂秘密密钥基于短暂密钥和长期密钥。第一方生成会话密钥，用于与第二方进行安全的信息交换。会话密钥是使用派生的短暂密钥和第二方派生的短暂公钥密钥生成的，以向第二方证明第一方拥有长期秘密密钥。

9. 发明申请

US20110093423A1 INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM 有权
标题翻译：智能信任管理方法与系统
公开(公告)号：US20110093423A1
公开(公告)日：2011-04-21
申请号：US12979162
申请日：2010-12-27
申请人： Barbara L. Fox , Brian A. LaMacchia
发明人： Barbara L. Fox , Brian A. LaMacchia
IPC分类号： G06N5/02
CPC分类号： G06F21/50 , G06F21/52 , G06F21/604 , G06Q40/00
摘要： Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.
摘要翻译：智能信任管理提供了一个集中的安全设施，为系统组件提供了实施安全策略的灵活机制。系统组件（如应用程序）创建一个描述需要根据适当的安全策略进行检查的操作的请求。该请求被提供给确定哪个策略对象适用于请求的信任系统，并且可以将请求参数传递给该策略。策略对象包括使用任何参数以及动态获取的变量信息进行决策的可执行代码。该决定返回到系统组件，然后系统组件相应地进行操作。策略对象可以保持状态并且与用户无关的系统组件的接口，以便获取信息以作出决定。策略对象可以调用其他策略对象和/或以数学方式组合其他策略对象的结果作出决定。

10. 发明授权

US07076557B1 Applying a permission grant set to a call stack during runtime 失效
标题翻译：在运行时将权限授予集应用于调用堆栈
公开(公告)号：US07076557B1
公开(公告)日：2006-07-11
申请号：US09613032
申请日：2000-07-10
申请人： Brian A. LaMacchia , Gregory Darrell Fee , Loren M. Kohnfelder , Ashok Cholpady Kamath
发明人： Brian A. LaMacchia , Gregory Darrell Fee , Loren M. Kohnfelder , Ashok Cholpady Kamath
IPC分类号： G06F15/16
CPC分类号： G06F21/52
摘要： A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation. If the calling code frame and the preceding call frames can satisfy the requested permission, the called code frame can perform the protected operation (absent stack overrides). Otherwise, a security exception is thrown and the called code frame is inhibited from performing the protected operation (absent stack overrides). Stack overrides may be employed to dynamically modify the stack walk operation. To increase performance, a stack walk may be avoided by caching an intersection of the permission grants of all code assemblies in the application.
摘要翻译：一种系统和方法确定被叫代码帧是否具有可用的请求权限，以便能够执行受保护的操作。代码帧包含在从远程或本地资源位置接收的代码集合中。策略管理器生成包含与代码集合相关联的许可授权对象的许可权授予集。许可授予集和代码集合都被加载到运行时调用堆栈中，以便运行时执行一个或多个代码帧。对其他代码帧的调用可能涉及将额外的代码组合和许可授权集合加载到运行时调用堆栈中。为了使被叫代码帧执行受保护的操作，代码帧需要其调用代码帧和运行时调用堆栈之前的调用代码帧之前的所有代码帧的请求许可，作为堆栈步骤操作的一部分。如果呼叫代码帧和前面的呼叫帧可以满足请求的权限，则被叫代码帧可以执行受保护的操作（不存在堆栈覆盖）。否则，将抛出安全异常，并禁止调用的代码帧执行受保护的操作（不存在堆栈覆盖）。可以采用堆叠覆盖来动态地修改堆栈行进操作。为了提高性能，可以通过缓存应用程序中所有代码程序集的许可授权的交集来避免堆栈移动。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式