专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08347085B2 Integrating security protection tools with computer device integrity and privacy policy 有权
标题翻译：将安全保护工具与计算机设备完整性和隐私政策集成
公开(公告)号：US08347085B2
公开(公告)日：2013-01-01
申请号：US13341855
申请日：2011-12-30
申请人： Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
发明人： Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
IPC分类号： H04L29/06
CPC分类号： G06F21/50 , G06F21/51 , G06F21/53
摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译：在计算机设备上电时，计算机设备的操作系统启动监视器。监视器为在计算机设备上运行的每个程序和对象（统称为程序）分配监视程序，以监视程序的活动。当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为完整性标签）。监控程序又向监控程序监控的程序分配一个完整性标签。分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

2. 发明授权

US07810153B2 Controlling execution of computer applications 有权
标题翻译：控制计算机应用程序的执行
公开(公告)号：US07810153B2
公开(公告)日：2010-10-05
申请号：US11046607
申请日：2005-01-28
申请人： Eric C. Perlin , Klaus U. Schutz , Paul J. Leach , Peter T. Brundrett , Thomas C. Jones
发明人： Eric C. Perlin , Klaus U. Schutz , Paul J. Leach , Peter T. Brundrett , Thomas C. Jones
IPC分类号： G06F7/04 , G06F12/00 , G06F12/14 , G06F13/00 , G06F17/30
CPC分类号： G06F21/62 , G06F21/31 , G06F21/54 , G06F2221/2141
摘要： Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.
摘要翻译：描述了控制由应用访问数据的尝试的系统和方法。在一个实施例中，该应用与包括应用ID的安全令牌相关联。在操作中，系统接收由应用程序发起的用于访问数据的请求。该系统被配置为基于安全令牌的比较和与数据相关联的已批准应用ID的列表来部分地评估访问请求。

3. 发明申请

US20110106948A1 Running Internet Applications with Low Rights 有权
标题翻译：运行低权限的Internet应用程序
公开(公告)号：US20110106948A1
公开(公告)日：2011-05-05
申请号：US12840123
申请日：2010-07-20
申请人： Roberto A. Franco , Anantha P. Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K. Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
发明人： Roberto A. Franco , Anantha P. Ganjam , John G. Bedworth , Peter T. Brundrett , Roland K. Tokumi , Jeremiah S. Epling , Daniel Sie , Jianrong Gu , Marc Silbey , Vidya Nallathimmayyagari , Bogdan Tepordei
IPC分类号： G06F15/173
CPC分类号： G06F21/53
摘要： In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.
摘要翻译：在各种实施例中，被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行，所述权限级别可以禁止应用访问相关联的计算设备的部分。例如，在一些实施例中，受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质（例如硬盘）的部分进行读取和写入访问。在这些实施例中，称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。

4. 发明授权

US07757281B2 Privilege restriction enforcement in a distributed system 有权
标题翻译：分布式系统中的特权限制执行
公开(公告)号：US07757281B2
公开(公告)日：2010-07-13
申请号：US11450597
申请日：2006-06-09
申请人： Scott A. Field , Liqiang Zhu , Peter T. Brundrett , Paul J. Leach
发明人： Scott A. Field , Liqiang Zhu , Peter T. Brundrett , Paul J. Leach
IPC分类号： G06F7/04
CPC分类号： H04L63/102
摘要： Remote administrative privileges in a distributed system are disabled by default. To administer a remote system, express action is taken to elevate a user status to obtain remote administrative privileges. When local and remote systems communicate, information pertaining to the status of the logged on user is included in the communications. If the user wishes to legitimately administer a remote system, the user provides an explicit request. The request is processed. If the user is configured as an administrator of the remote system and the request contains an indication that the user's administrative status has been elevated, an authorization token is generated. The authorization token is utilized by the remote system to allow the user to administer the remote system.
摘要翻译：默认情况下，分布式系统中的远程管理权限将被禁用。要管理远程系统，请采取行动来提升用户状态以获得远程管理权限。当本地和远程系统进行通信时，通信中包含与登录用户状态有关的信息。如果用户希望合法地管理远程系统，则用户提供明确的请求。请求被处理。如果用户配置为远程系统的管理员，并且该请求包含用户的管理状态提升的指示，则会生成授权令牌。远程系统利用授权令牌允许用户管理远程系统。

