专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08954965B2 Trusted execution environment virtual machine cloning 有权
标题翻译：可信执行环境虚拟机克隆
公开(公告)号：US08954965B2
公开(公告)日：2015-02-10
申请号：US13566250
申请日：2012-08-03
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F9/455
CPC分类号： G06F21/53
摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要翻译：克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机机。

2. 发明申请

US20140040890A1 TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINE CLONING 有权
标题翻译：实施执行环境虚拟机克隆
公开(公告)号：US20140040890A1
公开(公告)日：2014-02-06
申请号：US13566250
申请日：2012-08-03
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F9/455
CPC分类号： G06F21/53
摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要翻译：克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机机。

3. 发明授权

US08782423B2 Network based management of protected data sets 有权
标题翻译：基于网络的受保护数据集管理
公开(公告)号：US08782423B2
公开(公告)日：2014-07-15
申请号：US13527439
申请日：2012-06-19
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F3/06
CPC分类号： G06F3/0622 , G06F21/57 , G06F21/602
摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
摘要翻译：包括配置为维护受保护的帐户的帐户管理模块的系统。例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

4. 发明申请

US20130339729A1 NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS 有权
标题翻译：基于网络的保护数据集管理
公开(公告)号：US20130339729A1
公开(公告)日：2013-12-19
申请号：US13527439
申请日：2012-06-19
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F21/00 , G06F1/24 , H04L29/06
CPC分类号： G06F3/0622 , G06F21/57 , G06F21/602
摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
摘要翻译：包括配置为维护受保护的帐户的帐户管理模块的系统。例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

5. 发明申请

US20110307711A1 DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT 有权
标题翻译：具有初始保护组件的设备启动
公开(公告)号：US20110307711A1
公开(公告)日：2011-12-15
申请号：US12813955
申请日：2010-06-11
申请人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
发明人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
IPC分类号： G06F21/00 , G06F12/14 , G06F15/177
CPC分类号： G06F21/575
摘要： Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.
摘要翻译：启动计算设备包括执行一个或多个固件组件，后跟引导加载程序组件。在执行引导加载程序组件之后，识别并执行诸如反恶意软件程序之类的计算设备的保护组件作为初始组件。还执行一个或多个引导组件，这些一个或多个引导组件仅包括被保护组件批准的引导组件。先前已被保护组件批准的引导组件列表也可以以防篡改的方式进行维护。

6. 发明授权

US08417962B2 Device booting with an initial protection component 有权
公开(公告)号：US08417962B2
公开(公告)日：2013-04-09
申请号：US12813955
申请日：2010-06-11
申请人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
发明人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
IPC分类号： G06F11/30 , G06F12/14
CPC分类号： G06F21/575
摘要： Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.

7. 发明授权

US08880667B2 Self regulation of the subject of attestation 有权
标题翻译：自我认定的主体
公开(公告)号：US08880667B2
公开(公告)日：2014-11-04
申请号：US13024288
申请日：2011-02-09
申请人： Mark F. Novak , Stefan Thom , Yair Tor , Alexey Efron , Amos Ortal
发明人： Mark F. Novak , Stefan Thom , Yair Tor , Alexey Efron , Amos Ortal
IPC分类号： G06F15/173 , H04L29/06 , G06F21/64 , G06F21/57
CPC分类号： H04L63/1433 , G06F21/575 , G06F21/64 , H04L63/20
摘要： Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication.
摘要翻译：证明自我认证客户。认证客户端从认证服务器请求健康证书，其中包括有序的认证日志和日志的完整性和新鲜度的证明。认证客户端收到所要求的健康证书，证明认证客户在要求健康证书时是健康的，认证服务机构认证证明客户端每次认证客户端使用健康证书进行身份验证时都是健康的。认证客户端使用身份验证证书验证其健康的身份验证请求，并且执行所请求的身份验证。

8. 发明申请

US20120204020A1 SELF REGULATION OF THE SUBJECT OF ATTESTATION 有权
标题翻译：自我监管的主体
公开(公告)号：US20120204020A1
公开(公告)日：2012-08-09
申请号：US13024288
申请日：2011-02-09
申请人： Mark F. Novak , Stefan Thom , Yair Tor , Alexey Efron , Amos Ortal
发明人： Mark F. Novak , Stefan Thom , Yair Tor , Alexey Efron , Amos Ortal
IPC分类号： H04L9/32 , G06F9/445
CPC分类号： H04L63/1433 , G06F21/575 , G06F21/64 , H04L63/20
摘要： Attestation by a self-regulating attestation client. The attestation client requests a credential of health from an attestation service, which includes an ordered attestation log and proof of integrity and freshness of the log. The attestation client receives the requested credential of health, which certifies the attestation client was healthy when it requested the credential of health and that the attestation service trusts the attestation client to be healthy each time the attestation client authenticates using the credential of health. The attestation client receives a request to authenticate that it is healthy using the credential of health, verifies that it is currently healthy, and performs the requested authentication.
摘要翻译：证明自我认证客户。认证客户端从认证服务器请求健康证书，其中包括有序的认证日志和日志的完整性和新鲜度的证明。认证客户端收到所要求的健康证书，证明认证客户在要求健康证书时是健康的，认证服务机构认证认证客户端每次认证客户端使用健康证书进行身份验证时都是健康的。认证客户端使用身份验证证书验证其健康的身份验证请求，并且执行所请求的身份验证。

9. 发明授权

US08561152B2 Target-based access check independent of access request 有权
标题翻译：基于目标的访问检查独立于访问请求
公开(公告)号：US08561152B2
公开(公告)日：2013-10-15
申请号：US13109530
申请日：2011-05-17
申请人： Mark F. Novak , Karanbir Singh , David M. McPherson , Andrey Popov , Ming Tang
发明人： Mark F. Novak , Karanbir Singh , David M. McPherson , Andrey Popov , Ming Tang
IPC分类号： G06F21/00
CPC分类号： G06F21/6218 , G06F2221/2141 , G06F2221/2149 , H04L63/10 , H04L63/20
摘要： A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.
摘要翻译：在控制对资源的访问的目标系统上构建主体的上下文，独立于请求访问资源的主体。在目标系统处将授权策略应用于上下文以确定主体是否被允许访问资源，并且提供主体是否允许访问资源的指示（例如，给管理员）。可以对上下文进行修改，并且重新应用授权以确定具有修改的上下文的主体是否被允许访问资源。

10. 发明申请

US20130205360A1 PROTECTING USER CREDENTIALS FROM A COMPUTING DEVICE 有权
标题翻译：从计算机设备保护用户凭证
公开(公告)号：US20130205360A1
公开(公告)日：2013-08-08
申请号：US13368731
申请日：2012-02-08
申请人： Mark F. Novak , Andrew J. Layman
发明人： Mark F. Novak , Andrew J. Layman
IPC分类号： G06F21/00
CPC分类号： H04L63/102 , H04L63/0815 , H04L63/083 , H04L63/0853 , H04L63/0884 , H04L2463/102
摘要： Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.
摘要翻译：保护来自计算设备的用户凭证包括在计算设备和身份提供商（例如，Web服务）之间建立安全会话。安全会话的参数被传送到凭证服务，该凭证服务重新协商或恢复安全会话以在证书服务和身份提供者之间建立新的安全会话。用户凭证通过新的安全会话从凭证服务传递给身份提供者，但计算设备不具有新安全会话的参数，因此无法访问所传递的用户凭据。然后，凭证服务再次重新协商或恢复安全会话，以在凭证服务和身份提供商之间建立额外的安全会话。附加安全会话的参数被传送到计算设备以允许计算设备继续与身份提供商通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式