-
公开(公告)号:US08387152B2
公开(公告)日:2013-02-26
申请号:US12163426
申请日:2008-06-27
IPC分类号: G06F7/04 , G06F17/30 , G06F17/00 , G06F15/16 , G06F12/14 , G06F13/00 , G06F21/00 , H04N7/16 , H04L29/06 , H04L9/32 , H04L9/08
摘要: Computer systems and environments implemented herein permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, this computing environment can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译: 本文实现的计算机系统和环境允许本地机器增加对授权访问受保护内容的参与。 操作系统在相应的计算机系统上证明计算环境。 如果计算环境是允许访问受保护内容的计算环境,则允许操作系统根据生殖策略进一步(例如,应用)调整对受保护内容的访问。 因此,授权决定部分分配,减轻了内容保护服务器的资源负担。 因此,当请求对受保护内容的访问时,该计算环境可以促进更强大和有效的授权决定。
-
公开(公告)号:US20090327705A1
公开(公告)日:2009-12-31
申请号:US12163426
申请日:2008-06-27
摘要: The present invention extends to methods, systems, and computer program products for protecting content. Embodiments of the invention permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译: 本发明扩展到用于保护内容的方法,系统和计算机程序产品。 本发明的实施例允许本地机器增加对授权对受保护内容的访问的参与。 操作系统在相应的计算机系统上证明计算环境。 如果计算环境是允许访问受保护内容的计算环境,则允许操作系统根据生殖策略进一步(例如,应用)调整对受保护内容的访问。 因此,授权决定部分分配,减轻了内容保护服务器的资源负担。 因此,当请求访问受保护内容时,本发明的实施例可以促进更强大和有效的授权决定。
-
公开(公告)号:US07913074B2
公开(公告)日:2011-03-22
申请号:US11864418
申请日:2007-09-28
CPC分类号: G06F15/16
摘要: Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.
摘要翻译: 本文描述了用于安全启动加密操作系统的工具和技术。 这些工具可以提供包括为系统定义引导路径的操作系统(OS)的计算系统。 该引导路径可以包括第一和第二OS加载器组件。 第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令,并且用于从加密的第二存储中检索这些指定的扇区。 第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中,并且可以调用第二加载器来尝试使用这些扇区启动操作系统。 反过来,第二装载器可以包括用于从第三商店检索这些扇区的指令,以及用于解密用于对这些扇区进行解密的密钥。 然后,第二加载器可以解密这些扇区,并尝试从这些扇区启动OS。
-
公开(公告)号:US20090089568A1
公开(公告)日:2009-04-02
申请号:US11864418
申请日:2007-09-28
IPC分类号: G06F15/177
CPC分类号: G06F15/16
摘要: Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.
摘要翻译: 本文描述了用于安全启动加密操作系统的工具和技术。 这些工具可以提供包括为系统定义引导路径的操作系统(OS)的计算系统。 该引导路径可以包括第一和第二OS加载器组件。 第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令,并且用于从加密的第二存储中检索这些指定的扇区。 第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中,并且可以调用第二加载器来尝试使用这些扇区启动操作系统。 反过来,第二装载器可以包括用于从第三商店检索这些扇区的指令,以及用于解密用于对这些扇区进行解密的密钥。 然后,第二加载器可以解密这些扇区,并尝试从这些扇区启动OS。
-
公开(公告)号:US08225390B2
公开(公告)日:2012-07-17
申请号:US12163548
申请日:2008-06-27
申请人: Kenneth D. Ray , Pankaj M. Kamat , Charles W. Kaufman , Paul J. Leach , William R. Tipton , Andrew Herron , Krassimir E. Karamfilov , Duncan G. Bryce , Jonathan D. Schwartz , Matthew C. Setzer , John McDowell
发明人: Kenneth D. Ray , Pankaj M. Kamat , Charles W. Kaufman , Paul J. Leach , William R. Tipton , Andrew Herron , Krassimir E. Karamfilov , Duncan G. Bryce , Jonathan D. Schwartz , Matthew C. Setzer , John McDowell
IPC分类号: G06F21/00
CPC分类号: G06F21/105
摘要: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译: 本发明扩展到用于将受保护内容授权给应用集的方法,系统和计算机程序产品。 本发明的实施例允许本地机器增加其对授权对受保护内容的访问的参与。 例如,允许在适当的计算环境内的操作系统来确定应用程序是否被授权访问受保护的内容。 因此,应用程序不必存储发布许可证。 此外,授权决定部分分配,减轻了保护服务器的资源负担。 因此,当请求访问受保护内容时,本发明的实施例可以促进更强大和有效的授权决定。
-
公开(公告)号:US20090328134A1
公开(公告)日:2009-12-31
申请号:US12163548
申请日:2008-06-27
申请人: Kenneth D. Ray , Pankaj M. Kamat , Charles W. Kaufman , Paul J. Leach , William R. Tipton , Andrew Herron , Krassimir E. Karamifilov , Duncan G. Bryce , Jonathan D. Schwartz , Matthew C. Setzer , John McDowell
发明人: Kenneth D. Ray , Pankaj M. Kamat , Charles W. Kaufman , Paul J. Leach , William R. Tipton , Andrew Herron , Krassimir E. Karamifilov , Duncan G. Bryce , Jonathan D. Schwartz , Matthew C. Setzer , John McDowell
IPC分类号: G06F17/00
