公开(公告)号：JP2011204284A

公开(公告)日：2011-10-13

申请号：JP2011158404

申请日：2011-07-19

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： ENGLAND PAUL ,  PEINADO MARCUS

IPC: G06F12/14 ,  G06F21/24 ,  G06F21/00 ,  H04L9/08

CPC classification number: G06F21/6218

Abstract: PROBLEM TO BE SOLVED: To enable specific one or more target programs to decrypt encrypted data.SOLUTION: A computer recording medium encrypts data using a public key such as a symmetric key, seals an identifier of a target program for encryption in encrypted data, determines whether the target program (a program whose identifier is shown by a secret) can decrypt the encrypted data and allows the target program to decrypt it.

Abstract translation: 要解决的问题：使特定的一个或多个目标程序能够解密加密的数据。解决方案：计算机记录介质使用诸如对称密钥的公共密钥来加密数据，在加密数据中密封用于加密的目标程序的标识符，确定 目标程序（其标识符是否由秘密显示）可以解密加密数据，并允许目标程序对其进行解密。

公开(公告)号：JP2005032252A

公开(公告)日：2005-02-03

申请号：JP2004201125

申请日：2004-07-07

Applicant: MICROSOFT CORP

Inventor： PAFF JOHN E ,  PEINADO MARCUS ,  KURIEN THEKKTHALACKAL VARUGIS ,  WILLMAN BRYAN MARK ,  ENGLAND PAUL ,  THORNTON ANDREW JOHN

IPC: G06F3/00 ,  G06F1/00 ,  G06F13/38 ,  H04L9/00 ,  H04Q1/30

Abstract: PROBLEM TO BE SOLVED: To provide reliable side band communication between components in a computer system so as to avoid the use of a system bus. SOLUTION: Two components can be connected to each other through a means (an infrared port, a wire, an unused pin or the like) other than a bus; and thereby those kinds of components can communicate with each other without using the system bus. This non-bus communication channel can be called as a side band. By using the side band channel, information (public key or the like) allowing hardware of a user to be identified or other information which the user does not want to be easily intercepted by general public can be communicated. The communication via the side band channel can be used for confirming that things related to the communication are mutually present in a positional relationship with a range limited. COPYRIGHT: (C)2005,JPO&NCIPI

公开(公告)号：JP2003330799A

公开(公告)日：2003-11-21

申请号：JP2003112225

申请日：2003-04-16

Applicant: Microsoft Corp ,  マイクロソフト コーポレイション

Inventor： PEINADO MARCUS ,  ENGLAND PAUL ,  WILLMAN BRYAN MARK

IPC: G06F12/10 ,  G06F12/14 ,  G06F21/24

CPC classification number: G06F12/145

Abstract: PROBLEM TO BE SOLVED: To make a data storage resource identifiable by physical addresses and optionally by a virtual address. SOLUTION: A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to the resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy. COPYRIGHT: (C)2004,JPO

Abstract translation: 要解决的问题：使数据存储资源可以通过物理地址和可选的虚拟地址来标识。 解决方案：策略定义哪些资源是可访问的，哪些资源不可访问。 如果策略允许对资源的访问，则允许访问资源的请求，并且如果执行访问不会导致将虚拟地址分配给策略不允许访问的资源。 由于不允许访问的资源没有虚拟地址，因此可以允许在不咨询策略的情况下识别虚拟地址的资源的某些类型的访问请求。 版权所有（C）2004，JPO

公开(公告)号：JP2011187089A

公开(公告)日：2011-09-22

申请号：JP2011147422

申请日：2011-07-01

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： WILLMAN BRYAN MARK ,  ENGLAND PAUL ,  RAY KENNETH D ,  HUNTER JAMIE ,  MCMICHAEL LONNY D ,  LASALLE DEREK N ,  JACOMET PIERRE ,  PALEY MARK E ,  KURIEN THEKKTHALACKAL V ,  CROSS DAVID B

