专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08024770B2 Techniques for managing security contexts 有权
标题翻译：管理安全上下文的技术
公开(公告)号：US08024770B2
公开(公告)日：2011-09-20
申请号：US11471905
申请日：2006-06-21
申请人： Gregory D. Fee , Brian A. LaMacchia , Blair Dillaway
发明人： Gregory D. Fee , Brian A. LaMacchia , Blair Dillaway
IPC分类号： H04L9/00 , H04L9/32 , G06F7/04
CPC分类号： G06F21/52
摘要： Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.
摘要翻译：可以描述用于管理安全上下文的技术。装置可以包括处理器和安全管理模块。安全管理模块可以为多个并发线程形成合并的安全上下文，其中一个线程取决于来自其他线程的多个以前的操作。描述和要求保护其他实施例。

2. 发明授权

US07596692B2 Cryptographic audit 失效
标题翻译：密码审核
公开(公告)号：US07596692B2
公开(公告)日：2009-09-29
申请号：US10163223
申请日：2002-06-05
申请人： Barbara Lynch Fox , David G. Conroy , Brian A. LaMacchia
发明人： Barbara Lynch Fox , David G. Conroy , Brian A. LaMacchia
IPC分类号： H04L29/00 , H04L29/12 , H04L29/06
CPC分类号： H04L12/18 , H04L63/08 , H04L63/0876
摘要： Method, system, and computer program products for identifying potentially fraudulent receivers of digital content. A receiver authenticates to an auditing service with data that should be unique to the receiver. The auditing service detects when multiple receivers attempt to authenticate with the same data, suggesting that a receiver has been cloned or duplicated. The audit service also detects when a receiver authenticates improperly, suggesting an unsuccessful and unauthorized attempt to duplicate an authorized receiver. Individual receivers may be networked together. To help protect a receiver's authentication data from tampering, at least a portion of the data may be digitally signed with a private key. The audit service may then verify the digital signature with a corresponding public key. Varying the order in which data is signed or where the data is stored from one receiver or group of receivers to another may provide an additional level of security.
摘要翻译：用于识别数字内容的潜在欺诈接收者的方法，系统和计算机程序产品。接收者使用接收机唯一的数据对审计服务进行认证。审计服务检测多个接收方何时尝试使用相同的数据进行身份验证，提示接收方已被克隆或复制。审计服务还检测接收者何时不正确地认证，这表明未经授权的尝试复制授权的接收方。单个接收器可以联网在一起。为了帮助保护接收者的认证数据免受篡改，至少一部分数据可以用私钥进行数字签名。然后，审计服务可以用对应的公钥验证数字签名。将数据签名顺序或数据从一个接收器或一组接收器存储到另一个接收器或接收器组的顺序可能会提供额外的安全级别。

4. 发明授权

US07251834B2 Filtering a permission set using permission requests associated with a code assembly 有权
标题翻译：使用与代码程序集相关联的权限请求过滤权限集
公开(公告)号：US07251834B2
公开(公告)日：2007-07-31
申请号：US11254839
申请日：2005-10-20
申请人： Brian A. LaMacchia , Loren M. Kohnfelder , Gregory D. Fee , Michael J. Toutonghi
发明人： Brian A. LaMacchia , Loren M. Kohnfelder , Gregory D. Fee , Michael J. Toutonghi
IPC分类号： G06F7/04 , G06F17/30 , G06K9/00 , H03M1/68 , H04K1/00 , H04L9/00 , H04L9/32
CPC分类号： G06F21/52
摘要： A security policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager can execute in a computer system (e.g., a Web client) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. A permission request set may also be received in association with the code assembly. The permission request set may include a minimum request set, specifying permissions required by the code assembly to run properly. The permission request set may also include an optional request set, specifying permissions requested by the code assembly to provide an alternative level of functionality. In addition, the permission request set may include a refuse request set, specifying permissions that are not to be granted to the code assembly. The permission requests are used to filter a permission set to generate a permission grant set.
摘要翻译：安全策略管理器为从资源位置接收到的代码集合生成许可权授予集。策略管理器可以与计算机系统（例如，Web客户机）一起在运行时环境的验证模块和类加载器的组合中执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。还可以与代码组合相关联地接收许可请求集合。许可请求集可以包括最小请求集，指定代码组件正确运行所需的权限。许可请求集还可以包括可选的请求集合，指定代码组件请求的许可以提供替代级别的功能。此外，许可请求集合可以包括垃圾请求集合，指定不被授予代码组件的权限。权限请求用于过滤权限集以生成权限授予集。

