-
公开(公告)号:US09251336B1
公开(公告)日:2016-02-02
申请号:US14252373
申请日:2014-04-14
Applicant: GOOGLE INC.
Inventor: Luigi Semenzato , William Alexander Drewry , Gaurav Shah , Randall Spangler , Sumit Gwalani
CPC classification number: G06F21/51 , G06F8/65 , G06F21/572
Abstract: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.
Abstract translation: 为了提供安全的安装和执行软件环境,维护锁定的版本号。 可以存储与软件程序相关联的锁定版本号。 当接收到使用更新包更新软件程序的请求时,可将更新包的包编号与锁定的版本号进行比较。 如果软件包号码至少与锁定版本号码一样,则可以使用更新软件包更新软件程序,并且如果软件包编号早于锁定的版本号,则可以限制具有更新软件包的软件程序的更新 。
-
2.发明授权公开(公告)号:US09152798B1
公开(公告)日:2015-10-06
申请号:US13758347
申请日:2013-02-04
Applicant: Google Inc.
Inventor: William Alexander Drewry , David Kimbal Dorwin
Abstract: A sandboxed application issues a request to enable content protection for audio and video content. The request is sent via an application programming interface to an unsandboxed application. The request is received from the unsandboxed application by an output device. After receiving the request, content protection is enabled and the output device employs a certificate to create a signed message indicating the content protection is enabled. The sandboxed application verifies the request has been fulfilled based on the signed message, and provides protected audio and video content.
Abstract translation: 沙盒应用程序发出请求以启用音频和视频内容的内容保护。 该请求通过应用程序编程接口发送到未分组的应用程序。 该请求由输出设备从未分组的应用程序接收。 收到请求后,启用内容保护,输出设备使用证书创建一个签名消息,指示启用了内容保护。 沙盒应用程序根据签名的消息验证请求是否已满足,并提供受保护的音频和视频内容。
-
公开(公告)号:US20170097830A1
公开(公告)日:2017-04-06
申请号:US14874320
申请日:2015-10-02
Applicant: Google Inc.
Inventor: Daniel Ari Ehrenberg , William Alexander Drewry
CPC classification number: G06F9/4416 , G06F9/4406 , G06F12/0246 , G06F21/57 , G06F21/575 , G06F21/602 , G06F2212/7201
Abstract: A device including a NAND-flash memory comprising a read-only portion storing boot code and a key, and a system on a chip (SoC) coupled to the NAND-flash memory is provided. The SoC includes a read-only memory (ROM) storing one or more instructions and a processor configured to execute, upon startup, the one or more instructions stored in the ROM to request from the NAND-flash memory the boot code and the key. The processor further configured to load and execute the boot code to perform a chain of trust verification process on subsequent code during a booting process using the key. A method for using the device is also presented.
-
公开(公告)号:US09524159B2
公开(公告)日:2016-12-20
申请号:US14631750
申请日:2015-02-25
Applicant: Google Inc.
Inventor: Elizabeth Sandra Fong-Jones , William Alexander Drewry
CPC classification number: G06F8/65 , G06F8/61 , G06F9/4401 , G06F9/4406
Abstract: Systems and methods for updating operating system software are provided. In some aspects, an update for an operating system of a computing device is received, at a first time, at the computing device. A pre-reboot state of the computing device is stored at a second time. The pre-reboot state includes login information for logging into the computing device as a specified user of the computing device, the specified user of the computing device being logged into the computing device at the second time. The computing device is rebooted. Prior to or during rebooting of the computing device, the operating system of the computing device is updated according to the received update. After rebooting the computing device, user access is provided to the updated operating system according to the stored pre-reboot state of the computing device.
-
公开(公告)号:US09135212B2
公开(公告)日:2015-09-15
申请号:US13691635
申请日:2012-11-30
Applicant: Google Inc.
Inventor: Joao Paulo Pagaime da Silva , Kenneth Edward Mixter , Raymond Lo , Glenn Wilson , William Alexander Drewry , Bin Zhao , Sumit Gwalani , Mattias Stefan Nissler
IPC: G06F15/177 , H04L29/06
CPC classification number: H04L63/083 , H04L63/0428 , H04L63/0823
Abstract: A system and a method for registering an electronic device are provided. An auto-enrollment status of an electronic device by an enterprise is determined based on hash information associated with an identifier for the electronic device. In a case where the auto-enrollment status of the electronic device is determined to require auto-enrollment of the electronic device by the enterprise, one or more configuration settings for the electronic device as designated by the enterprise are identified, and the electronic device is requested to adopt the one or more configuration settings as designated by the enterprise in response to providing the auto-enrollment login interface to the electronic device.
Abstract translation: 提供了一种用于登记电子设备的系统和方法。 基于与电子设备的标识符相关联的哈希信息来确定企业的电子设备的自动注册状态。 在电子设备的自动注册状态被确定为要求企业自动注册电子设备的情况下,识别由企业指定的电子设备的一个或多个配置设置,并且电子设备是 响应于向电子设备提供自动注册登录界面,请求采用企业指定的一个或多个配置设置。
-
Patent Agency Ranking
公开(公告)号:US09420005B1
公开(公告)日:2016-08-16
申请号:US14221205
申请日:2014-03-20
Applicant: Google Inc.
