-
41.发明申请COPY EQUIVALENT PROTECTION USING SECURE PAGE FLIPPING FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权使用执行环境中软件组件的安全页面转移的复制等效保护公开(公告)号:US20090327575A1
公开(公告)日:2009-12-31
申请号:US12164489
申请日:2008-06-30
申请人: David Durham , Prashant Dewan
发明人: David Durham , Prashant Dewan
IPC分类号: G06F12/08
CPC分类号: G06F9/455 , G06F12/145 , G06F12/1491
摘要: Embodiments of copy equivalent protection using secure page flipping for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor (VMM), Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. In an embodiment, an embedded VM is allowed to directly manipulate page table mappings so that, even without running the VMM or obtaining VMXRoot privilege, the embedded VM can directly flip pages of memory into its direct/exclusive control and back. Other embodiments may be described and claimed.
摘要翻译: 这里一般地描述使用执行环境中的软件组件的安全页面翻转的复制等效保护的实施例。 一个实施例包括虚拟机监视器(VMM),操作系统监视器或其他底层平台功能的能力,以限制仅通过特定认证,授权和验证的软件组件进行访问的存储区域,即使在其他方面受到损害的操作系统环境的一部分 。 在一个实施例中,嵌入式VM被允许直接操纵页表映射,使得即使没有运行VMM或获得VMXRoot特权,嵌入式VM也可以将存储器的页面直接翻转为其直接/排他控制和返回。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20190342093A1
公开(公告)日:2019-11-07
申请号:US16457909
申请日:2019-06-28
申请人: Siddhartha Chhabra , Prashant Dewan
发明人: Siddhartha Chhabra , Prashant Dewan
摘要: An apparatus of a computing system, a computer-readable medium, a method and a system. The apparatus comprises one or more processors that are to communicate with a computing engine of the computing system and to: receive an instruction including information on a cryptographic key; determine whether a no-decrypt mode is to be active or inactive with respect to a read request from the computing engine; when receiving the read request to read content from a memory, and in response to a determination that the no-decrypt mode is inactive, decrypt the content using the key to generate a decrypted content and send the decrypted content to the computing engine; and in response to receiving the read request, and in response to a determination that the no-decrypt mode is active, send the content to the computing engine without decrypting the content.
-
公开(公告)号:US09501668B2
公开(公告)日:2016-11-22
申请号:US14036263
申请日:2013-09-25
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , Prashant Dewan , David M. Durham , Balaji Vembu , Xiaozhu Kang , Scott Janus , Jason Martin , Vincent R. Scarlata
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , Prashant Dewan , David M. Durham , Balaji Vembu , Xiaozhu Kang , Scott Janus , Jason Martin , Vincent R. Scarlata
IPC分类号: H04N7/167 , G06F21/82 , G06F21/84 , G06F21/85 , H04N21/41 , H04N21/4143 , H04N21/4367
CPC分类号: G06F21/82 , G06F21/84 , G06F21/85 , H04N21/4122 , H04N21/4143 , H04N21/4367
摘要: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.
摘要翻译: 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括:架构受保护的存储器; 以及处理核心,其通信地耦合到所述体系结构保护的存储器,所述处理核心包括处理逻辑,所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境:执行驻留在所述体系结构保护的存储器中的指令, 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径,其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。
-
公开(公告)号:US09189620B2
公开(公告)日:2015-11-17
申请号:US12459359
申请日:2009-06-30
申请人: Prashant Dewan , Vedvyas Shanbhogue
发明人: Prashant Dewan , Vedvyas Shanbhogue
CPC分类号: G06F21/53 , G06F12/1009 , G06F12/1027
摘要: Embodiments of apparatuses, articles, methods, and systems for protecting software components using transition point wrappers are generally described herein. In one embodiment, an apparatus includes a first component, a wrapper component, and a management module. The wrapper component is to transform a transition point between the first component and a second component. The management module is to control access to the first component through the transformed transition point. Other embodiments may be described and claimed.
摘要翻译: 这里通常描述使用转换点包装器来保护软件组件的装置,物品,方法和系统的实施例。 在一个实施例中,装置包括第一部件,包装部件和管理模块。 包装部件是转换第一组件和第二组件之间的转换点。 管理模块是通过转换的转换点来控制对第一个组件的访问。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20140123235A1
公开(公告)日:2014-05-01
申请号:US13993421
申请日:2011-12-28
IPC分类号: G06F21/62
摘要: Enabling access control caches for co-processors to be charged using a VMX-nonroot instruction. As a result a transition to VMX-root is not needed, saving the cycles involved in such a transition.
摘要翻译: 使用VMX-nonroot指令为协处理器启用访问控制高速缓存。 因此,不需要转换到VMX-root,从而节省了这种转换所涉及的周期。
-
46.发明申请DEVICE AND METHOD FOR SECURE USER INTERFACE GESTURE PROCESSING USING PROCESSOR GRAPHICS 有权使用处理器图形确保用户界面姿态处理的设备和方法公开(公告)号:US20140096068A1
公开(公告)日:2014-04-03
申请号:US13631288
申请日:2012-09-28
申请人: Prashant Dewan , Siddhartha Chhabra , Xiaozhu Kang , Xiaoning Li , Uday R. Savagaonkar , David M. Durham , Paul S. Schmitz , Michael A. Goldsmith , Jason Martin
发明人: Prashant Dewan , Siddhartha Chhabra , Xiaozhu Kang , Xiaoning Li , Uday R. Savagaonkar , David M. Durham , Paul S. Schmitz , Michael A. Goldsmith , Jason Martin
IPC分类号: G06F3/0481 , G06F3/041
CPC分类号: G06F3/0481 , G06F3/041 , G06F3/04883 , G06F21/74 , G06F21/82
摘要: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.
