-
公开(公告)号:US08619971B2
公开(公告)日:2013-12-31
申请号:US11097697
申请日:2005-04-01
CPC分类号: G06F21/57 , G06F9/5077 , G06F2221/2149
摘要: Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.
摘要翻译: 系统和方法提供了诸如管理程序之类的隔离技术上托管的多个分区,其中至少一个分区本地安全服务分区(LSSP)为其他分区提供安全服务。 服务分区(LSSP)承载需要严格安全隔离的高保证服务,即使在用户未连接到网络时,也可以跨分区共享服务并进行访问。 LSSP还可以使用由TPM认证身份密钥(AIK)签名的密钥或由管理程序或服务分区安全地保存的其他密钥来证明任何计算的结果。 可以将LSSP配置为提供可信的审核日志,可信的安全扫描,可信密码服务,可信的编译和测试,可信登录服务等。
-
2.发明授权System and method for protected operating system boot using state validation 有权使用状态验证的受保护操作系统引导的系统和方法公开(公告)号:US07694121B2
公开(公告)日:2010-04-06
申请号:US10882134
申请日:2004-06-30
申请人: Bryan Mark Willman , Paul England , Kenneth D. Ray , Jamie Hunter , Lonnie Dean McMichael , Derek Norman LaSalle , Pierre Jacomet , Mark Eliot Paley , Thekkthalackal Varugis Kurien , David B. Cross
发明人: Bryan Mark Willman , Paul England , Kenneth D. Ray , Jamie Hunter , Lonnie Dean McMichael , Derek Norman LaSalle , Pierre Jacomet , Mark Eliot Paley , Thekkthalackal Varugis Kurien , David B. Cross
IPC分类号: G06F9/00
CPC分类号: G06F21/575 , G06F9/4401
摘要: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
摘要翻译: 用于保护操作系统启动的机制,可防止恶意组件与操作系统一起加载,从而防止系统密钥在不适当情况下泄露。 在机器启动过程的一部分发生后,运行操作系统加载程序,验证加载程序,并验证是否存在和/或创建正确的机器状态。 一旦加载程序已被验证为合法的装载程序,并且其运行的机器状态被验证为正确的,则加载程序的未来行为是已知的,以防止可能导致系统密钥泄露的流氓组件的加载。 对于系统密钥,加载程序的行为被认为是安全的,验证器可以打开系统密钥并将其提供给加载程序。
-
3.发明授权Communication of information via a side-band channel, and use of same to verify positional relationship 失效通过边带通道进行信息通信,并使用它来验证位置关系公开(公告)号:US07493429B2
公开(公告)日:2009-02-17
申请号:US10759325
申请日:2004-01-16
申请人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
发明人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
CPC分类号: G06F21/606 , G06F21/85
摘要: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译: 本发明提供计算机系统中的组件之间的可靠的边带通信,从而可以避免使用系统总线。 两个组件可以通过除总线(例如,红外线端口,电线,未使用的引脚等)之外的方式连接,由此这些组件可以在不使用系统总线的情况下进行通信。 非总线通信信道可以被称为“边带”。 边带频道可以用于传达可能识别用户硬件(例如,公共密钥)的信息或用户可能不希望容易被公众容易地截获的其他信息。 通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。
-
公开(公告)号:US07418512B2
公开(公告)日:2008-08-26
申请号:US10692224
申请日:2003-10-23
IPC分类号: G06F15/16
CPC分类号: G06F21/62
摘要: A resource is obtained from a resource provider (RP) for a resource requester (RR) operating on a computing device. The RR has an identity descriptor (id) associated therewith, where the id including security-related information specifying an environment in which the RR operates. A code identity (code-ID) is calculated corresponding to and based on the loaded RR and loaded id. The RP verifies that the calculated code-ID in a request for the resource matches one of one or more valid code-IDs for the identified RR to conclude that the RR and id can be trusted, and the RP responds to the forwarded request by providing the requested resource to the RR.
摘要翻译: 从用于在计算设备上操作的资源请求者(RR)的资源提供者(RP)获得资源。 RR具有与其相关联的身份描述符(id),其中id包括指定RR操作的环境的安全相关信息。 代码标识(代码ID)是根据加载的RR和加载的id来计算的。 RP验证在资源请求中计算的代码ID与所识别的RR的一个或多个有效代码ID中的一个匹配,以得出可以信任的RR和ID,并且RP通过提供转发的请求来响应转发的请求 向RR请求的资源。
-
公开(公告)号:US07664949B2
公开(公告)日:2010-02-16
申请号:US11194100
申请日:2005-07-29
申请人: Paul England , Muthukrishnan Paramasivam , Thekkthalackal Varugis Kurien , Charles F. Rose, III , Ravindra N Pandya
发明人: Paul England , Muthukrishnan Paramasivam , Thekkthalackal Varugis Kurien , Charles F. Rose, III , Ravindra N Pandya
IPC分类号: H04L29/06
CPC分类号: H04L9/3263 , H04L2209/60
摘要: Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.
