-
1.发明申请SECURELY USING SERVICE PROVIDERS IN ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS 失效安全地在弹性计算系统和环境中使用服务提供商公开(公告)号:US20110004916A1
公开(公告)日:2011-01-06
申请号:US12765775
申请日:2010-04-22
IPC分类号: G06F21/00
CPC分类号: G06F9/5011
摘要: Access permission can be assigned to a particular individually executable portion of computer executable code (“component-specific access permission”) and enforced in connection with accessing the services of a service provider by the individually executable portion (or component). It should be noted that least one of the individually executable portions can request the services when executed by a dynamically scalable computing resource provider. In addition, general and component-specific access permissions respectively associated with executable computer code as a whole or one of it specific portions (or components) can be cancelled or rendered inoperable in response to an explicit request for cancellation.
摘要翻译: 可以将访问权限分配给计算机可执行代码(“组件特定访问权限”)的特定单独执行部分,并且通过单独执行的部分(或组件)访问服务提供者的服务来执行。 应当注意,当由动态可扩展的计算资源提供商执行时,单独可执行部分中的至少一个可以请求服务。 此外,响应于明确的取消请求,可以取消或使其与整个可执行计算机代码或其特定部分(或组件)分别相关联的通用和组件特定访问许可。
-
公开(公告)号:US20110282940A1
公开(公告)日:2011-11-17
申请号:US12778846
申请日:2010-05-12
CPC分类号: G06F9/5072 , G06F9/4843
摘要: In accordance with one aspect of the invention, web workers and local storages can be extended to a cloud-based environment. This allows web workers to be executed on any of a number of different cloud platforms located in a cloud, leveraging available resources to provide a quicker and more efficient processing environment for the various web workers. The present invention also provides these functionalities in a way that is transparent to not just the user, but also to the web page developer as well, eliminating the need for the web page developer to be aware of the cloud-based environment and design the web page for use therewith.
摘要翻译: 根据本发明的一个方面,网络工作者和本地存储器可以扩展到基于云的环境。 这允许网络工作者在位于云端的多个不同云平台中的任何一个上执行,利用可用资源为各种网络工作者提供更快速和更有效的处理环境。 本发明还以对用户不仅仅是透明的方式提供这些功能,而且对网页开发者也是透明的,消除了网页开发人员了解基于云的环境和设计网络的需要 使用页面。
-
3.发明申请EXECUTION ALLOCATION COST ASSESSMENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS INCLUDING ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS 失效包括弹性计算系统和环境在内的计算系统和环境的执行成本分摊费用评估公开(公告)号:US20120265884A1
公开(公告)日:2012-10-18
申请号:US13492772
申请日:2012-06-08
申请人: Xinwen ZHANG , Onur ACIICMEZ , Simon J. GIBBS , Anugeetha KUNJITHAPATHAM , Sangoh JEONG , Doreen CHENG
发明人: Xinwen ZHANG , Onur ACIICMEZ , Simon J. GIBBS , Anugeetha KUNJITHAPATHAM , Sangoh JEONG , Doreen CHENG
IPC分类号: G06F15/16
CPC分类号: H04L29/08144 , G06F9/5044 , G06F9/5094 , H04L29/08306 , H04N21/23103 , Y02D10/22
摘要: Techniques for assessing the cost of allocation of execution and affecting the allocation of execution are disclosed. The cost of allocation of execution between a first computing device (e.g., mobile device) and one or more computing resource providers (e.g., Clouds) can be determined during runtime of the code. A computing system can operate independently of the first computing device and a computing resource provider and provide execution allocation cost assessment. Execution allocation cost can be assessed based on execution allocation data pertaining to the first computing device and computing resource providers. Power consumption of a mobile device can be used as a factor in determining how to allocate individual components of an application program between a mobile phone and a Cloud. In an Elastic computing environment, external computing resources can be used to extend the computing capabilities beyond that which can be provided by internal computing resources.
