专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07913074B2 Securely launching encrypted operating systems 有权
标题翻译：安全地启动加密的操作系统
公开(公告)号：US07913074B2
公开(公告)日：2011-03-22
申请号：US11864418
申请日：2007-09-28
申请人： Kevin M Litwack , Kenneth D. Ray , David R Wooten , Nathan T. Lewis
发明人： Kevin M Litwack , Kenneth D. Ray , David R Wooten , Nathan T. Lewis
IPC分类号： G06F9/00 , H04L29/06 , G06F21/00 , G06F11/30 , G06F7/04 , H04K1/00 , H04L9/00
CPC分类号： G06F15/16
摘要： Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.
摘要翻译：本文描述了用于安全启动加密操作系统的工具和技术。这些工具可以提供包括为系统定义引导路径的操作系统（OS）的计算系统。该引导路径可以包括第一和第二OS加载器组件。第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令，并且用于从加密的第二存储中检索这些指定的扇区。第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中，并且可以调用第二加载器来尝试使用这些扇区启动操作系统。反过来，第二装载器可以包括用于从第三商店检索这些扇区的指令，以及用于解密用于对这些扇区进行解密的密钥。然后，第二加载器可以解密这些扇区，并尝试从这些扇区启动OS。

2. 发明申请

US20090089568A1 Securely Launching Encrypted Operating Systems 有权
标题翻译：安全启动加密操作系统
公开(公告)号：US20090089568A1
公开(公告)日：2009-04-02
申请号：US11864418
申请日：2007-09-28
申请人： Kevin M. Litwack , Kenneth D. Ray , David R. Wooten , Nathan T. Lewis
发明人： Kevin M. Litwack , Kenneth D. Ray , David R. Wooten , Nathan T. Lewis
IPC分类号： G06F15/177
CPC分类号： G06F15/16
摘要： Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.
摘要翻译：本文描述了用于安全启动加密操作系统的工具和技术。这些工具可以提供包括为系统定义引导路径的操作系统（OS）的计算系统。该引导路径可以包括第一和第二OS加载器组件。第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令，并且用于从加密的第二存储中检索这些指定的扇区。第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中，并且可以调用第二加载器来尝试使用这些扇区启动操作系统。反过来，第二装载器可以包括用于从第三商店检索这些扇区的指令，以及用于解密用于对这些扇区进行解密的密钥。然后，第二加载器可以解密这些扇区，并尝试从这些扇区启动OS。

3. 发明授权

US08375440B2 Secure bait and switch resume 有权
标题翻译：安全诱饵和开关恢复
公开(公告)号：US08375440B2
公开(公告)日：2013-02-12
申请号：US11872220
申请日：2007-10-15
申请人： Kenneth D. Ray , Kevin M. Litwack , David R. Wooten
发明人： Kenneth D. Ray , Kevin M. Litwack , David R. Wooten
IPC分类号： G06F21/00
CPC分类号： G06F15/177 , G06F9/4418 , G06F21/31 , G06F21/81
摘要： Procedures for resumption from a low activity condition are discussed. In implementations, a persistent state file, or a portion thereof, is secured via an encryption algorithm, with the decryption key secured via the operating system (OS) login user credentials. Once a user is authenticated via the OS login, the persistent state file may be decrypted and inserted in the OS boot path with resumption occurring through the persistent state file.
摘要翻译：讨论从低活动条件恢复的程序。在实现中，经由加密算法来保护持久状态文件或其一部分，其中解密密钥通过操作系统（OS）登录用户凭证得到保护。一旦用户通过OS登录认证，持久状态文件可以被解密并插入到OS引导路径中，并通过持久状态文件进行恢复。

4. 发明申请

US20090100516A1 Secure Bait and Switch Resume 有权
标题翻译：安全诱饵和开关简历
公开(公告)号：US20090100516A1
公开(公告)日：2009-04-16
申请号：US11872220
申请日：2007-10-15
申请人： Kenneth D. Ray , Kevin M. Litwack , David R. Wooten
发明人： Kenneth D. Ray , Kevin M. Litwack , David R. Wooten
IPC分类号： H04L9/32 , G06F15/177
CPC分类号： G06F15/177 , G06F9/4418 , G06F21/31 , G06F21/81
摘要： Procedures for resumption from a low activity condition are discussed. In implementations, a persistent state file, or a portion thereof, is secured via an encryption algorithm, with the decryption key secured via the operating system (OS) login user credentials. Once a user is authenticated via the OS login, the persistent state file may be decrypted and inserted in the OS boot path with resumption occurring through the persistent state file.
摘要翻译：讨论从低活动条件恢复的程序。在实现中，经由加密算法来保护持久状态文件或其一部分，其中解密密钥通过操作系统（OS）登录用户凭证得到保护。一旦用户通过OS登录认证，持久状态文件可以被解密并插入到OS引导路径中，并通过持久状态文件进行恢复。

