专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07698731B2 Security architecture and mechanism to access and use security components in operating system 有权
标题翻译：在操作系统中访问和使用安全组件的安全架构和机制
公开(公告)号：US07698731B2
公开(公告)日：2010-04-13
申请号：US10973067
申请日：2004-10-25
申请人： Stephen L. Johnson , Jinhong Katherine Guo , Il-Pyung Park
发明人： Stephen L. Johnson , Jinhong Katherine Guo , Il-Pyung Park
IPC分类号： G06F17/00
CPC分类号： H04L63/0263 , H04L63/04
摘要： A security architecture is provided for accessing security components associated with an operating system. The security architecture is generally comprised of: a policy tree storing a plurality of security policies, where each security policy is define as at least one system call which correlates to a security operation and a corresponding security component for executing the security operation; and a policy manager adapted to intercept system calls from the operating system and operable to determine an applicable response based on the policy tree. The policy tree and the policy manager reside in a protected memory space of the execution environment.
摘要翻译：提供安全架构用于访问与操作系统相关联的安全组件。安全架构通常包括：存储多个安全策略的策略树，其中每个安全策略被定义为与安全操作相关联的至少一个系统调用和用于执行安全操作的对应的安全组件; 以及策略管理器，其适于拦截来自所述操作系统的系统呼叫并可操作以基于所述策略树来确定适用的响应。策略树和策略管理器驻留在执行环境的受保护的内存空间中。

2. 发明授权

US07600117B2 Mandatory access control scheme with active objects 有权
标题翻译：具有活动对象的强制访问控制方案
公开(公告)号：US07600117B2
公开(公告)日：2009-10-06
申请号：US10953745
申请日：2004-09-29
申请人： Jinhong Katherine Guo , Stephen L. Johnson , Il-Pyung Park
发明人： Jinhong Katherine Guo , Stephen L. Johnson , Il-Pyung Park
IPC分类号： H04L29/06 , G06F17/30
CPC分类号： G06F21/6218 , G06F21/629 , Y10S707/99939
摘要： Access control is mediated by a set of 2-tuple labels or attributes which are associated with subject and object entities, respectively. Subject entitles, such as processes, have separate read and write attributes, while object entities, such as files, have separate integrity and write control attributes. The system implements a set of rules to provide both integrity control and confidentiality protection. Specifically, write operations to an object are inhibited where the subject's write attribute is lower than the write control attribute of the object. Read operations from an object are inhibited where the subject's read attribute is lower than the object's integrity attribute. When a subject reads from an object having a lower integrity level than the subject's read attribute, the subject's read attribute is demoted.
摘要翻译：访问控制由一组与主体和对象实体相关联的2元组标签或属性来介导。主体实体（如进程）具有单独的读取和写入属性，而对象实体（如文件）具有单独的完整性和写入控制属性。该系统实施一套规则，以提供完整性控制和机密性保护。具体来说，当对象的写入属性低于对象的写入控制属性时，禁止对对象的写入操作。禁止在对象的读取属性低于对象的完整性属性的情况下读取对象的操作。当主体从具有比主体的读取属性更低的完整性级别的对象读取时，主题的读取属性被降级。

3. 发明授权

US07243235B2 Mandatory access control (MAC) method 有权
标题翻译：强制访问控制（MAC）方法
公开(公告)号：US07243235B2
公开(公告)日：2007-07-10
申请号：US10863784
申请日：2004-06-08
申请人： Jinhong Katherine Guo , Stephen L. Johnson , Il-Pyung Park
发明人： Jinhong Katherine Guo , Stephen L. Johnson , Il-Pyung Park
IPC分类号： H04L9/00 , G06F7/04 , G06F17/30 , H04L9/32 , H04L12/22 , G06F11/00 , G06F13/00
CPC分类号： H04L63/102 , G06F21/6218 , G06F2221/2113 , Y10S707/99939
摘要： A mandatory access control method for securing an operating system is presented. A first integrity subject reads a first object. The first integrity subject attempts to read a second object. It is determined that a conflict exists between the first and second objects. At least one security rule is applied to the conflict between the first and the second objects.
摘要翻译：提出了一种用于保护操作系统的强制访问控制方法。第一个完整性主体读取第一个对象。第一个完整性主体尝试读取第二个对象。确定在第一和第二对象之间存在冲突。至少一个安全规则被应用于第一和第二对象之间的冲突。

