SAFE COMMAND EXECUTION AND ERROR RECOVERY FOR STORAGE DEVICES
    41.
    发明申请
    SAFE COMMAND EXECUTION AND ERROR RECOVERY FOR STORAGE DEVICES 有权
    存储设备的安全执行和错误恢复

    公开(公告)号:US20090106628A1

    公开(公告)日:2009-04-23

    申请号:US11875219

    申请日:2007-10-19

    IPC分类号: G11C29/00

    摘要: Techniques for execution of commands securely within a storage device are disclosed. Integrity of a command interpreter is verified before allowing it to execute commands within the storage device. The integrity of the commands can also be checked to safeguard against various threats including, for example, malicious attacks, unintentional errors and defects that can adversely affect stored content and execution. Error recovery techniques can be used to reconstruct the command interpreter and/or commands that are found to be defective. In addition, secure techniques can be used to obtain trusted versions of the command interpreter and/or commands from an authenticated external source.

    摘要翻译: 公开了用于在存储设备内安全地执行命令的技术。 验证命令解释器的完整性,然后允许其在存储设备中执行命令。 还可以检查命令的完整性以防止各种威胁,例如恶意攻击,无意错误和可能对存储的内容和执行产生不利影响的缺陷。 错误恢复技术可用于重建发现有缺陷的命令解释器和/或命令。 此外,可以使用安全技术从认证的外部源获取命令解释器和/或命令的可信版本。

    Reusing style sheet assets
    42.
    发明授权
    Reusing style sheet assets 失效
    重新使用样式表资产

    公开(公告)号:US08375296B2

    公开(公告)日:2013-02-12

    申请号:US12827538

    申请日:2010-06-30

    IPC分类号: G06F17/27

    CPC分类号: G06F17/30899

    摘要: In a first embodiment of the present invention, a method is provided comprising: parsing a document, wherein the document contains at least one reference to a style sheet; for each referenced style sheet: determining if a ruleset corresponding to the referenced style sheet is contained in a first local cache; if the ruleset corresponding to the style sheet is contained in the first local cache; if the referenced style sheet is not contained in the first local cache, parsing the referenced style sheet to derive a ruleset; and applying the ruleset(s) to the document to derive a layout for displaying the document.

    摘要翻译: 在本发明的第一实施例中,提供了一种方法,包括:解析文档,其中所述文档包含至少一个对样式表的引用; 对于每个引用的样式表:确定与所引用的样式表相对应的规则集是否包含在第一本地高速缓存中; 如果与样式表相对应的规则集包含在第一本地高速缓存中; 如果引用的样式表不包含在第一本地缓存中,则解析引用的样式表以导出规则集; 并将规则集应用于文档以导出用于显示文档的布局。

    Sandboxing technology for webruntime system
    43.
    发明授权
    Sandboxing technology for webruntime system 有权
    用于webruntime系统的沙盒技术

    公开(公告)号:US09064111B2

    公开(公告)日:2015-06-23

    申请号:US13412496

    申请日:2012-03-05

    IPC分类号: G06F21/00 G06F21/53 G06F21/62

    摘要: In a first embodiment of the present invention, a method of providing security enforcements of widgets in a computer system having a processor and a memory is provided, comprising: extracting access control information from a widget process requesting a service, generating access control rules customized for the widget process, and providing the access control rules to a trusted portion of the computer system outside of the user code space of a Web Runtime (WRT) system; and for any static access control rule, delegating security checking of the widget process from the WRT system to the trusted portion of the computer system.

    摘要翻译: 在本发明的第一实施例中,提供了一种在具有处理器和存储器的计算机系统中提供小部件的安全执行的方法,包括:从请求服务的小窗口进程提取访问控制信息,生成为 窗口小部件处理,以及将访问控制规则提供给在Web运行时(WRT)系统的用户代码空间之外的计算机系统的受信任部分; 并且对于任何静态访问控制规则,将该widget进程的安全性检查从WRT系统委托给该计算机系统的受信任部分。

    Method and apparatus for secure web widget runtime system
    44.
    发明授权
    Method and apparatus for secure web widget runtime system 有权
    用于安全的Web窗口小部件运行时系统的方法和装置

    公开(公告)号:US08893225B2

    公开(公告)日:2014-11-18

    申请号:US13274061

    申请日:2011-10-14

    IPC分类号: G06F21/00 G06F21/10 G06F21/62

    CPC分类号: G06F21/00 G06F21/10 G06F21/62

    摘要: The security of web widgets is improved by transferring a set of access control decisions conventionally handled by the Web Runtime system (WRT) to a more secure portion of the computing system, such as a kernel in the operating system. Access control rules are extracted and provided to the more secure portion. This may be performed during widget installation or at invocation of a widget. During runtime, the more secure portion performs security checking functions for the widget instead of the WRT.

