专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明授权

EP1826701B1 Secure processor 有权
公开(公告)号：EP1826701B1
公开(公告)日：2018-07-04
申请号：EP06253618.0
申请日：2006-07-11
申请人： Socionext Inc.
发明人： Goto, Seiji
IPC分类号： G06F12/14 , G06F21/12 , G06F21/54 , G06F21/72
CPC分类号： G06F21/12 , G06F12/145 , G06F21/54 , G06F21/72
摘要： A secure hardware system 60, 70, 80, 90 comprises a secure pipe 60, a secure DMA 80, a secure assist 60 and a secure bus 90, which connects between those blocks. The secure pipe 60 stores a common encryption key in an encryption key table 64 not accessible from software. The secure DMA 70 comprises a data common key system process function and a hashing process function. The secure assist 80 comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core 10 via a public interface 81, and performs setting/control of the secure pipe 60 and the secure DMA 70 via the secure bus 90.

52. 发明授权

EP2581853B1 METHOD AND APPARATUS FOR SECURE WEB WIDGET RUNTIME SYSTEM 有权
公开(公告)号：EP2581853B1
公开(公告)日：2018-05-30
申请号：EP12188436.5
申请日：2012-10-12
申请人： Samsung Electronics Co., Ltd.
发明人： Onur, Aciicmez , Blaich, Andrew C
IPC分类号： G06F21/54 , G06F21/62
CPC分类号： G06F21/54 , G06F21/6281
摘要： The security of web widgets is improved by transferring a set of access control decisions conventionally handled by the Web Runtime system (WRT) to a more secure portion of the computing system, such as a kernel in the operating system. Access control rules are extracted and provided to the more secure portion. This may be performed during widget installation or at invocation of a widget. During runtime, the more secure portion performs security checking functions for the widget instead of the WRT.

53. 发明公开

EP3210337A4 ENABLING CLASSIFICATION AND IRM IN SOFTWARE APPLICATIONS 有权转让
公开(公告)号：EP3210337A4
公开(公告)日：2018-05-16
申请号：EP15852905
申请日：2015-10-14
申请人： SECURE ISLANDS TECH LTD
发明人： ELDAR YUVAL , OZ ROEE , REZNITSKY SLAVA
IPC分类号： H04L9/32 , G06F9/445 , G06F17/30 , G06F21/00 , G06F21/10 , G06F21/54 , G06F21/60 , G06F21/62 , H04W12/04
CPC分类号： G06F21/602 , G06F9/44521 , G06F21/10 , G06F21/54 , G06F21/6281 , H04L2463/101 , H04W12/04
摘要： A method for enabling data classification and′ or enforcement of Information Rights Management (IRM) capabilities and′or encryption in a software application according to which, an agent is installed on each terminal device that runs the application and a central management module which includes the IRM, encryption and classification policy to be enforced, communicates with agents that are installed on each terminal device. The central management module distributes the appropriate IRM and′or classification policy to each agent and applies the policy to any application that runs on the terminal device.

54. 发明授权

EP2973183B1 INTRA-COMPUTER PROTECTED COMMUNICATIONS BETWEEN APPLICATIONS 有权
标题翻译：应用程序之间的内部计算机保护通信
公开(公告)号：EP2973183B1
公开(公告)日：2018-04-25
申请号：EP14764811.7
申请日：2014-03-14
申请人： Oracle International Corporation
发明人： BOYER, John Jules Alexander , AHMED, Ali Kamran , SHEPHARD, Tim , PRABHU, Vinay , TEWARI, Ruchir
IPC分类号： G06F21/00 , G06F9/44 , G06F21/54 , G06F21/64 , G06F21/60 , G06F21/62 , H04L29/06
CPC分类号： G06F21/57 , G06F21/125 , G06F21/54 , G06F21/602 , G06F21/62 , G06F21/64 , H04L63/061 , H04L2463/062
摘要： Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

