公开(公告)号：US07110985B2

公开(公告)日：2006-09-19

申请号：US11266381

申请日：2005-11-03

申请人： Charlie David Chase, Jr. ,  Krishnamurthy Ganesan ,  Philip J. Lafornara ,  Jeffrey Richard McKune ,  Clifford Paul Strom ,  Vijay K. Gajjala

发明人： Charlie David Chase, Jr. ,  Krishnamurthy Ganesan ,  Philip J. Lafornara ,  Jeffrey Richard McKune ,  Clifford Paul Strom ,  Vijay K. Gajjala

IPC分类号： G06Q99/00

CPC分类号： G06F21/10 ,  G06F2221/0771

摘要： Content revocation is achieved by disabling licenses issued to a computing device for the content. A content revocation is delivered within a license to the computing device. Upon license storage the content revocation is recognized, validated, and stored in a secure state store under the public key of the content server (PU-CS) that issued the content. Each license has a (PU-CS) therein, and each license evaluation considers each content revocation stored in the state store and having the same (PU-CS). The license is disabled or otherwise affected based on the considered content revocation. A content revocation is one form of a license modification that may be delivered within a license.

公开(公告)号：US07644287B2

公开(公告)日：2010-01-05

申请号：US10902244

申请日：2004-07-29

申请人： Timothy J. Oerting ,  Philip J. Lafornara ,  Robert Ian Oliver ,  Scott A. Brender ,  Michael David Marr

发明人： Timothy J. Oerting ,  Philip J. Lafornara ,  Robert Ian Oliver ,  Scott A. Brender ,  Michael David Marr

IPC分类号： G06F11/30

CPC分类号： G06F21/51

摘要： Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by using pre-computed portion-level verification data for portions of the module smaller than the whole (e.g. at the page-level). A portion of the module as loaded into memory for execution can be verified. Pre-computed portion-level verification data is retrieved from storage and used to verify the loaded portions of the executable. Verification data may be, for example, a digitally signed hash of the portion. Where the operating system loader has modified the portion for execution, the modifications are reversed, removing any changes performed by the operating system. If the portion has not been tampered, this will return the portion to its original pre-loaded state. This version is then used to determine validity using the pre-computed portion-level verification. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually reverified, in order to ensure that no malicious changes have been made in the module.

摘要翻译： 通过对小于整个模块的部分（例如在页面级别）使用预先计算的部分级验证数据来启用加载在存储器（整体或部分）中用于执行的模块的动态运行时验证 ）。 可以验证加载到存储器中用于执行的模块的一部分。 从存储器检索预先计算的部分级验证数据，并用于验证可执行文件的加载部分。 验证数据可以是例如该部分的经数字签名的散​​列。 在操作系统加载程序修改了执行部分的情况下，修改将相反，从而删除操作系统执行的任何更改。 如果该部分没有被篡改，这将使该部分返回到其原始预加载状态。 然后使用该版本使用预先计算的部分级验证来确定有效性。 此外，在执行模块期间，可以验证装载的模块的新部分/页面，以确保它们未被更改，并且可以制作模块的热页面列表，包括要不断重新验证的页面， 以确保模块中不会发生恶意更改。

公开(公告)号：US20080022132A1

公开(公告)日：2008-01-24

申请号：US11449553

申请日：2006-06-07

申请人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

发明人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

IPC分类号： G06F12/14

CPC分类号： G06F21/85 ,  G06F21/78 ,  G06F2221/2113 ,  H04L9/0836

摘要： Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.

摘要翻译： 通过使用单个密码引擎执行磁盘操作来控制对诸如磁盘的存储设备的访问。 与控制对存储设备的访问相关联的分层结构的每个层相关联的密钥被组合。 这种组合的结果被用作密码引擎的关键。 要从存储装置检索和写入存储装置的数据利用组合密钥由加密引擎进行操作。 通过组合与分层结构的层相关联的功能来组合密钥。 组合功能可以包括排他或功能，加密散列函数或其组合。

公开(公告)号：US07305366B2

公开(公告)日：2007-12-04

申请号：US11266580

申请日：2005-11-03

申请人： Charlie David Chase, Jr. ,  Krishnamurthy Ganesan ,  Philip J. Lafornara ,  Jeffrey Richard McKune ,  Clifford Paul Strom ,  Vijay K. Gajjala

发明人： Charlie David Chase, Jr. ,  Krishnamurthy Ganesan ,  Philip J. Lafornara ,  Jeffrey Richard McKune ,  Clifford Paul Strom ,  Vijay K. Gajjala

IPC分类号： G06Q99/00

CPC分类号： G06F21/10 ,  G06F2221/0771

摘要： Content revocation is achieved by disabling licenses issued to a computing device for the content. A content revocation is delivered within a license to the computing device. Upon license storage the content revocation is recognized, validated, and stored in a secure state store under the public key of the content server (PU-CS) that issued the content. Each license has a (PU-CS) therein, and each license evaluation considers each content revocation stored in the state store and having the same (PU-CS). The license is disabled or otherwise affected based on the considered content revocation. A content revocation is one form of a license modification that may be delivered within a license.

摘要翻译： 内容撤销是通过禁用向内容的计算设备颁发的许可证来实现的。 内容撤销在许可证中传送到计算设备。 在许可证存储时，内容吊销被识别，验证并存储在发布内容的内容服务器（PU-CS）的公钥下的安全状态存储中。 每个许可证中有一个（PU-CS），每个许可证评估考虑存储在状态存储中并具有相同（PU-CS）的每个内容撤消。 根据考虑的内容撤销，许可证被禁用或受到其他影响。 内容撤销是许可证修改的一种形式，可以在许可证中传递。