-
公开(公告)号:US20080301440A1
公开(公告)日:2008-12-04
申请号:US11754658
申请日:2007-05-29
IPC分类号: H04L9/00
CPC分类号: G06F21/575 , G06F21/51 , G06F2221/2143
摘要: A method, computer program product, and data processing system for providing an updateable encrypted operating kernel are disclosed. In a preferred embodiment, secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.
摘要翻译: 公开了一种用于提供可更新的加密操作内核的方法,计算机程序产品和数据处理系统。 在优选实施例中,安全初始化硬件将包含敏感部分的数据和/或代码的最小安全内核解密成可执行内核的处理器可访问存储器空间的一部分。 大多数系统软件功能并不直接得到安全内核的支持,而是由使用公钥加密的动态加载内核扩展提供,以便只能使用安全内核拥有的私有密钥进行解密。 公钥/私钥对是处理器特定的。 在将控件传递给内核扩展之前,安全内核将删除其敏感部分的一个子集,只保留执行委托给内核扩展的任务所需的敏感部分。 保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。
-
公开(公告)号:US08332635B2
公开(公告)日:2012-12-11
申请号:US11754658
申请日:2007-05-29
CPC分类号: G06F21/575 , G06F21/51 , G06F2221/2143
摘要: A method, computer program product, and data processing system provide an updateable encrypted operating kernel. Secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension, the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.
摘要翻译: 一种方法,计算机程序产品和数据处理系统提供可更新的加密操作内核。 安全初始化硬件将包含敏感部分数据和/或代码的最小安全内核解密为执行内核的处理器可访问内存空间的一部分。 大多数系统软件功能并不直接得到安全内核的支持,而是由使用公钥加密的动态加载内核扩展提供,以便只能使用安全内核拥有的私有密钥进行解密。 公钥/私钥对是处理器特定的。 在将控件传递给内核扩展之前,安全内核将删除其敏感部分的一部分,仅保留执行委托给内核扩展的任务所需的敏感部分。 保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。
-
13.发明授权System and method for protecting a title key in a secure distribution system for recordable media content 失效用于保护用于可记录媒体内容的安全分发系统中的标题密钥的系统和方法公开(公告)号:US07499550B2
公开(公告)日:2009-03-03
申请号:US10775596
申请日:2004-02-09
申请人: Deirdre Michelle Joy Athaide , Kevin Thomas Driver , Lara M. Lewis , Jeffrey Bruce Lotspiech , Florian Pestoni , Savitha Srinivasan , Vladimir Zbarsky
发明人: Deirdre Michelle Joy Athaide , Kevin Thomas Driver , Lara M. Lewis , Jeffrey Bruce Lotspiech , Florian Pestoni , Savitha Srinivasan , Vladimir Zbarsky
CPC分类号: G11B20/00086 , G06F21/10 , G11B20/00347 , G11B20/00362 , G11B20/00514 , G11B20/00528 , G11B20/00855
摘要: A title key protection system includes a title key with recordable media content; storage in a repository is not required. The title key is decrypted when needed by a clearinghouse, and then re-encrypted. The title key confers rights from the content owners to the user to play and copy the content for personal use. A user downloads encrypted content from a content repository. The user's media recording device extracts an encrypted title key from the content and obtains a media key block and media ID from the physical media on which the content will be recorded. The encrypted title key, media key block, and media ID are transmitted to a clearinghouse. The clearinghouse decrypts the title key and derives a media unique key from the media key block and media ID. The clearinghouse re-encrypts the title key with the media unique key and returns this re-encrypted title key to the media recording device for recording with the content on the physical media.
摘要翻译: 标题密钥保护系统包括具有可记录媒体内容的标题密钥; 存储库中的存储不是必需的。 标题密钥在清算所需要时解密,然后重新加密。 标题密钥赋予内容所有者对用户播放和复制用于个人使用的内容的权利。 用户从内容存储库下载加密的内容。 用户的媒体记录设备从内容中提取加密的标题密钥,并从内容将被记录在物理介质上获取媒体密钥块和媒体ID。 加密的标题密钥,媒体密钥块和媒体ID被发送到结算所。 清算所解密标题密钥,并从媒体密钥块和媒体ID导出媒体唯一密钥。 票据交换所使用媒体唯一键重新加密标题密钥,并将该重新加密的标题密钥返回到媒体记录设备,以便用物理介质上的内容进行记录。
-
公开(公告)号:US08280043B2
公开(公告)日:2012-10-02
申请号:US12133658
申请日:2008-06-05
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
公开(公告)号:US20060085788A1
公开(公告)日:2006-04-20
申请号:US10952414
申请日:2004-09-29
IPC分类号: G06F9/46
CPC分类号: G06F8/30
摘要: A method of detecting tasks performed by users wherein a single task is a sequence of web URLs invocation. Task patterns are detected in web logs to identify tasks performed by users and analyze task trends over time, across corporate divisions and geographies. A grammar-based framework is used to model and detect tasks from web log patterns. The framework has two components: a declarative unit—to generate a task grammar, and a processing unit—to detect tasks from access logs by generating a state machine for applying the task grammar to the tokens associated with the access records. By analyzing user tasks, rather than just URLs, useful business information can be extracted.
