专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090172814A1 DYNAMIC GENERATION OF INTEGRITY MANIFEST FOR RUN-TIME VERIFICATION OF SOFTWARE PROGRAM 有权
标题翻译：软件程序运行验证的完整性更新动态生成
公开(公告)号：US20090172814A1
公开(公告)日：2009-07-02
申请号：US11967928
申请日：2007-12-31
申请人： Hormuzd Khosravi , David Durham , Prashant Dewan , Ravi Sahita , Uday R. Savagaonkar , Men Long
发明人： Hormuzd Khosravi , David Durham , Prashant Dewan , Ravi Sahita , Uday R. Savagaonkar , Men Long
IPC分类号： G06F21/22
CPC分类号： G06F21/64 , G06F21/51
摘要： A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered.
摘要翻译：测量引擎为软件程序生成完整性清单，并使用它来执行主动平台观察。完整性清单表示程序代码的一部分的完整性检查值。测量引擎计算内存中程序映像的比较值，并确定比较值是否与预期的完整性校验值相匹配。如果值不匹配，则确定程序的图像被修改，并且可能触发适当的补救动作。

2. 发明授权

US08364973B2 Dynamic generation of integrity manifest for run-time verification of software program 有权
标题翻译：动态生成软件程序的运行时验证的完整性清单
公开(公告)号：US08364973B2
公开(公告)日：2013-01-29
申请号：US11967928
申请日：2007-12-31
申请人： Hormuzd Khosravi , David Durham , Prashant Dewan , Ravi Sahita , Uday R. Savagaonkar , Men Long
发明人： Hormuzd Khosravi , David Durham , Prashant Dewan , Ravi Sahita , Uday R. Savagaonkar , Men Long
IPC分类号： G06F21/00
CPC分类号： G06F21/64 , G06F21/51
摘要： A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered.
摘要翻译：测量引擎为软件程序生成完整性清单，并使用它来执行主动平台观察。完整性清单表示程序代码的一部分的完整性检查值。测量引擎计算内存中程序映像的比较值，并确定比较值是否与预期的完整性校验值相匹配。如果值不匹配，则确定程序的图像被修改，并且可能触发适当的补救动作。

3. 发明授权

US08799673B2 Seamlessly encrypting memory regions to protect against hardware-based attacks 有权
标题翻译：无缝加密内存区域以防止基于硬件的攻击
公开(公告)号：US08799673B2
公开(公告)日：2014-08-05
申请号：US12651432
申请日：2009-12-31
申请人： Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
发明人： Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
IPC分类号： H04L29/06
CPC分类号： G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要： Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译：公开了系统，装置和方法，并且用于无缝地保护存储器区域以防止基于硬件的攻击。在一个实施例中，一种装置包括解码器，控制逻辑和加密逻辑。解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。控制逻辑是将事务从内存映射的输入/输出空间重定向到系统内存。密码逻辑是对数据进行交易操作。

4. 发明申请

US20110161677A1 SEAMLESSLY ENCRYPTING MEMORY REGIONS TO PROTECT AGAINST HARDWARE-BASED ATTACKS 有权
标题翻译：无缝加密存储区域防范基于硬件的攻击
公开(公告)号：US20110161677A1
公开(公告)日：2011-06-30
申请号：US12651432
申请日：2009-12-31
申请人： Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
发明人： Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
IPC分类号： G06F12/14
CPC分类号： G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要： Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译：公开了系统，装置和方法，并且用于无缝地保护存储器区域以防止基于硬件的攻击。在一个实施例中，一种装置包括解码器，控制逻辑和加密逻辑。解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。控制逻辑是将事务从存储器映射的输入/输出空间重定向到系统存储器。密码逻辑是对数据进行交易操作。

5. 发明申请

US20080022388A1 Method and apparatus for multiple inclusion offsets for security protocols 审中-公开
标题翻译：用于安全协议的多重包含偏移的方法和装置
公开(公告)号：US20080022388A1
公开(公告)日：2008-01-24
申请号：US11478986
申请日：2006-06-30
申请人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号： G06F15/16
CPC分类号： H04L63/105
摘要： A method and apparatus to define multiple zones in a data packet for inclusion in processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations to which the zone is subjected. In another embodiment, the list of security operations for a zone includes parameters to be passed when performing the security operations on the zone.
摘要翻译：一种在数据分组中定义多个区域以包括在安全协议的安全操作的处理中的方法和装置。在一个实施例中，每个定义的区域具有该区域经受的安全操作的关联列表。在另一个实施例中，区域的安全操作的列表包括在区域上执行安全操作时要传递的参数。

