公开(公告)号：US20090315916A1

公开(公告)日：2009-12-24

申请号：US12145081

申请日：2008-06-24

申请人： Dirk Husemann ,  Samuel Muller ,  Michael Elton Nidd ,  Matthias Schunter ,  Diego M. Zamboni

发明人： Dirk Husemann ,  Samuel Muller ,  Michael Elton Nidd ,  Matthias Schunter ,  Diego M. Zamboni

IPC分类号： G06Q30/00 ,  G06F3/048

CPC分类号： G06Q30/06

摘要： A specification of a set of objects associated with at least one virtual world is obtained. The objects are laid out in a three-dimensional virtual representation. An on-the-fly virtual place is created in the virtual world, based on the layout. The virtual place depicts the set of objects in the three-dimensional virtual representation and enables navigation and interaction therewith

摘要翻译： 获得与至少一个虚拟世界相关联的一组对象的规范。 这些对象被布置在三维虚拟表示中。 基于布局，在虚拟世界中创建一个即时虚拟场所。 虚拟场景描绘了三维虚拟表示中的对象集，并使其能够进行导航和交互

公开(公告)号：US20100017866A1

公开(公告)日：2010-01-21

申请号：US12175503

申请日：2008-07-18

申请人： Bernhard Jansen ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

发明人： Bernhard Jansen ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

IPC分类号： H04L9/32

CPC分类号： H04L9/3234

摘要： A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system.

摘要翻译： 在（i）计算机系统的操作系统和（ii）计算机系统的至少第一和第二硬件设备之间插入第一虚拟化层。 经由第一虚拟化层在第一硬件设备和第二硬件设备之间传送数据，而不将数据暴露给操作系统。

公开(公告)号：US20090192780A1

公开(公告)日：2009-07-30

申请号：US12022184

申请日：2008-01-30

申请人： Martim Carbone ,  Bernhard Jansen ,  HariGovind V. Ramasamy ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

发明人： Martim Carbone ,  Bernhard Jansen ,  HariGovind V. Ramasamy ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

IPC分类号： G06F9/455 ,  G06F3/00

CPC分类号： G06F9/45537 ,  G06F11/0712 ,  G06F11/0793

摘要： At least one anomaly associated with at least one actual hardware element in a computer system having a plurality of hardware elements is addressed. The anomaly is detected, and, responsive to the detection, a virtualization layer is inserted between (i) an operating system of the computer system, and (ii) the plurality of hardware elements. Hardware emulation and/or selective hardware activation/deactivation are performed on the at least one actual hardware element by the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner.

摘要翻译： 与具有多个硬件元件的计算机系统中的至少一个实际硬件元件相关联的至少一个异常被寻址。 检测到异常，并且响应于检测，在（i）计算机系统的操作系统和（ii）多个硬件元件之间插入虚拟化层。 通过虚拟化层在至少一个实际硬件元件上执行硬件仿真和/或选择性硬件激活/去激活。 虚拟化层的插入是以飞行方式实现的。

公开(公告)号：US09250942B2

公开(公告)日：2016-02-02

申请号：US12022184

申请日：2008-01-30

申请人： Martim Carbone ,  Bernhard Jansen ,  HariGovind V. Ramasamy ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

发明人： Martim Carbone ,  Bernhard Jansen ,  HariGovind V. Ramasamy ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

IPC分类号： G06F9/455 ,  G06F11/07

CPC分类号： G06F9/45537 ,  G06F11/0712 ,  G06F11/0793

摘要： At least one anomaly associated with at least one actual hardware element in a computer system having a plurality of hardware elements is addressed. The anomaly is detected, and, responsive to the detection, a virtualization layer is inserted between (i) an operating system of the computer system, and (ii) the plurality of hardware elements. Hardware emulation and/or selective hardware activation/deactivation are performed on the at least one actual hardware element by the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner.

摘要翻译： 与具有多个硬件元件的计算机系统中的至少一个实际硬件元件相关联的至少一个异常被寻址。 检测到异常，并且响应于检测，在（i）计算机系统的操作系统和（ii）多个硬件元件之间插入虚拟化层。 通过虚拟化层在至少一个实际硬件元件上执行硬件仿真和/或选择性硬件激活/去激活。 虚拟化层的插入是以飞行方式实现的。

公开(公告)号：US08516564B2

公开(公告)日：2013-08-20

申请号：US12175503

申请日：2008-07-18

申请人： Bernhard Jansen ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

发明人： Bernhard Jansen ,  Matthias Schunter ,  Axel Tanner ,  Diego M. Zamboni

IPC分类号： G06F7/04

CPC分类号： H04L9/3234

摘要： A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system.

