-
公开(公告)号:US08091115B2
公开(公告)日:2012-01-03
申请号:US12245060
申请日:2008-10-03
IPC分类号: H04L29/06
CPC分类号: G06F21/554 , G06F21/56 , G06F21/78 , G06F21/85
摘要: Inline pattern matching and policy enforcement may be implemented by a memory storage device. In an example embodiment, a device-implemented method includes acts of receiving, intercepting, and performing and conditional acts of invoking or permitting. A request from a host to perform a memory access operation is received at a memory storage device. Data flowing between an I/O channel and physical storage of the memory storage device is intercepted. A pattern matching procedure is performed on the data with reference to multiple target patterns in real-time while the data is being intercepted. If a pattern match is detected between the data and a target pattern, a policy enforcement mechanism is invoked. If a pattern match is not detected between the data and the multiple target patterns, the request from the host to perform the memory access operation is permitted.
摘要翻译: 内联模式匹配和策略实施可以由存储器存储设备实现。 在示例实施例中,设备实现的方法包括接收,拦截和执行以及调用或许可的条件动作的动作。 在存储器存储设备处接收来自主机执行存储器访问操作的请求。 在I / O通道和存储器存储设备的物理存储之间流动的数据被截取。 在数据被截获的同时,实时参照多个目标模式对数据执行模式匹配过程。 如果在数据和目标模式之间检测到模式匹配,则调用策略实施机制。 如果在数据和多个目标模式之间未检测到模式匹配,则允许来自主机执行存储器访问操作的请求。
-
公开(公告)号:US20100088759A1
公开(公告)日:2010-04-08
申请号:US12245060
申请日:2008-10-03
CPC分类号: G06F21/554 , G06F21/56 , G06F21/78 , G06F21/85
摘要: Inline pattern matching and policy enforcement may be implemented by a memory storage device. In an example embodiment, a device-implemented method includes acts of receiving, intercepting, and performing and conditional acts of invoking or permitting. A request from a host to perform a memory access operation is received at a memory storage device. Data flowing between an I/O channel and physical storage of the memory storage device is intercepted. A pattern matching procedure is performed on the data with reference to multiple target patterns in real-time while the data is being intercepted. If a pattern match is detected between the data and a target pattern, a policy enforcement mechanism is invoked. If a pattern match is not detected between the data and the multiple target patterns, the request from the host to perform the memory access operation is permitted.
摘要翻译: 内联模式匹配和策略实施可以由存储器存储设备实现。 在示例实施例中,设备实现的方法包括接收,拦截和执行以及调用或许可的条件动作的动作。 在存储器存储设备处接收来自主机执行存储器访问操作的请求。 在I / O通道和存储器存储设备的物理存储之间流动的数据被截取。 在数据被截获的同时,实时参照多个目标模式对数据执行模式匹配过程。 如果在数据和目标模式之间检测到模式匹配,则调用策略实施机制。 如果在数据和多个目标模式之间未检测到模式匹配,则允许来自主机执行存储器访问操作的请求。
-
公开(公告)号:US20100199108A1
公开(公告)日:2010-08-05
申请号:US12364523
申请日:2009-02-03
IPC分类号: G06F12/14
CPC分类号: G06F21/805
摘要: Described is a technology by which files that are hardware protected on a storage device, such as a USB flash drive, are managed on a host, including by integration with an existing file system. Each file maintained on a storage device is associated with a protection attribute that corresponds to that file's device hardware protection level. Requests directed towards accessing metadata or actual file data are processed based upon the protection attribute and a state of authentication, e.g., to allow or deny access, show file icons along with their level of protection, change levels, and so forth. Also described is splitting a file system file table into multiple file tables, one file table for each level of protection. Entries in the split file tables are maintained based on each file's current level; space allocation tracking entries are also maintained to track the space used by other split tables.
