专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06272631B1 Protected storage of core data secrets 失效
标题翻译：保护存储的核心数据秘密
公开(公告)号：US06272631B1
公开(公告)日：2001-08-07
申请号：US08884864
申请日：1997-06-30
申请人： Matthew W. Thomlinson , Scott Field , Allan Cooper
发明人： Matthew W. Thomlinson , Scott Field , Allan Cooper
IPC分类号： G11C1100
CPC分类号： H04L63/0428 , G06F21/6245 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/06 , H04L63/08 , H04L63/12
摘要： The invention provides central storage for core data secrets, referred to as data items. The architecture includes a storage server, a plurality of installable storage providers, and one or more authentication providers. Programming interfaces are exposed so that application programs can utilize the services provided by the invention without having to actually implement the features. When storing a data item using the protected storage services, an application program can specify rules that determine when to allow access to the data item. Access can, if desired, be limited to the current computer user. Access can similarly be limited to specified application programs or to certain classes of application programs. The storage server authenticates requesting application programs before returning data to them. A default authentication provider authenticates users based on their computer or network logon. A default storage provider allows storage of data items on magnetic media such as a hard disk or a floppy disk. Data items are encrypted before they are stored. The encryption optionally uses a key that is derived from the previous authentication of the user. Specifically, the key is derived from the user's password, supplied during logon. In addition, an application program or the user can specify that certain items require another password that is entered whenever access to the data is requested. The default storage provider implements a multi-level encryption scheme to minimize the amount of encryption that has to be re-done when the user changes a password. Each data item is encrypted using an item key that is generated randomly by the system. The item key is in turn encrypted with a master key that is itself encrypted with a key derived from the user-supplied password (such as the user's logon password).
摘要翻译：本发明为核心数据秘密提供了称为数据项的中央存储。该架构包括存储服务器，多个可安装的存储提供商以及一个或多个认证提供者。编程接口被公开，使得应用程序可以利用本发明提供的服务，而不必实际实现特征。当使用受保护的存储服务存储数据项时，应用程序可以指定确定何时允许访问数据项的规则。如果需要，访问可以限于当前的计算机用户。访问可以类似地限于指定的应用程序或某些类别的应用程序。存储服务器在向其发送数据之前对请求的应用程序进行认证。默认身份验证提供者根据用户的计算机或网络登录信息对用户进行身份验证。默认存储提供程序允许在磁性介质（如硬盘或软盘）上存储数据项。数据项在存储之前被加密。加密可选地使用从先前的用户身份验证导出的密钥。具体来说，密钥是从登录时提供的用户密码导出的。此外，应用程序或用户可以指定某些项目需要在请求访问数据时输入的另一个密码。默认存储提供商实施多级加密方案，以最大限度地减少用户更改密码时必须重新完成的加密数量。使用系统随机生成的项目密钥对每个数据项进行加密。项目密钥依次使用主密钥进行加密，该主密钥本身使用从用户提供的密码导出的密钥（例如用户的登录密码）进行加密。

2. 发明授权

US06389535B1 Cryptographic protection of core data secrets 有权
标题翻译：核心数据秘密的加密保护
公开(公告)号：US06389535B1
公开(公告)日：2002-05-14
申请号：US09172718
申请日：1998-10-13
申请人： Matthew W. Thomlinson , Scott Field , Allan Cooper
发明人： Matthew W. Thomlinson , Scott Field , Allan Cooper
IPC分类号： G06F124
CPC分类号： H04L63/0428 , G06F21/6209 , G06F21/6218 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/12
摘要： Described herein is a system for protecting data from unauthorized access. The system uses a central service provider with exposed complementary interfaces: a data protect function that accepts clear data and returns an encrypted representation of the data, and a data unprotect function that accepts encrypted data and returns corresponding clear or unencrypted data. In addition, a user-readable description is optionally packaged with the encrypted data. Different encryption providers can be registered to perform actual encryption and decryption. A default encryption provider performs encryption and decryption based on a user logon secret such as a password. The default encryption provider also accepts additional entropy from calling application programs. The default encryption provider utilizes a multi-level key encryption scheme to minimize the amount of encryption that has to be re-done when the user changes a password. In addition, data recovery information is escrowed so that keys can be recovered when a user's password is changed.
摘要翻译：这里描述了一种用于保护数据免受未经授权访问的系统。该系统使用具有暴露的互补接口的中央服务提供商：数据保护功能，接受清晰的数据并返回数据的加密表示，以及接收加密数据并返回相应的清除或未加密数据的数据非保护功能。此外，用户可读描述可选地与加密数据一起打包。可以注册不同的加密提供者来执行实际的加密和解密。默认加密提供商根据用户登录密码（如密码）执行加密和解密。默认的加密提供者也接受来自调用应用程序的额外的熵。默认加密提供商利用多级密钥加密方案来最小化用户更改密码时必须重新完成的加密数量。此外，数据恢复信息被保留，以便在更改用户密码时可以恢复密钥。

