专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07103783B1 Method and system for providing data security in a file system monitor with stack positioning 有权
标题翻译：用于在堆栈定位的文件系统监视器中提供数据安全性的方法和系统
公开(公告)号：US07103783B1
公开(公告)日：2006-09-05
申请号：US09701201
申请日：2000-09-29
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： H04L9/00 , G06F11/30 , G06F13/28 , G06F3/02 , G06F15/173 , G06F15/16
CPC分类号： G06F21/6281
摘要： A System for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers (81, 82, 83, 84) for accessing data in a data storage device. The first device driver detects an I/O request, and determines whether the first device driver is functionally uppermost in the layered plurality of device drivers. If the first device driver is functionally uppermost in the layered plurality of device drivers, the method performs the I/O request (80) in the first device driver. If the device driver is not functionally uppermost in the layered plurality of device drivers, the method denies the I/O request in the first device driver, and allows the I/O request to be performed by the next lowest-level driver in the layered plurality of device drivers.
摘要翻译：一种用于在可操作地安装在具有用于访问数据存储设备中的数据的分层多个设备驱动器（81,82,83,84）的计算机操作系统中的第一设备驱动器中提供数据安全性的系统。第一设备驱动程序检测I / O请求，并且确定第一设备驱动程序在分层的多个设备驱动程序中是否在功能上最上方。如果第一设备驱动器在分层的多个设备驱动器中在功能上最上方，则该方法在第一设备驱动器中执行I / O请求（80）。如果设备驱动程序在分层多个设备驱动程序中功能上不是最上方，则该方法拒绝第一设备驱动程序中的I / O请求，并允许I / O请求由分层的下一级驱动程序执行多个设备驱动程序。

2. 发明授权

US06804784B1 Back-channeling in a memory vault system 失效
标题翻译：在内存库系统中反向引导
公开(公告)号：US06804784B1
公开(公告)日：2004-10-12
申请号：US09701458
申请日：2000-11-22
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： G06F1214
CPC分类号： G06F21/6281
摘要： A file system security driver and vault method and system particularly applicable to a system in which protected data is segregated from other data, which allows for back-channeling of file data in order to ensure that files created by applications using secured data do not cause data leaks of secure data. In a preferred embodiment, a file system security driver is a driver resident on the kernel level which monitors file system requests and allows limited access to files resident on the vault and creation of files within the vault when necessary.
摘要翻译：文件系统安全驱动程序和文件库方法和系统特别适用于其中受保护数据与其他数据隔离的系统，允许文件数据的反向引导，以确保使用安全数据的应用程序创建的文件不会导致数据安全数据泄漏。在优选实施例中，文件系统安全驱动程序是驻留在内核级别上的驱动程序，其监视文件系统请求，并且允许对存储在文件库中的文件的有限访问以及在需要时在文件库内创建文件。

3. 发明授权

US07039806B1 Method and apparatus for packaging and transmitting data 失效
标题翻译：包装和传输数据的方法和装置
公开(公告)号：US07039806B1
公开(公告)日：2006-05-02
申请号：US09701230
申请日：2000-09-29
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： G06F1/26
CPC分类号： H04L63/0428 , H04L51/12
摘要： A system and method for communicating a package of information. The system comprises a machine readable medium having information packaging software that generates a computer executable file (FIG. 1, 14) comprising a package of information. The packet information comprises the file of data and encryption software. The system communicates the package of information over a network (FIG. 1, 16) that is in communication with a machine readable medium. A client computer system (FIG. 1, 17) in communication with the network is adapted to receive the package of information and execute the computer executable. The computer system has a client permissions database (FIG. 1, 20) and a vault adapted to receive the package of information.
摘要翻译：一种用于传送信息包的系统和方法。该系统包括具有信息包装软件的机器可读介质，其生成包括信息包的计算机可执行文件（图1,14）。分组信息包括数据文件和加密软件。系统通过与机器可读介质通信的网络（图1,16）来传送信息包。与网络通信的客户计算机系统（图1,17）适于接收信息包并执行计算机可执行。计算机系统具有客户端许可数据库（图1,20）和适于接收信息包的库。