IPC: G06F21/22 ,  G06F9/445 ,  G06F11/00 ,  G06F21/00 ,  G06N20060101

CPC classification number: G06F21/575 ,  G06F9/4401

Abstract: PROBLEM TO BE SOLVED: To provide a mechanism for a protected operating system boot which prevents rogue components from being loaded with an operating system, and thus prevents divulgence of a system key under inappropriate circumstances. SOLUTION: After a portion of a machine startup procedure has occurred, the operating system loader is run, the loader is validated by a validator, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader is carried out. COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：提供一种用于防止流氓组件加载操作系统的受保护操作系统引导的机制，从而防止系统密钥在不适当情况下泄露。

解决方案：在机器启动过程的一部分发生之后，运行操作系统加载程序，加载程序由验证器验证，并且正确的机器状态被验证存在和/或创建。 一旦加载程序已经被验证为合法的装载程序，并且验证其运行的机器状态是否正确，则执行加载程序。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2005056429A

公开(公告)日：2005-03-03

申请号：JP2004232729

申请日：2004-08-09

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： WILLMAN BRYAN MARK ,  ENGLAND PAUL ,  RAY KENNETH D ,  KAPLAN KEITH ,  KURIEN VARUGIS ,  MARR MICHAEL DAVID

IPC: G06F21/22 ,  G06F9/46 ,  G06F11/30 ,  G06F15/00 ,  G06F21/00 ,  G06F1/00

CPC classification number: G06F21/552 ,  G06F21/57

Abstract: PROBLEM TO BE SOLVED: To provide a mechanism for projecting the trustworthiness of entities in a trusted environment to entities in an untrusted environment. SOLUTION: In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This hosts an operating system (for example, the nexus) in which a normal operating system is protected by security. COPYRIGHT: (C)2005,JPO&NCIPI

Abstract translation: 要解决的问题：提供一种用于将可信环境中的实体的可信度投影到不可信环境中的实体的机制。 解决方案：在具有在不受信任环境中运行的实体和运行在受信任环境中的实体的单个机器中，可信环境中的实体的可信度将投影到不受信任环境中的实体。 这是一个操作系统（例如，连接），其中正常的操作系统受到安全保护。 版权所有（C）2005，JPO＆NCIPI

公开(公告)号：JP2004062885A

公开(公告)日：2004-02-26

申请号：JP2003180212

申请日：2003-06-24

Applicant: Microsoft Corp ,  マイクロソフト コーポレイションMicrosoft Corporation

Inventor： EVANS GLENN F ,  ENGLAND PAUL

IPC: G06F12/14 ,  G06F21/00 ,  G06F21/24 ,  H04L9/10

CPC classification number: G06F21/84

Abstract: PROBLEM TO BE SOLVED: To provide a method and a system by which failure software can not illegally acquire data. SOLUTION: The code breaking of data is performed by a point where program access is disabled in a pixel data processing chain. COPYRIGHT: (C)2004,JPO

Abstract translation: 要解决的问题：提供故障软件不能非法获取数据的方法和系统。 解决方案：数据的代码断开是通过在像素数据处理链中禁止程序访问的点执行的。 版权所有（C）2004，JPO

公开(公告)号：WO2008157455A3

公开(公告)日：2009-03-05

申请号：PCT/US2008067052

申请日：2008-06-15

Applicant: MICROSOFT CORP

Inventor： KLEIN MATTHEW D ,  ENGLAND PAUL

IPC: G06F9/46

CPC classification number: G06F9/485 ,  G06F9/524

Abstract: Various technologies and techniques are disclosed for detecting and handling blocking events. A user mode thread is assigned a dedicated backing thread. System calls are made on the dedicated backing thread. The kernel detects when a system call results in a blocking event. A core that the dedicated backing thread is currently running on is observed. An entry in a per process table that maps cores to a currently associated primary thread waiting to be woken is consulted. The currently associated primary thread for the core is woken with a special result code to indicate that it was woken due to the blocking system call. The primary thread is released back to the application. A user mode scheduler is notified of the blocking event so a core can continue to be utilized.

