专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20150113518A1 UPDATING SOFTWARE COMPONENTS 有权
标题翻译：更新软件组件
公开(公告)号：US20150113518A1
公开(公告)日：2015-04-23
申请号：US14387215
申请日：2012-03-22
申请人： Clifford Liem , Hongrui Dong , Sam Martin , Yuan Xiang Gu , Michael Weiner
发明人： Clifford Liem , Hongrui Dong , Sam Martin , Yuan Xiang Gu , Michael Weiner
IPC分类号： G06F9/445
CPC分类号： G06F8/65 , G06F8/656 , G06F8/658 , G06F9/44521 , G06F21/57 , G06F21/572
摘要： A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.
摘要翻译：提供了一种在组件级更新软件的方法和系统。客户端程序包括用于将软件组件加载到程序的至少一个可加载区域中以更新程序的基础组件。软件组件中的代码用于写入状态数据，将存储器中的更新状态与执行软件组件相关联，并测试状态数据以验证更新程序的状态，并禁止回滚和前滚攻击，状态数据包括哈希链值。用于验证更新的程序的正确性的状态数据与用于程序功能的应用程序数据相互纠缠。服务器包括：具有部署在每个客户端中的多个软件更新的更新池，以及用于监视和控制以下至少之一的策略控制：客户端运行到软件更新被调用的时间长短，更新链 ; 和更新的粒度。

2. 发明申请

US20130125090A1 System and Method for Efficiently Deploying Massively Diverse Program Instances to Resist Differential Attacks 有权
标题翻译：有效部署大量不同程序实例以抵御差错攻击的系统和方法
公开(公告)号：US20130125090A1
公开(公告)日：2013-05-16
申请号：US13812404
申请日：2010-07-29
申请人： Robert Durand , Clifford Liem , Philip Allan Eisen
发明人： Robert Durand , Clifford Liem , Philip Allan Eisen
IPC分类号： G06F9/44
CPC分类号： G06F8/30 , G06F8/61 , G06F21/14
摘要： A system and method for producing a massive number of diverse program instances so as to deter differential attacks, collusion, and similar hostile actions. Code portions are shown to be defined in various manners, instantiated, and aggregated. The system and method establishes a very large number of program instances that may be deployed. Furthermore, testing is accomplished over a minimal set of instances to provide for high test coverage and high confidence over the fully deployed instance set without incurring a high testing penalty.
摘要翻译：一种用于产生大量不同程序实例的系统和方法，以便防止差别攻击，串通和类似的敌对行为。代码部分被显示为以各种方式定义，实例化和聚合。系统和方法建立了可以部署的大量程序实例。此外，通过最少的一组实例来实现测试，以提供高度测试覆盖率和对完全部署的实例集的高置信度，而不会导致高的测试损失。

3. 发明申请

US20110093937A1 AUTHENTICATED DATABASE CONNECTIVITY FOR UNATTENDED APPLICATIONS 有权
标题翻译：用于未知应用的认证数据库连接
公开(公告)号：US20110093937A1
公开(公告)日：2011-04-21
申请号：US12992325
申请日：2009-06-01
申请人： James Alexander Sydney Mantle , Garney David Adams
发明人： James Alexander Sydney Mantle , Garney David Adams
IPC分类号： H04L9/32 , G06F17/30
CPC分类号： G06F21/44 , G06F21/6218
摘要： A custom database connectivity component is deployed in conjunction with a native database connectivity component and a credential manager. The custom connectivity component has a requestor interface for communicating with a requestor application, a credential service interface for communicating with the credential manager, a native database connectivity interface for communicating with native connectivity components, and a decision engine for determining how to convert a request from a requestor to an appropriate API call to the credential manager. The custom connectivity component provides an authenticated and authorized database connection for a requestor application. The component transparently serves retrieves database, or other target resource, credentials on a real time basis, without requiring code changes to the requestor application.
摘要翻译：自定义数据库连接组件与本机数据库连接组件和凭据管理器一起部署。自定义连接组件具有用于与请求者应用通信的请求者接口，用于与凭证管理器进行通信的凭证服务接口，用于与本地连接组件进行通信的本地数据库连接界面，以及用于确定如何将请求转换为一个请求者，对证书管理器进行适当的API调用。自定义连接组件为请求程序应用程序提供经过身份验证和授权的数据库连接。该组件透明地用于实时检索数据库或其他目标资源凭据，而不需要对请求者应用程序进行代码更改。

