专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07664949B2 Certifying and grouping distributed objects 失效
标题翻译：认证和分组分布式对象
公开(公告)号：US07664949B2
公开(公告)日：2010-02-16
申请号：US11194100
申请日：2005-07-29
申请人： Paul England , Muthukrishnan Paramasivam , Thekkthalackal Varugis Kurien , Charles F. Rose, III , Ravindra N Pandya
发明人： Paul England , Muthukrishnan Paramasivam , Thekkthalackal Varugis Kurien , Charles F. Rose, III , Ravindra N Pandya
IPC分类号： H04L29/06
CPC分类号： H04L9/3263 , H04L2209/60
摘要： Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.
摘要翻译：这里公开了一种用于认证可分发物体的技术。该技术涉及为每个可分发对象创建一个认证，以指示对象的属性。使用这样的认证，只能从指定的实体接受具有某些属性的对象。

2. 发明授权

US08619971B2 Local secure service partitions for operating system security 有权
标题翻译：用于操作系统安全的本地安全服务分区
公开(公告)号：US08619971B2
公开(公告)日：2013-12-31
申请号：US11097697
申请日：2005-04-01
申请人： Thekkthalackal Varugis Kurien , Paul England , Ravindra Nath Pandya , Niels Ferguson
发明人： Thekkthalackal Varugis Kurien , Paul England , Ravindra Nath Pandya , Niels Ferguson
IPC分类号： H04K1/04 , H04K1/06
CPC分类号： G06F21/57 , G06F9/5077 , G06F2221/2149
摘要： Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.
摘要翻译：系统和方法提供了诸如管理程序之类的隔离技术上托管的多个分区，其中至少一个分区本地安全服务分区（LSSP）为其他分区提供安全服务。服务分区（LSSP）承载需要严格安全隔离的高保证服务，即使在用户未连接到网络时，也可以跨分区共享服务并进行访问。 LSSP还可以使用由TPM认证身份密钥（AIK）签名的密钥或由管理程序或服务分区安全地保存的其他密钥来证明任何计算的结果。可以将LSSP配置为提供可信的审核日志，可信的安全扫描，可信密码服务，可信的编译和测试，可信登录服务等。

3. 发明授权

US07418512B2 Securely identifying an executable to a trust-determining entity 有权
标题翻译：安全地识别信任确定实体的可执行文件
公开(公告)号：US07418512B2
公开(公告)日：2008-08-26
申请号：US10692224
申请日：2003-10-23
申请人： Paul England , Anshul Dhir , Thekkthalackal Varugis Kurien , Kenneth D. Ray
发明人： Paul England , Anshul Dhir , Thekkthalackal Varugis Kurien , Kenneth D. Ray
IPC分类号： G06F15/16
CPC分类号： G06F21/62
摘要： A resource is obtained from a resource provider (RP) for a resource requester (RR) operating on a computing device. The RR has an identity descriptor (id) associated therewith, where the id including security-related information specifying an environment in which the RR operates. A code identity (code-ID) is calculated corresponding to and based on the loaded RR and loaded id. The RP verifies that the calculated code-ID in a request for the resource matches one of one or more valid code-IDs for the identified RR to conclude that the RR and id can be trusted, and the RP responds to the forwarded request by providing the requested resource to the RR.
摘要翻译：从用于在计算设备上操作的资源请求者（RR）的资源提供者（RP）获得资源。 RR具有与其相关联的身份描述符（id），其中id包括指定RR操作的环境的安全相关信息。代码标识（代码ID）是根据加载的RR和加载的id来计算的。 RP验证在资源请求中计算的代码ID与所识别的RR的一个或多个有效代码ID中的一个匹配，以得出可以信任的RR和ID，并且RP通过提供转发的请求来响应转发的请求向RR请求的资源。

