-
1.发明申请SYSTEM AND METHOD FOR MULTILINGUAL TRANSCRIPTION SERVICE WITH AUTOMATED NOTIFICATION SERVICES 有权具有自动通知服务的多媒体转换服务的系统和方法公开(公告)号:US20100287215A1
公开(公告)日:2010-11-11
申请号:US12774662
申请日:2010-05-05
CPC分类号: G10L15/26 , G06F17/2705 , G06Q10/06 , G06Q10/103
摘要: A system and method for generating and managing a secure, multi-user project database.
摘要翻译: 用于生成和管理安全的多用户项目数据库的系统和方法。
-
2.发明授权Systems and methods for securely booting a computer with a trusted processing module 有权使用可信处理模块安全地引导计算机的系统和方法公开(公告)号:US07725703B2
公开(公告)日:2010-05-25
申请号:US11031161
申请日:2005-01-07
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D Ray , Jonathan Schwartz
CPC分类号: G06F21/575
摘要: In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.
摘要翻译: 在具有可信平台模块(TPM)的计算机中,引导组件的预期散列值可以被放置到平台配置寄存器(PCR)中,这允许TPM解密秘密。 然后可以使用秘密来解密引导组件。 然后可以计算解密的引导组件的散列,并将结果置于PCR中。 然后可以比较PCR。 如果不这样做,可以取消对系统运行的重要秘密的访问。 此外,只有当第一多个PCR值存在时,第一个秘密才可以访问,而第二个秘密只有在第一个多个PCR值中的一个或多个被新的值替换之后才可访问,从而必然取消进一步的访问 到第一个秘密,以授予访问第二个秘密。
-
3.发明授权Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module 有权在具有硬件安全模块的计算机上的安全引导过程中启动恢复的系统和方法公开(公告)号:US07506380B2
公开(公告)日:2009-03-17
申请号:US11035715
申请日:2005-01-14
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
CPC分类号: G06F21/575 , G06F2221/2101
摘要: Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
摘要翻译: 提供了系统和方法,用于在具有可信平台模块(TPM)的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程,确定防止秘密解密的数据,并将数据返回到原始状态。 在这种类型的恢复不可行的情况下,可以使用用于验证用户的技术,允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器(PCR)值 。 最后,可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程,更新安全引导过程的一个或多个方面,以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。
-
公开(公告)号:US20070198933A1
公开(公告)日:2007-08-23
申请号:US11276220
申请日:2006-02-17
IPC分类号: G06F3/00
CPC分类号: G06F21/604 , G06F21/52
摘要: System(s), method(s), and/or technique(s) (“tools”) are described that enable a user to permit multiple tasks requiring elevated rights with as little as one rights elevation. For example, the tools may enable an installation wizard operating within a limited-rights context to perform multiple tasks that require a higher-rights context with a single rights elevation by the user. The tools may do so using an object agent, an instance of which may be created by the installation wizard following a single rights elevation. This instance of the object agent then creates instances of other objects without requiring that the user elevate his or her rights. These other objects' instances may then run the tasks that require the higher-rights context.
摘要翻译: 描述了系统,方法和/或技术(“工具”),其使用户能够允许具有少至一个权限提升需要提升权限的多个任务。 例如,这些工具可以使安装向导在有限的权限上下文中运行,以执行需要用户使用单个权限提示的更高权限上下文的多个任务。 这些工具可以使用一个对象代理进行,其实例可以由安装向导在单个权限提升之后创建。 该对象代理的这个实例然后创建其他对象的实例,而不需要用户提升他或她的权限。 然后,这些其他对象的实例可以运行需要较高权限上下文的任务。
-
5.发明申请Providing user on computer operating system with full privileges token and limited privileges token 有权在计算机操作系统上为用户提供完全权限令牌和有限权限令牌公开(公告)号:US20070005961A1
公开(公告)日:2007-01-04
申请号:US11171744
申请日:2005-06-30
申请人: Jeffrey Hamblin , Jonathan Schwartz , Kedarnath Dubhashi , Klaus Schutz , Peter Brundrett , Richard Ward , Thomas Jones
发明人: Jeffrey Hamblin , Jonathan Schwartz , Kedarnath Dubhashi , Klaus Schutz , Peter Brundrett , Richard Ward , Thomas Jones
CPC分类号: G06F21/62 , G06F2221/2145 , G06F2221/2149
摘要: An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.
