公开(公告)号：US20070101131A1

公开(公告)日：2007-05-03

申请号：US11265265

申请日：2005-11-01

申请人： Ivan Davtchev ,  Karan Dhillon ,  Nir Zvi ,  Aaron Goldsmid ,  Ping Xie ,  Yifat Sagiv

发明人： Ivan Davtchev ,  Karan Dhillon ,  Nir Zvi ,  Aaron Goldsmid ,  Ping Xie ,  Yifat Sagiv

IPC分类号： H04L9/00

CPC分类号： G06F21/64

摘要： A security flag stored in a trusted store is utilized to determine if the trusted store has been subjected to tampering. The security flag is indicative of a globally unique identifier (GUID), the version of the trusted store, and a counter. The security flag is created when the trusted store is created. Each time a critical event occurs, the security flag is updated to indicate the occurrence thereof. The security flag also is stored in a write-once portion of the system registry. At appropriate times, the security flag stored in the trusted store is compared with the corresponding security flag stored in the write-once registry. If the security flags match within a predetermined tolerance, it is determined that the trusted store has not been subjected to tampering. If the security flags do not match, or if a security flag is missing, it is determined that the trusted store has been subjected to tampering.

摘要翻译： 使用存储在可信存储中的安全标志来确定可信存储是否已经被篡改。 安全标志指示全局唯一标识符（GUID），可信存储的版本和计数器。 创建可信存储时创建安全标志。 每当发生紧急事件时，安全标志被更新以指示其发生。 安全标志也存储在系统注册表的一次写入部分中。 在适当的时间，将存储在可信存储中的安全标志与存储在一次写入注册表中的对应的安全标志进行比较。 如果安全标志在预定公差内匹配，则确定可信存储没有遭受篡改。 如果安全标志不匹配，或者如果安全标志丢失，则确定可信存储已经受到篡改。

公开(公告)号：US20060191014A1

公开(公告)日：2006-08-24

申请号：US11404448

申请日：2006-04-14

申请人： Nir Zvi ,  Kristjan Hatlelid ,  Andrey Lelikov

发明人： Nir Zvi ,  Kristjan Hatlelid ,  Andrey Lelikov

IPC分类号： H04N7/16

CPC分类号： G06F21/125 ,  G06F8/656 ,  G06F21/54

摘要： A mechanism for redirecting a code execution path in a running process. A one-byte interrupt instruction (e.g., INT 3) is inserted into the code path. The interrupt instruction passes control to a kernel handler, which after executing a replacement function, returns to continue executing the process. The replacement function resides in a memory space that is accessible to the kernel handler. The redirection mechanism may be applied without requiring a reboot of the computing device on which the running process is executing. In addition, the redirection mechanism may be applied without overwriting more than one byte in the original code.

公开(公告)号：US20060069653A1

公开(公告)日：2006-03-30

申请号：US11273775

申请日：2005-11-14

申请人： Andrey Lelikov ,  Donald Rule ,  Kristjan Hatlelid ,  Nir Zvi

发明人： Andrey Lelikov ,  Donald Rule ,  Kristjan Hatlelid ,  Nir Zvi

IPC分类号： G06Q99/00

CPC分类号： G06F21/125 ,  G06F21/00 ,  G06Q99/00

摘要： Upon a first process encountering a triggering device, a second process chooses whether to proxy-execute code corresponding to the triggering device of the first process on behalf of such first process based at least in part on whether a license evaluator of the second process has determined that the first process is to be operated in accordance with the terms and conditions of a corresponding digital license. The license evaluator at least in part performs such determination by running a script corresponding to the triggering device in the code of the first process. Thus, the first process is dependent upon the second process and the license for operation thereof.