专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08527633B2 Techniques for addressing geographical location issues in computing environments 有权
标题翻译：解决计算环境中地理位置问题的技术
公开(公告)号：US08527633B2
公开(公告)日：2013-09-03
申请号：US12985529
申请日：2011-01-06
申请人： Steven A. Bade , Harold Moss, III , Mary Ellen Zurko
发明人： Steven A. Bade , Harold Moss, III , Mary Ellen Zurko
IPC分类号： G06F15/173 , G06F9/46
CPC分类号： H04L67/38 , G06F8/61 , G06F9/45558 , H04L67/18
摘要： A technique for addressing geographical location issues in a computing environment includes receiving, at a data processing system, location information indicating a permissible geographical location in which a virtual machine image for a consumer may be deployed. A request for an exception to deploy the virtual machine image outside of the permissible geographical location is issued, from the data processing system. An exception grant or an exception denial is received, at the data processing system, from the consumer in response to the request. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are outside of the permissible geographical location in response to receipt of the exception grant. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are within the permissible geographical location in response to receipt of the exception denial.
摘要翻译：用于在计算环境中解决地理位置问题的技术包括在数据处理系统处接收指示可以部署消费者的虚拟机映像的允许地理位置的位置信息。从数据处理系统发出请求异常以在允许的地理位置之外部署虚拟机映像。在数据处理系统中，从消费者接收到响应请求的异常授权或异常拒绝。响应于接收到异常授权，虚拟机映像使用数据处理系统部署在计算环境中的一个或多个服务器之外，该服务器在允许的地理位置之外。响应于接收到异常拒绝，虚拟机映像使用数据处理系统部署在计算环境中的可允许的地理位置内的一个或多个服务器。

2. 发明申请

US20130054780A1 Monitoring Geographic Location Changes of Assets in a Cloud 审中-公开
标题翻译：监控云中资产的地理位置变化
公开(公告)号：US20130054780A1
公开(公告)日：2013-02-28
申请号：US13218674
申请日：2011-08-26
申请人： Steven A. Bade , Harold Moss, III , Mary Ellen Zurko
发明人： Steven A. Bade , Harold Moss, III , Mary Ellen Zurko
IPC分类号： G06F15/16
CPC分类号： H04L43/08 , G06F9/5072 , H04L67/18
摘要： Despite the best intentions of a cloud service provider, digital assets of may be moved to a geographic location that deviates from a geographic preference, policy, or setting of the owner of the digital assets. A monitoring tool can monitor network location of a digital asset hosted by a cloud service provider. Movement of the digital asset from a first network location to a second network location is detected. In response to detecting that the digital asset moves, a geographic location that corresponds to the second network location is determined. It is then determined that the geographic location deviates from a geographic setting configured for the digital asset. A notification that the digital asset has been moved to the geographic location that deviates from the geographic setting is generated.
摘要翻译：尽管云服务提供商有最好的意图，数字资产可能会移动到偏离数字资产所有者的地理偏好，政策或设置的地理位置。监控工具可以监控由云服务提供商托管的数字资产的网络位置。检测到数字资产从第一网络位置移动到第二网络位置。响应于检测到数字资产移动，确定对应于第二网络位置的地理位置。然后确定地理位置偏离为数字资产配置的地理设置。生成数字资产已被移动到偏离地理位置设置的地理位置的通知。

3. 发明申请

US20110145891A1 Securing Asynchronous Client Server Transactions 有权
标题翻译：保护异步客户端服务器事务
公开(公告)号：US20110145891A1
公开(公告)日：2011-06-16
申请号：US12638176
申请日：2009-12-15
申请人： Steven A. Bade , Harold Moss , Mary Ellen Zurko
发明人： Steven A. Bade , Harold Moss , Mary Ellen Zurko
IPC分类号： H04L9/32 , G06F15/16
CPC分类号： H04L63/12 , G06F21/10 , G06F21/30 , H04L9/32 , H04L63/10 , H04L63/101 , H04L63/1466 , H04L67/10 , H04L67/42 , H04W12/06
摘要： A method, system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided.
摘要翻译：在说明性实施例中提供了用于保护异步客户端服务器事务的方法，系统和计算机可用程序产品。在第一应用中接收到包括应用标识符和第二应用的版本的请求。如果与第二应用程序的会话有效，则生成服务标识符。在第一个应用程序生成注册表。基于注册表和服务标识符生成目录，并将目录发送到第二个应用程序。作为异步客户端服务器事务的一部分接收到包含服务标识符的子请求。通过确定服务标识符是否过期，子请求是否请求根据目录允许的服务，确定服务标识符是否与第二应用一起使用或其组合来确定子请求的有效性。如果子请求有效，则提供服务。

