41 results about "Reference monitor" patented technology

A Stateful Reference Monitor can be loaded into an existing commercial operating system, and then can regulate access to many different types of resources. The reference monitor maintains an updateable storage area whose contents can be used to affect access decisions, and access decisions can be based on arbitrary properties of the request.

Delegation-based authorization is described. In one example, a reference monitor receives from a first entity a request and a credential statement comprising a delegation of authority over a fact to a further entity. An authorization node then determines whether the further entity consents to provide the fact to the first entity and evaluates the request in accordance with an authorization policy and the credential statement. In another example, an assertion comprising a statement delegating authority over a fact to a further entity is received at an authorization node from a first entity. An authorization policy is then used to determine that the first entity vouches for the fact if each of these conditions are met: i) the first entity consents to import the fact from the further entity, ii) the further entity consents to export the fact to the first entity, and iii) the further entity asserts the fact.

Methods and systems for increasing the security or trust associated with an untrusted device are provided. For example, a trusted hardware component may send a request to the untrusted device. The request may indicate one or more challenges to be performed by a secure application executing on the untrusted device. The trusted hardware component may determine an expected response to the one or more challenges. The expected response may be determined at the secure hardware component based on an expected configuration of the untrusted device. The trusted hardware component may receive a response to the request from the untrusted device. The trusted hardware component may determine a security status of the untrusted device based on the expected response and the received response

A method and a system for accessing services provided by network resources in communication networks. Access to service capabilities is controlled at the application level by controlling the access through a gateway wherein an object-oriented service architecture based on abstracted application programming interfaces is implemented. Preferably, the service architecture is defined in OSA/Parlay standards. Access control is carried out by means of a logical entity, the service reference monitor, which is linked to the gateway and configured so that it intercepts all the communications passing between the client applications and the gateway. The service reference monitor captures the object reference to the service capability and assigns to the object reference a lifetime. At the expiration of the lifetime, the service reference monitor destroys the service capability. The probability of a malicious attack is lowered by limiting the time window of the life of access to a service.

In one embodiment, the systems and methods utilizes an enciphered permit identification number, called a session certificate, to reference the policy attribute values and session key that are stored in a secured, online reference monitor (SRM). The session key is used to encipher confidential communications, such as voice and audio communications over the Internet (VoIP), between computers. Each computer uses a unique key with a cryptographic transaction protocol for authentication and key agreement (PAKE) to securely communicate with the SRM. A sender computer uses PAKE to get a session certificate and a session key from the SRM. It sends the session certificate to a receiver computer. The receiver computer sends the session certificate to the SRM and gets back the session key. The sender computer encrypts its VoIP message with the session key and transmits it to the receiver computer. The receiver computer decrypts the VoIP message.

A mechanism to trap obsolete web page references and auto-correct invalid Web page references is provided. With the mechanism, Web pages of a Web site are indexed in an indexed data structure having entries that list the references contained in the Web page. A Website reference monitor monitors changes to the Web pages and content referenced by these Web pages. If a change to the Web pages or referenced content is detected, other Web pages in the Web site that reference the modified content or Web pages are identified using the indexed data structure. The identified other Web pages may then be automatically updated. In addition, when a client device requests a Web page, the references in the Web page are checked to determine if they reference obsolete or invalid content and such references are modified to be non-selectable before providing the Web page to the client device.

In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches.

A multi-level security system includes a storage medium partitionable into a plurality of partitions, a file system coupleable to the plurality of partitions, and a plurality of enclaves. Each enclave is assigned a security classification level. Each enclave resides in a different storage partition of the storage medium. Data stored on the storage medium is cryptographically separated at rest on a per-enclave basis. Cryptographic separation occurs at the disk block level, allowing individual blocks to be read and decrypted. The system also includes a reference monitor that enforces a system security policy that governs access to information between the enclaves. The reference monitor allows an enclave having a first classification level to securely read-down to an enclave having a second classification level lower than the first classification level and to write to another enclave having the first classification level.

A method for automatically aligning measured power-related data in a power monitoring system to a common reference point. A conductor in a power delivery system is modeled according to an equivalent pi model of a transmission line that is characterized by model parameters. The conductor is monitored on both ends by a reference monitoring device and a second monitoring device. The voltage and current are measured in either the reference monitoring device or the second monitoring device and a phase shift offset between the voltages or currents at the two devices is calculated. The calculated phase shift offset corresponds to a temporal delay between events observed at the pair of devices, and calculating and storing the phase shift offset allows a power monitoring system controller to more accurately align data received from monitoring devices.

A plasma processing apparatus including: a monitor device which monitors a process quantity generated at plasma processing; a monitor value estimation unit which has monitor quantity variation models for storing change of a monitor value of the process quantity in accordance with the number of processed specimens and which estimates a monitor value for a process of a next specimen by referring to the monitor quantity variation models; and a control quantity calculation unit which stores a relation between a control quantity for controlling the process quantity of the vacuum processing device and a monitor value and which calculates the control quantity based on a deviation of the estimated monitor value from a target value to thereby control the process quantity for the process of the next specimen. Thus, a process model indicating variation of the state of a process processing apparatus can be added to a control loop in such run-to-run control that process conditions are changed according to each wafer process, so that stable processed results can be obtained even when variation occurs in processes.