    摘要翻译: 通过将通常由Web运行时系统(WRT)处理的一组访问控制决定转移到诸如操作系统中的内核的计算系统的更安全的部分来改进web小部件的安全性。 访问控制规则被提取并提供给更安全的部分。 这可以在小部件安装期间或在调用小部件时执行。 在运行时,更安全的部分执行小部件而不是WRT的安全检查功能。

    Web application script migration
    45.
    发明授权
    Web application script migration 有权
    Web应用程序脚本迁移

    公开(公告)号:US08595284B2

    公开(公告)日:2013-11-26

    申请号:US12637316

    申请日:2009-12-14

    IPC分类号: G06F15/16 G06F9/44 G06F9/45

    摘要: In a first embodiment of the present invention, a method is provided comprising: determining if a portion of a script of web application code within a web application is migratable to a remote infrastructure, wherein the portion of the script contains one or more functions; and modifying the portion of the script if the portion of the script is migratable, such that execution of the portion of the script results in the one or more functions being executed on the remote infrastructure, wherein the remote infrastructure is not restricted to the device on which the web application was designed or distributed.

    摘要翻译: 在本发明的第一实施例中,提供了一种方法,包括:确定web应用程序内的web应用代码的脚本的一部分是否可迁移到远程基础设施,其中该脚本的该部分包含一个或多个功能; 以及如果所述脚本的所述部分是可移动的,则修改所述脚本的所述部分,使得所述脚本的所述部分的执行导致所述远程基础设施上执行的所述一个或多个功能,其中所述远程基础设施不限于所述设备上 Web应用程序的设计或分发。

    Marking documents with executable text for processing by computing systems
    46.
    发明授权
    Marking documents with executable text for processing by computing systems 有权
    用可执行文本标记文档以供计算系统处理

    公开(公告)号:US09058489B2

    公开(公告)日:2015-06-16

    申请号:US12693168

    申请日:2010-01-25

    IPC分类号: G06F17/00 G06F21/56

    CPC分类号: G06F21/563 G06F2221/2119

    摘要: Techniques for processing documents with executable text are disclosed. The techniques, among other things, can effectively address XSS attacks to Internet users when browsing web sites. Content deemed not to be trusted or fully trusted (“untrusted”) can be marked in a document that can include executable text. Remedial action, including not allowing execution of executable text marked as “untrusted” can be taken. In addition, when the document is processed, content deemed not to be trusted or fully trusted (“untrusted”) can be effectively monitored in order to identify executable text that may have been effectively produced by “untrusted” content and/or somehow may have been affected by “untrusted” content.

    摘要翻译: 公开了用可执行文本处理文件的技术。 除了别的以外,这些技术可以有效地解决浏览网站时对Internet用户的XSS攻击。 被认为不被信任或完全信任(“不信任”)的内容可被标记在可包含可执行文本的文档中。 可以采取补救措施,包括不允许执行标有“不信任”的可执行文本。 此外,当处理文档时,可以有效地监视被认为不被信任或完全信任(“不信任”)的内容,以便识别可能由“不受信任”的内容有效地产生的可执行文本和/或以某种方式可能具有 受到“不信任”内容的影响。

    Safely processing and presenting documents with executable text
    47.
    发明授权
    Safely processing and presenting documents with executable text 有权
    安全地处理和呈现可执行文本的文件

    公开(公告)号:US08997217B2

    公开(公告)日:2015-03-31

    申请号:US12693152

    申请日:2010-01-25

    摘要: Techniques for processing documents with executable text are disclosed. The techniques, among other things, can effectively address XSS attacks to Internet users when browsing web sites. Content deemed not to be trusted or fully trusted (“untrusted”) can be marked in a document that can include executable text. Remedial action, including not allowing execution of executable text marked as “untrusted” can be taken. In addition, when the document is processed, content deemed not to be trusted or fully trusted (“untrusted”) can be effectively monitored in order to identify executable text that may have been effectively produced by “untrusted” content and/or somehow may have been affected by “untrusted” content.

    摘要翻译: 公开了用可执行文本处理文件的技术。 除了别的以外,这些技术可以有效地解决浏览网站时对Internet用户的XSS攻击。 被认为不被信任或完全信任(“不信任”)的内容可被标记在可包含可执行文本的文档中。 可以采取补救措施,包括不允许执行标有“不信任”的可执行文本。 此外,当处理文档时,可以有效地监视被认为不被信任或完全信任(“不信任”)的内容,以便识别可能由“不受信任”的内容有效地产生的可执行文本和/或以某种方式可能具有 受到“不信任”内容的影响。

    Securely upgrading or downgrading platform components
    49.
    发明授权
    Securely upgrading or downgrading platform components 失效
    安全升级或降级平台组件

    公开(公告)号:US08667270B2

    公开(公告)日:2014-03-04

    申请号:US13371195

    申请日:2012-02-10

    摘要: A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.

    摘要翻译: 提供一种用于安全地改变平台组件的方法,包括:为所述设备分配用于公共加密的证书和签名验证密钥; 为升级服务器分配公共加密证书和签名验证密钥; 相互验证包含平台组件和升级服务器的设备; 使设备和升级服务器交换会话密钥; 并且使用会话密钥向平台组件提供从升级服务器到设备的改变。