利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

96 条记录 (耗时 0.03 秒)

    Detecting unauthorized use of computing devices based on behavioral patterns
    1.
    发明授权
    Detecting unauthorized use of computing devices based on behavioral patterns 有权
    根据行为模式检测未经授权使用计算设备

    公开(公告)号:US08595834B2

    公开(公告)日:2013-11-26

    申请号:US12025678

    申请日:2008-02-04

    申请人: Liang Xie Xinwen Zhang Jean-Pierre Seifert Onur Aciicmez Afshin Latifi

    发明人: Liang Xie Xinwen Zhang Jean-Pierre Seifert Onur Aciicmez Afshin Latifi

    IPC分类号: G06F21/00 H04L29/06

    CPC分类号: H04L63/1416 G06F21/316 G06F21/552 G06F21/554 G06F21/566 H04L63/1408 H04L63/145

    摘要: Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.

    摘要翻译: 公开了用于检测计算系统(例如,计算设备)的未经授权的使用(例如,恶意攻击)的技术。 可以基于计算系统的使用模式(例如,通常与人相关联的行为模式)来检测未经授权的使用。 可以通过监视在计算系统上运行的支持系统(例如,操作系统,虚拟环境)的使用来为计算系统生成可接受的行为模式数据。 例如,可以监视支持系统的多个系统支持提供商组件(例如,系统调用,设备驱动程序),以便以有效地定义可接受的使用模式(使用模式)的形式生成可接受的行为模式数据, 用于监视的系统支持提供者组件,从而通过检测与受监视的系统支持提供商组件的可接受的使用模式的任何偏离来允许检测计算系统的未经授权的使用。

    Safe and efficient access control mechanisms for computing environments
    2.
    发明授权
    Safe and efficient access control mechanisms for computing environments 有权
    安全高效的计算环境访问控制机制

    公开(公告)号:US08510805B2

    公开(公告)日:2013-08-13

    申请号:US12108455

    申请日:2008-04-23

    申请人: Xinwen Zhang Jean-Pierre Seifert Onur Aciicmez Afshin Latifi

    发明人: Xinwen Zhang Jean-Pierre Seifert Onur Aciicmez Afshin Latifi

    IPC分类号: G06F15/16 H04L29/06 G06F17/30

    CPC分类号: G06F12/1458

    摘要: Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System).

    摘要翻译: 公开了用于控制对计算环境的可访问组件的访问的改进的技术。 这些技术可以用于为移动和嵌入式系统提供强制访问控制(MAC)机制。 确定组件可尝试访问的一个或多个可访问组件(例如,可访问资源),使得可以以如下方式来存储一个或多个访问许可:如果组件尝试访问一个或多个可访问组件 从而允许基于容易获得的访问权限来访问要被确定的一个或多个可访问组件。 通常,可以根据需要识别和存储访问权限。 可以例如基于使用的可能性来识别访问权限,或者可以确定和存储所有可能的访问许可。 安全(例如,受信任的)访问控制(或监视)系统(或组件)可以控制对计算环境的资源的访问。 例如,可以使用安全操作系统(例如,SELinux操作系统)的强制访问控制(MAC)功能在安全和受信任的操作环境中提供可信赖的访问监控系统。

    Method and system for securing instruction caches using cache line locking
    3.
    发明授权
    Method and system for securing instruction caches using cache line locking 失效
    使用高速缓存行锁定来保护指令高速缓存的方法和系统

    公开(公告)号:US08019946B2

    公开(公告)日:2011-09-13

    申请号:US12183908

    申请日:2008-07-31

    申请人: Onur Aciicmez Jean-Pierre Seifert Qingwei Ma Xinwen Zhang

    发明人: Onur Aciicmez Jean-Pierre Seifert Qingwei Ma Xinwen Zhang

    IPC分类号: G06F12/08

    CPC分类号: G06F12/126 G06F12/0802 G06F12/1425 G06F2212/452

    摘要: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves providing security critical instructions to indicate a security critical code section; and implementing an I-cache locking policy to prevent unauthorized eviction and replacement of security critical instructions in the I-cache. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.

    摘要翻译: 提供了一种用于保护微架构指令高速缓存(I缓存)的方法和系统。 保护I缓存涉及提供安全关键指令来指示安全关键代码段; 并实施I缓存锁定策略,以防止未经授权的驱逐和替换I缓存中的安全关键指令。 保护I缓存还可以包括动态地将I缓存分区成多个逻辑分区,并且通过仅由一个逻辑处理器提供对每个I缓存分区的访问的I缓存映射策略共享对I缓存的访问。

    SECURE INTER-PROCESS COMMUNICATION FOR SAFER COMPUTING ENVIRONMENTS AND SYSTEMS
    5.
    发明申请
    SECURE INTER-PROCESS COMMUNICATION FOR SAFER COMPUTING ENVIRONMENTS AND SYSTEMS 失效
    安全的进程间通信,用于更安全的计算环境和系统