5. 发明授权

US08387152B2 Attested content protection 有权
标题翻译：受理内容保护
公开(公告)号：US08387152B2
公开(公告)日：2013-02-26
申请号：US12163426
申请日：2008-06-27
申请人： Kenneth D. Ray , Nathan T. Lewis , Matthew C. Setzer , David R. Wooten
发明人： Kenneth D. Ray , Nathan T. Lewis , Matthew C. Setzer , David R. Wooten
IPC分类号： G06F7/04 , G06F17/30 , G06F17/00 , G06F15/16 , G06F12/14 , G06F13/00 , G06F21/00 , H04N7/16 , H04L29/06 , H04L9/32 , H04L9/08
CPC分类号： G06F21/57 , G06F21/10
摘要： Computer systems and environments implemented herein permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, this computing environment can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译：本文实现的计算机系统和环境允许本地机器增加对授权访问受保护内容的参与。操作系统在相应的计算机系统上证明计算环境。如果计算环境是允许访问受保护内容的计算环境，则允许操作系统根据生殖策略进一步（例如，应用）调整对受保护内容的访问。因此，授权决定部分分配，减轻了内容保护服务器的资源负担。因此，当请求对受保护内容的访问时，该计算环境可以促进更强大和有效的授权决定。

6. 发明申请

US20090327705A1 ATTESTED CONTENT PROTECTION 有权
标题翻译：强制内容保护
公开(公告)号：US20090327705A1
公开(公告)日：2009-12-31
申请号：US12163426
申请日：2008-06-27
申请人： Kenneth D. Ray , Nathan T. Lewis , Matthew C. Setzer , David R. Wooten
发明人： Kenneth D. Ray , Nathan T. Lewis , Matthew C. Setzer , David R. Wooten
IPC分类号： H04L9/32 , G06F21/24 , H04L9/08
CPC分类号： G06F21/57 , G06F21/10
摘要： The present invention extends to methods, systems, and computer program products for protecting content. Embodiments of the invention permit a local machine increased participation in authorizing access to protected content. An operating system attests to a computing environment at a corresponding computer system. If the computing environment is one permitted to access protected content, the operating system is permitted to regulate further (e.g., application) access to protected content in accordance with a procreation policy. As such, authorization decisions are partially distributed, easing the resource burden on a content protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.
摘要翻译：本发明扩展到用于保护内容的方法，系统和计算机程序产品。本发明的实施例允许本地机器增加对授权对受保护内容的访问的参与。操作系统在相应的计算机系统上证明计算环境。如果计算环境是允许访问受保护内容的计算环境，则允许操作系统根据生殖策略进一步（例如，应用）调整对受保护内容的访问。因此，授权决定部分分配，减轻了内容保护服务器的资源负担。因此，当请求访问受保护内容时，本发明的实施例可以促进更强大和有效的授权决定。

7. 发明授权

US07761618B2 Using a USB host controller security extension for controlling changes in and auditing USB topology 失效
标题翻译：使用USB主机控制器安全扩展来控制USB拓扑的更改和审核
公开(公告)号：US07761618B2
公开(公告)日：2010-07-20
申请号：US11090582
申请日：2005-03-25
申请人： Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
发明人： Idan Avraham , Kenneth D. Ray , Mark Williams , David R. Wooten
IPC分类号： G06F5/00 , G06F12/14
CPC分类号： G06F21/554 , G06F21/55 , G06F2221/2101
摘要： Protecting computer systems from attacks that attempt to change USB topology and for ensuring that the system's information regarding USB topology is accurate is disclosed. A software model is defined that, together with secure USB hardware, provides an ability to define policies using which USB traffic can be properly monitored and controlled. The implemented policy provides control over USB commands through a combination of software evaluation and hardware programming. Legitimate commands are evaluated and “allowed” to be sent to a USB device by a host controller. Illegitimate commands are evaluated and blocked. Additionally, the USB topology is audited to verify that the system's topology map matches the actual USB topology.
摘要翻译：公开了保护计算机系统免受试图改变USB拓扑并确保系统有关USB拓扑的信息准确的攻击。定义了一种软件模型，它与安全USB硬件一起提供了一种定义可以正确监控和控制哪个USB流量的策略的能力。实施的策略通过软件评估和硬件编程的组合来提供对USB命令的控制。评估合法的命令，并通过主机控制器将“允许”命令发送到USB设备。非法命令被评估和阻止。另外，USB拓扑被审计，以验证系统的拓扑图匹配实际的USB拓扑。

