-
1.发明申请Integration of high-assurance features into an application through application factoring 有权通过应用程序保理将高保证功能集成到应用程序中公开(公告)号:US20050091661A1
公开(公告)日:2005-04-28
申请号:US10693749
申请日:2003-10-24
IPC分类号: G06F21/24 , G06F1/00 , G06F3/00 , G06F9/44 , G06F9/45 , G06F9/46 , G06F12/14 , G06F15/76 , G06F17/00 , G06F21/00 , G06F21/22
CPC分类号: G06F21/53
摘要: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.
摘要翻译: 应用因子分解或分区用于将安全特征集成到常规应用中。 应用程序的功能根据给定操作是否涉及敏感数据的处理而分为两组。 创建独立的软件对象(处理器)来执行这两组操作。 值得信赖的处理器处理安全数据并在高保证环境中运行。 当另一个处理器遇到安全数据时,该数据被发送到可信处理器。 以允许将数据路由到可信处理器的方式包装数据,并且防止数据被除可信处理器之外的任何实体解密。 提供了一个基础设施,用于包装对象,将它们路由到正确的处理器,并通过一系列信任来验证其完整性,并将其引导回已知可靠的基础组件。
-
2.发明申请Communication of information via a side-band channel, and use of same to verify positional relationship 失效通过边带通道进行信息通信,并使用它来验证位置关系公开(公告)号:US20050010818A1
公开(公告)日:2005-01-13
申请号:US10759325
申请日:2004-01-16
申请人: John Paff , Marcus Peinado , Thekkthalackal Kurien , Bryan Willman , Paul England , Andrew Thornton
发明人: John Paff , Marcus Peinado , Thekkthalackal Kurien , Bryan Willman , Paul England , Andrew Thornton
CPC分类号: G06F21/606 , G06F21/85
摘要: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译: 本发明提供计算机系统中的组件之间的可靠的边带通信,从而可以避免使用系统总线。 两个组件可以通过除总线(例如,红外线端口,电线,未使用的引脚等)之外的方式连接,由此这些组件可以在不使用系统总线的情况下进行通信。 非总线通信信道可以被称为“边带”。 边带频道可以用于传达可能识别用户硬件(例如,公共密钥)的信息或用户可能不希望容易被公众容易地截获的其他信息。 通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。
-
公开(公告)号:US20050125548A1
公开(公告)日:2005-06-09
申请号:US10692224
申请日:2003-10-23
申请人: Paul England , Anshul Dhir , Thekkthalackal Kurien , Kenneth Ray
发明人: Paul England , Anshul Dhir , Thekkthalackal Kurien , Kenneth Ray
IPC分类号: G06F21/24 , G06F1/00 , G06F3/14 , G06F9/06 , G06F9/50 , G06F12/14 , G06F15/00 , G06F15/16 , G06F21/00 , G06F21/22 , G06K19/073 , G09C1/00 , H04L9/32
CPC分类号: G06F21/62
摘要: A resource is obtained from a resource provider (RP) for a resource requester (RR) operating on a computing device. The RR has an identity descriptor (id) associated therewith, where the id including security-related information specifying an environment in which the RR operates. A code identity (code-ID) is calculated corresponding to and based on the loaded RR and loaded id. The RP verifies that the calculated code-ID in a request for the resource matches one of one or more valid code-IDs for the identified RR to conclude that the RR and id can be trusted, and the RP responds to the forwarded request by providing the requested resource to the RR.
