会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Secure multicast content delivery
    • 安全的多播内容传送
    • US08218772B2
    • 2012-07-10
    • US12165201
    • 2008-06-30
    • Onur AciicmezXinwen ZhangJean-Pierre Seifert
    • Onur AciicmezXinwen ZhangJean-Pierre Seifert
    • H04L9/00
    • H04L63/06H04L12/1859H04L2463/062
    • In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key.
    • 在一个实施例中,提供了一种用于在服务提供商和终端之间建立安全组播信道的方法。 从服务提供商接收到终端配置的请求。 首先将终端的配置发送给服务提供商。 获得安全密钥,其中安全性在第一时间被绑定到终端的配置。 然后使用终端的配置在第二时间对安全密钥进行解密,其中如果第二次终端的配置与终端的配置不同,则解密失败。 然后使用安全密钥与服务提供商建立安全的多播信道。
    • 3. 发明授权
    • Security-enhanced storage devices using media location factor in encryption of hidden and non-hidden partitions
    • 使用媒体位置因子加密隐藏和非隐藏分区的安全增强型存储设备
    • US08112634B2
    • 2012-02-07
    • US12132862
    • 2008-06-04
    • Onur AciicmezXinwen ZhangJean-Pierre Seifert
    • Onur AciicmezXinwen ZhangJean-Pierre Seifert
    • G06F11/30G06F12/14
    • H04L9/0872
    • Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk.
    • 描述用于增加或加强存储在诸如硬盘驱动器的存储设备中的数据的安全性的方法和设备。 存储设备提供存储在设备中的存储介质的隐藏和非隐藏分区中的数据的增加或加强的安全性。 可以使用算法来导出用于在从硬盘读取或写入硬盘之前加密或解密文本的密钥。 该算法接受特定媒体位置因子的输入,诸如文本被读取或写入的块的结束地址或起始地址以及存储组件的秘密密钥。 算法的输出是可以在加密和解密过程中使用的最终密钥。 因此,以这种方式,最终密钥取决于数据被写入或读取的块的位置,从而使得更难以篡改可以存储在隐藏或非隐藏分区中的数据 一个硬盘。
    • 5. 发明申请
    • CONSISTENT SECURITY ENFORCEMENT FOR SAFER COMPUTING SYSTEMS
    • 一致的安全执行,为安全的计算机系统
    • US20100162240A1
    • 2010-06-24
    • US12343154
    • 2008-12-23
    • Xinwen ZhangJean-Pierre SeifertOnur Aciicmez
    • Xinwen ZhangJean-Pierre SeifertOnur Aciicmez
    • G06F9/455
    • G06F21/577
    • Security can be enforced in a consistent manner with respect to various computing environments that may be operable in a computing system. Consistent security criteria can be generated, based on input security criterion, in a computer readable and storable form and stored in a computer readable storage medium, thereby allowing the consistent security criterion to be effectively provided to a computing system for enforcement of the input security criterion in a consistent manner with respect to, for example, (a) a first executable computer code effectively supported by an Operating System (OS), and (b) a second computer code effectively supported by the Virtual Computing Environment (VCE). A Trusted Component (TC) can effectively provide a consistent security criterion as a part and/or form that is suitable for a particular computing environment. The TC can, for example, be an automated tool that performs various functions including: verifying the consistency of security criteria, generation and deployment of consistent security criteria, and transformation of security criteria to parts and/or forms suitable for various computing environments. In addition, a Virtual Computing Environment (VCE) can obtain from the Operating System (OS) one or more security criteria. The Virtual Computing Environment (VCE) can be operable in a Trusted Computing Environment (TCE) and interface with a Trusted Operating System (TOS) that effectively enforces Mandatory Access Control (MAC), thereby allowing the Virtual Computing Environment (VCE) to leverage the security provided by the OS. The OS can, for example, be a Security-Enhanced Linux (SELinux) Operating System operating as a Trusted Component in a Trusted Environment that includes a Trusted Security Agent (TSA) operable to deploy consistent security criteria.
    • 相对于可在计算系统中可操作的各种计算环境,可以以一致的方式实施安全性。 可以基于输入安全标准以计算机可读和可存储的形式生成一致的安全标准,并存储在计算机可读存储介质中,从而允许将一致的安全标准有效地提供给计算系统,以便执行输入的安全标准 以相对于例如(a)由操作系统(OS)有效支持的第一可执行计算机代码和(b)由虚拟计算环境(VCE)有效支持的第二计算机代码以一致的方式。 可信组件(TC)可以有效地提供一致的安全标准作为适合特定计算环境的部分和/或形式。 例如,TC可以是执行各种功能的自动化工具,包括:验证安全标准的一致性,生成和部署一致的安全标准,以及将安全标准转换为适用于各种计算环境的部件和/或形式。 此外,虚拟计算环境(VCE)可以从操作系统(OS)获得一个或多个安全标准。 虚拟计算环境(VCE)可以在可信计算环境(TCE)中进行操作,并与可靠的操作系统(TOS)进行接口,可靠的操作系统(TOS)有效地强制执行强制访问控制(MAC),从而允许虚拟计算环境(VCE)利用 OS提供的安全性。 例如,操作系统可以是在可信环境中作为受信任组件运行的安全增强型Linux(SELinux)操作系统,其中包含可操作以部署一致的安全性标准的可信安全代理(TSA)。
    • 6. 发明申请
    • DETECTING UNAUTHORIZED USE OF COMPUTING DEVICES BASED ON BEHAVIORAL PATTERNS
    • 检测基于行为模式的计算机设备的未经授权的使用
    • US20090199296A1
    • 2009-08-06
    • US12025678
    • 2008-02-04
    • Liang XieXinwen ZhangJean-Pierre SeifertOnur AciicmezAfshin Latifi
    • Liang XieXinwen ZhangJean-Pierre SeifertOnur AciicmezAfshin Latifi
    • G06F11/00
    • H04L63/1416G06F21/316G06F21/552G06F21/554G06F21/566H04L63/1408H04L63/145
    • Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.
