公开(公告)号：US20140096068A1

公开(公告)日：2014-04-03

申请号：US13631288

申请日：2012-09-28

申请人： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

发明人： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC分类号： G06F3/0481 ,  G06F3/041

CPC分类号： G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

摘要： A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

摘要翻译： 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US20140095870A1

公开(公告)日：2014-04-03

申请号：US13631419

申请日：2012-09-28

申请人： Prashant Dewan ,  David M. Durham

发明人： Prashant Dewan ,  David M. Durham

IPC分类号： G06F21/00 ,  H04L9/32

CPC分类号： H04L9/3231 ,  G06F21/32 ,  H04L9/0866 ,  H04L63/0428 ,  H04L63/0861 ,  H04L67/02 ,  H04L67/42

摘要： A method and device for securely displaying web content with secure web objects across untrusted channels includes downloading web content from a web server. The web content includes tags that a web browser uses to authenticate the current user and identify encrypted web objects packaged in the web content. The computing device authenticates the current user using a biometric recognition procedure. If the current user is authenticated and determined to be authorized to view the decrypted web object, the encrypted web object is decrypted and displayed to the user. If the user is unauthenticated, the encrypted web object is displayed in place of the encrypted web object such that the decrypted web object is displayed for only authorized persons physically present at the computing device. The biometric recognition procedure and web object decryption processes are protected through secure media path circuitry and secure memory.

摘要翻译： 用于在不受信任的频道上安全地显示具有安全web对象的web内容的方法和装置包括从Web服务器下载web内容。 网页内容包括网页浏览器用来验证当前用户并识别打包在网页内容中的加密网页对象的标签。 计算设备使用生物识别程序认证当前用户。 如果当前用户被认证并被确定为被授权以查看解密的web对象，则加密的web对象被解密并显示给用户。 如果用户未经身份验证，则加密的web对象被显示代替加密的web对象，使得被解密的web对象被显示给仅在物理存在于计算设备处的授权人员。 生物识别程序和web对象解密过程通过安全媒体路径电路和安全存储器进行保护。

公开(公告)号：US08635705B2

公开(公告)日：2014-01-21

申请号：US12658876

申请日：2010-02-17

申请人： Ravi L. Sahita ,  David M. Durham ,  Steve Orrin ,  Yasser Rasheed ,  Prasanna G. Mulgaonkar ,  Paul S. Schmitz ,  Hormuzd M. Khosravi

发明人： Ravi L. Sahita ,  David M. Durham ,  Steve Orrin ,  Yasser Rasheed ,  Prasanna G. Mulgaonkar ,  Paul S. Schmitz ,  Hormuzd M. Khosravi

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F21/53 ,  G06F21/55

摘要： In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.

摘要翻译： 在一些实施例中，方法可以提供带外（OOB）代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中，可管理性引擎可以向带内和带外安全代理提供带外连接，并提供对系统存储器资源的访问，而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。

公开(公告)号：US07653727B2

公开(公告)日：2010-01-26

申请号：US10809316

申请日：2004-03-24

申请人： David M. Durham ,  Vincent J. Zimmer ,  Carey W. Smith ,  Raj Yavatkar ,  Travis T. Schluessler ,  Dylan C. Larson ,  Carlos V. Rozas

发明人： David M. Durham ,  Vincent J. Zimmer ,  Carey W. Smith ,  Raj Yavatkar ,  Travis T. Schluessler ,  Dylan C. Larson ,  Carlos V. Rozas

IPC分类号： G06F15/173 ,  G06F9/00 ,  G06F9/24 ,  G06F15/177

CPC分类号： G06F9/4411

摘要： Cooperative embedded agents as well as manageability and security operations that can be performed on a host system having cooperative embedded agents are disclosed.

摘要翻译： 公开了可以在具有协作嵌入式代理的主机系统上执行的协同嵌入式代理以及可管理性和安全性操作。

公开(公告)号：US20080163375A1

公开(公告)日：2008-07-03

申请号：US11647896

申请日：2006-12-28

申请人： Uday R. Savagaonkar ,  David M. Durham

发明人： Uday R. Savagaonkar ,  David M. Durham

IPC分类号： H04L9/32

CPC分类号： G06F21/64

摘要： Methods and apparatuses enable embedding integrity manifest information into a program in volatile memory. Instead of having fixed integrity manifest information that cannot be changed after compilation, a file of a format supporting relocatable file sections can store the integrity manifest information for a program. The integrity manifest information can be modified in-line, while the file is loaded in volatile memory, and the information stored to disk for later re-use. The program and its associated file can include a modifiable integrity manifest indicator that provides the location and size of the integrity manifest, and can be changed as appropriate. The indicator can be passed to a service processor to indicate the integrity manifest to the service processor.

摘要翻译： 方法和装置能够将完整性清单信息嵌入到易失性存储器中的程序中。 编译后无法修改无法修改的完整性清单信息，而是支持可重定位文件段的格式的文件可以存储程序的完整性清单信息。 完整性清单信息可以在线修改，同时将文件加载到易失性存储器中，并将信息存储到磁盘以供以后重新使用。 该程序及其关联的文件可以包括可修改的完整性清单指示符，其提供完整性清单的位置和大小，并且可以适当地改变。 指示符可以被传递到服务处理器以指示服务处理器的完整性清单。

公开(公告)号：US06601082B1

公开(公告)日：2003-07-29

申请号：US09365101

申请日：1999-07-30

申请人： David M. Durham ,  Russell J. Fenger ,  Rajendra S. Yavatkar

发明人： David M. Durham ,  Russell J. Fenger ,  Rajendra S. Yavatkar

IPC分类号： G06F900

CPC分类号： H04L41/28 ,  H04L63/0227 ,  H04L63/105

摘要： A system and method for managing a network using a policy tree which includes a plurality of levels (e.g., two levels, five levels, etc.) is described. When the network receives a request to provide an action to a particular source, the network determines if the action is available as a function of at least one level of the plurality of levels. If the action is available, the network determines if the particular source is authorized to be provided with the action as a function of at least one rule of at least one further level of the plurality of levels. If the particular source is authorized, the network provides the action to the particular source.

