-
公开(公告)号:US20060123430A1
公开(公告)日:2006-06-08
申请号:US11118684
申请日:2005-04-29
申请人: Galen Hunt , James Larus , John DeTreville , Edward Wobber , Martin Abadi , Michael Jones , Trishul Chilimbi
发明人: Galen Hunt , James Larus , John DeTreville , Edward Wobber , Martin Abadi , Michael Jones , Trishul Chilimbi
IPC分类号: G06F9/46
CPC分类号: G06F21/562 , G06F21/566 , G06F21/57
摘要: Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译: 这里描述了用于构建,识别和/或优化操作系统过程的技术的实现。 这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。 一旦构建,操作系统过程是不可改变的。
-
公开(公告)号:US20060123418A1
公开(公告)日:2006-06-08
申请号:US11118690
申请日:2005-04-29
申请人: Galen Hunt , James Larus , John DeTreville , Edward Wobber , Martin Abadi , Michael Jones , Trishul Chilimbi
发明人: Galen Hunt , James Larus , John DeTreville , Edward Wobber , Martin Abadi , Michael Jones , Trishul Chilimbi
IPC分类号: G06F9/46
CPC分类号: G06F21/562 , G06F21/566 , G06F21/57
摘要: Described herein is an implementation of a technology for the construction, identification, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译: 这里描述了用于构建,识别和/或优化操作系统过程的技术的实现。 这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。 一旦构建,操作系统过程是不可改变的。
-
公开(公告)号:US20060123417A1
公开(公告)日:2006-06-08
申请号:US11005562
申请日:2004-12-06
申请人: Galen Hunt , James Larus , John DeTreville , Edward Wobber , Martin Abadi , Michael Jones , Trishul Chilimbi
发明人: Galen Hunt , James Larus , John DeTreville , Edward Wobber , Martin Abadi , Michael Jones , Trishul Chilimbi
IPC分类号: G06F9/46
CPC分类号: G06F21/562 , G06F21/566 , G06F21/57
摘要: Described herein is an implementation of a technology for the construction, identity, and/or optimization of operating-system processes. At least one implementation, described herein, constructs an operating-system process having the contents as defined by a process manifest. Once constructed, the operating-system process is unalterable.
摘要翻译: 这里描述了用于构建,识别和/或优化操作系统过程的技术的实现。 这里描述的至少一个实现构造具有由过程清单定义的内容的操作系统过程。 一旦构建,操作系统过程是不可改变的。
-
公开(公告)号:US20060123424A1
公开(公告)日:2006-06-08
申请号:US11007655
申请日:2004-12-07
申请人: Galen Hunt , James Larus , Manuel Fahndrich , Edward Wobber , Martin Abadi , John DeTreville
发明人: Galen Hunt , James Larus , Manuel Fahndrich , Edward Wobber , Martin Abadi , John DeTreville
IPC分类号: G06F9/46
CPC分类号: G06F9/546 , G06F2209/547
摘要: Described herein is an implementation of an inter-process communications technology. One or more implementations, described herein, facilitate creation of a bi-directional message conduit having exactly two endpoints. A first endpoint is owned by a first software process and a second endpoint is owned by a second software process. One or more implementations, described herein, maintain the bi-directional message conduit for passing multiple messages via the bi-directional message conduit from the first process to the second process, according to established rules that can be checked.
-
公开(公告)号:US20060123412A1
公开(公告)日:2006-06-08
申请号:US11007808
申请日:2004-12-07
申请人: Galen Hunt , Thomas Roeder , James Larus , Manuel Fahndrich , John DeTreville , Steven Levi , Benjamin Zorn , Wolfgang Grieskamp
发明人: Galen Hunt , Thomas Roeder , James Larus , Manuel Fahndrich , John DeTreville , Steven Levi , Benjamin Zorn , Wolfgang Grieskamp
IPC分类号: G06F9/445
CPC分类号: G06F8/61
摘要: Described herein is at least one implementation employing multiple self-describing software artifacts persisted on one or more computer-storage media of a software-based computer. In this implementation, each artifact is representative of at least part of the software components (e.g., load modules, processes, applications, and operating system components) of the computing system and each artifact is described by at least one associated “manifest,” which include metadata declarative descriptions of the associated artifact.
摘要翻译: 这里描述的是至少一个采用在基于软件的计算机的一个或多个计算机存储介质上持续存在的自描述软件工件的实现。 在该实现中,每个工件代表计算系统的至少部分软件组件(例如,加载模块,进程,应用程序和操作系统组件),并且每个工件由至少一个相关联的“清单”描述,其中 包括关联工件的元数据声明性描述。
-
6.发明申请System and Method for Authenticating an Operating System to a Central Processing Unit, Providing the CPU/OS with Secure Storage, and Authenticating the CPU/OS to a Third Party 有权用于向中央处理单元验证操作系统的系统和方法,向CPU / OS提供安全存储,以及向第三方认证CPU / OS公开(公告)号:US20070118769A1
公开(公告)日:2007-05-24
申请号:US11615361
申请日:2006-12-22
申请人: Paul England , John DeTreville , Butler Lampson
发明人: Paul England , John DeTreville , Butler Lampson
IPC分类号: G06F12/14
CPC分类号: G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要: In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.