    • 公开了用于检测计算系统(例如,计算设备)的未经授权的使用(例如,恶意攻击)的技术。 可以基于计算系统的使用模式(例如,通常与人相关联的行为模式)来检测未经授权的使用。 可以通过监视在计算系统上运行的支持系统(例如,操作系统,虚拟环境)的使用来为计算系统生成可接受的行为模式数据。 例如,可以监视支持系统的多个系统支持提供商组件(例如,系统调用,设备驱动程序),以便以有效地定义可接受的使用模式(使用模式)的形式生成可接受的行为模式数据, 用于监视的系统支持提供者组件,从而通过检测与受监视的系统支持提供商组件的可接受的使用模式的任何偏离来允许检测计算系统的未经授权的使用。
    • 7. 发明申请
    • SECURING STORED CONTENT FOR TRUSTED HOSTS AND SAFE COMPUTING ENVIRONMENTS
    • 保护有关主机和安全计算环境的存储内容
    • US20090049510A1
    • 2009-02-19
    • US11839439
    • 2007-08-15
    • Xinwen ZhangOnur AciicmezJean-Pierre SeifertQingwei Ma
    • Xinwen ZhangOnur AciicmezJean-Pierre SeifertQingwei Ma
    • G06F21/00G06F15/16G06F9/455H04L9/32H04L9/30G06F17/00
    • G06F21/53G06F21/57G06F21/79
    • Techniques for protecting content to ensure its use in a trusted environment are disclosed. The stored content is protected against harmful and/or defective host (or hosted) environments. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device. A trusted host can effectively provide a safe virtual environment that allows a content representing a copy (or image) of an original computing environment to operate on the host computing system to give a similar appearance as the original computing environment.
    • 公开了用于保护内容以确保其在可信环境中使用的技术。 存储的内容受到保护,防止有害和/或缺陷的主机(或托管)环境。 为设备提供的受信任的安全组件可以在允许内容与主机联系之前验证存储的内容和主机的内部完整性。 作为计数器部件,为主机提供的可信安全组件可以验证和证实可以为存储在设备中的内容提供的主机和/或特定主机计算环境的完整性。 为设备提供的受信任的安全性组件基于为主机提供的可信安全组件所证明的信息有效地验证主机完整性。 如果信任的安全组件信任主机,则允许可信主机提供受信任的主机计算环境,以便对存储在设备中的内容安全。 可信主机可以有效地提供安全的虚拟环境,其允许表示原始计算环境的副本(或图像)的内容在主机计算系统上操作以给出与原始计算环境相似的外观。
    • 8. 发明授权
    • Detecting unauthorized use of computing devices based on behavioral patterns
    • 根据行为模式检测未经授权使用计算设备
    • US08595834B2
    • 2013-11-26
    • US12025678
    • 2008-02-04
    • Liang XieXinwen ZhangJean-Pierre SeifertOnur AciicmezAfshin Latifi
    • Liang XieXinwen ZhangJean-Pierre SeifertOnur AciicmezAfshin Latifi
    • G06F21/00H04L29/06
    • H04L63/1416G06F21/316G06F21/552G06F21/554G06F21/566H04L63/1408H04L63/145
    • Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.
    • 公开了用于检测计算系统(例如,计算设备)的未经授权的使用(例如,恶意攻击)的技术。 可以基于计算系统的使用模式(例如,通常与人相关联的行为模式)来检测未经授权的使用。 可以通过监视在计算系统上运行的支持系统(例如,操作系统,虚拟环境)的使用来为计算系统生成可接受的行为模式数据。 例如,可以监视支持系统的多个系统支持提供商组件(例如,系统调用,设备驱动程序),以便以有效地定义可接受的使用模式(使用模式)的形式生成可接受的行为模式数据, 用于监视的系统支持提供者组件,从而通过检测与受监视的系统支持提供商组件的可接受的使用模式的任何偏离来允许检测计算系统的未经授权的使用。
    • 9. 发明授权
    • Safe and efficient access control mechanisms for computing environments
    • 安全高效的计算环境访问控制机制
    • US08510805B2
    • 2013-08-13
    • US12108455
    • 2008-04-23
    • Xinwen ZhangJean-Pierre SeifertOnur AciicmezAfshin Latifi
    • Xinwen ZhangJean-Pierre SeifertOnur AciicmezAfshin Latifi
    • G06F15/16H04L29/06G06F17/30
    • G06F12/1458
    • Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System).
    • 公开了用于控制对计算环境的可访问组件的访问的改进的技术。 这些技术可以用于为移动和嵌入式系统提供强制访问控制(MAC)机制。 确定组件可尝试访问的一个或多个可访问组件(例如,可访问资源),使得可以以如下方式来存储一个或多个访问许可:如果组件尝试访问一个或多个可访问组件 从而允许基于容易获得的访问权限来访问要被确定的一个或多个可访问组件。 通常,可以根据需要识别和存储访问权限。 可以例如基于使用的可能性来识别访问权限,或者可以确定和存储所有可能的访问许可。 安全(例如,受信任的)访问控制(或监视)系统(或组件)可以控制对计算环境的资源的访问。 例如,可以使用安全操作系统(例如,SELinux操作系统)的强制访问控制(MAC)功能在安全和受信任的操作环境中提供可信赖的访问监控系统。