专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07934063B2 Invoking externally assisted calls from an isolated environment 有权
标题翻译：从孤立的环境调用外部辅助呼叫
公开(公告)号：US07934063B2
公开(公告)日：2011-04-26
申请号：US11693406
申请日：2007-03-29
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Masaharu Sakamoto , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Masaharu Sakamoto , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： G06F13/28
CPC分类号： G06F9/544
摘要： A method of invoking power processor element (PPE) serviced C library functions on a synergistic processing element (SPE) running in isolated mode. When the SPE initiates a PPE-serviced function, an SPE stub routine allocates a parameter buffer in an open area of a local store (LS) memory within the SPE. The LS memory includes an open area accessible to the PPE, and an isolated area inaccessible to the PPE. The SPE stub routine copies function parameters corresponding to the PPE-serviced function to a buffer within the open area of the LS memory, and writes a message word, which contains an identification variable of the PPE-serviced function and a location variable of the function parameters, to the open area. When execution is temporarily suspended on the SPE, the PPE reads the message word from the open area of the LS memory and executes the PPE-serviced function.
摘要翻译：一种在隔离模式下运行的协同处理元件（SPE）上调用功率处理器元件（PPE）服务C库函数的方法。当SPE启动PPE服务功能时，SPE stub例程在SPE内的本地存储（LS）存储器的打开区域中分配参数缓冲区。 LS存储器包括PPE可访问的开放区域和PPE无法访问的隔离区域。 SPE存根例程将对应于PPE服务功能的功能参数复制到LS存储器的开放区域内的缓冲区，并写入一个消息字，其中包含PPE服务功能的标识变量和功能的位置变量参数，到开放区域。当执行暂停在SPE上时，PPE从LS存储器的打开区域读取消息字，并执行PPE服务功能。

2. 发明授权

US07886162B2 Cryptographic secure program overlays 有权
标题翻译：加密安全程序覆盖
公开(公告)号：US07886162B2
公开(公告)日：2011-02-08
申请号：US11754649
申请日：2007-05-29
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Masaharu Sakamoto , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Masaharu Sakamoto , Vladimir Zbarsky
IPC分类号： G06F12/14 , G06F9/24 , G06F7/04 , H04L29/06 , H04L9/28 , G08B29/00 , H04K1/00
CPC分类号： G06F12/1458 , G06F21/52 , G06F21/575 , G06F21/79 , G06F2221/2143
摘要： A method, computer program product, and data processing system for executing larger-than-physical-memory applications while protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault or page fault detection are disclosed. Large applications are accommodated by providing a mechanism for secure program overlays, in which a single large application is broken into two or more smaller applications (overlays) that can be executed from the same memory space by overwriting one of the smaller applications with another of the smaller applications when the latter needs to be executed. So that the data may be shared among these smaller applications, each of the applications contains embedded cryptographic keys, which may be used to encrypt or decrypt information to be stored persistently while control is transferred from one application to the other.
摘要翻译：公开了一种用于执行大于物理存储器应用的方法，计算机程序产品和数据处理系统，同时在不受保护故障或页面故障检测的存储器空间中保护敏感程序代码（以及数据）以防未经授权的访问。通过提供用于安全程序覆盖的机制来容纳大的应用程序，其中单个大型应用程序被分解成可以从相同存储器空间执行的两个或更多个更小的应用程序（覆盖层），通过用另一个较小的应用程序，当后者需要执行。为了使数据可以在这些较小的应用程序之间共享，每个应用程序都包含嵌入式加密密钥，这些密钥可用于加密或解密持续存储的信息，同时控制从一个应用程序传输到另一个应用程序。

3. 发明授权

US08422674B2 Application-specific secret generation 有权
标题翻译：特定于应用程序的秘密生成
公开(公告)号：US08422674B2
公开(公告)日：2013-04-16
申请号：US11754667
申请日：2007-05-29
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： H04L9/00 , H04L29/06 , H04L9/28 , G06F9/24 , G06F12/14 , G06F7/04 , G08B29/00 , H04K1/00
CPC分类号： G06F21/52
摘要： A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
摘要翻译：一种用于保护敏感程序代码和数据（包括永久存储的数据）的未经授权的访问的方法，计算机程序产品和数据处理系统。专用硬件将加密的内核解密为内存以供执行。当应用程序被执行时，内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。内核然后删除其秘密信息，并将计算的秘密传递给应用程序。为了将数据永久存储在内存中，应用程序使用计算的秘密之一在存储之前对数据进行加密。如果内核启动同一应用程序的另一个实例，内核（将被重新解密以恢复内核的秘密）将计算相同的一个或多个秘密，从而允许第二个应用程序实例访问由第一个应用程序实例。