摘要翻译: 从用于在计算设备上操作的资源请求者(RR)的资源提供者(RP)获得资源。 RR具有与其相关联的身份描述符(id),其中id包括指定RR操作的环境的安全相关信息。 代码标识(代码ID)是根据加载的RR和加载的id来计算的。 RP验证在资源请求中计算出的代码ID与所识别的RR的一个或多个有效代码ID中的一个匹配,以得出可以信任的RR和ID,并且RP通过提供转发的请求来响应转发的请求 向RR请求的资源。
-
4.发明申请System and method for protected operating system boot using state validation 有权使用状态验证的受保护操作系统引导的系统和方法公开(公告)号:US20060005034A1
公开(公告)日:2006-01-05
申请号:US10882134
申请日:2004-06-30
申请人: Bryan Willman , Paul England , Kenneth Ray , Jamie Hunter , Lonny McMichael , Derek LaSalle , Pierre Jacomet , Mark Paley , Thekkthalackal Kurien , David Cross
发明人: Bryan Willman , Paul England , Kenneth Ray , Jamie Hunter , Lonny McMichael , Derek LaSalle , Pierre Jacomet , Mark Paley , Thekkthalackal Kurien , David Cross
CPC分类号: G06F21/575 , G06F9/4401
摘要: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
摘要翻译: 用于保护操作系统启动的机制,可防止恶意组件与操作系统一起加载,从而防止系统密钥在不适当情况下泄露。 在机器启动过程的一部分发生后,运行操作系统加载程序,验证加载程序,并验证是否存在和/或创建正确的机器状态。 一旦加载程序已被验证为合法的装载程序,并且其运行的机器状态被验证为正确的,则加载程序的未来行为是已知的,以防止可能导致系统密钥泄露的流氓组件的加载。 对于系统密钥,加载程序的行为被认为是安全的,验证器可以打开系统密钥并将其提供给加载程序。
-
公开(公告)号:US20060200859A1
公开(公告)日:2006-09-07
申请号:US11072982
申请日:2005-03-04
IPC分类号: G06F12/14
CPC分类号: G06F21/57
摘要: To authenticate a program on a computing device to a resource local to or remote from the computing device, a stored program security identifier (PSID) corresponding to the program is retrieved, where the stored PSID includes information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program. The PSID is re-constructed based on the same information as obtained from local sources, and the stored and reconstructed PSIDs are compared to determine whether a match exists. If so, it may be concluded that the program operates in a trusted manner according to an approved set of conditions.
-
公开(公告)号:US20070028096A1
公开(公告)日:2007-02-01
申请号:US11194100
申请日:2005-07-29
申请人: Paul England , Muthukrishnan Paramasivam , Thekkthalackal Kurien , Charles Rose , Ravindra Pandya
发明人: Paul England , Muthukrishnan Paramasivam , Thekkthalackal Kurien , Charles Rose , Ravindra Pandya
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L2209/60
摘要: Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.
摘要翻译: 这里公开了一种用于认证可分发物体的技术。 该技术涉及为每个可分发对象创建一个认证,以指示对象的属性。 使用这样的认证,只能从指定的实体接受具有某些属性的对象。
-
公开(公告)号:US20060236127A1
公开(公告)日:2006-10-19
申请号:US11097697
申请日:2005-04-01
IPC分类号: G06F12/14
CPC分类号: G06F21/57 , G06F9/5077 , G06F2221/2149
摘要: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.
-
公开(公告)号:US09183406B2
公开(公告)日:2015-11-10
申请号:US13012573
申请日:2011-01-24
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用公钥加密来生成包含数据的密文,只有满足一个或多个条件,才允许从密文获得数据。 根据另一方面,从调用程序接收位串。 使用公钥解密解密比特串中的数据,只有满足包含在比特串中的一个或多个条件时才返回给调用程序。
-
公开(公告)号:US08601286B2
公开(公告)日:2013-12-03
申请号:US13015440
申请日:2011-01-27
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F12/14
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.
摘要翻译: 根据某些方面,接收数据并生成并输出数字签名。 数字签名可以是数据的数字签名以及为了使数据被显示而被满足的一个或多个条件,或者使用与绑定的绑定密钥相关联的私有密钥生成的数据的数字签名 一个或多个处理器。
-
公开(公告)号:US07975117B2
公开(公告)日:2011-07-05
申请号:US10741629
申请日:2003-12-19
IPC分类号: G06F13/00
CPC分类号: G06F21/78 , G06F12/1425 , G06F12/1483
摘要: Plural guest operating systems run on a computer, where a security kernel enforces a policy of isolation among the guest operating systems. An exclusion vector defines a set of pages that cannot be accessed by direct memory access (DMA) devices. The security kernel enforces an isolation policy by causing certain pages to be excluded from direct access. Thus, device drivers in guest operating systems are permitted to control DMA devices directly without virtualization of those devices, while each guest is prevented from using DMA devices to access pages that the guest is not permitted to access under the policy.
摘要翻译: 多个客户机操作系统在计算机上运行,其中安全内核在客户机操作系统之间执行隔离策略。 排除向量定义了一组不能被直接存储器访问(DMA)设备访问的页面。 安全内核通过使某些页面被排除在直接访问之外来执行隔离策略。 因此,允许来宾操作系统中的设备驱动程序直接控制DMA设备,而不会对这些设备进行虚拟化,同时阻止每个客户端使用DMA设备来访问访客不允许访问策略下的页面。
-
-
-
-
-
-
-
-
-
搜索结果
208 条记录 (耗时 0.029 秒)