55. 发明公开

EP3299964A1 A COMPUTER-IMPLEMENTED METHOD AND A SYSTEM FOR ENCODING A HEAP APPLICATION MEMORY STATE USING SHADOW MEMORY 有权
标题翻译：一种使用阴影存储器编码堆应用存储器状态的计算机实现的方法和系统
公开(公告)号：EP3299964A1
公开(公告)日：2018-03-28
申请号：EP16306236.7
申请日：2016-09-27
申请人： COMMISSARIAT À L'ÉNERGIE ATOMIQUE ET AUX ÉNERGIES ALTERNATIVES
发明人： VOROBYOV, Kostyantyn , KOSMATOV, Nikolay , SIGNOLES, Julien
IPC分类号： G06F12/02 , G06F12/14 , G06F21/52 , G06F21/54
摘要： A computer-implemented method for encoding an application memory that a program, executed on a computer, has access to, using a shadow memory corresponding to the application memory, the method comprising:
- creating and initializing a shadow memory divided into a plurality of segments, each segment in the application memory being mapped to a corresponding segment in the shadow memory,
- for each memory block (AM) in the application memory that the program allocates, encoding a corresponding shadow memory block (SM), in the shadow memory, by:
• defining a meta segment (MS AM ) preceding the first segment (S1 AM ) of the memory block (AM) in the application memory, and a corresponding shadow meta segment (MS SM ) in the shadow memory block (SM),
• writing in the shadow meta segment (MS SM ) a first value indicative of the size (L) of the memory block (AM),
• writing, in each subsequent segment (S1 SM , S2 SM , S3 SM ,... SN SM ) of the shadow memory block (SM), a second value indicative of the offset (OFF 1 ,OFF 2 ,OFF 3 ,...OFF N ) between the segment (S1 SM , S2 SM , S3 SM ,... SN SM ) and the first segment (S1 SM ) of the shadow memory block (SM).
摘要翻译：一种用于编码应用程序存储器的计算机实现的方法，该程序在计算机上执行，使用与应用程序存储器相对应的影子存储器访问，该方法包括：创建并初始化分成多个段的影子存储器，应用程序存储器中的每个段被映射到影子存储器中的对应段， - 对于程序分配的应用程序存储器中的每个存储器块（AM），在影子存储器中编码相应的影子存储器块（SM）通过：•定义应用程序内存中的内存块（AM）的第一个段（S1AM）之前的元段（MSAM），以及影子内存块（SM）中的相应的影子元段（MSSM），•写入阴影元段（MSSM）指示存储块（AM）的大小（L）的第一值，·在影子存储块（S1SM，S2SM，S3SM，... SNSM）的每个后续片段 SM）表示的第二个值在段（S1SM，S2SM，S3SM，... SNSM）与影子存储块（SM）的第一段（S1SM）之间的fset（OFF1，OFF2，OFF3，... OFFN）。

56. 发明公开

EP3271856A1 VERFAHREN UND VORRICHTUNG ZUM VERARBEITEN UND ÜBERTRAGEN VON DATEN INNERHALB EINES FUNKTIONAL SICHEREN ELEKTRISCHEN, ELEKTRONISCHEN UND/ODER PROGRAMMIERBAR ELEKTRONISCHEN SYSTEMS 有权
标题翻译：用于在功能上安全的电子，电子和/或可编程电子系统内处理和传输数据的方法和设备
公开(公告)号：EP3271856A1
公开(公告)日：2018-01-24
申请号：EP16709766.6
申请日：2016-03-11
申请人： Phoenix Contact GmbH & Co. KG
发明人： FRANK, Tobias , SALZMANN, Rolf
IPC分类号： G06F21/54
CPC分类号： H04L63/1433 , G06F21/54 , H04L63/105
摘要： The invention relates to the processing and transmitting of data within a functionally secure, electrical, electronic and/or programmable electronic system that is formed by at least two sub-systems, which each comprise at least one secure hardware and/or software component, and each satisfy a determined security level for a functionally secure data processing. The invention provides: the processing of data by means of the secure hardware and/or software component of a first of the sub-systems to form functionally secure data of a first security level; and the adding of at least one characterisation attribute to this data via said first sub-system, which characterisation attribute characterises the suitability of the data for the use of this first security level; the transmitting of the data including the added characterisation attribute from the first sub-system to a second of the sub-systems; and receiving the data including the added characterisation attribute via the second sub-system; and the checking of the received characterisation attribute via the second sub-system by means of the secure hardware and/or software component thereof for the purpose of determining whether the security level, characterised by this characterisation attribute, is equal or unequal to the security level satisfied by the second sub-system; and, if the check results in an inequality, the functionally secure further processing of the data based on the reduced security level.

57. 发明公开

EP3230919A1 AUTOMATED CLASSIFICATION OF EXPLOITS BASED ON RUNTIME ENVIRONMENTAL FEATURES 有权转让
标题翻译：基于运行环境特征的开源自动分类
公开(公告)号：EP3230919A1
公开(公告)日：2017-10-18
申请号：EP16705830.4
申请日：2016-02-11
申请人： Morphisec Information, Security 2014 Ltd.
发明人： GURI, Mordechai , GORELIK, Michael , YEHOSHUA, Ronen
IPC分类号： G06F21/54 , G06F21/55 , G06F21/56
CPC分类号： G06F21/566 , G06F21/54 , G06F21/554 , G06F2221/033
摘要： Various approaches are described herein for the automated classification of exploit(s) based on snapshots of runtime environmental features of a computing process in which the exploit(s) are attempted. The foregoing is achieved with a server and local station(s). Each local station is configured to neutralize operation of malicious code being executed thereon, obtain snapshot(s) indicating the state thereof at the time of the exploitation attempt, and perform a classification process using the snapshot(s). The snapshot(s) are analyzed with respect to a local classification model maintained by the local station to find a classification of the exploit therein. If a classification is found, an informed decision is made as to how to handle the classified exploit. If a classification is not found, the snapshot(s) are provided to the server for classification thereby. The server provides an updated classification model containing a classification for the exploit to the local station(s).
摘要翻译：本文描述了基于其中尝试利用（一个或多个）的计算过程的运行时环境特征的快照对漏洞进行自动分类的各种方法。以上是通过服务器和本地站实现的。每个本地站被配置为中和正在其上执行的恶意代码的操作，获取指示在利用尝试时的状态的快照，并且使用快照执行分类处理。根据本地站维护的本地分类模型分析快照以找到其中的漏洞分类。如果发现分类，就如何处理分类的漏洞利用做出明智的决定。如果未找到分类，则将快照提供给服务器以进行分类。服务器向本地站提供包含漏洞分类的更新分类模型。