4. 发明授权

US07484245B1 System and method for providing data security 有权
标题翻译：提供数据安全性的系统和方法
公开(公告)号：US07484245B1
公开(公告)日：2009-01-27
申请号：US09701157
申请日：2000-09-29
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： G06F21/00
CPC分类号： G06F21/6209 , G06F21/52 , G06F21/62 , G06F2221/2141
摘要： A system and method protects security of data. The data is packaged together with one or more permissions that designate what actions are allowed with respect to the data. The package can be opened when there is approval for doing so and the allowed permissions are maintained. The data is stored within a vault and there are a number of available security procedures that prevent the unauthorized access of the data.
摘要翻译：系统和方法保护数据的安全。数据与一个或多个权限一起打包，指定对数据允许的操作。当有批准这样做并且允许的权限被维护时，该包可以被打开。数据存储在保管库中，并且存在许多可用的安全程序，以防止未经授权的数据访问。

5. 发明授权

US06553466B1 Shared memory blocking method and system 失效
标题翻译：共享内存阻塞方法和系统
公开(公告)号：US06553466B1
公开(公告)日：2003-04-22
申请号：US09701202
申请日：2000-11-27
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： G06F1214
CPC分类号： G06F9/5016 , G06F12/109 , G06F12/1458 , G06F21/6281 , Y10S707/99938
摘要： A shared memory blocking method and particularly applicable to a system in which protected data is transmitted to a recipient computer. The method comprises reserving a memory page for a requesting application, committing a memory page to the requesting application's address space, which call may be made by the process providing the page reserve call or by a subsequent process, and providing security checks to complete the requests. The security checks include determining whether the process is secured by consulting a secured process list and determining whether the page is shared by consulting a shared memory list. Further disclosed are a computer readable medium and computer programmed to block shared memory, shared memory blocking system and secured data transmission system.
摘要翻译：一种共享存储器阻塞方法，特别适用于将受保护数据传输到接收计算机的系统。该方法包括为请求应用预留存储器页面，将存储器页面提交给请求应用程序的地址空间，可以由提供页面预留调用的处理或通过后续处理进行哪个调用，并提供安全检查以完成请求。安全检查包括通过咨询安全的进程列表来确定进程是否被保护，并且通过咨询共享的存储器列表来确定页面是否被共享。还公开了一种计算机可读介质和被编程为阻止共享存储器，共享存储器阻塞系统和安全数据传输系统的计算机。

6. 发明授权

US07096326B1 Registry monitoring system and method 失效
标题翻译：注册表监控系统和方法
公开(公告)号：US07096326B1
公开(公告)日：2006-08-22
申请号：US09701200
申请日：2000-09-29
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： G06F12/00 , G06F7/00 , G06F15/16
CPC分类号： G06F21/6218 , G06F21/52 , G06F21/62 , G06F21/6281 , G06F2221/2101 , Y10S707/99933
摘要： A registry monitoring method particularly applicable to a system (100) in which protected data is transmitted to a recipient computer. The method comprises requesting a handle for a registry key to a calling process, requesting a registry key value for the handle, modifying and deleting keys and values of protected data locations, and obtaining security clearance to complete the requests by checking secured process lists and rejection lists. Also included are a registry monitoring system, a secured data transmission system including registry monitorings, a machine-readable medium comprising a program to monitor a registry (110), and a computer configured to monitor a registry (110).
摘要翻译：一种特别适用于将受保护数据发送到接收计算机的系统（100）的注册表监视方法。该方法包括向调用进程请求一个注册表项的句柄，请求该句柄的注册表键值，修改和删除受保护数据位置的键和值，以及通过检查安全的进程列表和拒绝来获得安全许可以完成请求列表。还包括注册管理机监控系统，包括注册管理机构监控的安全数据传输系统，包括用于监控注册表（110）的程序的机器可读介质以及被配置为监视注册表（110）的计算机。

