专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08418259B2 TPM-based license activation and validation 有权
标题翻译：基于TPM的许可证激活和验证
公开(公告)号：US08418259B2
公开(公告)日：2013-04-09
申请号：US12652094
申请日：2010-01-05
申请人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
发明人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
IPC分类号： G06F7/04
CPC分类号： G06F21/10 , G06F2221/0704
摘要： A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.
摘要翻译：可信激活许可证（TAL）可以由可信平台模块（TPM）特有的密钥组成，并且识别与具有该TPM的计算设备捆绑的软件应用的信息。为了激活软件应用程序，可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较，并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较地点。随后的验证可以基于TAL和认证身份密钥（AIK）之间的保护关联，该密钥可以由TPM作为激活步骤的一部分生成。可选地，可以在验证期间周期性地改变TPM的平台配置寄存器（PCR），以防止使用一个TPM来在多个计算设备上进行验证。

2. 发明授权

US08001596B2 Software protection injection at load time 有权
标题翻译：加载时软件保护注入
公开(公告)号：US08001596B2
公开(公告)日：2011-08-16
申请号：US11743755
申请日：2007-05-03
申请人： Matthias Wollnik , Nir Ben Zvi , Hakki Tunc Bostanci , John Richard McDowell , Aaron Goldsmid
发明人： Matthias Wollnik , Nir Ben Zvi , Hakki Tunc Bostanci , John Richard McDowell , Aaron Goldsmid
IPC分类号： G06F11/00
CPC分类号： G06F21/51 , G06F21/54
摘要： A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium.
摘要翻译：将保护机制应用于二进制对象的方法包括使用操作系统资源将二进制对象与清单和数字签名一起从存储介质加载。使用数字签名执行二进制对象的认证，读取清单以确定二进制对象的保护类别。操作系统选择对应于保护类别的保护机制，并将保护机制代码与二进制对象一起注入计算机RAM中的二进制映像。当访问二进制图像时，保护机制执行，并允许对二进制对象的完全访问和功能，或者阻止二进制对象的正确访问和操作。可以独立于存储介质上的信息更新保护机制。

3. 发明申请

US20120284507A1 PROTECTED AUTHORIZATION 有权
标题翻译：受保护的授权
公开(公告)号：US20120284507A1
公开(公告)日：2012-11-08
申请号：US13100450
申请日：2011-05-04
申请人： Hakki Tunc Bostanci , Robert Edgar Fanfant , Chih-Pin Kao , Satish K. Shetty , Kalin G. Toshev , Yefei Gao
发明人： Hakki Tunc Bostanci , Robert Edgar Fanfant , Chih-Pin Kao , Satish K. Shetty , Kalin G. Toshev , Yefei Gao
IPC分类号： H04L9/32
CPC分类号： H04L9/3213 , G06F21/335
摘要： One or more techniques and/or systems are provided for securely authorizing a client to consume data and/or services from a service provider server while mitigating burdensome requests made to a validation server. That is, validation data provided to a client from a validation server may be maintained on the client and at least some of that validation data can be used to subsequently authorize the client when the client attempts to consume data and/or services from the service provider server (e.g., download a song). However, the validation data is maintained on the client and/or provided to the service provider server in a manner that inhibits user tampering. In this manner, numerous requests for validation of the client need not be made from the service provider server to the validation server when a client requests content from the service provider server, while also inhibiting unauthorized consumptions of data by the client.
摘要翻译：提供了一个或多个技术和/或系统，用于安全授权客户端从服务提供商服务器消耗数据和/或服务，同时减轻对验证服务器的繁重请求。也就是说，可以在客户端上维护从验证服务器提供给客户端的验证数据，并且当客户端尝试从服务提供商消费数据和/或服务时，该验证数据中的至少一些可以用于随后授权客户端服务器（例如，下载歌曲）。然而，验证数据被保持在客户端上和/或以禁止用户篡改的方式提供给服务提供商服务器。以这种方式，当客户端从服务提供商服务器请求内容时，不需要从服务提供商服务器向验证服务器发出许多客户端验证请求，同时还禁止客户端对数据的未经授权的消费。

4. 发明申请

US20110167503A1 TPM-BASED LICENSE ACTIVATION AND VALIDATION 有权
标题翻译：基于TPM的许可证激活和验证
公开(公告)号：US20110167503A1
公开(公告)日：2011-07-07
申请号：US12652094
申请日：2010-01-05
申请人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
发明人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
IPC分类号： G06F21/22
CPC分类号： G06F21/10 , G06F2221/0704
摘要： A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.
摘要翻译：可信激活许可证（TAL）可以由可信平台模块（TPM）特有的密钥组成，并且识别与具有该TPM的计算设备捆绑的软件应用的信息。为了激活软件应用程序，可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较，并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较地点。随后的验证可以基于TAL和认证身份密钥（AIK）之间的保护关联，该密钥可以由TPM作为激活步骤的一部分生成。可选地，可以在验证期间周期性地改变TPM的平台配置寄存器（PCR），以防止使用一个TPM来在多个计算设备上进行验证。