摘要翻译: 用于计算设备的操作系统具有用于用户的第一会话,所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。 第一权限令牌在操作系统上基本上包括用户的一整套特权。 操作系统还具有用户的第二会话,其包括具有附加到其的第二权限令牌的第二基本进程。 第二个权限令牌是从第一个权限令牌导出的,并且仅包含操作系统上用户的一组最小权限。 因此,第二个有限令牌不具有与第一个完整令牌相关联的所有权限,而是具有一组有限的权限,而不是可以用于采取有害,欺骗性或恶意行为的额外权限。
-
公开(公告)号:US20060236122A1
公开(公告)日:2006-10-19
申请号:US11106756
申请日:2005-04-15
申请人: Scott Field , Jonathan Schwartz
发明人: Scott Field , Jonathan Schwartz
IPC分类号: G06F12/14
CPC分类号: H04L9/3247 , G06F21/575 , H04L2209/80
摘要: Systems and methods for performing integrity verifications for computer programs to run on computing systems are provided. An integrity check is completed before passing execution control to the next level of an operating system or before allowing a program to run. The integrity check involves the use of a locally stored key to determine if a program has been modified or tampered with prior to execution. If the check shows that the program has not been altered, the program will execute and, during the boot process, allow execution control to be transferred to the next level. If, however, the check confirms that the program has been modified, the computing system does not allow the program to run.
摘要翻译: 提供了用于执行计算机程序在计算系统上运行的完整性校验的系统和方法。 在将执行控制传递到操作系统的下一个级别之前或允许程序运行之前,完整性检查完成。 完整性检查涉及使用本地存储的密钥来确定在执行之前程序是否被修改或篡改。 如果检查显示程序未被更改,则程序将执行,并且在引导过程中允许将执行控制转移到下一级。 但是,如果检查确认程序已被修改,则计算系统不允许程序运行。
-
公开(公告)号:US20180063098A1
公开(公告)日:2018-03-01
申请号:US15249670
申请日:2016-08-29
CPC分类号: H04L63/0471 , G06F21/44 , G06F21/606 , G06F21/64 , H04L9/0894 , H04L9/3242 , H04L63/0853 , H04L67/12 , H04L2209/84 , H04W4/44
摘要: A vehicle network interface tool electrically connects a computing device to an electronic control unit of a motor vehicle. The vehicle network interface tool includes a vehicle communications port to receive vehicle network data from the electronic control unit of the motor vehicle. A crypto-processor decrypts the vehicle network data and creates computing device readable data. A main processor receives the computing device readable data and transmits it to a computing device port. A computing device port is in electrical communication with the main processor. The computing device receives the computing device readable data from said main processor and transmits the computing device readable data to the computing device for analysis. Being able to receive and decrypt encrypted data keeps the integrity of the ECU security preventing hacks to the ECU.
-
8.发明授权Systems and methods for updating a secure boot process on a computer with a hardware security module 有权使用硬件安全模块在计算机上更新安全引导过程的系统和方法公开(公告)号:US08028172B2
公开(公告)日:2011-09-27
申请号:US11036018
申请日:2005-01-14
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
IPC分类号: H04L9/32
CPC分类号: G06F21/575
摘要: Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
摘要翻译: 提供了系统和方法,用于在具有可信平台模块(TPM)的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程,确定防止秘密解密的数据,并将数据返回到原始状态。 在这种类型的恢复不可行的情况下,可以使用用于验证用户的技术,允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器(PCR)值 。 最后,可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程,更新安全引导过程的一个或多个方面,以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。
-
9.发明授权Providing user on computer operating system with full privileges token and limited privileges token 有权在计算机操作系统上为用户提供完全权限令牌和有限权限令牌公开(公告)号:US07636851B2
公开(公告)日:2009-12-22
申请号:US11171744
申请日:2005-06-30
申请人: Jeffrey B. Hamblin , Jonathan Schwartz , Kedarnath A. Dubhashi , Klaus U. Schutz , Peter T. Brundrett , Richard B. Ward , Thomas C. Jones
发明人: Jeffrey B. Hamblin , Jonathan Schwartz , Kedarnath A. Dubhashi , Klaus U. Schutz , Peter T. Brundrett , Richard B. Ward , Thomas C. Jones
IPC分类号: G06F21/00
CPC分类号: G06F21/62 , G06F2221/2145 , G06F2221/2149
摘要: An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.
摘要翻译: 用于计算设备的操作系统具有用于用户的第一会话,所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。 第一权限令牌在操作系统上基本上包括用户的一整套特权。 操作系统还具有用户的第二会话,其包括具有附加到其的第二权限令牌的第二基本进程。 第二个权限令牌是从第一个权限令牌导出的,并且仅包含操作系统上用户的一组最小权限。 因此,第二个有限令牌不具有与第一个完整令牌相关联的所有权限,而是具有一组有限的权限,而不是可以用于采取有害,欺骗性或恶意行为的额外权限。
-
公开(公告)号:US20060242422A1
公开(公告)日:2006-10-26
申请号:US11276715
申请日:2006-03-10
IPC分类号: H04L9/00
CPC分类号: G06F21/6218
摘要: Systems and/or methods are described that enable a user to elevate his or her rights. In one embodiment, these systems and/or methods detect a task which is not authorized for a user account. Responsive to detecting the task, the embodiment presents a different user account that is authorized to allow the task and information relating to the task.
摘要翻译: 描述使用户能够提升他或她的权利的系统和/或方法。 在一个实施例中,这些系统和/或方法检测未被授权用于用户帐户的任务。 该实施例响应于检测任务,呈现出被授权允许与该任务相关的任务和信息的不同用户帐户。
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.02 秒)
