-
公开(公告)号:US08386763B1
公开(公告)日:2013-02-26
申请号:US13343677
申请日:2012-01-04
申请人: Randall R. Spangler , William F. Richardson , Sumit Gwalani , Luigi Semenzato , William A. Drewry
发明人: Randall R. Spangler , William F. Richardson , Sumit Gwalani , Luigi Semenzato , William A. Drewry
IPC分类号: H04L29/14 , G06F15/177
CPC分类号: G06F21/54 , G06F9/4401 , G06F21/572 , G06F21/575 , G06F2221/033 , G06F2221/2141
摘要: A system and method is disclosed for locking down a capability of a computer system. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified. Each verified stage of boot code verifies a subsequent stage of boot code. If the subsequent stage of boot code cannot be verified, the verified stage locks a capability of the computer so that the subsequent stage of boot code cannot modify the capability.
摘要翻译: 公开了一种用于锁定计算机系统的能力的系统和方法。 硬件指令启动一系列引导周期,以在启用计算机的设备上启动计算机操作系统。 在引导周期期间,验证多级引导代码。 启动代码的每个验证阶段验证后续阶段的引导代码。 如果引导代码的后续阶段无法验证,则验证的阶段锁定计算机的能力,以便后续阶段的引导代码不能修改能力。
-
公开(公告)号:US20110087872A1
公开(公告)日:2011-04-14
申请号:US12903202
申请日:2010-10-12
申请人: Gaurav Shah , William Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
发明人: Gaurav Shah , William Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
IPC分类号: G06F9/00
CPC分类号: G06F21/575 , G06F21/554 , G06F21/64 , G06F21/74 , H04L9/30 , H04L9/3236 , H04L9/3247
摘要: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header do not match, the example method includes halting the boot process.
摘要翻译: 公开了用于验证计算系统的引导过程的方法和装置。 计算机实现的示例的示例包括在引导过程期间由计算系统读取计算系统的固件的读写部分的头部。 该示例方法还包括使用第一加密散列算法生成与该报头对应的消息摘要。 示例性方法还包括使用第一公开密钥来解密与该标题相对应的加密签名。 该示例方法还包括比较与该标题相对应的消息摘要和与标题对应的解密签名。 在与标题对应的消息摘要和与标题相对应的解密签名匹配的情况下,示例方法包括继续引导过程。 在与标题对应的消息摘要和与标题相对应的解密签名不匹配的情况下,示例方法包括暂停引导过程。
-
公开(公告)号:US08812854B2
公开(公告)日:2014-08-19
申请号:US12903202
申请日:2010-10-12
申请人: Gaurav Shah , William Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
发明人: Gaurav Shah , William Drewry , Randall Spangler , Ryan Tabone , Sumit Gwalani , Luigi Semenzato
CPC分类号: G06F21/575 , G06F21/554 , G06F21/64 , G06F21/74 , H04L9/30 , H04L9/3236 , H04L9/3247
摘要: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.
摘要翻译: 用于验证计算系统的引导过程的计算机实现的方法包括在引导过程期间由计算系统读取计算系统的固件的读写部分的标题部分。 该方法还包括使用第一加密散列算法生成与该报头相对应的消息摘要,以及使用第一公开密钥解密与报头对应的加密签名。 该方法还包括比较对应于报头的消息摘要和对应于报头的解密签名。 在与标题对应的消息摘要和对应于标题的解密签名匹配的情况下,继续引导过程。 在与标题相对应的消息摘要和与标题相对应的解密签名不匹配的情况下,启动过程被停止。
-
公开(公告)号:US08745612B1
公开(公告)日:2014-06-03
申请号:US13007390
申请日:2011-01-14
IPC分类号: G06F9/44
CPC分类号: G06F21/51 , G06F8/65 , G06F21/572
摘要: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.