5. 发明申请

US20090319761A1 HARDWARE CONSTRAINED SOFTWARE EXECUTION 有权
标题翻译：硬件约束软件执行
公开(公告)号：US20090319761A1
公开(公告)日：2009-12-24
申请号：US12144699
申请日：2008-06-24
申请人： Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
发明人： Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
IPC分类号： G06F9/318
CPC分类号： G06F9/30181 , G06F21/123 , G06F21/125
摘要： Restricting execution by a computing device of instructions within an application program. The application program is modified such that execution of the selected instructions is dependent upon a corresponding expected state of one or more hardware components in the computing device. In an embodiment, the application program is modified to place the hardware components in the expected states prior to execution of the corresponding selected instructions. Creating the dependency on the hardware components prevents the unintended or malicious execution of the selected instructions.
摘要翻译：由计算设备限制应用程序内的指令执行。应用程序被修改为使得所选择的指令的执行取决于计算设备中的一个或多个硬件组件的对应的预期状态。在一个实施例中，修改应用程序以在执行相应的所选择的指令之前将硬件组件置于预期状态。创建对硬件组件的依赖性可防止所选指令的意外或恶意执行。

6. 发明授权

US08931056B2 Establishing privileges through claims of valuable assets 有权
标题翻译：通过索赔有价值的资产建立特权
公开(公告)号：US08931056B2
公开(公告)日：2015-01-06
申请号：US13076908
申请日：2011-03-31
申请人： Eric Fleischman , Eliot Gillum , Matthew Robert Ayers , Robert Edgar Fanfant , Hakki Tunc Bostanci
发明人： Eric Fleischman , Eliot Gillum , Matthew Robert Ayers , Robert Edgar Fanfant , Hakki Tunc Bostanci
IPC分类号： G06F21/22 , G11C7/00 , H04L29/06
CPC分类号： H04L63/105 , H04L63/0823
摘要： A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service.
摘要翻译：可以基于实体的特权级别，以不同的服务级别（例如，具有不同的权限集合）向每个实体提供可由一组实体访问的服务。然而，许多用户可能会尝试通过服务执行恶意活动，如果检测的惩罚是无关紧要的，则可能会不受惩罚地进行。相反，可以基于具有可识别价值的资产的索赔来建立特权级别的实体。这样的索赔可以通过向服务提交资产标识符来建立，例如通过提交以相当大的成本购买的许可证密钥来标识的软件许可证的证明。这些用户执行的恶意活动的处罚可能包括这种资产标识符的无效。以这种方式建立各实体的特权级别，会提高企图恶意使用服务的处罚，从而威慑威慑力。

7. 发明授权

US08010773B2 Hardware constrained software execution 有权
标题翻译：硬件受限软件执行
公开(公告)号：US08010773B2
公开(公告)日：2011-08-30
申请号：US12144699
申请日：2008-06-24
申请人： Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
发明人： Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
IPC分类号： G06F7/38 , G06F9/00 , G06F9/44 , G06F15/00
CPC分类号： G06F9/30181 , G06F21/123 , G06F21/125
摘要： Restricting execution by a computing device of instructions within an application program. The application program is modified such that execution of the selected instructions is dependent upon a corresponding expected state of one or more hardware components in the computing device. In an embodiment, the application program is modified to place the hardware components in the expected states prior to execution of the corresponding selected instructions. Creating the dependency on the hardware components prevents the unintended or malicious execution of the selected instructions.
摘要翻译：由计算设备限制应用程序内的指令执行。应用程序被修改为使得所选择的指令的执行取决于计算设备中的一个或多个硬件组件的对应的预期状态。在一个实施例中，修改应用程序以在执行相应的所选择的指令之前将硬件组件置于预期状态。创建对硬件组件的依赖性可防止所选指令的意外或恶意执行。

