-
公开(公告)号:US20120290850A1
公开(公告)日:2012-11-15
申请号:US13106719
申请日:2011-05-12
申请人: Marc Brandt , Fred A. Cummins , Siani Pearson , Sharad Singhal
发明人: Marc Brandt , Fred A. Cummins , Siani Pearson , Sharad Singhal
IPC分类号: G06F21/22
CPC分类号: G06F21/6218 , G06F21/575 , G06F2221/2141 , H04L63/0428 , H04L63/08 , H04L63/10
摘要: In one implementation, encrypted data and a virtual machine are stored together as a virtual machine-data image, wherein the virtual machine is configured to EXERT management control over the data based on policies set by an owner of the data. In another implementation, metadata defining or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified.
摘要翻译: 在一个实现中,加密数据和虚拟机一起存储为虚拟机数据映像,其中虚拟机被配置为基于数据所有者设置的策略对数据执行EXERT管理控制。 在另一实现中,用于数据使用的定义或标记策略的元数据与数据相关联。 服务提供商的控制功能被映射到策略,其中确定最能满足映射到策略的控件的那些服务提供商环境。
-
公开(公告)号:US08850593B2
公开(公告)日:2014-09-30
申请号:US13106719
申请日:2011-05-12
申请人: Marc Brandt , Fred A. Cummins , Siani Pearson , Sharad Singhal
发明人: Marc Brandt , Fred A. Cummins , Siani Pearson , Sharad Singhal
CPC分类号: G06F21/6218 , G06F21/575 , G06F2221/2141 , H04L63/0428 , H04L63/08 , H04L63/10
摘要: In one implementation, encrypted data and a virtual machine are stored together as a virtual machine-data image, wherein the virtual machine is configured to EXERT management control over the data based on policies set by an owner of the data. In another implementation, metadata defining or tagging policies for usage of data is associated with the data. Control capabilities of service providers are mapped to the policies, wherein those service provider environments that best satisfy the controls mapped to the policies are identified.
摘要翻译: 在一个实现中,加密数据和虚拟机一起存储为虚拟机数据映像,其中虚拟机被配置为基于数据所有者设置的策略对数据执行EXERT管理控制。 在另一实现中,用于数据使用的定义或标记策略的元数据与数据相关联。 服务提供商的控制功能被映射到策略,其中确定最能满足映射到策略的控件的那些服务提供商环境。
-
3.发明申请METHODS, APPARATUS AND SYSTEMS FOR MONITORING LOCATIONS OF DATA WITHIN A NETWORK SERVICE 有权用于监控网络服务中数据位置的方法,装置和系统公开(公告)号:US20130159723A1
公开(公告)日:2013-06-20
申请号:US13818850
申请日:2010-09-23
申请人: Marc Brandt , Siani Pearson , Sharad Singhal
发明人: Marc Brandt , Siani Pearson , Sharad Singhal
CPC分类号: H04L43/08 , G06F21/6218 , G06F2221/2101 , G06F2221/2111 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L67/1097 , H04L69/40
摘要: In one embodiment, a data set is received at a network service element of a network service, a location record for that data set is generated, and the location record is sent to a location registry within the network service to monitored locations of that data set within a network service. The network service element is operatively coupled to a communications link. The location record is generated based on a portion of the data set and a cryptographic key associated with the network service element. The location record uniquely identifies the presence of the data set at the network service element.
摘要翻译: 在一个实施例中,在网络服务的网络服务元件处接收数据集,生成该数据集的位置记录,并且将位置记录发送到网络服务中的位置注册表,以监视该数据集的位置 在网络服务中。 网络服务元件可操作地耦合到通信链路。 位置记录基于数据集的一部分和与网络服务元素相关联的加密密钥生成。 位置记录唯一地标识在网络服务元件处的数据集的存在。
-
4.发明授权Methods, apparatus and systems for monitoring locations of data within a network service 有权用于监视网络服务内数据位置的方法,装置和系统公开(公告)号:US09166893B2
公开(公告)日:2015-10-20
申请号:US13818850
申请日:2010-09-23
申请人: Marc Brandt , Siani Pearson , Sharad Singhal
发明人: Marc Brandt , Siani Pearson , Sharad Singhal
CPC分类号: H04L43/08 , G06F21/6218 , G06F2221/2101 , G06F2221/2111 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L67/1097 , H04L69/40
摘要: In one embodiment, a data set is received at a network service element of a network service, a location record for that data set is generated, and the location record is sent to a location registry within the network service to monitored locations of that data set within a network service. The network service element is operatively coupled to a communications link. The location record is generated based on a portion of the data set and a cryptographic key associated with the network service element. The location record uniquely identifies the presence of the data set at the network service element.
摘要翻译: 在一个实施例中,在网络服务的网络服务元件处接收数据集,生成该数据集的位置记录,并且将位置记录发送到网络服务中的位置注册表,以监视该数据集的位置 在网络服务中。 网络服务元件可操作地耦合到通信链路。 位置记录基于数据集的一部分和与网络服务元素相关联的加密密钥生成。 位置记录唯一地标识在网络服务元件处的数据集的存在。
-
公开(公告)号:US20060190986A1
公开(公告)日:2006-08-24
申请号:US11335877
申请日:2006-01-20
申请人: Marco Mont , Siani Pearson
发明人: Marco Mont , Siani Pearson
IPC分类号: H04L9/00
CPC分类号: H04L63/0407 , H04L9/083 , H04L41/0893 , H04L63/0428 , H04L63/10 , H04L63/102 , H04L67/32
摘要: A computer network has a number of resources. One or more trusted localisation provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localisation provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.
