公开(公告)号：US08646027B2

公开(公告)日：2014-02-04

申请号：US12163378

申请日：2008-06-27

Applicant: Rushmi U. Malaviarachchi ,  Kenneth D. Ray ,  Scott C. Cottrille ,  Frederic Delombaerde ,  Conrad G. Bayer

Inventor： Rushmi U. Malaviarachchi ,  Kenneth D. Ray ,  Scott C. Cottrille ,  Frederic Delombaerde ,  Conrad G. Bayer

IPC: G06F17/00 ,  G06F7/04 ,  G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F17/30 ,  G11C7/00 ,  H04L29/06 ,  H04N7/16

CPC classification number: G06F21/6218

Abstract: The present invention extends to methods, systems, and computer program products for workflow based authorization for content access. A workflow can be triggered when a protection policy does not fully express an intended recipient's rights in protected content. A workflow processes relevant inputs to more fully express the intended recipient's rights in protected content. Workflows can provide policy item updates and authorizations decisions with respect to protected content. Through the use of workflows to make an authorization decision, access to information can become more flexible, allowing it to follow the desired flow of information throughout its lifecycle. This flexibility allows organizations to protect their information without worrying about the protection stopping the natural flow of business.

Abstract translation: 本发明扩展到用于基于内容访问的基于工作流的授权的方法，系统和计算机程序产品。 当保护策略未完全表达受保护内容中预期收件人的权限时，可以触发工作流。 工作流程处理相关投入，以更充分地表达受保护内容中预期收件人的权利。 工作流程可以提供有关受保护内容的策略项更新和授权决策。 通过使用工作流程进行授权决策，对信息的访问可以变得更加灵活，允许其在整个生命周期中遵循所需的信息流。 这种灵活性允许组织保护他们的信息，而不用担心阻止业务的自然流动。

公开(公告)号：US08375440B2

公开(公告)日：2013-02-12

申请号：US11872220

申请日：2007-10-15

Applicant: Kenneth D. Ray ,  Kevin M. Litwack ,  David R. Wooten

Inventor： Kenneth D. Ray ,  Kevin M. Litwack ,  David R. Wooten

IPC: G06F21/00

CPC classification number: G06F15/177 ,  G06F9/4418 ,  G06F21/31 ,  G06F21/81

Abstract: Procedures for resumption from a low activity condition are discussed. In implementations, a persistent state file, or a portion thereof, is secured via an encryption algorithm, with the decryption key secured via the operating system (OS) login user credentials. Once a user is authenticated via the OS login, the persistent state file may be decrypted and inserted in the OS boot path with resumption occurring through the persistent state file.

Abstract translation: 讨论从低活动条件恢复的程序。 在实现中，经由加密算法来保护持久状态文件或其一部分，其中解密密钥通过操作系统（OS）登录用户凭证得到保护。 一旦用户通过OS登录认证，持久状态文件可以被解密并插入到OS引导路径中，并通过持久状态文件进行恢复。

公开(公告)号：US20120124482A1

公开(公告)日：2012-05-17

申请号：US13293071

申请日：2011-11-09

Applicant: Kenneth D. RAY ,  Christopher Cox

Inventor： Kenneth D. RAY ,  Christopher Cox

IPC: G06F3/048 ,  G06F15/16

CPC classification number: G06Q50/00

Abstract: Methods and systems are provided for use in monitoring and encouraging the attainment of personal dreams. Users can publish dreams and action steps to online social networks and receive comments related thereto. Third-party users can write suggestions in connection with the dreams or action steps to help the user achieve the dreams. Anonymous feeds regarding the dreams and related actions can be sent to target sites as a function of user identity.

Abstract translation: 提供方法和系统用于监测和鼓励实现个人梦想。 用户可以向在线社交网络发布梦想和行动步骤，并收到与此相关的意见。 第三方用户可以编写与梦想或动作步骤相关的建议，以帮助用户实现梦想。 有关梦想和相关行为的匿名提要可以作为用户身份的功能发送到目标站点。

公开(公告)号：US08135135B2

公开(公告)日：2012-03-13

申请号：US11635897

申请日：2006-12-08

Applicant: Peter N. Biddle ,  Kenneth D. Ray ,  Octavian T. Ureche ,  Erik Holt

Inventor： Peter N. Biddle ,  Kenneth D. Ray ,  Octavian T. Ureche ,  Erik Holt

IPC: H04L9/14

CPC classification number: G06F11/1415 ,  G06F21/6218 ,  H04L9/0897

Abstract: In situations, such as disasters, where the physical protection of data may be compromised, algorithmic protection of such data can be increased in anticipation of the disaster. An off-site mechanism can send a disaster preparation script to computing devices expected to be affected, resulting in the deletion of decryption keys from those computing devices. Once the disaster passes, the off-site mechanism, upon receiving confirmation of the physical integrity of the computing devices, can return one or more decryption keys to the computing devices, enabling access algorithmically protected data. The off-site mechanism can also optionally provide access information that can be used to obtain access to the algorithmically protected data via at least one returned decryption key.

