公开(公告)号：US07320075B2

公开(公告)日：2008-01-15

申请号：US10298701

申请日：2002-11-18

申请人： Mehdi Sotoodeh ,  Brian Douglas Grove ,  Laszlo Elteto

发明人： Mehdi Sotoodeh ,  Brian Douglas Grove ,  Laszlo Elteto

IPC分类号： G06F12/14 ,  H04L9/00

CPC分类号： G06F21/125 ,  G06F2221/0797

摘要： A system and method in which the operating system of the user computer loads the software application and a DLL having a portion of the application execution code stored therein into memory is disclosed. At selected points during its execution, the software application calls the DLL to execute a portion of the application code that was saved into the DLL before delivery to the end user. Since this code is encrypted and the encryption key is stored in a hardware security device and not in the DLL or the software application, the application code portion cannot be executed without recovering the key.

摘要翻译： 公开了一种系统和方法，其中用户计算机的操作系统将软件应用程序加载，并且具有其中存储有应用执行代码的一部分的DLL到存储器中。 在执行期间的选定点，软件应用程序调用DLL，以便在发送给最终用户之前执行保存到DLL中的应用程序代码的一部分。 由于该代码被加密并且加密密钥存储在硬件安全设备中，而不存储在DLL或软件应用程序中，所以在不恢复密钥的情况下不能执行应用程序代码部分。

公开(公告)号：US07222240B2

公开(公告)日：2007-05-22

申请号：US10289042

申请日：2002-11-06

申请人： Laszlo Elteto

发明人： Laszlo Elteto

IPC分类号： H04K1/00 ,  G06F7/04 ,  H04L9/00

CPC分类号： G06F9/4411 ,  G06F2221/0797 ,  G06F2221/2153

摘要： A “dual” personal key/token is disclosed. The “dual” personal key is useful for installing drivers and other command interfaces which allow the personal key to be coupled to and used with a host computer. In a first embodiment, the personal key operates as a USB hub, and reports two devices, a storage device and a personal key, to the host computer. In a second embodiment presents a single device, and different portions of the personal key are activated as required.

摘要翻译： 披露“双重”个人密钥/令牌。 “双”个人密钥对于安装驱动程序和其他命令界面是有用的，这些命令界面允许将个人密钥耦合到主计算机并与其一起使用。 在第一实施例中，个人密钥作为USB集线器操作，并向主计算机报告两个设备，存储设备和个人密钥。 在第二实施例中呈现单个设备，并且根据需要激活个人密钥的不同部分。

公开(公告)号：US06463538B1

公开(公告)日：2002-10-08

申请号：US09222002

申请日：1998-12-30

申请人： Laszlo Elteto

发明人： Laszlo Elteto

IPC分类号： G06F1214

CPC分类号： G06F21/125

摘要： The computer-based software protection systems are provided using methods that improve the protection of vendor's software against unauthorized use. A code generator generates randomized protection code, which is then used to protect the application software. Because the code is unique for each protected software, potential crackers have to analyze and crack every instance of the protection, so that generic hack is almost impossible. Some embodiments of the present invention also randomize license verification module, add and randomize a specific anti-hacking code, and randomize the protection code execution sequence(s). The same embodiments can also select which instructions and how many instructions are randomized. Moreover, these embodiments select where the data is being stored, in which register, memory address and stack position, and also randomize variable offsets. Other embodiments of the present invention are used for interpreted code.

摘要翻译： 基于计算机的软件保护系统使用提高供应商软件防止未经授权的使用的方法来提供。 代码生成器生成随机保护代码，然后用于保护应用软件。 由于代码对于每个受保护的软件都是独一无二的，所以潜在的破解者必须分析和破解每个实例的保护，所以通用的黑客几乎是不可能的。 本发明的一些实施例还将许可证验证模块随机化，添加并随机化特定的反黑客代码，并随机化保护代码执行序列。 相同的实施例还可以选择哪个指令和多少指令是随机的。 此外，这些实施例选择存储数据的位置，其中寄存器，存储器地址和堆栈位置，并且还随机化可变偏移量。 本发明的其他实施例用于解释代码。

公开(公告)号：US5892906A

公开(公告)日：1999-04-06

申请号：US684659

申请日：1996-07-19

申请人： Wayne W. Chou ,  Laszlo Elteto ,  Joseph M. Kulinets ,  Joseph LaRussa

发明人： Wayne W. Chou ,  Laszlo Elteto ,  Joseph M. Kulinets ,  Joseph LaRussa

IPC分类号： G06F21/00 ,  G06F7/00

CPC分类号： G06F21/34 ,  G06F21/31 ,  G06F21/575 ,  G06F21/88 ,  G06F2211/1097 ,  G06F2221/2105 ,  G06F2221/2147

摘要： Apparatus and method for discouraging computer theft. The apparatus and method requires that a password or other unique information be supplied to the computer before the computer BIOS routines can be completely executed. A BIOS memory storing the BIOS routines includes a security routine which will determine whether or not the required password entered by the user, or a known quantity read from an externally connected memory device is present. The security function stored within the BIOS memory also includes an administration function which permits the computer to be either placed in a locked state, thereby requiring password or the known quantity read from an externally connected memory device to be present each time the computer is booted up. The administration function also permits an unlock state which permits the computer boot up process to complete without entering any password or externally supplied quantity. The external memory location is consulted during each boot up sequence, to determine whether the computer has been placed in the locked or in the unlocked state. If the security depends upon the supply of the known quantity from an externally connected memory device, the computer will be inoperable to anyone not in possession of the external memory device. In the event that the external memory location bearing the locked or unlocked code is removed, the security function assumes the computer to be in the locked state, thus frustrating avoidance of the locked state by tampering with the external memory.

