会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明申请
    • PROTECTED AUTHORIZATION
    • 受保护的授权
    • US20120284507A1
    • 2012-11-08
    • US13100450
    • 2011-05-04
    • Hakki Tunc BostanciRobert Edgar FanfantChih-Pin KaoSatish K. ShettyKalin G. ToshevYefei Gao
    • Hakki Tunc BostanciRobert Edgar FanfantChih-Pin KaoSatish K. ShettyKalin G. ToshevYefei Gao
    • H04L9/32
    • H04L9/3213G06F21/335
    • One or more techniques and/or systems are provided for securely authorizing a client to consume data and/or services from a service provider server while mitigating burdensome requests made to a validation server. That is, validation data provided to a client from a validation server may be maintained on the client and at least some of that validation data can be used to subsequently authorize the client when the client attempts to consume data and/or services from the service provider server (e.g., download a song). However, the validation data is maintained on the client and/or provided to the service provider server in a manner that inhibits user tampering. In this manner, numerous requests for validation of the client need not be made from the service provider server to the validation server when a client requests content from the service provider server, while also inhibiting unauthorized consumptions of data by the client.
    • 提供了一个或多个技术和/或系统,用于安全授权客户端从服务提供商服务器消耗数据和/或服务,同时减轻对验证服务器的繁重请求。 也就是说,可以在客户端上维护从验证服务器提供给客户端的验证数据,并且当客户端尝试从服务提供商消费数据和/或服务时,该验证数据中的至少一些可以用于随后授权客户端 服务器(例如,下载歌曲)。 然而,验证数据被保持在客户端上和/或以禁止用户篡改的方式提供给服务提供商服务器。 以这种方式,当客户端从服务提供商服务器请求内容时,不需要从服务提供商服务器向验证服务器发出许多客户端验证请求,同时还禁止客户端对数据的未经授权的消费。
    • 3. 发明授权
    • Protected authorization for untrusted clients
    • 受保护的不受信任客户端的授权
    • US08806192B2
    • 2014-08-12
    • US13100450
    • 2011-05-04
    • Hakki Tunc BostanciRobert Edgar FanfantChih-Pin KaoSatish K. ShettyKalin G. ToshevYefei Gao
    • Hakki Tunc BostanciRobert Edgar FanfantChih-Pin KaoSatish K. ShettyKalin G. ToshevYefei Gao
    • H04L29/06
    • H04L9/3213G06F21/335
    • One or more techniques and/or systems are provided for securely authorizing a client to consume data and/or services from a service provider server while mitigating burdensome requests made to a validation server. That is, validation data provided to a client from a validation server may be maintained on the client and at least some of that validation data can be used to subsequently authorize the client when the client attempts to consume data and/or services from the service provider server (e.g., download a song). However, the validation data is maintained on the client and/or provided to the service provider server in a manner that inhibits user tampering. In this manner, numerous requests for validation of the client need not be made from the service provider server to the validation server when a client requests content from the service provider server, while also inhibiting unauthorized consumptions of data by the client.
    • 提供了一个或多个技术和/或系统,用于安全授权客户端从服务提供商服务器消耗数据和/或服务,同时减轻对验证服务器的繁重请求。 也就是说,可以在客户端上维护从验证服务器提供给客户端的验证数据,并且当客户端尝试从服务提供商消费数据和/或服务时,可以使用该验证数据中的至少一些来随后授权客户端 服务器(例如,下载歌曲)。 然而,验证数据被保持在客户端上和/或以禁止用户篡改的方式提供给服务提供商服务器。 以这种方式,当客户端从服务提供商服务器请求内容时,不需要从服务提供商服务器向验证服务器发出许多客户端验证请求,同时还禁止客户端对数据的未经授权的消费。
    • 4. 发明授权
    • TPM-based license activation and validation
    • 基于TPM的许可证激活和验证
    • US08418259B2
    • 2013-04-09
    • US12652094
    • 2010-01-05
    • Mikael HoralHakki Tunc BostanciVandana GunupudiNing ZhangScott Daniel AndersonStefan ThomErik Holt
    • Mikael HoralHakki Tunc BostanciVandana GunupudiNing ZhangScott Daniel AndersonStefan ThomErik Holt
    • G06F7/04
    • G06F21/10G06F2221/0704
    • A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.
    • 可信激活许可证(TAL)可以由可信平台模块(TPM)特有的密钥组成,并且识别与具有该TPM的计算设备捆绑的软件应用的信息。 为了激活软件应用程序,可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较,并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较 地点。 随后的验证可以基于TAL和认证身份密钥(AIK)之间的保护关联,该密钥可以由TPM作为激活步骤的一部分生成。 可选地,可以在验证期间周期性地改变TPM的平台配置寄存器(PCR),以防止使用一个TPM来在多个计算设备上进行验证。
    • 5. 发明授权
    • Software protection injection at load time
    • 加载时软件保护注入
    • US08001596B2
    • 2011-08-16
    • US11743755
    • 2007-05-03
    • Matthias WollnikNir Ben ZviHakki Tunc BostanciJohn Richard McDowellAaron Goldsmid
    • Matthias WollnikNir Ben ZviHakki Tunc BostanciJohn Richard McDowellAaron Goldsmid
    • G06F11/00
    • G06F21/51G06F21/54
    • A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium.
    • 将保护机制应用于二进制对象的方法包括使用操作系统资源将二进制对象与清单和数字签名一起从存储介质加载。 使用数字签名执行二进制对象的认证,读取清单以确定二进制对象的保护类别。 操作系统选择对应于保护类别的保护机制,并将保护机制代码与二进制对象一起注入计算机RAM中的二进制映像。 当访问二进制图像时,保护机制执行,并允许对二进制对象的完全访问和功能,或者阻止二进制对象的正确访问和操作。 可以独立于存储介质上的信息更新保护机制。
    • 8. 发明授权
    • Establishing privileges through claims of valuable assets
    • 通过索赔有价值的资产建立特权
    • US08931056B2
    • 2015-01-06
    • US13076908
    • 2011-03-31
    • Eric FleischmanEliot GillumMatthew Robert AyersRobert Edgar FanfantHakki Tunc Bostanci
    • Eric FleischmanEliot GillumMatthew Robert AyersRobert Edgar FanfantHakki Tunc Bostanci
    • G06F21/22G11C7/00H04L29/06
    • H04L63/105H04L63/0823
    • A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service.
    • 可以基于实体的特权级别,以不同的服务级别(例如,具有不同的权限集合)向每个实体提供可由一组实体访问的服务。 然而,许多用户可能会尝试通过服务执行恶意活动,如果检测的惩罚是无关紧要的,则可能会不受惩罚地进行。 相反,可以基于具有可识别价值的资产的索赔来建立特权级别的实体。 这样的索赔可以通过向服务提交资产标识符来建立,例如通过提交以相当大的成本购买的许可证密钥来标识的软件许可证的证明。 这些用户执行的恶意活动的处罚可能包括这种资产标识符的无效。 以这种方式建立各实体的特权级别,会提高企图恶意使用服务的处罚,从而威慑威慑力。