摘要翻译: 披露了评估分配成本和影响执行分配的技术。 可以在代码的运行时间期间确定第一计算设备(例如,移动设备)与一个或多个计算资源提供者(例如,云)之间的执行分配成本。 计算系统可以独立于第一计算设备和计算资源提供者操作并提供执行分配成本评估。 可以基于与第一计算设备和计算资源提供者有关的执行分配数据来评估执行分配成本。 可以将移动设备的功耗用作确定如何在移动电话和云之间分配应用程序的各个组件的因素。 在弹性计算环境中,外部计算资源可用于将计算能力扩展到内部计算资源所能提供的计算能力之外。
-
4.发明申请EXECUTION ALLOCATION COST ASSESSMENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS INCLUDING ELASTIC COMPUTING SYSTEMS AND ENVIRONMENTS 有权包括弹性计算系统和环境在内的计算系统和环境的执行成本分摊费用评估公开(公告)号:US20110004574A1
公开(公告)日:2011-01-06
申请号:US12710204
申请日:2010-02-22
CPC分类号: G06N5/02 , G06F9/5066
摘要: Techniques for allocating individually executable portions of executable code for execution in an Elastic computing environment are disclosed. In an Elastic computing environment, scalable and dynamic external computing resources can be used in order to effectively extend the computing capabilities beyond that which can be provided by internal computing resources of a computing system or environment. Machine learning can be used to automatically determine whether to allocate each individual portion of executable code (e.g., a Weblet) for execution to either internal computing resources of a computing system (e.g., a computing device) or external resources of an dynamically scalable computing resource (e.g., a Cloud). By way of example, status and preference data can be used to train a supervised learning mechanism to allow a computing device to automatically allocate executable code to internal and external computing resources of an Elastic computing environment.
摘要翻译: 公开了用于在弹性计算环境中分配用于执行的可执行代码的单独可执行部分的技术。 在弹性计算环境中,可以使用可扩展和动态的外部计算资源,以便有效地将计算能力扩展到可以由计算系统或环境的内部计算资源提供的能力。 机器学习可用于自动确定是否将可执行代码(例如,Weblet)的每个单独部分分配给计算系统(例如,计算设备)的内部计算资源或动态可扩展计算资源的外部资源 (例如,云)。 作为示例,状态和偏好数据可以用于训练监督学习机制,以允许计算设备自动地将可执行代码分配给弹性计算环境的内部和外部计算资源。
-
5.发明申请REPRESENTATION AND VERIFICATION OF DATA FOR SAFE COMPUTING ENVIRONMENTS AND SYSTEMS 有权安全计算环境和系统数据的表示和验证公开(公告)号:US20100106976A1
公开(公告)日:2010-04-29
申请号:US12256773
申请日:2008-10-23
IPC分类号: G06F21/00
CPC分类号: G06F17/30516 , G06F21/565 , G06F21/64 , H04L9/0643
摘要: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value. By effectively dividing the data into multiple portions in multiple processing streams and processing them in parallel to determine multiple hash values simultaneously, the time required for hashing the data can be reduced in comparison to conventional techniques that operate to determine a hash value for the data as a whole and in a single processing stream. As a result, the time required for integrity verification can be reduced, thereby allowing safe features to be extended to devices that may operate with relatively limited resources (e.g., mobile and/or embedded devices) as well as improving the general efficiency of device that are or will be using safety features (e.g., Trusted Computing (TC) device).
摘要翻译: 公开了用于表示和验证数据的技术。 这些技术对于在安全计算环境和/或系统(例如,可信计算(TC)系统和/或环境)中的数据完整性(完整性验证)的表示和验证特别有用。 可以针对数据的各个部分独立且可能并行地确定多个独立代表值。 独立代表值可以例如是数据的相应不同部分同时确定的散列值。 可以通过例如处理它们来确定可以用作完整性值的单个散列值,基于多个散列值来确定数据的完整性。 通过在多个处理流中有效地将数据划分成多个部分并且并行处理它们以同时确定多个散列值,与操作以确定数据的散列值的常规技术相比,可以减少散列数据所需的时间 一个整体和一个处理流。 因此,可以减少完整性验证所需的时间,从而允许将安全功能扩展到可以以相对有限的资源(例如,移动和/或嵌入式设备)运行的设备,以及提高设备的总体效率 是或将使用安全功能(例如可信计算(TC)设备)。
-
6.发明申请公开(公告)号:US20100122314A1
公开(公告)日:2010-05-13
申请号:US12267990
申请日:2008-11-10
IPC分类号: G06F21/22
CPC分类号: G06F21/554
摘要: Techniques for controlling access are disclosed. The techniques can be used for reference monitoring in various computing systems (e.g., computing device) including those that may be relatively more susceptible to threats (e.g., mobile phones). Allowed access can be disallowed. In other words, permission to access a component can be effectively withdrawn even though access may be on-going. After permission to access a component has been allowed, one or more disallow access conditions or events can be effectively monitored in order to determine whether to withdraw the permission to access the component. As a result, allowed access to the component can be disallowed. Access can be disallowed by effectively considering the behavior of a component in the aggregate and/or over a determined amount of time. By way of example, a messaging application can be disallowed access to a communication port if the messaging application sends more messages than an acceptable limit during a session or in 4 hours. Disallow-access policies, rules and/or conditions can be defined and modified, for example, by end-users and system administrators, allowing a customizable and flexible security environment that is more adaptable to change.
