公开(公告)号：WO2016172237A1

公开(公告)日：2016-10-27

申请号：PCT/US2016/028481

申请日：2016-04-20

Applicant: SEQUITUR LABS, INC.

Inventor： ATTFIELD, Philip ,  CHENARD, Paul ,  CURRY, SImon ,  NARVAEZ, Julia ,  REED, Mark

IPC: G06F17/00 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/606 ,  H04L63/20 ,  H04W4/70 ,  H04W4/80 ,  H04W12/08

Abstract: A system and methods for context-aware and situation-aware secure, policy-based access control for computing devices. The invention enhances the previously disclosed policy-based control system by adding contextual information to the set of resources by which a policy decision point can adjudicate a query to execute a transaction or to access a secure resource. Policy information points are able to store information collected over time related to resources under the control of the system. The system can further include an analytical processing engine capable of inferring new information from existing information that also can be used by the decision points. The policy information points provide context to the decision. They are also able to consider and include information that is external to the system or detected outside the system itself.

Abstract translation: 用于计算设备的上下文感知和情境感知安全的基于策略的访问控制的系统和方法。 本发明通过向资源集合添加上下文信息来增强先前公开的基于策略的控制系统，通过该资源集合策略决策点可以裁决执行事务的查询或访问安全资源。 政策信息点能够存储在系统控制下与资源相关的信息。 该系统还可以包括能够从也可以由决策点使用的现有信息推断新信息的分析处理引擎。 政策信息点为决策提供了背景。 他们还能够考虑并包括系统外部或系统外部检测到的信息。

公开(公告)号：WO2015095352A1

公开(公告)日：2015-06-25

申请号：PCT/US2014/070897

申请日：2014-12-17

Applicant: SEQUITUR LABS, INC.

Inventor： ATTFIELD, Philip ,  CHENARD, Paul ,  CURRY, Simon

IPC: G06F9/00

CPC classification number: G06F21/53 ,  G06F9/30072 ,  G06F9/30094 ,  G06F21/74 ,  G06F2221/033

Abstract: Runtime selection and modification of conditional expressions in a computing system has broad applicability in application areas involving deployments of large numbers of network-connected handsets and other devices, as well as in high availability computing environments and essential computing services. The invention describes the deferred evaluation of conditional statements in a trusted execution context such that the problem of spoofing return code is eliminated. The system allows for any set of relevant attributes to be considered in the conditional evaluation. The executable statements associated with the returned evaluation of the conditional is also dynamic and is selected at runtime.

Abstract translation: 计算系统中条件表达式的运行时选择和修改在涉及部署大量网络连接手机和其他设备以及高可用性计算环境和基本计算服务的应用领域具有广泛的适用性。 本发明描述了在可信执行上下文中的条件语句的延迟评估，从而消除了欺骗返回码的问题。 该系统允许在条件评估中考虑任何一组相关属性。 与条件的返回评估相关联的可执行语句也是动态的，并在运行时选择。

公开(公告)号：WO2016010602A3

公开(公告)日：2016-03-17

申请号：PCT/US2015027561

申请日：2015-04-24

Applicant: SEQUITUR LABS INC

Inventor： ATTFIELD PHILIP ,  SCHAFFNER DANIEL ,  HENDRICK MICHAEL THOMAS

IPC: G06F17/00

CPC classification number: H04W12/08 ,  G06F21/44 ,  G06F21/57 ,  G06F21/62 ,  H04L63/0853 ,  H04L63/20

Abstract: Systems and methods are described for utilizing a secure environment on a mobile computing device for applying policy-based decision management in response to access requests from untrusted areas. A policy decision processor (PDP) within the secure environment provides a policy decision in response to an access query. A decision cache within the secure environment can be used to store policy decisions for faster resolution of access requests. Policy enforcement points (PEPs) are placed between external devices that are trying to access the device and the secured environment, where the PEPs are used to enforce the policy-based decision, and can be located either inside or outside the secure environment. Decision certificates can be formulated using validity information and timestamps, and used for validation policy certificates. Memory in non-secure areas can also be marked (colored) for use in performing trusted operations in order to optimize system resource usage.

Abstract translation: 描述了用于在移动计算设备上利用安全环境的系统和方法，用于响应于来自不受信任区域的访问请求而应用基于策略的决策管理。 安全环境内的策略决策处理器（PDP）提供响应于访问查询的策略决定。 安全环境中的决策缓存可用于存储策略决定以更快地解决访问请求。 策略执行点（PEP）放置在试图访问设备的外部设备和安全环境之间，PEP用于执行基于策略的决策，并且可以位于安全环境内部或外部。 可以使用有效性信息和时间戳制定决策证书，并用于验证策略证书。 非安全区域中的内存也可以被标记（彩色），用于执行信任操作，以优化系统资源的使用。

公开(公告)号：WO2016010602A2

公开(公告)日：2016-01-21

申请号：PCT/US2015/027561

申请日：2015-04-24

Applicant: SEQUITUR LABS, INC.