4. 发明授权

US08166304B2 Support for multiple security policies on a unified authentication architecture 有权
标题翻译：支持统一认证架构上的多个安全策略
公开(公告)号：US08166304B2
公开(公告)日：2012-04-24
申请号：US11866020
申请日：2007-10-02
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： G06F21/00
CPC分类号： H04L9/3247 , G06F21/51 , H04L9/0836 , H04L2209/56
摘要： A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair's public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.
摘要翻译：公开了一种方法，计算机程序产品和数据处理系统，用于确保在数据处理系统中执行的应用仅来自可信源。在优选实施例中，安全操作内核维护包含与可信软件供应商对应的密钥的“密钥环”。安全内核使用供应商密钥来验证给定的应用程序是否由经过批准的供应商签名。为了使独立开发人员能够为本文描述的平台开发软件，提供了一个“全局密钥对”，其中该对的公钥和私钥都是公知的，以便任何人都可以使用全局键。可以通过将密钥环中的全局密钥对的公钥作为“供应商密钥”来包括全局密钥对的公钥来执行这样的应用，或者相反地，可以通过从密钥环中排除全局公钥来实现。

5. 发明授权

US08332635B2 Updateable secure kernel extensions 有权
标题翻译：可更新的安全内核扩展
公开(公告)号：US08332635B2
公开(公告)日：2012-12-11
申请号：US11754658
申请日：2007-05-29
申请人： Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
发明人： Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： H04L29/06 , H04L9/32 , H04L9/00 , H04L9/28 , G06F12/14 , G06F7/04 , G08B29/00 , H04K1/00
CPC分类号： G06F21/575 , G06F21/51 , G06F2221/2143
摘要： A method, computer program product, and data processing system provide an updateable encrypted operating kernel. Secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension, the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.
摘要翻译：一种方法，计算机程序产品和数据处理系统提供可更新的加密操作内核。安全初始化硬件将包含敏感部分数据和/或代码的最小安全内核解密为执行内核的处理器可访问内存空间的一部分。大多数系统软件功能并不直接得到安全内核的支持，而是由使用公钥加密的动态加载内核扩展提供，以便只能使用安全内核拥有的私有密钥进行解密。公钥/私钥对是处理器特定的。在将控件传递给内核扩展之前，安全内核将删除其敏感部分的一部分，仅保留执行委托给内核扩展的任务所需的敏感部分。保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。

6. 发明授权

US08433927B2 Cryptographically-enabled privileged mode execution 有权
标题翻译：密码学启用特权模式执行
公开(公告)号：US08433927B2
公开(公告)日：2013-04-30
申请号：US11754678
申请日：2007-05-29
申请人： Wilfred E. Plouffe, Jr. , Kanna Shimizu
发明人： Wilfred E. Plouffe, Jr. , Kanna Shimizu
IPC分类号： G06F12/14 , G06F9/24 , G06F7/04 , H04L29/06 , H04L9/28 , G08B29/00 , H04K1/00
CPC分类号： G06F12/1458 , G06F21/51 , G06F21/572 , G06F21/74
摘要： A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access.
摘要翻译：公开了一种方法，计算机程序产品和数据处理系统，用于在不受保护故障检测的存储器空间中保护敏感程序代码（以及数据）免于未经授权的访问。在优选实施例中，安全初始化硬件将敏感代码从仅可访问安全初始化硬件本身的存储位置加载，并将敏感代码解密为可执行代码的处理器可访问存储器空间的一部分。一旦敏感代码的执行完成，则在将控制传递给应用软件之前，所有或至少一部分代码被删除。如果应用软件需要执行敏感代码，则激活安全初始化硬件，将敏感代码的新鲜副本重新加载/解密到存储器空间中，并使代码被执行。在控制返回到应用软件之前，敏感代码将被重新删除，以防止未经授权的访问。

7. 发明授权

US09300465B2 Method, system and program product for attaching a title key to encrypted content for synchronized transmission to a recipient 有权
公开(公告)号：US09300465B2
公开(公告)日：2016-03-29
申请号：US12034421
申请日：2008-02-20
申请人： Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人： Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
IPC分类号： H04L29/06 , H04L9/08 , H04L9/12 , G11B20/00
CPC分类号： H04L9/0822 , G11B20/0021 , G11B20/00362 , H04L9/083 , H04L9/12 , H04L63/045 , H04L2209/603 , H04L2463/101
摘要： A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

