-
公开(公告)号:US20050188210A1
公开(公告)日:2005-08-25
申请号:US10787871
申请日:2004-02-25
申请人: Eric Perlin , Klaus Schutz , Stefan Richards , Sermet Iskin
发明人: Eric Perlin , Klaus Schutz , Stefan Richards , Sermet Iskin
摘要: A system and method facilitating secure credential management is provided. An aspect of the present invention provides for a credential management system including a credential user interface component, a trusted proxy component and a secure user interface component. The system can facilitate the secure acquisition, storage and/or application of credential(s) for a user (e.g., when accessing a particular resource) through a secure, isolated environment. For example, the system can be a core building block for operating system component(s) and/or application(s) that handle credential(s) in a secure manner.
摘要翻译: 提供了一种促进安全凭证管理的系统和方法。 本发明的一个方面提供了一种包括凭证用户界面组件,可信代理组件和安全用户界面组件的凭证管理系统。 该系统可以通过安全的隔离环境促进对用户的证书的安全获取,存储和/或应用(例如,当访问特定资源时)。 例如,系统可以是用于以安全的方式处理凭证的操作系统组件和/或应用的核心构建块。
-
公开(公告)号:US20130061316A1
公开(公告)日:2013-03-07
申请号:US13225945
申请日:2011-09-06
申请人: Sermet Iskin , John A.M. Hazen , Liang Zhao , Scott B. Graham , John M. Sheelan
发明人: Sermet Iskin , John A.M. Hazen , Liang Zhao , Scott B. Graham , John M. Sheelan
IPC分类号: G06F21/00
CPC分类号: G06F21/53 , G06F21/6218 , G06F2221/2141 , G06F2221/2149
摘要: Capability access management techniques for processes are described. In one or more implementations, a token is formed having one or more security identifiers that reference capabilities described in a manifest for the executable code responsive to an input received to initiate execution of executable code installed on the computing device. The one or more processes formed through execution of the executable code on the computing device are associated with the token, the token usable to manage access of the one or more processes to the capabilities of the computing device.
摘要翻译: 描述进程的能力访问管理技术。 在一个或多个实现中,形成具有一个或多个安全标识符的令牌,所述安全标识符响应于接收到的输入来引用可执行代码的清单中描述的能力,以启动安装在计算设备上的可执行代码的执行。 通过在计算设备上执行可执行代码形成的一个或多个过程与令牌相关联,令牌可用于管理一个或多个进程对计算设备的能力的访问。
-
公开(公告)号:US07602903B2
公开(公告)日:2009-10-13
申请号:US10759636
申请日:2004-01-16
IPC分类号: H04L9/00
CPC分类号: G06F21/602 , H04L9/088
摘要: Methods and apparatuses are provided that can inform certain processes and/or even the user about the relative strength/weakness of cryptography services being used. In certain methods, for example, at least one cryptography service parameter threshold is established. The method further includes, selectively detecting a request for at least one cryptography service, and selectively performing at least one correctness detection action based on the requested cryptography service and the cryptography service parameter threshold. The cryptography service parameter threshold identifies acceptable/unacceptable cryptography algorithms, acceptable/unacceptable cryptography key size parameters, acceptable/unacceptable cryptography seed size parameters, and other like parameters that the requested cryptography service information can be compared with.
摘要翻译: 提供了可以向某些进程和/或甚至用户通知正在使用的加密服务的相对强度/弱点的方法和装置。 在某些方法中,例如,建立至少一个密码服务参数阈值。 该方法还包括:选择性地检测对至少一个密码服务的请求,以及基于所请求的密码服务和密码服务参数阈值选择性地执行至少一个正确性检测动作。 加密服务参数阈值识别可接受/不可接受的加密算法,可接受/不可接受的加密密钥大小参数,可接受/不可接受的加密种子大小参数以及可以与所请求的密码服务信息进行比较的其他类似参数。
-
公开(公告)号:US09773102B2
公开(公告)日:2017-09-26
申请号:US13229367
申请日:2011-09-09
申请人: Scott Graham , Kavitha Radhakrishnan , Sermet Iskin , Katrina M. Blanch , Steven Ball , John Hazen , Tyler Kien Beam , Allen Kim , Guillermo Enrique Rueda Quintero
发明人: Scott Graham , Kavitha Radhakrishnan , Sermet Iskin , Katrina M. Blanch , Steven Ball , John Hazen , Tyler Kien Beam , Allen Kim , Guillermo Enrique Rueda Quintero
CPC分类号: G06F21/335 , G06F21/6218 , G06F2221/2141
摘要: Methods, systems, and computer program products are provided for enabling selective file system access by applications. An application is installed in a computing device. An application manifest associated with the application is received. The application manifest indicates one or more file types that the application is allowed to access. The indicated file type(s) are registered in a location accessible by a broker service. The application is launched as an application process. The application process is isolated in an application container. The application container prevents direct access by the application process to file system data. An access request related to first data of the file system data is received at the broker service from the application process. Access by the application process to the first data is enabled when the broker service determines that a file type of the first data is included in the registered file type(s).
-
公开(公告)号:US08973158B2
公开(公告)日:2015-03-03
申请号:US13186474
申请日:2011-07-20
申请人: Saji Abraham , Hart Wilson , Tassaduq Basu , Sermet Iskin , Liang Zhao
发明人: Saji Abraham , Hart Wilson , Tassaduq Basu , Sermet Iskin , Liang Zhao
CPC分类号: G06F21/604 , G06F21/51 , G06F21/52 , G06F21/53 , G06F2221/2113
摘要: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.