摘要翻译: 根据某些方面,在用户单元和内容提供商之间建立信任链。 从用户单元向内容提供商提交请求。 挑战随机数在内容提供者处产生并返回到用户单元。 在订户单元处,形成包含来自软件身份寄存器的操作系统的身份的操作系统(OS)证书,描述操作系统的信息,挑战随机数和CPU公钥,并且使用 一个CPU私钥。 由CPU制造商提供的OS证书和CPU制造商证书从用户单元传递到内容提供商,并在内容提供商处进行评估,以确定是否拒绝或完成请求。
-
公开(公告)号:US20070091819A1
公开(公告)日:2007-04-26
申请号:US11258600
申请日:2005-10-24
申请人: John DeTreville
发明人: John DeTreville
IPC分类号: H04L12/28
CPC分类号: H04L41/0869 , H04L41/0803
摘要: A declarative approach is used for system configuration. The declarative approach improves a system's integrity which makes the system more dependable. An overall system model is defined that describes the system as a whole. The models are hierarchical and can reference and incorporate any number of sub-models. The models within the system model are used to define the programs within the system. The system model is applied to a collection of system parameters that produces a statically typed, fully configured system instance. Each system instance may then be checked against established system policies that can express a variety of additional ad hoc rules defining which system instances are acceptable.
摘要翻译: 系统配置使用声明式方法。 声明式方法提高了系统的完整性,使系统更可靠。 定义了整个系统模型,描述整个系统。 这些模型是分层的,可以引用和并入任意数量的子模型。 系统模型中的模型用于定义系统内的程序。 系统模型应用于产生静态类型,完全配置的系统实例的系统参数集合。 然后可以根据既定的系统策略来检查每个系统实例,该系统策略可以表示定义哪些系统实例是可接受的各种附加特别规则。
-
8.发明申请公开(公告)号:US20060036851A1
公开(公告)日:2006-02-16
申请号:US11253460
申请日:2005-10-19
申请人: John DeTreville
发明人: John DeTreville
IPC分类号: H04L9/00
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/2113
摘要: A secure communication channel between an open system and a portable IC device is established. An application running on the open system desiring access to the information on the portable IC device authenticates itself to the portable IC device, proving that it is trustworthy. Once such trustworthiness is proven, the portable IC device authenticates itself to the application. Once such two-way authentication has been completed, trusted communication between the open system and the portable IC device can proceed, and private information that is maintained on the portable IC device can be unlocked and made available to the application.
-
公开(公告)号:US20060021064A1
公开(公告)日:2006-01-26
申请号:US11221047
申请日:2005-09-07
申请人: Paul England , John DeTreville , Butler Lampson
发明人: Paul England , John DeTreville , Butler Lampson
IPC分类号: H04L9/32
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要: A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
摘要翻译: 单向散列函数应用于由应用程序提供的种子以产生用于生成应用程序存储密钥的散列种子。 单向散列函数被应用于由用户提供的种子以产生第一散列种子,该第一散列种子被传递给键入的哈希函数,其被键入用户的身份,以产生第二散列种子。 第二个散列种子用于生成用户存储密钥。 从未分解的种子生成操作系统存储密钥。 其中一个存储密钥用于加密下载的内容。 在下载时附加到内容的访问谓词与存储密钥相关联,以对内容的访问执行某些限制。
-
公开(公告)号:US07603717B2
公开(公告)日:2009-10-13
申请号:US10298872
申请日:2002-11-18
申请人: Bob Atkinson , Brian A. LaMacchia , John DeTreville , Muthukrishnan Paramasivam , Xin Wang , Thomas DeMartini
发明人: Bob Atkinson , Brian A. LaMacchia , John DeTreville , Muthukrishnan Paramasivam , Xin Wang , Thomas DeMartini
CPC分类号: H04L63/10 , G06F21/10 , H04L2463/101
摘要: A computer-implemented mechanism for granting rights to a resource is described. A license identifies one or more principals, resources, rights and conditions in fields of the license. The license fields include one or more instances of one or more variables. The variables are universally quantified so that each variable may be any one of a set of values. All instances of any given variable are bound to the same value.
摘要翻译: 描述了一种用于授予对资源的权限的计算机实现的机制。 许可证识别许可证领域中的一个或多个主体,资源,权利和条件。 许可证字段包括一个或多个变量的一个或多个实例。 变量被普遍量化,使得每个变量可以是一组值中的任何一个。 任何给定变量的所有实例都绑定到相同的值。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.027 秒)
