公开(公告)号：US20070143223A1

公开(公告)日：2007-06-21

申请号：US11305640

申请日：2005-12-16

申请人： Ajay Bhave ,  Andrey Lelikov ,  Caglar Gunyakti ,  Ning Zhang ,  Wen-Pin Hsu

发明人： Ajay Bhave ,  Andrey Lelikov ,  Caglar Gunyakti ,  Ning Zhang ,  Wen-Pin Hsu

IPC分类号： G06Q99/00

CPC分类号： G06F21/575

摘要： A cache is provided that stores licensing policies and information for components. The cache is available early in the boot cycle, such as during initialization and startup of the operating system, for use by the kernel and early boot components. Kernel and early boot components can then call a kernel application programming interface (API) to query the policy values. The policy values are read from a registry value into memory very early in the boot sequence. Using the kernel cache, the system may be started with proper licensable limits.

摘要翻译： 提供了一个缓存，用于存储组件的许可策略和信息。 缓存在引导周期早期可用，例如在操作系统的初始化和启动期间，由内核和早期引导组件使用。 内核和早期引导组件可以调用内核应用程序编程接口（API）来查询策略值。 策略值在引导顺序的早期从注册表值读取到内存中。 使用内核缓存，系统可能以适当的可许可限制启动。

公开(公告)号：US07788496B2

公开(公告)日：2010-08-31

申请号：US10681017

申请日：2003-10-08

申请人： Andrey Lelikov ,  Caglar Gunyakti ,  Kristjan E. Hatlelid

发明人： Andrey Lelikov ,  Caglar Gunyakti ,  Kristjan E. Hatlelid

IPC分类号： H04L9/00

CPC分类号： G06F21/125

摘要： A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a license evaluator for evaluating the license to determine whether the first process is to be operated in accordance with the terms and conditions set forth in such license, and the second process chooses whether to in fact proxy-execute based at least in part on determination of the license evaluator. Thus, the first process is dependent upon the second process for operation thereof.

摘要翻译： 在计算机上操作的第一进程包括要与其一起执行的代码，其中代码包括至少一个触发设备。 数字许可证对应于第一个进程，并列出了操作第一个进程的条款和条件。 在计算机代理上操作的第二进程代表第一进程执行对应于第一进程的每个触发装置的代码。 第二过程包括许可证评估器，用于评估许可证以确定是否根据该许可证中规定的条款和条件来操作第一进程，并且第二进程选择是否至少基于代理执行 部分确定许可证评估者。 因此，第一过程取决于其第二操作过程。

公开(公告)号：US20050081050A1

公开(公告)日：2005-04-14

申请号：US10681017

申请日：2003-10-08

申请人： Andrey Lelikov ,  Caglar Gunyakti ,  Kristjan Hatlelid

发明人： Andrey Lelikov ,  Caglar Gunyakti ,  Kristjan Hatlelid

IPC分类号： G06F21/00 ,  H04L9/00

CPC分类号： G06F21/125

摘要： A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a license evaluator for evaluating the license to determine whether the first process is to be operated in accordance with the terms and conditions set forth in such license, and the second process chooses whether to in fact proxy-execute based at least in part on determination of the license evaluator. Thus, the first process is dependent upon the second process for operation thereof.

摘要翻译： 在计算机上操作的第一进程包括要与其一起执行的代码，其中代码包括至少一个触发设备。 数字许可证对应于第一个进程，并列出了操作第一个进程的条款和条件。 在计算机代理上操作的第二进程代表第一进程执行对应于第一进程的每个触发装置的代码。 第二过程包括许可证评估器，用于评估许可证以确定是否根据该许可证中规定的条款和条件来操作第一进程，并且第二进程选择是否至少基于代理执行 部分确定许可证评估者。 因此，第一过程取决于其第二操作过程。

公开(公告)号：US20070016803A1

公开(公告)日：2007-01-18

申请号：US11283593

申请日：2005-11-18

申请人： Andrey Lelikov

发明人： Andrey Lelikov

IPC分类号： G06F12/14

CPC分类号： G06F12/1425 ,  G06F21/6209 ,  G06F21/85 ,  G06F2221/2149

摘要： Sensitive data is stored in a secure buffer, and never in an unencrypted, accessible location at any time. The data is accessed only by low-level processor instructions that load only a portion of the data into processor registers. The portion of data can then be used before the next portion of data is transferred from the secure buffer into the processor registers. In some embodiments, only one portion is available at any time. In other embodiments, a number of portions may be available at one time. However, the entirety of the sensitive data is never present in the clear. Thus, the entirety of the sensitive data will never be available if an adversary gains access to the contents of memory.