摘要翻译: 隔离执行环境为应用程序提供有限的资源来执行应用程序。 应用程序可能需要访问与隔离执行环境之外的特定信任级别相关联的安全资源。 信任激活引擎确定与资源请求相关联的信任级别,并基于信任级别进行不同的操作。 代理进程可以用于执行提供对具有与隔离执行环境分离的执行环境中的部分信任级别的资源的访问的组件。
-
公开(公告)号:US20130067600A1
公开(公告)日:2013-03-14
申请号:US13229367
申请日:2011-09-09
申请人: Scott Graham , Kavitha Radhakrishnan , Sermet Iskin , Katrina M. Blanch , Steven Ball , John Hazen , Tyler Kien Beam , Allen Kim , Guillermo Enrique Rueda Quintero
发明人: Scott Graham , Kavitha Radhakrishnan , Sermet Iskin , Katrina M. Blanch , Steven Ball , John Hazen , Tyler Kien Beam , Allen Kim , Guillermo Enrique Rueda Quintero
IPC分类号: G06F21/00
CPC分类号: G06F21/335 , G06F21/6218 , G06F2221/2141
摘要: Methods, systems, and computer program products are provided for enabling selective file system access by applications. An application is installed in a computing device. An application manifest associated with the application is received. The application manifest indicates one or more file types that the application is allowed to access. The indicated file type(s) are registered in a location accessible by a broker service. The application is launched as an application process. The application process is isolated in an application container. The application container prevents direct access by the application process to file system data. An access request related to first data of the file system data is received at the broker service from the application process. Access by the application process to the first data is enabled when the broker service determines that a file type of the first data is included in the registered file type(s).
摘要翻译: 提供了方法,系统和计算机程序产品,以实现应用程序的选择性文件系统访问。 应用程序安装在计算设备中。 收到与应用程序关联的应用程序清单。 应用程序清单指示应用程序允许访问的一个或多个文件类型。 指定的文件类型被注册在可由代理服务访问的位置。 该应用程序作为应用程序进程启动。 应用程序进程在应用程序容器中被隔离。 应用程序容器阻止应用程序进程直接访问文件系统数据。 从应用程序进程在代理服务处接收与文件系统数据的第一数据有关的访问请求。 当代理服务确定第一数据的文件类型被包括在注册的文件类型中时,由应用进程访问第一数据被启用。
-
公开(公告)号:US09118686B2
公开(公告)日:2015-08-25
申请号:US13226223
申请日:2011-09-06
申请人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
发明人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
CPC分类号: H04L63/102 , G06F21/335 , G06F21/51 , G06F21/52 , G06F2221/2121 , G06F2221/2141 , G06F2221/2145 , H04L63/20 , H04L67/34
摘要: Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination.
摘要翻译: 描述每个进程联网能力技术。 在一个或多个实现中,确定是否允许基于与该过程相关联的令牌在计算设备上执行的进程对网络能力的访问。 令牌具有引用清单中描述的一个或多个网络能力的一个或多个安全标识符。 基于确定来管理对网络能力的访问。
-
公开(公告)号:US20130061282A1
公开(公告)日:2013-03-07
申请号:US13227201
申请日:2011-09-07
IPC分类号: G06F21/00
CPC分类号: G06F21/629 , G06F21/52 , G06F21/53 , G06F21/56 , G06F21/566 , G06F2221/2141 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1483
摘要: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.
摘要翻译: 描述用于应用的内容处理的技术。 在一个或多个实现中,为允许调用计算设备的代码元素的应用的第一部分强制执行第一组内容处理策略,并且为应用的第二部分强制执行第二组内容处理策略 这是不允许调用代码元素的。 此外,确定是否基于应用的哪个部分请求内容来应用第一组内容处理策略或第二组内容处理策略到内容。
-
公开(公告)号:US20090327994A1
公开(公告)日:2009-12-31
申请号:US12146462
申请日:2008-06-26
IPC分类号: G06F9/44
摘要: The described method and system synchronizes source code with byproducts or artifacts of an application creation process. In one embodiment, a generation tool may be used to produce source code header files based on a design specification, where the source code header files are compiled with a current version of source code. Compilation errors may direct a developer to modify either the specification or the source code to eliminate the errors. The described method and system may be integrated into a development platform that is adapted to direct the user to perform particular revisions or updates to bring the source code in line with the artifacts.
摘要翻译: 描述的方法和系统将源代码与应用程序创建过程的副产品或工件同步。 在一个实施例中,生成工具可以用于基于设计规范来生成源代码头文件,其中源代码头文件用当前版本的源代码编译。 编译错误可能会导致开发人员修改规范或源代码以消除错误。 所描述的方法和系统可以集成到适于引导用户执行特定修订或更新以使源代码与工件一致的开发平台中。
-
公开(公告)号:US20130062401A1
公开(公告)日:2013-03-14
申请号:US13228695
申请日:2011-09-09
IPC分类号: G06F17/00
CPC分类号: G06F21/52 , G06F9/468 , G06F17/00 , G06F21/121 , G06F21/44 , G06F21/6281 , G06F2221/033
摘要: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.019 秒)