专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07886353B2 Accessing a USB host controller security extension using a HCD proxy 有权
标题翻译：使用HCD代理访问USB主机控制器安全扩展
公开(公告)号：US07886353B2
公开(公告)日：2011-02-08
申请号：US11090547
申请日：2005-03-25
申请人： Idan Avraham , John C. Dunn , Constantyn Koeman , Mark Williams , David R. Wooten
发明人： Idan Avraham , John C. Dunn , Constantyn Koeman , Mark Williams , David R. Wooten
IPC分类号： G06F9/00 , G06F15/16
CPC分类号： G06F13/102 , G06F21/53 , G06F21/85 , G06F2213/0042
摘要： Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.
摘要翻译：公开了用于使可信软件监视和控制与主机控制器和USB拓扑中的设备的安全扩展相关联的USB流量的系统和方法。主机控制器代理从主机控制器驱动器接收USB相关数据，确定数据是否具有安全关注，如果是，则将数据发送到驱动程序，以在可信执行环境中执行安全扩展。类似地，在可信执行环境中执行软件后，对HCD代理发送的数据进行评估并适当地处理从硬件安全扩展检索的数据，HCD代理从可信执行环境接收数据以进一步传播。

2. 发明申请

US20060218409A1 Accessing a USB host controller security extension using a HCD proxy 有权
标题翻译：使用HCD代理访问USB主机控制器安全扩展
公开(公告)号：US20060218409A1
公开(公告)日：2006-09-28
申请号：US11090547
申请日：2005-03-25
申请人： Idan Avraham , John Dunn , Constantyn Koeman , Mark Williams , David Wooten
发明人： Idan Avraham , John Dunn , Constantyn Koeman , Mark Williams , David Wooten
IPC分类号： G06F12/14
CPC分类号： G06F13/102 , G06F21/53 , G06F21/85 , G06F2213/0042
摘要： Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.
摘要翻译：公开了用于使可信软件监视和控制与主机控制器和USB拓扑中的设备的安全扩展相关联的USB流量的系统和方法。主机控制器代理从主机控制器驱动器接收USB相关数据，确定数据是否具有安全关注，如果是，则将数据发送给驱动程序，以在可信执行环境中执行安全扩展。类似地，在可信执行环境中执行软件后，对HCD代理发送的数据进行评估并适当地处理从硬件安全扩展检索的数据，HCD代理从可信执行环境接收数据以进一步传播。

3. 发明授权

US07761618B2 Using a USB host controller security extension for controlling changes in and auditing USB topology 失效
标题翻译：使用USB主机控制器安全扩展来控制USB拓扑的更改和审核
公开(公告)号：US07761618B2
公开(公告)日：2010-07-20
申请号：US11090582
申请日：2005-03-25
申请人： Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
发明人： Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
IPC分类号： G06F5/00 , G06F12/14
CPC分类号： G06F21/554 , G06F21/55 , G06F2221/2101
摘要： Protecting computer systems from attacks that attempt to change USB topology and for ensuring that the system's information regarding USB topology is accurate is disclosed. A software model is defined that, together with secure USB hardware, provides an ability to define policies using which USB traffic can be properly monitored and controlled. The implemented policy provides control over USB commands through a combination of software evaluation and hardware programming. Legitimate commands are evaluated and “allowed” to be sent to a USB device by a host controller. Illegitimate commands are evaluated and blocked. Additionally, the USB topology is audited to verify that the system's topology map matches the actual USB topology.
摘要翻译：公开了保护计算机系统免受试图改变USB拓扑并确保系统有关USB拓扑的信息准确的攻击。定义了一种软件模型，它与安全USB硬件一起提供了一种定义可以正确监控和控制哪个USB流量的策略的能力。实施的策略通过软件评估和硬件编程的组合来提供对USB命令的控制。评估合法的命令，并通过主机控制器将“允许”命令发送到USB设备。非法命令被评估和阻止。另外，USB拓扑被审计，以验证系统的拓扑图匹配实际的USB拓扑。