    公开(公告)号:US20100121927A1

    公开(公告)日:2010-05-13

    申请号:US12364303

    申请日:2009-02-02

    申请人: Xinwen Zhang Wenjuan Xu Onur Aciicmez Jean-Pierre Seifert

    发明人: Xinwen Zhang Wenjuan Xu Onur Aciicmez Jean-Pierre Seifert

    IPC分类号: G06F15/82 H04L29/06

    CPC分类号: G06F9/54 G06F9/468

    摘要: Techniques for Inter-Process Communication (IPC) in a more secure manner are disclosed. A communication component operating outside of an operating system can obtain operating-system data pertaining to processes that also operate outside of the operating system. The operating-system data can be more reliable than information that may have been provided by the processes, thereby allowing more secure IPC and consequently a more secure computing environment and/or system. A communication component can also be operable to make control decisions regarding the IPC data (e.g., IPC messages) based on the information provided and/or originated by the operating system (or operating-system data) and/or effectively provide the operating-system data pertaining to a sender process to its intended recipient process. A recipient process can also be operable to obtain the operating-system data pertaining to a sender process. Moreover, a recipient process can make control decisions regarding the IPC data originated by the sender process based on the operating-system data effectively provided and/or originated by the operating system rather than the sender process, thereby allowing the recipient process to make control decisions based on information provided by a more reliable (e.g., Trusted) source.

    摘要翻译: 公开了以更安全的方式进行进程间通信(IPC)的技术。 在操作系统外部操作的通信组件可以获得与在操作系统外部操作的处理有关的操作系统数据。 操作系统数据可能比由过程可能​​提供的信息更可靠,从而允许更安全的IPC,从而允许更安全的计算环境和/或系统。 通信组件还可以用于基于由操作系统(或操作系统数据)提供和/或发起的信息和/或有效地提供操作系统来进行关于IPC数据(例如,IPC消息)的控制决定 与发送者进程有关的数据到其预期收件人进程。 接收者进程也可以用于获得与发送者进程有关的操作系统数据。 此外,接收者进程可以基于由操作系统而不是发送者进程有效提供和/或发起的操作系统数据来发起关于由发送者进程发起的IPC数据的控制决定,从而允许接收者进程作出控制决定 基于由更可靠的(例如,可信赖的)源提供的信息。

    Apparatus and method for calculating a multiplication
    7.
    发明授权
    Apparatus and method for calculating a multiplication 有权
    用于计算乘法的装置和方法

    公开(公告)号:US07647367B2

    公开(公告)日:2010-01-12

    申请号:US11166645

    申请日:2005-06-23

    申请人: Wieland Fischer Jean-Pierre Seifert Holger Sedlak

    发明人: Wieland Fischer Jean-Pierre Seifert Holger Sedlak

    IPC分类号: G06F7/38 H04K1/00

    CPC分类号: G06F7/722 G06F7/5332

    摘要: An apparatus for calculating a modular multiplication includes an examiner for examining digits of the multiplier with a lookahead algorithm to obtain a multiplication shift value. In addition, a determinator and intermediate-result shift value are provided which determine a positive intermediate-result shift value. A calculator for calculating a multiplicand shift value as the difference between the intermediate-result shift value and the multiplication shift value. The intermediate result from the preceding iteration step as well as the multiplicand are then shifted by the corresponding shifting magnitudes to then perform a three-operands addition with the shifted values, if need be while considering lookahead parameters.

    摘要翻译: 用于计算模数乘法的装置包括用于利用前瞻算法检查乘数的数字以便获得乘法偏移值的检查者。 此外,提供确定正中间位移值的确定器和中间结果移位值。 计算器,用于计算被乘数位移值作为中间结果位移值与乘法偏移值之间的差值。 然后将前一迭代步骤的中间结果以及被乘数移位相应的移位量,然后如果需要考虑前瞻参数,则执行带有移位值的三操作数相加。

    AUTHENTICATION, IDENTITY, AND SERVICE MANAGEMENT FOR COMPUTING AND COMMUNICATION SYSTEMS
    8.
    发明申请
    AUTHENTICATION, IDENTITY, AND SERVICE MANAGEMENT FOR COMPUTING AND COMMUNICATION SYSTEMS 有权
    计算机和通信系统的认证,身份和服务管理

