-
公开(公告)号:US20140068704A1
公开(公告)日:2014-03-06
申请号:US13863168
申请日:2013-04-15
申请人: Karanvir S. Grewal , Ravi L. Sahita , David Durham
发明人: Karanvir S. Grewal , Ravi L. Sahita , David Durham
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , G06F21/52 , G06F21/53 , G06F21/606 , G06F21/78 , G06F21/85
摘要: One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data.
摘要翻译: 用于减轻对数据业务的未经授权访问的装置的一个特定示例实现包括:操作系统栈以分配未受保护的内核传送缓冲器; 分配受保护的存储器数据缓冲器的管理程序,其中数据将被存储在受保护的存储器数据缓冲器中,然后被复制到未受保护的内核传送缓冲器; 以及编码器模块,用于加密存储在受保护的存储器数据缓冲器中的数据,其中未受保护的内核传送缓冲器接收到加密数据的副本。
-
公开(公告)号:US20140044258A1
公开(公告)日:2014-02-13
申请号:US13977529
申请日:2012-03-31
申请人: Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
发明人: Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
IPC分类号: H04N21/647
CPC分类号: H04N21/64715 , H04N21/23476 , H04N21/2541 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355
摘要: Methods and systems for cryptographic access control of multimedia video, include embedding as metadata access control policy (ACP) information, including authorization rules and cryptographic information tied to an encryption policy, into encrypted video. An authorized receiver device having credentials and/or capabilities matched to the authorization rules is able to extract the ACP information from the encrypted video and use it to decrypt and properly render the video.
摘要翻译: 多媒体视频的密码访问控制方法和系统包括嵌入作为元数据访问控制策略(ACP)信息,包括与加密策略相关的授权规则和加密信息,加密视频。 具有与授权规则匹配的凭证和/或能力的授权的接收机设备能够从加密的视频中提取ACP信息,并使用它来解密并适当地呈现视频。
-
公开(公告)号:US09094733B2
公开(公告)日:2015-07-28
申请号:US13977529
申请日:2012-03-31
申请人: Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
发明人: Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
IPC分类号: G06F21/62 , H04N21/647 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355 , H04L9/18
CPC分类号: H04N21/64715 , H04N21/23476 , H04N21/2541 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355
摘要: Cryptographic access control of multimedia video is presented. A method includes generating as metadata an access control policy (ACP) associated with video, the ACP including authorization rules and cryptographic information associated with an encryption policy; encrypting the video according to the encryption policy; and encoding the encrypted video with the authorization rules and the cryptographic information, which may be used to decrypt and render the encoded video. As an example, an authorized receiver device having credentials and/or capabilities matched to the authorization rules may extract the ACP information from the encrypted video and use it to decrypt and properly render the video. The method may further include visually encoding the encrypted video with at least portions of the authorization rules and the cryptographic information, such that the visually encoded video is renderable as the video by an authorized device, but is renderable as visually unintelligible video by an unauthorized device.
摘要翻译: 介绍了多媒体视频的密码访问控制。 一种方法包括:生成与视频相关联的访问控制策略(ACP)作为元数据,所述ACP包括与加密策略相关联的授权规则和加密信息; 根据加密策略加密视频; 并使用可用于解密和呈现编码视频的授权规则和密码信息对加密的视频进行编码。 作为示例,具有与授权规则匹配的凭证和/或能力的授权接收机设备可以从加密的视频中提取ACP信息,并使用它来解密并适当地呈现视频。 该方法还可以包括使用授权规则和密码信息的至少一部分来视觉地编码加密的视频,使得视觉编码的视频可以由授权设备呈现为视频,但是可被未经授权的设备呈现为视觉上难以理解的视频 。
-
4.发明申请SEAMLESSLY ENCRYPTING MEMORY REGIONS TO PROTECT AGAINST HARDWARE-BASED ATTACKS 审中-公开无缝加密存储区域防范基于硬件的攻击公开(公告)号:US20150205732A1
公开(公告)日:2015-07-23
申请号:US14449467
申请日:2014-08-01
申请人: Uday SAVAGAONKAR , Ravi Sahita , David Durham , Men Long
发明人: Uday SAVAGAONKAR , Ravi Sahita , David Durham , Men Long
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要: Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译: 公开了系统,装置和方法,并且用于无缝地保护存储器区域以防止基于硬件的攻击。 在一个实施例中,一种装置包括解码器,控制逻辑和加密逻辑。 解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。 控制逻辑是将事务从存储器映射的输入/输出空间重定向到系统存储器。 密码逻辑是对数据进行交易操作。
-
5.发明授权Secure vault service for software components within an execution environment 有权为执行环境中的软件组件提供安全的保管库服务公开(公告)号:US08839450B2
公开(公告)日:2014-09-16
申请号:US11833073
申请日:2007-08-02
申请人: David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
发明人: David Durham , Hormuzd Khosravi , Uri Blumenthal , Men Long
CPC分类号: G06F21/6209 , G06F12/1408 , G06F12/1466 , G06F12/1475 , G06F21/52 , G06F21/53
摘要: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。
-
6.发明授权Cumulative integrity check value (ICV) processor based memory content protection 有权累积完整性检查值(ICV)处理器内存保护公开(公告)号:US08826035B2
公开(公告)日:2014-09-02
申请号:US12646028
申请日:2009-12-23
申请人: David Durham , Men Long , Uday Savagaonkar
发明人: David Durham , Men Long , Uday Savagaonkar
IPC分类号: G06F21/00
摘要: In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.