5. 发明申请

US20080022093A1 Integrating security protection tools with computer device integrity and privacy policy 有权
标题翻译：将安全保护工具与计算机设备完整性和隐私政策集成
公开(公告)号：US20080022093A1
公开(公告)日：2008-01-24
申请号：US11472052
申请日：2006-06-20
申请人： Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
发明人： Thekkthalackal Varugis Kurien , Jeffrey B. Hamblin , Narasimha Rao Nagampalli , Peter T. Brundrett , Scott Field
IPC分类号： H04L9/00
CPC分类号： G06F21/50 , G06F21/51 , G06F21/53
摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译：在计算机设备上电时，计算机设备的操作系统启动监视器。监视器为在计算机设备上运行的每个程序和对象（统称为“程序”）分配监视程序，以监视程序的活动。当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为“完整性标签”）。监控程序又向监控程序监控的程序分配一个完整性标签。分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

6. 发明授权

US08646044B2 Mandatory integrity control 有权
标题翻译：强制诚信控制
公开(公告)号：US08646044B2
公开(公告)日：2014-02-04
申请号：US11117621
申请日：2005-04-28
申请人： Richard B. Ward , Jeffrey Hamblin , Peter T. Brundrett
发明人： Richard B. Ward , Jeffrey Hamblin , Peter T. Brundrett
IPC分类号： G06F7/04
CPC分类号： G06F21/6218 , G06F2221/2141 , G06F2221/2149
摘要： The contemplated embodiments of the invention provide a method for implementing a mandatory integrity control (MIC) system that provides access control for each and every object and subject that need access control, but in a way that allows legacy operating systems to continue with little modification. The invention provides a novel method that selects an integrity level designator for a subject, when the subject logs onto the computer system. The selected integrity level designator is then added to an existing data structure in the computer system. The existing data structure may be a part of a security descriptor stored in a system access control list of an object. The existing data structure may be a part of a list of security permissions that constitute an access token for a process executing as a subject.
摘要翻译：本发明的预期实施例提供了一种用于实现强制完整性控制（MIC）系统的方法，该系统为需要访问控制的每个对象和对象提供访问控制，但是以允许传统操作系统继续进行很少修改的方式。本发明提供了一种当主体登录到计算机系统时为对象选择完整性级别指示符的新颖方法。然后，将所选择的完整性级别指示符添加到计算机系统中的现有数据结构。现有数据结构可以是存储在对象的系统访问控制列表中的安全描述符的一部分。现有数据结构可以是构成作为主体执行的进程的访问令牌的安全许可列表的一部分。

7. 发明授权

US08117441B2 Integrating security protection tools with computer device integrity and privacy policy 有权
标题翻译：将安全保护工具与计算机设备完整性和隐私政策集成
公开(公告)号：US08117441B2
公开(公告)日：2012-02-14
申请号：US11472052
申请日：2006-06-20
申请人： Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
发明人： Thekkthalackal Varugis Kurien , Jeffrey B Hamblin , Narasimha Rao Nagampalli , Peter T Brundrett , Scott Field
IPC分类号： H04L29/00 , H04L29/06
CPC分类号： G06F21/50 , G06F21/51 , G06F21/53
摘要： At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.
摘要翻译：在计算机设备上电时，计算机设备的操作系统启动监视器。监视器为在计算机设备上运行的每个程序和对象（统称为“程序”）分配监视程序，以监视程序的活动。当监视程序被分配给程序时，基于应用于监视程序的预定标准，向监视程序分配完整性和/或隐私标签（统称为“完整性标签”）。监控程序又向监控程序监控的程序分配一个完整性标签。分配给被监视程序的完整性标签小于或等于监视程序的完整性标签。监视器基于分配给被监视程序的完整性标签和与监视程序正在寻求访问的数据，另一程序或远程网络资源相关联的完整性标签来强制执行计算机设备的完整性策略。