7. 发明授权

US06986058B1 Method and system for providing data security using file spoofing 失效
标题翻译：使用文件欺骗提供数据安全的方法和系统
公开(公告)号：US06986058B1
公开(公告)日：2006-01-10
申请号：US09701154
申请日：2000-09-29
申请人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
发明人： George Friedman , Robert Phillip Starek , Carlos A. Murdock
IPC分类号： H04L9/00
CPC分类号： G06F21/54
摘要： A method for providing data security in a device driver for accessing data. The device driver detects a file system request, completes the file system request, and receives return information from the file system request. The device driver further determines whether the file system request is for a tag file associated with a secured file; and if so, modifies the return information to reflect a file attribute of the secured file.
摘要翻译：一种在用于访问数据的设备驱动程序中提供数据安全性的方法。设备驱动程序检测文件系统请求，完成文件系统请求，并从文件系统请求接收返回信息。设备驱动程序进一步确定文件系统请求是否用于与安全文件相关联的标签文件; 如果是这样，修改返回信息以反映安全文件的文件属性。

8. 发明授权

US06314437B1 Method and apparatus for real-time secure file deletion 失效
标题翻译：用于实时安全文件删除的方法和装置
公开(公告)号：US06314437B1
公开(公告)日：2001-11-06
申请号：US09576518
申请日：2000-05-23
申请人： Robert Phillip Starek , George Friedman , David Earl Marshall , Jason Lee Chambers , Michael J. Moorman , Terry S. Newgard
发明人： Robert Phillip Starek , George Friedman , David Earl Marshall , Jason Lee Chambers , Michael J. Moorman , Terry S. Newgard
IPC分类号： G06F1730
CPC分类号： G06F17/30117 , G06F2221/2143 , Y10S707/99953 , Y10S707/99957
摘要： A method and apparatus are provided that enhance file system calls to a file system structure of an operating system. In particular, file system calls can be enhanced to provide real-time secure file deletion on an ongoing basis. A file system call that is intended to perform a function with respect to data stored on a storage device is intercepted. It is then determined whether the file system call is of a type that should be processed. If not, the original file system call is passed on through the file system. If the file system call should be processed, supplemental processing is performed to enhance the original file system call and the file system call is transparently returned to the calling system application. In embodiment, real-time secure file deletion is implemented using a vendor supplied driver (VSD) executing within the installable file system (IFS) of WINDOWS 95. Further, a method and system are disclosed for real-time secure data deletion in a system having an NTFS file system. Read calls are monitored using a read filter and pointers to NTFS metafiles and page files are recognized and stored. Write calls are monitored using a write filter and real-time secure data deletion of buffers is performed. File creation operations are monitored and real-time secure data deletion of user files is performed when the file is to be overwritten. Further, set information operations are monitored and real-time secure data deletion is performed for truncated, shrunk or deleted user files.
摘要翻译：提供了一种增强对操作系统的文件系统结构的文件系统调用的方法和装置。特别地，可以增强文件系统调用以持续提供实时安全文件删除。用于执行关于存储在存储设备上的数据的功能的文件系统调用被截取。然后确定文件系统调用是否是应该被处理的类型。如果没有，原始文件系统调用将通过文件系统传递。如果要处理文件系统调用，则执行补充处理以增强原始文件系统调用，并且将文件系统调用透明地返回给调用系统应用程序。在实施例中，使用在WINDOWS 95的可安装文件系统（IFS）内执行的供应商提供的驱动程序（VSD）来实现实时安全文件删除。此外，公开了一种用于系统中的实时安全数据删除的方法和系统具有NTFS文件系统。使用读取过滤器监视读取调用，并指向NTFS元文件，并识别和存储页面文件。使用写入过滤器监视写入呼叫，并执行缓冲区的实时安全数据删除。监视文件创建操作，并在文件被覆盖时执行用户文件的实时安全数据删除。此外，监视设置信息操作，并对被截断，缩小或删除的用户文件执行实时安全数据删除。