Inventor： ATTFIELD, Philip ,  SCHAFFNER, Daniel ,  HENDRICK, Michael Thomas

IPC: G06F21/30

CPC classification number: H04W12/08 ,  G06F21/44 ,  G06F21/57 ,  G06F21/62 ,  H04L63/0853 ,  H04L63/20

Abstract: Systems and methods are described for utilizing a secure environment on a mobile computing device for applying policy-based decision management in response to access requests from untrusted areas. A policy decision processor (PDP) within the secure environment provides a policy decision in response to an access query. A decision cache within the secure environment can be used to store policy decisions for faster resolution of access requests. Policy enforcement points (PEPs) are placed between external devices that are trying to access the device and the secured environment, where the PEPs are used to enforce the policy-based decision, and can be located either inside or outside the secure environment. Decision certificates can be formulated using validity information and timestamps, and used for validation policy certificates. Memory in non-secure areas can also be marked (colored) for use in performing trusted operations in order to optimize system resource usage.

Abstract translation: 描述了用于在移动计算设备上利用安全环境的系统和方法，用于响应于来自不受信任区域的访问请求而应用基于策略的决策管理。 安全环境内的策略决策处理器（PDP）提供响应于访问查询的策略决定。 安全环境中的决策缓存可用于存储策略决定以更快地解决访问请求。 策略执行点（PEP）放置在试图访问设备的外部设备和安全环境之间，PEP用于执行基于策略的决策，并且可以位于安全环境内部或外部。 可以使用有效性信息和时间戳制定决策证书，并用于验证策略证书。 非安全区域中的内存也可以被标记（彩色），用于执行信任操作，以优化系统资源的使用。

公开(公告)号：WO2017011051A3

公开(公告)日：2017-02-23

申请号：PCT/US2016029144

申请日：2016-04-25

Applicant: SEQUITUR LABS INC

Inventor： ATTFIELD PHILIP ,  DOYLE MICHAEL ,  TING VINCENT

IPC: G06F11/30

CPC classification number: G06F21/72 ,  G06F21/602 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/3247

Abstract: A system for secure data protection and encryption for computing devices. The present invention includes a fast encryption technique for quickly ensuring that the correct binding parameters are used for an encrypted data file. The encrypted file is used in two ways. Because unsecure data could pass through a peripheral device to gain access to a secure computing environment, a dongle housing encryption and decryption subsystems is placed in between the unsecure sources and the peripheral that can encrypt and decrypt data intended for the secure computing environment. The firmware of the computing device can be updated by dividing the update file into encrypted segments that are verified on the device and placed into non-volatile memory. When all parts have been received, decrypted, and written into memory, the device reboots using the updated firmware.

Abstract translation: 用于计算设备的安全数据保护和加密的系统。 本发明包括一种用于快速确保将正确的绑定参数用于加密的数据文件的快速加密技术。 加密文件以两种方式使用。 由于不安全的数据可以通过外围设备来访问安全的计算环境，所以加密狗外壳加密和解密子系统被放置在不安全的源和外围设备之间，可以加密和解密用于安全计算环境的数据。 可以通过将更新文件划分为在设备上验证并被放置在非易失性存储器中的加密段来更新计算设备的固件。 当所有部件已被接收，解密并写入内存后，设备将使用更新的固件重新启动。

公开(公告)号：WO2015026389A2

公开(公告)日：2015-02-26

申请号：PCT/US2013/078004

申请日：2013-12-27

Applicant: SEQUITUR LABS, INC. ,  HENDRICK, Michael Thomas ,  REED, Mark ,  SHCAFFNER, Dan ,  ATTFIELD, Philip ,  NARVAEZ, Julia ,  CHENARD, Paul

Inventor： HENDRICK, Michael Thomas ,  REED, Mark ,  SHCAFFNER, Dan ,  ATTFIELD, Philip ,  NARVAEZ, Julia ,  CHENARD, Paul

CPC classification number: G06F21/629 ,  G06F21/82 ,  G06F2221/2111 ,  G06F2221/2149 ,  H04L67/125 ,  H04M1/72577 ,  H04M2250/04 ,  H04W4/021 ,  H04W4/043 ,  H04W4/14 ,  H04W4/80 ,  H04W12/08

Abstract: Systems and methods for using Near Field Communications 1 (NFC) m\d other short-range wireless communications technologies in mobile device management and security. Uses of NFC devices of both passive and active types are presented herein, as "policy control points" (PCPs) within a policy-based system for mobile handset management, in situations where granular control of handset capabilities is required. Certain location-based, as well as non-location-specific variants of the invention are presented as examples.

Abstract translation: 在移动设备管理和安全性中使用近场通信NFC（近距离无线通信）其他短距离无线通信技术的系统和方法 在此呈现被动和主动类型的NFC设备的使用，作为“策略控制点” （PCPs）在基于策略的移动手机管理系统中，在需要精细控制手机功能的情况下。