专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09443081B2 Method and apparatus for controlling access to a resource in a computer device 有权
标题翻译：用于控制对计算机设备中的资源的访问的方法和装置
公开(公告)号：US09443081B2
公开(公告)日：2016-09-13
申请号：US13630667
申请日：2012-09-28
申请人： Mark James Austin
发明人： Mark James Austin
IPC分类号： G06F21/22 , G06F21/54 , G06F21/33
CPC分类号： G06F21/31 , G06F21/335 , G06F21/54 , G06F21/604 , G06F21/6227 , G06F2221/2141
摘要： A computer device and method are described for controlling access to a resource. An execution environment executes a user process with access privileges according to a user security context. A security unit controls access to resources according to the user security context, with the user process making system calls to the security unit. A proxy hook module embedded within the user process intercepts the system call and generates a proxy resource access request. A proxy service module in a privileged security context validates the proxy resource access request from the proxy hook module and, if validated, obtains and returns a resource handle that permits access to the desired resource by the user process.
摘要翻译：描述了用于控制对资源的访问的计算机设备和方法。执行环境根据用户安全上下文执行具有访问权限的用户进程。安全单元根据用户安全上下文控制对资源的访问，用户进程将系统调用到安全单元。嵌入在用户进程内的代理钩子模块拦截系统调用并生成代理资源访问请求。特权安全上下文中的代理服务模块验证来自代理钩子模块的代理资源访问请求，并且如果被验证，则获得并返回允许用户进程访问所需资源的资源句柄。

2. 发明授权

US08826419B2 Computer device with anti-tamper resource security 有权
标题翻译：具有防篡改资源安全性的计算机设备
公开(公告)号：US08826419B2
公开(公告)日：2014-09-02
申请号：US13601686
申请日：2012-08-31
申请人： Mark James Austin
发明人： Mark James Austin
IPC分类号： H04L9/32 , G06F21/00 , G06F21/62 , G06F15/16
CPC分类号： G06F21/6218
摘要： A computer device provides an execution environment that supports a plurality of processes. A plurality of key resources are associated with a security application that may perform process elevation to grant privileged access rights to a user process. A security module controls access to the key resources using an access control list. An anti-tamper mechanism creates a protection group as a local security group and adds a deny access control entry to the access control list. The anti-tamper mechanism intercepts the user process and creates a revised access token identifying the user process as a member of the protection group. The security module matches the protection group in the revised access token of the user process against the deny access control entry in the access control list of the key resources thereby restricting access by the user process even though the user process otherwise has privileges to access those resources.
摘要翻译：计算机设备提供支持多个进程的执行环境。多个关键资源与可以执行进程升级以向用户进程授予特权访问权限的安全应用相关联。安全模块使用访问控制列表控制对密钥资源的访问。防篡改机制创建一个保护组作为本地安全组，并向访问控制列表添加拒绝访问控制条目。防篡改机制拦截用户进程，并创建一个修改的访问令牌，将用户进程标识为保护组的成员。安全模块将用户进程的修改的访问令牌中的保护组与密钥资源的访问控制列表中的拒绝访问控制条目匹配，从而限制用户进程的访问，即使用户进程另有权限访问这些资源。

3. 发明申请

US20130061320A1 Computer Device with Anti-Tamper Resource Security 有权
标题翻译：具有防篡改资源安全性的计算机设备
公开(公告)号：US20130061320A1
公开(公告)日：2013-03-07
申请号：US13601686
申请日：2012-08-31
申请人： Mark James Austin
发明人： Mark James Austin
IPC分类号： H04L9/32
CPC分类号： G06F21/6218
摘要： A computer device provides an execution environment that supports a plurality of processes. A plurality of key resources are associated with a security application that may perform process elevation to grant privileged access rights to a user process. A security module controls access to the key resources using an access control list. An anti-tamper mechanism creates a protection group as a local security group and adds a deny access control entry to the access control list. The anti-tamper mechanism intercepts the user process and creates a revised access token identifying the user process as a member of the protection group. The security module matches the protection group in the revised access token of the user process against the deny access control entry in the access control list of the key resources thereby restricting access by the user process even though the user process otherwise has privileges to access those resources.
摘要翻译：计算机设备提供支持多个进程的执行环境。多个关键资源与可以执行进程升级以向用户进程授予特权访问权限的安全应用相关联。安全模块使用访问控制列表控制对密钥资源的访问。防篡改机制创建一个保护组作为本地安全组，并向访问控制列表添加拒绝访问控制条目。防篡改机制拦截用户进程，并创建一个修改的访问令牌，将用户进程标识为保护组的成员。安全模块将用户进程的修改的访问令牌中的保护组与密钥资源的访问控制列表中的拒绝访问控制条目匹配，从而限制用户进程的访问，即使用户进程另有权限访问这些资源。

