专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07770000B2 Method and device for verifying the security of a computing platform 有权
标题翻译：用于验证计算平台安全性的方法和设备
公开(公告)号：US07770000B2
公开(公告)日：2010-08-03
申请号：US12124619
申请日：2008-05-21
申请人： Matthias Schunter , Jonathan A. Poritz , Michael Waidner , Elsie A. Van Herreweghen
发明人： Matthias Schunter , Jonathan A. Poritz , Michael Waidner , Elsie A. Van Herreweghen
IPC分类号： H04L29/06 , G06F12/14
CPC分类号： G06F21/57
摘要： Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.
摘要翻译：用于验证计算平台安全性的方法和设备。在验证计算平台的安全性的方法中，验证机首先通过完整性验证部件向平台发送验证请求。然后，平台通过可信赖的平台模块产生取决于平台上加载的二进制文件的验证结果，并将其发送到完整性验证组件。之后，完整性验证部件正在使用接收到的验证结果确定平台的安全属性并将其发送到验证机。最后，验证机正在确定所确定的安全属性是否符合所需的安全属性。

2. 发明申请

US20080256595A1 METHOD AND DEVICE FOR VERIFYING THE SECURITY OF A COMPUTING PLATFORM 有权
标题翻译：用于验证计算机平台安全性的方法和装置
公开(公告)号：US20080256595A1
公开(公告)日：2008-10-16
申请号：US12124619
申请日：2008-05-21
申请人： Matthias Schunter , Jonathan A. Poritz , Michael Waidner , Elsie A. Van Herreweghen
发明人： Matthias Schunter , Jonathan A. Poritz , Michael Waidner , Elsie A. Van Herreweghen
IPC分类号： G06F21/00
CPC分类号： G06F21/57
摘要： Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.
摘要翻译：用于验证计算平台安全性的方法和设备。在验证计算平台的安全性的方法中，验证机首先通过完整性验证部件向平台发送验证请求。然后，平台通过可信赖的平台模块产生取决于平台上加载的二进制文件的验证结果，并将其发送到完整性验证组件。之后，完整性验证部件正在使用接收到的验证结果确定平台的安全属性并将其发送到验证机。最后，验证机正在确定所确定的安全属性是否符合所需的安全属性。

3. 发明授权

US08060941B2 Method and system to authenticate an application in a computing platform operating in trusted computing group (TCG) domain 失效
标题翻译：在可信计算组（TCG）域中运行的计算平台中验证应用程序的方法和系统
公开(公告)号：US08060941B2
公开(公告)日：2011-11-15
申请号：US11957408
申请日：2007-12-14
申请人： Bernhard Jansen , Luke J. O'Connor , Jonathan A. Poritz , Elsie A. Van Herreweghen
发明人： Bernhard Jansen , Luke J. O'Connor , Jonathan A. Poritz , Elsie A. Van Herreweghen
IPC分类号： G06F21/22 , G06F12/14 , H04L9/32 , H04K1/00
CPC分类号： G06F21/57
摘要： A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.
摘要翻译：提供了一种用于验证在可信计算组（TCG）域中运行的计算平台中的应用的真实性的方法和系统。该方法包括计算对应于应用程序，多个先例应用程序和输出文件中的一个或多个的一个或多个完整性测量。输出文件包括应用程序的输出，应用程序正在计算平台上执行。每个先例应用程序在应用程序之前执行。该方法还包括将一个或多个完整性测量与重新计算的完整性测量进行比较。对应于应用程序，多个先例应用程序和计算平台中的一个或多个来确定重新计算的完整性度量。

4. 发明申请

US20080288783A1 METHOD AND SYSTEM TO AUTHENTICATE AN APPLICATION IN A COMPUTING PLATFORM OPERATING IN TRUSTED COMPUTING GROUP (TCG) DOMAIN 失效
标题翻译：认证计算机平台在信用计算机组（TCG）领域中的应用的方法和系统
公开(公告)号：US20080288783A1
公开(公告)日：2008-11-20
申请号：US11957408
申请日：2007-12-14
申请人： Bernhard Jansen , Luke J. O'Connor , Jonathan A. Poritz , Elsie A. Van Herreweghen
发明人： Bernhard Jansen , Luke J. O'Connor , Jonathan A. Poritz , Elsie A. Van Herreweghen
IPC分类号： G06F11/30
CPC分类号： G06F21/57
摘要： A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.
摘要翻译：提供了一种用于验证在可信计算组（TCG）域中运行的计算平台中的应用的真实性的方法和系统。该方法包括计算对应于应用程序，多个先例应用程序和输出文件中的一个或多个的一个或多个完整性测量。输出文件包括应用程序的输出，应用程序正在计算平台上执行。每个先例应用程序在应用程序之前执行。该方法还包括将一个或多个完整性测量与重新计算的完整性测量进行比较。对应于应用程序，多个先例应用程序和计算平台中的一个或多个来确定重新计算的完整性度量。

5. 发明授权

US08122484B2 Access control policy conversion 有权
标题翻译：访问控制策略转换
公开(公告)号：US08122484B2
公开(公告)日：2012-02-21
申请号：US12101694
申请日：2008-04-11
申请人： Guenter Karjoth , Elsie A. Van Herreweghen
发明人： Guenter Karjoth , Elsie A. Van Herreweghen
IPC分类号： G06F17/00
CPC分类号： G06F17/30507 , G06F21/604 , G06F21/6218
摘要： Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.
摘要翻译：提供了用于从访问控制系统的源策略数据结构生成用于单授权查询访问控制系统的访问控制策略数据结构的方法和装置，其中主授权可以受辅助约束。数据结构中的授权是根据主题，资源和动作元素来定义的。对于源策略数据结构中的一组资源中的每个资源，分析数据结构以识别与该资源相关的主要授权。对于每个主授权，代表定义表达该授权的访问规则的策略的策略数据被生成并存储在系统存储器中并被分析以识别与该主授权相关联的任何辅助约束。对于所识别的每个辅助约束，生成策略数据并将其存储在系统存储器中。

6. 发明申请

US20090178107A1 ACCESS CONTROL POLICY CONVERSION 有权
标题翻译：访问控制政策转换
公开(公告)号：US20090178107A1
公开(公告)日：2009-07-09
申请号：US12101694
申请日：2008-04-11
申请人： Guenter Karjoth , Elsie A. Van Herreweghen
发明人： Guenter Karjoth , Elsie A. Van Herreweghen
IPC分类号： G06F9/30 , G06F17/30
CPC分类号： G06F17/30507 , G06F21/604 , G06F21/6218
摘要： Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.
摘要翻译：提供了用于从访问控制系统的源策略数据结构生成用于单授权查询访问控制系统的访问控制策略数据结构的方法和装置，其中主授权可以受辅助约束。数据结构中的授权是根据主题，资源和动作元素来定义的。对于源策略数据结构中的一组资源中的每个资源，分析数据结构以识别与该资源相关的主要授权。对于每个主授权，代表定义表达该授权的访问规则的策略的策略数据被生成并存储在系统存储器中并被分析以识别与该主授权相关联的任何辅助约束。对于所识别的每个辅助约束，生成策略数据并将其存储在系统存储器中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式