3. 发明授权

US06253324B1 Server verification of requesting clients 失效
标题翻译：请求客户端的服务器验证
公开(公告)号：US06253324B1
公开(公告)日：2001-06-26
申请号：US08996637
申请日：1997-12-23
申请人： Scott Field , Matthew W. Thomlinson , Allan Cooper
发明人： Scott Field , Matthew W. Thomlinson , Allan Cooper
IPC分类号： G06F978
CPC分类号： H04L63/0428 , G06F21/6245 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/06 , H04L63/08 , H04L63/12
摘要： Described herein is a method of verifying the integrity of client programs that request services from server programs. The invention includes a step of accepting a request for services from a client program, wherein the client program executes from an executable image in executable memory. In response to such a request, the server program identifies one or more image files on secondary storage corresponding to non-writeable sections of the executable image. The server program then compares the non-writeable sections of the executable image with the corresponding sections of the image files to determine whether the executable image has been altered in the executable memory. The server program provides the requested services only if the executable image of the client program has not been altered.
摘要翻译：这里描述了一种验证从服务器程序请求服务的客户端程序的完整性的方法。本发明包括接受来自客户端程序的服务请求的步骤，其中客户端程序从可执行存储器中的可执行映像执行。响应于这样的请求，服务器程序识别与可执行映像的不可写入部分相对应的辅助存储器上的一个或多个映像文件。服务器程序然后将可执行映像的不可写入部分与图像文件的相应部分进行比较，以确定可执行映像是否在可执行存储器中被更改。仅当客户机程序的可执行映像未被更改时，服务器程序才提供所请求的服务。

4. 发明授权

US6044155A Method and system for securely archiving core data secrets 失效
标题翻译：安全归档核心数据秘密的方法和系统
公开(公告)号：US6044155A
公开(公告)日：2000-03-28
申请号：US996634
申请日：1997-12-23
申请人： Matthew W. Thomlinson , Scott Field , Allan Cooper
发明人： Matthew W. Thomlinson , Scott Field , Allan Cooper
IPC分类号： G06F12/14 , G06F1/00 , G06F21/00 , G06F21/24 , H04L29/06 , H04K1/00 , H04K9/00
CPC分类号： H04L63/0428 , G06F21/6245 , H04L63/06 , H04L63/08 , H04L63/12 , G06F2211/007 , G06F2211/008 , G06F2221/2149
摘要： The invention provides central storage for core data secrets, referred to as data items. The data items are encrypted by a client computer using a client key that is derived from a logon secret, such as a password, supplied by a user during a network logon procedure. The client key is escrowed with the participation of a network supervisory computer such as a domain controller. The client sends the client key to the domain controller. The domain controller appends a user identification corresponding to the currently authenticated user of the client computer, and encrypts the resulting combination. The encrypted combination is sent back to and stored locally by the client. To recover the client key, the encrypted combination is sent to the domain controller, which decrypts the combination to obtain the data item. However, the data item is returned to the client computer only if the decrypted user identification corresponds to the currently authenticated user of the client computer.
摘要翻译：本发明为核心数据秘密提供了称为数据项的中央存储。数据项由客户端计算机使用从用户在网络登录过程中提供的诸如密码之类的登录秘密派生的客户端密钥进行加密。客户端密钥由网络监控计算机（例如域控制器）参与托管。客户端将客户端密钥发送到域控制器。域控制器附加与客户端计算机的当前认证的用户相对应的用户标识，并加密所得到的组合。加密组合由客户端发回并存储在本地。要恢复客户端密钥，加密的组合将发送到域控制器，该控制器解密组合以获取数据项。但是，仅当解密的用户标识对应于客户端计算机的当前已认证的用户时，才将数据项返回给客户端计算机。

