公开(公告)号：US06769061B1

公开(公告)日：2004-07-27

申请号：US09487150

申请日：2000-01-19

申请人： Keith Thomas Ahern

发明人： Keith Thomas Ahern

IPC分类号： G06F124

CPC分类号： G06F17/2294 ,  G06F17/2205 ,  G06T1/0021 ,  G06T2201/0062 ,  H04N1/32128 ,  H04N1/32203

摘要： Meta-information, such as a digital watermark, that is associated with a document is encoded by using characters, or sequences of characters, that are “invisible” when rendered. Characters such as spaces, tabs, carriage returns, backspaces, line feeds, and so on are used to encode the watermark. The encoded “invisible” meta-information item is preferably appended to the document. A receiving device that is compatible with this encoding is able to decode and process the meta-information, for example, to verify the contents and/or the originator of the document. A receiving device that is not compatible with this encoding will merely display or print additional “white space” corresponding to the “invisible” meta-information. By appending this invisible encoding to the document, this additional white space will occur after the display or printing of the document, in a visually unobtrusive form.

摘要翻译： 与文档相关联的元信息（例如数字水印）通过使用被呈现为“不可见”的字符或字符序列进行编码。 诸如空格，制表符，回车符，后退空格，换行符等字符用于对水印进行编码。 编码的“不可见”元信息项优选地附加到文档。 与该编码兼容的接收设备能够对元信息进行解码和处理，例如验证文档的内容和/或发起者。 与该编码不兼容的接收设备将仅显示或打印与“不可见”元信息相对应的附加“空格”。 通过将这个不可见的编码附加到文档中，这个额外的空格将在文档的显示或打印之后以视觉上不显眼的形式出现。

公开(公告)号：US06751737B1

公开(公告)日：2004-06-15

申请号：US09413965

申请日：1999-10-07

申请人： Richard G. Russell ,  David F. Tobias

发明人： Richard G. Russell ,  David F. Tobias

IPC分类号： G06F124

CPC分类号： G06F21/53 ,  G06F9/45541 ,  G06F9/45558 ,  G06F21/74 ,  G06F2009/45587 ,  G06F2221/2105

摘要： A system is provided that contains multiple control register and descriptor table register sets so that an execution context switch between X86 protected mode operating systems can be performed with minimal processing overhead. Upon receipt of a protected instruction determined to be a meta-protected instruction, the system calls a meta virtual machine (MVM) that performs the functions necessary to shift execution contexts.

摘要翻译： 提供了一种包含多个控制寄存器和描述符表寄存器集的系统，使得可以以最少的处理开销执行X86保护模式操作系统之间的执行上下文切换。 在接收到被确定为元保护指令的受保护指令时，系统调用执行转移执行上下文所必需的功能的元虚拟机（MVM）。

公开(公告)号：US06745333B1

公开(公告)日：2004-06-01

申请号：US10062871

申请日：2002-01-31

申请人： Brant D. Thomsen

发明人： Brant D. Thomsen

IPC分类号： G06F124

CPC分类号： H04L41/046 ,  H04L29/12264 ,  H04L41/0213 ,  H04L43/00 ,  H04L61/2046 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/1466 ,  H04W12/08 ,  H04W12/12

摘要： A method is described a NIC to ascertain the presence of spoofing activity and thus detect unauthorized network access. The NIC monitors for packets purporting to be from itself. In one embodiment, a NIC views packets trafficking on its network and monitors for packets having its own MAC Address, but which it did not send. In another embodiment, the NIC monitors for packets having its own IP address, but which it did not send. These falsely purportive packets originate not from the observant NIC, but suspiciously from elsewhere. Such suspect origins entities may be rogue entities attempting to gain unauthorized network access. These embodiments detect unauthorized access to a network by ascertaining the presence of spoofing activity in a manner that does not require gross revamping of network architecture or the burdening of network accessibility by legitimate authorized entities.

摘要翻译： 描述了一种NIC来确定欺骗活动的存在并因此检测未经授权的网络访问。 NIC监视来自本身的数据包。 在一个实施例中，NIC在其网络上查看分组传送，并监视具有其自己的MAC地址但是没有发送的分组的分组。 在另一个实施例中，NIC监视具有其自己的IP地址但是没有发送的分组的分组。 这些虚假的信息来源不是来自观察网卡，而是来自其他地方。 这些嫌疑来源实体可能是试图获得未经授权的网络访问的流氓实体。 这些实施例通过不需要大量改进网络架构或合法授权实体对网络可访问性的负担的方式来确定欺骗活动的存在来检测对网络的未授权访问。

公开(公告)号：US06732269B1

公开(公告)日：2004-05-04

申请号：US09411471

申请日：1999-10-01

申请人： Michael Edward Baskey ,  Timothy James Hahn ,  Dilip Dinkar Kandlur ,  David Gerard Kuehr-McLaren

发明人： Michael Edward Baskey ,  Timothy James Hahn ,  Dilip Dinkar Kandlur ,  David Gerard Kuehr-McLaren

IPC分类号： G06F124

CPC分类号： H04L63/166 ,  H04L2463/102

摘要： Methods, systems and computer program products are provided which communicate between client applications and a transaction server by establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server. A first session specific SSL connection, different from the persistent secure connection, is also established between a first client application and the SSL proxy server. Communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection are then forwarded with the client's identity preserved to the transaction server over the persistent secure connection. Furthermore, a second session specific SSL connection between a second client application and the SSL proxy server may also be established and the communications between the second client application and the SSL proxy server transmitted over the second session specific SSL connection are forwarded to the transaction server over the persistent secure connection. Preferably, the persistent secure connection is an SSL connection.

