公开(公告)号：US20050091486A1

公开(公告)日：2005-04-28

申请号：US10691759

申请日：2003-10-23

申请人： Idan Avraham ,  Christine Chew ,  Paul Roberts ,  Bryan Willman

发明人： Idan Avraham ,  Christine Chew ,  Paul Roberts ,  Bryan Willman

IPC分类号： G06F21/24 ,  G06F1/00 ,  G06F3/00 ,  G06F3/048 ,  G06F3/14 ,  G06F9/06 ,  G06F9/455 ,  G06F9/46 ,  G06F12/14 ,  G06F13/00 ,  G06F21/00 ,  G09G5/14 ,  H04L9/00

CPC分类号： G06F21/84

摘要： Techniques are disclosed to provide security for graphical user interface elements being displayed in a system in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Graphical user interface elements associated with the high-assurance operating system are prevented from being obscured and from any partial transparency. Additionally, a piece of secret information is stored which can be displayed upon command by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the display of all graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system, as opposed to impostor elements which are not. Where a windowing system is used, public title information is furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window is used only in the high assurance operating system.

摘要翻译： 公开了技术来提供在系统中显示的图形用户界面元素的安全性，其中第一主机操作系统与第二高保证操作系统一起使用，其中第一系统为第二系统提供至少一些基础设施 系统。 与高保证操作系统相关联的图形用户界面元素被防止被遮蔽并且不受任何部分透明度的影响。 此外，存储一个秘密信息，该秘密信息可以根据与高保证操作系统相关联的图形用户界面元素的命令显示。 与高保证操作系统相关联的所有图形用户界面元素的显示的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素，而不是冒号元素。 在使用窗口系统的情况下，将主题信息提供给主机操作系统窗口系统，以识别在高保证操作系统上运行的进程所拥有的窗口。 与同一窗口相关联的私有标题信息仅在高保证操作系统中使用。

公开(公告)号：US20050091530A1

公开(公告)日：2005-04-28

申请号：US10693061

申请日：2003-10-24

申请人： Idan Avraham ,  Christine Chew ,  John Paff ,  Paul Roberts ,  Hirofumi Yamamoto

发明人： Idan Avraham ,  Christine Chew ,  John Paff ,  Paul Roberts ,  Hirofumi Yamamoto

IPC分类号： G06F1/00 ,  G06F9/46 ,  G06F15/00 ,  G06F21/00 ,  G06F21/20 ,  H04L9/00

CPC分类号： G06F21/83 ,  G06F21/53 ,  G06F21/57 ,  G06F21/84 ,  G06F2221/2105 ,  H04W12/08 ,  H04W88/02

摘要： Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system. Where shadow graphical elements are run by the first operating system to indicate the location of graphical elements from processes running on the second operating system, this programmatic activation may be indicated by programmatic activation of a shadow graphical element.

摘要翻译： 公开了技术来为用户输入提供安全性，其中第一主机操作系统与第二高保证操作系统一起使用，其中第一系统为第二系统提供至少一些基础设施。 提出了两种模式。 在第一模式中，用户数据被传递到主机操作系统。 在第二模式中，用户数据被保留在第二操作系统中，以便使用在第二操作系统上运行的第二操作系统或进程。 节点之间的转换可以根据诸如按键组合之类的假设的用户动作，或当用户执行指示在第二操作系统中运行的进程的编程激活的动作时完成。 在阴影图形元素由第一操作系统运行以指示来自在第二操作系统上运行的进程的图形元素的位置的情况下，可以通过阴影图形元素的编程激活来指示该程序化激活。

公开(公告)号：US20060075264A1

公开(公告)日：2006-04-06

申请号：US10954917

申请日：2004-09-30

申请人： Bryan Willman ,  Christine Chew ,  Paul Roberts ,  David Wooten ,  John Paff

发明人： Bryan Willman ,  Christine Chew ,  Paul Roberts ,  David Wooten ,  John Paff

IPC分类号： G06F12/14

CPC分类号： G06F21/577 ,  Y10S257/922

摘要： A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret. Where there is more than one element of secure functionality in the computer system, the security device may separately watch and report on more than one element of secure functionality. The security device may also display status information regarding the computer system. Some or all of the security device may be distributed via a trusted distribution infrastructure.

公开(公告)号：US20050091503A1

公开(公告)日：2005-04-28

申请号：US10693407

申请日：2003-10-24

申请人： Paul Roberts ,  Christine Chew ,  Bryan Willman ,  Kenneth Ray

发明人： Paul Roberts ,  Christine Chew ,  Bryan Willman ,  Kenneth Ray

IPC分类号： G06F9/46 ,  G06F1/00 ,  G06F9/00 ,  G06F21/00 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06F21/83 ,  G06F21/53 ,  G06F21/57 ,  G06F21/84 ,  G06F2221/2105 ,  G06F2221/2113

摘要： Techniques are disclosed to provide security for user output and input in which a first, host operating system is used along with a second, high assurance operating system (nexus), where the first system provides at least some of the infrastructure for the second system. A trusted UI engine has a trusted input manager and a trusted output manager. The trusted input manager controls access to trusted input, distributing decrypted input to the host operating system where appropriate, or to the appropriate process running in the nexus. The trusted output manager manages output to the display, and allows trusted agents in the nexus to output data for display without needing to be aware of output-device-dependent details.

