公开(公告)号：US07805765B2

公开(公告)日：2010-09-28

申请号：US11319329

申请日：2005-12-28

申请人： David C. Challener ,  Daryl C. Cromer ,  Howard J. Locker ,  David R. Safford ,  Randall S. Springfield

发明人： David C. Challener ,  Daryl C. Cromer ,  Howard J. Locker ,  David R. Safford ,  Randall S. Springfield

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16

CPC分类号： G06F21/565 ,  G06F2221/2151

摘要： Executable files are extended with a file signature containing a header containing validation data. This header may be added to an existing executable and linking format (ELF) header, added as a new section, or placed in a file's extended attribute store. The header contains results of all previous validation checks that have been performed. The file signature is inserted, with a date stamp, into the file attributes. On execution, the system checks the previously-created file signature against a current file signature, instead of creating the file signature for every file during the execution process. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the execution program create a new file signature at the time of execution.

摘要翻译： 可执行文件使用包含包含验证数据的标题的文件签名进行扩展。 该头可以被添加到现有的可执行和链接格式（ELF）头部，作为新部分添加或放置在文件的扩展属性存储中。 标题包含已执行的所有先前验证检查的结果。 将文件签名带有日期戳插入到文件属性中。 执行时，系统会根据当前文件签名检查先前创建的文件签名，而不是在执行过程中为每个文件创建文件签名。 检查以确保文件签名是安全的，并且是有效的和最新的，也被实现。 只有当文件签名无效且最新的执行程序在执行时才会创建新的文件签名。

公开(公告)号：US07752667B2

公开(公告)日：2010-07-06

申请号：US11024914

申请日：2004-12-28

申请人： David C. Challener ,  Daryl C. Cromer ,  Howard J. Locker ,  David R. Safford ,  Randall S. Springfield

发明人： David C. Challener ,  Daryl C. Cromer ,  Howard J. Locker ,  David R. Safford ,  Randall S. Springfield

IPC分类号： G06F11/04 ,  G06F12/14 ,  G06F12/16

CPC分类号： G06F21/565 ,  G06F2221/2151

摘要： A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the file attributes. The virus scan program checks the previously-created file signature against the virus signature file instead of creating the file signature for every file during the virus scan. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the virus scan program create a new file signature at the time of the running of the virus scan.

摘要翻译： 公开了显着地减少进行病毒扫描所需的时间量的过程和实施方式。 每次修改文件（即每个“文件写入”文件）时都会创建文件签名。 将文件签名带有日期戳插入到文件属性中。 病毒扫描程序根据病毒签名文件检查先前创建的文件签名，而不是在病毒扫描期间为每个文件创建文件签名。 检查以确保文件签名是安全的，并且是有效的和最新的，也被实现。 只有当病毒扫描程序在病毒扫描运行时病毒扫描程序创建新的文件签名时，文件签名无效并且是最新的。

公开(公告)号：US20100070781A1

公开(公告)日：2010-03-18

申请号：US12621524

申请日：2009-11-19

申请人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  David R. Safford ,  Leendert Peter Van Doorn

发明人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  David R. Safford ,  Leendert Peter Van Doorn

IPC分类号： G06F11/30

CPC分类号： G06F21/575

摘要： Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.

摘要翻译： 以冗余的方式使用数据处理系统内的多个可信任的平台模块，其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本，从而生成加密的秘密数据值的多个版本，然后存储在可信平台内的非易失性存储器中。 在稍后的时间点，加密的秘密数据值由执行先前加密的可信任平台模块进行解密，然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配，则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的，因为它不能正确解密其先前加密的值 。

公开(公告)号：US6058188A

公开(公告)日：2000-05-02

申请号：US899855

申请日：1997-07-24

申请人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

发明人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/32

CPC分类号： H04L9/3247 ,  H04L9/0894 ,  H04L9/3268

摘要： In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver. The receiver verifies the signature on the key recovery information using the certified public verification key and decrypts the encrypted data only if the signature is verified as being a valid signature.

摘要翻译： 在加密通信系统中，允许加密数据的发送方向接收机证明正确地生成与加密数据一起发送的密钥恢复信息的能力的方法和装置，并且执法人员或其他人可以从其恢复原始 加密密钥 最初，发送者生成包括私有签名密钥和对应的公共验证密钥的密钥对，并将其发送到密钥恢复验证服务（KRVS）。 在发送方能够正确生成密钥恢复信息的令人满意的演示之后，KRVS生成证明公共验证密钥的证书以及发送方正确生成密钥恢复信息的能力。 发送方使用其私有签名密钥在密钥恢复信息上生成数字签名，密钥恢复信息与密钥恢复信息和加密数据一起发送给接收者。 接收者使用经认证的公开验证密钥来验证密钥恢复信息上的签名，并且只有当签名被验证为有效签名时才对加密数据进行解密。