摘要翻译： 阻止计算机盗窃的装置和方法。 该装置和方法要求在可以完全执行计算机BIOS例程之前将密码或其他唯一信息提供给计算机。 存储BIOS例程的BIOS存储器包括将确定用户输入的所需密码是否存在或从外部连接的存储器件读取的已知数量的安全程序。 存储在BIOS存储器中的安全功能还包括管理功能，其允许计算机被置于锁定状态，从而要求密码或从外部连接的存储器设备读取的已知数量在计算机启动时存在 。 管理功能还允许解锁状态，允许计算机启动过程完成，而无需输入任何密码或外部提供的数量。 在每个启动顺序期间，请参阅外部存储器位置，以确定计算机是否已被置于锁定或处于未锁定状态。 如果安全性取决于从外部连接的存储设备提供已知数量，则计算机将不能使用不拥有外部存储器件的任何人操作。 在外部存储器位置被锁定或解除锁定的情况下，安全功能使计算机处于锁定状态，从而通过篡改外部存储器来挫败锁定状态。

公开(公告)号：US20100131518A1

公开(公告)日：2010-05-27

申请号：US12616247

申请日：2009-11-11

申请人： Laszlo Elteto ,  Henry W. Snyder

发明人： Laszlo Elteto ,  Henry W. Snyder

IPC分类号： G06F17/30 ,  H04L9/06

CPC分类号： G06F21/6227 ,  G06F21/105

摘要： A system and method for obfuscating a database's schema while preserving its functionality by modifying the original table names, column names, table order, column order, and/or data character set such that the standard order of the original characters is maintained.

摘要翻译： 一种用于模糊数据库模式的系统和方法，同时通过修改原始表名，列名，表顺序，列顺序和/或数据字符集来保持其功能，从而保持原始字符的标准顺序。

公开(公告)号：US20100100746A1

公开(公告)日：2010-04-22

申请号：US12641586

申请日：2009-12-18

申请人： Brian Grove ,  Reed H. Tibbetts ,  James Khalaf ,  Laszlo Elteto

发明人： Brian Grove ,  Reed H. Tibbetts ,  James Khalaf ,  Laszlo Elteto

IPC分类号： G06F21/00

CPC分类号： G06F21/31 ,  G06F21/34 ,  G06F2221/2129 ,  H04L9/3234 ,  H04L9/3236 ,  H04L9/3271

摘要： A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

摘要翻译： 公开了用于安全认证硬件令牌的方法和装置。 在一个实施例中，使用主计算机指纹来生成用于对硬件令牌执行的询问 - 响应认证的部分种子。 在另一个实施例中，主计算机指纹用作硬件令牌的个人识别号码。

公开(公告)号：US07269844B2

公开(公告)日：2007-09-11

申请号：US09899472

申请日：2001-07-03

申请人： Laszlo Elteto ,  Shawn D. Abbott ,  James Khalaf ,  Reed H. Tibbetts ,  Mehdi Sotoodeh ,  Calvin W. Long

发明人： Laszlo Elteto ,  Shawn D. Abbott ,  James Khalaf ,  Reed H. Tibbetts ,  Mehdi Sotoodeh ,  Calvin W. Long

IPC分类号： G06F17/30 ,  H04B1/00 ,  H04Q1/00

CPC分类号： G06F21/78 ,  G06F21/32 ,  G06F21/33 ,  G06F21/34 ,  G06F21/41 ,  G06F21/575 ,  G06F21/6245 ,  G06F21/6263 ,  G06F21/83 ,  G06F21/84 ,  G06F21/85 ,  G06K19/07732 ,  G06K19/07733 ,  H04L63/0853 ,  H05K1/117

摘要： A device that secures a token from unauthorized use is disclosed. The device comprises a user interface for accepting a personal identifier, a processor, communicatively coupled to the user interface device, and a token interface. The token interface includes a token interface IR emitter that produces an IR signal having information included in the PIN. The token IR emitter is coupled to the processor and is further communicatively coupled to a token IR sensor when the token is physically coupled with the token interface. The token interface also includes a shield, substantially opaque to the IR signal, for substantially confining the reception of the IR signal to the token IR sensor. In one embodiment, the shield substantially circumscribes the IR emitter. In another embodiment, the interface also comprises a token interface IR sensor, which allows communications from the token to the device as well.