Abstract translation: 公开了用于检测和处理阻塞事件的各种技术和技术。 用户模式线程被分配一个专用的背衬线程。 系统调用在专用后备线上进行。 内核检测系统调用何时导致阻塞事件。 观察到专用背衬线程正在运行的核心。 在每个进程表中将核心映射到等待被唤醒的当前关联的主线程的一个条目。 用于核心的当前关联的主线程用特殊结果代码唤醒，以指示由于阻塞系统调用而唤醒它。 主线程被释放回应用程序。 通知用户模式调度器阻塞事件，以便核心可以继续被利用。

公开(公告)号：JP2005129033A

公开(公告)日：2005-05-19

申请号：JP2004278411

申请日：2004-09-24

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： RAY KENNETH D ,  PEINADO MARCUS ,  ENGLAND PAUL ,  KURIEN THEKKTHALACKAL VARUGIS

IPC: G06F21/24 ,  G06F1/00 ,  G06F3/00 ,  G06F9/44 ,  G06F9/45 ,  G06F9/46 ,  G06F12/14 ,  G06F15/76 ,  G06F17/00 ,  G06F21/00 ,  G06F21/22

CPC classification number: G06F21/53

Abstract: PROBLEM TO BE SOLVED: To execute, in parallel with each other, a large-scale system having advanced features and a small-scale system for providing high-level security. SOLUTION: An application's functionality is partitioned into two groups depending on whether or not a specific operation like processing of secret data is executed. Separate software objects (processors) are created to perform these two groups of operations. A trusted processor handles secure data and runs in a high-assurance environment. When another processor detects secure data, that data are sent to the trusted processor. The data are wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes the objects to the correct processor, and allows their integrity to be attested through a chain of trust leading back to a base component that is known to be trustworthy. COPYRIGHT: (C)2005,JPO&NCIPI

Abstract translation: 要解决的问题：并行执行具有高级特征的大型系统和用于提供高级安全性的小规模系统。 解决方案：根据是否执行特定操作（如处理秘密数据），将应用程序的功能划分为两组。 创建独立的软件对象（处理器）来执行这两组操作。 值得信赖的处理器处理安全数据并在高保证环境中运行。 当另一个处理器检测到安全数据时，该数据被发送到可信处理器。 数据被包装成允许其被路由到可信处理器的方式，并且防止数据被除了可信处理器之外的任何实体解密。 提供了一个基础设施，用于包装对象，将对象路由到正确的处理器，并通过一个信任链来验证其完整性，并将其引导回已知可靠的基础组件。 版权所有（C）2005，JPO＆NCIPI

公开(公告)号：JP2004038971A

公开(公告)日：2004-02-05

申请号：JP2003181886

申请日：2003-06-25

Applicant: Microsoft Corp ,  マイクロソフト コーポレイションMicrosoft Corporation

Inventor： ENGLAND PAUL ,  PEINADO MARCUS

IPC: G06F12/16 ,  G11C16/10 ,  G11C16/34 ,  H03K21/00 ,  H03K21/40

CPC classification number: H03K21/403 ,  G11C16/102 ,  G11C16/349

Abstract: PROBLEM TO BE SOLVED: To prolong the life by performing increment by a flash memory and reducing erasure frequency.
SOLUTION: A counter is implemented by using a method for minimizing bit transition from 1 to 50 and implemented by m+n bit. Bits of the counter are grouped into a binary section of an m-bit counter and a unary section of an n-bit counter. The unary section of the counter is first incremented and when the unary section reaches a specific value, the binary section of the counter is incremented. Thus, since the bit transition from 1 to 50 is restricted, unique values in a wide range is read from the counter.
COPYRIGHT: (C)2004,JPO

公开(公告)号：JP2004038939A

公开(公告)日：2004-02-05

申请号：JP2003113503

申请日：2003-04-17

Applicant: Microsoft Corp ,  マイクロソフト コーポレイションMicrosoft Corporation

Inventor： ENGLAND PAUL ,  PEINADO MARCUS

IPC: G06F12/14 ,  G06F21/00 ,  H04L9/08

CPC classification number: G06F21/6218

Abstract: PROBLEM TO BE SOLVED: To provide a method for protecting data by a general-purpose computing device. SOLUTION: An encryption text including the data is generated in a form that only one or a plurality of target programs can obtain the data from the encryption text by using symmetrical encryption. A program on the calling side is allowed to access the data and only when maintainability of the data is successfully verified, the data are returned to the program on the calling side. COPYRIGHT: (C)2004,JPO