Inventor: Glenn Wilson , Sumit Gwalani , William Alexander Drewry , Mattias Stefan Nissler
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/08 , H04L63/0823 , H04L67/306 , H04L67/34
Abstract: Systems and methods for installing policy settings on a client computing device are provided. In some aspects, the client computing device receives policy data and a public key from a server. The policy data are authenticated based on the public key. Policy settings based on the authenticated policy data are installed on the client computing device. Installing the policy settings based on the authenticated policy data on the client computing device includes storing information based on the policy data in a module on the client computing device. The module is secured by the public key from the server and a signature generated on the client computing device to prevent the stored information from being moved or copied by a user of the client computing device.
Abstract translation: 提供了在客户端计算设备上安装策略设置的系统和方法。 在一些方面,客户端计算设备从服务器接收策略数据和公钥。 策略数据根据公钥进行认证。 基于认证策略数据的策略设置安装在客户端计算设备上。 基于客户端计算设备上的认证策略数据来安装策略设置包括将基于策略数据的信息存储在客户端计算设备上的模块中。 该模块通过来自服务器的公钥和在客户端计算设备上生成的签名来保护,以防止存储的信息被客户端计算设备的用户移动或复制。
-
公开(公告)号:US08990793B1
公开(公告)日:2015-03-24
申请号:US14098451
申请日:2013-12-05
Applicant: Google Inc.
Inventor: Elizabeth Sandra Fong-Jones , William Alexander Drewry
CPC classification number: G06F8/65 , G06F8/61 , G06F9/4401 , G06F9/4406
Abstract: Systems and methods for updating operating system software are provided. In some aspects, an update for an operating system of a computing device is received, at a first time, at the computing device. A pre-reboot state of the computing device is stored at a second time. The pre-reboot state includes login information for logging into the computing device as a specified user of the computing device, the specified user of the computing device being logged into the computing device at the second time. The computing device is rebooted. Prior to or during rebooting of the computing device, the operating system of the computing device is updated according to the received update. After rebooting the computing device, user access is provided to the updated operating system according to the stored pre-reboot state of the computing device.
Abstract translation: 提供了更新操作系统软件的系统和方法。 在一些方面,计算设备的操作系统的更新在第一时间在计算设备处被接收。 第二次存储计算设备的预重新启动状态。 预重新启动状态包括作为计算设备的指定用户登录到计算设备的登录信息,计算设备的指定用户在第二时间登录到计算设备。 重新启动计算设备。 在重新启动计算设备之前或期间,根据接收到的更新来更新计算设备的操作系统。 在重新启动计算设备之后,根据存储的计算设备的重新启动前状态向更新的操作系统提供用户访问。
-
公开(公告)号:US10311240B1
公开(公告)日:2019-06-04
申请号:US14835652
申请日:2015-08-25
Applicant: Google Inc.
Inventor: Mattias Stefan Nissler , William Alexander Drewry , Darren David Krahn
Abstract: Aspects of the subject technology relate to systems and methods for remote storage security. An encryption key is generated based at least on data stored locally by a computing device. The encryption key is bound to a context of the computing device. Data is encrypted using the encryption key. The encrypted data and information associated with the binding of the encryption key are provided for transmission to another computing device.
-
公开(公告)号:US10025600B2
公开(公告)日:2018-07-17
申请号:US14874320
申请日:2015-10-02
Applicant: Google Inc.
Inventor: Daniel Ari Ehrenberg , William Alexander Drewry
IPC: G06F12/00 , G06F9/4401 , G06F12/02
Abstract: A device including a NAND-flash memory comprising a read-only portion storing boot code and a key, and a system on a chip (SoC) coupled to the NAND-flash memory is provided. The SoC includes a read-only memory (ROM) storing one or more instructions and a processor configured to execute, upon startup, the one or more instructions stored in the ROM to request from the NAND-flash memory the boot code and the key. The processor further configured to load and execute the boot code to perform a chain of trust verification process on subsequent code during a booting process using the key. A method for using the device is also presented.
-
公开(公告)号:US09391980B1
公开(公告)日:2016-07-12
申请号:US14077120
申请日:2013-11-11
Applicant: Google Inc.
Inventor: Darren Krahn , Sumit Gwalani , William Alexander Drewry
CPC classification number: G06F21/57 , H04L63/1433
Abstract: Systems and methods for enterprise platform verification are provided. In some aspects, a computing device includes a trusted platform module (TPM). The TPM includes an endorsement key (EK) physically embedded in the TPM. The TPM includes an attestation identity key (AIK), the AIK being used to verify that at least one TPM-protected key different from the EK and different from the AIK is generated at the TPM and is non-migratable. The TPM includes an enterprise machine key (EMK), the EMK being certified by the AIK, the EMK being uniquely associated with the client computing device, and the EMK being generated during enrollment of the client computing device with an enterprise and remaining active until a factory reset of the client computing device.
Abstract translation: 提供企业级平台验证的系统和方法。 在一些方面,计算设备包括可信平台模块(TPM)。 TPM包括物理上嵌入在TPM中的认可密钥(EK)。 TPM包括认证身份密钥(AIK),AIK用于验证在TPM处生成不同于EK并且不同于AIK的至少一个TPM保护的密钥,并且是不可迁移的。 TPM包括企业机器密钥(EMK),EMK由AIK认证,EMK与客户端计算设备唯一相关,EMK在客户端计算设备与企业注册期间生成,并保持活动状态,直到 出厂复位的客户端计算设备。
-
-
-
-
-
-
-
-
-
Search Results
15
records
(took 0.012 seconds)