4. 发明授权

US08707383B2 Computer workload management with security policy enforcement 有权
标题翻译：计算机工作负载管理与安全策略执行
公开(公告)号：US08707383B2
公开(公告)日：2014-04-22
申请号：US11464929
申请日：2006-08-16
申请人： Steven A. Bade , Andrew Gregory Kegel , Ronald Perez , Brian D. You
发明人： Steven A. Bade , Andrew Gregory Kegel , Ronald Perez , Brian D. You
IPC分类号： H04L29/00
CPC分类号： G06F9/4856 , G06F9/5027 , G06F21/53
摘要： A computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement. When a determination is made that a component in a data processing system has failed to meet processing requirements, a candidate host to where the component may be migrated based on performance considerations is identified. A first security policy associated with the component is compared to a second security policy associated with the candidate host to determine if the first security policy is equivalent to or stronger than the second security policy. Responsive to a determination that the first security policy is equivalent to or stronger than the second security policy, the component is migrated to the candidate host.
摘要翻译：一种计算机实现的方法，数据处理系统和用于通过安全策略实施管理计算机工作负载的计算机程序产品。当确定数据处理系统中的组件不能满足处理要求时，识别基于性能考虑可以迁移组件的候选主机。将与组件相关联的第一安全策略与与候选主机相关联的第二安全策略进行比较，以确定第一安全策略是否等于或强于第二安全策略。响应于确定第一安全策略等于或强于第二安全策略，组件将迁移到候选主机。

5. 发明授权

US08549592B2 Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权
标题翻译：在可信计算平台中为动态生成的认可密钥建立虚拟认可凭据
公开(公告)号：US08549592B2
公开(公告)日：2013-10-01
申请号：US11179238
申请日：2005-07-12
申请人： Steven A. Bade , James Patrick Hoff , Siegfried Sutter , James Peter Ward , Helmut H. Weber
发明人： Steven A. Bade , James Patrick Hoff , Siegfried Sutter , James Peter Ward , Helmut H. Weber
IPC分类号： H04L29/06
CPC分类号： G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要： A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译：在用于建立虚拟背书凭证的数据处理系统中公开了一种方法和装置。数据处理系统包括硬件可信平台模块（TPM）。逻辑分区在系统中生成。为每个逻辑分区生成不同的虚拟TPM。对于逻辑分区中的每一个，为逻辑分区生成的虚拟TPM然后动态地生成仅存储在相应虚拟TPM内的虚拟签名密钥。使用虚拟认可密钥，每个虚拟TPM还生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。在数据处理系统内生成虚拟签注凭证，而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。

6. 发明授权

US08055912B2 Method and system for bootstrapping a trusted server having redundant trusted platform modules 有权
标题翻译：用于引导具有冗余可信平台模块的可信服务器的方法和系统
公开(公告)号：US08055912B2
公开(公告)日：2011-11-08
申请号：US12621524
申请日：2009-11-19
申请人： Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , David R. Safford , Leendert Peter Van Doorn
发明人： Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , David R. Safford , Leendert Peter Van Doorn
IPC分类号： G06F11/30
CPC分类号： G06F21/575
摘要： Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
摘要翻译：以冗余的方式使用数据处理系统内的多个可信任的平台模块，其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。管理程序请求每个可信平台模块加密秘密数据的副本，从而生成加密的秘密数据值的多个版本，然后存储在可信平台内的非易失性存储器中。在稍后的时间点，加密的秘密数据值由执行先前加密的可信任平台模块进行解密，然后进行比较。如果解密值中的任何一个与比较操作中的值的数量不匹配，则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的，因为它不能正确解密之前加密的值。