摘要翻译： 描述了使用包括多个级别（例如，两个级别，五个等级等）的策略树来管理网络的系统和方法。 当网络接收到向特定源提供动作的请求时，网络确定该动作是否可用作为多个级别中的至少一个级别的函数。 如果动作可用，则网络确定特定源是否被授权被提供作为多个级别中的至少一个进一步级别的至少一个规则的函数的动作。 如果特定的源被授权，则网络向特定的源提供动作。

公开(公告)号：US4010887A

公开(公告)日：1977-03-08

申请号：US573572

申请日：1975-04-30

申请人： David M. Durham

发明人： David M. Durham

IPC分类号： B65D5/02 ,  B65D5/36 ,  B65D85/20 ,  B65D3/04

CPC分类号： B65D5/3621 ,  B65D5/0227

摘要： A pre-cut, pre-folded carton having a hexagonally shaped, preformed bottom with upwardly extending walls which form at the top thereof a generally circular top for receiving and retaining the bottom, enlarged portion of an egg-shaped container therein. A die-cut blank is first formed with a rear wall section and a pair of front wall sections. Each section is of a height sufficient to receive the largest diameter of the egg-shaped container therein and includes depending lower flap portions. The bottom is formed by folding and gluing the lower flap sections. The resulting carton has a first, flat position in which the bottom wall is folded up between the front and rear walls, and a second, open position where the flap sections, which are already secured to form a folded bottom section, are automatically unfolded or extended to form a double-thickness, hexagonal shaped bottom wall. An upper flap folds downwardly and inwardly from the upper edges of the front and rear wall to form a retaining member of reduced diameter which prevents inadvertent removal of the container.

公开(公告)号：US20180285559A1

公开(公告)日：2018-10-04

申请号：US15472181

申请日：2017-03-28

申请人： Rodrigo Branco ,  Xiaoning Li ,  David M. Durham ,  Hongliang Gao ,  Stephen A. Fischer ,  Baiju V. Patel

发明人： Rodrigo Branco ,  Xiaoning Li ,  David M. Durham ,  Hongliang Gao ,  Stephen A. Fischer ,  Baiju V. Patel

IPC分类号： G06F21/52 ,  G06F21/55 ,  G06F15/78

摘要： The present disclosure is directed to systems and methods for detecting stack-pivot attacks in a processor-based device. Processor circuitry executes one or more applications via sequential execution of instructions on a stack. Stack pivot attacks occur when an attacker takes control of the stack and uses the stack to execute a series of code sections referred to as “gadgets.” A stack-pivot attack detector establishes an allowable processor stack offset change value associated with an application and monitors a processor stack offset change value responsive to an occurrence of a processor stack exchange instruction. A stack-pivot attack is detected when the processor offset change value exceeds the allowable processor stack offset change value. Upon detecting a stack-pivot attack, the stack-pivot detection circuitry causes the selective termination of the application.

公开(公告)号：US20180189464A1

公开(公告)日：2018-07-05

申请号：US15395399

申请日：2016-12-30

申请人： Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Karanvir S. Grewal ,  David M. Durham

发明人： Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Karanvir S. Grewal ,  David M. Durham

IPC分类号： G06F21/12

CPC分类号： G06F21/126 ,  G06F2221/0735

摘要： A trusted time service is provided that can detect resets of a real-time clock and re-initialize the real-time clock with the correct time. The trusted time service provides a secure communication channel from an application requesting a timestamp to the real-time clock, so that malicious code (such as a compromised operating system) cannot intercept a timestamp as it is communicated from the real-time clock to the application. The trusted time service synchronizes wall-clock time with a trusted time server, as well as protects against replay attacks, where a valid data transmission (such as transmission of a valid timestamp) is maliciously or fraudulently repeated or delayed.

公开(公告)号：US20160283750A1

公开(公告)日：2016-09-29

申请号：US14669235

申请日：2015-03-26

申请人： David M. Durham ,  Siddhartha Chhabra ,  Jungju Oh ,  Men Long ,  Eugene M. Kishinevsky

发明人： David M. Durham ,  Siddhartha Chhabra ,  Jungju Oh ,  Men Long ,  Eugene M. Kishinevsky

IPC分类号： G06F21/79 ,  G06F12/14 ,  H04L9/08 ,  G06F21/71 ,  H04L9/06

CPC分类号： G06F21/79 ,  G06F12/1408 ,  G06F21/71 ,  G06F2212/1052 ,  H04L9/0891 ,  H04L9/3242

摘要： In an embodiment, a processor includes: at least one core to execute instructions; a cache memory coupled to the at least one core to store data; and a tracker cache memory coupled to the at least one core. The tracker cache memory includes entries to store an integrity value associated with a data block to be written to a memory coupled to the processor. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，处理器包括：执行指令的至少一个核心; 耦合到所述至少一个核心以存储数据的高速缓存存储器; 以及耦合到所述至少一个核的跟踪器缓存存储器。 跟踪器缓存存储器包括用于存储与要写入耦合到处理器的存储器的数据块相关联的完整性值的条目。 描述和要求保护其他实施例。