专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090144828A1 RAPID SIGNATURES FOR PROTECTING VULNERABLE BROWSER CONFIGURATIONS 审中-公开
标题翻译：用于保护易受攻击的浏览器配置的快速签名
公开(公告)号：US20090144828A1
公开(公告)日：2009-06-04
申请号：US11949818
申请日：2007-12-04
申请人： Matthew W. Thomlinson
发明人： Matthew W. Thomlinson
IPC分类号： G06F21/00
CPC分类号： G06F21/56 , G06F21/52 , G06F21/554 , G06F21/577
摘要： Architecture for distributing rules-based, targeted vulnerability signatures to an application (e.g., a browser) in order to block exploitation of vulnerable objects (e.g., ActiveX controls) or protocols. The architecture provides a significant reduction in the window of vulnerability, thereby improving the user experience in the software products. The solution employs text in a configuration file (a realtime rule), which is fine-grained, works on both vendor-created and third-party controls, and is completely compatible except under attack conditions (and thus quick to deploy with minimal testing). Publication of the rule does not block legal uses of the vulnerable control and would not require a full testing procedure. Further, a vulnerable control with a proper vulnerability signature is as safe as running a fully-fixed control. The architecture can be extended to arbitrary binary behaviors, and shell protocols.
摘要翻译：用于向应用程序（例如浏览器）分发基于规则的有针对性的漏洞签名以便阻止对脆弱对象（例如，ActiveX控件）或协议的利用的体系结构。该架构大大减少了漏洞的窗口，从而提高了软件产品的用户体验。该解决方案在配置文件（实时规则）中采用文本，这是一个细粒度的，可以在供应商创建的和第三方的控件上运行，除了受到攻击的条件之外，因此完全兼容（因此，通过最少的测试可快速部署）。该规则的公布不会阻止易受攻击的控制的合法使用，并且不需要完整的测试程序。此外，具有适当漏洞签名的易受攻击的控制与运行完全固定的控制一样安全。该架构可以扩展到任意的二进制行为和shell协议。

2. 发明授权

US5761311A Blind encryption 失效
标题翻译：盲加密
公开(公告)号：US5761311A
公开(公告)日：1998-06-02
申请号：US838695
申请日：1997-04-09
申请人： Jeffrey F. Spelman , Matthew W. Thomlinson
发明人： Jeffrey F. Spelman , Matthew W. Thomlinson
IPC分类号： G07F7/10 , H04L9/08 , H04L9/30
CPC分类号： G07F7/1016 , G06Q20/085 , H04L9/302 , H04L2209/04 , H04L2209/56
摘要： A method of processing encrypted communications sent by a first party, the method including the steps of: receiving from the first party a message that has a first part, a second part, a third part and a fourth part, wherein the first part includes a first block of information that is encrypted by using a key k1, the second part includes a second block of information that is encrypted by using a key k2, the third part includes a third block of information that is encrypted by using a key R, and the fourth part includes a fourth block of information that is encrypted by using the key R, wherein the third block of information includes k1 and the fourth block of information includes k2; blinding the fourth part; sending the third part and the blinded fourth part to a recryptor; receiving from the recryptor the k1 key re-encrypted by using a first key; and receiving from the recryptor a fifth block of information which is the blinded fourth block of information that has been encrypted by using a second key.
摘要翻译：一种处理由第一方发送的加密通信的方法，所述方法包括以下步骤：从所述第一方接收具有第一部分，第二部分，第三部分和第四部分的消息，其中所述第一部分包括通过使用密钥k1加密的第一信息块，第二部分包括通过使用密钥k2加密的第二信息块，第三部分包括通过使用密钥R加密的第三信息块，以及第四部分包括通过使用密钥R加密的第四信息块，其中第三信息块包括k1，第四信息块包括k2; 盲目的第四部分; 将第三部分和盲人第四部分发送给重新加注者; 从重新加密器接收通过使用第一密钥重新加密的k1密钥; 并且从重新加密器接收第五个信息块，该第五块信息是通过使用第二密钥被加密的盲目的第四个信息块。

3. 发明授权

US5680458A Root key compromise recovery 失效
标题翻译：根密钥妥协恢复
公开(公告)号：US5680458A
公开(公告)日：1997-10-21
申请号：US555697
申请日：1995-11-14
申请人： Jeffrey F. Spelman , Matthew W. Thomlinson
发明人： Jeffrey F. Spelman , Matthew W. Thomlinson
IPC分类号： H04L9/08 , H04L9/30
CPC分类号： H04L9/0891 , H04L2209/80
摘要： A method of recovering from a compromise of a root key which is the private key of a first public key-private key pair, the method including the steps of electronically sending out an emergency message indicating that the root key has been compromised and also containing a replacement key and a digital signature which was generated by using the root key; and publishing in an out-of-band channel a value V, wherein V is derived from the emergency message.
摘要翻译：从作为第一公共密钥 - 私钥对的私钥的根密钥的折中恢复的方法，所述方法包括以下步骤：电子地发送指示所述根密钥已被破坏的紧急消息，并且还包含替换密钥和使用根密钥生成的数字签名; 以及在带外频道中发布V值，其中V是从紧急消息导出的。

