公开(公告)号：US09710652B1

公开(公告)日：2017-07-18

申请号：US14946863

申请日：2015-11-20

Applicant: Google Inc.

Inventor： Curtis Gerald Condra ,  Adrian Ludwig ,  Colin Cross ,  Kenneth Root

IPC: G06F15/177 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F11/1417 ,  G06F2221/034

Abstract: A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.

公开(公告)号：US09871786B2

公开(公告)日：2018-01-16

申请号：US14807563

申请日：2015-07-23

Applicant: Google Inc.

Inventor： Curtis Gerald Condra

IPC: H04L29/06 ,  H04W12/06 ,  H04L9/32

CPC classification number: H04L63/0846 ,  G06F21/44 ,  G06F21/6263 ,  H04B7/18504 ,  H04B7/18565 ,  H04L9/3236 ,  H04L2209/38 ,  H04W12/06

Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The authentication value associated with the time interval corresponding to the communication time includes a hash digest of a hash function applied to the authentication value associated with a sequentially subsequent time interval.

公开(公告)号：US09736140B1

公开(公告)日：2017-08-15

申请号：US15137697

申请日：2016-04-25

Applicant: Google Inc.

Inventor： Huahui Wu ,  Nicolas Catania ,  Curtis Gerald Condra

IPC: H04L29/06 ,  G06F21/44 ,  G06F21/62

CPC classification number: H04L63/08 ,  G06F21/10 ,  G06F21/335 ,  G06F21/44 ,  G06F21/6218 ,  H04L63/0807 ,  H04L63/102 ,  H04L63/126

Abstract: Described is a process for securely authorizing access to media content from a first device to a second device. Access to content may be authorized by performing authentication from the first device. Information used for authentication (e.g. login information) is not shared with the second device. Instead, a token may be used to authenticate the second device. The authorization process may be done in a secure manner by sharing only the generated token with the second device. Authentication information may not be derived from the token, and accordingly, even if the second device is not secure or the token is exposed, authentication information remains secure.

公开(公告)号：US09875368B1

公开(公告)日：2018-01-23

申请号：US15616101

申请日：2017-06-07

Applicant: Google Inc.

Inventor： Shawn Willden ,  Curtis Gerald Condra

IPC: G06F21/00 ,  G06F21/62 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/62 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/08 ,  H04L63/126

Abstract: A trusted execution environment (TEE) of a computing device may receive an operation request requiring use of a protected data accessible only to the TEE. Responsive to receiving the operation request, the TEE may generate first data. The computing device may send the first data to a remote computing device. Responsive to sending the first data, the TEE may receive second data. The TEE may validate the second data to verify the remote computing device generated the second data. Responsive to validating the second data was generated by the remote computing device, the TEE may perform the requested operation using the protected data.

公开(公告)号：US09323916B1

公开(公告)日：2016-04-26

申请号：US13766822

申请日：2013-02-14

Applicant: Google Inc.

Inventor： Huahui Wu ,  Nicolas Catania ,  Curtis Gerald Condra

IPC: G06F21/44 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L63/08 ,  G06F21/10 ,  G06F21/335 ,  G06F21/44 ,  G06F21/6218 ,  H04L63/0807 ,  H04L63/102 ,  H04L63/126

Abstract: Described is a process for securely authorizing access to media content from a first device to a second device. Access to content may be authorized by performing authentication from the first device. Information used for authentication (e.g. login information) is not shared with the second device. Instead, a token may be used to authenticate the second device. The authorization process may be done in a secure manner by sharing only the generated token with the second device. Authentication information may not be derived from the token, and accordingly, even if the second device is not secure or the token is exposed, authentication information remains secure.

Abstract translation: 描述了用于安全授权从第一设备到第二设备访问媒体内容的过程。 可以通过从第一设备执行认证来授权对内容的访问。 用于认证的信息（例如登录信息）不与第二设备共享。 相反，可以使用令牌来认证第二设备。 授权过程可以通过仅将生成的令牌与第二设备共享来以安全的方式完成。 认证信息可能不会从令牌中导出，因此即使第二设备不安全或令牌被暴露，认证信息仍然是安全的。

公开(公告)号：US09195831B1

公开(公告)日：2015-11-24

申请号：US14268486

申请日：2014-05-02

Applicant: Google Inc.

Inventor： Curtis Gerald Condra ,  Adrian Ludwig ,  Colin Cross ,  Kenneth Root

IPC: H04L29/06 ,  G06F21/57 ,  G06F11/14

CPC classification number: G06F21/575 ,  G06F11/1417 ,  G06F2221/034

Abstract: A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.

