公开(公告)号：US07908653B2

公开(公告)日：2011-03-15

申请号：US10881602

申请日：2004-06-29

申请人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard Uhlig

发明人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard Uhlig

IPC分类号： G06F12/14 ,  G06F12/16

CPC分类号： G06F21/53 ,  G06F21/51 ,  G06F21/566 ,  G06F2221/2145

摘要： Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.

摘要翻译： 可以通过在沙盒虚拟机中执行和访问可疑文件中的至少一个来实现提高处理系统的安全性。

公开(公告)号：US07765544B2

公开(公告)日：2010-07-27

申请号：US11016653

申请日：2004-12-17

申请人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard A. Uhlig

发明人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard A. Uhlig

IPC分类号： G06F9/455 ,  G06F17/00 ,  G06F17/30 ,  G06F3/048 ,  G06F15/16

CPC分类号： G06F21/52 ,  G06F21/57

摘要： A method, apparatus and system for improving security on a virtual machines host is described. A shared file system on the host may include annotations usable by a service module to access files across VMs and to enforce security policies. The service module may additionally enable a unified user interface to improve usability of the host.

摘要翻译： 描述了一种用于提高虚拟机主机上的安全性的方法，装置和系统。 主机上的共享文件系统可以包括服务模块可用于访问跨VM的文件并执行安全策略的注释。 服务模块还可以使统一的用户界面提高主机的可用性。

公开(公告)号：US20170285976A1

公开(公告)日：2017-10-05

申请号：US15089140

申请日：2016-04-01

申请人： David M. Durham ,  Siddhartha Chhabra ,  Michael E. Kounavis ,  Sergej Deutsch ,  Karanvir S. Grewal ,  Joseph F. Cihula ,  Saeedeh Komijani

发明人： David M. Durham ,  Siddhartha Chhabra ,  Michael E. Kounavis ,  Sergej Deutsch ,  Karanvir S. Grewal ,  Joseph F. Cihula ,  Saeedeh Komijani

IPC分类号： G06F3/06 ,  G06F12/08 ,  G06F12/14

CPC分类号： G06F12/1408 ,  G06F21/64 ,  G06F21/79 ,  G06F2212/60

摘要： Apparatus, systems, computer readable storage mediums and/or methods may provide memory integrity by using unused physical address bits (or other metadata passed through cache) to manipulate cryptographic memory integrity values, allowing software memory allocation routines to control the assignment of pointers (e.g., implement one or more access control policies). Unused address bits (e.g., because of insufficient external memory) passed through cache, may encode key domain information in the address so that different key domain addresses alias to the same physical memory location. Accordingly, by mixing virtual memory mappings and cache line granularity aliasing, any page in memory may contain a different set of aliases at the cache line level and be non-deterministic to an adversary.

公开(公告)号：US07526649B2

公开(公告)日：2009-04-28

申请号：US10748773

申请日：2003-12-30

申请人： Willard M. Wiseman ,  David W. Grawrock ,  Ernie Brickell ,  Matthew D. Wood ,  Joseph F. Cihula

发明人： Willard M. Wiseman ,  David W. Grawrock ,  Ernie Brickell ,  Matthew D. Wood ,  Joseph F. Cihula

IPC分类号： H04L9/00 ,  H04L9/32 ,  G06F11/30 ,  G06F12/14 ,  G06F11/00 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： H04L63/061 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/067 ,  H04L63/0823 ,  H04L2209/127 ,  H04L2209/56

摘要： According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.

摘要翻译： 根据本发明的实施例，描述了用于会话密钥交换的方法和装置。 一种方法的实施例包括请求一个平台的服务; 证明使用该服务的平台的一个或多个可接受的配置; 以及接收所述服务的会话的会话密钥，所述服务被限制为所述平台的所述一个或多个可接受的配置。

公开(公告)号：US07178034B2

公开(公告)日：2007-02-13

申请号：US10334740

申请日：2002-12-31

申请人： Joseph F. Cihula ,  Baiju V. Patel

发明人： Joseph F. Cihula ,  Baiju V. Patel

IPC分类号： G06F1/24

CPC分类号： G06F21/34 ,  H04L9/3231 ,  H04L9/3297 ,  H04L2209/805

摘要： A method and apparatus for strong authentication and proximity-based access retention is presented. In this regard, an authentication agent is introduced to securely communicate with a key device associated with a user to identify the user, retrieve credentials for the user, securely communicate a session key to the key device, and identify the user who is requesting access to target resource(s) based on the user's credentials while the user's key device is proximate to the target resource(s).

摘要翻译： 提出了一种强身份验证和基于接近度访问保留的方法和装置。 在这方面，引入认证代理以安全地与与用户相关联的关键设备进行通信，以识别用户，为用户检索凭证，将会话密钥安全地传送到密钥设备，并且识别正在请求访问的用户 当用户的密钥设备靠近目标资源时，基于用户凭据的目标资源。

公开(公告)号：US10515023B2

公开(公告)日：2019-12-24

申请号：US15088739

申请日：2016-04-01

申请人： Ravi L. Sahita ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David M. Durham ,  Andrew V. Anderson ,  David A. Koufaty ,  Asit K. Mallick ,  Arumugam Thiyagarajah ,  Barry E. Huntley ,  Deepak K. Gupta ,  Michael Lemay ,  Joseph F. Cihula ,  Baiju V. Patel

发明人： Ravi L. Sahita ,  Gilbert Neiger ,  Vedvyas Shanbhogue ,  David M. Durham ,  Andrew V. Anderson ,  David A. Koufaty ,  Asit K. Mallick ,  Arumugam Thiyagarajah ,  Barry E. Huntley ,  Deepak K. Gupta ,  Michael Lemay ,  Joseph F. Cihula ,  Baiju V. Patel

IPC分类号： G06F12/00 ,  G06F12/14 ,  G06F12/1009 ,  G06F9/455 ,  G06F12/1027 ,  G06F21/78

摘要： This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.

公开(公告)号：US10109141B2

公开(公告)日：2018-10-23

申请号：US10746077

申请日：2003-12-24

申请人： Joseph F. Cihula

发明人： Joseph F. Cihula

IPC分类号： G06F17/00 ,  G07F7/10 ,  G06Q20/34 ,  G06Q20/36 ,  G06Q20/40 ,  G07F7/08 ,  G07F7/12

摘要： A method for managing a smart card system includes testing a smart card reader for trustworthiness. An indication of the trustworthiness is provided via a smart card.

公开(公告)号：US06963873B2

公开(公告)日：2005-11-08

申请号：US10037239

申请日：2002-01-02

申请人： Joseph F. Cihula ,  Devendra N. Rath

发明人： Joseph F. Cihula ,  Devendra N. Rath

IPC分类号： H04L9/32 ,  G06F17/30

CPC分类号： H04L9/3263 ,  H04L9/3271 ,  H04L2209/56 ,  H04L2209/60 ,  Y10S707/99933 ,  Y10S707/99936 ,  Y10S707/99939 ,  Y10S707/99943

摘要： A method and system for automatically associating a signed certificate with its matching certificate signing request. A data structure includes distinguished name data, or other suitable data, for all outstanding certificate signing requests. Distinguished name data, or other suitable data, is extracted or read from the signed certificate and compared against the data structure to identify the matching certificate signing request.

摘要翻译： 用于将签名证书与其匹配的证书签名请求自动关联的方法和系统。 数据结构包括所有未完成的证书签名请求的可分辨名称数据或其他合适的数据。 从签名的证书中提取或读取可分辨的名称数据或其他合适的数据，并与数据结构进行比较以识别匹配的证书签名请求。