4. 发明授权

US07694121B2 System and method for protected operating system boot using state validation 有权
标题翻译：使用状态验证的受保护操作系统引导的系统和方法
公开(公告)号：US07694121B2
公开(公告)日：2010-04-06
申请号：US10882134
申请日：2004-06-30
申请人： Bryan Mark Willman , Paul England , Kenneth D. Ray , Jamie Hunter , Lonnie Dean McMichael , Derek Norman LaSalle , Pierre Jacomet , Mark Eliot Paley , Thekkthalackal Varugis Kurien , David B. Cross
发明人： Bryan Mark Willman , Paul England , Kenneth D. Ray , Jamie Hunter , Lonnie Dean McMichael , Derek Norman LaSalle , Pierre Jacomet , Mark Eliot Paley , Thekkthalackal Varugis Kurien , David B. Cross
IPC分类号： G06F9/00
CPC分类号： G06F21/575 , G06F9/4401
摘要： A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
摘要翻译：用于保护操作系统启动的机制，可防止恶意组件与操作系统一起加载，从而防止系统密钥在不适当情况下泄露。在机器启动过程的一部分发生后，运行操作系统加载程序，验证加载程序，并验证是否存在和/或创建正确的机器状态。一旦加载程序已被验证为合法的装载程序，并且其运行的机器状态被验证为正确的，则加载程序的未来行为是已知的，以防止可能导致系统密钥泄露的流氓组件的加载。对于系统密钥，加载程序的行为被认为是安全的，验证器可以打开系统密钥并将其提供给加载程序。

5. 发明授权

US07493429B2 Communication of information via a side-band channel, and use of same to verify positional relationship 失效
标题翻译：通过边带通道进行信息通信，并使用它来验证位置关系
公开(公告)号：US07493429B2
公开(公告)日：2009-02-17
申请号：US10759325
申请日：2004-01-16
申请人： John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
发明人： John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
IPC分类号： G06F13/12 , G06F13/38
CPC分类号： G06F21/606 , G06F21/85
摘要： The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译：本发明提供计算机系统中的组件之间的可靠的边带通信，从而可以避免使用系统总线。两个组件可以通过除总线（例如，红外线端口，电线，未使用的引脚等）之外的方式连接，由此这些组件可以在不使用系统总线的情况下进行通信。非总线通信信道可以被称为“边带”。边带频道可以用于传达可能识别用户硬件（例如，公共密钥）的信息或用户可能不希望容易被公众容易地截获的其他信息。通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。

6. 发明授权

US07730318B2 Integration of high-assurance features into an application through application factoring 有权
标题翻译：通过应用程序保理将高保证功能集成到应用程序中
公开(公告)号：US07730318B2
公开(公告)日：2010-06-01
申请号：US10693749
申请日：2003-10-24
申请人： Thekkthalackal Varugis Kurien , Kenneth D. Ray , Marcus Peinado , Paul England
发明人： Thekkthalackal Varugis Kurien , Kenneth D. Ray , Marcus Peinado , Paul England
IPC分类号： H04L9/32
CPC分类号： G06F21/53
摘要： Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.
摘要翻译：应用因子分解或分区用于将安全特征集成到常规应用中。应用程序的功能根据给定操作是否涉及敏感数据的处理而分为两组。创建独立的软件对象（处理器）来执行这两组操作。值得信赖的处理器处理安全数据并在高保证环境中运行。当另一个处理器遇到安全数据时，该数据被发送到可信处理器。以允许将数据路由到可信处理器的方式包装数据，并且防止数据被除可信处理器之外的任何实体解密。提供了一个基础设施，用于包装对象，将它们路由到正确的处理器，并通过一系列信任来验证其完整性，并将其引导回已知可靠的基础组件。