5. 发明授权

US07155606B1 Method and system for accepting preverified information 失效
标题翻译：接受预验证信息的方法和系统
公开(公告)号：US07155606B1
公开(公告)日：2006-12-26
申请号：US09548056
申请日：2000-04-12
申请人： Michael D. Smith , Brian A. Lamacchia , Michael J. Toutonghi
发明人： Michael D. Smith , Brian A. Lamacchia , Michael J. Toutonghi
IPC分类号： H04L9/32
CPC分类号： H04L9/3247 , G06F21/51 , H04L63/12 , H04L2209/80
摘要： A method for ensuring the integrity of a receiving system in a distributed computing environment includes receiving information from a transmitting system. The method also includes testing whether the information is preverified information. If the information is not preverified, the method includes verifying the information or rejecting receipt of the information. If the information is preverified, the method includes testing if the information was received from a trusted transmitting system. If the information was received from a trusted transmitting system, the method includes accepting receipt of the information without reverifying. If the information was not received from a trusted transmitting system, the method includes verifying the information or rejecting receipt of the information.
摘要翻译：一种用于确保分布式计算环境中的接收系统的完整性的方法包括从发送系统接收信息。该方法还包括测试信息是否是预验证信息。如果信息未被预验证，则该方法包括验证信息或拒绝接收信息。如果信息被预验证，则该方法包括测试是否从可信发送系统接收到该信息。如果从受信任的发送系统接收到该信息，则该方法包括接收该信息而不重新验证。如果没有从可信任的发送系统接收到该信息，则该方法包括验证该信息或拒绝该信息的接收。

6. 发明授权

US08898480B2 Managing use of a field programmable gate array with reprogammable cryptographic operations 有权
标题翻译：管理使用具有可重复加密操作的现场可编程门阵列
公开(公告)号：US08898480B2
公开(公告)日：2014-11-25
申请号：US13528438
申请日：2012-06-20
申请人： Brian A. LaMacchia , Edmund B. Nightingale
发明人： Brian A. LaMacchia , Edmund B. Nightingale
IPC分类号： G06F17/00
CPC分类号： G06F15/7871 , G06F21/57 , G06F21/572 , G06F21/72 , G06F21/76
摘要： Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. Transferred data can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code. This code can be used to change the cryptographic operations performed in the FPGA, including keys, or decryption and encryption algorithms, or both.
摘要翻译：现场可编程门阵列可用作通用计算系统中的共享可编程协处理器资源。 FPGA的组件是隔离的，用于保护FPGA和FPGA与计算机系统其他组件之间传输的数据。传输的数据可以由FPGA或其他组件进行数字签名，以提供认证。编程FPGA的代码可以由作者进行加密和签名，在加密状态下加载到FPGA中，然后在使用代码编程FPGA之前，由FPGA自身对其进行解密和认证。该代码可用于更改FPGA中执行的密码操作，包括密钥，解密和加密算法，或两者兼而有之。

7. 发明申请

US20130346758A1 MANAGING USE OF A FIELD PROGRAMMABLE GATE ARRAY WITH ISOLATED COMPONENTS 有权
标题翻译：管理使用隔离组件的现场可编程门阵列
公开(公告)号：US20130346758A1
公开(公告)日：2013-12-26
申请号：US13528400
申请日：2012-06-20
申请人： Brian A. LaMacchia , Edmund B. Nightingale , Paul Barham
发明人： Brian A. LaMacchia , Edmund B. Nightingale , Paul Barham
IPC分类号： G06F21/00 , G06F12/14
CPC分类号： G06F21/445 , G06F21/76 , G06F21/85
摘要： Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. For example, data written by the FPGA to memory is encrypted, and is decrypted within the FPGA when read back from memory. Data transferred between the FPGA and other components such as the CPU or GPU, whether directly or through memory, can similarly be encrypted using cryptographic keys known to the communicating components. Transferred data also can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code.
摘要翻译：现场可编程门阵列可用作通用计算系统中的共享可编程协处理器资源。 FPGA的组件是隔离的，用于保护FPGA和FPGA与计算机系统其他组件之间传输的数据。例如，由FPGA写入存储器的数据被加密，并在从存储器读回时在FPGA内进行解密。 FPGA和GPU等其他组件（无论是直接还是通过内存）之间传输的数据可以使用通信组件已知的加密密钥进行加密。传输的数据也可以由FPGA或其他组件进行数字签名，以提供认证。编程FPGA的代码可以由作者进行加密和签名，在加密状态下加载到FPGA中，然后在使用代码编程FPGA之前，由FPGA自身对其进行解密和认证。