8. 发明授权

US09805196B2 Trusted entity based anti-cheating mechanism 有权
公开(公告)号：US09805196B2
公开(公告)日：2017-10-31
申请号：US12394430
申请日：2009-02-27
申请人： Kenneth D. Ray , James M. Alkove , Lonny Dean McMichael , Nathan T. Lewis , Patrik Schnell
发明人： Kenneth D. Ray , James M. Alkove , Lonny Dean McMichael , Nathan T. Lewis , Patrik Schnell
IPC分类号： G06F21/57 , A63F13/73 , A63F13/75 , G09C1/00 , H04L9/32 , G06F21/51
CPC分类号： G06F21/57 , A63F13/73 , A63F13/75 , G06F21/51 , G06F21/575 , G06F2221/2149 , G09C1/00 , H04L9/3234 , H04L9/3239 , H04L9/3271
摘要： An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior.

9. 发明授权

US07293251B2 Initiating and debugging a process in a high assurance execution environment 有权
标题翻译：在高可靠执行环境中启动和调试进程
公开(公告)号：US07293251B2
公开(公告)日：2007-11-06
申请号：US10759818
申请日：2004-01-16
申请人： Pavel Zeman , Nathan T. Lewis , Kenneth D. Ray
发明人： Pavel Zeman , Nathan T. Lewis , Kenneth D. Ray
IPC分类号： G06F9/44
CPC分类号： G06F11/3664 , G06F11/362
摘要： Bifurcated processes, in which a shadow process in a first environment is controlling thread scheduling for a trusted agent in a second, high assurance environment, can be debugged via a two-phase initialization of the debugger. In the first phase, initial set up is accomplished for the trusted agent, but no shadow process will schedule execution for any thread of the trusted agent. The debugger will then be attached. In a second phase, the shadow process will begin scheduling threads for the trusted agent. In order to allow the debugger access to the process memory of the trusted agent or to set or get information regarding a particular thread of the trusted agent, a thread which is either a thread belonging to the trusted agent or belonging to the second execution environment and matched with the trusted agent is used. This admin thread is used to perform the work of retrieving process memory and information regarding threads of the trusted agent, allowing such information from the high assurance environment to be found and used in the debugger in the first execution environment.
摘要翻译：可以通过调试器的两阶段初始化来调试在第一环境中的影子进程控制第二高保证环境中的可信代理的线程调度的分叉进程。在第一阶段，为可信代理完成初始设置，但是没有影子进程将调度可信代理的任何线程的执行。然后调试器将被附加。在第二阶段，影子进程将开始为可信代理程序调度线程。为了允许调试器访问可信代理的进程存储器，或设置或获取关于可信代理的特定线程的信息，作为属于可信代理或属于第二执行环境的线程的线程，以及与可信代理匹配使用。该管理线程用于执行检索进程内存和有关可信代理的线程的信息的工作，允许在第一执行环境中在调试器中找到并使用来自高保证环境的这些信息。

10. 发明授权

US07805761B2 Disposable red partitions 有权
标题翻译：一次性红色分区
公开(公告)号：US07805761B2
公开(公告)日：2010-09-28
申请号：US11118062
申请日：2005-04-29
申请人： Kenneth D. Ray , Paul England , Nathan T. Lewis , Michael David Marr
发明人： Kenneth D. Ray , Paul England , Nathan T. Lewis , Michael David Marr
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G06F7/04 , G06F17/30 , G06F11/30 , G08B23/00 , H04N7/16 , B41K3/38
CPC分类号： G06F21/575 , G06F21/57
摘要： A system and method are provided, whereby data that is easily re-created is separated from data that is not easily re-created, such that the easily re-created data can be disposed of based on a variety of events and the not easily re-created data can be kept in its original state. In one aspect of the invention, such easily re-created data is disposed of based on a “panic button” being pushed by a computer system user, such as when a user becomes aware that some malware has infected the computer system. In other aspects of the invention, such data is disposed of every time the computer system boots up, or detects via its anti-virus program that some malware is present. In other aspects of the invention, the easily re-created data can be rolled back or rolled forward without affecting the non-easily re-created data.
摘要翻译：提供了一种系统和方法，由此容易重新创建的数据与不容易重新创建的数据分离，使得可以基于各种事件来处理容易重新创建的数据，并且不容易地重新生成处理的数据可以保持原来的状态。在本发明的一个方面中，基于由计算机系统用户推送的“紧急按钮”（例如当用户意识到某些恶意软件已经感染了计算机系统时）来处理这样容易重新创建的数据。在本发明的其他方面，每当计算机系统启动时处理这样的数据，或者通过其防病毒程序来检测存在一些恶意软件。在本发明的其它方面，容易重新创建的数据可以回滚或滚动，而不影响不容易重新创建的数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式