摘要翻译： 敏感数据存储在安全缓冲区中，并且从不处于未加密的可访问位置。 数据只能通过将一部分数据加载到处理器寄存器中的低级处理器指令访问。 然后可以在下一部分数据从安全缓冲区传输到处理器寄存器之前使用该部分数据。 在一些实施例中，在任何时间只有一部分可用。 在其他实施例中，多个部分可以一次可用。 然而，敏感数据的整体从不存在。 因此，如果对手获得对内存内容的访问权限，则整个敏感数据将永远不可用。

公开(公告)号：US08800048B2

公开(公告)日：2014-08-05

申请号：US12123471

申请日：2008-05-20

申请人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

发明人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

IPC分类号： G06F21/00 ,  G06F21/14 ,  G06F21/12

CPC分类号： G06F21/14 ,  G06F21/125 ,  G06F2221/074

摘要： Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.

摘要翻译： 公开了用于执行用参数云保护计算机程序的方法的方法和工具或仪器。 可以创建包括多个元素的参数云。 计算机程序的调用函数可能定义了预期参数云状态，以便当参数云状态为预期参数云状态时，可以实现被调用函数的正确行为。 期望的参数云状态可以包括具有分配值的参数云的所选择的一组元素。 被叫函数的静态部分可以取决于当前参数云状态，并且调用函数可以在调用它们各自的被调用函数之前变换参数云状态。 方法和仪器可以对计算机程序的原始源代码或后二进制目标进行操作。 可以使用指纹来从一系列状态转换中识别特定的计算机程序。

公开(公告)号：US20090293041A1

公开(公告)日：2009-11-26

申请号：US12123471

申请日：2008-05-20

申请人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

发明人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

IPC分类号： G06F9/44

CPC分类号： G06F21/14 ,  G06F21/125 ,  G06F2221/074

摘要： Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.

摘要翻译： 公开了用于执行用参数云保护计算机程序的方法的方法和工具或仪器。 可以创建包括多个元素的参数云。 计算机程序的调用函数可能定义了预期参数云状态，以便当参数云状态为预期参数云状态时，可以实现被调用函数的正确行为。 期望的参数云状态可以包括具有分配值的参数云的所选择的一组元素。 被叫函数的静态部分可以取决于当前参数云状态，并且调用函数可以在调用它们各自的被调用函数之前变换参数云状态。 方法和仪器可以对计算机程序的原始源代码或后二进制目标进行操作。 可以使用指纹来从一系列状态转换中识别特定的计算机程序。

公开(公告)号：US20060191014A1

公开(公告)日：2006-08-24

申请号：US11404448

申请日：2006-04-14

申请人： Nir Zvi ,  Kristjan Hatlelid ,  Andrey Lelikov

发明人： Nir Zvi ,  Kristjan Hatlelid ,  Andrey Lelikov

IPC分类号： H04N7/16

CPC分类号： G06F21/125 ,  G06F8/656 ,  G06F21/54

摘要： A mechanism for redirecting a code execution path in a running process. A one-byte interrupt instruction (e.g., INT 3) is inserted into the code path. The interrupt instruction passes control to a kernel handler, which after executing a replacement function, returns to continue executing the process. The replacement function resides in a memory space that is accessible to the kernel handler. The redirection mechanism may be applied without requiring a reboot of the computing device on which the running process is executing. In addition, the redirection mechanism may be applied without overwriting more than one byte in the original code.

公开(公告)号：US20060069653A1

公开(公告)日：2006-03-30

申请号：US11273775

申请日：2005-11-14

申请人： Andrey Lelikov ,  Donald Rule ,  Kristjan Hatlelid ,  Nir Zvi

发明人： Andrey Lelikov ,  Donald Rule ,  Kristjan Hatlelid ,  Nir Zvi

IPC分类号： G06Q99/00

CPC分类号： G06F21/125 ,  G06F21/00 ,  G06Q99/00

摘要： Upon a first process encountering a triggering device, a second process chooses whether to proxy-execute code corresponding to the triggering device of the first process on behalf of such first process based at least in part on whether a license evaluator of the second process has determined that the first process is to be operated in accordance with the terms and conditions of a corresponding digital license. The license evaluator at least in part performs such determination by running a script corresponding to the triggering device in the code of the first process. Thus, the first process is dependent upon the second process and the license for operation thereof.