4. 发明申请

US20050273619A1 Mandatory access control (MAC) method 有权
标题翻译：强制访问控制（MAC）方法
公开(公告)号：US20050273619A1
公开(公告)日：2005-12-08
申请号：US10863784
申请日：2004-06-08
申请人： Jinhong Katherine Guo , Stephen Johnson , Il-Pyung Park
发明人： Jinhong Katherine Guo , Stephen Johnson , Il-Pyung Park
IPC分类号： G06F21/00 , H04K1/00 , H04L29/06
CPC分类号： H04L63/102 , G06F21/6218 , G06F2221/2113 , Y10S707/99939
摘要： A mandatory access control method for securing an operating system is presented. A first integrity subject reads a first object. The first integrity subject attempts to read a second object. It is determined that a conflict exists between the first and second objects. At least one security rule is applied to the conflict between the first and the second objects.
摘要翻译：提出了一种用于保护操作系统的强制访问控制方法。第一个完整性主体读取第一个对象。第一个完整性主体尝试读取第二个对象。确定在第一和第二对象之间存在冲突。至少一个安全规则被应用于第一和第二对象之间的冲突。

5. 发明申请

US20070300300A1 Statistical instrusion detection using log files 审中-公开
标题翻译：使用日志文件统计入侵检测
公开(公告)号：US20070300300A1
公开(公告)日：2007-12-27
申请号：US11475537
申请日：2006-06-27
申请人： Jinhong K. Guo , Stephen L. Johnson , Il-Pyung Park
发明人： Jinhong K. Guo , Stephen L. Johnson , Il-Pyung Park
IPC分类号： G06F12/14 , G06F11/00 , G06F12/16 , G06F15/18 , G08B23/00
CPC分类号： H04L63/1441 , G06F21/552 , H04L63/1416
摘要： An intrusion detection system includes a computer readable datastore containing a double Markov model for modeling events in system log files of a computer system by looking at multiple log files and correlations among different log files. An intrusion detection module performs intrusion detection by using the double Markov model to assess probability that a new event is an intrusion, including routinely scanning the system logging data and processing the data periodically. A countermeasures module takes countermeasures when an intrusion is detected.
摘要翻译：入侵检测系统包括计算机可读数据存储，其包含用于通过查看多个日志文件和不同日志文件之间的相关性对计算机系统的系统日志文件中的事件进行建模的双Markov模型。入侵检测模块通过使用双马尔可夫模型来评估新事件是入侵的概率，包括定期扫描系统日志记录数据和周期性处理数据来执行入侵检测。一种对策模块在检测到入侵时采取对策。

6. 发明授权

US07774599B2 Methodologies to secure inter-process communication based on trust 有权
标题翻译：基于信任来确保进程间通信的方法
公开(公告)号：US07774599B2
公开(公告)日：2010-08-10
申请号：US11532159
申请日：2006-09-15
申请人： Jinhong Guo , Stephen L. Johnson , Il-Pyung Park , Lasse Bigum , Henrik Davidsen , Lars T. Mikkelsen , Egon Pedersen , Anders Ravn , Emmanuel Fleury
发明人： Jinhong Guo , Stephen L. Johnson , Il-Pyung Park , Lasse Bigum , Henrik Davidsen , Lars T. Mikkelsen , Egon Pedersen , Anders Ravn , Emmanuel Fleury
IPC分类号： H04L29/06
CPC分类号： H04L9/3263 , G06F21/57 , G06F21/606 , H04L9/3247 , H04L2209/08 , H04L2209/56
摘要： A system securing inter-process communication (IPC) based on trust includes a user quota mechanism to provide resource management of IPC's. A single user is allowed to allocate a fixed amount of objects less than a system maximum. A trusted IPC mechanism mediates access to IPC objects by employing signed executables signed by a key and containing a list of trusted keys. A trust relationship is used among a set of subjects connected to an IPC to determine whether communication can be carried out between processes. In order for the processes to communicate via an IPC, either they have to trust each other, or a kernel must trust one process and that process must also trust the other process.
摘要翻译：基于信任确保进程间通信（IPC）的系统包括用户配额机制，以提供IPC的资源管理。允许单个用户分配少于系统最大值的固定数量的对象。受信任的IPC机制通过使用由密钥签名并包含可信密钥列表的签名的可执行文件来介入对IPC对象的访问。在与IPC连接的一组主题中使用信任关系，以确定是否可以在进程之间执行通信。为了使进程通过IPC进行通信，或者它们必须相互信任，或内核必须信任一个进程，该进程也必须信任另一进程。

7. 发明申请

US20070186274A1 Zone based security model 审中-公开
标题翻译：基于区域的安全模型
公开(公告)号：US20070186274A1
公开(公告)日：2007-08-09
申请号：US11348882
申请日：2006-02-07
申请人： Michel Thrysoe , Jinhong Guo , Stephen Johnson , Il-Pyung Park
发明人： Michel Thrysoe , Jinhong Guo , Stephen Johnson , Il-Pyung Park
IPC分类号： H04L9/32
CPC分类号： G06F21/53
摘要： An access control method includes dividing a data processing system into multiple zones. Memberships of processes and objects in the zones are identified, and internal relationships between the zones are defined. The relationships between the zones are used to grant or deny processes access to objects based on their memberships in the zones and positions of the processes in the zones.
摘要翻译：访问控制方法包括将数据处理系统划分为多个区域。识别区域中的进程和对象的成员资格，并且定义区域之间的内部关系。区域之间的关系用于根据其在区域中的进程的区域和位置中的成员资格来授予或拒绝进程对对象的访问。