摘要翻译： 提供了方法，系统和计算机程序产品，其通过在事务服务器和安全套接层（SSL）代理服务器之间建立持久的安全连接，在客户端应用程序和事务服务器之间进行通信。 第一个客户端应用程序和SSL代理服务器之间通过第一个会话特定的SSL连接传输的通信也被转发 客户端的身份通过持久的安全连接保留到事务服务器。 此外，还可以建立第二客户端应用和SSL代理服务器之间的第二会话特定SSL连接，并且通过第二会话特定SSL连接发送的第二客户端应用和SSL代理服务器之间的通信被转发到交易服务器 持久的安全连接。 优选地，持久安全连接是SSL连接。

公开(公告)号：US06721883B1

公开(公告)日：2004-04-13

申请号：US09490523

申请日：2000-01-25

申请人： Mukund P. Khatri ,  Albert John Bolian ,  George Mathew ,  Wai-Ming Richard Chan

发明人： Mukund P. Khatri ,  Albert John Bolian ,  George Mathew ,  Wai-Ming Richard Chan

IPC分类号： G06F124

CPC分类号： G06F9/4408

摘要： A method and system for booting a computer system is provided in which the boot order of the computer system is displayed to the user in a manner such that the name of each bootable device and the location of each bootable device in the architecture of the computer system are displayed to the user upon entering a setup routine. The boot order displayed may also identify other information about the bootable devices of the computer system, including the operating and maximum speed of the devices and whether the devices are embedded devices. The boot order may be changed by the user by entering setup and manipulating the displayed list of bootable devices.

摘要翻译： 提供了一种用于引导计算机系统的方法和系统，其中以使得每个可引导设备的名称和计算机系统的架构中的每个可启动设备的位置的方式向计算机系统显示引导顺序 在进入安装程序时向用户显示。 显示的启动顺序还可以标识关于计算机系统的可引导设备的其他信息，包括设备的操作和最大速度以及设备是否是嵌入式设备。 用户可以通过输入设置并操纵显示的可引导设备列表来更改引导顺序。

公开(公告)号：US06715082B1

公开(公告)日：2004-03-30

申请号：US09379754

申请日：1999-08-24

申请人： Benjamin Ma Chang ,  David J. Guenther

发明人： Benjamin Ma Chang ,  David J. Guenther

IPC分类号： G06F124

CPC分类号： H04L63/02 ,  G06F21/34 ,  G06F21/6218 ,  G06F2221/2137 ,  G06F2221/2141 ,  H04L63/083

摘要： A mechanism for establishing a plurality of sessions between a client and a first server based on a single input of user authenticating information is disclosed. A request to establish a connection between the client and the first server is received. The request includes identification information for authenticating a requesting user. Based on the identification information, a determination is made as to whether the connection between the client and the first server should be established. If it is determined that the connection between the client and the first server should be established, the identification information is cached in memory and the connection between the client and the first server is allowed to be established. Subsequent connection requests from the same client are authenticated, and further connections can be established, based on the cached identification information, without further input from the client or user.

摘要翻译： 公开了一种用于基于用户认证信息的单个输入在客户机和第一服务器之间建立多个会话的机制。 接收到建立客户端与第一台服务器之间的连接的请求。 该请求包括用于认证请求用户的识别信息。 基于识别信息，确定是否应建立客户端与第一服务器之间的连接。 如果确定客户端和第一服务器之间的连接应该建立，则识别信息被缓存在存储器中，并且允许建立客户端与第一服务器之间的连接。 来自相同客户端的后续连接请求被认证，并且可以基于缓存的标识信息建立进一步的连接，而不需要客户端或用户的进一步输入。

公开(公告)号：US06704870B2

公开(公告)日：2004-03-09

申请号：US09942492

申请日：2001-08-29

申请人： Scott A. Vanstone ,  Alfred J. Menezes

发明人： Scott A. Vanstone ,  Alfred J. Menezes

IPC分类号： G06F124

CPC分类号： G07F7/1008 ,  G06F7/725 ,  G06Q20/341 ,  G06Q20/40975 ,  G07F7/082 ,  H04L9/3066 ,  H04L9/3247 ,  H04L2209/56

摘要： A digital signature scheme for a “smart” card utilizes a set of prestored signing elements and combines pairs of the elements to produce a new session pair. The combination of the elements is performed partly on the card and partly on the associated transaction device so that the exchange of information between card and device does not disclose the identity of the signing elements. The signing elements are selected in a deterministic but unpredictable manner so that each pair of elements is used once. Further signing pairs are generated by implementing the signing over an anomalous elliptic curve encryption scheme and applying a Frobenius Operator to the normal basis representation of one of the elements.

