-
公开(公告)号:US20050039031A1
公开(公告)日:2005-02-17
申请号:US10767868
申请日:2004-01-28
申请人: Marco Mont , Keith Harrison , Martin Sadler , Siani Pearson
发明人: Marco Mont , Keith Harrison , Martin Sadler , Siani Pearson
CPC分类号: H04L63/0435 , H04L9/083 , H04L9/3073 , H04L63/062 , H04L2209/56 , H04L2209/68 , H04L2209/76
摘要: When sending personal data to a recipient, the data owner encrypts the data using both a public data item provided by a trusted party and an encryption key string formed using at least policy data indicative of conditions to be satisfied before access is given to the personal data. The encryption key string is typically also provided to the recipient along with the encrypted personal data. To decrypt the personal data, the recipient sends the encryption key string to the trusted party with a request for the decryption key. The trusted party determines the required decryption key using the encryption key string and private data used in deriving its public data, and provides it to the requesting recipient. However, the decryption key is either not determined or not made available until the trusted party is satisfied that the associated policy conditions have been met by the recipient.
摘要翻译: 当向收件人发送个人数据时,数据所有者使用由受信任方提供的公共数据项和至少指示在将个人数据访问之前要满足的条件的策略数据形成的加密密钥串来加密数据 。 加密密钥字符串通常也与加密的个人数据一起提供给接收者。 为了解密个人数据,接收方通过请求解密密钥将加密密钥字符串发送给信任方。 可信方使用加密密钥串和用于导出其公共数据的私有数据来确定所需的解密密钥,并将其提供给请求的接收者。 然而,解密密钥在被信任方满足接收者已经满足相关联的策略条件之前,未被确定或不被提供。
-
公开(公告)号:US20060190986A1
公开(公告)日:2006-08-24
申请号:US11335877
申请日:2006-01-20
申请人: Marco Mont , Siani Pearson
发明人: Marco Mont , Siani Pearson
IPC分类号: H04L9/00
CPC分类号: H04L63/0407 , H04L9/083 , H04L41/0893 , H04L63/0428 , H04L63/10 , H04L63/102 , H04L67/32
摘要: A computer network has a number of resources. One or more trusted localisation provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localisation provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.
摘要翻译: 计算机网络具有许多资源。 一个或多个受信任的本地化提供商证明资源的位置。 加密数据与定义用于选择的数据和元数据的隐私策略的策略包密切相关。 值得信赖的隐私服务强制执行隐私政策。 信任的隐私服务被设置为向资源提供密钥以允许该资源处理数据,如果可信赖的隐私服务从可信定位提供者确定认证该资源的位置和其他上下文信息,该隐私策略允许处理数据 在该位置的资源上。
-
公开(公告)号:US20050251865A1
公开(公告)日:2005-11-10
申请号:US10972144
申请日:2004-10-25
申请人: Marco Mont , Siani Pearson , Peter Bramhall
发明人: Marco Mont , Siani Pearson , Peter Bramhall
CPC分类号: H04L9/3073 , G06F21/6245 , G06F2221/2107 , H04L2209/16
摘要: A data privacy management system includes a data repository, a private data mediating system and a privacy manager. The data repository stores private data items in an obfuscated form. Each private data item has associated privacy policy data a defining conditions to be met to ensure the privacy of the data item. A private data mediating system communicates with the privacy manager to obtain de-obfuscated private data items that are extracted from the data repository 10. De-obfuscation of the data 51, 53 is subject to satisfaction of the privacy manager that the respective conditions ensuring privacy of the data item are met.
摘要翻译: 数据隐私管理系统包括数据存储库,专用数据中介系统和隐私管理器。 数据存储库以混淆形式存储私人数据项。 每个私有数据项都具有相关联的隐私策略数据,定义要满足的条件以确保数据项的隐私。 私有数据中介系统与隐私管理器进行通信,以获得从数据储存库10提取的去混淆的私有数据项。 对数据51,53的去模糊化使得隐私管理者满意地确保满足数据项的隐私的各个条件。
-
公开(公告)号:US20060031790A1
公开(公告)日:2006-02-09
申请号:US11249820
申请日:2005-10-12
申请人: Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
发明人: Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal. Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US08655827B2
公开(公告)日:2014-02-18
申请号:US12608878
申请日:2009-10-29
申请人: Siani Pearson , Tomas Sander , Prasad V. Rao
发明人: Siani Pearson , Tomas Sander , Prasad V. Rao
CPC分类号: G06N5/04
摘要: A questionnaire generation process presents a first subset from a set of questions of the questionnaire and receives first answers from a user. The first answers are used to determine whether the first answers are sufficient to give definite values to conditions of first rules, wherein the first rules have conditions for providing output. When the first answers are not sufficient, the conditions of the first rules can be used to identify a second subset of the questions, wherein the second subset of questions has second answers such that a combination of the first and second answers is sufficient to give definite values to the respective conditions of the first rules, and the second subset of questions can be presented to the user.