摘要翻译: 描述了通过在主机上管理诸如USB闪存驱动器的存储设备上被硬件保护的文件的技术,包括通过与现有文件系统的集成。 存储设备上维护的每个文件都与保护属性相关联,该属性对应于该文件的设备硬件保护级别。 基于保护属性和认证状态(例如,允许或拒绝访问)显示文件图标以及其保护级别,改变级别等来处理针对访问元数据或实际文件数据的请求。 还描述了将文件系统文件表分割成多个文件表,一个文件表用于每个级别的保护。 分割文件表中的条目将根据每个文件的当前级别进行维护; 还维护空间分配跟踪条目以跟踪其他拆分表使用的空间。
-
4.发明申请PROVIDING A SINGLE DRIVE LETTER USER EXPERIENCE AND REGIONAL BASED ACCESS CONTROL WITH RESPECT TO A STORAGE DEVICE 有权提供单一驱动器用户体验和基于区域的访问控制与存储设备公开(公告)号:US20090276595A1
公开(公告)日:2009-11-05
申请号:US12113199
申请日:2008-04-30
CPC分类号: G06F12/1441 , G06F12/1483 , G06F21/6218
摘要: A method and a storage device may be provided. The storage device may include physical storage subdivided into a number of regions. The regions may start and end based on logical block addresses specified in a region table. At least one of the regions may be mapped to a logical drive letter. One or more others of the regions may be mapped to a subfolder with respect to the logical drive letter. The storage device may include an access control table. Each entry of the access control table may correspond to a respective region of the physical storage. Each of the entries of the access control table may indicate whether the respective region is protected and whether at least one entity is permitted protected access to the respective region after being successfully authenticated.
摘要翻译: 可以提供一种方法和存储装置。 存储设备可以包括细分为多个区域的物理存储器。 区域可以基于区域表中指定的逻辑块地址开始和结束。 至少一个区域可以被映射到逻辑驱动器盘符。 可以将该区域中的一个或多个其他区域映射到相对于逻辑驱动器盘符的子文件夹。 存储装置可以包括访问控制表。 访问控制表的每个条目可以对应于物理存储器的相应区域。 访问控制表的每个条目可以指示相应区域是否受到保护,以及是否允许至少一个实体在被成功认证之后被保护对相应区域的访问。
-
公开(公告)号:US08898460B2
公开(公告)日:2014-11-25
申请号:US12364523
申请日:2009-02-03
IPC分类号: H04L29/06
CPC分类号: G06F21/805
摘要: Described is a technology by which files that are hardware protected on a storage device, such as a USB flash drive, are managed on a host, including by integration with an existing file system. Each file maintained on a storage device is associated with a protection attribute that corresponds to that file's device hardware protection level. Requests directed towards accessing metadata or actual file data are processed based upon the protection attribute and a state of authentication, e.g., to allow or deny access, show file icons along with their level of protection, change levels, and so forth. Also described is splitting a file system file table into multiple file tables, one file table for each level of protection. Entries in the split file tables are maintained based on each file's current level; space allocation tracking entries are also maintained to track the space used by other split tables.
摘要翻译: 描述了通过在主机上管理诸如USB闪存驱动器的存储设备上被硬件保护的文件的技术,包括通过与现有文件系统的集成。 存储设备上维护的每个文件都与保护属性相关联,该属性对应于该文件的设备硬件保护级别。 基于保护属性和认证状态(例如,允许或拒绝访问)显示文件图标以及其保护级别,改变级别等来处理针对访问元数据或实际文件数据的请求。 还描述了将文件系统文件表分割成多个文件表,一个文件表用于每个级别的保护。 分割文件表中的条目将根据每个文件的当前级别进行维护; 还维护空间分配跟踪条目以跟踪其他拆分表使用的空间。
-
公开(公告)号:US08806220B2
公开(公告)日:2014-08-12
申请号:US12349516
申请日:2009-01-07
CPC分类号: G06F12/1416 , G06F21/57 , G06F2212/1052 , G06F2221/2101
摘要: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.
摘要翻译: 描述了一种瞬态存储设备或基于安全执行环境(例如,包括嵌入式处理器)设备验证主计算机系统的技术。 该设备将主机系统数据的哈希值与在设备的受保护存储中维护的有效散列进行比较。 主机数据可以是文件,数据块和/或存储器内容。 当主机系统数据与受保护存储器中的信息不匹配时,该装置采取行动,例如记录关于不匹配的信息和/或提供验证失败的指示,例如经由LED和/或显示屏幕输出。 此外,比较可以是引导过程验证的一部分,并且该操作可以阻止引导过程继续或替换无效文件。 或者,验证可以在任何时间进行。
-
公开(公告)号:US08209501B2
公开(公告)日:2012-06-26
申请号:US12435737
申请日:2009-05-05
IPC分类号: G06F13/00
CPC分类号: G06F17/3007 , G06F9/4418
摘要: Operating system states capture and loading technique embodiments are presented that involve the capture and loading of baseline system states. This is accomplished, in one embodiment, by storing the states of a computer's operating system memory that it is desired to restore at a future time. No changes are permitted to the persisted storage associated with the computer. Instead, changes that would have been made to the persisted storage during an ensuing computing session, had they not been prevented, are stored in a separate computing session file. Whenever it is desired to return the operating system to its baseline condition, the stored baseline system memory states are loaded into the operating system memory, in lieu of the operating system memory's current states.
