专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08656190B2 One time settable tamper resistant software repository 有权
标题翻译：一次可设置的防篡改软件库
公开(公告)号：US08656190B2
公开(公告)日：2014-02-18
申请号：US12023614
申请日：2008-01-31
申请人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
发明人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
IPC分类号： G06F11/30
CPC分类号： G06F21/79 , G06F12/1491 , G06F2221/2113
摘要： A one-time-settable tamper resistant software repository may be used in any computing system to store system information such as security violations and policies for responding to them. A one-time-settable tamper resistant software repository may be cryptographically signed, encrypted with a per device key and accessible by only the most privileged software executed by a computing device, e.g., hypervisor or operating system kernel. A one-time-settable tamper resistant software repository may be mirrored in RAM for performance. Recordable event fields in a software repository may be one-time-settable without the ability to reset them in a field operation mode whereas they may be resettable in a different mode such as a manufacturing mode. Memory allocated to a one-time-settable tamper resistant software repository may be reset, reclaimed, reassigned, scaled and otherwise flexibly adapted to changing conditions and priorities in the lifespan of a computing device, which may be particularly useful for service-backed consumer devices.
摘要翻译：可以在任何计算系统中使用一次性设置的防篡改软件存储库来存储系统信息，例如安全违规和用于对其进行响应的策略。一次性设置的防篡改软件存储库可以被加密地签名，用每个设备密钥加密，并且只能由计算设备（例如，管理程序或操作系统内核）执行的最特权的软件访问。一次性设置的防篡改软件存储库可以镜像到RAM中以实现性能。软件仓库中的可记录事件字段可以是一次性设置的，而无需在现场操作模式下复位它们，而它们可以以诸如制造模式的不同模式被重置。分配给一次性可设置的防篡改软件存储库的内存可以被重置，回收，重新分配，缩放以及其他灵活地适应于在计算设备的寿命内的变化的条件和优先级，其可能对于服务支持的消费者设备特别有用。

2. 发明授权

US08661234B2 Individualized per device initialization of computing devices in avoidance of mass exploitation of vulnerabilities 有权
标题翻译：个性化每个设备初始化计算设备以避免大规模利用漏洞
公开(公告)号：US08661234B2
公开(公告)日：2014-02-25
申请号：US12023828
申请日：2008-01-31
申请人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
发明人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
IPC分类号： G06F9/00
CPC分类号： G06F21/79 , G06F2221/2113
摘要： An individualized per device initialization of a computing device is unique relative to the initialization of other computing devices. A common initialization program, common to all computing devices of a particular type such as a game console, may be modified to be unique for each computing device. Modification may comprise the application of at least one individualized per device secret, e.g., key, to at least a portion of the common initialization program such as at least one initialization stage. Initialization is tied to one or more device specific identities. In this way, initialization vulnerabilities discovered on a particular device cannot be exploited en masse on other computing devices because each initialization program stored in each computing device is unique. The device specific nature of the initialization program may be extended to other information input to the computing device in order to prevent unauthorized sharing of information with other computing devices.
摘要翻译：相对于其他计算设备的初始化，计算设备的每个设备的个性化初始化是唯一的。对于诸如游戏控制台的特定类型的所有计算设备通用的公共初始化程序可以被修改为对于每个计算设备是唯一的。修改可以包括至少一个个体化的每个设备秘密（例如密钥）应用于公共初始化程序的至少一部分，例如至少一个初始化阶段。初始化与一个或多个设备特定身份相关联。以这种方式，在特定设备上发现的初始化漏洞不能在其他计算设备上被大量利用，因为存储在每个计算设备中的每个初始化程序是唯一的。可以将初始化程序的设备特定性质扩展到输入到计算设备的其他信息，以防止与其他计算设备的未经授权的信息共享。

