专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07716720B1 System for providing secure and trusted computing environments 有权
标题翻译：用于提供安全可靠的计算环境的系统
公开(公告)号：US07716720B1
公开(公告)日：2010-05-11
申请号：US11155874
申请日：2005-06-17
申请人： James A. Marek , David S. Hardin , Raymond A. Kamin, III , Steven E. Koenck , Allen P. Mass
发明人： James A. Marek , David S. Hardin , Raymond A. Kamin, III , Steven E. Koenck , Allen P. Mass
IPC分类号： G06F7/04 , G06F17/30 , H04L9/32
CPC分类号： G06F21/74
摘要： The present invention is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.
摘要翻译：本发明涉及一种用于为不可信计算系统提供可信环境的系统。该系统可以包括管理共享资源的HAC子系统和用于控制COTS处理器来访问共享资源的可信总线交换机。诸如存储器和若干I / O资源的共享资源驻留在可信总线交换机的可信侧。或者，系统可以包括作为不可信主机环境的附加模块的SCM。只有经过认证的应用程序，包括COTS OS，在不可信任的应用程序在不受信任的主机环境上执行时才在SCM上执行。 SCM可以通过插件模块接口控制来自不受信任主机的安全资源访问。可以在插件模块接口的受信任侧维护所有安全资源。

2. 发明授权

US07734933B1 System for providing secure and trusted computing environments through a secure computing module 有权
标题翻译：通过安全计算模块提供安全可信计算环境的系统
公开(公告)号：US07734933B1
公开(公告)日：2010-06-08
申请号：US11156244
申请日：2005-06-17
申请人： James A. Marek , David S. Hardin , Raymond A. Kamin, III , Steven E. Koenck , Allen P. Mass
发明人： James A. Marek , David S. Hardin , Raymond A. Kamin, III , Steven E. Koenck , Allen P. Mass
IPC分类号： G06F11/30
CPC分类号： G06F21/85 , G06F21/57 , G06F21/74 , G06F2221/2153
摘要： The present invention is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.
摘要翻译：本发明涉及一种用于为不可信计算系统提供可信环境的系统。该系统可以包括管理共享资源的HAC子系统和用于控制COTS处理器来访问共享资源的可信总线交换机。诸如存储器和若干I / O资源的共享资源驻留在可信总线交换机的可信侧。或者，系统可以包括作为不可信主机环境的附加模块的SCM。只有经过认证的应用程序，包括COTS OS，在不可信任的应用程序在不受信任的主机环境中执行时才在SCM上执行。 SCM可以通过插件模块接口控制来自不受信任主机的安全资源访问。可以在插件模块接口的受信任侧维护所有安全资源。

3. 发明授权

US06317872B1 Real time processor optimized for executing JAVA programs 失效
标题翻译：针对执行JAVA程序优化的实时处理器
公开(公告)号：US06317872B1
公开(公告)日：2001-11-13
申请号：US09056048
申请日：1998-04-06
申请人： John K. Gee , David A. Greve , David S. Hardin , Raymond A. Kamin , T. Douglas Hiratzka , Allen P. Mass , Michael H. Masters , Nick M. Mykris
发明人： John K. Gee , David A. Greve , David S. Hardin , Raymond A. Kamin , T. Douglas Hiratzka , Allen P. Mass , Michael H. Masters , Nick M. Mykris
IPC分类号： G06F945
CPC分类号： G06F9/30134 , G06F9/30101 , G06F9/30123 , G06F9/44521 , G06F9/45504 , G06F12/0253 , Y10S707/99953 , Y10S707/99957
摘要： An improved computer architecture and system advantageously combine the beneficial characteristics of a high level object oriented programming language with an optimized processor for efficient application to real time embedded computing problems. Additionally, an improved method for resolving symbolic references in code generated by compiling source code written in an object oriented programming language to the corresponding logical memory addresses stores look-up information with the object itself after the first encounter of a given symbolic reference, whereby the logical memory address information is available for subsequent encounters of the symbolic reference, and whereby no modification of the program instructions containing the symbolic reference is necessary. In a preferred embodiment, the Java™ programming language is used.
摘要翻译：改进的计算机体系结构和系统有利地将高级面向对象编程语言的有益特征与优化的处理器相结合，以有效应用于实时嵌入式计算问题。此外，用于解析通过将以面向对象的编程语言编写的源代码编译成对应的逻辑存储器地址生成的代码中的符号引用的改进方法在首次遇到给定的符号引用之后存储与对象本身的查找信息，由此逻辑存储器地址信息可用于随后的符号引用的遇到，并且由此不需要修改包含符号引用的程序指令。在优选实施例中，使用Java TM编程语言。

