公开(公告)号：JP2005032252A

公开(公告)日：2005-02-03

申请号：JP2004201125

申请日：2004-07-07

Applicant: MICROSOFT CORP

Inventor： PAFF JOHN E ,  PEINADO MARCUS ,  KURIEN THEKKTHALACKAL VARUGIS ,  WILLMAN BRYAN MARK ,  ENGLAND PAUL ,  THORNTON ANDREW JOHN

IPC: G06F3/00 ,  G06F1/00 ,  G06F13/38 ,  H04L9/00 ,  H04Q1/30

Abstract: PROBLEM TO BE SOLVED: To provide reliable side band communication between components in a computer system so as to avoid the use of a system bus. SOLUTION: Two components can be connected to each other through a means (an infrared port, a wire, an unused pin or the like) other than a bus; and thereby those kinds of components can communicate with each other without using the system bus. This non-bus communication channel can be called as a side band. By using the side band channel, information (public key or the like) allowing hardware of a user to be identified or other information which the user does not want to be easily intercepted by general public can be communicated. The communication via the side band channel can be used for confirming that things related to the communication are mutually present in a positional relationship with a range limited. COPYRIGHT: (C)2005,JPO&NCIPI

公开(公告)号：JP2005129045A

公开(公告)日：2005-05-19

申请号：JP2004295110

申请日：2004-10-07

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： DHIR ANSHUL ,  RAY KENNETH D ,  ENGLAND PAUL ,  KURIEN THEKKTHALACKAL VARUGIS

IPC: G06F21/24 ,  G06F1/00 ,  G06F3/14 ,  G06F9/06 ,  G06F9/50 ,  G06F12/14 ,  G06F15/00 ,  G06F15/16 ,  G06F21/00 ,  G06F21/22 ,  G06K19/073 ,  G09C1/00 ,  H04L9/32

CPC classification number: G06F21/62

Abstract: PROBLEM TO BE SOLVED: To supply authentication information to be used for a resource provider who supplies a resource to authenticate a resource recipient to the resource recipient. SOLUTION: A resource 12 is acquired from a resource provider (RP) 10 for a resource requester (RR) 14 operating on a computing device 18. The RR 14 is provided with an identify descriptor(id) 20 including security relevance information to designate an environment where the RR 14 is operating. A code identity code(code ID) 22 is calculated based on the loaded RR14 and id 20. The RP 10 verifies that the code ID calculated in the request of the resource 12 is matched with one of one or more valid codes ID 22 for the identified RR 14, and concludes that the RR 14 and id 20 are reliable, and the RP 10 supplies the requested resource 12 to the RR 14, and responds to the transferred request. COPYRIGHT: (C)2005,JPO&NCIPI

Abstract translation: 要解决的问题：提供用于提供资源的资源提供者的认证信息，以向资源接收者认证资源接收者。 解决方案：从用于在计算设备18上运行的资源请求者（RR）14的资源提供者（RP）10获取资源12.RR14具有包括安全相关信息的标识描述符（id）20 指定RR 14运行的环境。 基于加载的RR14和ID20计算代码标识码（代码ID）22 .RR 10验证在资源12的请求中计算的代码ID与一个或多个有效代码ID 22中的一个匹配，用于 标识的RR 14，并且得出结论，RR 14和ID 20是可靠的，并且RP 10将请求的资源12提供给RR14，并且响应于所传送的请求。 版权所有（C）2005，JPO＆NCIPI

公开(公告)号：JP2005129033A

公开(公告)日：2005-05-19

申请号：JP2004278411

申请日：2004-09-24

Applicant: Microsoft Corp ,  マイクロソフト コーポレーション

Inventor： RAY KENNETH D ,  PEINADO MARCUS ,  ENGLAND PAUL ,  KURIEN THEKKTHALACKAL VARUGIS

IPC: G06F21/24 ,  G06F1/00 ,  G06F3/00 ,  G06F9/44 ,  G06F9/45 ,  G06F9/46 ,  G06F12/14 ,  G06F15/76 ,  G06F17/00 ,  G06F21/00 ,  G06F21/22

CPC classification number: G06F21/53

Abstract: PROBLEM TO BE SOLVED: To execute, in parallel with each other, a large-scale system having advanced features and a small-scale system for providing high-level security. SOLUTION: An application's functionality is partitioned into two groups depending on whether or not a specific operation like processing of secret data is executed. Separate software objects (processors) are created to perform these two groups of operations. A trusted processor handles secure data and runs in a high-assurance environment. When another processor detects secure data, that data are sent to the trusted processor. The data are wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes the objects to the correct processor, and allows their integrity to be attested through a chain of trust leading back to a base component that is known to be trustworthy. COPYRIGHT: (C)2005,JPO&NCIPI

