专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07370199B2 System and method for n-way authentication in a network 有权
标题翻译：网络中n路认证的系统和方法
公开(公告)号：US07370199B2
公开(公告)日：2008-05-06
申请号：US10766060
申请日：2004-01-28
申请人： Michael A. Aday , Bryan M. Willman , Marcus Peinado , Alan S. Geller
发明人： Michael A. Aday , Bryan M. Willman , Marcus Peinado , Alan S. Geller
IPC分类号： G06F21/00
CPC分类号： H04L9/0825 , H04L9/14 , H04L2209/56
摘要： A method of controlling information exposure in a multiparty transaction includes an originating transaction participant cryptographically encoding all information for each of the transaction participants such that a unique data content and encryption are used for each of the messages destined to the other transaction participants. The cryptographically encoded messages are transmitted to the transaction participants such that each may decrypt their message and respond to a primary transaction participant with status concerning their portion of the transaction. After reception of affirmative status messages from the transaction participants, the primary transaction participant may transmit messages to the responding transaction participants to execute the multiparty transaction. The originating transaction participant may also be provided an indication that the multiparty transaction is executed.
摘要翻译：控制多方交易中的信息曝光的方法包括对每个交易参与者的所有信息进行密码编码的始发交易参与者，从而为发往其他交易参与者的每个消息使用唯一的数据内容和加密。密码编码的消息被传送到交易参与者，使得每个消息可以解密他们的消息并且响应具有关于其交易部分的状态的主交易参与者。在从交易参与者接收到肯定状态消息之后，主交易参与者可以向响应的交易参与者发送消息以执行多方交易。也可以向源交易参与者提供执行多方交易的指示。

2. 发明授权

US09916439B2 Securing a computing environment against malicious entities 有权
公开(公告)号：US09916439B2
公开(公告)日：2018-03-13
申请号：US13427342
申请日：2012-03-22
申请人： Mariusz H. Jakubowski , Marcus Peinado
发明人： Mariusz H. Jakubowski , Marcus Peinado
IPC分类号： G06F21/00 , G06F21/53
CPC分类号： G06F21/53
摘要： The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.

3. 发明授权

US09425965B2 Cryptographic certification of secure hosted execution environments 有权
标题翻译：安全托管执行环境的加密认证
公开(公告)号：US09425965B2
公开(公告)日：2016-08-23
申请号：US13372390
申请日：2012-02-13
申请人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
IPC分类号： G06F21/00 , H04L9/32 , G06F21/57
CPC分类号： H04L9/3263 , G06F21/577 , G06F2221/034
摘要： Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
摘要翻译：描述了用托管计算机提供持久的安全执行环境的实现。计算系统的主机操作系统向在由安全启用的处理器初始化的硬件保护的存储器区域的安全执行环境中执行的持久性模块提供加密的检查点。加密的检查点至少部分地从另一个安全执行环境导出，该安全执行环境被加密地认证为包括在激活状态下建立的另一硬件保护的存储器区域以避免执行不被客户机系统信任的软件。

4. 发明授权

US09413538B2 Cryptographic certification of secure hosted execution environments 有权
标题翻译：安全托管执行环境的加密认证
公开(公告)号：US09413538B2
公开(公告)日：2016-08-09
申请号：US13323465
申请日：2011-12-12
申请人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人： Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
IPC分类号： H04L9/32 , G06F21/57
CPC分类号： H04L9/3263 , G06F21/577 , G06F2221/034
摘要： Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
摘要翻译：描述了用托管计算机提供安全执行环境的实现。支持安全性的处理器建立具有仅执行由客户端系统识别的软件的激活状态的硬件保护的存储器区域。由硬件保护的存储区域外部执行的代码无法访问硬件保护的存储器区域。将证书发送到客户端系统，以指示安全执行环境在其激活状态下仅由请求识别的软件建立。

5. 发明授权

US09329845B2 Determining target types for generic pointers in source code 有权
标题翻译：确定源代码中通用指针的目标类型
公开(公告)号：US09329845B2
公开(公告)日：2016-05-03
申请号：US12477954
申请日：2009-06-04
申请人： Weidong Cui , Marcus Peinado
发明人： Weidong Cui , Marcus Peinado
IPC分类号： G06F9/45
CPC分类号： G06F8/434
摘要： A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要翻译：本文描述的系统包括从计算设备的计算机可读介质接收源代码的接收器组件和在源代码上执行点对分析算法以产生点对图的静态分析组件，其中点对图是包括多个节点和多个边缘的有向图，其中点对图的节点表示源代码中的指针，边缘表示源代码中的包含关系。该系统还包括至少部分地基于源代码中的已知类型定义和全局变量来推断源代码中的通用指针的目标类型的推理组件。