7. 发明申请

US20090063857A1 METHOD AND SYSTEM FOR PROVIDING A TRUSTED PLATFORM MODULE IN A HYPERVISOR ENVIRONMENT 有权
公开(公告)号：US20090063857A1
公开(公告)日：2009-03-05
申请号：US12261060
申请日：2008-10-30
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

8. 发明授权

US06778837B2 System and method for providing access to mobile devices based on positional data 有权
标题翻译：基于位置数据提供对移动设备的访问的系统和方法
公开(公告)号：US06778837B2
公开(公告)日：2004-08-17
申请号：US09815542
申请日：2001-03-22
申请人： Steven A. Bade , Robert H. LeGrand, III , Mark-David J. McLaughlin
发明人： Steven A. Bade , Robert H. LeGrand, III , Mark-David J. McLaughlin
IPC分类号： H04Q720
CPC分类号： H04W12/08 , H04W88/02
摘要： The present invention includes as one embodiment a method for automatically controlling access to a mobile computing device with pertinent data. The method includes predefining access parameters of the mobile computing device, determining an actual location of the mobile computing device and using the actual location of the mobile computing device to automatically control access to the mobile computing device based on the predefined access parameters. Also, the method includes storing the predefined access parameters in a private Internet networked location, accessing and updating the predefined access parameters and sending the updated access parameters to the mobile computing device.
摘要翻译：本发明包括作为一个实施例的用于使用相关数据自动控制对移动计算设备的访问的方法。该方法包括预定义移动计算设备的接入参数，确定移动计算设备的实际位置并使用移动计算设备的实际位置来基于预定义的接入参数来自动控制对移动计算设备的接入。此外，该方法包括将预定义的访问参数存储在专用因特网联网位置，访问和更新预定义的访问参数并将更新的访问参数发送到移动计算设备。

9. 发明授权

US08549288B2 Dynamic creation and hierarchical organization of trusted platform modules 有权
标题翻译：可信平台模块的动态创建和层次化组织
公开(公告)号：US08549288B2
公开(公告)日：2013-10-01
申请号：US12128952
申请日：2008-05-29
申请人： Steven A. Bade , Stefan Berger , Kenneth Alan Goldman , Ronald Perez , Reiner Sailer , Leendert Peter Van Doorn
发明人： Steven A. Bade , Stefan Berger , Kenneth Alan Goldman , Ronald Perez , Reiner Sailer , Leendert Peter Van Doorn
IPC分类号： H04L29/06
CPC分类号： G06F21/57
摘要： A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.
摘要翻译：提出了一种可信任的平台模块，能够在层次结构中动态创建多个虚拟可信平台模块。创建可信平台模块域。可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。虚拟可信平台模块可以继承父信任平台模块的权限，以便能够自己创建虚拟可信平台模块。每个虚拟可信平台模块与特定分区关联。每个分区与单个操作系统相关联。创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

10. 发明授权

US08065522B2 Method and system for virtualization of trusted platform modules 有权
标题翻译：可信平台模块虚拟化的方法和系统
公开(公告)号：US08065522B2
公开(公告)日：2011-11-22
申请号：US12125871
申请日：2008-05-22
申请人： Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , Michael J. Kelly , William Lee Terrell
发明人： Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , Michael J. Kelly , William Lee Terrell
IPC分类号： H04L29/00 , H04L9/00
CPC分类号： G06F21/57 , G06F21/53 , H04L9/0897
摘要： A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.
摘要翻译：提出了一种方法，装置，系统和计算机程序产品，用于虚拟化数据处理系统内的可信平台模块。使用物理可信平台模块的平台签名密钥在数据处理系统内的物理可信平台模块内创建虚拟可信平台模块以及虚拟认证密钥，从而在虚拟可信平台模块和虚拟可信平台模块之间提供传递信任关系信任平台的核心信任根源。虚拟可信平台模块可以与数据处理系统内的可分区运行时环境中的分区唯一关联。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式