Patent application number | Description | Published |
20090199017 | ONE TIME SETTABLE TAMPER RESISTANT SOFTWARE REPOSITORY - A one-time-settable tamper resistant software repository may be used in any computing system to store system information such as security violations and policies for responding to them. A one-time-settable tamper resistant software repository may be cryptographically signed, encrypted with a per device key and accessible by only the most privileged software executed by a computing device, e.g., hypervisor or operating system kernel. A one-time-settable tamper resistant software repository may be mirrored in RAM for performance. Recordable event fields in a software repository may be one-time-settable without the ability to reset them in a field operation mode whereas they may be resettable in a different mode such as a manufacturing mode. Memory allocated to a one-time-settable tamper resistant software repository may be reset, reclaimed, reassigned, scaled and otherwise flexibly adapted to changing conditions and priorities in the lifespan of a computing device, which may be particularly useful for service-backed consumer devices. | 08-06-2009 |
20090199018 | One time settable tamper resistant software repository - An individualized per device initialization of a computing device is unique relative to the initialization of other computing devices. A common initialization program, common to all computing devices of a particular type such as a game console, may be modified to be unique for each computing device. Modification may comprise the application of at least one individualized per device secret, e.g., key, to at least a portion of the common initialization program such as at least one initialization stage. Initialization is tied to one or more device specific identities. In this way, initialization vulnerabilities discovered on a particular device cannot be exploited en masse on other computing devices because each initialization program stored in each computing device is unique. The device specific nature of the initialization program may be extended to other information input to the computing device in order to prevent unauthorized sharing of information with other computing devices. | 08-06-2009 |
20090199279 | METHOD FOR CONTENT LICENSE MIGRATION WITHOUT CONTENT OR LICENSE REACQUISITION - Techniques for migrating content from a first set of conditions to a second set of conditions are disclosed herein. In particular, a content migration certificate is utilized to enable content migration and set forth under what conditions content may be accessed after migration. The content migration certificate may, for example, be stored as a file in a removable storage unit or transferred online once an indication that conditions have changed is received. The change in conditions may involve a new device attempting to access the content file, a new user attempting to access the content, or any other similar conditions. Access to the information in the content migration certificate may be protected by encryption so that only devices and/or users meeting the conditions of the certificate are permitted to transfer content. By accessing the content migration certificate in the prescribed manner, migration of content is enabled in a controlled and easy process. | 08-06-2009 |
20090222675 | TAMPER RESISTANT MEMORY PROTECTION - Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks. | 09-03-2009 |
20110072391 | COMPOSITING DESKTOP WINDOW MANAGER - A method and system for rendering a desktop on a computer using a composited desktop model operating system are disclosed. A composited desktop window manager, upon receiving content information from application programs, draws the window to a buffer memory for future reference, and takes advantage of advanced graphics hardware and visual effects to render windows based on content on which they are drawn. The windows may also be rendered based on environment variables including virtual light sources. The frame portion of each window may be generated by pixel shading a bitmap having the appearance of frosted glass based on the content of the desktop on top of which the frame is displayed. Legacy support is provided so that the operating system can draw and render windows generated by legacy applications to look consistent with non-legacy application windows. | 03-24-2011 |
20130205124 | BRANCH TARGET COMPUTATION - Embodiments related to conducting and constructing a secure start-up process are disclosed, One embodiment provides, on a computing device, a method of conducting a secure start-up process. The method comprises recognizing the branch instruction, and, in response, calculating an integrity datum of a data segment. The method further comprises obtaining an adjustment datum, and computing a branch target address based on the integrity datum and the adjustment datum. | 08-08-2013 |
Patent application number | Description | Published |
20090119475 | TIME BASED PRIORITY MODULUS FOR SECURITY CHALLENGES - Systems, methods, and computer readable media are disclosed for making dictionary based attacks difficult and/or time consuming for attackers. In one example embodiment, this can be accomplished by equipping a security service with software and/or circuitry operable to select security questions from different partitions of a question table. | 05-07-2009 |
20090119744 | DEVICE COMPONENT ROLL BACK PROTECTION SCHEME - Various embodiments of the present disclosure describe techniques for enforcing a subcomponent related security policy for closed computing systems. A closed computing system can include a list of subcomponents that identify the subcomponents it was manufactured with. The list can be used to determine if any currently attached subcomponents are different than the original ones. If a new subcomponent is detected, the device can perform a predetermined action in accordance with a security policy. | 05-07-2009 |
20090187772 | TAMPER EVIDENCE PER DEVICE PROTECTED IDENTITY - Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device. | 07-23-2009 |