CPC分类号: G06F21/105
摘要: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译: 本发明扩展到用于将受保护内容授权给应用集的方法,系统和计算机程序产品。 本发明的实施例允许本地机器增加其对授权对受保护内容的访问的参与。 例如,允许在适当的计算环境内的操作系统来确定应用程序是否被授权访问受保护的内容。 因此,应用程序不必存储发布许可证。 此外,授权决定部分分配,减轻了保护服务器的资源负担。 因此,当请求访问受保护内容时,本发明的实施例可以促进更强大和有效的授权决定。
-
公开(公告)号:US08375440B2
公开(公告)日:2013-02-12
申请号:US11872220
申请日:2007-10-15
IPC分类号: G06F21/00
CPC分类号: G06F15/177 , G06F9/4418 , G06F21/31 , G06F21/81
摘要: Procedures for resumption from a low activity condition are discussed. In implementations, a persistent state file, or a portion thereof, is secured via an encryption algorithm, with the decryption key secured via the operating system (OS) login user credentials. Once a user is authenticated via the OS login, the persistent state file may be decrypted and inserted in the OS boot path with resumption occurring through the persistent state file.
摘要翻译: 讨论从低活动条件恢复的程序。 在实现中,经由加密算法来保护持久状态文件或其一部分,其中解密密钥通过操作系统(OS)登录用户凭证得到保护。 一旦用户通过OS登录认证,持久状态文件可以被解密并插入到OS引导路径中,并通过持久状态文件进行恢复。
-
公开(公告)号:US20090100516A1
公开(公告)日:2009-04-16
申请号:US11872220
申请日:2007-10-15
IPC分类号: H04L9/32 , G06F15/177
CPC分类号: G06F15/177 , G06F9/4418 , G06F21/31 , G06F21/81
摘要: Procedures for resumption from a low activity condition are discussed. In implementations, a persistent state file, or a portion thereof, is secured via an encryption algorithm, with the decryption key secured via the operating system (OS) login user credentials. Once a user is authenticated via the OS login, the persistent state file may be decrypted and inserted in the OS boot path with resumption occurring through the persistent state file.
摘要翻译: 讨论从低活动条件恢复的程序。 在实现中,经由加密算法来保护持久状态文件或其一部分,其中解密密钥通过操作系统(OS)登录用户凭证得到保护。 一旦用户通过OS登录认证,持久状态文件可以被解密并插入到OS引导路径中,并通过持久状态文件进行恢复。
-
9.发明授权Using a USB host controller security extension for controlling changes in and auditing USB topology 失效使用USB主机控制器安全扩展来控制USB拓扑的更改和审核公开(公告)号:US07761618B2
公开(公告)日:2010-07-20
申请号:US11090582
申请日:2005-03-25
申请人: Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
发明人: Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
CPC分类号: G06F21/554 , G06F21/55 , G06F2221/2101
摘要: Protecting computer systems from attacks that attempt to change USB topology and for ensuring that the system's information regarding USB topology is accurate is disclosed. A software model is defined that, together with secure USB hardware, provides an ability to define policies using which USB traffic can be properly monitored and controlled. The implemented policy provides control over USB commands through a combination of software evaluation and hardware programming. Legitimate commands are evaluated and “allowed” to be sent to a USB device by a host controller. Illegitimate commands are evaluated and blocked. Additionally, the USB topology is audited to verify that the system's topology map matches the actual USB topology.
摘要翻译: 公开了保护计算机系统免受试图改变USB拓扑并确保系统有关USB拓扑的信息准确的攻击。 定义了一种软件模型,它与安全USB硬件一起提供了一种定义可以正确监控和控制哪个USB流量的策略的能力。 实施的策略通过软件评估和硬件编程的组合来提供对USB命令的控制。 评估合法的命令,并通过主机控制器将“允许”命令发送到USB设备。 非法命令被评估和阻止。 另外,USB拓扑被审计,以验证系统的拓扑图匹配实际的USB拓扑。
-
公开(公告)号:US09805196B2
公开(公告)日:2017-10-31
申请号:US12394430
申请日:2009-02-27
CPC分类号: G06F21/57 , A63F13/73 , A63F13/75 , G06F21/51 , G06F21/575 , G06F2221/2149 , G09C1/00 , H04L9/3234 , H04L9/3239 , H04L9/3271
摘要: An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior.
-
-
-
-
-
-
-
-
-
搜索结果
72 条记录 (耗时 0.028 秒)