4. 发明申请

US20150113286A1 METHOD AND SYSTEM FOR CHAIN TRANSFORMATION 审中-公开
标题翻译：链转换方法与系统
公开(公告)号：US20150113286A1
公开(公告)日：2015-04-23
申请号：US14386667
申请日：2012-03-21
申请人： Michael Wiener , Phil Eisen
发明人： Michael Wiener , Phil Eisen
IPC分类号： H04L9/06
CPC分类号： H04L9/0637
摘要： A method and system for secure data protection is provided. The method and system includes carrying out a transform on structured data comprising a fixed data field for implementing an application, the structured data having n segments, each having m bits, including: encoding each of the n segments subsequently to provide n coded segments, including: encoding each of the (n−1) segments depending on a previous segment value; and changing at least one of the n encodings to the n segments such that the fixed data field of a first structured data is encoded differently from the fixed data field of a second structured data, and the transformed first structure data and the transformed second structure data are further processed in the same operation for implementing the application.
摘要翻译：提供了一种用于安全数据保护的方法和系统。所述方法和系统包括对包括用于实现应用的固定数据字段的结构化数据进行变换，所述结构化数据具有n个段，每个段具有m位，包括：随后编码n个段中的每一个以提供n个编码段，包括：根据先前的段值对每个（n-1）段进行编码; 以及将n个编码中的至少一个改变为n个段，使得第一结构化数据的固定数据字段与第二结构化数据的固定数据字段不同地被编码，并且变换的第一结构数据和变换的第二结构数据在实现应用程序的相同操作中被进一步处理。

5. 发明申请

US20150067875A1 SECURING ACCESSIBLE SYSTEMS USING VARIABLE DEPENDENT CODING 有权
标题翻译：使用可变相关编码保护可访问系统
公开(公告)号：US20150067875A1
公开(公告)日：2015-03-05
申请号：US14389358
申请日：2013-03-28
申请人： IRDETO CANADA CORPORATION
发明人： Harold Johnson , Yuan Xiang Gu , Michael Wiener , Yongxin Zhou
IPC分类号： G06F21/60 , G06F21/55
CPC分类号： G06F21/54 , G06F12/1408 , G06F21/14 , G06F21/55 , G06F21/60 , G06F2221/034 , H04L9/0618 , H04L9/0631 , H04L9/14 , H04L2209/04 , H04L2209/16
摘要： Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.
摘要翻译：提供了用于确保可访问的计算机可执行程序代码和系统的系统和技术。可以生成一个或多个基本功能并与现有程序代码混合，使得潜在攻击者可能难以或不可能将基本功能与现有代码区分开。系统和代码也可以使用各种其他混合和保护技术来保护，例如骨折，可变依赖编码，动态数据调整和交联，其可以单独使用或组合使用和/或可以混合具有基本功能。

6. 发明授权

US08752032B2 System and method of interlocking to protect software-mediated program and device behaviours 有权
标题翻译：联锁系统和方法，以保护软件介导的程序和设备行为
公开(公告)号：US08752032B2
公开(公告)日：2014-06-10
申请号：US11709654
申请日：2007-02-23
申请人： Harold Joseph Johnson , Yuan Xiang Gu , Yongxin Zhou
发明人： Harold Joseph Johnson , Yuan Xiang Gu , Yongxin Zhou
IPC分类号： G06F9/45 , G06F12/14
CPC分类号： G06F21/14 , G06F21/10 , G06F21/12 , G06F21/55 , G06F2221/0748 , H04L9/002 , H04L2209/04 , H04L2209/046 , H04L2209/16 , H04L2209/20
摘要： Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.
摘要翻译：阻止代码和控制流攻击软件的方法和设备。主题软件的源代码自动分为基本的逻辑块。修改所选的基本块，使其输出扩展。类似地，修改其他基本块，使得它们的输入相应地被扩展。这些修改增加或创建基本块之间的依赖关系，以便篡改一个基本块的代码导致其他基本块在执行时发生故障。

