公开(公告)号：US08108491B2

公开(公告)日：2012-01-31

申请号：US12433190

申请日：2009-04-30

申请人： Howard Neil Anglin ,  Kandagatla Chaitanya ,  Emily Jane Ratliff ,  Elizabeth Silva ,  Yvonne Marie Young

发明人： Howard Neil Anglin ,  Kandagatla Chaitanya ,  Emily Jane Ratliff ,  Elizabeth Silva ,  Yvonne Marie Young

IPC分类号： G06F13/00

CPC分类号： H04L63/102 ,  H04L63/0245 ,  H04L67/303

摘要： A system for controlling access to global computer network comprises a gateway computing device and one or more remote computer devices that are connected to the gateway computing device. The remote computer devices will gain access to the global computer network system via the gateway computing device. In one application, the remote computer devices can communicate directly with the gateway computing device to control access to the global computer network system. The gateway computing device has the capability to store information about each remote computer device in the system. The gateway computer device can communicate with the remote computer device through local area or wide area networks.

摘要翻译： 用于控制对全局计算机网络的访问的系统包括网关计算设备和连接到网关计算设备的一个或多个远程计算机设备。 远程计算机设备将通过网关计算设备访问全局计算机网络系统。 在一个应用中，远程计算机设备可以直接与网关计算设备进行通信，以控制对全局计算机网络系统的访问。 网关计算设备具有存储系统中每个远程计算机设备的信息的能力。 网关计算机设备可以通过局域网或广域网与远程计算机设备进行通信。

公开(公告)号：US08086852B2

公开(公告)日：2011-12-27

申请号：US12207487

申请日：2008-09-09

申请人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  Nia Letise Kelley ,  Emily Jane Ratliff

发明人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  Nia Letise Kelley ,  Emily Jane Ratliff

IPC分类号： H04L9/00

CPC分类号： G06F21/53

摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

摘要翻译： 呈现一种用于在数据处理系统内实现可信计算环境的方法。 在数据处理系统内初始化管理程序，并且管理程序监视数据处理系统内的多个逻辑，可分割的运行时环境。 虚拟机管理程序为基于虚拟机管理程序的可信平台模块（TPM）预留逻辑分区，并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。 每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时，管理程序也会在保留的分区内实例化一个逻辑TPM，使得逻辑TPM被锚定到基于管理程序的TPM。 虚拟机管理程序管理保留分区内的多个逻辑TPM，使得每个逻辑TPM与逻辑分区唯一相关联。

公开(公告)号：US08024807B2

公开(公告)日：2011-09-20

申请号：US12130318

申请日：2008-05-30

申请人： Kylene Jo Hall ,  Dustin C. Kirkland ,  Emily Jane Ratliff

发明人： Kylene Jo Hall ,  Dustin C. Kirkland ,  Emily Jane Ratliff

IPC分类号： G06F9/44 ,  G06F11/00 ,  G06F12/14

CPC分类号： G06F21/577

摘要： A mechanism for determining a probabilistic security score for a software package is provided. The mechanism calculates a raw numerical score that is probabilistically linked to how many security vulnerabilities are present in the source code. The score may then be used to assign a security rating that can be used in either absolute form or comparative form. The mechanism uses a source code analysis tool to determine a number of critical vulnerabilities, a number of serious vulnerabilities, and a number of inconsequential vulnerabilities. The mechanism may then determine a score based on the numbers of vulnerabilities and the number of lines of code.

摘要翻译： 提供了一种用于确定软件包的概率安全分数的机制。 该机制计算出与数据源代码中存在多少安全漏洞概率相关的原始数值分数。 然后可以使用分数来分配可以以绝对形式或比较形式使用的安全评级。 该机制使用源代码分析工具来确定一些关键漏洞，一些严重的漏洞以及一些无关紧要的漏洞。 然后，机制可以基于漏洞的数量和代码行的数量来确定分数。

公开(公告)号：US07707411B2

公开(公告)日：2010-04-27

申请号：US12261060

申请日：2008-10-30

申请人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  Nia Letise Kelley ,  Emily Jane Ratliff

发明人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  Nia Letise Kelley ,  Emily Jane Ratliff

IPC分类号： G06F21/00

CPC分类号： G06F21/53

摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

摘要翻译： 呈现一种用于在数据处理系统内实现可信计算环境的方法。 在数据处理系统内初始化管理程序，并且管理程序监视数据处理系统内的多个逻辑，可分割的运行时环境。 虚拟机管理程序为基于虚拟机管理程序的可信平台模块（TPM）预留逻辑分区，并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。 每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时，管理程序也会在保留的分区内实例化一个逻辑TPM，使得逻辑TPM被锚定到基于管理程序的TPM。 虚拟机管理程序管理保留分区内的多个逻辑TPM，使得每个逻辑TPM与逻辑分区唯一相关联。