4. 发明申请

US20130139216A1 Method and Computer Device to Control Software File Downloads 有权
标题翻译：方法和计算机设备来控制软件文件下载
公开(公告)号：US20130139216A1
公开(公告)日：2013-05-30
申请号：US13689614
申请日：2012-11-29
申请人： Mark James Austin
发明人： Mark James Austin
IPC分类号： G06F21/51
CPC分类号： G06F21/51 , G06F21/12 , G06F21/121 , G06F21/53 , G06F21/54 , G06F21/554 , G06F21/556 , G06F21/56 , G06F21/561 , G06F21/562 , G06F21/564 , G06F21/565 , G06F21/566 , H04L63/126 , H04L63/20 , H04L67/06
摘要： A computer device includes a download unit which downloads one or more files into a storage device. A file logging unit records a resource locator identifying a source network location of the file, when the file is downloaded, and associates the resource locator with a first fingerprint of the file. A system policy unit stores the resource locator associated with a process control policy relevant to the file. A process control unit is arranged to obtain a second fingerprint of the file upon launching a process in a runtime execution environment, retrieve the resource locator from the file logging unit by matching the second fingerprint with the first fingerprint, retrieve the process control policy from the system policy unit according to the retrieved resource locator, and selectively apply process execution privileges which determine execution of the process in the runtime execution environment according to the retrieved process control policy.
摘要翻译：计算机设备包括将一个或多个文件下载到存储设备中的下载单元。文件记录单元记录在下载文件时识别文件的源网络位置的资源定位符，并且将资源定位符与该文件的第一指纹相关联。系统策略单元存储与与文件相关的过程控制策略相关联的资源定位符。过程控制单元被布置为在运行时执行环境中启动过程时获得文件的第二指纹，通过将第二指纹与第一指纹相匹配来从文件记录单元检索资源定位符，从系统策略单元，并且根据检索到的过程控制策略选择性地应用确定运行时执行环境中的进程的执行的进程执行特权。

5. 发明申请

US20130086696A1 Method and Apparatus for Controlling Access to a Resource in a Computer Device 有权
标题翻译：用于控制对计算机设备中的资源的访问的方法和装置
公开(公告)号：US20130086696A1
公开(公告)日：2013-04-04
申请号：US13630667
申请日：2012-09-28
申请人： Mark James Austin
发明人： Mark James Austin
IPC分类号： G06F21/22
CPC分类号： G06F21/31 , G06F21/335 , G06F21/54 , G06F21/604 , G06F21/6227 , G06F2221/2141
摘要： A computer device and method are described for controlling access to a resource. An execution environment executes a user process with access privileges according to a user security context. A security unit controls access to resources according to the user security context, with the user process making system calls to the security unit. A proxy hook module embedded within the user process intercepts the system call and generates a proxy resource access request. A proxy service module in a privileged security context validates the proxy resource access request from the proxy hook module and, if validated, obtains and returns a resource handle that permits access to the desired resource by the user process.
摘要翻译：描述了用于控制对资源的访问的计算机设备和方法。执行环境根据用户安全上下文执行具有访问权限的用户进程。安全单元根据用户安全上下文控制对资源的访问，用户进程将系统调用到安全单元。嵌入在用户进程内的代理钩子模块拦截系统调用并生成代理资源访问请求。特权安全上下文中的代理服务模块验证来自代理钩子模块的代理资源访问请求，并且如果被验证，则获得并返回允许用户进程访问所需资源的资源句柄。

6. 发明申请

US20130276098A1 Method and Computer Device for Handling COM Objects 有权
标题翻译：处理COM对象的方法和计算机设备
公开(公告)号：US20130276098A1
公开(公告)日：2013-10-17
申请号：US13847406
申请日：2013-03-19
申请人： Mark James Austin , John Goodridge
发明人： Mark James Austin , John Goodridge
IPC分类号： G06F21/00
CPC分类号： G06F21/6281 , G06F9/4488 , G06F9/449 , G06F21/00 , G06F21/52 , G06F21/604
摘要： A computer device and method are provided to handle COM objects. A COM creating unit intercepts a request for creation of an elevated COM object by a first user process, determines whether the first user process is entitled to access the COM object, and creates the COM object without elevated privileges. A COM implementing unit intercepts a second user process that implements the COM object, confirms that the second user process is entitled to access the COM object and elevates the privilege level of the second user process to implement the elevated COM object.
摘要翻译：提供一种计算机设备和方法来处理COM对象。 COM创建单元拦截由第一用户进程创建提升的COM对象的请求，确定第一用户进程是否有权访问COM对象，并创建没有提升权限的COM对象。 COM实现单元拦截实现COM对象的第二用户进程，确认第二用户进程有权访问COM对象并提升第二用户进程的权限级别以实现升高的COM对象。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式