摘要翻译: 检测由用户执行的任务的方法,其中单个任务是web URL调用的序列。 在Web日志中检测到任务模式,以识别用户执行的任务,并在不同的部门和地理位置分析随时间的任务趋势。 基于语法的框架用于从Web日志模式建模和检测任务。 该框架有两个组件:一个声明单元,用于生成一个任务语法,以及一个处理单元,用于通过生成用于将任务语法应用到与访问记录相关联的令牌的状态机来检测来自访问日志的任务。 通过分析用户任务,而不仅仅是URL,可以提取有用的业务信息。
-
公开(公告)号:US07860246B2
公开(公告)日:2010-12-28
申请号:US11555605
申请日:2006-11-01
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
公开(公告)号:US07694311B2
公开(公告)日:2010-04-06
申请号:US10952414
申请日:2004-09-29
CPC分类号: G06F8/30
摘要: A method of detecting tasks performed by users wherein a single task is a sequence of web URLs invocation. Task patterns are detected in web logs to identify tasks performed by users and analyze task trends over time, across corporate divisions and geographies. A grammar-based framework is used to model and detect tasks from web log patterns. The framework has two components: a declarative unit—to generate a task grammar, and a processing unit—to detect tasks from access logs by generating a state machine for applying the task grammar to the tokens associated with the access records. By analyzing user tasks, rather than just URLs, useful business information can be extracted.
摘要翻译: 检测由用户执行的任务的方法,其中单个任务是web URL调用的序列。 在Web日志中检测到任务模式,以识别用户执行的任务,并在不同的部门和地理位置分析随时间的任务趋势。 基于语法的框架用于从Web日志模式建模和检测任务。 该框架有两个组件:一个声明单元,用于生成一个任务语法,以及一个处理单元,用于通过生成用于将任务语法应用到与访问记录相关联的令牌的状态机来检测来自访问日志的任务。 通过分析用户任务,而不仅仅是URL,可以提取有用的业务信息。
-
18.发明申请System and method for protecting a title key in a secure distribution system for recordable media content 失效用于保护用于可记录媒体内容的安全分发系统中的标题密钥的系统和方法公开(公告)号:US20050177740A1
公开(公告)日:2005-08-11
申请号:US10775596
申请日:2004-02-09
申请人: Deirdre Athaide , Kevin Driver , Lara Lewis , Jeffrey Lotspiech , Florian Pestoni , Savitha Srinivasan , Vladimir Zbarsky
发明人: Deirdre Athaide , Kevin Driver , Lara Lewis , Jeffrey Lotspiech , Florian Pestoni , Savitha Srinivasan , Vladimir Zbarsky
CPC分类号: G11B20/00086 , G06F21/10 , G11B20/00347 , G11B20/00362 , G11B20/00514 , G11B20/00528 , G11B20/00855
摘要: A title key protection system includes a title key with recordable media content; storage in a repository is not required. The title key is decrypted when needed by a clearinghouse, and then re-encrypted. The title key confers rights from the content owners to the user to play and copy the content for personal use. A user downloads encrypted content from a content repository. The user's media recording device extracts an encrypted title key from the content and obtains a media key block and media ID from the physical media on which the content will be recorded. The encrypted title key, media key block, and media ID are transmitted to a clearinghouse. The clearinghouse decrypts the title key and derives a media unique key from the media key block and media ID. The clearinghouse re-encrypts the title key with the media unique key and returns this re-encrypted title key to the media recording device for recording with the content on the physical media.
摘要翻译: 标题密钥保护系统包括具有可记录媒体内容的标题密钥; 存储库中的存储不是必需的。 标题密钥在清算所需要时解密,然后重新加密。 标题密钥赋予内容所有者对用户播放和复制用于个人使用的内容的权利。 用户从内容存储库下载加密的内容。 用户的媒体记录设备从内容中提取加密的标题密钥,并从内容将被记录在物理介质上获取媒体密钥块和媒体ID。 加密的标题密钥,媒体密钥块和媒体ID被发送到结算所。 清算所解密标题密钥,并从媒体密钥块和媒体ID导出媒体唯一密钥。 票据交换所使用媒体唯一键重新加密标题密钥,并将该重新加密的标题密钥返回到媒体记录设备,以便用物理介质上的内容进行记录。
-
公开(公告)号:US20090323970A1
公开(公告)日:2009-12-31
申请号:US12133658
申请日:2008-06-05
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.019 秒)