6. 发明申请

US20080002724A1 Method and apparatus for multiple generic exclusion offsets for security protocols 审中-公开
标题翻译：用于安全协议的多个通用排除偏移的方法和装置
公开(公告)号：US20080002724A1
公开(公告)日：2008-01-03
申请号：US11479157
申请日：2006-06-30
申请人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号： H04L12/56
CPC分类号： H04L63/0428 , H04L63/104 , H04L63/164 , H04L69/22
摘要： A method and apparatus to define multiple zones in a data packet for exclusion from processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations from which the zone is protected.
摘要翻译：一种在数据分组中定义多个区域以便通过安全协议的安全操作排除在处理之外的方法和装置。在一个实施例中，每个定义的区域具有相关的安全操作列表，从该区域被保护。

7. 发明申请

US20110154059A1 CUMULATIVE INTEGRITY CHECK VALUE (ICV) PROCESSOR BASED MEMORY CONTENT PROTECTION 有权
标题翻译：累积完整性检验值（ICV）处理器内存内容保护
公开(公告)号：US20110154059A1
公开(公告)日：2011-06-23
申请号：US12646028
申请日：2009-12-23
申请人： David Durham , Men Long , Uday R. Savagaonkar
发明人： David Durham , Men Long , Uday R. Savagaonkar
IPC分类号： G06F12/14
CPC分类号： G06F21/79 , G06F21/72
摘要： In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.
摘要翻译：通常，在一个方面，本公开描述了包括密码引擎和第一和第二寄存器的过程。加密引擎是对要写入存储器的数据进行加密，解密从存储器读取的数据，生成读取完整性检查值（ICV），并为存储器访问写入ICV。密码引擎还通过分别用当前读取的MAC和当前的写入ICV异或生成的读取ICV和产生的写入ICV来创建累积读取ICV和累积写入ICV，并通过比较累积读取ICV和累积写ICV。第一和第二寄存器分别在处理器处存储累积读和写ICV。描述和要求保护其他实施例。

8. 发明授权

US08839450B2 Secure vault service for software components within an execution environment 有权
标题翻译：为执行环境中的软件组件提供安全的保管库服务
公开(公告)号：US08839450B2
公开(公告)日：2014-09-16
申请号：US11833073
申请日：2007-08-02
申请人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
发明人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
IPC分类号： G06F12/14 , G06F17/30
CPC分类号： G06F21/6209 , G06F12/1408 , G06F12/1466 , G06F12/1475 , G06F21/52 , G06F21/53
摘要： Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置，物品，方法和系统的实施例。一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制存储器区域，以便仅通过特定认证的，授权的和已验证的软件组件进行访问，即使在其他受损的操作系统环境的一部分。代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。可以描述和要求保护其他实施例。

9. 发明申请

US20080022129A1 SECURE PLATFORM VOUCHER SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
标题翻译：执行环境中软件组件的安全平台提供服务
公开(公告)号：US20080022129A1
公开(公告)日：2008-01-24
申请号：US11864573
申请日：2007-09-28
申请人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
发明人： David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32
CPC分类号： G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要： Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise comprised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述用于执行环境中的软件组件的安全平台凭单服务的装置，物品，方法和系统的实施例。一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制仅通过特定认证的，授权的和已验证的软件组件进行访问的存储器区域，即使在另外包含的操作系统环境的一部分。配置远程实体或网关只需要知道平台的公钥或证书层次结构，以便接收平台中任何组件的验证证明。验证证明或凭证有助于向远程实体确保在平台或网络上运行的中间人，rootkit，间谍软件或其他恶意软件将无法访问所提供的资料。代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。可以描述和要求保护其他实施例。

10. 发明授权

US08752169B2 Botnet spam detection and filtration on the source machine 有权
标题翻译：在源机器上进行僵尸网络垃圾邮件检测和过滤
公开(公告)号：US08752169B2
公开(公告)日：2014-06-10
申请号：US12059877
申请日：2008-03-31
申请人： Men Long , David Durham , Hormuzd Khosravi
发明人： Men Long , David Durham , Hormuzd Khosravi
IPC分类号： H04L29/06 , G06F21/56 , G06F21/50
CPC分类号： G06F21/566 , G06F21/50 , G06F21/56 , H04L51/12 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L2463/144
摘要： A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value.
摘要翻译：公开了一种方法和装置。在一个实施例中，该方法包括确定尝试从第一计算机系统发送的分组具有可能包含垃圾邮件的人类通信消息的至少一部分。该方法然后当分组内的时间戳中的第一时间值与耦合到第一计算机系统的人类输入设备的最新活动的第二时间值之间的时间差与阈值时间差值。如果垃圾邮件计数器超出垃圾邮件出站阈值，该方法也不允许将数据包发送到远程位置。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式