7. 发明申请

US20130024699A1 System and Method for Protecting Cryptographic Assets From a White-Box Attack 有权
标题翻译：从白盒攻击中保护加密资产的系统和方法
公开(公告)号：US20130024699A1
公开(公告)日：2013-01-24
申请号：US13637811
申请日：2010-03-31
申请人： James Muir , Jiayuan Sui , Daniel Elie Murdock , Philip Allan Eisen
发明人： James Muir , Jiayuan Sui , Daniel Elie Murdock , Philip Allan Eisen
IPC分类号： H04L9/32 , H04L9/28
CPC分类号： H04L9/002 , H04L9/3066 , H04L9/3252 , H04L2209/16
摘要： A digital signature generation (DSG) process which provides resistance against white box attackers is disclosed. This is done by applying specially selected data transformations to the inputs, outputs and internal parameters of the algorithm. In particular, the signatory's private key does not appear in the clear in our protected implementation. Our new white box implementation produces signatures that are compatible with signatures created by conventional implementations; thus our solution facilitates interoperability and can be used as a drop-in replacement for conventional implementations. In particular, we describe transformations to the key (d) and the generator domain parameter (usually denoted G or g) of the digital signature generation processes, such that embodiments of the invention can produce signed messages which appear to a verifier as if the key (d) was used, without actually ever using the key (d). This makes it impossible for an adversary to ever observe the key (d), as it is not actually used. Further embodiments include additional protections to make it even harder for an adversary to deduce the key (d) by observing the process which generates the digital signature.
摘要翻译：公开了提供针对白盒攻击者的电阻的数字签名生成（DSG）过程。这是通过对算法的输入，输出和内部参数应用特别选择的数据变换来完成的。特别是签署人的私钥在我们受保护的实现中并不清楚。我们的新白盒实现产生与传统实现创建的签名兼容的签名; 因此我们的解决方案有助于互操作性，并可用作传统实现的替代。特别地，我们描述了对数字签名生成过程的密钥（d）和生成器域参数（通常表示为G或g）的转换，使得本发明的实施例可以产生出现在验证者的签名消息，如同密钥（d）被使用，实际上并没有使用钥匙（d）。这使对手不可能遵守钥匙（d），因为它没有被实际使用。另外的实施例包括额外的保护，以使对手甚至难以通过观察生成数字签名的过程来推断密钥（d）。

8. 发明申请

US20130014275A1 Method For Linking and Loading to Protect Applications 有权
标题翻译：链接和加载方法以保护应用程序
公开(公告)号：US20130014275A1
公开(公告)日：2013-01-10
申请号：US13634724
申请日：2010-03-31
申请人： Grant Stewart Goodes , Clifford Liem
发明人： Grant Stewart Goodes , Clifford Liem
IPC分类号： G06F21/22 , G06F7/58 , G06F9/44
CPC分类号： G06F9/44521 , G06F8/54 , G06F21/14 , G06F21/51
摘要： A linker or loader, and associated method, is described, whereby the application of security transformations to object-code modules can be deferred until link or load-time, through, for example, memory relocation, selection from diverse instances of a module, and late-binding of constants. This provides several benefits over conventional source-to-source security transformations. These deferred security transformations can be applied in a very light-weight manner and create many opportunities for diversity in the resulting executable program, enhancing security, while at the same time minimizing the impact on execution performance and correctness, and reducing the complexity of debugging.
摘要翻译：描述了链接器或加载器以及相关联的方法，由此通过例如存储器重定位，从模块的不同实例的选择，到对象代码模块的安全转换的应用可以被推迟到链接或加载时间为止，以及常数的晚期绑定。这比传统的源到源安全转换提供了几个好处。这些延迟安全转换可以以非常轻量级的方式应用，并在生成的可执行程序中创建多样化的机会，增强安全性，同时最小化对执行性能和正确性的影响，并降低调试的复杂性。