3. 发明申请

US20090199018A1 One time settable tamper resistant software repository 有权
标题翻译：一次可设置的防篡改软件库
公开(公告)号：US20090199018A1
公开(公告)日：2009-08-06
申请号：US12023828
申请日：2008-01-31
申请人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
发明人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
IPC分类号： G06F12/14
CPC分类号： G06F21/79 , G06F2221/2113
摘要： An individualized per device initialization of a computing device is unique relative to the initialization of other computing devices. A common initialization program, common to all computing devices of a particular type such as a game console, may be modified to be unique for each computing device. Modification may comprise the application of at least one individualized per device secret, e.g., key, to at least a portion of the common initialization program such as at least one initialization stage. Initialization is tied to one or more device specific identities. In this way, initialization vulnerabilities discovered on a particular device cannot be exploited en masse on other computing devices because each initialization program stored in each computing device is unique. The device specific nature of the initialization program may be extended to other information input to the computing device in order to prevent unauthorized sharing of information with other computing devices.
摘要翻译：相对于其他计算设备的初始化，计算设备的每个设备的个性化初始化是唯一的。对于诸如游戏控制台的特定类型的所有计算设备通用的公共初始化程序可以被修改为对于每个计算设备是唯一的。修改可以包括至少一个个体化的每个设备秘密（例如密钥）应用于公共初始化程序的至少一部分，例如至少一个初始化阶段。初始化与一个或多个设备特定身份相关联。以这种方式，在特定设备上发现的初始化漏洞不能在其他计算设备上被大量利用，因为存储在每个计算设备中的每个初始化程序是唯一的。可以将初始化程序的设备特定性质扩展到输入到计算设备的其他信息，以防止与其他计算设备的未经授权的信息共享。

4. 发明申请

US20090199017A1 ONE TIME SETTABLE TAMPER RESISTANT SOFTWARE REPOSITORY 有权
标题翻译：一次性防篡改软件报告
公开(公告)号：US20090199017A1
公开(公告)日：2009-08-06
申请号：US12023614
申请日：2008-01-31
申请人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
发明人： Sebastian Lange , Adam Gabriel Poulos , Victor Tan
IPC分类号： G06F12/14
CPC分类号： G06F21/79 , G06F12/1491 , G06F2221/2113
摘要： A one-time-settable tamper resistant software repository may be used in any computing system to store system information such as security violations and policies for responding to them. A one-time-settable tamper resistant software repository may be cryptographically signed, encrypted with a per device key and accessible by only the most privileged software executed by a computing device, e.g., hypervisor or operating system kernel. A one-time-settable tamper resistant software repository may be mirrored in RAM for performance. Recordable event fields in a software repository may be one-time-settable without the ability to reset them in a field operation mode whereas they may be resettable in a different mode such as a manufacturing mode. Memory allocated to a one-time-settable tamper resistant software repository may be reset, reclaimed, reassigned, scaled and otherwise flexibly adapted to changing conditions and priorities in the lifespan of a computing device, which may be particularly useful for service-backed consumer devices.
摘要翻译：可以在任何计算系统中使用一次性设置的防篡改软件存储库来存储系统信息，例如安全违规和用于对其进行响应的策略。一次性设置的防篡改软件存储库可以被加密地签名，用每个设备密钥加密，并且只能由计算设备（例如，管理程序或操作系统内核）执行的最特权的软件访问。一次性设置的防篡改软件存储库可以镜像到RAM中以实现性能。软件仓库中的可记录事件字段可以是一次性设置的，而无需在现场操作模式下复位它们，而它们可以以诸如制造模式的不同模式被重置。分配给一次性可设置的防篡改软件存储库的内存可以被重置，回收，重新分配，缩放以及其他灵活地适应于在计算设备的寿命内的变化的条件和优先级，其可能对于服务支持的消费者设备特别有用。