摘要翻译: 问卷生成过程从问卷的一组问题中呈现第一子集,并从用户接收第一答案。 第一个答案用于确定第一个答案是否足以给出第一个规则的条件的确定值,其中第一个规则具有提供输出的条件。 当第一答案不足时,第一规则的条件可用于识别问题的第二子集,其中问题的第二子集具有第二答案,使得第一和第二答案的组合足以给出明确的 可以向用户呈现第一规则的相应条件的值,以及问题的第二子集。
-
公开(公告)号:US20050060568A1
公开(公告)日:2005-03-17
申请号:US10896427
申请日:2004-07-22
CPC分类号: H04L63/0823 , G06F21/10 , G06F21/57 , G06F21/6209 , H04L63/126 , H04L2463/101
摘要: A method of controlling access to data comprises: a) in a first platform wrapping selected data content and at least one information flow control policy in a software wrapper; b) interrogating a second platform for compliance with a trusted platform specification; c) on successful interrogation of the second platform, sending the wrapped data content to the second platform; and d) unwrapping the wrapped data content within the trusted environment of the second platform for use.
摘要翻译: 控制对数据的访问的方法包括:a)在第一平台中,在软件包装器中包装所选择的数据内容和至少一个信息流控制策略; b)询问第二平台以符合受信任的平台规范; c)在成功询问第二平台时,将包裹的数据内容发送到第二平台; 以及d)在所述第二平台的受信任环境内解包所述包装的数据内容以供使用。
-
公开(公告)号:US20050060561A1
公开(公告)日:2005-03-17
申请号:US10894678
申请日:2004-07-20
CPC分类号: G06F21/57 , G06F21/6209 , G06F21/6245 , G06F2221/2141 , G06F2221/2153
摘要: A method of protecting a user's data comprises: a) wrapping data content to be sent to a third party computing platform in a compound software wrapper; b) interrogating the third party computing platform for compliance with a trusted platform specification; c) on successful interrogation of the third party computing platform, transmitting the data content wrapped in the compound wrapper to the third party computing platform; d) unwrapping the compound software wrapper on the third party computing platform; e) wherein the third party computing platform treats the data content in conformity with a compound policy forming part of the software wrapper which compound policy specifies how the data content may be used.
摘要翻译: 一种保护用户数据的方法包括:a)将要发送到复合软件包装器中的第三方计算平台的数据内容进行包装; b)询问第三方计算平台以符合受信任的平台规范; c)在成功询问第三方计算平台时,将复合包装中包含的数据内容传送到第三方计算平台; d)在第三方计算平台上展开复合软件包装器; e)其中第三方计算平台根据形成软件包装器的一部分的复合策略来对待数据内容,该复合策略指定如何使用数据内容。
-
公开(公告)号:US20140096188A1
公开(公告)日:2014-04-03
申请号:US14118847
申请日:2011-06-16
申请人: Marco Casassa Mont , Siani Pearson , Pete Bramhall
发明人: Marco Casassa Mont , Siani Pearson , Pete Bramhall
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/604 , G06Q10/06311 , G06Q10/0637
摘要: One example provides a collaborative policy refinement service to aggregate policy inputs from organizational layers and to generate security policies that are consistent across the organizational layers. This includes an interactive policy component to facilitate collaborative interaction between the organizational layers and to facilitate determination of the security policies.
摘要翻译: 一个例子提供了一个协作策略细化服务来聚合来自组织层的策略输入,并生成在组织层之间一致的安全策略。 这包括一个交互式政策组件,以促进组织层之间的协作互动,并有助于确定安全策略。
-
9.发明申请METHODS, APPARATUS AND SYSTEMS FOR MONITORING LOCATIONS OF DATA WITHIN A NETWORK SERVICE 有权用于监控网络服务中数据位置的方法,装置和系统公开(公告)号:US20130159723A1
公开(公告)日:2013-06-20
申请号:US13818850
申请日:2010-09-23
申请人: Marc Brandt , Siani Pearson , Sharad Singhal
发明人: Marc Brandt , Siani Pearson , Sharad Singhal
CPC分类号: H04L43/08 , G06F21/6218 , G06F2221/2101 , G06F2221/2111 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L67/1097 , H04L69/40
摘要: In one embodiment, a data set is received at a network service element of a network service, a location record for that data set is generated, and the location record is sent to a location registry within the network service to monitored locations of that data set within a network service. The network service element is operatively coupled to a communications link. The location record is generated based on a portion of the data set and a cryptographic key associated with the network service element. The location record uniquely identifies the presence of the data set at the network service element.
摘要翻译: 在一个实施例中,在网络服务的网络服务元件处接收数据集,生成该数据集的位置记录,并且将位置记录发送到网络服务中的位置注册表,以监视该数据集的位置 在网络服务中。 网络服务元件可操作地耦合到通信链路。 位置记录基于数据集的一部分和与网络服务元素相关联的加密密钥生成。 位置记录唯一地标识在网络服务元件处的数据集的存在。
-
公开(公告)号:US20130117075A1
公开(公告)日:2013-05-09
申请号:US13289747
申请日:2011-11-04
申请人: Richard Brown , Marco Casassa Mont , Kieran Mccorry , Nikolaos Papanikolaou , Siani Pearson , Prasad V Rao , Tomas Sander
发明人: Richard Brown , Marco Casassa Mont , Kieran Mccorry , Nikolaos Papanikolaou , Siani Pearson , Prasad V Rao , Tomas Sander
IPC分类号: G06Q10/06
CPC分类号: G06Q10/06
摘要: Compliance of a project is assessed by generating a graph including nodes representing attributes of the project, and populating a subset of nodes in the graph with attribute values of the project. A rule applicable to the subset of nodes is identified and applied to determine whether the attribute values comply with the rule.
摘要翻译: 通过生成包括表示项目属性的节点的图表,并使用项目的属性值填充图中的节点子集来评估项目的合规性。 识别并应用适用于节点子集的规则,以确定属性值是否符合规则。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.03 秒)
