专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07246374B1 Enhancing computer system security via multiple user desktops 有权
标题翻译：通过多个用户桌面增强计算机系统的安全性
公开(公告)号：US07246374B1
公开(公告)日：2007-07-17
申请号：US09524124
申请日：2000-03-13
申请人： Daniel R. Simon , Dirk Balfanz
发明人： Daniel R. Simon , Dirk Balfanz
IPC分类号： G06F7/06
CPC分类号： G06F21/53 , G06F9/543 , G06F21/60
摘要： Users can create multiple different desktops for themselves and easily switch between these desktops. These multiple desktops are “walled off” from one another, limiting the ability of processes and other subjects in one desktop from accessing objects, such as data files or other processes, in another desktop. According to one aspect, each time a process is launched it is associated with the desktop that it is launched in. Similarly, objects, such as data files or resources, are associated with the same desktop as the process that created them. The operating system allows a process to access only those objects that are either associated with the same desktop as the process or associated with no desktop.
摘要翻译：用户可以为自己创建多个不同的桌面，并轻松地在这些桌面之间切换。这些多个桌面彼此“被隔离”，限制了一个桌面中进程和其他主题在其他桌面上访问对象（如数据文件或其他进程）的能力。根据一个方面，每次启动进程时，它与启动的桌面相关联。类似地，诸如数据文件或资源的对象与创建它们的进程相同的桌面。操作系统允许进程仅访问与进程相关联的相同桌面或与无桌面相关联的那些对象。

2. 发明授权

US08681995B2 Supporting DNS security in a multi-master environment 有权
标题翻译：支持多主机环境中的DNS安全
公开(公告)号：US08681995B2
公开(公告)日：2014-03-25
申请号：US12974590
申请日：2010-12-21
申请人： Shyam Seshadri , Jeffrey J. Westhead , Vamshi Krishna Kancharla , Daniel R. Simon , Anthony G. Jones , Frank Ronneburg , Guillaume V. Bailey
发明人： Shyam Seshadri , Jeffrey J. Westhead , Vamshi Krishna Kancharla , Daniel R. Simon , Anthony G. Jones , Frank Ronneburg , Guillaume V. Bailey
IPC分类号： H04L29/06
CPC分类号： H04L29/12066 , H04L9/083 , H04L9/3247 , H04L29/12132 , H04L29/12301 , H04L61/1511 , H04L61/1552 , H04L61/2076 , H04L63/1416
摘要： Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.
摘要翻译：多个对等域名系统（DNS）服务器包含在多主机DNS环境中。多个对等DNS服务器之一是主要对等DNS服务器，为多个对等DNS服务器所服务的DNS区域生成一个或多个密钥。关键的主对等DNS服务器还可以生成标识DNS区域的一个或多个密钥的集合的签名密钥描述符，并将签名密钥描述符传送到多个对等DNS服务器中的其他密钥描述符。

3. 发明授权

US08380841B2 Strategies for investigating and mitigating vulnerabilities caused by the acquisition of credentials 有权
标题翻译：调查和减轻获取证书所造成的漏洞的策略
公开(公告)号：US08380841B2
公开(公告)日：2013-02-19
申请号：US11608126
申请日：2006-12-07
申请人： John Dunagan , Gregory D. Hartrell , Daniel R. Simon
发明人： John Dunagan , Gregory D. Hartrell , Daniel R. Simon
IPC分类号： G06F15/173 , G06F11/00
CPC分类号： H04L63/1433 , G06F21/577 , G06F2221/2101
摘要： A strategy is described for assessing and mitigating vulnerabilities within a data processing environment. The strategy collects access data that reflects actual log-in behavior exhibited by users in the environment. The strategy also collects rights data that reflects the rights possessed by one or more administrators within the environment. Based on the access data and rights data, the strategy identifies how a user or other entity that gains access to one part of the environment can potentially compromise additional parts of the environment. The strategy can recommend and implement steps aimed at reducing any identified vulnerabilities.
摘要翻译：描述了一种用于评估和减轻数据处理环境中的漏洞的策略。该策略收集反映用户在环境中展示的实际登录行为的访问数据。该策略还收集反映环境中一个或多个管理员拥有的权利的权限数据。根据访问数据和权限数据，该策略将识别获得对环境一部分访问权限的用户或其他实体如何潜在地危及环境的其他部分。该策略可以推荐并实施旨在减少任何已识别的漏洞的步骤。