公开(公告)号：US07596607B2

公开(公告)日：2009-09-29

申请号：US12163873

申请日：2008-06-27

申请人： Janice Marie Girouard ,  Emily Jane Ratliff

发明人： Janice Marie Girouard ,  Emily Jane Ratliff

IPC分类号： G06F15/16

CPC分类号： H04L51/28 ,  H04L51/12

摘要： A method, apparatus, and computer instructions for managing email messages. Outgoing packets are monitored. The outgoing packets are parsed for outgoing email messages. An identification of recipients in packets for outgoing email messages is made. A list of email addresses is updated with email addresses for the identified recipients, wherein the list of email addresses is used to accept incoming email messages. The outgoing packets also are parsed to identify Web traffic containing a user email address. A domain name of the destination is identified for Web traffic containing the user email address. The list of email messages is updated with this domain name. Incoming email messages are screened to see if the domain name is present in the email address of the sender in determining whether to accepted the email messages.

摘要翻译： 一种用于管理电子邮件消息的方法，设备和计算机指令。 监控出站数据包。 传出的数据包将被解析用于外发电子邮件。 作出外发电子邮件消息的分组中的收件人的标识。 电子邮件地址列表将更新为识别收件人的电子邮件地址，其中电子邮件地址列表用于接收传入的电子邮件。 传出数据包也被解析以识别包含用户电子邮件地址的Web流量。 为包含用户电子邮件地址的Web流量标识目的地的域名。 电子邮件列表将使用此域名进行更新。 在确定是否接受电子邮件消息时，将屏蔽收到的电子邮件消息以查看发件人的电子邮件地址中是否存在域名。

公开(公告)号：US07548953B2

公开(公告)日：2009-06-16

申请号：US11011250

申请日：2004-12-14

申请人： Michael Austin Halcrow ,  Dustin Kirkland ,  Emily Jane Ratliff

发明人： Michael Austin Halcrow ,  Dustin Kirkland ,  Emily Jane Ratliff

IPC分类号： G06F15/16

CPC分类号： G06Q10/107

摘要： A method of regulating electronic message traffic is proposed. The method comprises sending an electronic message as part of a thread, receiving a response to the message, and tabulating said response in a counter. A data processing system compares the counter to a threshold and, in response to the comparing step, designates the thread as off-topic.

摘要翻译： 提出了一种调节电子信息流量的方法。 该方法包括作为线程的一部分发送电子消息，接收对消息的响应，以及在计数器中列出所述响应。 数据处理系统将计数器与阈值进行比较，并且响应于比较步骤将线程指定为非主题。

公开(公告)号：US20090024850A1

公开(公告)日：2009-01-22

申请号：US12235738

申请日：2008-09-23

申请人： Michael Austin Halcrow ,  Dustin C. Kirkland ,  Emily Jane Ratliff

发明人： Michael Austin Halcrow ,  Dustin C. Kirkland ,  Emily Jane Ratliff

IPC分类号： H04L9/00

CPC分类号： H04L63/0421 ,  G06Q20/3674 ,  G06Q20/3678 ,  H04L9/3218 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/42

摘要： A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user's identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for anonymously presenting the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining user anonymity for authenticated role-based accesses.

摘要翻译： 提供了评估角色时用户控制匿名的方法，系统和程序。 匿名认证控制器使得用户能够控制用户身份的匿名性，用于基于角色的对资源的网络访问，而不需要依赖任何单个第三方来维护用户匿名。 首先，从角色认证器接收到角色认证证书，其中角色认证证书证明角色认证证书的持有者是特定角色的成员，而不允许发起角色认证证书的角色认证器跟踪身份的能力 持有角色认证证书的用户。 接下来，建立匿名通道以将角色认证证书匿名呈现给资源保护器，其中资源保护器要求用户认证到访问资源的特定角色，其中角色认证证书将用户认证为特定角色，而没有 使得资源保护器能够确定用户的身份，使得用户控制维护用户匿名认证的基于角色的访问。

公开(公告)号：US07472277B2

公开(公告)日：2008-12-30

申请号：US10870526

申请日：2004-06-17

申请人： Michael Austin Halcrow ,  Dustin C. Kirkland ,  Emily Jane Ratliff

发明人： Michael Austin Halcrow ,  Dustin C. Kirkland ,  Emily Jane Ratliff

IPC分类号： H04L9/00

CPC分类号： H04L63/0421 ,  G06Q20/3674 ,  G06Q20/3678 ,  H04L9/3218 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/42

摘要： A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user's identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for anonymously presenting the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining user anonymity for authenticated role-based accesses.

