-
公开(公告)号:US20110252483A1
公开(公告)日:2011-10-13
申请号:US13165504
申请日:2011-06-21
申请人: David Cross , Scott Field , Varugis Kurien
发明人: David Cross , Scott Field , Varugis Kurien
IPC分类号: G06F21/00
CPC分类号: H04L63/102 , G06F21/6218 , G06Q10/06
摘要: This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.
摘要翻译: 本文档描述了能够接收信誉元数据的工具,有效地使得能够更好地决定是否授权操作。 这些工具可以从这个信誉元数据中构建一个信誉值,并且根据这个值和一个授权规则,更好地决定是否授权一些程序,应用程序或者其他actor请求的操作。
-
公开(公告)号:US07991902B2
公开(公告)日:2011-08-02
申请号:US11608757
申请日:2006-12-08
申请人: David Cross , Scott Field , Varugis Kurien
发明人: David Cross , Scott Field , Varugis Kurien
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L63/102 , G06F21/6218 , G06Q10/06
摘要: This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.
摘要翻译: 本文档描述了能够接收信誉元数据的工具,有效地使得能够更好地决定是否授权操作。 这些工具可以从这个信誉元数据中构建一个信誉值,并且根据这个值和一个授权规则,更好地决定是否授权一些程序,应用程序或者其他actor请求的操作。
-
公开(公告)号:US20080141366A1
公开(公告)日:2008-06-12
申请号:US11608757
申请日:2006-12-08
申请人: David Cross , Scott Field , Varugis Kurien
发明人: David Cross , Scott Field , Varugis Kurien
IPC分类号: H04L9/32
CPC分类号: H04L63/102 , G06F21/6218 , G06Q10/06
摘要: This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.
摘要翻译: 本文档描述了能够接收信誉元数据的工具,有效地使得能够更好地决定是否授权操作。 这些工具可以从这个信誉元数据中构建一个信誉值,并且根据这个值和一个授权规则,更好地决定是否授权一些程序,应用程序或者其他actor请求的操作。
-
4.发明授权Integrating security protection tools with computer device integrity and privacy policy 有权将安全保护工具与计算机设备完整性和隐私政策集成公开(公告)号:US08117441B2
公开(公告)日:2012-02-14
申请号:US11472052
申请日:2006-06-20
申请人: Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
发明人: Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
摘要: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
-
公开(公告)号:US20100107218A1
公开(公告)日:2010-04-29
申请号:US12257765
申请日:2008-10-24
申请人: Thekkthalackal Varugis Kurien , Cormac E. Herley , Alice Jane Bernheim Brush , Daniel C. Robbins , Arindam Chatterjee , Scott Field
发明人: Thekkthalackal Varugis Kurien , Cormac E. Herley , Alice Jane Bernheim Brush , Daniel C. Robbins , Arindam Chatterjee , Scott Field
IPC分类号: H04L9/32
CPC分类号: H04L9/3263 , G06F13/24 , G06F2221/2149 , G07F7/0826 , G07F7/1008 , H04L2209/56
摘要: Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.