摘要翻译： 用于“智能”卡的数字签名方案利用一组预先存储的签名元素并且组合成对的元素以产生新的会话对。 元件的组合部分地在卡上部分地执行并且部分地在相关联的交易设备上执行，使得卡和设备之间的信息交换没有公开签名元件的身份。 以确定性但不可预测的方式选择签名元素，使得每对元素被使用一次。 通过实现异常椭圆曲线加密方案的签名并将Frobenius运算符应用于其中一个元素的正常基础表示来生成进一步的签名对。

公开(公告)号：US06704808B2

公开(公告)日：2004-03-09

申请号：US09781282

申请日：2001-02-13

申请人： Eitaroh Kasamatsu ,  Seiichi Kawano

发明人： Eitaroh Kasamatsu ,  Seiichi Kawano

IPC分类号： G06F124

CPC分类号： G06F3/0607 ,  G06F1/1632 ,  G06F3/0631 ,  G06F3/0632 ,  G06F3/0676 ,  G06F9/4411 ,  G06F13/4027 ,  G06F21/31

摘要： An expansion unit control method for use with an expansion control unit containing at least one device, includes allocating a predetermined input/output (I/O) resource, ensured not to be used in processing, to the at least one device as an I/O resource used for sending and receiving information, performing a predetermined process for the at least one device by sending and receiving information to and from the at least one device through the predetermined I/O resource, and deallocating the predetermined I/O resource allocated to the at least one device.

摘要翻译： 一种与包含至少一个设备的扩展控制单元一起使用的扩展单元控制方法，包括：将确保不被用于处理的预定输入/输出（I / O）资源分配给所述至少一个设备作为I / O资源，用于通过经由预定的I / O资源发送和从至少一个设备接收信息，对所述至少一个设备执行预定的处理，并且将所分配的预定I / O资源 所述至少一个设备。

公开(公告)号：US06675298B1

公开(公告)日：2004-01-06

申请号：US09377298

申请日：1999-08-18

申请人： Alan Folmsbee

发明人： Alan Folmsbee

IPC分类号： G06F124

CPC分类号： G06F21/72 ,  G06F9/30145 ,  G06F9/30178 ,  G06F9/30196 ,  G06F21/123 ,  G06F21/125 ,  G06F21/75 ,  G06F21/77 ,  G06F2207/7219

摘要： A CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed by the CPU with modified op codes. As a result, it is unnecessary to decrypt the program into standard op codes prior to execution. The modified op codes are provided with surplus bits, causing an increase in op code length, and the output of data results is provided in blocks of several words. The internal allocations of signals and logic gates is made key dependent to further foil the efforts of adversaries who may attempt to understand the program instructions.

摘要翻译： CPU具有根据加密密钥修改其操作的能力。 当编译程序时，修改程序，以便可以由具有修改的操作码的CPU执行执行。 因此，在执行之前不需要将程序解码为标准操作码。 经修改的操作码被提供有多余的位，导致操作码长度的增加，数据结果的输出以多个字的块提供。 信号和逻辑门的内部分配是关键依赖的，以进一步削弱可能尝试了解程序指令的对手的努力。

公开(公告)号：US06654466B1

公开(公告)日：2003-11-25

申请号：US09402484

申请日：1999-10-14

申请人： Yoshihiro Ikefuji ,  Satoshi Yoshioka

发明人： Yoshihiro Ikefuji ,  Satoshi Yoshioka

IPC分类号： G06F124

CPC分类号： G06K19/0723

摘要： Data communication means (82) performs data communication and power transmission by utilizing electromagnetic waves. Conversion method designating means (88) is provided with output value measuring means (52) which measures the magnitude of the fluctuating output of a resonance circuit (40), and conversion method select means (100) which selects a conversion method to be executed in accordance with the obtained magnitude of the output of the resonance circuit (40). Data converting means (84) is provided with three conversion methods and performs conversion between original data and processed data by executing conversion in accordance with one of the conversion methods designated by the select means (100). The safety on security can thus be improved with a simple constitution.

摘要翻译： 数据通信装置（82）利用电磁波进行数据通信和电力传输。 转换方法指定装置（88）具有测量谐振电路（40）的波动输出的大小的输出值测量装置（52），以及选择要执行的转换方法的转换方法选择装置 根据获得的谐振电路（40）的输出的大小。 数据转换装置（84）具有三种转换方法，并且根据由选择装置（100）指定的转换方法之一执行转换，执行原始数据和处理数据之间的转换。 因此，可以通过简单的构成来改善安全性。