摘要翻译: 为了提供安全的安装和执行软件环境,维护锁定的版本号。 可以存储与软件程序相关联的锁定版本号。 当接收到使用更新包更新软件程序的请求时,可以将更新包的包编号与锁定的版本号进行比较。 如果软件包号码至少与锁定版本号码一样,则可以使用更新软件包更新软件程序,并且如果软件包编号早于锁定的版本号,则可以限制具有更新软件包的软件程序的更新 。
-
公开(公告)号:US08326836B1
公开(公告)日:2012-12-04
申请号:US12835062
申请日:2010-07-13
CPC分类号: G06F17/30864 , G06F17/30424 , G06F17/30551 , G06F17/3087
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing time series information with search results. In one aspect, a method includes determining that a first query is indicative of a request for time series information; generating a cost estimate that quantifies one or more costs of including the time series information with one or more search results, each search result including a resource locator that references a corresponding resource determined to be responsive to the query; generating a benefit estimate; determining to generate the time series information when the benefit estimate is greater than the cost estimate and generating the time series information in response to the determination, wherein generating the time series information includes collecting responsive time series information from one or more resources; and determining to not generate the time series information when the cost estimate is greater than the benefit estimate.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于提供具有搜索结果的时间序列信息。 一方面,一种方法包括确定第一查询指示对时间序列信息的请求; 产生成本估计,其量化包括具有一个或多个搜索结果的时间序列信息的一个或多个成本,每个搜索结果包括引用被确定为响应于所述查询的相应资源的资源定位符; 产生效益估计; 确定当所述利益估计大于所述成本估计时产生所述时间序列信息,并且响应于所述确定生成所述时间序列信息,其中生成所述时间序列信息包括从一个或多个资源收集响应时间序列信息; 并且当所述成本估计大于所述效益估计时,确定不产生所述时间序列信息。
-
公开(公告)号:US09116992B2
公开(公告)日:2015-08-25
申请号:US13617560
申请日:2012-09-14
CPC分类号: G06F17/30864 , G06F17/30424 , G06F17/30551 , G06F17/3087
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing time series information with search results. In one aspect, a method includes determining that a first query is indicative of a request for time series information; generating a cost estimate that quantifies one or more costs of including the time series information with one or more search results, each search result including a resource locator that references a corresponding resource determined to be responsive to the query; generating a benefit estimate; determining to generate the time series information when the benefit estimate is greater than the cost estimate and generating the time series information in response to the determination, wherein generating the time series information includes collecting responsive time series information from one or more resources; and determining to not generate the time series information when the cost estimate is greater than the benefit estimate.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于提供具有搜索结果的时间序列信息。 一方面,一种方法包括确定第一查询指示对时间序列信息的请求; 产生成本估计,其量化包括具有一个或多个搜索结果的时间序列信息的一个或多个成本,每个搜索结果包括引用被确定为响应于所述查询的相应资源的资源定位符; 产生效益估计; 确定当所述利益估计大于所述成本估计时产生所述时间序列信息,并且响应于所述确定生成所述时间序列信息,其中生成所述时间序列信息包括从一个或多个资源收集响应时间序列信息; 并且当所述成本估计大于所述效益估计时,确定不产生所述时间序列信息。
-
公开(公告)号:US20150169752A1
公开(公告)日:2015-06-18
申请号:US13617560
申请日:2012-09-14
IPC分类号: G06F17/30
CPC分类号: G06F17/30864 , G06F17/30424 , G06F17/30551 , G06F17/3087
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing time series information with search results. In one aspect, a method includes determining that a first query is indicative of a request for time series information; generating a cost estimate that quantifies one or more costs of including the time series information with one or more search results, each search result including a resource locator that references a corresponding resource determined to be responsive to the query; generating a benefit estimate; determining to generate the time series information when the benefit estimate is greater than the cost estimate and generating the time series information in response to the determination, wherein generating the time series information includes collecting responsive time series information from one or more resources; and determining to not generate the time series information when the cost estimate is greater than the benefit estimate.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于提供具有搜索结果的时间序列信息。 一方面,一种方法包括确定第一查询指示对时间序列信息的请求; 产生成本估计,其量化包括具有一个或多个搜索结果的时间序列信息的一个或多个成本,每个搜索结果包括引用被确定为响应于所述查询的相应资源的资源定位符; 产生效益估计; 确定当所述利益估计大于所述成本估计时产生所述时间序列信息,并且响应于所述确定生成所述时间序列信息,其中生成所述时间序列信息包括从一个或多个资源收集响应时间序列信息; 并且当所述成本估计大于所述效益估计时,确定不产生所述时间序列信息。
-
公开(公告)号:US5903728A
公开(公告)日:1999-05-11
申请号:US841835
申请日:1997-05-05
申请人: Luigi Semenzato
发明人: Luigi Semenzato
CPC分类号: G06F9/547 , G06F9/44526
摘要: A plug-in executes as a separate computer process from a platform process in which the plug-in is installed and which invokes execution of the plug-in. The plug-in therefore has a context which is independent of the context of the platform process. Specifically, the plug-in is separated into a plug-in controller and a plug-in body. The plug-in body is a collection of computer instructions execution of which perform the substantive task of the plug-in, i.e., the task by which the plug-in extends the functionality of the platform process. The plug-in controller is installed in the platform process as a plug-in using the plug-in installation mechanism of the platform process. Once invoked by the platform process, typically in response to user-generated signals received by the platform process, the plug-in controller invokes execution of the plug-in body as a separate computer process from the platform process. The platform process creates a window into which the plug-in can display images and information and passes to the plug-in controller a window identifier of the window to thereby grant the plug-in controller access to the window. The plug-in controller passes the window identifier to the plug-in body through an argument list in execution of the exec( ) system call. The plug-in body avoids deletion of the window by creating a sub-window of the window and manipulating the window hierarchy to prevent deletion of the sub-window as a consequence of deletion of the window provided by the platform process.
摘要翻译: 插件作为独立的计算机进程执行,该平台进程安装插件并调用插件的执行。 因此,插件具有独立于平台进程的上下文的上下文。 具体来说,插件被分成插入式控制器和插件主体。 插件主体是执行插件的实质性任务的计算机指令的集合,即插件扩展了平台进程功能的任务。 插件控制器使用平台进程的插件安装机制作为插件安装在平台进程中。 一旦平台进程调用,通常响应于由平台进程接收到的用户生成的信号,插件控制器将调用作为与平台进程的单独计算机进程的插件主体的执行。 平台过程创建一个窗口,插件可以在其中显示图像和信息,并将该窗口的窗口标识符传递给插件控制器,从而允许插件控制器访问窗口。 插件控制器通过执行exec()系统调用的参数列表将窗口标识符传递给插件主体。 插件主体通过创建窗口的子窗口并操纵窗口层次结构来避免删除窗口,以防止由于平台进程提供的窗口的删除而删除子窗口。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.026 秒)