4. 发明授权

US06374286B1 Real time processor capable of concurrently running multiple independent JAVA machines 失效
标题翻译：能够同时运行多台独立JAVA机器的实时处理器
公开(公告)号：US06374286B1
公开(公告)日：2002-04-16
申请号：US09056126
申请日：1998-04-06
申请人： John K. Gee , David A. Greve , David S. Hardin , Allen P. Mass , Michael H. Masters , Nick M. Mykris , Matthew M. Wilding
发明人： John K. Gee , David A. Greve , David S. Hardin , Allen P. Mass , Michael H. Masters , Nick M. Mykris , Matthew M. Wilding
IPC分类号： G06F952
CPC分类号： G06F9/30141 , G06F9/262 , G06F9/30101 , G06F9/30145 , G06F9/30167 , G06F9/45504 , G06F9/463 , G06F9/4825 , G06F9/4843
摘要： Multiple Java Virtual Machines (JVMs) operate on a single direct execution JAVA processor with each JVM operating in a separate time slice called a partition. Each JVM has its own data and control structures and is assigned a fixed area of memory. Each partition is also allotted a fixed period of time in which to operate, and, at the end of the allotted time, a context switch is forced to another JVM operating in the next partition. The context switch does not transfer control directly from one JVM to another JVM. Instead, at the end of a partition time period control is switched from the currently operating JVM to a “master JVM” during a time period called an “interstice.” The master JVM handles system interrupts and housekeeping duties. At the end of the interstice time period, the master JVM starts a proxy thread associated with the next JVM to become operational. The proxy thread handles JVM-specific interrupts and checks the status of the associated JVM. If the JVM appears operational the proxy thread transfers control to the JVM thread. Time intervals such as partition times and interstice times are enforced by hardware timers and memory accesses are checked by address comparison circuitry to prevent a system failure due to a malfunction in either the master JVM or another JVM.
摘要翻译：多个Java虚拟机（JVM）在单个直接执行JAVA处理器上运行，每个JVM都在称为分区的单独时间片中运行。每个JVM都有自己的数据和控制结构，并分配一个固定的内存区域。每个分区也被分配一段固定的操作时间段，并且在分配的时间结束时，上下文切换被强制到在下一个分区中操作的另一个JVM。上下文切换不会将控制直接从一个JVM传输到另一个JVM。相反，在分区时间段结束时，控制在称为“空格”的时间段内从当前操作的JVM切换到“主JVM”。主JVM处理系统中断和内务管理。在间隔时间段结束时，主JVM启动与下一个JVM相关联的代理线程以便运行。代理线程处理JVM特定的中断并检查关联的JVM的状态。如果JVM出现可操作，则代理线程将控制权转移到JVM线程。时间间隔（如分区时间和间隔时间）由硬件定时器执行，存储器访问由地址比较电路检查，以防止由于主JVM或其他JVM中的故障导致的系统故障。