8. 发明授权

US07636851B2 Providing user on computer operating system with full privileges token and limited privileges token 有权
标题翻译：在计算机操作系统上为用户提供完全权限令牌和有限权限令牌
公开(公告)号：US07636851B2
公开(公告)日：2009-12-22
申请号：US11171744
申请日：2005-06-30
申请人： Jeffrey B. Hamblin , Jonathan Schwartz , Kedarnath A. Dubhashi , Klaus U. Schutz , Peter T. Brundrett , Richard B. Ward , Thomas C. Jones
发明人： Jeffrey B. Hamblin , Jonathan Schwartz , Kedarnath A. Dubhashi , Klaus U. Schutz , Peter T. Brundrett , Richard B. Ward , Thomas C. Jones
IPC分类号： G06F21/00
CPC分类号： G06F21/62 , G06F2221/2145 , G06F2221/2149
摘要： An operating system for a computing device has a first session for a user that includes a first base process that has a first privileges token attached thereto. The first privileges token includes substantially a full set of privileges of the user on the operating system. The operating system also has a second session for the user that includes a second base process that has a second privileges token attached thereto. The second privileges token is derived from the first privileges token and includes only a minimum set of privileges of the user on the operating system. Thus, the second, limited token does not have all privileges associated with the first, full token but instead has a limited set of privileges and not extra privileges that could be employed to take actions that would be harmful, deceptive, or malicious.
摘要翻译：用于计算设备的操作系统具有用于用户的第一会话，所述第一会话包括具有连接到其的第一权限令牌的第一基本进程。第一权限令牌在操作系统上基本上包括用户的一整套特权。操作系统还具有用户的第二会话，其包括具有附加到其的第二权限令牌的第二基本进程。第二个权限令牌是从第一个权限令牌导出的，并且仅包含操作系统上用户的一组最小权限。因此，第二个有限令牌不具有与第一个完整令牌相关联的所有权限，而是具有一组有限的权限，而不是可以用于采取有害，欺骗性或恶意行为的额外权限。

9. 发明授权

US06625603B1 Object type specific access control 有权
标题翻译：对象类型特定访问控制
公开(公告)号：US06625603B1
公开(公告)日：2003-09-23
申请号：US09157768
申请日：1998-09-21
申请人： Praerit Garg , Michael M. Swift , Clifford P. Van Dyke , Richard B. Ward , Peter T. Brundrett
发明人： Praerit Garg , Michael M. Swift , Clifford P. Van Dyke , Richard B. Ward , Peter T. Brundrett
IPC分类号： G06F1700
CPC分类号： G06F9/468 , G06F21/6218 , G06F2221/2141 , Y10S707/99939 , Y10S707/99944 , Y10S707/99952
摘要： Providing object type specific access control to an object is described. In one embodiment, a computer system comprises an operating system operative to control an application and a service running on a computer. The service maintains a service object having a link to an access control entry. The access control entry contains an access right to perform an operation on an object type. The system further includes an access control module within the operating system. The access control module includes an access control interface and operates to grant or deny the access right to perform the operation on the object.
摘要翻译：对对象提供对象类型特定的访问控制被描述。在一个实施例中，计算机系统包括可操作以控制应用和在计算机上运行的服务的操作系统。服务维护具有到访问控制条目的链接的服务对象。访问控制条目包含对对象类型执行操作的访问权限。系统还包括操作系统内的访问控制模块。访问控制模块包括访问控制接口并且操作以授予或拒绝对对象执行操作的访问权限。

10. 发明授权

US07802294B2 Controlling computer applications' access to data 有权
标题翻译：控制计算机应用程序访问数据
公开(公告)号：US07802294B2
公开(公告)日：2010-09-21
申请号：US11046281
申请日：2005-01-28
申请人： Eric C. Perlin , Klaus U. Schutz , Paul J. Leach , Peter T. Brundrett , Thomas C. Jones
发明人： Eric C. Perlin , Klaus U. Schutz , Paul J. Leach , Peter T. Brundrett , Thomas C. Jones
IPC分类号： G06F7/04
CPC分类号： G06F21/6218 , G06F21/6281 , G06F2221/2141
摘要： Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.
摘要翻译：描述了控制由应用访问数据的尝试的系统和方法。在一个实施例中，该应用与包括应用ID的安全令牌相关联。在操作中，系统接收由应用程序启动的用于访问数据的请求。该系统被配置为基于安全令牌的比较和与数据相关联的已批准应用ID的列表来部分地评估访问请求。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式