4. 发明申请

US20060218320A1 Using a USB host controller security extension for controlling changes in and auditing USB topology 失效
标题翻译：使用USB主机控制器安全扩展来控制USB拓扑的更改和审核
公开(公告)号：US20060218320A1
公开(公告)日：2006-09-28
申请号：US11090582
申请日：2005-03-25
申请人： Idan Avraham , Kenneth Ray , Mark Williams , David Wooten
发明人： Idan Avraham , Kenneth Ray , Mark Williams , David Wooten
IPC分类号： G06F13/38
CPC分类号： G06F21/554 , G06F21/55 , G06F2221/2101
摘要： Protecting computer systems from attacks that attempt to change USB topology and for ensuring that the system's information regarding USB topology is accurate is disclosed. A software model is defined that, together with secure USB hardware, provides an ability to define policies using which USB traffic can be properly monitored and controlled. The implemented policy provides control over USB commands through a combination of software evaluation and hardware programming. Legitimate commands are evaluated and “allowed” to be sent to a USB device by a host controller. Illegitimate commands are evaluated and blocked. Additionally, the USB topology is audited to verify that the system's topology map matches the actual USB topology.
摘要翻译：公开了保护计算机系统免受试图改变USB拓扑并确保系统有关USB拓扑的信息准确的攻击。定义了一种软件模型，它与安全USB硬件一起提供了一种定义可以正确监控和控制哪个USB流量的策略的能力。实施的策略通过软件评估和硬件编程的组合来提供对USB命令的控制。评估合法的命令，并通过主机控制器将“允许”命令发送到USB设备。非法命令被评估和阻止。另外，USB拓扑被审计，以验证系统的拓扑图匹配实际的USB拓扑。

5. 发明申请

US20080022032A1 Concurrent virtual machine snapshots and restore 有权
标题翻译：并发虚拟机快照和还原
公开(公告)号：US20080022032A1
公开(公告)日：2008-01-24
申请号：US11487031
申请日：2006-07-13
申请人： Andrew Ernest Nicholas , Aaron S. Giles , Eric P. Traut , Idan Avraham , Xiongjian Fu , Osama M. Salem
发明人： Andrew Ernest Nicholas , Aaron S. Giles , Eric P. Traut , Idan Avraham , Xiongjian Fu , Osama M. Salem
IPC分类号： G06F12/00
CPC分类号： G06F11/1469 , G06F9/4418 , G06F9/45558 , G06F11/1438 , G06F11/1482 , G06F11/1484 , G06F2009/45575 , G06F2201/815 , G06F2201/84
摘要： Various mechanisms are disclosed herein for the saving and restoring of virtual machine environment state. For example, virtual machine state can be either be saved or (multiple) snapshots can be taken of the virtual machine state. In the latter case, virtual processors can be allowed to run while the memory of the virtual machine state is being saved. In either case, virtual devices associated with the virtual machine environment can be quiesced such that these devices can prepare themselves to be saved. Once such virtual devices and memory are saved, they can also be restored. For example, restoration of memory can occur while virtual processors are running at the same time. And, moreover, restoration can occur in batches of pages, thus optimizing the response time for restoring saved data.
摘要翻译：本文公开了用于保存和恢复虚拟机环境状态的各种机制。例如，可以保存虚拟机状态，或者可以采用虚拟机状态的（多个）快照。在后一种情况下，可以允许虚拟处理器在虚拟机状态的存储器被保存时运行。在任一种情况下，与虚拟机环境相关联的虚拟设备都可以停顿，以便这些设备可以准备好自己保存。一旦这样的虚拟设备和内存被保存，它们也可以恢复。例如，当虚拟处理器同时运行时，可能会发生内存的恢复。而且，还可以批量进行页面恢复，从而优化恢复保存的数据的响应时间。

6. 发明授权

US08447936B2 Module state management in a virtual machine environment 有权
标题翻译：虚拟机环境中的模块状态管理
公开(公告)号：US08447936B2
公开(公告)日：2013-05-21
申请号：US11480228
申请日：2006-06-30
申请人： Douglas A. Watkins , Idan Avraham
发明人： Douglas A. Watkins , Idan Avraham
IPC分类号： G06F12/00
CPC分类号： G06F9/44521 , G06F9/4555 , G06F9/45558 , G06F12/10 , G06F2009/45583
摘要： A method for managing software modules of at least two operating systems sharing physical resources of a computing environment, but running in different partitions separated by a virtualization boundary comprises accumulating module information in a virtualization subsystem that directs the creation and management of the partitions. The accumulated module information is used across the virtualization boundary to manage the use of the software modules. Also, a method for managing software modules comprises making at least two operating systems aware that they are being hosted in a virtualized computing environment.
摘要翻译：用于管理共享计算环境的物理资源但运行在由虚拟化边界分隔的不同分区中的至少两个操作系统的软件模块的方法包括在指导分区的创建和管理的虚拟化子系统中累积模块信息。累积的模块信息用于虚拟化边界，以管理软件模块的使用。而且，用于管理软件模块的方法包括使至少两个操作系统意识到它们被托管在虚拟化计算环境中。