摘要翻译： 披露技术来提供用户输出和输入的安全性，其中使用第一主机操作系统以及第二高保证操作系统（nexus），其中第一系统为第二系统提供至少一些基础设施。 受信任的UI引擎具有可信输入管理器和可信输出管理器。 受信任的输入管理器控制对可信输入的访问，在适当的情况下将解密的输入分发到主机操作系统，或者在关联中运行适当的进程。 受信任的输出管理器管理到显示器的输出，并允许连接中的可信代理输出数据进行显示，而不需要注意输出设备相关细节。

公开(公告)号：US07464412B2

公开(公告)日：2008-12-09

申请号：US10693061

申请日：2003-10-24

申请人： Idan Avraham ,  Christine M. Chew ,  John E. Paff ,  Paul Roberts ,  Hirofumi Yamamoto

发明人： Idan Avraham ,  Christine M. Chew ,  John E. Paff ,  Paul Roberts ,  Hirofumi Yamamoto

IPC分类号： G06F12/14

CPC分类号： G06F21/83 ,  G06F21/53 ,  G06F21/57 ,  G06F21/84 ,  G06F2221/2105 ,  H04W12/08 ,  H04W88/02

摘要： Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system. Where shadow graphical elements are run by the first operating system to indicate the location of graphical elements from processes running on the second operating system, this programmatic activation may be indicated by programmatic activation of a shadow graphical element.

摘要翻译： 公开了技术来为用户输入提供安全性，其中第一主机操作系统与第二高保证操作系统一起使用，其中第一系统为第二系统提供至少一些基础设施。 提出了两种模式。 在第一模式中，用户数据被传递到主机操作系统。 在第二模式中，用户数据被保留在第二操作系统中，以便使用在第二操作系统上运行的第二操作系统或进程。 节点之间的转换可以根据诸如按键组合之类的假设的用户动作，或当用户执行指示在第二操作系统中运行的进程的编程激活的动作时完成。 在阴影图形元素由第一操作系统运行以指示来自在第二操作系统上运行的进程的图形元素的位置的情况下，可以通过阴影图形元素的编程激活来指示该程序化激活。

公开(公告)号：US07882566B2

公开(公告)日：2011-02-01

申请号：US12323169

申请日：2008-11-25

申请人： Idan Avraham ,  Christine M. Chew ,  John E. Paff ,  Paul Roberts ,  Hirofumi Yamamoto

发明人： Idan Avraham ,  Christine M. Chew ,  John E. Paff ,  Paul Roberts ,  Hirofumi Yamamoto

IPC分类号： G06F12/14

CPC分类号： G06F21/83 ,  G06F21/53 ,  G06F21/57 ,  G06F21/84 ,  G06F2221/2105 ,  H04W12/08 ,  H04W88/02

摘要： Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.

摘要翻译： 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态，通过第二环境和安全执行环境的安全内核来定向用户输入流。

公开(公告)号：US20090083862A1

公开(公告)日：2009-03-26

申请号：US12323169

申请日：2008-11-25

申请人： Idan Avraham ,  Christine M. Chew ,  John E. Paff ,  Paul Roberts ,  Hirofumi Yamamoto

发明人： Idan Avraham ,  Christine M. Chew ,  John E. Paff ,  Paul Roberts ,  Hirofumi Yamamoto

IPC分类号： G06F21/04

CPC分类号： G06F21/83 ,  G06F21/53 ,  G06F21/57 ,  G06F21/84 ,  G06F2221/2105 ,  H04W12/08 ,  H04W88/02

摘要： Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.

摘要翻译： 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态，通过第二环境和安全执行环境的安全内核来定向用户输入流。

公开(公告)号：US20060253705A1

公开(公告)日：2006-11-09

申请号：US11123778

申请日：2005-05-06

申请人： Paul Roberts ,  Laura Benofsky ,  William Holt ,  Leslie Johnson ,  Bryan Willman ,  Madeline Bryant

发明人： Paul Roberts ,  Laura Benofsky ,  William Holt ,  Leslie Johnson ,  Bryan Willman ,  Madeline Bryant

IPC分类号： H04L9/00

CPC分类号： G06F21/52 ,  G06F21/445 ,  G06F21/6209

摘要： Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is “spoofed” to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.

