-
公开(公告)号:US07181603B2
公开(公告)日:2007-02-20
申请号:US10096685
申请日:2002-03-12
IPC分类号: G06F9/00
CPC分类号: H04L9/3247 , G06F21/51
摘要: Redirecting function calls through a protected environment to effect secure linkage of program modules. In one embodiment, a program module, such as a player application for example, may make function calls to secure functions instead of to insecure operating system (OS) services, thereby deterring attacks on the player's calls to OS services. In one embodiment, the new secure functions provide similar functionality to the replaced OS services. Providing a securely loaded function for calling by a program module in place of calling an insecure OS function includes obtaining object code for the securely loaded function from a signed binary description file, performing signature and integrity verification of the program module using the signed binary description file, loading the object code for the securely loaded function into memory, and updating an address for calling the securely loaded function by the program module.
摘要翻译: 通过受保护的环境重定向函数调用以实现程序模块的安全连接。 在一个实施例中,例如诸如播放器应用的程序模块可以进行功能调用以保护功能而不是不安全的操作系统(OS)服务,从而阻止对OS服务的播放器的呼叫的攻击。 在一个实施例中,新的安全功能提供与替换的OS服务类似的功能。 提供用于由程序模块调用代替调用不安全的OS功能的安全加载的功能包括从签名的二进制描述文件获取安全加载的功能的目标代码,使用带符号的二进制描述文件执行程序模块的签名和完整性验证 将安全加载的功能的目标代码加载到存储器中,并且通过程序模块更新用于调用安全加载的功能的地址。
-
2.发明授权Method for strongly authenticating another process in a different address space 失效用于在不同地址空间中强制验证另一个进程的方法
公开(公告)号:US5974550A
公开(公告)日:1999-10-26
申请号:US989615
申请日:1997-12-12
CPC分类号: G06F21/31 , H04L9/3247 , H04L9/3271
摘要: Authenticating a remote process operating in an address space different than that of a local process includes the steps of creating, by the local process, a tamper resistant module containing a temporary secret, sending the tamper resistant module and a challenge from the local process to the remote process, executing the tamper resistant module by the remote process and recovering the secret when the integrity of the remote process is verified by the tamper resistant module, encoding the challenge using the secret to produce a response, sending the response to the local process, and decoding the response by the local process. Optionally, the tamper resistant module includes a request for information from the second process and the response includes the answer to the request for information.
摘要翻译: 验证在与本地进程不同的地址空间中操作的远程进程包括以下步骤:通过本地进程创建包含临时秘密的防篡改模块,将防篡改模块和挑战从本地进程创建到 远程进程,由远程进程执行防篡改模块,并且当通过防篡改模块验证远程进程的完整性时恢复秘密,使用秘密对挑战进行编码以产生响应,向本地进程发送响应, 并通过本地进程对响应进行解码。 可选地,防篡改模块包括对来自第二进程的信息的请求,并且响应包括对信息请求的答案。
-
公开(公告)号:US20100174889A1
公开(公告)日:2010-07-08
申请号:US12349307
申请日:2009-01-06
CPC分类号: G06F9/45533 , G06F9/22 , G06F9/30174 , G06F9/30189
摘要: Embodiments of apparatuses, methods, and systems for modifying the behavior of a guest installed to run within a VM are disclosed. In one embodiment, an apparatus includes virtualization logic, first storage, second storage, decode logic, and multiplexing logic. The virtualization logic is to provide a mode in which to operate a virtual machine. The first storage is to store a first plurality of micro-instructions to control the apparatus. The second storage is to store a second plurality of micro-instructions to control the apparatus. The decode logic is to decode a macro-instruction into one of a first plurality and a second plurality of micro-instructions. The multiplexing logic is to cause the macro-instruction to be decoded into the second plurality of micro-instructions instead of the first plurality of micro-instructions only when issued from the virtual machine.