7. 发明授权

US08122361B2 Providing a graphical user interface in a system with a high-assurance execution environment 有权
标题翻译：在具有高保证执行环境的系统中提供图形用户界面
公开(公告)号：US08122361B2
公开(公告)日：2012-02-21
申请号：US10691759
申请日：2003-10-23
申请人： Idan Avraham , Christine M. Chew , Paul C. Roberts , Bryan Willman
发明人： Idan Avraham , Christine M. Chew , Paul C. Roberts , Bryan Willman
IPC分类号： G06F3/00 , H04L29/06
CPC分类号： G06F21/84
摘要： Techniques are disclosed to provide security for graphical user interface elements being displayed in a system having a host operating system and a high assurance operating system. Graphical user interface elements associated with the high-assurance operating system may be prevented from being obscured and from any partial transparency. Additionally, a piece of secret information may be stored and displayed by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system. Public title information may be furnished to a host operating system windowing system to identify a window owned by a process running on a high-assurance operating system. Private title information associated with the same window may be used in the high assurance operating system.
摘要翻译：公开了技术来提供在具有主机操作系统和高保证操作系统的系统中显示的图形用户界面元素的安全性。可以防止与高保证操作系统相关联的图形用户界面元素被遮蔽和不受任何部分透明度影响。此外，一个秘密信息可以由与高保证操作系统相关联的图形用户界面元素存储和显示。与高保证操作系统相关联的图形用户界面元素的某些元素的协调也有助于识别与高保证操作系统相关联的合法元素。可以向主机操作系统窗口系统提供公开标题信息，以识别在高保证操作系统上运行的进程所拥有的窗口。可以在高保证操作系统中使用与同一窗口相关联的私有标题信息。

8. 发明授权

US07882566B2 Providing secure input to a system with a high-assurance execution environment 有权
标题翻译：为具有高度执行环境的系统提供安全输入
公开(公告)号：US07882566B2
公开(公告)日：2011-02-01
申请号：US12323169
申请日：2008-11-25
申请人： Idan Avraham , Christine M. Chew , John E. Paff , Paul Roberts , Hirofumi Yamamoto
发明人： Idan Avraham , Christine M. Chew , John E. Paff , Paul Roberts , Hirofumi Yamamoto
IPC分类号： G06F12/14
CPC分类号： G06F21/83 , G06F21/53 , G06F21/57 , G06F21/84 , G06F2221/2105 , H04W12/08 , H04W88/02
摘要： Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.
摘要翻译：公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。根据当前状态，通过第二环境和安全执行环境的安全内核来定向用户输入流。

9. 发明授权

US07475183B2 Large page optimizations in a virtual machine environment 有权
标题翻译：虚拟机环境中的大页面优化
公开(公告)号：US07475183B2
公开(公告)日：2009-01-06
申请号：US11299409
申请日：2005-12-12
申请人： Eric P. Traut , Idan Avraham , Matthew D. Hendel
发明人： Eric P. Traut , Idan Avraham , Matthew D. Hendel
IPC分类号： G06F12/10
CPC分类号： G06F9/45504
摘要： Provided are optimizations to the memory virtualization model employed in a virtual machine environment. An opportunistic hypervisor page mapping process is used in order to utilize large memory pages in a virtual machine environment. Using these optimizations, physical memory is being virtualized for the virtual machine in a manner that allows the operating system (OS) running within the virtual machine to take real and full advantage of large physical memory pages.
摘要翻译：提供了在虚拟机环境中使用的内存虚拟化模型的优化。为了在虚拟机环境中利用大的内存页，使用机会性管理程序页面映射过程。使用这些优化，物理内存正以虚拟机虚拟化，从而允许虚拟机中运行的操作系统（OS）充分利用大型物理内存页面。

10. 发明授权

US07464412B2 Providing secure input to a system with a high-assurance execution environment 有权
标题翻译：为具有高度执行环境的系统提供安全输入
公开(公告)号：US07464412B2
公开(公告)日：2008-12-09
申请号：US10693061
申请日：2003-10-24
申请人： Idan Avraham , Christine M. Chew , John E. Paff , Paul Roberts , Hirofumi Yamamoto
发明人： Idan Avraham , Christine M. Chew , John E. Paff , Paul Roberts , Hirofumi Yamamoto
IPC分类号： G06F12/14
CPC分类号： G06F21/83 , G06F21/53 , G06F21/57 , G06F21/84 , G06F2221/2105 , H04W12/08 , H04W88/02
摘要： Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system. Where shadow graphical elements are run by the first operating system to indicate the location of graphical elements from processes running on the second operating system, this programmatic activation may be indicated by programmatic activation of a shadow graphical element.
摘要翻译：公开了技术来为用户输入提供安全性，其中第一主机操作系统与第二高保证操作系统一起使用，其中第一系统为第二系统提供至少一些基础设施。提出了两种模式。在第一模式中，用户数据被传递到主机操作系统。在第二模式中，用户数据被保留在第二操作系统中，以便使用在第二操作系统上运行的第二操作系统或进程。节点之间的转换可以根据诸如按键组合之类的假设的用户动作，或当用户执行指示在第二操作系统中运行的进程的编程激活的动作时完成。在阴影图形元素由第一操作系统运行以指示来自在第二操作系统上运行的进程的图形元素的位置的情况下，可以通过阴影图形元素的编程激活来指示该程序化激活。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式