9. 发明申请

US20130007881A1 System and Method for Dynamic, Variably-Timed Operation Paths as a Resistance to Side Channel and Repeated Invocation Attacks 审中-公开
标题翻译：用于动态，可变定时操作路径的系统和方法作为对侧通道的阻力和重复的调用攻击
公开(公告)号：US20130007881A1
公开(公告)日：2013-01-03
申请号：US13583965
申请日：2010-03-25
申请人： Clifford Liem , Carlos Nahas
发明人： Clifford Liem , Carlos Nahas
IPC分类号： G06F21/22
CPC分类号： G06F21/14 , G06F21/755
摘要： A system and method for constructing variably-timed operation paths and applying those paths to any algorithm. In particular, the system and method may be applied to cryptography algorithms as a means to resist side-channel, repeated invocation, and any similar attacks based on the physical characteristics of a system for a given software implementation. The method has the benefit of being generally applicable to any algorithm and has the ability to constrain performance to known timing windows.
摘要翻译：一种用于构建可变定时操作路径并将这些路径应用于任何算法的系统和方法。特别地，系统和方法可以应用于密码学算法，作为抵抗侧信道，重复调用以及基于给定软件实现的系统的物理特性的任何类似攻击的手段。该方法具有通常适用于任何算法的优点，并且具有将性能约束到已知时序窗口的能力。

10. 发明申请

US20110214179A1 SECURE METHOD AND SYSTEM FOR COMPUTER PROTECTION 有权
标题翻译：用于计算机保护的安全方法和系统
公开(公告)号：US20110214179A1
公开(公告)日：2011-09-01
申请号：US13106519
申请日：2011-05-12
申请人： Stanley T. CHOW , Harold T. JOHNSON , Alexander MAIN , Yuan GU
发明人： Stanley T. CHOW , Harold T. JOHNSON , Alexander MAIN , Yuan GU
IPC分类号： G06F12/14 , G06F11/30
CPC分类号： G06F21/566 , G06F21/14 , G06F2221/2145 , G06F2221/2149 , H04L63/1441
摘要： Attacks by computer viruses, worm programs, and other hostile software (‘malware’), have become very serious problems for computer systems connected to large communication networks such as the Internet. One potential defence against such attacks is to employ diversity—that is, making each copy of the attacked software different. However, existing diversity techniques do not offer sufficient levels of protection. The invention provides an effective diversity solution by applying tamper resistant software (TRS) encoding techniques, to the communications that take place between software components, with corresponding changes to the code handling those communications. These communications may include, for example, data passed between software routines via parameters or mutually accessible variables, light-weight messages, signals and semaphores passed between threads, and messages passed between software processes. Effective TRS encoding techniques include data-flow encoding and mass-data encoding techniques.
摘要翻译：计算机病毒，蠕虫程序和其他恶意软件（“恶意软件”）的攻击对于连接到大型通信网络（如Internet）的计算机系统而言，已经成为非常严重的问题。对这种攻击的一个潜在防御是采用多样性，即使受攻击软件的每个副本不同。然而，现有的多样性技术不能提供足够的保护。本发明通过将抗篡改软件（TRS）编码技术应用于在软件组件之间发生的通信以及处理那些通信的代码的相应变化来提供有效的分集解决方案。这些通信可以包括例如经由参数或相互可访问的变量的软件例程之间传递的数据，在线程之间传递的轻量级消息，信号和信号量以及在软件进程之间传递的消息。有效的TRS编码技术包括数据流编码和大量数据编码技术。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式