摘要翻译: 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势,并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势,或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后,计算设备的主处理器可以从安全执行环境接收更新的视图数据。
-
47.发明申请DEVICE, METHOD, AND SYSTEM FOR CONTROLLING ACCESS TO WEB OBJECTS OF A WEBPAGE OR WEB-BROWSER APPLICATION 审中-公开用于控制访问网页或网络浏览器应用程序的WEB对象的设备,方法和系统公开(公告)号:US20140095870A1
公开(公告)日:2014-04-03
申请号:US13631419
申请日:2012-09-28
申请人: Prashant Dewan , David M. Durham
发明人: Prashant Dewan , David M. Durham
CPC分类号: H04L9/3231 , G06F21/32 , H04L9/0866 , H04L63/0428 , H04L63/0861 , H04L67/02 , H04L67/42
摘要: A method and device for securely displaying web content with secure web objects across untrusted channels includes downloading web content from a web server. The web content includes tags that a web browser uses to authenticate the current user and identify encrypted web objects packaged in the web content. The computing device authenticates the current user using a biometric recognition procedure. If the current user is authenticated and determined to be authorized to view the decrypted web object, the encrypted web object is decrypted and displayed to the user. If the user is unauthenticated, the encrypted web object is displayed in place of the encrypted web object such that the decrypted web object is displayed for only authorized persons physically present at the computing device. The biometric recognition procedure and web object decryption processes are protected through secure media path circuitry and secure memory.
摘要翻译: 用于在不受信任的频道上安全地显示具有安全web对象的web内容的方法和装置包括从Web服务器下载web内容。 网页内容包括网页浏览器用来验证当前用户并识别打包在网页内容中的加密网页对象的标签。 计算设备使用生物识别程序认证当前用户。 如果当前用户被认证并被确定为被授权以查看解密的web对象,则加密的web对象被解密并显示给用户。 如果用户未经身份验证,则加密的web对象被显示代替加密的web对象,使得被解密的web对象被显示给仅在物理存在于计算设备处的授权人员。 生物识别程序和web对象解密过程通过安全媒体路径电路和安全存储器进行保护。
-
公开(公告)号:US20190042296A1
公开(公告)日:2019-02-07
申请号:US16108453
申请日:2018-08-22
摘要: A data processing system with technology to secure a virtual machine control data structure (VMCDS) comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to run a virtual machine monitor (VMM) in the data processing system and to run guest software in a virtual machine (VM) that is managed by the VMM. The VM is based at least in part on a VMCDS for the VM. An instruction decoder in the processor recognizes and dispatches a set-mask instruction. The set-mask instruction specifies access restrictions to be imposed on the VMM with respect to the VMCDS of the VM. The processor also comprises a mask enforcer to automatically enforce the access restrictions specified by the set-mask instruction, in response to an attempt by the VMM to access the VMCDS of the VM. Other embodiments are described and claimed.
-
49.发明申请TURING TEST BASED USER AUTHENTICATION AND USER PRESENCE VERIFICATION SYSTEM, DEVICE, AND METHOD 有权基于测试的用户认证和用户存在的验证系统,设备和方法公开(公告)号:US20140230046A1
公开(公告)日:2014-08-14
申请号:US13976918
申请日:2011-12-27
IPC分类号: G06F21/32
CPC分类号: G06F21/32 , G06K9/00288 , G06K9/00899
摘要: A password-less method for authenticating a user includes capturing one or more images of a face of the user and comparing the one or more images with a previously collected face template. Randomly selected colored light and randomized blinking patterns are used to capture the images of the user. Such captured images are compared to previously collected face templates, thereby thwarting spoof attacks. A secret image, known only to the user and the device, is moved from one area of the display to another randomly selected area, using the movements of the user's head or face, thereby providing a Turing based challenge. Protected audio video path (PAVP) enabled devices and components are used to protect the challenge from malware attacks.
摘要翻译: 用于认证用户的无密码方法包括捕获用户的脸部的一个或多个图像并将一个或多个图像与先前收集的面部模板进行比较。 随机选择的彩色光和随机闪烁图案用于捕获用户的图像。 将这样的拍摄图像与先前收集的面部模板进行比较,从而阻止欺骗攻击。 使用用户和设备已知的秘密图像使用用户头部或脸部的移动从显示器的一个区域移动到另一个随机选择的区域,从而提供基于图灵的挑战。 受保护的音频视频路径(PAVP)启用的设备和组件用于保护挑战免受恶意软件攻击。
-
公开(公告)号:US20140189778A1
公开(公告)日:2014-07-03
申请号:US13729605
申请日:2012-12-28
申请人: Hong Li , Prashant Dewan
发明人: Hong Li , Prashant Dewan
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/54 , G06F21/554 , G06F21/566 , G06F21/567 , G06F2221/2141
摘要: Technologies for establishing client-level web application runtime control using a computing device include receiving application code for a browser-based application from a web server and generating machine-executable code and an access control map for the application code. The computing device receives application security information associated with the application code from local and/or remote security applications and performs a security assessment of the application code based on the application security information and the access control map. Further, the computing device establishes a runtime security policy for the browser-based application and enforces that policy.
摘要翻译: 使用计算设备建立客户端Web应用运行时间控制的技术包括从Web服务器接收基于浏览器的应用程序的应用代码,并生成机器可执行代码以及应用程序代码的访问控制图。 计算设备从本地和/或远程安全应用接收与应用代码相关联的应用安全信息,并且基于应用安全信息和访问控制映射来执行应用代码的安全评估。 此外,计算设备为基于浏览器的应用建立运行时安全策略并执行该策略。
-
-
-
-
-
-
-
-
-
搜索结果
80 条记录 (耗时 0.035 秒)
