Patent application number | Description | Published |
20090003606 | CHANGING THE ORDER OF PUBLIC KEY CRYPTOGRAPHIC COMPUTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. This may be accomplished by creating a permutation of an order of powers and then performing a table initiation phase using a part of a key and the permuted order of powers to populate a data structure. | 01-01-2009 |
20090003607 | ALTERING THE SIZE OF WINDOWS IN PUBLIC KEY CRYPTOGRAPHIC COMPUTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase. Then an exponentiation phase is performed, wherein the exponentiation phase includes two or more parsing steps, wherein each of the parsing steps includes parsing a part of a cryptographic key into a window of size n, wherein n is a difficult to predict number. | 01-01-2009 |
20090028323 | ENHANCING THE SECURITY OF PUBLIC KEY CRYPTOSYSTEM IMPLEMENTATIONS - In one embodiment, cryptographic transformation of a message is performed by first performing a table initiation phase to populate a data structure. Then, a first random number multiplied by a public key is added to each value in the data structure, in modulo of a second random number multiplied by the public key. Then an exponentiation phase is performed, wherein each modular multiplication and square operation in the exponentiation phase is performed in modulo of the second random number multiplied by the public key, producing a result. Then the result of the exponentiation phase is reduced in modulo of the public key. The introduction of the random numbers aids in the prevention of potential security breaches from the deduction of operands in the table initiation phase by malicious individuals. | 01-29-2009 |
20090126006 | SECURING CPU AFFINITY IN MULTIPROCESSOR ARCHITECTURES - In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches. | 05-14-2009 |
20090165081 | TRUSTED MULTI-STAKEHOLDER ENVIRONMENT - In one embodiment, a multi-stakeholder environment is controlled by first assigning a first domain to a first stakeholder and a second domain to a second stakeholder. Then a first access policy is defined for the first domain and access is restricted to the first domain for the second stakeholder according to the first access policy. In another embodiment, an access request is handled in a multi-stakeholder environment by first receiving parameters forwarded by hooks in system call functions in a kernel of the multi-stakeholder environment, wherein the parameters contain information about a first stakeholder requesting access to a domain corresponding to a second stakeholder. Then it is determined whether to allow the first stakeholder to access the domain based at least partially upon security settings corresponding to the domain. | 06-25-2009 |
20090323962 | SECURE MULTICAST CONTENT DELIVERY - In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key. | 12-31-2009 |
20100010944 | MANAGING PERSONAL DIGITAL ASSETS OVER MULTIPLE DEVICES - In a first embodiment of the present invention, a method for managing digital assets of a user over multiple home network-enabled devices, the method comprising: receiving information, from a plurality of home network-enabled personal devices, regarding digital assets accessed by the personal devices, wherein the plurality of personal devices are owned or operated by the user and the information is automatically gathered by each personal device tracking its own usage; storing the information; and providing, to one of the plurality of personal devices, identifications of digital assets accessed by the personal devices by accessing the stored information. | 01-14-2010 |
20100121927 | SECURE INTER-PROCESS COMMUNICATION FOR SAFER COMPUTING ENVIRONMENTS AND SYSTEMS - Techniques for Inter-Process Communication (IPC) in a more secure manner are disclosed. A communication component operating outside of an operating system can obtain operating-system data pertaining to processes that also operate outside of the operating system. The operating-system data can be more reliable than information that may have been provided by the processes, thereby allowing more secure IPC and consequently a more secure computing environment and/or system. A communication component can also be operable to make control decisions regarding the IPC data (e.g., IPC messages) based on the information provided and/or originated by the operating system (or operating-system data) and/or effectively provide the operating-system data pertaining to a sender process to its intended recipient process. A recipient process can also be operable to obtain the operating-system data pertaining to a sender process. Moreover, a recipient process can make control decisions regarding the IPC data originated by the sender process based on the operating-system data effectively provided and/or originated by the operating system rather than the sender process, thereby allowing the recipient process to make control decisions based on information provided by a more reliable (e.g., Trusted) source. | 05-13-2010 |
20100131966 | FLAT OR EXTENDED ARCHITECTURE USING AN INTEGRATED APPLICATION AND OPERATING SYSTEM COMPONENT FOR COMPUTING SYSTEMS AND ENVIRONMENTS - An architectural model can use integrated and/or flat (or extended) approaches. An “integrated application and OS” component can effectively integrate at least one computer application program with one or more OS functions, in an integrated approach. The integrated application and OS component can be provided in or as an upper level system (or layer) in relation to a lower level system (or layer). The lower level system can include an OS operable to perform a reduced set of operating system functions not including one or more functions that can be performed by the integrated application and OS component of the upper layer. Furthermore, the OS may be specialized and/or optimized for the components of the upper level system including the integrated application and OS component. By way of example, the OS may be specialized and/or optimized for Web-based and/or Browser-based applications of the integrated application and OS component. In a flat approach, one or more components can be provided as adjacent components in an upper level, thereby allowing effective extension of the upper level to accommodate various needs including, for example, the need for new hardware, or customization for a particular situation. An adjacent component can, for example, include one or more operating system components not provided by the OS (e.g., Device Drivers) and/or one or more functions that are not provided by the operating system (e.g., application management, security and/or isolation of applications), effectively serve as an interface to another adjacent layer and/or the OS, or provide Real-Time Operating System (RTOS). | 05-27-2010 |
20100162240 | CONSISTENT SECURITY ENFORCEMENT FOR SAFER COMPUTING SYSTEMS - Security can be enforced in a consistent manner with respect to various computing environments that may be operable in a computing system. Consistent security criteria can be generated, based on input security criterion, in a computer readable and storable form and stored in a computer readable storage medium, thereby allowing the consistent security criterion to be effectively provided to a computing system for enforcement of the input security criterion in a consistent manner with respect to, for example, (a) a first executable computer code effectively supported by an Operating System (OS), and (b) a second computer code effectively supported by the Virtual Computing Environment (VCE). A Trusted Component (TC) can effectively provide a consistent security criterion as a part and/or form that is suitable for a particular computing environment. The TC can, for example, be an automated tool that performs various functions including: verifying the consistency of security criteria, generation and deployment of consistent security criteria, and transformation of security criteria to parts and/or forms suitable for various computing environments. In addition, a Virtual Computing Environment (VCE) can obtain from the Operating System (OS) one or more security criteria. The Virtual Computing Environment (VCE) can be operable in a Trusted Computing Environment (TCE) and interface with a Trusted Operating System (TOS) that effectively enforces Mandatory Access Control (MAC), thereby allowing the Virtual Computing Environment (VCE) to leverage the security provided by the OS. The OS can, for example, be a Security-Enhanced Linux (SELinux) Operating System operating as a Trusted Component in a Trusted Environment that includes a Trusted Security Agent (TSA) operable to deploy consistent security criteria. | 06-24-2010 |