公开(公告)号：US20070005961A1

公开(公告)日：2007-01-04

申请号：US11171744

申请日：2005-06-30

申请人： Jeffrey Hamblin ,  Jonathan Schwartz ,  Kedarnath Dubhashi ,  Klaus Schutz ,  Peter Brundrett ,  Richard Ward ,  Thomas Jones

发明人： Jeffrey Hamblin ,  Jonathan Schwartz ,  Kedarnath Dubhashi ,  Klaus Schutz ,  Peter Brundrett ,  Richard Ward ,  Thomas Jones

IPC分类号： H04N7/16 ,  H04L9/32 ,  G06F17/30 ,  H04L9/00 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00

CPC分类号： G06F21/62 ,  G06F2221/2145 ,  G06F2221/2149

摘要： An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.

摘要翻译： 用于计算设备的操作系统具有用于用户的第一会话，所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。 第一权限令牌在操作系统上基本上包括用户的一整套特权。 操作系统还具有用户的第二会话，其包括具有附加到其的第二权限令牌的第二基本进程。 第二个权限令牌是从第一个权限令牌导出的，并且仅包含操作系统上用户的一组最小权限。 因此，第二个有限令牌不具有与第一个完整令牌相关联的所有权限，而是具有一组有限的权限，而不是可以用于采取有害，欺骗性或恶意行为的额外权限。

公开(公告)号：US20110071750A1

公开(公告)日：2011-03-24

申请号：US12886097

申请日：2010-09-20

申请人： Jeffrey D. GIOVINO ,  Jonathan Schwartz

发明人： Jeffrey D. GIOVINO ,  Jonathan Schwartz

IPC分类号： G08G5/06 ,  G05D1/00 ,  G06F19/00

CPC分类号： G08G5/06 ,  G08G5/0078 ,  G08G5/0082

摘要： Method, system, and computer program product embodiments for conflict detection of vehicles, including aircraft, are presented. According to an embodiment, a method for conflict detection of an aircraft, comprises: reducing one or more vehicle travel paths in a three dimensional space to a first dimension; receiving data corresponding to a motion of the aircraft; mapping the motion to the one or more vehicle travel paths in the first dimension; and transmitting an alert if a potential conflict is determined in the one or more vehicle travel paths in the first dimension. Corresponding system embodiments and computer program product embodiments are also disclosed.

摘要翻译： 提出了包括飞机在内的车辆冲突检测的方法，系统和计算机程序产品实施例。 根据一个实施例，一种用于飞行器的冲突检测的方法包括：将三维空间中的一个或多个车辆行驶路径减小到第一维度; 接收对应于飞机运动的数据; 将所述运动映射到所述第一维度中的所述一个或多个车辆行驶路径; 以及如果在所述第一维度中的所述一个或多个车辆行驶路径中确定了潜在冲突，则发送警报。 还公开了相应的系统实施例和计算机程序产品实施例。

公开(公告)号：USD634354S1

公开(公告)日：2011-03-15

申请号：US29364111

申请日：2010-06-18

申请人： Jonathan Schwartz

设计人： Jonathan Schwartz

公开(公告)号：USD606821S1

公开(公告)日：2009-12-29

申请号：US29338092

申请日：2009-06-04

申请人： Jonathan Schwartz

设计人： Jonathan Schwartz

公开(公告)号：US07565553B2

公开(公告)日：2009-07-21

申请号：US11036415

申请日：2005-01-14

申请人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

发明人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

IPC分类号： G06F12/14

CPC分类号： G06F21/575 ,  G06F21/78

摘要： Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.

摘要翻译： 用于通过安全引导过程控制计算机上的数据访问的系统和方法可以提供用于防止将来访问加密数字资源的高效机制。 这在一系列场景中可能是有利的，例如在出售计算机的地方，并且希望确保硬盘上不存在杂散私有数据。 数据资源，例如与一个或多个特定硬盘分区相关联的所有数据可以被加密。 解密密钥可以通过安全引导过程来获得。 通过擦除，改变或以其他方式禁用诸如解密密钥或获得解密密钥的过程的秘密，使用这种秘密的以前可访问的数据变得不可访问。

公开(公告)号：US20080130151A1

公开(公告)日：2008-06-05

申请号：US11998932

申请日：2007-12-04

申请人： Jonathan Schwartz ,  Uzi Ezra Havosha

发明人： Jonathan Schwartz ,  Uzi Ezra Havosha

IPC分类号： G02B5/08 ,  H03H7/01

CPC分类号： G08C23/04 ,  G08C2201/40

摘要： A series of reflecting mirrors to transfer waves from a portable remote control device to control electronic devices where the wave receiving eye of the electronic device is not in uninterrupted alignment with the remote control device. A wave filter to block certain definable instructions from reaching the wave receiving eye.