摘要翻译： 在（i）计算机系统的操作系统和（ii）计算机系统的至少第一和第二硬件设备之间插入第一虚拟化层。 经由第一虚拟化层在第一硬件设备和第二硬件设备之间传送数据，而不将数据暴露给操作系统。

公开(公告)号：US08689007B2

公开(公告)日：2014-04-01

申请号：US12054860

申请日：2008-03-25

申请人： Matthias Schunter ,  Axel Tanner ,  Bernhard Jansen

发明人： Matthias Schunter ,  Axel Tanner ,  Bernhard Jansen

IPC分类号： G06F21/00

CPC分类号： G06F12/145 ,  G06F12/1491 ,  G06F21/64 ,  G06F21/79

摘要： A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.

摘要翻译： 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法，包括在所述数据处理系统的虚拟机（VM）中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证，将存储器页面集合指定为可信页面，并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断，将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。

公开(公告)号：US08276201B2

公开(公告)日：2012-09-25

申请号：US12020612

申请日：2008-01-28

申请人： Matthias Schunter ,  Axel Tanner ,  Bernhard Jansen

发明人： Matthias Schunter ,  Axel Tanner ,  Bernhard Jansen

IPC分类号： G06F21/00

CPC分类号： G06F12/145 ,  G06F12/1491 ,  G06F21/64 ,  G06F21/79

摘要： A method for protecting the integrity of a set of memory pages to be accessed by an operating system of a data processing system, includes running the operating system in a virtual machine (VM) of the data processing system; verifying the integrity of the set of memory pages on loading of pages in the set to a memory of the data processing system for access by the operating system; in response to verification of the integrity, designating the set of memory pages as trusted pages and, in a page table to be used by the operating system during the access, marking non-trusted pages as paged; and in response to a subsequent page fault interrupt for a non-trusted page, remapping the set of pages to a region of the data processing system memory which is inaccessible to the virtual machine.

摘要翻译： 一种用于保护由数据处理系统的操作系统访问的一组存储器页面的完整性的方法，包括在所述数据处理系统的虚拟机（VM）中运行所述操作系统; 验证所述集合中的页面的集合在所述数据处理系统的存储器中的操作系统的存取的完整性; 响应于完整性的验证，将存储器页面集合指定为可信页面，并且在操作系统在访问期间使用的页表中将不可信页面标记为分页; 并且响应于不可信页面的后续页面错误中断，将该组页面重新映射到数据处理系统存储器的该虚拟机不可访问的区域。

公开(公告)号：US07770000B2

公开(公告)日：2010-08-03

申请号：US12124619

申请日：2008-05-21

申请人： Matthias Schunter ,  Jonathan A. Poritz ,  Michael Waidner ,  Elsie A. Van Herreweghen

发明人： Matthias Schunter ,  Jonathan A. Poritz ,  Michael Waidner ,  Elsie A. Van Herreweghen

IPC分类号： H04L29/06 ,  G06F12/14

CPC分类号： G06F21/57

摘要： Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.

摘要翻译： 用于验证计算平台安全性的方法和设备。 在验证计算平台的安全性的方法中，验证机首先通过完整性验证部件向平台发送验证请求。 然后，平台通过可信赖的平台模块产生取决于平台上加载的二进制文件的验证结果，并将其发送到完整性验证组件。 之后，完整性验证部件正在使用接收到的验证结果确定平台的安全属性并将其发送到验证机。 最后，验证机正在确定所确定的安全属性是否符合所需的安全属性。

公开(公告)号：US07617393B2

公开(公告)日：2009-11-10

申请号：US11764487

申请日：2007-06-18

申请人： Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Michael P. Waidner ,  Matthias Schunter

发明人： Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Michael P. Waidner ,  Matthias Schunter

IPC分类号： H04L29/00

CPC分类号： G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

摘要： A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

摘要翻译： 通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。

公开(公告)号：US20080256595A1

公开(公告)日：2008-10-16

申请号：US12124619

申请日：2008-05-21

申请人： Matthias Schunter ,  Jonathan A. Poritz ,  Michael Waidner ,  Elsie A. Van Herreweghen

发明人： Matthias Schunter ,  Jonathan A. Poritz ,  Michael Waidner ,  Elsie A. Van Herreweghen

IPC分类号： G06F21/00

CPC分类号： G06F21/57

摘要： Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.

摘要翻译： 用于验证计算平台安全性的方法和设备。 在验证计算平台的安全性的方法中，验证机首先通过完整性验证部件向平台发送验证请求。 然后，平台通过可信赖的平台模块产生取决于平台上加载的二进制文件的验证结果，并将其发送到完整性验证组件。 之后，完整性验证部件正在使用接收到的验证结果确定平台的安全属性并将其发送到验证机。 最后，验证机正在确定所确定的安全属性是否符合所需的安全属性。