5. 发明授权

US08161529B1 High-assurance architecture for routing of information between networks of differing security level 有权
标题翻译：用于在不同安全级别的网络之间路由信息的高保证架构
公开(公告)号：US08161529B1
公开(公告)日：2012-04-17
申请号：US11820351
申请日：2007-06-19
申请人： Mark A. Bortz , Matthew M. Wilding , James A. Marek , David S. Hardin , T. Douglas Hiratzka , Philippe M. T. Limondin
发明人： Mark A. Bortz , Matthew M. Wilding , James A. Marek , David S. Hardin , T. Douglas Hiratzka , Philippe M. T. Limondin
IPC分类号： H04L29/06
CPC分类号： G06F21/6218 , G06F2221/2141 , H04L45/04 , H04L63/101 , H04L63/105
摘要： The present invention is directed to routing information between networks of differing security level. Communication to/from each network is handled by a dedicated Offload Engine (OE). Each OE interfaces to a Guard Engine through a Guard Data Mover (GDM) and includes an interface for connecting to an external network. A first OE receives a data packet from a first network intended to be transmitted to a second network. The Guard Engine analyzes the data packet. The Guard Engine includes an ACL (Access Control List) which are rules data packets must meet before being passed onto a destination network. If allowed, the Guard Engine delivers the data packet to the second network via a second OE utilizing a GDM associated with the first OE and a GDM associated with the second OE. The architecture of the present invention reduces the time and effort needed to attain high-assurance certification.
摘要翻译：本发明涉及在不同安全级别的网络之间路由信息。与每个网络的通信由专用的卸载引擎（OE）来处理。每个OE通过Guard Data Mover（GDM）与Guard Engine接口，并包括一个用于连接到外部网络的接口。第一OE从旨在发送到第二网络的第一网络接收数据分组。 Guard Engine分析数据包。 Guard引擎包括一个ACL（访问控制列表），它们在被传递到目标网络之前必须满足规则数据包。如果允许，则Guard引擎将数据分组经由第二OE使用与第一OE相关联的GDM和与第二OE相关联的GDM将数据分组传送到第二网络。本发明的架构减少了获得高保证认证所需的时间和精力。

6. 发明授权

US07146602B2 Builder tool and interface for system supporting multiple virtual machines 有权
标题翻译： Builder工具和支持多个虚拟机的系统接口
公开(公告)号：US07146602B2
公开(公告)日：2006-12-05
申请号：US09681263
申请日：2001-03-09
申请人： Michael J. Frerking , David S. Hardin , Nick M. Mykris , Philip J. Wiley
发明人： Michael J. Frerking , David S. Hardin , Nick M. Mykris , Philip J. Wiley
IPC分类号： G06F7/00 , G06F9/44 , G06F9/45
CPC分类号： G06F8/71 , Y10S707/99931
摘要： A method and apparatus including an overview component depicting a plurality of virtual machines on a display of a computerized system. Parameter details of at least one virtual machine are concurrently displayed with the overview component. The method steps include receiving the compiled source code for two applications, creating two relocatable virtual machines to run the compiled source codes, determining the parameters for the multiple virtual machine environment, locating the two relocatable virtual machines and generating a target executable file for the environment.
摘要翻译：一种包括描绘计算机化系统的显示器上的多个虚拟机的概览组件的方法和装置。至少一个虚拟机的参数详细信息与概览组件同时显示。方法步骤包括接收两个应用程序的编译源代码，创建两个可重定位虚拟机以运行编译的源代码，确定多个虚拟机环境的参数，定位两个可重定位的虚拟机，并为环境生成目标可执行文件。

7. 发明授权

US07606254B1 Evaluatable high-assurance guard for security applications 有权
标题翻译：可评估的高保证机制，用于安全应用
公开(公告)号：US07606254B1
公开(公告)日：2009-10-20
申请号：US11366136
申请日：2006-03-02
申请人： David S. Hardin , David A. Greve , Sung J. Kim , Matthew M. Wilding
发明人： David S. Hardin , David A. Greve , Sung J. Kim , Matthew M. Wilding
IPC分类号： H04L12/54 , H04J1/16
CPC分类号： G06F21/85
摘要： The present invention is a method for providing a high-assurance guard in a partitioned processing system, the partitioned processing system including a first input/output partition, a guard function partition and a second input/output partition, the method including the steps of: receiving a data packet from the first input/output partition of the partitioned processing system via a first I/O interface; determining if the data packet is well-formed as defined by an interface control document; and forwarding the data packet to the second input/output partition of the partitioned processing system and to a second I/O interface only when the data packet is well-formed.
摘要翻译：本发明是一种在分区处理系统中提供高保证防护的方法，所述分区处理系统包括第一输入/输出分区，保护功能分区和第二输入/输出分区，所述方法包括以下步骤：经由第一I / O接口从分区处理系统的第一输入/输出分区接收数据分组; 确定数据分组是否由接口控制文档定义的格式正确; 并且将数据分组转发到分区处理系统的第二输入/输出分区，并且仅当数据分组形成良好时才传送到第二I / O接口。