摘要翻译: 公开了用于控制访问的技术。 这些技术可用于各种计算系统(例如,计算设备)中的参考监视,包括可能相对更易受威胁(例如,移动电话)的那些。 允许访问可以被禁止。 换句话说,即使访问可能正在进行,也可以有效地撤销访问组件的权限。 允许访问组件后,可以有效地监视一个或多个不允许访问条件或事件,以便确定是否撤销访问组件的权限。 因此,允许访问组件可以被禁止。 可以通过有效地考虑组件在集合中和/或在确定的时间内的行为来禁止访问。 作为示例,如果消息传递应用程序在会话期间或在4小时内发送比可接受的限制更多的消息,则可以不允许消息传递应用程序访问通信端口。 禁止访问策略,规则和/或条件可以由最终用户和系统管理员进行定义和修改,从而允许更适应于更改的可自定义和灵活的安全环境。
-
7.发明申请公开(公告)号:US20090028323A1
公开(公告)日:2009-01-29
申请号:US11828849
申请日:2007-07-26
申请人: Onur ACIICMEZ , Jean-Pierre SEIFERT , Qingwei MA , Xinwen ZHANG
发明人: Onur ACIICMEZ , Jean-Pierre SEIFERT , Qingwei MA , Xinwen ZHANG
IPC分类号: H04L9/28
CPC分类号: H04L9/302
摘要: In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase to populate a data structure. Then, a first random number multiplied by a public key is added to each value in the data structure, in modulo of a second random number multiplied by the public key. Then an exponentiation phase is performed, wherein each modular multiplication and square operation in the exponentiation phase is performed in modulo of the second random number multiplied by the public key, producing a result. Then the result of the exponentiation phase is reduced in modulo of the public key. The introduction of the random numbers aids in the prevention of potential security breaches from the deduction of operands in the table initiation phase by malicious individuals.
摘要翻译: 在一个实施例中,通过首先执行表起始阶段来填充数据结构来执行消息的密码学变换。 然后,乘以公开密钥的第一随机数被加到数据结构中的每个值上,以第二随机数乘以公钥的模数。 然后执行取幂阶段,其中乘幂相位中的每个模乘和平方运算以第二随机数乘以公钥进行模拟,产生结果。 然后,乘法相位的结果以公钥的模数减少。 随机数的引入有助于防止潜在的安全漏洞在恶意个人的桌面启动阶段扣除操作数。
-
8.发明申请公开(公告)号:US20090300049A1
公开(公告)日:2009-12-03
申请号:US12132541
申请日:2008-06-03
IPC分类号: G06F17/00
CPC分类号: G06F21/57
摘要: Improved verification techniques for verification of the integrity of various computing environments and/or computing systems are disclosed. Verifiable representative data can effectively represent verifiable content of a computing environment, thereby allowing the integrity of the computing environment to be verified based on the verifiable representative data instead of the content being represented. Verifiable representative data can effectively include selected portions of the content (e.g., selected content which may be of general and/or specific security interest) and can be generally smaller than the verifiable content it represents. As such, it may generally be more efficient to use the verifiable representative data instead of the content it represents. Verifiable representative data can also be organized. By way of example, unstructured content (e.g., a configuration file written in text) can be effectively transformed based on a scheme (e.g., an XML schema) into a structured text-based content written in a structured language (e.g., XML). Verifiable organized representative data can be organized in accordance with various organizational aspects including, for example, structural, semantics, parameter verification, parameter simplification, and other organizational rules and/or preferences. Organization of verifiable organized representative data can be verified as an additional measure of its integrity, and by in large the integrity of a computing environment and/or system being effectively represented by the verifiable representative data.