9. 发明授权

US06212600B1 Method and apparatus for sanitization of fixed storage devices 失效
标题翻译：固定式存储设备消毒的方法和装置
公开(公告)号：US06212600B1
公开(公告)日：2001-04-03
申请号：US09010262
申请日：1998-01-21
申请人： George Friedman , David Earl Marshall , Robert Phillip Starek , Jay R. Nelson
发明人： George Friedman , David Earl Marshall , Robert Phillip Starek , Jay R. Nelson
IPC分类号： G06F1214
CPC分类号： G06F3/0623 , G06F3/0652 , G06F3/0674 , G06F2221/2143
摘要： A method and apparatus are disclosed for sanitization of a fixed storage device interfaced to a computer system. The computer system is booted from a removable storage device that holds a bootable disk operating system and program code that is executed within the disk operating system. The fixed storage device is detected. The writeable space of the fixed storage device is then overwritten with a plurality of overwrite layers. Further, a report can be printed listing information about the sanitization process contemporaneously upon the completion of sanitization. In one embodiment, sanitizing is accomplished using a plurality of patterns, each layer having an associated pattern, to ensure that data can not be recovered even by destructive analysis.
摘要翻译：公开了一种用于对接到计算机系统的固定存储设备进行消毒的方法和设备。计算机系统从可移动存储设备启动，该设备保存可启动磁盘操作系统和在磁盘操作系统内执行的程序代码。检测固定存储装置。然后，固定存储装置的可写入空间被多个覆盖层重写。此外，可以在完成清洁后，同时打印一份关于消毒过程的信息的报告。在一个实施例中，使用多个图案完成消毒，每个层具有相关联的图案，以确保即使通过破坏性分析也不能恢复数据。

10. 发明授权

US6070174A Method and apparatus for real-time secure file deletion 失效
标题翻译：用于实时安全文件删除的方法和装置
公开(公告)号：US6070174A
公开(公告)日：2000-05-30
申请号：US114756
申请日：1998-07-13
申请人： Robert Phillip Starek , George Friedman , David Earl Marshall , Jason Lee Chambers , Michael J. Moorman , Terry S. Newgard
发明人： Robert Phillip Starek , George Friedman , David Earl Marshall , Jason Lee Chambers , Michael J. Moorman , Terry S. Newgard
IPC分类号： G06F17/30
CPC分类号： G06F17/30117 , G06F2221/2143 , Y10S707/99953 , Y10S707/99957
摘要： A method and apparatus are provided that enhance file system calls to a file system structure of an operating system. In particular, file system calls can be enhanced to provide real-time secure file deletion on an ongoing basis. A file system call that is intended to perform a function with respect to data stored on a storage device is intercepted. It is then determined whether the file system call is of a type that should be processed. If not, the original file system call is passed on through the file system. If the file system call should be processed, supplemental processing is performed to enhance the original file system call and the file system call is transparently returned to the calling system application. In embodiment, real-time secure file deletion is implemented using a vendor supplied driver (VSD) executing within the installable file system (IFS) of WINDOWS 95. Further, a method and system are disclosed for real-time secure data deletion in a system having an NTFS file system. Read calls are monitored using a read filter and pointers to NTFS metafiles and page files are recognized and stored. Write calls are monitored using a write filter and real-time secure data deletion of buffers is performed. File creation operations are monitored and real-time secure data deletion of user files is performed when the file is to be overwritten. Further, set information operations are monitored and real-time secure data deletion is performed for truncated, shrunk or deleted user files.
摘要翻译：提供了一种增强对操作系统的文件系统结构的文件系统调用的方法和装置。特别地，可以增强文件系统调用以持续提供实时安全文件删除。用于执行关于存储在存储设备上的数据的功能的文件系统调用被截取。然后确定文件系统调用是否是应该被处理的类型。如果没有，原始文件系统调用将通过文件系统传递。如果要处理文件系统调用，则执行补充处理以增强原始文件系统调用，并且将文件系统调用透明地返回给调用系统应用程序。在实施例中，使用在WINDOWS 95的可安装文件系统（IFS）内执行的供应商提供的驱动程序（VSD）实现实时安全文件删除。此外，公开了一种用于系统中的实时安全数据删除的方法和系统具有NTFS文件系统。使用读取过滤器监视读取调用，并指向NTFS元文件，并识别和存储页面文件。使用写入过滤器监视写入呼叫，并执行缓冲区的实时安全数据删除。监视文件创建操作，并在文件被覆盖时执行用户文件的实时安全数据删除。此外，监视设置信息操作，并对被截断，缩小或删除的用户文件执行实时安全数据删除。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式