8. 发明授权

US07171501B2 System and method for asynchronous transfer of control 有权
标题翻译：用于异步传输控制的系统和方法
公开(公告)号：US07171501B2
公开(公告)日：2007-01-30
申请号：US10279168
申请日：2002-10-23
申请人： Gregory Bollella , Benjamin M. Brosgol , Scott D. Robbins , David S. Hardin , Peter Dibble
发明人： Gregory Bollella , Benjamin M. Brosgol , Scott D. Robbins , David S. Hardin , Peter Dibble
IPC分类号： G06F13/24
CPC分类号： G06F9/4812 , G06F9/4843 , G06F2209/481
摘要： An invention is provided for a synchronous transfer of control. An asynchronous interrupt exception is received, and in response, the value of a reference counter is determined. The value of the reference counter is based on the execution of synchronized code. Generally, the reference counter is initialized to a predetermined number, and altered based on the execution of synchronized code. When the asynchronous interrupt exception is received, the method is asynchronously interrupted when the value of the reference counter is equal to the predetermined number.
摘要翻译：提供了一种用于控制的同步传送的发明。接收到异步中断异常，作为响应，确定参考计数器的值。引用计数器的值基于同步代码的执行。通常，参考计数器被初始化为预定数量，并且基于同步代码的执行而改变。当接收到异步中断异常时，当参考计数器的值等于预定数量时，该方法被异步中断。

9. 发明授权

US08881260B1 High assurance guard for security applications utilizing authentication and authorization services for sources of network data 有权
标题翻译：利用认证和授权服务的网络数据来源的安全应用的高度保障
公开(公告)号：US08881260B1
公开(公告)日：2014-11-04
申请号：US12893796
申请日：2010-09-29
申请人： David S. Hardin , Raymond J. Richards , Matthew M. Wilding
发明人： David S. Hardin , Raymond J. Richards , Matthew M. Wilding
IPC分类号： H04L29/06 , H04L12/26
CPC分类号： H04L43/18 , G06F2221/2113 , H04L43/028 , H04L63/101 , H04L63/12
摘要： Cross-Domain guard with authentication and authorization function used to protect data transferred between two separate and secure networks. The guard utilizes an existing audit port to provide the capability augment or replace data-forwarding decisions, which were previously being based solely on whether the data is in a well-formed packet. The authentication and authorization may be resident in a partition, a side car processor or a separate network.
摘要翻译：具有认证和授权功能的跨域保护功能用于保护在两个独立和安全网络之间传输的数据。保卫人员使用现有的审计端口来提供增强或替换数据转发决策的能力，这些决定先前仅基于数据是否在一个格式正确的数据包中。认证和授权可以驻留在分区，侧车处理器或单独的网络中。

10. 发明授权

US08041554B1 Method and system for the development of high-assurance microcode 有权
标题翻译：开发高保证微码的方法和系统
公开(公告)号：US08041554B1
公开(公告)日：2011-10-18
申请号：US11810609
申请日：2007-06-06
申请人： Philippe M. T. Limondin , T. Douglas Hiratzka , Michael W. Whalen , David S. Hardin
发明人： Philippe M. T. Limondin , T. Douglas Hiratzka , Michael W. Whalen , David S. Hardin
IPC分类号： G06F9/45
CPC分类号： G06F8/35 , G06F9/44589 , G06F11/3608 , G06F11/3684
摘要： The present invention is a methodology for developing high-assurance microcode. The method may comprise one or more of the following steps: (a) receiving a plurality of requirements detailing intended behavior of microcode (b) creating a model of microcode behavior; (c) generating microcode based on the model; (d) generating test cases based on the model; (e) simulating the behavior of the microcode; (f) translating the model into a verification tool-specific format; and (g) formally verifying the model using a verification tool.
摘要翻译：本发明是开发高保证微码的方法。该方法可以包括以下步骤中的一个或多个：（a）接收详细描述微代码的预期行为的多个要求（b）创建微代码行为的模型; （c）基于模型生成微代码; （d）根据模型生成测试用例; （e）模拟微码的行为; （f）将模型转换为具体的验证工具格式; 和（g）使用验证工具正式验证模型。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式