公开(公告)号：US09946848B2

公开(公告)日：2018-04-17

申请号：US12393242

申请日：2009-02-26

Applicant: Timothy J. Hahn ,  Bernard P. Palmer, Jr. ,  Michael P. Waidner ,  James J. Whitmore

Inventor： Timothy J. Hahn ,  Bernard P. Palmer, Jr. ,  Michael P. Waidner ,  James J. Whitmore

IPC: G06F21/10 ,  G06F21/12 ,  H04L9/32

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/0737 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/60 ,  H04L2209/68

Abstract: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.

公开(公告)号：US09898587B2

公开(公告)日：2018-02-20

申请号：US13454555

申请日：2012-04-24

Applicant: Timothy J. Hahn ,  Bernard P. Palmer, Jr. ,  Michael P. Waidner ,  James J. Whitmore

Inventor： Timothy J. Hahn ,  Bernard P. Palmer, Jr. ,  Michael P. Waidner ,  James J. Whitmore

IPC: G06F21/00 ,  G06F21/10 ,  H04L9/32

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/0737 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/60 ,  H04L2209/68

Abstract: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.

公开(公告)号：US20120216294A1

公开(公告)日：2012-08-23

申请号：US13454555

申请日：2012-04-24

Applicant: Timothy J. Hahn ,  Bernard P. Palmer, JR. ,  Michael P. Waidner ,  James J. Whitmore

Inventor： Timothy J. Hahn ,  Bernard P. Palmer, JR. ,  Michael P. Waidner ,  James J. Whitmore

IPC: G06F21/00

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/0737 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/60 ,  H04L2209/68

Abstract: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.

Abstract translation: 提供了用于建立计算机程序产品的权利的技术，并且包括在注册过程中提供客户端身份以产生授权文件，获得计算机程序产品的编码版本，以及将计算机程序产品变换为安装产品 计算机存储介质，其中安装产品包括授权文件以建立计算机程序产品的有权使用。 此外，用于促进计算机程序产品的安全符合性的技术包括提供计算机程序产品的编码版本，并为计算机程序产品提供安装产品构建器，其中安装产品构建器使用计算机存储介质中的安装产品 客户端身份和计算机程序产品的编码版本，并且其中所创建的安装产品包括授权文件，以促进计算机程序产品的安全符合性。

公开(公告)号：US07941859B2

公开(公告)日：2011-05-10

申请号：US10874421

申请日：2004-06-23

Applicant: Jan L. Camenisch ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

Inventor： Jan L. Camenisch ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

IPC: H04L17/30 ,  G06F17/30 ,  G06F12/14

CPC classification number: G06F21/6245

Abstract: Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.

Abstract translation: 用于减少或最小化敏感信息访问的方法，系统和存储介质。 一种方法包括识别与计算机系统相关联的过程和数据，并将每个数据分类为敏感信息或非敏感信息之一。 敏感信息包括以下至少一项：对个人个人的数据，机密数据和法律上受限于使用条件的数据。 对于每个过程，该方法包括选择过程和敏感数据项，修改敏感数据项，分析至少所选过程的行为，以及如果结果，则阻止敏感数据项的访问。 在分析的情况下，敏感数据项被确定为所选择的处理不需要。

公开(公告)号：US20080235805A1

公开(公告)日：2008-09-25

申请号：US10597664

申请日：2005-01-28

Applicant: Birgit M. Pfitzmann ,  Michael P. Waidner

Inventor： Birgit M. Pfitzmann ,  Michael P. Waidner

IPC: G06F1/00

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F2221/0773 ,  G06F2221/2137

Abstract: Software licence management systems are provided in which a licence to use a software product is represented by a data token. The systems have a software controller for controlling use of the software product at a user device, and a licence management server for communicating with the software controller via a data communications network. The software controller allows use of the software product at the user device substantially only during a use period associated with a current data token supplied to the software controller by the licence management server. An exchange token can be supplied to another, similar software controller when necessary to transfer the licence, e.g. in the event of a breakdown. The software controller is adapted to supply either the current data token, or the exchange token, to the licence management server to be exchanged for a new data token.

Abstract translation: 提供了软件许可证管理系统，其中使用软件产品的许可证由数据令牌表示。 该系统具有用于控制在用户设备处使用软件产品的软件控制器，以及用于经由数据通信网络与软件控制器进行通信的许可证管理服务器。 软件控制器允许基本上仅在与由许可证管理服务器提供给软件控制器的当前数据令牌相关联的使用期间内在用户设备处使用软件产品。 交换令牌可以在必要时提供给另一个类似的软件控制器来传送许可证，例如 发生故障时。 软件控制器适于将当前数据令牌或交换令牌提供给许可证管理服务器，以交换新的数据令牌。