4. 发明授权

US08205252B2 Network accountability among autonomous systems 有权
标题翻译：自主系统之间的网络责任
公开(公告)号：US08205252B2
公开(公告)日：2012-06-19
申请号：US11460929
申请日：2006-07-28
申请人： Daniel R. Simon , Sharad Agarwal , David A. Maltz
发明人： Daniel R. Simon , Sharad Agarwal , David A. Maltz
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , H04L12/66 , H04L45/74 , H04L63/0227 , H04L63/0236 , H04L63/0263 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/1458 , H04L2463/146
摘要： Accountability among Autonomous Systems (ASs) in a network ensures reliable identification of various customers within the ASs and provides defensibility against malicious customers within the ASs. In one implementation, reliable identification is achieved by implementing ingress filtering on data packets originating within individual ASs and defensibility is provided by filtering data packets on request. To facilitate on-request filtering, individual ASs are equipped with a Filter Request Server (FRS) to filter data packets from certain customers identified in a filter request. Thus, when a requesting customer makes a filter request against an offending customer, the FRS within the AS to which the offending customer belongs conducts on-request filtering and installs an on-request filter on a first-hop network infrastructure device for the offending customer. Consequently, the first-hop network infrastructure device filters any data packet sent from the offending customer to the requesting customer.
摘要翻译：网络中的自治系统（AS）的责任确保对AS内各种客户的可靠识别，并为AS内的恶意客户提供防御性。在一个实现中，通过对源自各个AS的数据分组进行入口过滤来实现可靠的识别，并且通过根据请求过滤数据分组来提供防御性。为了便于按需请求过滤，单个AS配备了过滤器请求服务器（FRS），用于过滤来自过滤请求中标识的某些客户端的数据包。因此，当请求客户对违规客户进行过滤请求时，违规客户所属的AS内的FRS进行按需请求过滤，并在违规客户的第一跳网络基础设施设备上安装请求过滤器。因此，第一跳网络基础设施设备将从违规客户发送的任何数据包过滤到请求的客户。

5. 发明授权

US07676840B2 Use of hashing in a secure boot loader 失效
标题翻译：在安全引导加载程序中使用散列
公开(公告)号：US07676840B2
公开(公告)日：2010-03-09
申请号：US11030825
申请日：2005-01-07
申请人： Dinarte Morais , Jon Lange , Daniel R. Simon , Ling Tony Chen , Josh D. Benaloh
发明人： Dinarte Morais , Jon Lange , Daniel R. Simon , Ling Tony Chen , Josh D. Benaloh
IPC分类号： G06F11/00
CPC分类号： G06F21/575
摘要： Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.
摘要翻译：包括引导代码的机器指令被埋在电子游戏控制台的关键部件内，在这些部件中它们不能容易地被访问或修改。只读存储器（ROM）中的预加载器部分由引导代码散列，并将结果与引导代码中维护的预期散列值进行比较。启动过程的进一步验证由预加载器执行，预加载器将ROM中的代码散列，以获得代码的哈希值。结果是针对定义此散列值的期望值的数字签名值进行验证。无法获得任何预期的结果将终止启动过程。由于引导代码确认了预加载器，并且预加载器确认了ROM中的其余代码，所以该技术对于确保用于引导设备的代码未被修改或替换是有用的。

6. 发明授权

US07634661B2 Manifest-based trusted agent management in a trusted operating system environment 有权
标题翻译：在受信任的操作系统环境中进行基于清单的可信代理管理
公开(公告)号：US07634661B2
公开(公告)日：2009-12-15
申请号：US11206585
申请日：2005-08-18
申请人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号： G06F12/14 , H04L9/32 , H04L29/06
CPC分类号： G06F21/54 , G06F21/53 , G06F21/57
摘要： Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
摘要翻译：在受信任的操作系统环境中的基于清单的可信代理管理包括接收接收到的执行进程的请求，并为进程设置虚拟内存空间。此外，访问对应于进程的清单，并且可以基于二进制文件中包括在清单中的指示符限制在虚拟存储器空间中执行多个二进制文件中的哪一个。

7. 发明授权

US07577840B2 Transferring application secrets in a trusted operating system environment 有权
公开(公告)号：US07577840B2
公开(公告)日：2009-08-18
申请号：US11068007
申请日：2005-02-28
申请人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人： Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/606
摘要： Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

