-
公开(公告)号:US09183406B2
公开(公告)日:2015-11-10
申请号:US13012573
申请日:2011-01-24
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用公钥加密来生成包含数据的密文,只有满足一个或多个条件,才允许从密文获得数据。 根据另一方面,从调用程序接收位串。 使用公钥解密解密比特串中的数据,只有满足包含在比特串中的一个或多个条件时才返回给调用程序。
-
公开(公告)号:US08601286B2
公开(公告)日:2013-12-03
申请号:US13015440
申请日:2011-01-27
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F12/14
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译: 根据某些方面,接收数据并生成并输出数字签名。 数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件,或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名 一个或多个处理器。
-
公开(公告)号:US07975117B2
公开(公告)日:2011-07-05
申请号:US10741629
申请日:2003-12-19
IPC分类号: G06F13/00
CPC分类号: G06F21/78 , G06F12/1425 , G06F12/1483
摘要: Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译: 多个客户机操作系统在计算机上运行,其中安全内核在客户机操作系统之间执行隔离策略。 排除向量定义了一组不能被直接存储器访问(DMA)设备访问的页面。 安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。 因此,允许来宾操作系统中的设备驱动程序直接控制DMA设备,而不会对这些设备进行虚拟化,同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。
-
公开(公告)号:US20090313397A1
公开(公告)日:2009-12-17
申请号:US12348487
申请日:2009-01-05
申请人: Paul England , Kenneth D. Ray , Marcus Peinado , John C. Dunn , Glen Slick , Bryan Willman
发明人: Paul England , Kenneth D. Ray , Marcus Peinado , John C. Dunn , Glen Slick , Bryan Willman
IPC分类号: G06F13/28
CPC分类号: G06F12/1408 , G06F3/065 , G06F13/28 , G06F13/362 , G06F13/4282 , G06F21/606 , G06F21/72 , G06F21/73 , G06F21/78 , G06F21/85 , G06F2212/1052 , G06F2221/0704 , G06F2221/2105 , G06F2221/2129 , G06F2221/2147 , G06F2221/2153
摘要: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
摘要翻译: 下面描述的各种实施例旨在从在USB总线上操作的I / O设备到主机(例如安全软件应用或安全内核)上执行的软件提供经认证和保密的消息传递。 这些实施例可以防止在主计算机上执行的软件所征收的攻击。 在一些实施例中,提供了安全的功能部件或模块,并且可以使用加密技术来提供对USB数据的观察和操纵的保护。 在其他实施例中,USB数据可以通过不被利用(或不需要利用)加密技术的技术来保护。 根据这些实施例,USB设备可以被指定为“安全”,因此,可以通过USB向这些指定设备发送和从这些指定设备发送的数据提供到受保护的存储器中。 可以利用内存间接技术来确保进出安全设备的数据受到保护。
-
公开(公告)号:US07587589B2
公开(公告)日:2009-09-08
申请号:US11557641
申请日:2006-11-08
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: H04L29/06
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用对称密码,以允许只有一个或多个目标程序能够从密文获得数据的方式生成包含数据的密文。 根据其他方面,从呼叫程序接收到位串。 检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。 还验证数据的完整性,并使用对称密钥对数据进行解密。 只有当主叫程序被允许访问数据并且数据的完整性被成功验证时,才将数据返回给调用程序。
-
6.发明授权公开(公告)号:US07243230B2
公开(公告)日:2007-07-10
申请号:US09993340
申请日:2001-11-16
申请人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F21/606
摘要: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
摘要翻译: 在受信任的操作系统环境中传送应用程序秘密涉及接收将应用数据从源计算设备传送到目的地计算设备的请求。 检查应用数据是否可以传送到目的地计算设备,如果是,可以在用户或第三方的控制下传送应用数据。 如果这些检查成功,还要检查目的地计算设备是否是运行已知可靠软件的值得信赖的设备。 还从适当的用户或第三方接收输入以控制将应用数据传送到目的地计算设备。 此外,应用数据以便于确定是否可以传送应用数据的方式存储在源计算设备上,并且如果可以传送应用数据便于传送应用数据。
-
7.发明授权Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client 失效在数字版权管理客户端保护解密的压缩内容和解密的解密内容公开(公告)号:US07203313B2
公开(公告)日:2007-04-10
申请号:US11176661
申请日:2005-07-07
CPC分类号: G06F21/10
摘要: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.
