公开(公告)号：US20080263203A1

公开(公告)日：2008-10-23

申请号：US12163503

申请日：2008-06-27

申请人： JAMES RYAN GILES ,  Reiner Sailer

发明人： JAMES RYAN GILES ,  Reiner Sailer

IPC分类号： G06F15/173

CPC分类号： H04L63/1441

摘要： METHOD AND APPARATUS FOR DELEGATING RESPONSES TO CONDITIONS IN COMPUTING SYSTEMS ABSTRACT One embodiment of the present method and apparatus for delegating responses to conditions in computing systems includes acknowledging (e.g., at a systems management component in the computing system) a condition, and delegating responsibility for a strategy for a response to the condition to another component. In further embodiments, the present method and apparatus for delegating responses to conditions in computing systems includes receiving (e.g., at a computing system component) an assignment from another computing system component (e.g., a systems management component), where the assignment assigns responsibility for a strategy for a response to a condition, and determining whether and how to respond to the condition.

摘要翻译： 用于将计算系统中的条件解决的方法和装置摘要本发明的方法和装置用于委托对计算系统中的条件的响应包括确认（例如，在计算系统中的系统管理组件）条件，以及委托 将条件应答到另一个组件的策略。 在另外的实施例中，用于委托对计算系统中的条件的响应的本方法和装置包括从另一个计算系统组件（例如，系统管理组件）接收（例如，在计算系统组件处）从其分配给 对条件作出反应的策略，以及确定是否以及如何对条件作出反应。

公开(公告)号：US20080235372A1

公开(公告)日：2008-09-25

申请号：US12131184

申请日：2008-06-02

申请人： Reiner Sailer ,  Leendert Peter van Doorn ,  Xiaolan Zhang

发明人： Reiner Sailer ,  Leendert Peter van Doorn ,  Xiaolan Zhang

IPC分类号： G06F15/173

CPC分类号： G06F21/577

摘要： A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state.

摘要翻译： 描述了用于提供服务器执行环境的证明和/或完整性的系统和方法。 选择服务器环境的一个或多个部分进行测量。 测量服务器执行环境中的一个或多个部分，并且测量结果为每个相应的选定部分产生唯一的指纹。 唯一的指纹通过聚合功能进行聚合，以创建聚合值，这决定了在服务器环境中运行的程序。 测量参数可以包括唯一指纹，聚合值或基本系统值，并且可以通过网络接口发送以指示服务器环境状态或状态。

公开(公告)号：US20050081044A1

公开(公告)日：2005-04-14

申请号：US10685846

申请日：2003-10-14

申请人： James Giles ,  Reiner Sailer

发明人： James Giles ,  Reiner Sailer

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L63/08 ,  H04L63/0428 ,  H04L63/126

摘要： Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.

摘要翻译： 实现普遍认证域的方法和设备。 普遍认证域允许许多注册的Pervasive设备从单个个人认证网关获取认证凭证，并代表用户使用这些凭据来启用设备的其他功能。 它提供了一种用于在一个设备（个人认证网关）中存储凭证的安排，然后使用来自许多授权的普及设备的这些凭证而不重新输入凭证。 它为用户在许多设备之间共享凭据提供了便利的方式，特别是当不方便进入智能手表环境中的凭据时。 它进一步提供了一种安排，用于禁止对看起来远离个人认证网关的设备访问凭证，如通过诸如通信信号强度的度量来衡量的。

公开(公告)号：US09298922B2

公开(公告)日：2016-03-29

申请号：US12170504

申请日：2008-07-10

申请人： Stefan Berger ,  Kenneth Goldman ,  Trenton R. Jaeger ,  Ronald Perez ,  Reiner Sailer ,  Enriquillo Valdez

发明人： Stefan Berger ,  Kenneth Goldman ,  Trenton R. Jaeger ,  Ronald Perez ,  Reiner Sailer ,  Enriquillo Valdez

IPC分类号： G06F21/57 ,  H04L9/32 ,  H04L29/06

CPC分类号： G06F21/57 ,  H04L9/3271 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/1433 ,  H04L63/164 ,  H04L63/166 ,  H04L2209/127

摘要： A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.

摘要翻译： 提供了一种用于远程验证计算系统状态的方法，系统和程序产品。 具体地，本发明允许远程系统建立对计算机系统的属性的信任。 要被信任的属性从通常的系统软件层和相关的配置文件扩展到新的类型的数据，例如计算机系统特有的静态数据，在系统启动时确定的动态数据，或者作为计算机系统运行应用程序创建的动态数据。

公开(公告)号：US09003025B2

公开(公告)日：2015-04-07

申请号：US13542422

申请日：2012-07-05

申请人： Mihai Christodorescu ,  Reiner Sailer ,  Douglas Lee Schales ,  Marc Stoecklin ,  Ting Wang

发明人： Mihai Christodorescu ,  Reiner Sailer ,  Douglas Lee Schales ,  Marc Stoecklin ,  Ting Wang

IPC分类号： G06F15/173 ,  G06F21/32

CPC分类号： G06F21/32 ,  G06F2221/2101 ,  G06F2221/2117 ,  H04L41/5058 ,  H04L41/5096 ,  H04L67/22 ,  H04L67/306

摘要： A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.