4. 发明申请

US20090320136A1 IDENTIFYING EXPLOITATION OF VULNERABILITIES USING ERROR REPORT 有权
标题翻译：使用错误报告识别漏洞利用
公开(公告)号：US20090320136A1
公开(公告)日：2009-12-24
申请号：US12144694
申请日：2008-06-24
申请人： John J. Lambert , Matthew W. Thomlinson , Alexander R. G. Lucas , James P. Kelly , David S. Carter , Matthew I. Diver , Emma L. Crowe
发明人： John J. Lambert , Matthew W. Thomlinson , Alexander R. G. Lucas , James P. Kelly , David S. Carter , Matthew I. Diver , Emma L. Crowe
IPC分类号： G06F21/00
CPC分类号： H04L63/1433 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/566 , G06F21/577 , G06F2221/2101 , G06F2221/2123
摘要： A tool and method examine error report information from a computer to determine not only whether a virus or other malware may be present on the computer but also may determine what vulnerability a particular exploit was attempting to use to subvert security mechanism to install the virus. A system monitor may collect both error reports and information about the error report, such as geographic location, hardware configuration, and software/operating system version information to build a profile of the spread of an attack and to be able to issue notifications related to increased data collection for errors, including crashes related to suspected services under attack.
摘要翻译：一种工具和方法从计算机检查错误报告信息，不仅可以确定计算机上是否存在病毒或其他恶意软件，还可以确定特定漏洞利用何种漏洞破坏安全机制来安装病毒。系统监视器可以收集错误报告和关于错误报告的信息，例如地理位置，硬件配置和软件/操作系统版本信息，以构建攻击传播的简档，并且能够发布与增加的相关的通知数据收集错误，包括与受到攻击的可疑服务有关的崩溃。

5. 发明授权

US07478428B1 Adapting input to find integer overflows 有权
标题翻译：适应输入查找整数溢出
公开(公告)号：US07478428B1
公开(公告)日：2009-01-13
申请号：US10963296
申请日：2004-10-12
申请人： Matthew W. Thomlinson
发明人： Matthew W. Thomlinson
IPC分类号： H04L29/00
CPC分类号： G06F21/57 , G06F12/0223
摘要： Systems and methods are described for use in evaluating an application for security risks related to integer overflow conditions in conjunction with memory allocations. The evaluation includes finding a relationship between data input to the application and memory allocation requests made by the application. Having established the relationship, a memory allocation-requesting module within the application is tested, using input data selected using the relationship.
摘要翻译：描述了系统和方法用于结合内存分配来评估与整数溢出条件相关的安全风险的应用程序。该评估包括找到输入到应用程序的数据与由应用程序进行的内存分配请求之间的关系。建立关系后，使用使用该关系选择的输入数据来测试应用内的存储器分配请求模块。

6. 发明授权

US5764768A Blind encryption 失效
公开(公告)号：US5764768A
公开(公告)日：1998-06-09
申请号：US838693
申请日：1997-04-09
申请人： Jeffrey F. Spelman , Matthew W. Thomlinson
发明人： Jeffrey F. Spelman , Matthew W. Thomlinson
IPC分类号： G07F7/10 , H04L9/08 , H04L9/30
CPC分类号： G07F7/1016 , G06Q20/085 , H04L9/302 , H04L2209/04 , H04L2209/56
摘要： A method of processing encrypted communications sent by a first party, the method including the steps of: receiving from the first party a message that has a first part, a second part, a third part and a fourth part, wherein the first part includes a first block of information that is encrypted by using a key k1, the second part includes a second block of information that is encrypted by using a key k2, the third part includes a third block of information that is encrypted by using a key R, and the fourth part includes a fourth block of information that is encrypted by using the key R, wherein the third block of information includes k1 and the fourth block of information includes k2; blinding the fourth part; sending the third part and the blinded fourth part to a recryptor; receiving from the recryptor the k1 key re-encrypted by using a first key; and receiving from the recryptor a fifth block of information which is the blinded fourth block of information that has been encrypted by using a second key.