摘要翻译: 建立安全隔间的系统和方法,用于管理用户机器上的敏感用户事务/信息。 安全隔间限定用户与机器的交互,并将这种合格的交互与机器上的其他用户活动分开。 在发生预定事件时,例如以明确的请求(例如,安全注意序列)的形式,用户切换到这样的安全隔间; 隐式请求(例如,推断用户活动); 以及绑定到固定隔间(例如,USB)的外围设备的存在,其中这样的动作通常不能由在安全隔间外部运行的应用程序产生。
-
6.发明申请Integrating security protection tools with computer device integrity and privacy policy 有权将安全保护工具与计算机设备完整性和隐私政策集成公开(公告)号:US20080022093A1
公开(公告)日:2008-01-24
申请号:US11472052
申请日:2006-06-20
申请人: Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
发明人: Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
IPC分类号: H04L9/00
摘要: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
-
7.发明授权Integrating security protection tools with computer device integrity and privacy policy 有权将安全保护工具与计算机设备完整性和隐私政策集成公开(公告)号:US08347085B2
公开(公告)日:2013-01-01
申请号:US13341855
申请日:2011-12-30
申请人: Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
发明人: Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
IPC分类号: H04L29/06
摘要: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为程序)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为完整性标签)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
-
公开(公告)号:US09166797B2
公开(公告)日:2015-10-20
申请号:US12257765
申请日:2008-10-24
申请人: Thekkthalackal Varugis Kurien , Cormac E. Herley , Alice Jane Bernheim Brush , Daniel C. Robbins , Arindam Chatterjee , Scott Field
发明人: Thekkthalackal Varugis Kurien , Cormac E. Herley , Alice Jane Bernheim Brush , Daniel C. Robbins , Arindam Chatterjee , Scott Field
CPC分类号: H04L9/3263 , G06F13/24 , G06F2221/2149 , G07F7/0826 , G07F7/1008 , H04L2209/56
摘要: Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.
摘要翻译: 建立安全隔间的系统和方法,用于管理用户机器上的敏感用户事务/信息。 安全隔间限定用户与机器的交互,并将这种合格的交互与机器上的其他用户活动分开。 在发生预定事件时,例如以明确的请求(例如,安全注意序列)的形式,用户切换到这样的安全隔间; 隐式请求(例如,推断用户活动); 以及绑定到固定隔间(例如,USB)的外围设备的存在,其中这样的动作通常不能由在安全隔间外部运行的应用程序产生。
-
9.发明申请INTEGRATING SECURITY PROTECTION TOOLS WITH COMPUTER DEVICE INTEGRITY AND PRIVACY POLICY 有权集成安全保护工具与计算机设备完整性和隐私政策公开(公告)号:US20120102577A1
公开(公告)日:2012-04-26
申请号:US13341855
申请日:2011-12-30
申请人: Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
发明人: Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
IPC分类号: G06F21/24
摘要: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
-
公开(公告)号:US20050114688A1
公开(公告)日:2005-05-26
申请号:US10721562
申请日:2003-11-25
申请人: Benjamin Leis , David Cross , Duncan Bryce , Jianrong Gu , Rajeev Nagar , Scott Field
发明人: Benjamin Leis , David Cross , Duncan Bryce , Jianrong Gu , Rajeev Nagar , Scott Field
CPC分类号: G06F12/145 , G06F21/62 , G06F21/6281 , G06F21/80 , G06F2221/2143
摘要: An operating system copies data from memory pages into a paging file on disk, in order to free up space in the memory. A mechanism is disclosed that causes the data to be encrypted as it is copied into the paging file, thereby protecting the paged data from unauthorized (or otherwise undesired) observation. The data that is stored in the paging file is encrypted with a session key, that is generated shortly after the machine on which the paging file exists is started. The session key, which is used both for encryption and decryption of the paging file data, is stored in volatile memory, so that the key is not persisted across boots of the machine. Since the key is not persisted across boots, old paging file data that was stored prior to the most recent boot cannot be recovered in clear text, thereby protecting the data from observation.
摘要翻译: 操作系统将数据从内存页复制到磁盘上的页面文件中,以释放内存中的空间。 公开了一种机制,使得数据在被复制到寻呼文件中时被加密,从而保护分页数据免受未经授权(或以其他方式不希望的)观察。 存储在页面文件中的数据使用会话密钥进行加密,会话密钥是在启动了分页文件的计算机之后不久生成的。 用于分页文件数据的加密和解密的会话密钥存储在易失性存储器中,使得密钥不会在机器的引导上持久存储。 由于密钥在整个引导过程中不会持久存在,所以在最新引导之前存储的旧页面文件数据无法以明文形式恢复,从而保护数据免受观察。
-
-
-
-
-
-
-
-
-
搜索结果
57 条记录 (耗时 0.019 秒)