5. 发明申请

US20090199279A1 METHOD FOR CONTENT LICENSE MIGRATION WITHOUT CONTENT OR LICENSE REACQUISITION 审中-公开
标题翻译：没有内容或许可反应的内容许可移动的方法
公开(公告)号：US20090199279A1
公开(公告)日：2009-08-06
申请号：US12023097
申请日：2008-01-31
申请人： Sebastian Lange , Victor Tan , Adam G. Poulos
发明人： Sebastian Lange , Victor Tan , Adam G. Poulos
IPC分类号： H04L9/32
CPC分类号： G06F21/10 , H04L9/3247 , H04L9/3263 , H04L2209/603
摘要： Techniques for migrating content from a first set of conditions to a second set of conditions are disclosed herein. In particular, a content migration certificate is utilized to enable content migration and set forth under what conditions content may be accessed after migration. The content migration certificate may, for example, be stored as a file in a removable storage unit or transferred online once an indication that conditions have changed is received. The change in conditions may involve a new device attempting to access the content file, a new user attempting to access the content, or any other similar conditions. Access to the information in the content migration certificate may be protected by encryption so that only devices and/or users meeting the conditions of the certificate are permitted to transfer content. By accessing the content migration certificate in the prescribed manner, migration of content is enabled in a controlled and easy process.
摘要翻译：本文公开了将内容从第一组条件迁移到第二组条件的技术。特别地，使用内容迁移证书来实现内容迁移，并在迁移后可以在哪些条件下访问内容。内容迁移证书例如可以作为文件存储在可移动存储单元中，或者一旦接收到条件已经改变的指示，就可以在线传送。条件的变化可能涉及尝试访问内容文件的新设备，尝试访问内容的新用户或任何其他类似条件。可以通过加密来保护对内容迁移证书中的信息的访问，以便只允许符合证书条件的设备和/或用户传输内容。通过以规定的方式访问内容迁移证书，在受控和容易的过程中启用内容的迁移。

6. 发明申请

US20090187772A1 TAMPER EVIDENCE PER DEVICE PROTECTED IDENTITY 有权
标题翻译：每个设备保护标识的防护器证据
公开(公告)号：US20090187772A1
公开(公告)日：2009-07-23
申请号：US12016934
申请日：2008-01-18
申请人： Sebastian Lange , Victor Tan , Adam G. Poulos
发明人： Sebastian Lange , Victor Tan , Adam G. Poulos
IPC分类号： H04L9/06
CPC分类号： H04L9/3247 , G06F21/10 , G06F21/6218 , G06F2221/0704 , H04L9/0643 , H04L9/0825 , H04L63/0853 , H04L63/10 , H04L63/12 , H04N7/165 , H04N21/4623 , H04W12/06 , H04W12/08
摘要： Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device.
摘要翻译：描述了各种技术来保护由封闭计算设备保持的秘密。在设备运行并从服务提供商提供广泛服务的生态系统中，服务提供商可能希望阻止用户在设备之间共享服务。为了保证服务不在设备之间共享，每个设备可以使用不同的秘密集来制造，例如每个设备标识符。不道德的个人可能会尝试获取机密，并将秘密从一个设备转移到另一个设备。为了防止这种类型的攻击，可以将每个封闭的计算系统制造成包括被绑定到设备的受保护的存储器位置。

7. 发明授权

US08726042B2 Tamper resistant memory protection 有权
标题翻译：防篡改内存保护
公开(公告)号：US08726042B2
公开(公告)日：2014-05-13
申请号：US12040654
申请日：2008-02-29
申请人： Sebastian Lange , Dinarte R. Morais , Victor Tan , Adam G. Poulos
发明人： Sebastian Lange , Dinarte R. Morais , Victor Tan , Adam G. Poulos
IPC分类号： G06F12/14
CPC分类号： G06F21/64
摘要： Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.
摘要翻译：公开了用于在计算环境中保护存储器的安全性的各种机制。安全层可以具有加密层和散列层，其可以在被加载到计算设备的动态存储器时动态加密然后动态地散列敏感信息。例如，可以由安全层处理可对应于存储器页面的存储单元，并且可以确保头数据，代码和保护值数据，而其他非敏感数据可以单独存在。一旦这样的信息被保护并存储在动态存储器中，它可以在稍后的时间被处理器访问，并且进行未加密和散列检查。然后，它可以加载回动态内存，从而防止直接的内存访问攻击。