7. 发明授权

US07591014B2 Program authentication on environment 有权
标题翻译：环境方案认证
公开(公告)号：US07591014B2
公开(公告)日：2009-09-15
申请号：US11072982
申请日：2005-03-04
申请人： Paul England , Thekkthalackal Varugis Kurien
发明人： Paul England , Thekkthalackal Varugis Kurien
IPC分类号： G06F7/04
CPC分类号： G06F21/57
摘要： To authenticate a program on a computing device to a resource local to or remote from the computing device, a stored program security identifier (PSID) corresponding to the program is retrieved, where the stored PSID includes information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program. The PSID is re-constructed based on the same information as obtained from local sources, and the stored and reconstructed PSIDs are compared to determine whether a match exists. If so, it may be concluded that the program operates in a trusted manner according to an approved set of conditions.
摘要翻译：为了将计算设备上的程序认证到本地或远离计算设备的资源，检索与程序相对应的存储的程序安全标识符（PSID），其中存储的PSID包括考虑程序本身的信息，执行程序的设置以及提供给程序的任何输入和初始化。基于从本地源获得的相同信息重新构建PSID，并且比较存储和重建的PSID以确定是否存在匹配。如果是这样，可以得出结论，该程序根据一组批准的条件以可信任的方式运行。

8. 发明申请

US20070282757A1 Logon and machine unlock integration 有权
标题翻译：登录和机器解锁集成
公开(公告)号：US20070282757A1
公开(公告)日：2007-12-06
申请号：US11445821
申请日：2006-06-02
申请人： Ravindra N. Pandya , Paul England
发明人： Ravindra N. Pandya , Paul England
IPC分类号： G06Q99/00
CPC分类号： G06F21/32 , G06F21/31 , G06F21/34 , G06Q20/3821 , G06Q20/4012
摘要： A method of avoiding a second login of user information in an encrypted disk computer system includes a communications path for transferring user login information. The login information is acquired and used by a first software module which authenticates the user to decrypt a disk with an encrypted operating system. The same login information is transferred using the communications channel to a second use which logs the user into the decrypted operating system. The method also supports multiple users through maintenance of multiple users credentials.
摘要翻译：在加密的磁盘计算机系统中避免用户信息的第二次登录的方法包括用于传送用户登录信息的通信路径。登录信息由第一软件模块获取和使用，该软件模块验证用户使用加密的操作系统对磁盘进行解密。使用通信信道将相同的登录信息传送到用户登录到解密的操作系统中的第二种使用。该方法还通过维护多个用户的凭据来支持多个用户。

9. 发明授权

US07818255B2 Logon and machine unlock integration 有权
标题翻译：登录和机器解锁集成
公开(公告)号：US07818255B2
公开(公告)日：2010-10-19
申请号：US11445821
申请日：2006-06-02
申请人： Ravindra N. Pandya , Paul England
发明人： Ravindra N. Pandya , Paul England
IPC分类号： G06F21/00
CPC分类号： G06F21/32 , G06F21/31 , G06F21/34 , G06Q20/3821 , G06Q20/4012
摘要： A method of avoiding a second login of user information in an encrypted disk computer system includes a communications path for transferring user login information. The login information is acquired and used by a first software module which authenticates the user to decrypt a disk with an encrypted operating system. The same login information is transferred using the communications channel to a second use which logs the user into the decrypted operating system. The method also supports multiple users through maintenance of multiple users credentials.
摘要翻译：在加密的磁盘计算机系统中避免用户信息的第二次登录的方法包括用于传送用户登录信息的通信路径。登录信息由第一软件模块获取和使用，该软件模块验证用户使用加密的操作系统对磁盘进行解密。使用通信信道将相同的登录信息传送到用户登录到解密的操作系统中的第二种使用。该方法还通过维护多个用户的凭据来支持多个用户。

10. 发明申请

US20070028096A1 Certifying and grouping distributed objects 失效
标题翻译：认证和分组分布式对象
公开(公告)号：US20070028096A1
公开(公告)日：2007-02-01
申请号：US11194100
申请日：2005-07-29
申请人： Paul England , Muthukrishnan Paramasivam , Thekkthalackal Kurien , Charles Rose , Ravindra Pandya
发明人： Paul England , Muthukrishnan Paramasivam , Thekkthalackal Kurien , Charles Rose , Ravindra Pandya
IPC分类号： H04L9/00
CPC分类号： H04L9/3263 , H04L2209/60
摘要： Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.
摘要翻译：这里公开了一种用于认证可分发物体的技术。该技术涉及为每个可分发对象创建一个认证，以指示对象的属性。使用这样的认证，只能从指定的实体接受具有某些属性的对象。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式