5. 发明授权

US06532542B1 Protected storage of core data secrets 失效
标题翻译：保护存储的核心数据秘密
公开(公告)号：US06532542B1
公开(公告)日：2003-03-11
申请号：US08978215
申请日：1997-11-25
申请人： Matthew W. Thomlinson , Scott Field
发明人： Matthew W. Thomlinson , Scott Field
IPC分类号： G06F1130
CPC分类号： H04L63/0428 , G06F21/6245 , G06F2211/007 , G06F2211/008 , G06F2221/2149 , H04L63/06 , H04L63/08 , H04L63/12
摘要： The invention provides central storage for core data secrets, referred to as data items. The architecture includes a storage server, a plurality of installable storage providers, and one or more authentication providers. Programming interfaces are exposed so that application programs can utilize the services provided by the invention without having to actually implement the features. When storing a data item using the protected storage services, an application program can specify rules that determine when to allow access to the data item. Access can be limited to specified application programs, to certain classes of application programs, or to application program having certain properties. Such properties for a particular application might include, for example, the publisher of the application and/or the name of the application. These properties might also include properties specified by an authentication certificate associated with the application program.
摘要翻译：本发明为核心数据秘密提供了称为数据项的中央存储。该架构包括存储服务器，多个可安装的存储提供商以及一个或多个认证提供者。编程接口被公开，使得应用程序可以利用本发明提供的服务，而不必实际实现特征。当使用受保护的存储服务存储数据项时，应用程序可以指定确定何时允许访问数据项的规则。访问可以限于指定的应用程序，某些类的应用程序或具有某些属性的应用程序。特定应用程序的这些属性可能包括例如应用程序的发行者和/或应用程序的名称。这些属性也可能包括与应用程序相关联的认证证书指定的属性。

6. 发明申请

US20130117806A1 NETWORK BASED PROVISIONING 审中-公开
标题翻译：基于网络的规定
公开(公告)号：US20130117806A1
公开(公告)日：2013-05-09
申请号：US13292922
申请日：2011-11-09
申请人： Srivatsan Parthasarathy , Scott Field , Joseph Dadzie , David Kays
发明人： Srivatsan Parthasarathy , Scott Field , Joseph Dadzie , David Kays
IPC分类号： G06F21/00 , G06F17/00
CPC分类号： G06F21/53 , G06F21/604
摘要： The subject disclosure generally relates to provisioning devices via a network service, such as a cloud service. A profile component can authenticate a user of a device with a cloud service, and determine services maintained by the network service that are associated with the user. A reception component can receive a request for a set of services from the device, and a services component can obtain the set of services from the network service, and provision the device based on the set of services. Provisioning the device can include downloading the services to the device, or including the services in a virtual machine executing in the network service.
摘要翻译：主题公开通常涉及通过诸如云服务的网络服务来提供设备。配置文件组件可以使用云服务验证设备的用户，并确定网络服务维护的与用户相关联的服务。接收组件可以从设备接收对一组服务的请求，并且服务组件可以从网络服务获得一组服务，并且基于该组服务来提供设备。配置设备可以包括将服务下载到设备，或者将服务包括在网络服务中执行的虚拟机中。

7. 发明申请

US20080022093A1 Integrating security protection tools with computer device integrity and privacy policy 有权
标题翻译：将安全保护工具与计算机设备完整性和隐私政策集成
公开(公告)号：US20080022093A1
公开(公告)日：2008-01-24
申请号：US11472052
申请日：2006-06-20
申请人： Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
发明人： Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
IPC分类号： H04L9/00
CPC分类号： G06F21/50 , G06F21/51 , G06F21/53
摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译：在计算机设备上电时，计算机设备的操作系统启动监视器。监视器为在计算机设备上运行的每个程序和对象（统称为“程序”）分配监视程序，以监视程序的活动。当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为“完整性标签”）。监控程序又向监控程序监控的程序分配一个完整性标签。分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

