会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Method and system for restricting the load of physical address translations of virtual addresses
    • 用于限制虚拟地址的物理地址转换的负载的方法和系统
    • US06745306B1
    • 2004-06-01
    • US09520203
    • 2000-03-07
    • Bryan M. WillmanPaul EnglandJohn D. DeTreville
    • Bryan M. WillmanPaul EnglandJohn D. DeTreville
    • G06F1214
    • G06F12/145G06F12/1027G06F12/1081G06F12/1491
    • A method and system for protecting data on a computer system uses one or more restricted areas of memory to store proprietary or confidential data. The translation lookaside buffer (TLB) is used to regulate access to the restricted memory. When a TLB miss occurs during the execution of a program, the TLB miss handling logic determines whether the program is attempting to access restricted memory. If so, then the TLB miss handling logic determines whether the program is authorized to have access. If the program is not authorized to have access, then the TLB miss handling logic generates an exception, such as an invalid page fault, and the TLB is not loaded. If the program is authorized to have access to the restricted page, then the TLB is loaded with the appropriate address translation. As long as the translation remains in the TLB, future accesses to the page by an authorized program will require no additional checks and no additional CPU time.
    • 用于在计算机系统上保护数据的方法和系统使用存储器的一个或多个限制区域来存储专用或机密数据。 翻译后备缓冲器(TLB)用于调节对受限内存的访问。 当在程序执行期间出现TLB未命中时,TLB未命中处理逻辑确定程序是否尝试访问受限存储器。 如果是这样,则TLB未命中处理逻辑确定该程序是否被授权进行访问。 如果程序没有权限访问,则TLB未命中处理逻辑会产生异常,例如无效页错误,TLB未加载。 如果该程序被授权访问受限制的页面,则TLB将加载适当的地址转换。 只要转换保留在TLB中,未来的授权程序对页面的访问将不需要额外的检查,也不需要额外的CPU时间。
    • 4. 发明授权
    • Digital rights management operating system
    • 数字版权管理操作系统
    • US06330670B1
    • 2001-12-11
    • US09227561
    • 1999-01-08
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • G06F944
    • G06F9/468G06F9/4406G06F21/10G06F21/575G06F2221/2113
    • A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file. The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock.
    • 数字版权管理操作系统由于执行访问存储器的可信应用程序而将数据加载到存储器或页面文件中时,保护诸如下载的内容之类的权利管理的数据免受不可信程序的访问。 为了保护驻留在内存中的权限管理数据,数字版权管理操作系统拒绝在可信应用程序正在执行之前加载不受信任的程序,或者在加载不受信任的程序之前从内存中删除数据。 如果不可信程序在操作系统级别(例如调试器)上执行,则数字版权管理操作系统在计算机引导时放弃由计算机处理器为其创建的可信标识。 为了保护页面文件上的权限管理数据,数字版权管理操作系统禁止原始访问页面文件,或者在允许访问页面之前从页面文件中删除数据。 或者,数字权限管理操作系统可以在将权限管理的数据写入页面文件之前加密。 数字版权管理操作系统还限制用户可以在权限管理的数据和可信应用上执行的功能,并且可以提供用于代替标准计算机时钟的可信时钟。
    • 7. 发明授权
    • Key-based secure storage
    • 基于密钥的安全存储
    • US07194092B1
    • 2007-03-20
    • US09227568
    • 1999-01-08
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • H04L9/00
    • G06F9/468G06F9/4406G06F21/10G06F21/575G06F2221/2113H04L63/0435H04L63/0442H04L63/166
    • Secure storage for downloaded content on a subscriber computer is keyed to a trusted digital rights management operating system, a trusted application, a trusted user or a combination thereof. A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
    • 用户计算机上的下载内容的安全存储被锁定到可信赖的数字版权管理操作系统,可信应用程序,可信用户或其组合。 单向散列函数应用于由应用程序提供的种子以产生用于生成应用程序存储密钥的散列种子。 单向散列函数被应用于由用户提供的种子以产生第一散列种子,该第一散列种子被传递给键入的哈希函数,其被键入用户的身份,以产生第二散列种子。 第二个散列种子用于生成用户存储密钥。 从未分解的种子生成操作系统存储密钥。 其中一个存储密钥用于加密下载的内容。 在下载时附加到内容的访问谓词与存储密钥相关联,以对内容的访问执行某些限制。
    • 8. 发明授权
    • Controlling access to content based on certificates and access predicates
    • 基于证书和访问谓词控制对内容的访问
    • US06820063B1
    • 2004-11-16
    • US09227559
    • 1999-01-08
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • G06F1760
    • G06F21/57G06F21/10G06F2221/2101
    • Digital rights for content downloaded to a subscriber computer from a provider are specified in an access predicate. The access predicate is compared with a rights manager certificate associated with an entity, such as an application, that wants access to the content. If the rights manager certificate satisfies the access predicate, the entity is allowed access to the content. A license that specifies limitations on the use of the content can also be associated with the content and provided to the entity. The use the entity makes of the content is monitored and terminated if the entity violates the license limitations. In one aspect of the invention, the access predicate and the license are protected from tampering through cryptographic techniques.
    • 在访问谓词中指定了从提供者下载到用户计算机的内容的数字权限。 访问谓词与与想要访问内容的实体(例如应用)相关联的权限管理器证书进行比较。 如果权限管理器证书满足访问谓词,则允许实体访问内容。 指定对使用内容的限制的许可证也可以与内容相关联并提供给实体。 如果实体违反许可证限制,使用实体使内容受到监控和终止。 在本发明的一个方面,访问谓词和许可证被保护免受通过加密技术的篡改。
    • 9. 发明授权
    • Loading and identifying a digital rights management operating system
    • 加载和识别数字版权管理操作系统
    • US06327652B1
    • 2001-12-04
    • US09227611
    • 1999-01-08
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • Paul EnglandJohn D. DeTrevilleButler W. Lampson
    • G06F9445
    • G06F9/468G06F9/4406G06F21/10G06F2221/2113
    • The identity of an operating system running on a computer is determined from an identity associated with an initial component for the operating system, combined with identities of additional components that are loaded afterwards. Loading of a digital rights management operating system on a subscriber computer is guaranteed by validating digital signatures on each component to be loaded and by determining a trust level for each component. A trusted identity is assumed by the digital rights management operating system when only components with valid signatures and a pre-determined trust level are loaded. Otherwise, the operating system is associated with an untrusted identity. Both the trusted and untrusted identities are derived from the components that were loaded. Additionally, a record of the loading of each component is placed into a boot log that is protected from tampering through a chain of public-private key pairs.
    • 在计算机上运行的操作系统的身份是从与操作系统的初始组件相关联的身份确定的,再加上随后加载的附加组件的标识。 通过验证要加载的每个组件上的数字签名以及通过确定每个组件的信任级别来保证在用户计算机上加载数字版权管理操作系统。 只有加载了具有有效签名和预定信任级别的组件时,数字版权管理操作系统才承担可信身份。 否则,操作系统与不可信身份相关联。 受信任和不受信任的身份都来自已加载的组件。 另外,每个组件的加载记录被放置在引导日志中,该引导日志不受篡改通过一系列公私密钥对。