摘要翻译： 一系列反射镜，用于将来自便携式遥控装置的波转移到控制电子装置的电子装置，其中电子装置的波浪接收眼睛不与遥控装置不间断地对准。 滤波器，用于阻止某些可定义的指令到达波形接收眼。

公开(公告)号：US20060161784A1

公开(公告)日：2006-07-20

申请号：US11036018

申请日：2005-01-14

申请人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Schwartz ,  Kenneth Ray ,  Jonathan Schwartz

发明人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Schwartz ,  Kenneth Ray ,  Jonathan Schwartz

IPC分类号： H04L9/00

CPC分类号： G06F21/575

摘要： Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

摘要翻译： 提供了系统和方法，用于在具有可信平台模块（TPM）的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程，确定防止秘密解密的数据，并将数据返回到原始状态。 在这种类型的恢复不可行的情况下，可以使用用于验证用户的技术，允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器（PCR）值 。 最后，可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程，更新安全引导过程的一个或多个方面，以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。

公开(公告)号：US20060161761A1

公开(公告)日：2006-07-20

申请号：US11037566

申请日：2005-01-18

申请人： Jonathan Schwartz ,  Yu Sie ,  Philip Hallin

发明人： Jonathan Schwartz ,  Yu Sie ,  Philip Hallin

IPC分类号： G06F12/10

CPC分类号： G06F21/52 ,  G06F21/64

摘要： Systems and methods for validating integrity of an executable file are described. In one aspect, multiple partial image hashes are generated, the combination of which represent a digest of an entire executable file. Subsequent to loading the executable file on a computing device, a request to page a portion of the executable file into memory for execution is intercepted. Responsive to intercepting the request, and prior to paging the portion into memory for execution, a validation hash of the portion is computed. The validation hash is compared to a partial hash of the multiple partial image hashes to determine code integrity of the portion. The partial hash represents a same code segment as the portion.

公开(公告)号：US20060242406A1

公开(公告)日：2006-10-26

申请号：US11116598

申请日：2005-04-27

申请人： Sumedh Barde ,  Jonathan Schwartz ,  Reid Kuhn ,  Alexandre Grigorovitch ,  Kirt Debique ,  Chadd Knowlton ,  James Alkove ,  Geoffrey Dunbar ,  Michael Grier ,  Ming Ma ,  Chaitanya Upadhyay ,  Adil Sherwani ,  Arun Kishan

发明人： Sumedh Barde ,  Jonathan Schwartz ,  Reid Kuhn ,  Alexandre Grigorovitch ,  Kirt Debique ,  Chadd Knowlton ,  James Alkove ,  Geoffrey Dunbar ,  Michael Grier ,  Ming Ma ,  Chaitanya Upadhyay ,  Adil Sherwani ,  Arun Kishan

IPC分类号： H04L9/00

CPC分类号： G06F21/10 ,  G06F21/57 ,  G06F2221/0735 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/603

摘要： A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.

公开(公告)号：US08949289B2

公开(公告)日：2015-02-03

申请号：US12774662

申请日：2010-05-05

申请人： Peter Lasensky ,  Ang Dawa Sherpa ,  Fred McClain ,  Stephen Mickelsen ,  Jonathan Schwartz

发明人： Peter Lasensky ,  Ang Dawa Sherpa ,  Fred McClain ,  Stephen Mickelsen ,  Jonathan Schwartz

IPC分类号： G06F7/00 ,  G06F17/30 ,  G06Q10/06

CPC分类号： G10L15/26 ,  G06F17/2705 ,  G06Q10/06 ,  G06Q10/103

摘要： A system and method for generating and managing a secure, multi-user project database.

摘要翻译： 用于生成和管理安全的多用户项目数据库的系统和方法。