Abstract translation: 在诸如灾害等数据的物理保护可能受到损害的情况下，可以在预测灾难时增加对这些数据的算法保护。 异地机制可以向预期受影响的计算设备发送灾难准备脚本，导致从这些计算设备中删除解密密钥。 一旦灾难通过，异地机制在接收到计算设备的物理完整性的确认之后，可以向计算设备返回一个或多个解密密钥，从而实现对算法保护的数据的访问。 站外机制还可以选择性地提供访问信息，该访问信息可以用于经由至少一个返回的解密密钥来获得对算法保护数据的访问。

公开(公告)号：US08046593B2

公开(公告)日：2011-10-25

申请号：US11449553

申请日：2006-06-07

Applicant: Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

Inventor： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

IPC: G06F12/14

CPC classification number: G06F21/85 ,  G06F21/78 ,  G06F2221/2113 ,  H04L9/0836

Abstract: Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.

Abstract translation: 通过使用单个密码引擎执行磁盘操作来控制对诸如磁盘的存储设备的访问。 与控制对存储设备的访问相关联的分层结构的每个层相关联的密钥被组合。 这种组合的结果被用作密码引擎的关键。 要从存储装置检索和写入存储装置的数据利用组合密钥由加密引擎进行操作。 通过组合与分层结构的层相关联的功能来组合密钥。 组合功能可以包括排他或功能，加密散列函数或其组合。

公开(公告)号：US07913074B2

公开(公告)日：2011-03-22

申请号：US11864418

申请日：2007-09-28

Applicant: Kevin M Litwack ,  Kenneth D. Ray ,  David R Wooten ,  Nathan T. Lewis

Inventor： Kevin M Litwack ,  Kenneth D. Ray ,  David R Wooten ,  Nathan T. Lewis

IPC: G06F9/00 ,  H04L29/06 ,  G06F21/00 ,  G06F11/30 ,  G06F7/04 ,  H04K1/00 ,  H04L9/00

CPC classification number: G06F15/16

Abstract: Tools and techniques for securely launching encrypted operating systems are described herein. The tools may provide computing systems that include operating systems (OSs) that define boot paths for the systems. This boot path may include first and second OS loader components. The first loader may include instructions for retrieving a list of disk sectors from a first store, and for retrieving these specified sectors from an encrypted second store. The first loader may also store the sectors in a third store that is accessible to both the first and the second loader components, and may invoke the second loader to try launching the OS using these sectors. In turn, the second loader may include instructions for retrieving these sectors from the third store, and for unsealing a key for decrypting these sectors. The second loader may then decrypt these sectors, and attempt to launch the OS from these sectors.

Abstract translation: 本文描述了用于安全启动加密操作系统的工具和技术。 这些工具可以提供包括为系统定义引导路径的操作系统（OS）的计算系统。 该引导路径可以包括第一和第二OS加载器组件。 第一加载器可以包括用于从第一存储检索磁盘扇区列表的指令，并且用于从加密的第二存储中检索这些指定的扇区。 第一加载器还可以将扇区存储在第一和第二加载器组件可访问的第三个存储区中，并且可以调用第二加载器来尝试使用这些扇区启动操作系统。 反过来，第二装载器可以包括用于从第三商店检索这些扇区的指令，以及用于解密用于对这些扇区进行解密的密钥。 然后，第二加载器可以解密这些扇区，并尝试从这些扇区启动OS。

公开(公告)号：US07725703B2

公开(公告)日：2010-05-25

申请号：US11031161

申请日：2005-01-07

Applicant: Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D Ray ,  Jonathan Schwartz

Inventor： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D Ray ,  Jonathan Schwartz

IPC: G06F21/02 ,  G06F21/22

CPC classification number: G06F21/575

Abstract: In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.