8. 发明授权

US07792758B2 Substitution groups/inheritance for extensibility in authorization policy 有权
标题翻译：替代组/继承在授权策略中的可扩展性
公开(公告)号：US07792758B2
公开(公告)日：2010-09-07
申请号：US10298455
申请日：2002-11-18
申请人： Bob Atkinson , John DeTreville , Brian A. LaMacchia
发明人： Bob Atkinson , John DeTreville , Brian A. LaMacchia
IPC分类号： G06F21/00 , G06F7/04 , G06F17/30 , H04N7/16
CPC分类号： G06F21/10
摘要： A computer-implemented mechanism for granting rights is described. A license may be used to identify one or more principals, resources, rights and conditions. The license also identifies a license format scheme and a license format modification scheme. An access control module or other entity may interpret the license in accordance with the license format scheme and license format modification scheme.
摘要翻译：描述了一种用于授予权限的计算机实现的机制。许可证可用于识别一个或多个主体，资源，权利和条件。许可证还标识许可证格式方案和许可证格式修改方案。访问控制模块或其他实体可以根据许可证格式方案和许可证格式修改方案来解释许可证。

9. 发明申请

US20080066170A1 Security Assertion Revocation 有权
标题翻译：安全断言撤销
公开(公告)号：US20080066170A1
公开(公告)日：2008-03-13
申请号：US11530443
申请日：2006-09-08
申请人： Blair B. Dillaway , Moritz Y. Becker , Andrew D. Gordon , Cedric Fournet , Brian A. LaMacchia
发明人： Blair B. Dillaway , Moritz Y. Becker , Andrew D. Gordon , Cedric Fournet , Brian A. LaMacchia
IPC分类号： H04L9/32
CPC分类号： H04L63/10 , H04L63/20
摘要： Security assertion revocation enables a revocation granularity in a security scheme down to the level of individual assertions. In an example implemenation, a security token includes multiple respective assertions that are associated with multiple respective assertion identifiers. More specifically, each individual assertion is associated with at least one individual assertion identifier.
摘要翻译：安全声明撤销使安全方案中的撤销粒度达到个人断言的级别。在示例实现中，安全令牌包括与多个相应的断言标识符相关联的多个相应断言。更具体地，每个单独的断言与至少一个单独的断言标识符相关联。

10. 发明授权

US07131143B1 Evaluating initially untrusted evidence in an evidence-based security policy manager 有权
标题翻译：在基于证据的安全策略管理器中评估最初的不可信证据
公开(公告)号：US07131143B1
公开(公告)日：2006-10-31
申请号：US09598814
申请日：2000-06-21
申请人： Brian A. LaMacchia , Loren M. Kohnfelder , Gregory Darrell Fee
发明人： Brian A. LaMacchia , Loren M. Kohnfelder , Gregory Darrell Fee
IPC分类号： G06F7/04
CPC分类号： G06F21/51 , G06F21/53
摘要： An evidence-based policy manager generates a permission grant set for a code assembly received from a resource location. The policy manager executes in a computer system (e.g., a Web client or server) in combination with the verification module and class loader of the run-time environment. The permission grant set generated for a code assembly is applied in the run-time call stack to help the system determine whether a given system operation by the code assembly is authorized. Both code assemblies and evidence may be received from a local origin or from a remote resource location via a network (e.g., the Internet). Evidence having different levels of trust may be evaluated in combination so that a permission grant set is associated only with trusted code assemblies. The policy manager may comprise execution modules for parsing a security policy specification, generating one or more code hierarchies, evaluating membership of the received code assembly in one or more code groups, and generating a permission grant set based upon this membership evaluation.
摘要翻译：基于证据的策略管理器为从资源位置接收到的代码集合生成许可授权集。策略管理器与计算机系统（例如，Web客户端或服务器）结合运行时环境的验证模块和类加载器一起执行。为代码组合生成的许可授权集合被应用于运行时调用堆栈中，以帮助系统确定代码组件的给定系统操作是否被授权。代码集合和证据可以经由网络（例如，因特网）从本地来源或远程资源位置接收。可以组合评估具有不同级别的信任的证据，使得许可授权集合仅与可信代码组件相关联。策略管理器可以包括用于解析安全策略规范的执行模块，生成一个或多个代码层次，评估在一个或多个代码组中接收到的代码组合的成员资格，以及基于该成员资格评估生成许可授权集合。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式