58. 发明授权

EP2188755B1 VERFAHREN UND VORRICHTUNG ZUR SICHERUNG EINES PROGRAMMS GEGEN EINE KONTROLLFLUSSMANIPULATION UND GEGEN EINEN FEHLERHAFTEN PROGRAMMABLAUF 有权转让
标题翻译：防止控制流程操作和防止程序运行错误的方法和装置
公开(公告)号：EP2188755B1
公开(公告)日：2017-10-18
申请号：EP08774957.8
申请日：2008-07-10
申请人： Siemens Aktiengesellschaft
发明人： MEYER, Bernd , SCHAFHEUTLE, Marcus , SEUSCHEK, Hermann
IPC分类号： G06F11/28 , G06F21/54 , G06F21/55
CPC分类号： G06F11/28 , G06F21/54 , G06F21/552

59. 发明公开

EP3223185A1 DYNAMIC CODE PATCHING TECHNIQUES FROM USER-MODE PROCESS ADDRESS SPACE 有权
标题翻译：来自用户模式过程地址空间的动态代码修补技术
公开(公告)号：EP3223185A1
公开(公告)日：2017-09-27
申请号：EP17158611.8
申请日：2017-03-01
申请人： Crowdstrike, Inc.
发明人： IONESCU, Ion-Alexandru , ROBINSON, Loren C.
IPC分类号： G06F21/54 , G06F9/445 , G06F9/54
CPC分类号： G06F9/545 , G06F21/54 , G06F2209/542
摘要： Techniques are described herein for loading a user-mode component of a security agent based on an asynchronous procedure call (APC) built by a kernel-mode component of the security agent. The APC is executed while a process loads, causing the process to load the user-mode component. The user-mode component then identifies slack space of the process, stores instructions in the slack space, and hooks function(s) of the process, including modifying instruction(s) of the function(s) to call the instructions stored in the slack space. When those modified instruction(s) call the stored instructions, the stored instructions invoke the user-mode component, which receives data from the hooked function(s). Also, the security agent may bypass a control-flow protection mechanism of the operating system by setting a pointer of the control-flow protection mechanism to point to an alternate verification function.
摘要翻译：本文描述了用于基于由安全代理的内核模式组件构建的异步过程调用（APC）加载安全代理的用户模式组件的技术。 APC在进程加载时执行，导致进程加载用户模式组件。用户模式组件然后识别进程的松弛空间，将指令存储在松弛空间中，并挂接进程的功能，包括修改功能的指令以调用存储在松弛的指令空间。当这些修改的指令调用所存储的指令时，所存储的指令调用用户模式组件，该用户模式组件从钩状函数接收数据。而且，安全代理可以通过将控制流保护机制的指针设置为指向替代验证功能来绕过操作系统的控制流保护机制。

60. 发明公开

EP3208718A1 SECURITY MONITORING AT OPERATING SYSTEM KERNEL LEVEL 有权转让
标题翻译：操作系统内核级别的安全监控
公开(公告)号：EP3208718A1
公开(公告)日：2017-08-23
申请号：EP17156758.9
申请日：2017-02-17
申请人： Comcast Cable Communications LLC
发明人： Fahrny, James , Park, Kyong
IPC分类号： G06F12/14 , G06F21/53 , G06F21/54 , G06F21/55 , G06F21/57 , G06F21/64
摘要： Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.
摘要翻译：介绍了用于计算设备上的实时安全监控的方法和设备。系统可以定义访问用于在计算设备上执行的多个进程中的每个进程的硬件接口的特权。权限可以在特权操作系统级别中定义，该权限控制对操作系统的根访问权限。响应于确定进程正试图访问硬件接口，系统可以通过检查特权来确定进程是否有权访问硬件接口。响应于确定该进程没有特权来访问硬件接口，入侵检测代理可以终止该进程。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式