Abstract translation: 要解决的问题：并行执行具有高级特征的大型系统和用于提供高级安全性的小规模系统。 解决方案：根据是否执行特定操作（如处理秘密数据），将应用程序的功能划分为两组。 创建独立的软件对象（处理器）来执行这两组操作。 值得信赖的处理器处理安全数据并在高保证环境中运行。 当另一个处理器检测到安全数据时，该数据被发送到可信处理器。 数据被包装成允许其被路由到可信处理器的方式，并且防止数据被除了可信处理器之外的任何实体解密。 提供了一个基础设施，用于包装对象，将对象路由到正确的处理器，并通过一个信任链来验证其完整性，并将其引导回已知可靠的基础组件。 版权所有（C）2005，JPO＆NCIPI

公开(公告)号：EP2126744A4

公开(公告)日：2011-03-16

申请号：EP08743551

申请日：2008-02-26

Applicant: MICROSOFT CORP

Inventor： KURIEN THEKKTHALACKAL VARUGIS ,  JACKSON STEVEN E ,  FIELD SCOTT A ,  LAFORNARA PHILIP J

IPC: G06F17/30 ,  G06F17/00

CPC classification number: G06F17/3089 ,  Y10S707/99932

公开(公告)号：EP2126724A4

公开(公告)日：2011-03-16

申请号：EP08731375

申请日：2008-03-04

Applicant: MICROSOFT CORP

Inventor： KURIEN THEKKTHALACKAL VARUGIS ,  JACKSON STEVEN E ,  FIELD SCOTT A

IPC: G06F17/30 ,  G06F17/00

CPC classification number: G06F17/3089 ,  G06F17/30643 ,  G06F17/30867

Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user. As the namespace(s)/keyword(s) in association with which to organize a particular executable scenario solution is determined by the author of the scenario solution, other information associated with the same namespace/keyword (and/or a namespace/keyword having a relationship thereto) is likely to be more relevant than information organized based upon keywords alone.

公开(公告)号：EP2126721A4

公开(公告)日：2011-03-16

申请号：EP08728569

申请日：2008-01-30

Applicant: MICROSOFT CORP

Inventor： KURIEN THEKKTHALACKAL VARUGIS ,  JACKSON STEVEN E ,  FIELD SCOTT A ,  CROSS DAVID B

IPC: G06F17/00 ,  G06F17/30

CPC classification number: G06F21/6245 ,  G06F17/3089 ,  G06F21/6218 ,  G06F2221/2111 ,  G06F2221/2141 ,  G06F2221/2147

公开(公告)号：EP2126817A4

公开(公告)日：2011-07-06

申请号：EP08730763

申请日：2008-02-26

Applicant: MICROSOFT CORP

Inventor： KURIEN THEKKTHALACKAL VARUGIS ,  JACKSON STEVEN E ,  FIELD SCOTT A

IPC: G06Q30/00

CPC classification number: G06Q30/02

公开(公告)号：CA2507793C

公开(公告)日：2013-07-23

申请号：CA2507793

申请日：2005-05-17

Applicant: MICROSOFT CORP

Inventor： WILLMAN BRYAN MARK ,  ENGLAND PAUL ,  RAY KENNETH D ,  HUNTER JAMIE ,  MCMICHAEL LONNY DEAN ,  LASALLE DEREK NORMAN ,  JACOMET PIERRE ,  PALEY MARK ELIOT ,  KURIEN THEKKTHALACKAL VARUGIS ,  CROSS DAVID B

IPC: G06F9/445 ,  G06F11/00 ,  G06F21/00 ,  G06N20060101

Abstract: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

公开(公告)号：AT488800T

公开(公告)日：2010-12-15

申请号：AT05105591

申请日：2005-06-23

Applicant: MICROSOFT CORP

Inventor： WILLMAN BRYAN MARK ,  CROSS DAVID B ,  ENGLAND PAUL ,  RAY KENNETH D ,  HUNTER JAMIE ,  MCMICHAEL LONNY DEAN ,  LASALLE DEREK NORMAN ,  JACOMET PIERRE ,  PALEY MARK ELIOT ,  KURIEN THEKKTHALACKAL VARUGIS

IPC: G06F9/445 ,  G06F1/00 ,  G06F11/00 ,  G06F21/00 ,  G06N20060101

Abstract: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

公开(公告)号：BRPI0404008A

公开(公告)日：2005-06-21

申请号：BRPI0404008

申请日：2004-09-23

Applicant: MICROSOFT CORP

Inventor： RAY KENNETH D ,  PEINADO MARCUS ,  KURIEN THEKKTHALACKAL VARUGIS ,  ENGLAND PAUL

IPC: G06F21/24 ,  G06F1/00 ,  G06F3/00 ,  G06F9/44 ,  G06F9/45 ,  G06F9/46 ,  G06F12/14 ,  G06F15/76 ,  G06F17/00 ,  G06F21/00 ,  G06F21/22

Abstract: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.