Methods and Systems for Protecting Data in USB Systems
    11.
    发明申请
    Methods and Systems for Protecting Data in USB Systems 审中-公开
    USB系统数据保护方法与系统

    公开(公告)号:US20090313397A1

    公开(公告)日:2009-12-17

    申请号:US12348487

    申请日:2009-01-05

    IPC分类号: G06F13/28

    摘要: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

    摘要翻译: 下面描述的各种实施例旨在从在USB总线上操作的I / O设备到主机(例如安全软件应用或安全内核)上执行的软件提供经认证和保密的消息传递。 这些实施例可以防止在主计算机上执行的软件所征收的攻击。 在一些实施例中,提供了安全的功能部件或模块,并且可以使用加密技术来提供对USB数据的观察和操纵的保护。 在其他实施例中,USB数据可以通过不被利用(或不需要利用)加密技术的技术来保护。 根据这些实施例,USB设备可以被指定为“安全”,因此,可以通过USB向这些指定设备发送和从这些指定设备发送的数据提供到受保护的存储器中。 可以利用内存间接技术来确保进出安全设备的数据受到保护。

    Saving and retrieving data based on symmetric key encryption
    12.
    发明授权
    Saving and retrieving data based on symmetric key encryption 有权
    基于对称密钥加密保存和检索数据

    公开(公告)号:US07587589B2

    公开(公告)日:2009-09-08

    申请号:US11557641

    申请日:2006-11-08

    IPC分类号: H04L29/06

    CPC分类号: G06F21/6218

    摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

    摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用对称密码,以允许只有一个或多个目标程序能够从密文获得数据的方式生成包含数据的密文。 根据其他方面,从呼叫程序接收到位串。 检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。 还验证数据的完整性,并使用对称密钥对数据进行解密。 只有当主叫程序被允许访问数据并且数据的完整性被成功验证时,才将数据返回给调用程序。

    Transferring application secrets in a trusted operating system environment
    13.
    发明授权
    Transferring application secrets in a trusted operating system environment 有权
    在受信任的操作系统环境中传送应用程序秘密

    公开(公告)号:US07243230B2

    公开(公告)日:2007-07-10

    申请号:US09993340

    申请日:2001-11-16

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57 G06F21/606

    摘要: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

    摘要翻译: 在受信任的操作系统环境中传送应用程序秘密涉及接收将应用数据从源计算设备传送到目的地计算设备的请求。 检查应用数据是否可以传送到目的地计算设备,如果是,可以在用户或第三方的控制下传送应用数据。 如果这些检查成功,还要检查目的地计算设备是否是运行已知可靠软件的值得信赖的设备。 还从适当的用户或第三方接收输入以控制将应用数据传送到目的地计算设备。 此外,应用数据以便于确定是否可以传送应用数据的方式存储在源计算设备上,并且如果可以传送应用数据便于传送应用数据。

    Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client
    14.
    发明授权
    Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client 失效
    在数字版权管理客户端保护解密的压缩内容和解密的解密内容

    公开(公告)号:US07203313B2

    公开(公告)日:2007-04-10

    申请号:US11176661

    申请日:2005-07-07

    IPC分类号: H04N7/167 G06F21/00

    CPC分类号: G06F21/10

    摘要: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.

    摘要翻译: 防止正在呈现内容的解压缩数字内容的盗窃。 检测到请求的内容呈现的减慢。 检测到相对大量数据的传输。 检测到基于重新压缩的请求的内容呈现的减慢。 检测到重新压缩内容的再压缩。 在每种情况下,检测到的活动大概是由试图窃取内容的内容窃贼发起的。 在每种情况下,检测到的活动都以一种旨在阻止内容窃贼窃取内容的推定尝试的方式作出回应。

    Methods and systems for cryptographically protecting secure content
    15.
    发明授权
    Methods and systems for cryptographically protecting secure content 有权
    用于密码保护安全内容的方法和系统

    公开(公告)号:US07203310B2

    公开(公告)日:2007-04-10

    申请号:US10124922

    申请日:2002-04-18

    IPC分类号: H04N7/167

    CPC分类号: G06F21/83 G06F21/64 G06F21/79

    摘要: Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.

    摘要翻译: 提供了与计算设备的图形子系统相关联地加密地保护安全内容的方法和系统。 实现技术来加密视频存储器的内容,使得未经授权的软件不能获得对其的有意义的访问,从而保持机密性。 此外,提供用于篡改检测的机制,使得当数据以某种方式被改变时,意识到,从而保持完整性。 在各种实施例中,覆盖表面和/或命令缓冲器的内容被加密,和/或GPU能够对加密内容进行操作,同时防止其对不信任方,设备或软件的可用性。

    Saving and retrieving data based on public key encryption
    19.
    发明授权
    Saving and retrieving data based on public key encryption 有权
    基于公钥加密保存和检索数据

    公开(公告)号:US08683230B2

    公开(公告)日:2014-03-25

    申请号:US13015360

    申请日:2011-01-27

    IPC分类号: G06F12/14

    CPC分类号: G06F21/6218

    摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.

    摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用公钥加密来生成包含数据的密文,只有满足一个或多个条件,才允许从密文获得数据。 根据另一方面,从调用程序接收位串。 使用公钥解密解密比特串中的数据,只有满足包含在比特串中的一个或多个条件时才返回给调用程序。

    SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION
    20.
    发明申请
    SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION 有权
    根据公共密钥加密节省和检索数据

    公开(公告)号:US20110119505A1

    公开(公告)日:2011-05-19

    申请号:US13015440

    申请日:2011-01-27

    IPC分类号: G06F11/30

    CPC分类号: G06F21/6218

    摘要: In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.

    摘要翻译: 根据某些方面,接收数据并生成并输出数字签名。 数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件,或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名 一个或多个处理器。