Abstract translation: 可以在引导过程中使用用户提供的密钥库来验证如本文所公开的引导映像。 可以确定设备处于锁定或验证状态。 可以确定所选择的密钥库不能针对诸如根密钥的第一密钥进行验证。 用户可以向设备提供密钥库。 如果系统确定密钥库不针对第一个密钥进行验证，系统可能会向用户显示一个提示，询问用户是否要继续启动。 用户可以通过指示继续引导的愿望来响应提示。 系统可以确定引导映像针对密钥库进行验证并完成启动设备。 因此，提示可以提醒用户对引导过程或设备的完整性的威胁。

公开(公告)号：US09697371B1

公开(公告)日：2017-07-04

申请号：US14788290

申请日：2015-06-30

Applicant: Google Inc.

Inventor： Shawn Willden ,  Curtis Gerald Condra

IPC: G06F21/00 ,  G06F21/62 ,  H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: G06F21/62 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0442 ,  H04L63/08 ,  H04L63/126

Abstract: A trusted execution environment (TEE) of a computing device may receive an operation request requiring use of a protected data accessible only to the TEE. Responsive to receiving the operation request, the TEE may generate first data. The computing device may send the first data to a remote computing device. Responsive to sending the first data, the TEE may receive second data. The TEE may validate the second data to verify the remote computing device generated the second data. Responsive to validating the second data was generated by the remote computing device, the TEE may perform the requested operation using the protected data.

公开(公告)号：US20170026370A1

公开(公告)日：2017-01-26

申请号：US14807563

申请日：2015-07-23

Applicant: Google Inc.

Inventor： Curtis Gerald Condra

IPC: H04L29/06

CPC classification number: H04L63/0846 ,  G06F21/44 ,  G06F21/6263 ,  H04B7/18504 ,  H04B7/18565 ,  H04L9/3236 ,  H04L2209/38 ,  H04W12/06

Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The authentication value associated with the time interval corresponding to the communication time includes a hash digest of a hash function applied to the authentication value associated with a sequentially subsequent time interval.

Abstract translation: 公开了认证通信源的方法。 该方法包括执行操作周期的时钟。 该方法还包括在对应于顺序覆盖操作周期的多个时间间隔的时间间隔的通信时间从远程设备接收通信。 每个时间间隔都具有关联的认证值。 通信包括承诺值。 该方法还包括确定承诺值是否与对应于通信时间的时间间隔相关联的认证值相匹配。 该方法还包括当承诺值与对应于通信时间的时间间隔相关联的认证值匹配时处理通信。 与对应于通信时间的时间间隔相关联的认证值包括应用于与顺序后续时间间隔相关联的认证值的散列函数的散列摘要。

公开(公告)号：US08613094B1

公开(公告)日：2013-12-17

申请号：US13717240

申请日：2012-12-17

Applicant: Google Inc.

Inventor： Nico Falliere ,  Richard Cannings ,  Joseph Benjamin Gruver ,  Jonathan Bruce Larimer ,  Sebastian Johannes Porst ,  Curtis Gerald Condra ,  Adrian Ludwig

IPC: G06F11/00

CPC classification number: G06F21/57 ,  G06F11/3003 ,  G06F11/3055 ,  G06F21/577 ,  G06F2201/865 ,  G06F2221/033 ,  G06F2221/2125 ,  G06F2221/2127

Abstract: An application distribution server may be operable to perform an application distribution process for an application, where the application distribution process may comprise a plurality of phases. The plurality of phases may comprise, in sequence, a developer account creation phase, a risk assessment phase, an application upload phase, an application publication phase, an application promotion phase and an application download phase. The application distribution server may detect, at each of the plurality of phases, whether a particular behavior corresponding to use of the application to distribute undesirable software may occur. In instances when an occurrence of the particular behavior is detected at a certain phase in the application distribution process, the application distribution server may continue, utilizing a trap system, one or more subsequent phases after the certain phase for the application, without communicating information on the detection of the occurrence of the particular behavior.

Abstract translation: 应用分发服务器可以用于对应用执行应用分发过程，其中应用分发过程可以包括多个阶段。 多个阶段可以依次包括开发者帐户创建阶段，风险评估阶段，应用上传阶段，应用发布阶段，应用促进阶段和应用下载阶段。 应用分发服务器可以在多个阶段的每个阶段检测是否可能发生与应用的使用相对应的特定行为来分发不期望的软件。 在应用分发过程中在特定阶段检测到特定行为的发生的情况下，应用分发服务器可以使用陷阱系统继续在应用的特定阶段之后的一个或多个后续阶段，而不传递关于 检测特定行为的发生。