    公开(公告)号:US20090328141A1

    公开(公告)日:2009-12-31

    申请号:US12147246

    申请日:2008-06-26

    申请人: Xinwen Zhang Jean-Pierre Seifert Onur Aciicmez

    发明人: Xinwen Zhang Jean-Pierre Seifert Onur Aciicmez

    IPC分类号: G06F21/00

    CPC分类号: H04L63/0884 G06F21/31 H04L63/08 H04L63/102

    摘要: Improved techniques for obtaining authentication identifiers, authentication, and receiving services are disclosed. Multiple devices can be used for receiving service from a servicing entity (e.g., Service Providers). More particularly, a first device can be used to authenticate a first entity (e.g., one or more persons) for receiving services from the servicing entity, but the services can be received by a second device. Generally, the first device can be a device better suited, more preferred and/or more secure for authentication related activates including “Identity Management.” The second device can be generally more preferred for receiving and/or using the services. In addition, a device can be designated for authentication of an entity. The device releases an authentication identifier only if the entity has effectively authorized its release, thereby allowing “User Centric” approaches to “Identity Management.” A device can be designated for obtaining authentication identifiers from an identity assigning entity (e.g., an Identity Provider). The authentication identifiers can be used to authenticate an entity for receiving services from a servicing entity (e.g., a Service Provider) that provides the services to a second device. The same device can also be designated for authentication of the entity. The device can, for example, be a mobile phone allowing a mobile solution and providing a generally more secure computing environment than the device (e.g., a Personal Computer) used to receive and use the services.

    摘要翻译: 公开了用于获得认证标识符,认证和接收服务的改进的技术。 多个设备可用于从服务实体(例如,服务提供商)接收服务。 更具体地,可以使用第一设备来认证用于从服务实体接收服务的第一实体(例如,一个或多个人),但是可以由第二设备接收服务。 通常,第一设备可以是对于包括“身份管理”的认证相关活动更适合,更优选和/或更安全的设备。 通常,第二装置优选用于接收和/或使用服务。 另外,可以指定一个设备来认证一个实体。 只有当实体有效地授权其发布时,才能释放认证标识符,从而允许“以用户为中心”的方式进行“身份管理”。 可以指定用于从身份分配实体(例如,身份提供商)获得认证标识符的设备。 认证标识符可用于认证用于从向第二设备提供服务的服务实体(例如,服务提供商)接收服务的实体。 同样的设备也可以被指定为实体的认证。 例如,设备可以是允许移动解决方案并且提供比用于接收和使用服务的设备(例如,个人计算机)通常更安全的计算环境的移动电话。

    VERIFICATION OF INTEGRITY OF COMPUTING ENVIRONMENTS FOR SAFE COMPUTING
    10.
    发明申请
    VERIFICATION OF INTEGRITY OF COMPUTING ENVIRONMENTS FOR SAFE COMPUTING 审中-公开
    验证安全计算的计算环境的完整性

    公开(公告)号:US20090300049A1

    公开(公告)日:2009-12-03

    申请号:US12132541

    申请日:2008-06-03

    申请人: Xinwen ZHANG Jean-Pierre Seifert Onur Aciicmez Afshin Latifi

    发明人: Xinwen ZHANG Jean-Pierre Seifert Onur Aciicmez Afshin Latifi

    IPC分类号: G06F17/00

    CPC分类号: G06F21/57

    摘要: Improved verification techniques for verification of the integrity of various computing environments and/or computing systems are disclosed. Verifiable representative data can effectively represent verifiable content of a computing environment, thereby allowing the integrity of the computing environment to be verified based on the verifiable representative data instead of the content being represented. Verifiable representative data can effectively include selected portions of the content (e.g., selected content which may be of general and/or specific security interest) and can be generally smaller than the verifiable content it represents. As such, it may generally be more efficient to use the verifiable representative data instead of the content it represents. Verifiable representative data can also be organized. By way of example, unstructured content (e.g., a configuration file written in text) can be effectively transformed based on a scheme (e.g., an XML schema) into a structured text-based content written in a structured language (e.g., XML). Verifiable organized representative data can be organized in accordance with various organizational aspects including, for example, structural, semantics, parameter verification, parameter simplification, and other organizational rules and/or preferences. Organization of verifiable organized representative data can be verified as an additional measure of its integrity, and by in large the integrity of a computing environment and/or system being effectively represented by the verifiable representative data.

    摘要翻译: 公开了用于验证各种计算环境和/或计算系统的完整性的改进的验证技术。 可验证的代表数据可以有效地代表计算环境的可验证内容,从而基于可验证的代表数据而不是所表示的内容来允许验证计算环境的完整性。 可验证的代表数据可以有效地包括内容的所选部分(例如,可能具有一般和/或具体安全利益的所选择的内容),并且可以通常小于其表示的可验证内容。 因此,使用可验证的代表数据而不是其表示的内容通常可能更有效。 也可以组织可验证的代表性数据。 作为示例,可以基于将方案(例如,XML模式)转换成以结构化语言(例如,XML)编写的基于结构的基于文本的内容的方式来有效地转换非结构化内容(例如,以文本形式写入的配置文件)。 可以根据各种组织方面来组织可验证的有组织的代表性数据,包括例如结构,语义,参数验证,参数简化以及其他组织规则和/或偏好。 可验证的有组织的代表性数据的组织可以被验证为其完整性的附加度量,以及由可验证的代表性数据有效地表示的计算环境和/或系统的完整性。