摘要翻译： 根据多个上下文中的用户活动的多个方面来识别未知用户的方法包括：针对所述上下文接收所述方面的多个先验，接收已知用户的多个覆盖区， 用户在先前确定集合，在计算机环境中接收与未知用户相关的多个网络迹线，将网络跟踪与每个足迹匹配以确定多个匹配，以根据小平面先前使用集合聚合匹配 和上下文，并为未知用户输出可能的用户身份。

公开(公告)号：US08938511B2

公开(公告)日：2015-01-20

申请号：US13494101

申请日：2012-06-12

申请人： Mihai Christodorescu ,  Josyula R. Rao ,  Reiner Sailer ,  Douglas Lee Schales

发明人： Mihai Christodorescu ,  Josyula R. Rao ,  Reiner Sailer ,  Douglas Lee Schales

IPC分类号： G06F15/16 ,  H04L12/58

CPC分类号： H04L51/32 ,  G06Q10/107 ,  H04L51/12

摘要： Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.

摘要翻译： 提供了用于检测通过网络的敏感数据的未授权批量转发的方法和装置。 通过确定从第一网络环境中接收的内部电子邮件的到达率到一个或多个用户帐户，自动检测来自第一网络环境的电子邮件的批量转发; 确定从所述一个或多个用户帐户发送到第二网络环境的外部电子邮件的发送速率; 并通过比较内部电子邮件的到达率和外部电子邮件的发送速率来检测来自给定用户帐户的电子邮件的批量转发。 通过确定内部电子邮件到达率的统计模型和外部电子邮件的发送速率是否及时相关，可以检测到来自给定用户帐户的电子邮件的批量转发。

公开(公告)号：US08549288B2

公开(公告)日：2013-10-01

申请号：US12128952

申请日：2008-05-29

申请人： Steven A. Bade ,  Stefan Berger ,  Kenneth Alan Goldman ,  Ronald Perez ,  Reiner Sailer ,  Leendert Peter Van Doorn

发明人： Steven A. Bade ,  Stefan Berger ,  Kenneth Alan Goldman ,  Ronald Perez ,  Reiner Sailer ,  Leendert Peter Van Doorn

IPC分类号： H04L29/06

CPC分类号： G06F21/57

摘要： A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

摘要翻译： 提出了一种可信任的平台模块，能够在层次结构中动态创建多个虚拟可信平台模块。 创建可信平台模块域。 可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。 虚拟可信平台模块可以继承父信任平台模块的权限，以便能够自己创建虚拟可信平台模块。 每个虚拟可信平台模块与特定分区关联。 每个分区与单个操作系统相关联。 创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

公开(公告)号：US08103871B2

公开(公告)日：2012-01-24

申请号：US11932918

申请日：2007-10-31

申请人： James R. Giles ,  Reiner Sailer

发明人： James R. Giles ,  Reiner Sailer

IPC分类号： H04W12/06

CPC分类号： H04L63/08 ,  H04L63/0428 ,  H04L63/126

摘要： Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.

摘要翻译： 实现普遍认证域的方法和设备。 普遍认证域允许许多注册的Pervasive设备从单个个人认证网关获取认证凭证，并代表用户使用这些凭据来启用设备的其他功能。 它提供了一种用于在一个设备（个人认证网关）中存储凭证的安排，然后使用来自许多授权的普及设备的这些凭证而不重新输入凭证。 它为用户在许多设备之间共享凭据提供了便利的方式，特别是当不方便进入智能手表环境中的凭据时。 它进一步提供了一种安排，用于禁止对看起来远离个人认证网关的设备访问凭证，如通过诸如通信信号强度的度量来衡量的。

公开(公告)号：US20110283352A1

公开(公告)日：2011-11-17

申请号：US13189418

申请日：2011-07-22

申请人： Stefan Berger ,  Kenneth A. Goldman ,  Reiner Sailer

发明人： Stefan Berger ,  Kenneth A. Goldman ,  Reiner Sailer

IPC分类号： G06F21/00 ,  H04L9/32

CPC分类号： G06F21/57 ,  H04L9/0825 ,  H04L9/3242 ,  H04L2209/127

摘要： A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.

摘要翻译： 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载，其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台，进行解密，重建虚拟可信平台模块实例的状态。

公开(公告)号：US07953976B2

公开(公告)日：2011-05-31

申请号：US11932804

申请日：2007-10-31

申请人： James R. Giles ,  Reiner Sailer

发明人： James R. Giles ,  Reiner Sailer

IPC分类号： H04W12/06

CPC分类号： H04L63/08 ,  H04L63/0428 ,  H04L63/126

摘要： Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.

摘要翻译： 实现普遍认证域的方法和设备。 普遍认证域允许许多注册的Pervasive设备从单个个人认证网关获取认证凭证，并代表用户使用这些凭据来启用设备的其他功能。 它提供了一种用于在一个设备（个人认证网关）中存储凭证的安排，然后使用来自许多授权的普及设备的这些凭证而不重新输入凭证。 它为用户在许多设备之间共享凭据提供了便利的方式，特别是当不方便进入智能手表环境中的凭据时。 它进一步提供了一种安排，用于禁止对看起来远离个人认证网关的设备访问凭证，如通过诸如通信信号强度的度量来衡量的。