摘要翻译: 提出了涉及捕获和加载基线系统状态的操作系统状态捕获和加载技术实施例。 这在一个实施例中通过存储希望在将来的时间恢复的计算机的操作系统存储器的状态来实现。 与计算机相关联的持久存储器不允许更改。 相反,如果没有阻止在随后的计算会话期间对持久存储进行的更改将被存储在单独的计算会话文件中。 无论何时需要将操作系统恢复到其基准状态,存储的基线系统存储器状态将被加载到操作系统存储器中,以代替操作系统存储器的当前状态。
-
8.发明申请DYNAMIC LOGICAL UNIT NUMBER CREATION AND PROTECTION FOR A TRANSIENT STORAGE DEVICE 审中-公开动态逻辑单元创建和保护瞬态存储设备公开(公告)号:US20090307451A1
公开(公告)日:2009-12-10
申请号:US12262134
申请日:2008-10-30
CPC分类号: G06F12/1483
摘要: A dynamic logical unit number system is implemented as a storage device that includes processing logic and storage functionality. A storage device may be configured to provide a first logical unit number when the storage device is attached to a computer system or other computing device. The storage device through its dynamic logical unit number system provides a configuration interface through which the computer system can configure additional logical unit numbers and reconfigure existing logical unit numbers of the storage device. After the redefinition of the logical unit numbers, the dynamic logical unit number system may cause a reestablishment of the connection between the storage device and the computer system. Upon establishing the new connection, the computer system recognizes the redefined logical unit numbers and treats each logical unit number as a separate storage device, including assigning a different number to each logical unit number.
摘要翻译: 动态逻辑单元号系统被实现为包括处理逻辑和存储功能的存储设备。 存储设备可以被配置为当存储设备附接到计算机系统或其他计算设备时提供第一逻辑单元号。 存储设备通过其动态逻辑单元号系统提供配置接口,计算机系统可通过该配置接口配置附加的逻辑单元号,并重新配置存储设备的现有逻辑单元号。 在重新定义逻辑单元号之后,动态逻辑单元号系统可能导致重新建立存储设备和计算机系统之间的连接。 在建立新的连接之后,计算机系统识别重新定义的逻辑单元号码,并将每个逻辑单元号码视为单独的存储设备,包括为每个逻辑单元号码分配不同的号码。
-
公开(公告)号:US08949407B2
公开(公告)日:2015-02-03
申请号:US12486069
申请日:2009-06-17
IPC分类号: G06F15/173 , G06F11/34 , G06Q30/02 , G06F15/16 , G06F15/177
CPC分类号: G06F11/3414 , G06F11/3438 , G06Q30/02
摘要: The described implementations relate to capturing a computing experience. In one case, a user session capture tool can launch a remote user session where a user-interface and user inputs are gathered from a single computing device. Remote user session data produced by the remote user session can be analyzed to determine user activity.
摘要翻译: 所描述的实现涉及捕获计算体验。 在一种情况下,用户会话捕获工具可以启动用户界面和用户输入从单个计算设备收集的远程用户会话。 可以分析由远程用户会话产生的远程用户会话数据以确定用户活动。
-
公开(公告)号:US20140351544A1
公开(公告)日:2014-11-27
申请号:US14458223
申请日:2014-08-12
IPC分类号: G06F12/14
CPC分类号: G06F12/1416 , G06F21/57 , G06F2212/1052 , G06F2221/2101
摘要: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.
摘要翻译: 描述了一种瞬态存储设备或基于安全执行环境(例如,包括嵌入式处理器)设备验证主计算机系统的技术。 该设备将主机系统数据的哈希值与在设备的受保护存储中维护的有效散列进行比较。 主机数据可以是文件,数据块和/或存储器内容。 当主机系统数据与受保护存储器中的信息不匹配时,该装置采取行动,例如记录关于不匹配的信息和/或提供验证失败的指示,例如经由LED和/或显示屏幕输出。 此外,比较可以是引导过程验证的一部分,并且该操作可以阻止引导过程继续或替换无效文件。 或者,验证可以在任何时间进行。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.079 秒)