摘要翻译： 披露了保护令牌免受未经授权使用的设备。 该设备包括用于接受个人标识符的用户界面，通信地耦合到用户界面设备的处理器和令牌接口。 令牌接口包括令牌接口IR发射器，其产生具有PIN中包括的信息的IR信号。 令牌IR发射器耦合到处理器，并且当令牌与令牌接口物理耦合时，进一步通信地耦合到令牌IR传感器。 令牌接口还包括对IR信号基本不透明的屏蔽，用于将IR信号的接收基本上限制在令牌IR传感器上。 在一个实施例中，屏蔽件基本上包围IR发射器。 在另一个实施例中，接口还包括令牌接口IR传感器，其允许从令牌到设备的通信。

公开(公告)号：US20070174571A1

公开(公告)日：2007-07-26

申请号：US11338690

申请日：2006-01-25

申请人： Laszlo Elteto

发明人： Laszlo Elteto

IPC分类号： G06F12/14

CPC分类号： G06F21/125

摘要： A system and method for binding a protected application to a shell module. The shell module is appended to the application. The shell module executes prior to the execution of the application, and first creates a resource. After the shell module finishes execution, the application tries to access the created resource. If the access is successful, the application is allowed to proceed. Otherwise, the application terminates. The inability of the application to access the resource is an indication that the shell module never actually created the resource. This suggests that the shell module never executed; the shell module may have been either removed or functionally disconnected from the application. This further implies that the security functionality of the shell module has not executed. The application is therefore not permitted to execute, since the shell's security checks have probably not been performed.

摘要翻译： 将受保护的应用程序绑定到shell模块的系统和方法。 shell模块附加到应用程序。 shell模块在执行应用程序之前执行，并首先创建一个资源。 shell模块完成执行后，应用程序将尝试访问创建的资源。 如果访问成功，则允许应用程序继续。 否则，应用程序终止。 应用程序无法访问资源表明shell模块从未实际创建资源。 这表明shell模块从未执行过; 壳模块可能已被删除或与应用程序功能断开连接。 这进一步意味着shell模块的安全功能尚未执行。 因此，应用程序不允许执行，因为shell的安全检查可能未被执行。

公开(公告)号：US20060195404A1

公开(公告)日：2006-08-31

申请号：US11319552

申请日：2005-12-29

申请人： Laszlo Elteto ,  Jam Khan ,  Derick Snyder ,  Tu Le ,  Pratyush Kumar

发明人： Laszlo Elteto ,  Jam Khan ,  Derick Snyder ,  Tu Le ,  Pratyush Kumar

IPC分类号： G06Q99/00

CPC分类号： G06Q10/00

摘要： A method and/or system for providing grace licensing to disconnected network license users provides a server with a grace enabled license having a grace criteria, provides a client computer with an application operable with the grace enabled license, provides the grace enabled license from the server to the client computer when the client computer is communicatively connected to the server, and operates the application on the client computer according to the grace criteria when the client computer is disconnected from the server. The grace criteria can include a parameter(s) including a number of times the application is operable on a client computer when the client computer is disconnected from the server, a total number of hours the application is operable on a client computer when the client computer is disconnected, and/or a maximum number of days the application is operable on a client computer when the client computer is disconnected.

摘要翻译： 用于向断开的网络许可用户提供宽限许可的方法和/或系统向服务器提供具有宽限制的启用许可的许可证，为客户端计算机提供可启用启用许可的许可证可执行的应用程序，从服务器提供启用宽限的许可证 当客户端计算机与服务器通信地连接到客户端计算机时，并且当客户端计算机与服务器断开连接时，根据宽限度条件在客户端计算机上操作应用程序。 宽限度标准可以包括当客户端计算机与服务器断开连接时包括应用程序在客户端计算机上可操作的次数的参数，当客户端计算机在客户端计算机上时可以在客户端计算机上运行应用程序的总时数 在客户端计算机断开连接时，断开连接，和/或应用程序在客户端计算机上可操作的最长天数。

公开(公告)号：US08307169B2

公开(公告)日：2012-11-06

申请号：US13045232

申请日：2011-03-10

申请人： Laszlo Elteto

发明人： Laszlo Elteto

IPC分类号： G06F12/00

CPC分类号： G06F9/45558 ,  G06F2009/45583 ,  G06F2009/45587

摘要： A hypervisor runs on a host computer system and defines at least one virtual machine. An address space of the virtual machine resides on physical memory of the host computer system under control of the hypervisor. A guest operating system runs in the virtual machine. At least one of a host operating system and the hypervisor sets parts of the address space of the host computer system corresponding to parts of the address space of the virtual machine to a locked state in which those parts can be read but not written to.

摘要翻译： 虚拟机管理程序在主机计算机系统上运行，并定义至少一个虚拟机。 虚拟机的地址空间驻留在主机计算机系统的物理内存上，在管理程序的控制下。 客户机操作系统在虚拟机中运行。 主机操作系统和管理程序中的至少一个将与虚拟机的地址空间的一部分相对应的主计算机系统的地址空间的部分设置为可以读取但不写入的部分的锁定状态。