摘要翻译: 通常,在一个方面,本公开描述了包括密码引擎和第一和第二寄存器的过程。 加密引擎是对要写入存储器的数据进行加密,解密从存储器读取的数据,生成读取完整性检查值(ICV),并为存储器访问写入ICV。 密码引擎还通过分别用当前读取的MAC和当前的写入ICV异或生成的读取ICV和产生的写ICV来创建累积读取ICV和累积写入ICV,并通过比较累积读取ICV和 累积写ICV。 第一和第二寄存器分别在处理器处存储累积读和写ICV。 描述和要求保护其他实施例。
-
公开(公告)号:US20140245230A1
公开(公告)日:2014-08-28
申请号:US13996088
申请日:2011-12-27
申请人: Lenitra M. Durham , David Durham , Sangita Sharma
发明人: Lenitra M. Durham , David Durham , Sangita Sharma
IPC分类号: G06F3/0481 , G06F3/0486 , G06F3/0484
CPC分类号: G06F3/04815 , G06F3/017 , G06F3/0425 , G06F3/04842 , G06F3/0486
摘要: Systems and methods may provide for displaying a three-dimensional (3D) environment on a screen of a mobile device, and identifying a user interaction with an area behind the mobile device. In addition, the 3D environment can be modified based at least in part on the first user interaction. Moreover, the 3D environment may be modified based on movements of the mobile device as well as user interactions with the mobile device, allowing the user to navigate through the virtual 3D environment by moving the mobile/handheld device.
摘要翻译: 系统和方法可以提供在移动设备的屏幕上显示三维(3D)环境,并且识别与移动设备后面区域的用户交互。 另外,可以至少部分地基于第一用户交互来修改3D环境。 此外,可以基于移动设备的移动以及用户与移动设备的交互来修改3D环境,从而允许用户通过移动移动/手持设备在虚拟3D环境中导航。
-
8.发明授权Seamlessly encrypting memory regions to protect against hardware-based attacks 有权无缝加密内存区域以防止基于硬件的攻击公开(公告)号:US08799673B2
公开(公告)日:2014-08-05
申请号:US12651432
申请日:2009-12-31
申请人: Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
发明人: Uday R. Savagaonkar , Ravi Sahita , David Durham , Men Long
IPC分类号: H04L29/06
CPC分类号: G06F12/1408 , G06F12/1441 , G06F2212/1052
摘要: Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
摘要翻译: 公开了系统,装置和方法,并且用于无缝地保护存储器区域以防止基于硬件的攻击。 在一个实施例中,一种装置包括解码器,控制逻辑和加密逻辑。 解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。 控制逻辑是将事务从内存映射的输入/输出空间重定向到系统内存。 密码逻辑是对数据进行交易操作。
-
9.发明授权Techniques for authenticated posture reporting and associated enforcement of network access 有权用于认证状态报告和网络访问相关实施的技术公开(公告)号:US08671439B2
公开(公告)日:2014-03-11
申请号:US12460736
申请日:2009-07-23
申请人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号: G06F21/00
CPC分类号: H04L63/10 , G06F2221/2141 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/0209 , H04L63/08 , H04L63/20
摘要: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
摘要翻译: 允许固件代理在主机平台上作为防篡改代理操作的体系结构和技术,可在主机平台上用作受信任的策略执行点(PEP),即使主机操作系统受到威胁也可执行策略。 PEP可用于在主机平台上打开访问控制和/或修复通道。 固件代理还可以根据授权的企业PDP实体在主机平台上作为本地策略决策点(PDP),通过在主机信任代理不响应时提供策略,并且当主机信任时可以用作被动代理 代理功能。
-
10.发明授权公开(公告)号:US08584204B2
公开(公告)日:2013-11-12
申请号:US12460736
申请日:2009-07-23
申请人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号: G06F21/00
摘要: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
-
-
-
-
-
-
-
-
-
搜索结果
142 条记录 (耗时 0.027 秒)