摘要翻译: 这里公开了一种用于认证可分发物体的技术。 该技术涉及为每个可分发对象创建一个认证,以指示对象的属性。 使用这样的认证,只能从指定的实体接受具有某些属性的对象。
-
6.发明授权Integration of high-assurance features into an application through application factoring 有权通过应用程序保理将高保证功能集成到应用程序中公开(公告)号:US07730318B2
公开(公告)日:2010-06-01
申请号:US10693749
申请日:2003-10-24
IPC分类号: H04L9/32
CPC分类号: G06F21/53
摘要: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.
摘要翻译: 应用因子分解或分区用于将安全特征集成到常规应用中。 应用程序的功能根据给定操作是否涉及敏感数据的处理而分为两组。 创建独立的软件对象(处理器)来执行这两组操作。 值得信赖的处理器处理安全数据并在高保证环境中运行。 当另一个处理器遇到安全数据时,该数据被发送到可信处理器。 以允许将数据路由到可信处理器的方式包装数据,并且防止数据被除可信处理器之外的任何实体解密。 提供了一个基础设施,用于包装对象,将它们路由到正确的处理器,并通过一系列信任来验证其完整性,并将其引导回已知可靠的基础组件。
-
公开(公告)号:US07591014B2
公开(公告)日:2009-09-15
申请号:US11072982
申请日:2005-03-04
IPC分类号: G06F7/04
CPC分类号: G06F21/57
摘要: To authenticate a program on a computing device to a resource local to or remote from the computing device, a stored program security identifier (PSID) corresponding to the program is retrieved, where the stored PSID includes information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program. The PSID is re-constructed based on the same information as obtained from local sources, and the stored and reconstructed PSIDs are compared to determine whether a match exists. If so, it may be concluded that the program operates in a trusted manner according to an approved set of conditions.
摘要翻译: 为了将计算设备上的程序认证到本地或远离计算设备的资源,检索与程序相对应的存储的程序安全标识符(PSID),其中存储的PSID包括考虑程序本身的信息,执行 程序的设置以及提供给程序的任何输入和初始化。 基于从本地源获得的相同信息重新构建PSID,并且比较存储和重建的PSID以确定是否存在匹配。 如果是这样,可以得出结论,该程序根据一组批准的条件以可信任的方式运行。
-
8.发明授权Integrating security protection tools with computer device integrity and privacy policy 有权将安全保护工具与计算机设备完整性和隐私政策集成公开(公告)号:US08117441B2
公开(公告)日:2012-02-14
申请号:US11472052
申请日:2006-06-20
申请人: Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
发明人: Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
摘要: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译: 在计算机设备上电时,计算机设备的操作系统启动监视器。 监视器为在计算机设备上运行的每个程序和对象(统称为“程序”)分配监视程序,以监视程序的活动。 当监视程序被分配给程序时,基于应用于监视程序的预定标准,向监视程序分配完整性和/或隐私标签(统称为“完整性标签”)。 监控程序又向监控程序监控的程序分配一个完整性标签。 分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。 监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据,另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。
-
公开(公告)号:US20100107218A1
公开(公告)日:2010-04-29
申请号:US12257765
申请日:2008-10-24
申请人: Thekkthalackal Varugis Kurien , Cormac E. Herley , Alice Jane Bernheim Brush , Daniel C. Robbins , Arindam Chatterjee , Scott Field
发明人: Thekkthalackal Varugis Kurien , Cormac E. Herley , Alice Jane Bernheim Brush , Daniel C. Robbins , Arindam Chatterjee , Scott Field
IPC分类号: H04L9/32
CPC分类号: H04L9/3263 , G06F13/24 , G06F2221/2149 , G07F7/0826 , G07F7/1008 , H04L2209/56
摘要: Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.
摘要翻译: 建立安全隔间的系统和方法,用于管理用户机器上的敏感用户事务/信息。 安全隔间限定用户与机器的交互,并将这种合格的交互与机器上的其他用户活动分开。 在发生预定事件时,例如以明确的请求(例如,安全注意序列)的形式,用户切换到这样的安全隔间; 隐式请求(例如,推断用户活动); 以及绑定到固定隔间(例如,USB)的外围设备的存在,其中这样的动作通常不能由在安全隔间外部运行的应用程序产生。
-
公开(公告)号:US08615801B2
公开(公告)日:2013-12-24
申请号:US11515160
申请日:2006-08-31
摘要: Software is authorized in accordance with a reputation of the software. A trust in the author and/or publisher of the software is determined via digital signatures and/or CoAs, and a reputation of the software is utilized to determine the intent of the software. The reputation of the software can be determined via a local service, such as an enterprise IT department and/or via a reputation determination service. When software is downloaded or to be executed, the trust in the author/publisher is determined using digital signatures and/or CoAs associated with the software. If the author/publisher is determined to be trusted, a service is called to determine the reputation of the software. The software can be installed and/or executed dependent upon the reputation of the software and trustworthiness of the author/publisher.
摘要翻译: 软件根据软件的声誉授权。 通过数字签名和/或CoA来确定软件的作者和/或发行者的信任,并且利用软件的声誉来确定软件的意图。 软件的声誉可以通过本地服务(如企业IT部门)和/或通过信誉确定服务来确定。 当软件被下载或要执行时,使用与该软件相关联的数字签名和/或CoAs确定作者/发行者的信任。 如果作者/发行者被确定为受信任,则调用服务来确定软件的声誉。 该软件可以根据软件的声誉和作者/出版商的可靠性进行安装和/或执行。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.022 秒)