摘要翻译: 计算机网络具有许多资源。 一个或多个受信任的本地化提供商证明资源的位置。 加密数据与定义用于选择的数据和元数据的隐私策略的策略包密切相关。 值得信赖的隐私服务强制执行隐私政策。 信任的隐私服务被设置为向资源提供密钥以允许该资源处理数据,如果可信赖的隐私服务从可信定位提供者确定认证该资源的位置和其他上下文信息,该隐私策略允许处理数据 在该位置的资源上。
-
公开(公告)号:US20060031790A1
公开(公告)日:2006-02-09
申请号:US11249820
申请日:2005-10-12
申请人: Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
发明人: Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal. Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US08655827B2
公开(公告)日:2014-02-18
申请号:US12608878
申请日:2009-10-29
申请人: Siani Pearson , Tomas Sander , Prasad V. Rao
发明人: Siani Pearson , Tomas Sander , Prasad V. Rao
CPC分类号: G06N5/04
摘要: A questionnaire generation process presents a first subset from a set of questions of the questionnaire and receives first answers from a user. The first answers are used to determine whether the first answers are sufficient to give definite values to conditions of first rules, wherein the first rules have conditions for providing output. When the first answers are not sufficient, the conditions of the first rules can be used to identify a second subset of the questions, wherein the second subset of questions has second answers such that a combination of the first and second answers is sufficient to give definite values to the respective conditions of the first rules, and the second subset of questions can be presented to the user.
摘要翻译: 问卷生成过程从问卷的一组问题中呈现第一子集,并从用户接收第一答案。 第一个答案用于确定第一个答案是否足以给出第一个规则的条件的确定值,其中第一个规则具有提供输出的条件。 当第一答案不足时,第一规则的条件可用于识别问题的第二子集,其中问题的第二子集具有第二答案,使得第一和第二答案的组合足以给出明确的 可以向用户呈现第一规则的相应条件的值,以及问题的第二子集。
-
公开(公告)号:US20050060568A1
公开(公告)日:2005-03-17
申请号:US10896427
申请日:2004-07-22
CPC分类号: H04L63/0823 , G06F21/10 , G06F21/57 , G06F21/6209 , H04L63/126 , H04L2463/101
摘要: A method of controlling access to data comprises: a) in a first platform wrapping selected data content and at least one information flow control policy in a software wrapper; b) interrogating a second platform for compliance with a trusted platform specification; c) on successful interrogation of the second platform, sending the wrapped data content to the second platform; and d) unwrapping the wrapped data content within the trusted environment of the second platform for use.
摘要翻译: 控制对数据的访问的方法包括:a)在第一平台中,在软件包装器中包装所选择的数据内容和至少一个信息流控制策略; b)询问第二平台以符合受信任的平台规范; c)在成功询问第二平台时,将包裹的数据内容发送到第二平台; 以及d)在所述第二平台的受信任环境内解包所述包装的数据内容以供使用。
-
公开(公告)号:US20050060561A1
公开(公告)日:2005-03-17
申请号:US10894678
申请日:2004-07-20
CPC分类号: G06F21/57 , G06F21/6209 , G06F21/6245 , G06F2221/2141 , G06F2221/2153
摘要: A method of protecting a user's data comprises: a) wrapping data content to be sent to a third party computing platform in a compound software wrapper; b) interrogating the third party computing platform for compliance with a trusted platform specification; c) on successful interrogation of the third party computing platform, transmitting the data content wrapped in the compound wrapper to the third party computing platform; d) unwrapping the compound software wrapper on the third party computing platform; e) wherein the third party computing platform treats the data content in conformity with a compound policy forming part of the software wrapper which compound policy specifies how the data content may be used.
摘要翻译: 一种保护用户数据的方法包括:a)将要发送到复合软件包装器中的第三方计算平台的数据内容进行包装; b)询问第三方计算平台以符合受信任的平台规范; c)在成功询问第三方计算平台时,将复合包装中包含的数据内容传送到第三方计算平台; d)在第三方计算平台上展开复合软件包装器; e)其中第三方计算平台根据形成软件包装器的一部分的复合策略来对待数据内容,该复合策略指定如何使用数据内容。
-
公开(公告)号:US20140096188A1
公开(公告)日:2014-04-03
申请号:US14118847
申请日:2011-06-16
申请人: Marco Casassa Mont , Siani Pearson , Pete Bramhall
发明人: Marco Casassa Mont , Siani Pearson , Pete Bramhall
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/604 , G06Q10/06311 , G06Q10/0637
摘要: One example provides a collaborative policy refinement service to aggregate policy inputs from organizational layers and to generate security policies that are consistent across the organizational layers. This includes an interactive policy component to facilitate collaborative interaction between the organizational layers and to facilitate determination of the security policies.
摘要翻译: 一个例子提供了一个协作策略细化服务来聚合来自组织层的策略输入,并生成在组织层之间一致的安全策略。 这包括一个交互式政策组件,以促进组织层之间的协作互动,并有助于确定安全策略。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.029 秒)