8. 发明申请

US20080229115A1 PROVISION OF FUNCTIONALITY VIA OBFUSCATED SOFTWARE 审中-公开
标题翻译：通过强化软件提供功能
公开(公告)号：US20080229115A1
公开(公告)日：2008-09-18
申请号：US11687252
申请日：2007-03-16
申请人： Matthias Hermann Wollnik , Nir Ben-Zvi , Aaron Goldsmid , Hakki Tunc Bostanci , Karan Singh Dhillon , Nathan Jeffrey Ide , John Richard McDowell , David John Linsley
发明人： Matthias Hermann Wollnik , Nir Ben-Zvi , Aaron Goldsmid , Hakki Tunc Bostanci , Karan Singh Dhillon , Nathan Jeffrey Ide , John Richard McDowell , David John Linsley
IPC分类号： H04L9/32
CPC分类号： G06F21/14 , H04L9/0825 , H04L2209/16
摘要： In an example embodiment, executable files are individually encrypted utilizing a symmetric cryptographic key. For each user to be given access to the obfuscated file, the symmetric cryptographic key is encrypted utilizing a public key of a respective public/private key pair. A different public key/private key pair is utilized for each user. Obfuscated files are formed comprising the encrypted executable files and a respective encrypted symmetric cryptographic key. The private keys of the public/private key pairs are stored on respective smart cards. The smart cards are distributed to the users. When a user wants to invoke the functionality of an obfuscated file, the user provides the private key via his/her smart card. The private key is retrieved and is utilized to decrypt the appropriate portion of the obfuscated file. The symmetric cryptographic key obtained therefrom is utilized to decrypt the encrypted executable file.
摘要翻译：在示例实施例中，使用对称加密密钥对可执行文件进行单独加密。为了使每个用户被访问该混淆文件，使用相应的公共/私人密钥对的公开密钥对对称加密密钥进行加密。每个用户使用不同的公钥/私钥对。形成包含加密的可执行文件和相应加密的对称加密密钥的混淆文件。公钥/私钥对的私钥存储在相应的智能卡上。智能卡分发给用户。当用户想要调用混淆文件的功能时，用户通过他/她的智能卡提供私钥。检索私钥并用于解密混淆文件的适当部分。从其获得的对称密码密钥用于解密加密的可执行文件。

9. 发明授权

US08806192B2 Protected authorization for untrusted clients 有权
标题翻译：受保护的不受信任客户端的授权
公开(公告)号：US08806192B2
公开(公告)日：2014-08-12
申请号：US13100450
申请日：2011-05-04
申请人： Hakki Tunc Bostanci , Robert Edgar Fanfant , Chih-Pin Kao , Satish K. Shetty , Kalin G. Toshev , Yefei Gao
发明人： Hakki Tunc Bostanci , Robert Edgar Fanfant , Chih-Pin Kao , Satish K. Shetty , Kalin G. Toshev , Yefei Gao
IPC分类号： H04L29/06
CPC分类号： H04L9/3213 , G06F21/335
摘要： One or more techniques and/or systems are provided for securely authorizing a client to consume data and/or services from a service provider server while mitigating burdensome requests made to a validation server. That is, validation data provided to a client from a validation server may be maintained on the client and at least some of that validation data can be used to subsequently authorize the client when the client attempts to consume data and/or services from the service provider server (e.g., download a song). However, the validation data is maintained on the client and/or provided to the service provider server in a manner that inhibits user tampering. In this manner, numerous requests for validation of the client need not be made from the service provider server to the validation server when a client requests content from the service provider server, while also inhibiting unauthorized consumptions of data by the client.
摘要翻译：提供了一个或多个技术和/或系统，用于安全授权客户端从服务提供商服务器消耗数据和/或服务，同时减轻对验证服务器的繁重请求。也就是说，可以在客户端上维护从验证服务器提供给客户端的验证数据，并且当客户端尝试从服务提供商消费数据和/或服务时，可以使用该验证数据中的至少一些来随后授权客户端服务器（例如，下载歌曲）。然而，验证数据被保持在客户端上和/或以禁止用户篡改的方式提供给服务提供商服务器。以这种方式，当客户端从服务提供商服务器请求内容时，不需要从服务提供商服务器向验证服务器发出许多客户端验证请求，同时还禁止客户端对数据的未经授权的消费。

10. 发明申请

US20130117006A1 SIMULATED BOOT PROCESS TO DETECT INTRODUCTION OF UNAUTHORIZED INFORMATION 审中-公开
标题翻译：模拟引导过程来检测未经授权的信息
公开(公告)号：US20130117006A1
公开(公告)日：2013-05-09
申请号：US13290154
申请日：2011-11-07
申请人： Asish George Varghese , Chih-Pin Kao , Robert Fanfant , Hakki Tunc Bostanci
发明人： Asish George Varghese , Chih-Pin Kao , Robert Fanfant , Hakki Tunc Bostanci
IPC分类号： G06F9/455
CPC分类号： G06F21/575 , G06F21/53
摘要： Techniques involving a simulated start-up or “boot” process to detect the introduction of unauthorized code or data into the boot process. In one embodiment, a boot process is performed to initiate a computing system. The boot process is then simulated using the initiated computing system to detect unauthorized modifications introduced into the computing system prior to the computing system's operating system being operational.
摘要翻译：涉及模拟启动或“启动”过程的技术，以检测未经授权的代码或数据引入引导过程。在一个实施例中，执行引导过程以启动计算系统。然后使用所启动的计算系统来模拟引导过程，以在计算系统的操作系统正在运行之前检测引入到计算系统中的未经授权的修改。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式