Abstract translation: 在具有可信平台模块（TPM）的计算机中，引导组件的预期散列值可以被放置到平台配置寄存器（PCR）中，这允许TPM解密秘密。 然后可以使用秘密来解密引导组件。 然后可以计算解密的引导组件的散列，并将结果置于PCR中。 然后可以比较PCR。 如果不这样做，可以取消对系统运行的重要秘密的访问。 此外，只有当第一多个PCR值存在时，第一个秘密才可以访问，而第二个秘密只有在第一个多个PCR值中的一个或多个被新的值替换之后才可访问，从而必然取消进一步的访问 到第一个秘密，以授予访问第二个秘密。

公开(公告)号：US07676752B2

公开(公告)日：2010-03-09

申请号：US11076624

申请日：2005-03-10

Applicant: Firdosh K. Bhesania ,  Kenneth D. Ray ,  Stephane St. Michel

Inventor： Firdosh K. Bhesania ,  Kenneth D. Ray ,  Stephane St. Michel

IPC: G06F3/00 ,  G06F13/00

CPC classification number: G06F9/4411 ,  G06F9/451

Abstract: Systems and methods to specify device specific user interface information in firmware of a USB device are described. In one aspect, a USB device receives a host-specific device request from an application executing on a computing device coupled to the USB device. The USB device identifies a host-defined string descriptor defined by the application. The host-defined string descriptor is stored in firmware of the USB device.

Abstract translation: 描述在USB设备的固件中指定设备特定用户界面信息的系统和方法。 在一个方面，USB设备从耦合到USB设备的计算设备上执行的应用接收主机专用设备请求。 USB设备标识由应用程序定义的主机定义的字符串描述符。 主机定义的字符串描述符存储在USB设备的固件中。

公开(公告)号：US20090328134A1

公开(公告)日：2009-12-31

申请号：US12163548

申请日：2008-06-27

Applicant: Kenneth D. Ray ,  Pankaj M. Kamat ,  Charles W. Kaufman ,  Paul J. Leach ,  William R. Tipton ,  Andrew Herron ,  Krassimir E. Karamifilov ,  Duncan G. Bryce ,  Jonathan D. Schwartz ,  Matthew C. Setzer ,  John McDowell

Inventor： Kenneth D. Ray ,  Pankaj M. Kamat ,  Charles W. Kaufman ,  Paul J. Leach ,  William R. Tipton ,  Andrew Herron ,  Krassimir E. Karamifilov ,  Duncan G. Bryce ,  Jonathan D. Schwartz ,  Matthew C. Setzer ,  John McDowell

IPC: G06F17/00

CPC classification number: G06F21/105

Abstract: The present invention extends to methods, systems, and computer program products for licensing protected content to application sets. Embodiments of the invention permit a local machine to increase its participation in authorizing access to protected content. For example, an operating system within an appropriate computing environment is permitted to determine if an application is authorized to access protected content. Thus, the application is relieved from having to store a publishing license. Further, authorization decisions are partially distributed, easing the resource burden on a protection server. Accordingly, embodiments of the invention can facilitate more robust and efficient authorization decisions when access to protected content is requested.

Abstract translation: 本发明扩展到用于将受保护内容授权给应用集的方法，系统和计算机程序产品。 本发明的实施例允许本地机器增加其对授权对受保护内容的访问的参与。 例如，允许在适当的计算环境内的操作系统来确定应用程序是否被授权访问受保护的内容。 因此，应用程序不必存储发布许可证。 此外，授权决定部分分配，减轻了保护服务器的资源负担。 因此，当请求访问受保护内容时，本发明的实施例可以促进更强大和有效的授权决定。

公开(公告)号：US20090270755A1

公开(公告)日：2009-10-29

申请号：US12111408

申请日：2008-04-29

Applicant: Mary P. Czerwinski ,  Kenneth D. Ray ,  Steven Bathiche ,  Hong Choing

Inventor： Mary P. Czerwinski ,  Kenneth D. Ray ,  Steven Bathiche ,  Hong Choing

IPC: A61B5/04 ,  H04L9/32

CPC classification number: A61B5/1118 ,  A61B5/0022 ,  A61B5/04009 ,  A61B5/0476 ,  A61B5/486 ,  G06F19/3481 ,  G16H10/60 ,  G16H50/20

Abstract: The claimed subject mater provides systems and/or techniques that provide biometric feedback monitoring of brain activity. The system includes mechanisms that obtain indication of brain activity associated with an individual which can be utilized to ensure that the individual is maximizing his or her brain activity. Where it is determined that the individual is not optimally utilizing his or her brain, feedback can be directed to the individual in order to stimulate brain activity in a specified response center of the brain.

Abstract translation: 所要求保护的主题提供了提供脑活动的生物特征反馈监测的系统和/或技术。 该系统包括获得与个体相关的脑活动的指示的机制，其可以用于确保个体最大化他或她的大脑活动。 在确定个体不能最佳地利用他或她的大脑的情况下，反馈可以针对个体以刺激大脑的指定反应中心的大脑活动。