8. 发明授权

US08656178B2 Method, system and program product for modifying content usage conditions during content distribution 有权
标题翻译：用于在内容分发期间修改内容使用条件的方法，系统和程序产品
公开(公告)号：US08656178B2
公开(公告)日：2014-02-18
申请号：US10125714
申请日：2002-04-18
申请人： Eric M. Foster , Jeffrey B. Lotspiech , Dalit Naor , Sigfredo I. Nin , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人： Eric M. Foster , Jeffrey B. Lotspiech , Dalit Naor , Sigfredo I. Nin , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
IPC分类号： H04L9/32
CPC分类号： H04L63/10 , G06F21/10 , G06Q30/06 , G11B20/00362 , H04L63/12 , H04L2463/101
摘要： The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).
摘要翻译：本发明提供一种用于在广播内容分发期间修改内容使用条件的方法，系统和程序产品。具体地，本发明允许与内容使用条件，内容使用条件和标题密钥（例如，MAC）的加密组合以及密钥管理一起接收受保护（例如，加密，安全等）内容块。使用密钥管理块，可以确定密钥加密密钥来解密组合。一旦组合被解密，内容使用条件可以被修改（例如，编辑，添加到等等）。

9. 发明授权

US07092527B2 Method, system and program product for managing a size of a key management block during content distribution 失效
公开(公告)号：US07092527B2
公开(公告)日：2006-08-15
申请号：US10125254
申请日：2002-04-18
申请人： Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人： Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
IPC分类号： H04L9/00
CPC分类号： G11B20/0021 , G11B20/00086 , G11B20/00188 , G11B20/00195 , G11B20/00478 , G11B20/00528 , G11B20/00536 , H04L9/0822 , H04L9/0836 , H04L9/0891 , H04L2209/601
摘要： A method, system and program product for managing a size of a key management block (KMB) during content distribution is provided. Specifically, a first KMB corresponding to a first subtree of devices is received along with content as encrypted with a title key. If a size of the first KMB exceeds a predetermined threshold, a second subtree will be created. A second KMB corresponding to the second subtree of devices will then be generated. The second KMB contains an entry revoking the entire first subtree of devices and, as such, is smaller than the first KMD. Any compliant devices from the first subtree are migrated to the second subtree.

10. 发明授权

US5390035A Method and means for tetrahedron/octahedron packing and tetrahedron extraction for function approximation 失效
标题翻译：四面体/八面体填充和四面体提取的方法和手段，用于函数近似
公开(公告)号：US5390035A
公开(公告)日：1995-02-14
申请号：US996805
申请日：1992-12-23
申请人： James M. Kasson , Wilfred E. Plouffe, Jr.
发明人： James M. Kasson , Wilfred E. Plouffe, Jr.
IPC分类号： H04N1/60 , H04N1/46
CPC分类号： H04N1/6058 , H04N1/6016
摘要： The invention concerns the conversion of an input color to an output color using a multi-variable function having an input domain in a first three-dimensional color space and output range in a second m-dimensional color space. The conversion from input to output color subdivides the input domain into polyhedra defined by planar grids of points connected to form a plurality of triangles. The planar grids are projected into the remaining dimension of the function domain. When an input color value is presented, the multi-variable function is used to approximate the input value by computing an approximation of the multi-variable function, which provides a value in the output range. A tetrahedron containing the input color value is extracted from the function domain. The values of the multi-variable function at the tetrahedron vertices are obtained by interpolation. The tetrahedron is subdivided into subtetrahedra. The volumes of the subtetrahedra are calculated and multiplied by the function values. The products are added together and normalized to the volume of the extracted tetrahedron to produce an approximation of the input color. The approximation is provided as the value of the output color.
摘要翻译：本发明涉及使用具有在第一三维颜色空间中的输入域和第二m维颜色空间中的输出范围的多变量功能将输入颜色转换为输出颜色。从输入到输出颜色的转换将输入域细分为由连接形成多个三角形的点的平面网格定义的多面体。平面网格投影到功能域的剩余维中。当给出输入颜色值时，多变量函数用于通过计算多变量函数的近似来近似输入值，该多变量函数在输出范围中提供一个值。从功能域提取包含输入颜色值的四面体。通过插值获得四面体顶点的多变量函数的值。四面体被细分成四面体。计算四面体的体积并乘以函数值。将产物加在一起并归一化为提取的四面体的体积以产生输入颜色的近似值。提供近似值作为输出颜色的值。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式