8. 发明申请

US20060085345A1 Right to receive data 审中-公开
标题翻译：接收数据的权利
公开(公告)号：US20060085345A1
公开(公告)日：2006-04-20
申请号：US10968766
申请日：2004-10-19
申请人： Rajesh Khandelwal , David Braun , Il-Pyung Park , Yue Ma , Stephen Johnson , Luyang Li
发明人： Rajesh Khandelwal , David Braun , Il-Pyung Park , Yue Ma , Stephen Johnson , Luyang Li
IPC分类号： G06Q99/00
CPC分类号： H04N7/17318 , H04N7/165 , H04N7/1675 , H04N7/17327 , H04N21/25875 , H04N21/47202 , H04N21/6581
摘要： A computer-implemented method is presented that allows a user to receive a work such as a movie at any time and at any location. A first client connects to a server through a network. A work is selected through the first client. Transaction data related to a user's right to receive a work is created and stored. A request is sent to the server to transmit the work. The work is transmitted to either the first or the second clients at any time based upon the user's right to receive the work.
摘要翻译：提供了一种计算机实现的方法，其允许用户在任何时间和任何位置接收诸如电影的工作。第一个客户端通过网络连接到服务器。通过第一个客户端选择一个工作。创建并存储与用户接收作业的权限相关的事务数据。一个请求被发送到服务器传输工作。根据用户接收工作的权利，工作随时被传送到第一或第二客户端。

9. 发明申请

US20080120720A1 Intrusion detection via high dimensional vector matching 审中-公开
标题翻译：通过高维矢量匹配的入侵检测
公开(公告)号：US20080120720A1
公开(公告)日：2008-05-22
申请号：US11601864
申请日：2006-11-17
申请人： Jinhong Guo , Daniel Weber , Stephen Johnson , Il-Pyung Park
发明人： Jinhong Guo , Daniel Weber , Stephen Johnson , Il-Pyung Park
IPC分类号： G06F21/00
CPC分类号： G06F21/552
摘要： A method is provided for detecting intrusions to a computing environment. The method includes: monitoring system calls made to an operating system during a defined period of time; evaluating the system calls made during the defined time period in relation to system calls made during known intrusions; and evaluating the temporal sequence in which system calls were made during the defined time period when the system calls made match the system calls made during a known intrusion. If a potential intrusion is detected at this stage, then a more complicated detection scheme may be performed by a second detection scheme. For instance, the second detection scheme may assess the temporal sequence in which the system calls were made and/or the system files accessed by the system calls.
摘要翻译：提供了一种用于检测对计算环境的入侵的方法。该方法包括：在定义的时间段内监视对操作系统的系统调用; 评估在定义的时间段内与在已知入侵期间进行的系统呼叫相关的系统呼叫; 并且在系统调用所规定的时间段期间评估进行系统调用的时间序列，使得在已知入侵期间进行的系统呼叫匹配。如果在该阶段检测到潜在入侵，则可以通过第二检测方案来执行更复杂的检测方案。例如，第二检测方案可以评估系统调用的时间顺序和/或系统调用所访问的系统文件。

10. 发明申请

US20060218226A1 Automatic recording based on preferences 审中-公开
标题翻译：根据喜好自动录制
公开(公告)号：US20060218226A1
公开(公告)日：2006-09-28
申请号：US11087876
申请日：2005-03-23
申请人： Stephen Johnson , Rajesh Khandelwal , Yue Ma , Il-Pyung Park , Luyang Li
发明人： Stephen Johnson , Rajesh Khandelwal , Yue Ma , Il-Pyung Park , Luyang Li
IPC分类号： G06F15/16
CPC分类号： H04L67/16 , H04L63/08 , H04L67/06 , H04L67/24
摘要： An intelligent agent has a local component associated with a user device and a network component capable of mobility that will traverse different locations on a network to discover available media content that meets the user's stored preferences. Using published presence information or user schedule information, the intelligent agent will locate a user device accessible to the user and provide notification when media content of interest is discovered. The intelligent agent mediates the media acquisition and delivery process. Content can be delivered to any one or more diverse user devices, based on user instructions or preferences. The intelligent agent interacts with authentication and purchasing mechanisms to effect secure transactions on the user's behalf.
摘要翻译：智能代理具有与用户设备相关联的本地组件和能够移动的网络组件，其将遍历网络上的不同位置以发现满足用户存储的偏好的可用媒体内容。使用已发布的存在信息或用户进度信息，智能代理将定位用户可访问的用户设备，并且在发现感兴趣的媒体内容时提供通知。智能代理介入媒体采集和传送过程。可以基于用户指令或偏好将内容传送到任何一个或多个不同的用户设备。智能代理与认证和购买机制交互，以代表用户实现安全交易。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式