8. 发明申请

US20070162975A1 Efficient collection of data 审中-公开
标题翻译：高效收集数据
公开(公告)号：US20070162975A1
公开(公告)日：2007-07-12
申请号：US11326890
申请日：2006-01-06
申请人： Adam Overton , Alexey Polyakov , Andrew Newman , Jason Garms , Ronald Franczyk , Scott Field , Sterling Reasor
发明人： Adam Overton , Alexey Polyakov , Andrew Newman , Jason Garms , Ronald Franczyk , Scott Field , Sterling Reasor
IPC分类号： G06F12/14
CPC分类号： H04L63/1416 , G06F21/561
摘要： Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.
摘要翻译：通常描述，提供了一种方法，软件系统和计算机可读介质，用于有效地收集在开发软件系统中有用的数据，以识别和防止恶意软件。根据一个实施例，提供了一种用于收集数据以确定恶意软件是否在网络环境中传播的方法。更具体地说，该方法包括从描述潜在恶意软件的属性的多个客户端计算机在服务器计算机处接收初始数据集。然后确定是否需要辅助数据来实施防止潜在恶意软件的系统。如果需要辅助数据，则当从客户端计算机接收到附加的初始数据集时，该方法将导致辅助数据被收集。

9. 发明申请

US20070016675A1 Securing network services using network action control lists 有权
标题翻译：使用网络动作控制列表保护网络服务
公开(公告)号：US20070016675A1
公开(公告)日：2007-01-18
申请号：US11181376
申请日：2005-07-13
申请人： Pradeep Bahl , Ramesh Chinta , Narasimha Nagampalli , Scott Field
发明人： Pradeep Bahl , Ramesh Chinta , Narasimha Nagampalli , Scott Field
IPC分类号： G06F15/173
CPC分类号： H04L63/1441 , H04L63/101
摘要： A computer system having secured network services is presented. The computer system comprises a processor, a memory, and a network action processing module. The network action processing module processes network actions from one or more network services executing on the computer system. The computer system is further configured to execute at least network service performing network actions in conjunction with the network action processing module. Upon receiving a network action from a network service, the network action processing module determines whether the network action is a valid network action according to a network action control list. If the network action is determined to not be a valid network action, the network action is blocked. Alternatively, if the network action is determined to be a valid network action, the network action is permitted to be completed.
摘要翻译：提出了一种具有安全网络服务的计算机系统。计算机系统包括处理器，存储器和网络动作处理模块。网络动作处理模块处理来自在计算机系统上执行的一个或多个网络服务的网络动作。该计算机系统进一步被配置为至少执行网络服务，与网络动作处理模块一起执行网络动作。网络动作处理模块从网络服务接收到网络动作后，根据网络动作控制列表判断网络动作是否为有效的网络动作。如果网络动作被确定为不是有效的网络动作，则网络动作被阻止。或者，如果网络动作被确定为有效的网络动作，则允许网络动作被完成。

10. 发明申请

US20060236122A1 Secure boot 审中-公开
标题翻译：安全启动
公开(公告)号：US20060236122A1
公开(公告)日：2006-10-19
申请号：US11106756
申请日：2005-04-15
申请人： Scott Field , Jonathan Schwartz
发明人： Scott Field , Jonathan Schwartz
IPC分类号： G06F12/14
CPC分类号： H04L9/3247 , G06F21/575 , H04L2209/80
摘要： Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.
摘要翻译：提供了用于执行计算机程序在计算系统上运行的完整性校验的系统和方法。在将执行控制传递到操作系统的下一个级别之前或允许程序运行之前，完整性检查完成。完整性检查涉及使用本地存储的密钥来确定在执行之前程序是否被修改或篡改。如果检查显示程序未被更改，则程序将执行，并且在引导过程中允许将执行控制转移到下一级。但是，如果检查确认程序已被修改，则计算系统不允许程序运行。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式