-
公开(公告)号:US09425965B2
公开(公告)日:2016-08-23
申请号:US13372390
申请日:2012-02-13
申请人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
CPC分类号: H04L9/3263 , G06F21/577 , G06F2221/034
摘要: Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
摘要翻译: 描述了用托管计算机提供持久的安全执行环境的实现。 计算系统的主机操作系统向在由安全启用的处理器初始化的硬件保护的存储器区域的安全执行环境中执行的持久性模块提供加密的检查点。 加密的检查点至少部分地从另一个安全执行环境导出,该安全执行环境被加密地认证为包括在激活状态下建立的另一硬件保护的存储器区域以避免执行不被客户机系统信任的软件。
-
公开(公告)号:US09413538B2
公开(公告)日:2016-08-09
申请号:US13323465
申请日:2011-12-12
申请人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
CPC分类号: H04L9/3263 , G06F21/577 , G06F2221/034
摘要: Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
摘要翻译: 描述了用托管计算机提供安全执行环境的实现。 支持安全性的处理器建立具有仅执行由客户端系统识别的软件的激活状态的硬件保护的存储器区域。 由硬件保护的存储区域外部执行的代码无法访问硬件保护的存储器区域。 将证书发送到客户端系统,以指示安全执行环境在其激活状态下仅由请求识别的软件建立。
-
公开(公告)号:US20130151846A1
公开(公告)日:2013-06-13
申请号:US13323465
申请日:2011-12-12
申请人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
IPC分类号: H04L9/32
CPC分类号: H04L9/3263 , G06F21/577 , G06F2221/034
摘要: Implementations for providing a secure execution environment with a hosted computer are described. A security-enabled processor establishes a hardware-protected memory area with an activation state that executes only software identified by a client system. The hardware-protected memory area is inaccessible by code that executes outside the hardware-protected memory area. A certification is transmitted to the client system to indicate that the secure execution environment is established, in its activation state, with only the software identified by the request.
摘要翻译: 描述了用托管计算机提供安全执行环境的实现。 支持安全性的处理器建立具有仅执行由客户端系统识别的软件的激活状态的硬件保护的存储器区域。 由硬件保护的存储区域外部执行的代码无法访问硬件保护的存储器区域。 将证书发送到客户端系统,以指示安全执行环境在其激活状态下仅由请求识别的软件建立。
-
4.发明授权Facilitating system service request interactions for hardware-protected applications 有权促进硬件保护应用程序的系统服务请求交互公开(公告)号:US09389933B2
公开(公告)日:2016-07-12
申请号:US13323562
申请日:2011-12-12
申请人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
CPC分类号: G06F9/545 , G06F21/53 , G06F21/60 , G06F21/602 , G06F21/74
摘要: Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.
摘要翻译: 这里描述的是用于提供平台适配层的实现,其使应用能够在利用驻留在隔离容器外部的主机平台资源的同时在用户模式的硬件保护的隔离容器内执行。 平台适配层有助于应用程序和主机平台之间的系统服务请求交互。 作为促进的一部分,平台适配层的安全服务组件执行安全相关的动作。
-
5.发明申请Facilitating System Service Request Interactions for Hardware-Protected Applications 有权促进硬件保护应用程序的系统服务请求交互公开(公告)号:US20130152209A1
公开(公告)日:2013-06-13
申请号:US13323562
申请日:2011-12-12
申请人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
IPC分类号: G06F21/00
CPC分类号: G06F9/545 , G06F21/53 , G06F21/60 , G06F21/602 , G06F21/74
摘要: Described herein are implementations for providing a platform adaptation layer that enables applications to execute inside a user-mode hardware-protected isolation container while utilizing host platform resources that reside outside of the isolation container. The platform adaptation layer facilitates a system service request interaction between the application and the host platform. As part of the facilitating, a secure services component of the platform adaptation layer performs a security-relevant action.
摘要翻译: 这里描述的是用于提供平台适配层的实现,其使应用能够在利用驻留在隔离容器外部的主机平台资源的同时在用户模式的硬件保护的隔离容器内执行。 平台适配层有助于应用程序和主机平台之间的系统服务请求交互。 作为促进的一部分,平台适配层的安全服务组件执行安全相关的动作。
-
6.发明申请公开(公告)号:US20130151848A1
公开(公告)日:2013-06-13
申请号:US13372390
申请日:2012-02-13
申请人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
发明人: Andrew A. Baumann , Galen C. Hunt , Marcus Peinado
CPC分类号: H04L9/3263 , G06F21/577 , G06F2221/034
摘要: Implementations for providing a persistent secure execution environment with a hosted computer are described. A host operating system of a computing system provides an encrypted checkpoint to a persistence module that executes in a secure execution environment of a hardware-protected memory area initialized by a security-enabled processor. The encrypted checkpoint is derived at least partly from another secure execution environment that is cryptographically certifiable as including another hardware-protected memory area established in an activation state to refrain from executing software not trusted by the client system.
摘要翻译: 描述了用托管计算机提供持久的安全执行环境的实现。 计算系统的主机操作系统向在由安全启用的处理器初始化的硬件保护的存储器区域的安全执行环境中执行的持久性模块提供加密的检查点。 加密的检查点至少部分地从另一个安全执行环境导出,该安全执行环境被加密地认证为包括在激活状态下建立的另一硬件保护的存储器区域以避免执行不被客户机系统信任的软件。
-
公开(公告)号:US09916439B2
公开(公告)日:2018-03-13
申请号:US13427342
申请日:2012-03-22
CPC分类号: G06F21/53
摘要: The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.
-
公开(公告)号:US09329845B2
公开(公告)日:2016-05-03
申请号:US12477954
申请日:2009-06-04
申请人: Weidong Cui , Marcus Peinado
发明人: Weidong Cui , Marcus Peinado
IPC分类号: G06F9/45
CPC分类号: G06F8/434
摘要: A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要翻译: 本文描述的系统包括从计算设备的计算机可读介质接收源代码的接收器组件和在源代码上执行点对分析算法以产生点对图的静态分析组件,其中 点对图是包括多个节点和多个边缘的有向图,其中点对图的节点表示源代码中的指针,边缘表示源代码中的包含关系。 该系统还包括至少部分地基于源代码中的已知类型定义和全局变量来推断源代码中的通用指针的目标类型的推理组件。
-
公开(公告)号:US09183406B2
公开(公告)日:2015-11-10
申请号:US13012573
申请日:2011-01-24
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用公钥加密来生成包含数据的密文,只有满足一个或多个条件,才允许从密文获得数据。 根据另一方面,从调用程序接收位串。 使用公钥解密解密比特串中的数据,只有满足包含在比特串中的一个或多个条件时才返回给调用程序。
-
公开(公告)号:US08601286B2
公开(公告)日:2013-12-03
申请号:US13015440
申请日:2011-01-27
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F12/14
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译: 根据某些方面,接收数据并生成并输出数字签名。 数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件,或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名 一个或多个处理器。
-
-
-
-
-
-
-
-
-
搜索结果
159 条记录 (耗时 0.039 秒)
