利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

9 条记录 (耗时 0.034 秒)

    Method and system for memory protection and security using credentials
    4.
    发明授权
    Method and system for memory protection and security using credentials 失效
    用于内存保护和安全使用凭证的方法和系统

    公开(公告)号:US07757280B2

    公开(公告)日:2010-07-13

    申请号:US11333066

    申请日:2006-01-17

    申请人: Michael Backes Shmuel Ben-Yehuda Jan Leonhard Camenisch Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III Michael Waidner

    发明人: Michael Backes Shmuel Ben-Yehuda Jan Leonhard Camenisch Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III Michael Waidner

    IPC分类号: G06F21/00 H04L12/14

    CPC分类号: G06F12/1433 G06F12/1441 G06F12/1466

    摘要: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.

    摘要翻译: 提供了一种用于保护存储器的计算机实现的方法。 该方法包括响应于从消费者接收的用于从IO设备到存储器的数据交易的直接存储器访问(DMA)请求,该请求包括IO命令和能力(CAP),生成加密签名的能力(CAPB ),从CAP和CAPB形成证书,将凭证附加到IO命令,根据凭证和IO命令配置IO设备,将数据从IO设备发送到存储器,并且在允许执行DMA之前, 认证证书是有效的,还包括从认证实体和CAP(包括在CAPB中)的可用密钥中重新生成CAPB,并验证以加密签名能力描述的存储器区域信息是否与被请求的区域相同 最初创建,并且加密签名的功能包含IO命令。

    Method and system for protection and security of IO devices using credentials
    7.
    发明授权
    Method and system for protection and security of IO devices using credentials 有权
    使用凭证的IO设备的保护和安全的方法和系统

    公开(公告)号:US07925801B2

    公开(公告)日:2011-04-12

    申请号:US11333716

    申请日:2006-01-17

    申请人: Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    发明人: Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    IPC分类号: G06F3/00 G06F5/00

    CPC分类号: G06F21/85 G06Q20/3821

    摘要: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.

    摘要翻译: 提供了使用凭证的IO设备的保护和安全性的方法和系统。 该系统可以包括至少一个消费者,被安排为从IO设备发起IO请求,并且IO请求可以包括IO能力分配和附加参数。 该系统还可以包括IO资源管理器(IORM),其被配置为将IO能力分配和包括在所述IO请求中的附加参数转换成消费者或一组消费者的一组能力令牌以产生保护的全局密钥 能力标记,并进一步安排管理IO设备。 该系统还可以包括被配置为向IO设备传送和接收IO请求的信道组件。

    Method and system for protection and security of IO devices using credentials
    8.
    发明申请
    Method and system for protection and security of IO devices using credentials 有权
    使用凭证的IO设备的保护和安全的方法和系统

    公开(公告)号:US20070168299A1

    公开(公告)日:2007-07-19

    申请号:US11333716

    申请日:2006-01-17

    申请人: Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Smith

    发明人: Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Smith

    IPC分类号: G06Q99/00 H04L9/00

    CPC分类号: G06F21/85 G06Q20/3821

    摘要: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.

    摘要翻译: 提供了使用凭证的IO设备的保护和安全性的方法和系统。 该系统可以包括至少一个消费者,被安排为从IO设备发起IO请求,并且IO请求可以包括IO能力分配和附加参数。 该系统还可以包括IO资源管理器(IORM),其被配置为将IO能力分配和包括在所述IO请求中的附加参数转换成消费者或一组消费者的一组能力令牌以产生保护的全局密钥 能力标记,并进一步安排管理IO设备。 该系统还可以包括被配置为向IO设备传送和接收IO请求的信道组件。

    Switching nodes and interface modules for data networks
    9.
    发明授权
    Switching nodes and interface modules for data networks 有权
    用于数据网络的交换节点和接口模块

    公开(公告)号:US06996116B2

    公开(公告)日:2006-02-07

    申请号:US09991295

    申请日:2001-11-21

    申请人: Ton Engbersen Ronald P. Luijten

    发明人: Ton Engbersen Ronald P. Luijten

    IPC分类号: H04L12/56

    CPC分类号: H04L49/25 H04L49/10 H04L49/30 H04L49/351

    摘要: An interface module is provided for connecting a data communications link to a switching node, comprising a plurality of other interface modules, of a data communications network. The interface module has at least one external port for connection to a data communications link, and a plurality of internal ports for connection to respective internal ports of the switching node. A link interface is connected to the external port for processing inbound and outbound data. A switch circuit is connected between the link interface and the internal ports of the module for transmission of data between the internal ports and to the link interface. The module includes a controller for controlling routing of data via the internal ports in accordance with an intra-node routing protocol. Switching nodes comprising a plurality of interface modules, and optionally one or more switching modules, are provided.

    摘要翻译: 提供了一种用于将数据通信链路连接到包括数据通信网络的多个其他接口模块的交换节点的接口模块。 接口模块具有用于连接到数据通信链路的至少一个外部端口和用于连接到交换节点的相应内部端口的多个内部端口。 链路接口连接到外部端口,用于处理入站和出站数据。 链路接口和模块的内部端口之间连接有一个开关电路,用于在内部端口和链路接口之间传输数据。 该模块包括控制器,用于根据节点间路由协议控制经由内部端口的数据路由。 提供包括多个接口模块和可选地一个或多个交换模块的交换节点。