6. 发明授权

US09183406B2 Saving and retrieving data based on public key encryption 有权
标题翻译：基于公钥加密保存和检索数据
公开(公告)号：US09183406B2
公开(公告)日：2015-11-10
申请号：US13012573
申请日：2011-01-24
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： G06F21/00 , G06F21/62
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
摘要翻译：根据某些方面，从呼叫程序接收数据。使用公钥加密来生成包含数据的密文，只有满足一个或多个条件，才允许从密文获得数据。根据另一方面，从调用程序接收位串。使用公钥解密解密比特串中的数据，只有满足包含在比特串中的一个或多个条件时才返回给调用程序。

7. 发明授权

US08601286B2 Saving and retrieving data based on public key encryption 有权
标题翻译：基于公钥加密保存和检索数据
公开(公告)号：US08601286B2
公开(公告)日：2013-12-03
申请号：US13015440
申请日：2011-01-27
申请人： Paul England , Marcus Peinado
发明人： Paul England , Marcus Peinado
IPC分类号： G06F12/14
CPC分类号： G06F21/6218
摘要： In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译：根据某些方面，接收数据并生成并输出数字签名。数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件，或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名一个或多个处理器。

8. 发明授权

US08352797B2 Software fault isolation using byte-granularity memory protection 有权
标题翻译：软件故障隔离采用字节度记忆保护
公开(公告)号：US08352797B2
公开(公告)日：2013-01-08
申请号：US12633326
申请日：2009-12-08
申请人： Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
发明人： Richard John Black , Paul Barham , Manuel Costa , Marcus Peinado , Jean-Philippe Martin , Periklis Akritidis , Austin Donnelly , Miguel Castro
IPC分类号： G06F11/30
CPC分类号： G06F21/53 , G06F9/468 , G06F12/1483 , G06F21/54 , G06F21/57 , G06F2221/2141 , G06F2221/2149 , H04L63/101
摘要： Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.
摘要翻译：描述了使用字节粒度内存保护的软件故障隔离方法。在一个实施例中，软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行，但是与主机部分共享相同的地址空间。域之间的调用使用插入库进行调用，并且访问控制数据基本上维持相关虚拟地址空间的每个字节。在编译期间，在加载时间之前或在运行时添加到不可信扩展的仪器，在插入库中添加的仪器会强制实现域之间的隔离，例如在任何写入或间接调用之前添加访问权限检查，并通过将函数调用重定向到在插页库中调用包装器。仪器还会更新访问控制数据，根据正在调用的操作的语义，以精细粒度授予和撤销访问权限。

9. 发明授权

US07975117B2 Enforcing isolation among plural operating systems 有权
标题翻译：在多个操作系统之间实现隔离
公开(公告)号：US07975117B2
公开(公告)日：2011-07-05
申请号：US10741629
申请日：2003-12-19
申请人： Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
发明人： Marcus Peinado , Paul England , Bryan Mark Willman , Yuqun Chen , Andrew John Thornton
IPC分类号： G06F13/00
CPC分类号： G06F21/78 , G06F12/1425 , G06F12/1483
摘要： Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译：多个客户机操作系统在计算机上运行，其中安全内核在客户机操作系统之间执行隔离策略。排除向量定义了一组不能被直接存储器访问（DMA）设备访问的页面。安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。因此，允许来宾操作系统中的设备驱动程序直接控制DMA设备，而不会对这些设备进行虚拟化，同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。

10. 发明授权

US07689791B2 Protection of content stored on portable memory from unauthorized usage 失效
标题翻译：保护存储在便携式存储器上的内容免于未经授权的使用
公开(公告)号：US07689791B2
公开(公告)日：2010-03-30
申请号：US11064348
申请日：2005-02-22
申请人： Marcus Peinado
发明人： Marcus Peinado
IPC分类号： G06F12/14
CPC分类号： G06F21/10
摘要： A device for securely recording protected content to a portable memory, and for reading the protected content therefrom. The device includes a feature that makes it adapted to read or write specially-configured portable memories that are incompatible with standard read/write devices. For example, the device may be designed to work with memories having an unusual shape or size, or may manipulate the data in a non-standard way before storing it on the memory. The read/write devices are trusted components that will only handle the protected content in accordance with rules governing the content. The feature included in the device is preferably a proprietary and/or hardware feature, so that counterfeit devices incorporating the feature cannot be built without overcoming economic and/or legal hurdles. Because of the hurdles to building devices compatible with the specially-configured portable memory, protected content can be transferred to such a memory with reasonable assurance that the content will not be widely copied.
摘要翻译：一种用于将受保护内容安全地记录到便携式存储器并用于从其读取受保护内容的装置。该设备包括一个功能，使其适合于读取或写入与标准读/写设备不兼容的特殊配置的便携式存储器。例如，设备可以被设计为与具有不寻常形状或尺寸的存储器一起工作，或者可以在将其存储在存储器之前以非标准方式操纵数据。读/写设备是只能根据管理内容的规则处理受保护内容的受信任组件。设备中包括的特征优选地是专有和/或硬件特征，使得并入该特征的假冒设备不能克服经济和/或法律障碍。由于构建与特殊配置的便携式存储器兼容的设备的障碍，受保护的内容可以被合理地保证内容不会被广泛地复制到这样的存储器中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式