摘要翻译: 公开了用于修改安装在VM内运行的客户端的行为的装置,方法和系统的实施例。 在一个实施例中,设备包括虚拟化逻辑,第一存储,第二存储,解码逻辑和多路复用逻辑。 虚拟化逻辑是提供一种操作虚拟机的模式。 第一存储器是存储第一多个微指令以控制该装置。 第二存储器是存储第二多个微指令以控制该装置。 解码逻辑是将宏指令解码为第一多个和第二多个微指令之一。 复用逻辑是仅在从虚拟机发出时,使宏指令被解码成第二多个微指令而不是第一多个微指令。
-
公开(公告)号:US06178509B1
公开(公告)日:2001-01-23
申请号:US08924166
申请日:1997-09-05
申请人: Joseph M. Nardone , Richard T. Mangold , Jody L. Pfotenhauer , Keith L. Shippy , David W. Aucsmith , Richard L. Maliszewski , Gary L. Graunke
发明人: Joseph M. Nardone , Richard T. Mangold , Jody L. Pfotenhauer , Keith L. Shippy , David W. Aucsmith , Richard L. Maliszewski , Gary L. Graunke
IPC分类号: H04L900
CPC分类号: G11B20/00086 , G06F12/1408 , G06F21/10 , G06F21/14 , G06F21/52 , G06F21/57 , G06F21/79 , G06F2221/2107 , G06F2221/2135 , G06F2221/2151
摘要: In one apparatus, a number of obfuscated programming instructions is provided to perform integrity verification on a number of other plain text programming instructions. In another apparatus, a number of obfuscated programming instructions is provided to self-verify an invocation of the obfuscated programming instructions is not originated from an intruder.
摘要翻译: 在一种装置中,提供了许多模糊编程指令以对许多其他纯文本编程指令执行完整性验证。 在另一种装置中,提供了许多混淆的编程指令来自我验证,混淆编程指令的调用不是源于入侵者。
-
公开(公告)号:US06175925B1
公开(公告)日:2001-01-16
申请号:US08924167
申请日:1997-09-05
申请人: Joseph M. Nardone , Richard P. Mangold , Jody L. Pfotenhauer , Keith L. Shippy , David W. Aucsmith , Richard L. Maliszewski , Gary L. Graunke
发明人: Joseph M. Nardone , Richard P. Mangold , Jody L. Pfotenhauer , Keith L. Shippy , David W. Aucsmith , Richard L. Maliszewski , Gary L. Graunke
IPC分类号: G06F1130
CPC分类号: G11B20/00086 , G06F12/1408 , G06F21/10 , G06F21/14 , G06F21/52 , G06F21/57 , G06F21/79 , G06F2221/2107 , G06F2221/2135 , G06F2221/2151
摘要: In one apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a descrambler that descrambles scrambled content to generate descrambled content. In another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an authenticator that provides appropriate authentication challenges to a scrambled content provider, and generates appropriate authentication responses to authentication challenges from the scrambled content provider. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an integrity verifier that performs integrity verification on a decoder. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a secrets holder that holds a number of secrets associated with playing scrambled contents.
摘要翻译: 在一种装置中,提供了一组编程指令的纯文本和混淆单元,以实现解扰器,其解扰加扰的内容以产生解扰的内容。 在另一种装置中,提供了一组编程指令的明文和混淆单元,以实现向加扰的内容提供商提供适当的认证挑战的认证器,并从加扰的内容提供商产生对认证挑战的适当认证响应。 在又一设备中,提供了一组编程指令的纯文本和混淆单元,以实现在解码器上执行完整性验证的完整性验证器。 在另一装置中,提供一组编程指令的明文和混淆单元,以实现保存与播放加扰内容相关联的多个秘密的秘密持有者。
-
6.发明授权
公开(公告)号:US6021487A
公开(公告)日:2000-02-01
申请号:US768069
申请日:1996-12-16
CPC分类号: G06F9/3001 , G06F5/01 , G06F9/30072 , G06F7/49978
摘要: A method and apparatus to divide a signed integer by a constant power of two using conditionally-executed instructions to choose between a first result in the event that the dividend is a negative signed integer and a second result in the event that the dividend is a positive signed integer, wherein values associated with the first result and the second result are generated simultaneously.
摘要翻译: 一种使用有条件执行的指令将有符号整数除以2的恒定幂的方法和装置,以在股利为负的有符号整数的事件中的第一个结果和在股息为正的情况下的第二个结果之间进行选择 有符号整数,其中与第一结果和第二结果相关联的值同时生成。
-
公开(公告)号:US07140005B2
公开(公告)日:2006-11-21
申请号:US09764725
申请日:2001-01-17
CPC分类号: G06F11/3688 , G06F21/54
摘要: A data processing device associates a test module with a sequence of instructions, the test module producing a test result by performing a test on a sequence of instructions. In the sequence of instructions, a first instruction comprising a target address is replaced with a second instruction having an instruction address in the sequence, the second instruction to transfer control to the test module. The target address is stored within an encrypted table, and the test module locates the target address in the table and transfers control to the target address when the test result indicates the sequence of instructions may proceed.