8. 发明申请

US20090119744A1 DEVICE COMPONENT ROLL BACK PROTECTION SCHEME 审中-公开
标题翻译：器件组件回滚保护方案
公开(公告)号：US20090119744A1
公开(公告)日：2009-05-07
申请号：US12016940
申请日：2008-01-18
申请人： Sebastian Lange , Victor Tan , Adam G. Poulos
发明人： Sebastian Lange , Victor Tan , Adam G. Poulos
IPC分类号： G06F21/00 , G06F12/14
CPC分类号： G06F21/70 , G06F21/554 , G06F2221/2129 , H04L63/126 , H04L63/1441
摘要： Various embodiments of the present disclosure describe techniques for enforcing a subcomponent related security policy for closed computing systems. A closed computing system can include a list of subcomponents that identify the subcomponents it was manufactured with. The list can be used to determine if any currently attached subcomponents are different than the original ones. If a new subcomponent is detected, the device can perform a predetermined action in accordance with a security policy.
摘要翻译：本公开的各种实施例描述了用于实施用于封闭计算系统的子组件相关安全策略的技术。封闭的计算系统可以包括识别其制造的子组件的子组件列表。该列表可用于确定当前附加的子组件是否与原始子组件不同。如果检测到新的子组件，则设备可以根据安全策略执行预定的动作。

9. 发明申请

US20090119475A1 TIME BASED PRIORITY MODULUS FOR SECURITY CHALLENGES 审中-公开
标题翻译：基于时间安排的优先权模块
公开(公告)号：US20090119475A1
公开(公告)日：2009-05-07
申请号：US12016937
申请日：2008-01-18
申请人： Sebastian Lange , Victor Tan , Adam G. Poulos
发明人： Sebastian Lange , Victor Tan , Adam G. Poulos
IPC分类号： G06F12/00
CPC分类号： G06F21/31
摘要： Systems, methods, and computer readable media are disclosed for making dictionary based attacks difficult and/or time consuming for attackers. In one example embodiment, this can be accomplished by equipping a security service with software and/or circuitry operable to select security questions from different partitions of a question table.
摘要翻译：公开了用于使基于字典的攻击对于攻击者来说困难和/或耗时的系统，方法和计算机可读介质。在一个示例实施例中，这可以通过为安全服务装备具有可操作以从问题表的不同分区选择安全问题的软件和/或电路来实现。

10. 发明授权

US09262594B2 Tamper evidence per device protected identity 有权
标题翻译：每个设备的篡改证据保护身份
公开(公告)号：US09262594B2
公开(公告)日：2016-02-16
申请号：US12016934
申请日：2008-01-18
申请人： Sebastian Lange , Victor Tan , Adam G. Poulos
发明人： Sebastian Lange , Victor Tan , Adam G. Poulos
IPC分类号： G06F21/10 , H04L29/06 , H04L9/08 , H04W12/06 , H04W12/08 , G06F21/62 , H04N7/16 , H04N21/4623
CPC分类号： H04L9/3247 , G06F21/10 , G06F21/6218 , G06F2221/0704 , H04L9/0643 , H04L9/0825 , H04L63/0853 , H04L63/10 , H04L63/12 , H04N7/165 , H04N21/4623 , H04W12/06 , H04W12/08
摘要： Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device.
摘要翻译：描述了各种技术来保护由封闭计算设备保持的秘密。在设备操作并从服务提供商提供广泛服务的生态系统中，服务提供商可能希望阻止用户在设备之间共享服务。为了保证服务不在设备之间共享，每个设备可以使用不同的秘密集来制造，例如每个设备标识符。不道德的个人可能会尝试获取机密，并将秘密从一个设备转移到另一个设备。为了防止这种类型的攻击，可以将每个封闭的计算系统制造成包括被绑定到设备的受保护的存储器位置。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式