摘要翻译： 提供了评估角色时用户控制匿名的方法，系统和程序。 匿名认证控制器使得用户能够控制用户身份的匿名性，用于基于角色的对资源的网络访问，而不需要依赖任何单个第三方来维护用户匿名。 首先，从角色认证器接收到角色认证证书，其中角色认证证书证明角色认证证书的持有者是特定角色的成员，而不允许发起角色认证证书的角色认证器跟踪身份的能力 持有角色认证证书的用户。 接下来，建立匿名通道以将角色认证证书匿名呈现给资源保护器，其中资源保护器要求用户认证到访问资源的特定角色，其中角色认证证书将用户认证为特定角色，而没有 使得资源保护器能够确定用户的身份，使得用户控制维护用户匿名认证的基于角色的访问。

公开(公告)号：US20080256212A1

公开(公告)日：2008-10-16

申请号：US12163873

申请日：2008-06-27

申请人： Janice Marie Girouard ,  Emily Jane Ratliff

发明人： Janice Marie Girouard ,  Emily Jane Ratliff

IPC分类号： G06F15/16

CPC分类号： H04L51/28 ,  H04L51/12

摘要： A method, apparatus, and computer instructions for managing email messages. Outgoing packets are monitored. The outgoing packets are parsed for outgoing email messages. An identification of recipients in packets for outgoing email messages is made. A list of email addresses is updated with email addresses for the identified recipients, wherein the list of email addresses is used to accept incoming email messages. The outgoing packets also are parsed to identify Web traffic containing a user email address. A domain name of the destination is identified for Web traffic containing the user email address. The list of email messages is updated with this domain name. Incoming email messages are screened to see if the domain name is present in the email address of the sender in determining whether to accepted the email messages.

摘要翻译： 一种用于管理电子邮件消息的方法，设备和计算机指令。 监控出站数据包。 传出的数据包将被解析用于外发电子邮件。 作出外发电子邮件消息的分组中的收件人的标识。 电子邮件地址列表将更新为识别收件人的电子邮件地址，其中电子邮件地址列表用于接收传入的电子邮件。 传出数据包也被解析以识别包含用户电子邮件地址的Web流量。 为包含用户电子邮件地址的Web流量标识目的地的域名。 电子邮件列表将使用此域名进行更新。 在确定是否接受电子邮件消息时，将屏蔽收到的电子邮件消息以查看发件人的电子邮件地址中是否存在域名。

公开(公告)号：US20080098107A1

公开(公告)日：2008-04-24

申请号：US11550462

申请日：2006-10-18

申请人： Daniel Horacio Jones ,  Thomas Girard Lendacky ,  Emily Jane Ratliff

发明人： Daniel Horacio Jones ,  Thomas Girard Lendacky ,  Emily Jane Ratliff

IPC分类号： G06F15/173

CPC分类号： H04L63/12 ,  H04L63/1425

摘要： A system and method for capturing non-forgeable packet traces. Upon start-up of a sniffer, a first quote of Platform Configuration Register (PCR) values in a Trusted Platform Module (TPM) utilized by the sniffer is obtained, wherein the first quote comprises a list of starting values in the PCRs and is signed by the TPM and stored in a packet log. When a packet of interest is intercepted by the sniffer, the sniffer obtains a hash of the packet and instructs the TPM to extend a PCR with the hash value. The packet of interest is then stored in the packet log. When the sniffer is shutdown, a second quote of values in the PCRs is obtained, wherein the second quote comprises a list of current values in the PCRs, and wherein the second quote is signed by the TPM and stored in the packet log.

摘要翻译： 一种用于捕获非可伪造数据包跟踪的系统和方法。 在启动嗅探器时，获得嗅探器使用的可信平台模块（TPM）中的平台配置寄存器（PCR）值的第一个引用，其中第一个引用包括PCR中的起始值的列表，并且被签名 由TPM存储并存储在数据包日志中。 当嗅探器拦截感兴趣的分组时，嗅探器获得分组的散列，并指示TPM使用散列值扩展PCR。 然后将感兴趣的分组存储在分组日志中。 当嗅探器关闭时，获得PCR中的值的第二引用，其中第二引用包括PCR中的当前值的列表，并且其中第二引用由TPM签名并存储在分组日志中。