8. 发明授权

US07549170B2 System and method of inkblot authentication 有权
标题翻译：墨迹认证的系统和方法
公开(公告)号：US07549170B2
公开(公告)日：2009-06-16
申请号：US10427452
申请日：2003-04-30
申请人： Adam Stubblefield , Daniel R. Simon
发明人： Adam Stubblefield , Daniel R. Simon
IPC分类号： H04L9/32 , G06F7/04
CPC分类号： G06F21/36
摘要： A system and method that uses authentication inkblots to help computer system users first select and later recall authentication information from high entropy information spaces. An inkblot authentication module generates authentication inkblots from authentication inkblot seeds. On request, a security authority generates, stores and supplies an authentication inkblot seed set for a user. In response to an authentication inkblot, a user inputs one or more alphanumeric characters. The responses to one or more authentication inkblots serve as authentication information. A user-computable hash of the natural language description of the authentication inkblot is utilized to speed authentication information entry and provide for compatibility with conventional password-based authentication. Authentication with an authentication information match ratio of less than 100% is possible. Authentication inkblot generation methods are disclosed, as well as a detailed inkblot authentication protocol which makes it difficult for users to opt-out of high entropy authentication information generation.
摘要翻译：一种使用认证墨迹帮助计算机系统用户首先选择并随后从高熵信息空间中回收认证信息的系统和方法。墨迹认证模块从认证墨迹种子生成认证墨迹。根据请求，安全机构为用户生成，存储和提供验证墨迹种子集。响应于认证墨迹，用户输入一个或多个字母数字字符。对一个或多个认证墨迹的响应用作验证信息。认证墨迹的自然语言描述的用户可计算的哈希用于加速认证信息输入，并提供与传统的基于密码的认证的兼容性。认证信息匹配率小于100％的认证是可能的。公开了认证墨迹生成方法，以及详细的墨迹认证协议，使得用户难以选择退出高熵认证信息生成。

9. 发明授权

US07529933B2 TLS tunneling 有权
标题翻译： TLS隧道
公开(公告)号：US07529933B2
公开(公告)日：2009-05-05
申请号：US10157806
申请日：2002-05-30
申请人： Ashwin Palekar , Arun Ayyagari , Daniel R. Simon
发明人： Ashwin Palekar , Arun Ayyagari , Daniel R. Simon
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： H04L63/0428 , H04L63/08 , H04L63/162
摘要： An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.
摘要翻译：可以使用认证协议来建立网络上的两个设备之间的安全通信方法。一旦建立，安全通信可以用于通过各种认证方法认证客户端，在中间设备不能被信任的环境中提供安全性，例如无线网络或外部网络接入点。此外，会话密钥和其他相关信息的高速缓存可以使得两个安全通信的端点能够快速恢复其通信，尽管中断，例如当一个端点改变其连接到网络的接入点时。而且，两台设备之间的安全通信可以使用户能够从家庭网络中漫游，从而提供通过外部网络进行访问的机制，同时允许外部网络监视和控制其带宽的使用。

10. 发明授权

US07464265B2 Methods for iteratively deriving security keys for communications sessions 有权
标题翻译：用于迭代地导出通信会话的安全密钥的方法
公开(公告)号：US07464265B2
公开(公告)日：2008-12-09
申请号：US10138868
申请日：2002-05-03
申请人： Arun Ayyagari , Daniel R. Simon , Bernard D. Aboba , Krishna Ganugapati , Timothy M. Moore , Pradeep Bahl
发明人： Arun Ayyagari , Daniel R. Simon , Bernard D. Aboba , Krishna Ganugapati , Timothy M. Moore , Pradeep Bahl
IPC分类号： H04L9/00
CPC分类号： H04L9/0833 , H04L9/0841 , H04L63/065 , H04L63/08 , H04L63/104 , H04L67/14 , H04L2209/80 , H04L2463/061
摘要： Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.
摘要翻译：已经公开了已经建立了一组安全密钥的客户端的方法来建立新的集合而不必与认证服务器进行通信。当客户端加入一个组时，主会话安全密钥被导出，并被客户机和组的访问服务器所知。从主会话安全密钥，访问服务器和客户端都派生用于认证和加密的瞬态会话安全密钥。要更改瞬态会话安全密钥，访问服务器创建“活动”信息并将其发送给客户端。新的主会话安全密钥来源于活动信息和当前的一组暂存会话安全密钥。从这些新的主会话安全密钥导出新的临时会话安全密钥。此过程限制使用一组瞬态会话安全密钥发送的数据量，从而限制任何统计攻击者的有效性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式