摘要翻译: 数据处理装置将测试模块与指令序列相关联,测试模块通过对指令序列执行测试来产生测试结果。 在指令序列中,包括目标地址的第一指令被替换为具有序列中的指令地址的第二指令,第二指令将控制转移到测试模块。 目标地址存储在加密表中,测试模块将目标地址定位在表中,并且当测试结果指示指令序列可以进行时,将控制转移到目标地址。
-
公开(公告)号:US07073200B2
公开(公告)日:2006-07-04
申请号:US09769155
申请日:2001-01-24
CPC分类号: H04N21/44029 , H04N7/1675 , H04N21/23439 , H04N21/4405 , H04N21/8106
摘要: Providing secure content-based user experience enhancement in a player device for rendering digital content includes accepting encrypted digital content, decrypting the encrypted digital content into decrypted digital content, downsampling the decrypted digital content into downsampled digital content; and processing the downsampled digital content by an enhancement module to provide the user experience enhancement. The system protects content being rendered by a player application even when the content is also sent to an enhancement module such as a plug-in. The original content is protected by only transferring a version of the content to the enhancement module that is downsampled. That is, the original high fidelity, high value content is never transferred to the untrusted enhancement module. Instead, the content is downsampled into a lower fidelity form that it is still useful for the purposes of enhancement module processing, but is not useful or desirable for other purposes (such as normal rendering of the content for enjoyment by the user).
-
9.发明授权
公开(公告)号:US6049609A
公开(公告)日:2000-04-11
申请号:US906693
申请日:1997-08-06
CPC分类号: G06F21/79
摘要: In one embodiment, the present invention includes a method of storing and retrieving data. The method includes performing mutations of a cell array in a mutation cycle until a storage phase is reached. The data is stored in storage regions of the cell array at the storage phase. The cell array is mutated through additional phases and the data stored in the cell array during the storage phase and is encrypted by the mutations through the additional phases. In response to a retrieval request, mutations continue until a retrieval phase is reached and the data is decrypted. In various embodiments, the invention includes a computer-readable medium, a binary structure, a system, and a method of creating a cell array.
摘要翻译: 在一个实施例中,本发明包括一种存储和检索数据的方法。 该方法包括在突变周期中执行细胞阵列的突变,直到达到储存阶段。 数据在存储阶段存储在单元阵列的存储区域中。 细胞阵列在存储阶段通过附加阶段和存储在细胞阵列中的数据进行突变,并通过附加阶段的突变进行加密。 响应于检索请求,突变持续到达到检索阶段并且数据被解密。 在各种实施例中,本发明包括计算机可读介质,二进制结构,系统和创建单元阵列的方法。
-
10.发明授权Method for securely distributing a conditional use private key to a trusted entity on a remote system 失效将条件使用私钥安全地分发到远程系统上的受信任实体的方法
公开(公告)号:US5991399A
公开(公告)日:1999-11-23
申请号:US993597
申请日:1997-12-18
CPC分类号: G06F21/34 , G06F21/10 , G06Q20/3829 , G11B20/00086 , G11B20/0021 , G06F2211/008
摘要: Secure distribution of a private key to a user's application program (also called a "trusted player" such as a DVD player or CD-ROM player) with conditional access based on verification of the trusted player's integrity and authenticity is provided. Once validated, the trusted player uses the private key to decrypt encrypted digital content. The private key is dynamically generated, associated with specific digital content, and communicated in real-time from a server to the trusted player in a secure manner, thereby controlling access to encrypted digital content. The key is wrapped into an executable tamper resistant key module in which the key can only be used by the right trusted player as determined by the server based on user requests and payment. The key module plugs in to the trusted player and executes to validate the player and decrypt the content. The integrity of the trusted player is correlated to its ability to perform a cryptographic operation using an asymmetric key pair in a manner that is tamper resistant, thereby preventing an unencrypted copy of digital content to be made.
摘要翻译: 提供了一种基于对可靠玩家的完整性和真实性的验证,将私钥安全地分配给具有条件访问的用户应用程序(也称为“受信任的玩家”,例如DVD播放器或CD-ROM播放器)。 经过验证,受信任的播放器使用私钥来解密加密的数字内容。 私钥是动态生成的,与特定数字内容相关联,并且以安全的方式从服务器到受信任的播放器实时地进行传送,从而控制对加密的数字内容的访问。 密钥被包装成可执行的防篡改密钥模块,其中密钥只能由由服务器根据用户请求和支付确定的正确的受信任的玩家使用。 关键模块插入信任的播放器,执行验证播放器并对内容进行解密。 可信任的播放器的完整性与其以防篡改的方式使用非对称密钥对执行密码操作的能力相关联,从而防止制作数字内容的未加密的副本。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.019 秒)