7. 发明授权

US08819797B2 Digital identity management 有权
标题翻译：数字身份管理
公开(公告)号：US08819797B2
公开(公告)日：2014-08-26
申请号：US13410173
申请日：2012-03-01
申请人： David B. Cross , Matthew W. Thomlinson , Philip J. Hallin , Thomas C. Jones
发明人： David B. Cross , Matthew W. Thomlinson , Philip J. Hallin , Thomas C. Jones
IPC分类号： G06F17/00 , G06F7/04
CPC分类号： H04L9/3263 , G06F21/33 , G06F21/45 , H04L9/006 , H04L9/14 , H04L9/30 , H04L9/3231 , H04L9/3234 , H04L63/06 , H04L2209/603
摘要： One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.
摘要翻译：一个方面涉及一种用于管理用于应用程序的数字ID生命周期的过程和相关设备，以及通过公共数字身份管理系统（DIMS）和应用编程接口（API）层抽象用于多种凭证的应用程序。

8. 发明授权

US08151332B2 Digital identity management 有权
标题翻译：数字身份管理
公开(公告)号：US08151332B2
公开(公告)日：2012-04-03
申请号：US11552736
申请日：2006-10-25
申请人： David B. Cross , Philip J. Hallin , Matthew W. Thomlinson , Thomas C. Jones
发明人： David B. Cross , Philip J. Hallin , Matthew W. Thomlinson , Thomas C. Jones
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： H04L9/3263 , G06F21/33 , G06F21/45 , H04L9/006 , H04L9/14 , H04L9/30 , H04L9/3231 , H04L9/3234 , H04L63/06 , H04L2209/603
摘要： One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.
摘要翻译：一个方面涉及一种用于管理用于应用程序的数字ID生命周期的过程和相关设备，以及通过公共数字身份管理系统（DIMS）和应用编程接口（API）层抽象用于多种凭证的应用程序。

9. 发明授权

US07996682B2 Secure prompting 有权
标题翻译：安全提示
公开(公告)号：US07996682B2
公开(公告)日：2011-08-09
申请号：US11251946
申请日：2005-10-17
申请人： Klaus U. Schutz , Matthew W. Thomlinson , Scott A. Field
发明人： Klaus U. Schutz , Matthew W. Thomlinson , Scott A. Field
IPC分类号： G06F21/00
CPC分类号： G06F21/57
摘要： Techniques are described herein for securely prompting a user to confirm sensitive operations, input sensitive information or the like. The techniques include receiving or intercepting calls from applications to prompting routines. When a call to a prompting routine is received or intercepted a hint may be provided to the user to switch to a secure desktop. When the user switches from the user desktop to the secure desktop the particular prompt is displayed. The input to the prompt is received on the secure desktop and verified to have been provided by the user. The user input or a representation of the input is then returned to the application running on the user desktop. Using these techniques, interception of prompting messages by malware does not result in sensitive information being revealed. Furthermore, spoofing of new messages by malware does not lead to the dismissal of critical prompting.
摘要翻译：这里描述了用于安全地提示用户确认敏感操作，输入敏感信息等的技术。这些技术包括接收或拦截来自应用程序的呼叫以提示例程。当接收或拦截对提示例程的调用时，可以向用户提供切换到安全桌面的提示。当用户从用户桌面切换到安全桌面时，会显示特定的提示。在安全桌面上接收到提示的输入，并验证其已由用户提供。用户输入或输入的表示然后返回到在用户桌面上运行的应用程序。使用这些技术，通过恶意软件拦截提示消息不会导致敏感信息被显示。此外，恶意软件欺骗新消息不会导致关键提示被解雇。

10. 发明授权

US07876902B2 Distribution of encrypted software update to reduce attack window 有权
标题翻译：分发加密软件更新以减少攻击窗口
公开(公告)号：US07876902B2
公开(公告)日：2011-01-25
申请号：US11515439
申请日：2006-08-31
申请人： Matthew W. Thomlinson , Christian E. Walker
发明人： Matthew W. Thomlinson , Christian E. Walker
IPC分类号： H04L9/08 , H04L9/00 , G06F11/00
CPC分类号： G06F21/57
摘要： Software updates remedy vulnerabilities in a computer program that has been distributed and installed on a plurality of computers. The software updates are distributed in encrypted form, and then, after the encrypted update has been delivered to a sufficient number of machines, the decryption key for the update is delivered. Since the key is relatively small, it can be distributed to a large number of machines very quickly, thereby reducing the amount of time between when the update is first known to the public, and the time at which all or most machines have installed the update to protect against the vulnerability.
摘要翻译：软件更新补救已分发并安装在多台计算机上的计算机程序中的漏洞。软件更新以加密形式分发，然后在加密更新已经传送到足够数量的机器之后，传递更新的解密密钥。由于密钥相对较小，因此可以非常快地分发到大量机器，从而减少了公众首次知道更新时间和所有或大多数机器安装更新的时间以防止漏洞。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式