摘要翻译： 可以保护对认证图像的访问，使得只有经过身份验证的进程才能访问图像。 可以显示图像以向用户验证用户界面（UI）。 图像表示UI可以被信任。 如果图像不显示，那么应用程序UI可能会“欺骗”欺骗用户提供敏感信息。 另外，可以使用大量不同的图像作为认证图像，因此欺骗一个图像被大多数用户识别。 可以提供一组原始图像以及可以产生大量变化的图像修改处理。 提供了用于在虚拟机上下文中验证UI的技术。 还提供了一个安全的关注序列，允许用户测试在计算机上运行的进程是否进行身份验证。

公开(公告)号：US09141368B2

公开(公告)日：2015-09-22

申请号：US13044576

申请日：2011-03-10

申请人： Mushegh Malkhasyan ,  Paul Roberts ,  Gilbert Wong ,  Stewart MacLeod

发明人： Mushegh Malkhasyan ,  Paul Roberts ,  Gilbert Wong ,  Stewart MacLeod

IPC分类号： G06F15/177 ,  G06F9/445 ,  G06F9/44

CPC分类号： G06F8/63 ,  G06F8/65 ,  G06F9/4406 ,  G06F9/441

摘要： The claimed subject matter provides a system or method for managing software changes. An exemplary method comprises creating a reset boot loader, a last known good (LKG) boot loader, and a current boot loader, then pointing the reset boot loader, LKG boot loader, and current boot loader to a parent virtual hard disk (VHD) containing a default master image. An operation to perform is determined, and a service partition is booted into. The LKG boot loader or current boot loader is pointed to a child VHD loaded with another desired image based on the operation selected, and the system is rebooted into the parent VHD or child VHD pointed to by the current boot loader.

摘要翻译： 所要求保护的主题提供用于管理软件更改的系统或方法。 一种示例性方法包括：创建重置引导加载程序，最后一个已知的好的（LKG）引导加载程序和当前引导加载程序，然后将重启引导加载程序，LKG引导加载程序和当前启动加载程序指向父虚拟硬盘（VHD） 包含默认主图像。 确定执行的操作，并引导服务分区。 LKG引导加载程序或当前引导加载程序指向基于所选操作加载另一所需映像的子VHD，并将系统重新引导到当前引导加载程序指向的父VHD或子VHD中。

公开(公告)号：US09010502B2

公开(公告)日：2015-04-21

申请号：US12342588

申请日：2008-12-23

申请人： Paul Roberts ,  Keith Niehorster ,  Martin P. Taylor ,  V. S. Arul Anand ,  Nagaraja Gargeshwari S ,  Pradeep D. Mirji ,  Herr Franz Helmut Holl

发明人： Paul Roberts ,  Keith Niehorster ,  Martin P. Taylor ,  V. S. Arul Anand ,  Nagaraja Gargeshwari S ,  Pradeep D. Mirji ,  Herr Franz Helmut Holl

IPC分类号： F16D55/08 ,  F16C11/06 ,  F16D121/14 ,  F16D125/32 ,  F16D125/70

CPC分类号： F16C11/0623 ,  F16C2361/45 ,  F16D2121/14 ,  F16D2125/32 ,  F16D2125/70 ,  Y10T403/32803 ,  Y10T403/32861

摘要： A retaining formation defined on a brake lever of an air disc brake includes a push fit/snap fit connection for releasably securing a push rod to a brake lever. The retaining formation can include a pinned connection and a ball and socket joint, and a main axis of the pinned connection is coincident with a center of rotation of the ball and socket joint. The retaining formation can include a concave formation on one of the push rod and the brake lever and a corresponding convex formation on the other of the push rod and the brake lever. The concave formation at least partially surrounds the convex formation to prevent axial separation of the push rod and the brake lever. A method of assembling a brake subassembly includes the steps of assembling a push rod and a brake lever including a retaining formation such that at least a portion of the retaining formation deforms during assembly and resiles when the push rod is assembled to the brake lever to provide a snap fit connection therebetween. Another method of manufacturing a retaining formation includes the steps of providing one of a push rod and a brake lever with a concave formation, providing the other of the push rod and the brake lever with a convex formation able to receive the concave formation, assembling the concave formation and the convex formation, mechanically working the one of the push rod and the brake lever with the concave formation such that the concave formation at least partially surrounds the convex formation to prevent axial separation of the push rod and the brake lever.

摘要翻译： 限定在气盘制动器的制动杆上的保持构件包括用于将推杆可释放地固定到制动杆的推动配合/卡扣配合连接。 保持结构可以包括钉扎连接和球窝接头，并且销钉连接的主轴线与球窝接头的旋转中心重合。 保持结构可以包括在推杆和制动杆中的一个上的凹形结构以及在另一个推杆和制动杆上的对应的凸形结构。 凹形结构至少部分地围绕凸起形状以防止推杆和制动杆的轴向分离。 一种组装制动组件的方法包括以下步骤：组装推杆和制动杆，其包括保持结构，使得当组装到制动杆中时，保持结构的至少一部分在组装和复位期间变形，以提供 它们之间的卡扣配合连接。 制造保持结构的另一种方法包括以下步骤：提供具有凹形结构的推杆和制动杆中的一个，为推动杆和制动杆中的另一个提供能够容纳凹形结构的凸形结构， 凹形结构和凸形结构，用凹形结构机械地加工推杆和制动杆中的一个，使得凹形结构至少部分地围绕凸形结构以防止推杆和制动杆的轴向分离。