The invention relates a method which can realize reference monitors of high level secure operating system, mainly comprising: (1) the structure of a reference monitor; (2) the realization of the controlling of microkernel IPC communications; (3) the initiated process according to the security services needed by the reference monitor. The structure of the reference monitor comprises that the structure reference monitor bases on a microkernel with enhanced security while all service procedures and user applications are out of the microkernel; the inter-process communication (IPC) is the only way for applications to acquire service and access resources and for the interactions between servers. Making use of the structure of the reference monitor to limit the communications between users and acquire system service, the invention enforces of the security verification strategy of access control to avoid authentification bypass, having guaranteed the validity of the utilization and protection of the system resources by the reference monitor and thus improved the safety and service ability of the system. The invention satisfies the security requirements of high-level operating system.

A process control system includes a client computer which prepares a correlation between a reference monitored value of apparatus information and a feature quantity, a manufacturing execution system which prepares a processing recipe describing, as a first setting value in an actual manufacturing process, a value of the control parameter, an apparatus information collection section which collects an objective monitored value of the apparatus information in operation of the actual manufacturing process with the first setting value, a feature quantity calculation section which calculates a value of a feature quantity corresponding to the objective monitored value based on the correlation, a parameter calculation section which calculates a second setting value in the actual manufacturing process on the basis of the value of the feature quantity, and an apparatus control unit which changes the processing recipe with the second setting value being as a setting value of the second step.

A method for selecting one from among a plurality of three-dimensional (3D) cameras comprising calculating, in a computer, a plurality of z-space cut zone flag values corresponding to the plurality of 3D cameras, then comparing the z-space cut zone flag corresponding to a reference monitor image to a plurality of candidate z-space cut zone flags corresponding to candidate monitor images. In response to the results of the calculations and comparisons, a safe/not-safe indication is prepared for displaying on any of a variety of visual displays, at least one aspect of the safe/not-safe indication, the at least one aspect determined in response to said comparing. The method uses 3D camera image data, 3D camera positional data and 3D camera stage data (e.g. interaxial data, convergence data, lens data) for encoding the 3D camera data into an encoded data frame which is then transmitted to a processor for producing a visual safe/not-safe indication.

An access control system applies contents-based policies to data that is being transferred. This transfer can be between different computers, different operating systems on a single computer, different applications within on the same operating system, or different parts of the same operating system, for example. Data is scanned at a scan engine associated with a security reference monitor (SRM) as the data is being transmitted, on-the-fly. The data is forwarded directly to the recipient, so the data is not stored at the SRM. The data is encrypted at the SRM as it comes by, and the key is revealed to the recipient if it is subsequently determined that the transfer is allowed.

The invention discloses a boiler expansion monitoring system and a monitoring method. The boiler expansion monitoring system comprises a reference monitoring device, a laser emission device, a laser receiving device, and an upper computer. The reference monitoring device comprises three reference plates, which are vertical to each other, and are used to form a three-dimensional coordinate. The laser emission device comprises three laser emission sources, which are used to emit monitoring laser. The laser receiving device comprises three laser receiving ends, which are used to receive the reflected laser. The upper computer is used for analysis and feedback according to laser receiving information transmitted by three laser receiving ends. The boiler expansion monitoring system and the monitoring method are advantageous in that a boiler monitoring point is fixedly connected with a reference monitoring device, and the laser monitoring is carried out by the three reference plates, which are disposed on the reference monitoring device, are vertical to each other, and are used to form the three-dimensional coordinate; after the boiler monitoring point is expanded, the three reference plates on the reference monitoring device is deviated, and then the reflected laser received by the laser receiving device is deviated, and by calculating deviation amounts, the expansion information of the boiler monitoring point is acquired.

The invention provides a processing method for a video monitor image. The method comprises the steps of determining area information of a traffic light in a reference monitor image; removing the traffic light in an original monitor image according to the area information to obtain an intermediate monitor image; and optimizing halo around the original traffic light part in the intermediate monitor image to obtain a target monitor image. According to the processing method for the video monitor image, the problem that the outline of the traffic light in a night monitor image cannot be distinguished can be solved, so that a user can clearly distinguish the indication direction of the traffic light, and thereby efficiency and accuracy for identifying traffic violations in later are improved.

A method for calibrating a blood pressure monitoring system includes activating a reference monitor to perform a reference measurement of the blood pressure of a user as part of a calibration process. A wearable sensing device is activated to detect a parameter of user that is correlatable to the user's blood pressure. A processor of the user interface device processes the at least one parameter detected by the wearable blood pressure sensing device with reference to the reference measurement to determine a correlation factor that correlates the at least one parameter detected by the wearable blood pressure sensing device to the blood pressure of the user. The reference measurement includes an inflation phase, a measurement phase and a deflation phase. The processor is configured to only use the at least one parameter detected by the wearable blood pressure sensing device during the measurement phase in determining the correlation factor.

The invention discloses a real-time-control-oriented client-side system for protecting the digital copyright of an electronic book and an implementation method thereof. The client-side system comprises a reference monitor, an electronic book reader and trusted system hardware, wherein the reference monitor is used for providing permit protection, decision making and updating; the electronic book reader is used for operating digital contents; the trusted system hardware is used for providing security protection for the reference monitor and the electronic book reader; and the reference monitor is used for carrying out decryption and decision making on a permit, and granting the right of the electronic reader so that the electronic book reader carries out corresponding operations. In the client-side system disclosed by the invention, a UCON ABC model is adopted as a decision-making model, while a nontraditional access control model can carry out positive auditing on the right use condition instantaneously, and an effective real-time control function can be achieved. In addition, UCON REL is designed based on XML (Extensive Makeup Language), so that the system has good openness and expandability and enriches the use of control function for a client side.