公开(公告)号：US07302569B2

公开(公告)日：2007-11-27

申请号：US10643798

申请日：2003-08-19

Applicant: Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

Inventor： Linda Betz ,  John C. Dayka ,  Walter B. Farrell ,  Richard H. Guski ,  Guenter Karjoth ,  Mark A. Nelson ,  Birgit M. Pfitzmann ,  Matthias Schunter ,  Michael P. Waidner

IPC: H04L29/00

CPC classification number: G06F21/629 ,  G06F21/6245 ,  G06F2221/2101 ,  G06F2221/2113 ,  G06F2221/2141 ,  G06F2221/2149

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract translation: 通过将个人识别信息（PII）分类标签分配给PII数据对象来实现数据访问控制设施，每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集（PSFS），其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组，其包含至少一个PII分类标签的列表，该列表用于确定用户是否有权访问特定功能。

公开(公告)号：US10068064B2

公开(公告)日：2018-09-04

申请号：US13454502

申请日：2012-04-24

Applicant: Timothy J. Hahn ,  Bernard P. Palmer, Jr. ,  Michael P. Waidner ,  James J. Whitmore

Inventor： Timothy J. Hahn ,  Bernard P. Palmer, Jr. ,  Michael P. Waidner ,  James J. Whitmore

IPC: G06F21/10 ,  G06F21/12 ,  H04L9/32

Abstract: Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.

公开(公告)号：US08205266B2

公开(公告)日：2012-06-19

申请号：US10597664

申请日：2005-01-28

Applicant: Birgit M. Pfitzmann ,  Michael P. Waidner

Inventor： Birgit M. Pfitzmann ,  Michael P. Waidner

IPC: G06F21/00

CPC classification number: G06F21/10 ,  G06F21/105 ,  G06F2221/0773 ,  G06F2221/2137

Abstract: Software license management systems are provided in which a license to use a software product is represented by a data token. The systems have a software controller for controlling use of the software product at a user device, and a license management server for communicating with the software controller via a data communications network. The software controller allows use of the software product at the user device substantially only during a use period associated with a current data token supplied to the software controller by the license management server. An exchange token can be supplied to another, similar software controller when necessary to transfer the license, e.g. in the event of a breakdown. The software controller is adapted to supply either the current data token, or the exchange token, to the license management server to be exchanged for a new data token.

Abstract translation: 提供了软件许可证管理系统，其中使用软件产品的许可证由数据令牌表示。 该系统具有用于控制在用户设备处使用软件产品的软件控制器，以及用于经由数据通信网络与软件控制器进行通信的许可证管理服务器。 软件控制器允许基本上仅在与由许可证管理服务器提供给软件控制器的当前数据令牌相关联的使用期间内在用户设备上使用该软件产品。 交换令牌可以在必要时提供给另一个类似的软件控制器来传送许可证，例如 发生故障时。 软件控制器适于将当前数据令牌或交换令牌提供给许可证管理服务器，以交换新的数据令牌。

公开(公告)号：US09202080B2

公开(公告)日：2015-12-01

申请号：US13417691

申请日：2012-03-12

Applicant: Ivan M. Milman ,  Charles D. Wolfson ,  Matthias Schunter ,  Heather M. Hinton ,  Michael P. Waidner

Inventor： Ivan M. Milman ,  Charles D. Wolfson ,  Matthias Schunter ,  Heather M. Hinton ,  Michael P. Waidner

IPC: G06F17/30 ,  G06F21/62

CPC classification number: G06F21/6245

Abstract: A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.

公开(公告)号：US08892900B2

公开(公告)日：2014-11-18

申请号：US13602169

申请日：2012-09-02

Applicant: Endre-Feliz F. Bangerter ,  Matthias Schunter ,  Michael P. Waidner ,  Jan L. Camenisch

Inventor： Endre-Feliz F. Bangerter ,  Matthias Schunter ,  Michael P. Waidner ,  Jan L. Camenisch

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3218 ,  H04L9/3234 ,  H04L2209/80

Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM}, and comprises the following steps. First, the computing platform (P) receives configuration values (PCRI . . . PCRn). Then, by means of the trusted platform module (TPM}, a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCRI . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp}} on one of the received configuration values (PCRI . . . PCRn).

Abstract translation: 用于隐私保护计算平台完整性认证的系统，设备和方法。 计算平台（P）的隐私保护完整性认证的一个示例性方法具有可信赖的平台模块（TPM），包括以下步骤：首先，计算平台（P）接收配置值（PCRI ...，PCRn）。 然后，通过可信平台模块（TPM），确定取决于计算平台（P）的配置的配置值（PCRp），在另一步骤中，配置值（PCRp）通过 最后，如果配置值（PCRp）是接收到的配置值（PCRI ...，PCRn）之一，则计算平台（P）向验证者（V）证明其知道签名（ 在PCR接收的配置值之一（PCRI ... PCRn）上签名（​​PCRp}}。