摘要翻译: 公开了用于验证各种计算环境和/或计算系统的完整性的改进的验证技术。 可验证的代表数据可以有效地代表计算环境的可验证内容,从而基于可验证的代表数据而不是所表示的内容来允许验证计算环境的完整性。 可验证的代表数据可以有效地包括内容的所选部分(例如,可能具有一般和/或具体安全利益的所选择的内容),并且可以通常小于其表示的可验证内容。 因此,使用可验证的代表数据而不是其表示的内容通常可能更有效。 也可以组织可验证的代表性数据。 作为示例,可以基于将方案(例如,XML模式)转换成以结构化语言(例如,XML)编写的基于结构的基于文本的内容的方式来有效地转换非结构化内容(例如,以文本形式写入的配置文件)。 可以根据各种组织方面来组织可验证的有组织的代表性数据,包括例如结构,语义,参数验证,参数简化以及其他组织规则和/或偏好。 可验证的有组织的代表性数据的组织可以被验证为其完整性的附加度量,以及由可验证的代表性数据有效地表示的计算环境和/或系统的完整性。
-
9.发明申请公开(公告)号:US20100117873A1
公开(公告)日:2010-05-13
申请号:US12268001
申请日:2008-11-10
IPC分类号: H03M7/30
CPC分类号: H03M7/3086 , H03M7/30
摘要: Techniques for hashing and decompression of data are disclosed. Hashing and decompression of compressed data can be integrated in order to effectively hash and decompress the compressed data at the same time. The integrated hashing and decompression techniques of the invention are useful for any computing environment and/or system where compressed data is hashed and decompressed. The invention is especially useful for safe computing environment and/or system (e.g., a Trusted Computing (TC) computing environment) where hashing decompression of compressed data can be routinely performed. The Integrity of a computing environment and/or system can be protected by integrating the decompressing and hashing of the compressed data or effectively hashing and decompressing the compressed data at the same time. A combined hashing and decompression function can be provided based on conventional hashing and compression functions by integrating their similar components and in an efficient manner.
摘要翻译: 公开了散列和解压缩数据的技术。 可以集成压缩数据的哈希和解压缩,以便同时有效地对压缩数据进行散列和解压缩。 本发明的集成散列和解压缩技术对于压缩数据被散列和解压缩的任何计算环境和/或系统是有用的。 本发明对于可以常规执行压缩数据的散列解压缩的安全计算环境和/或系统(例如,可信计算(TC)计算环境)特别有用。 计算环境和/或系统的完整性可以通过对压缩数据的解压缩和散列进行集成来进行保护,或者同时有效地对压缩数据进行散列和解压缩。 可以通过集成其类似组件并以有效的方式,基于常规散列和压缩功能提供组合的散列和减压功能。
-
10.发明申请公开(公告)号:US20090271844A1
公开(公告)日:2009-10-29
申请号:US12108455
申请日:2008-04-23
IPC分类号: G06F12/00
CPC分类号: G06F12/1458
摘要: Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g., a trusted) access controlling (or monitoring) system (or component) can control access to resources of a computing environment. For example, a trusted access monitoring system can be provided in a secure and trusted operating environment utilizing Mandatory Access Control (MAC) capabilities of a secure operating system (e.g., SELinux Operating System).
摘要翻译: 公开了用于控制对计算环境的可访问组件的访问的改进的技术。 这些技术可以用于为移动和嵌入式系统提供强制访问控制(MAC)机制。 确定组件可尝试访问的一个或多个可访问组件(例如,可访问资源),使得可以以如下方式来存储一个或多个访问许可:如果组件尝试访问一个或多个可访问组件 从而允许基于容易获得的访问权限来访问要被确定的一个或多个可访问组件。 通常,可以根据需要识别和存储访问权限。 可以例如基于使用的可能性来识别访问权限,或者可以确定和存储所有可能的访问许可。 安全(例如,受信任的)访问控制(或监视)系统(或组件)可以控制对计算环境的资源的访问。 例如,可以使用安全操作系统(例如,SELinux操作系统)的强制访问控制(MAC)功能在安全和受信任的操作环境中提供可信赖的访问监控系统。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.026 秒)