摘要翻译: 防止正在呈现内容的解压缩数字内容的盗窃。 检测到请求的内容呈现的减慢。 检测到相对大量数据的传输。 检测到基于重新压缩的请求的内容呈现的减慢。 检测到重新压缩内容的再压缩。 在每种情况下,检测到的活动大概是由试图窃取内容的内容窃贼发起的。 在每种情况下,检测到的活动都以一种旨在阻止内容窃贼窃取内容的推定尝试的方式作出回应。
-
公开(公告)号:US07203310B2
公开(公告)日:2007-04-10
申请号:US10124922
申请日:2002-04-18
申请人: Paul England , Marcus Peinado , Nicholas P. Wilt
发明人: Paul England , Marcus Peinado , Nicholas P. Wilt
IPC分类号: H04N7/167
摘要: Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.
摘要翻译: 提供了与计算设备的图形子系统相关联地加密地保护安全内容的方法和系统。 实现技术来加密视频存储器的内容,使得未经授权的软件不能获得对其的有意义的访问,从而保持机密性。 此外,提供用于篡改检测的机制,使得当数据以某种方式被改变时,意识到,从而保持完整性。 在各种实施例中,覆盖表面和/或命令缓冲器的内容被加密,和/或GPU能够对加密内容进行操作,同时防止其对不信任方,设备或软件的可用性。
-
公开(公告)号:US07137004B2
公开(公告)日:2006-11-14
申请号:US09993370
申请日:2001-11-16
申请人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号: H04L9/00
摘要: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
-
公开(公告)号:US20060212363A1
公开(公告)日:2006-09-21
申请号:US11353321
申请日:2006-02-13
申请人: Marcus Peinado , Rajasekhar Abburi , Arnold Blinn , Thomas Jones , John Manferdelli , Jeffrey Bell , Ramaranthnam Venkatesan , Paul England , Mariusz Jakubowski , Hai Yu
发明人: Marcus Peinado , Rajasekhar Abburi , Arnold Blinn , Thomas Jones , John Manferdelli , Jeffrey Bell , Ramaranthnam Venkatesan , Paul England , Mariusz Jakubowski , Hai Yu
IPC分类号: G06Q30/00
CPC分类号: H04L63/0442 , G06F21/10 , G06F21/71 , G06F21/84 , G06F2211/007 , G06F2221/0797 , G06F2221/2105 , G06F2221/2137 , G06Q30/06 , G06Q30/0601 , G07F11/002 , H04L63/068 , H04L63/0823 , H04L63/12 , H04L2463/101
摘要: To render digital content determined to be in an encrypted rights-protected form, each available license corresponding to the digital content to be rendered is identified, where each such license includes a decryption key (KD) for decrypting the digital content to be rendered, and where the decryption key (KD) in the license is encrypted according to a public key (PU) (PU(KD)). One of the identified licenses is selected and (KD) is obtained from the selected license by obtaining (PU(KD)) from the selected license and decrypting (PU(KD)) according to a private key (PR) corresponding to (PU) to produce (KD). The digital content is decrypted with (KD), and the decrypted digital content is provided for actual rendering.
摘要翻译: 为了确定被确定为加密的受保护版权形式的数字内容,识别与要呈现的数字内容相对应的每个可用许可证,其中每个这样的许可证包括用于解密要呈现的数字内容的解密密钥(KD),以及 其中许可证中的解密密钥(KD)根据公共密钥(PU)(PU(KD))被加密)。 通过从所选许可证获得(PU(KD))并根据对应于(PU)的私钥(PR)解密(PU(KD)),从所选许可证中获得(KD) 生产(KD)。 数字内容用(KD)解密,解密的数字内容被提供用于实际渲染。
-
-
-
-
-
-
-
-
-
搜索结果
159 条记录 (耗时 0.043 秒)
