公开(公告)号：US20130067539A1

公开(公告)日：2013-03-14

申请号：US13230799

申请日：2011-09-12

申请人： David E. Langworthy ,  Qian Wang ,  Andrew John Layman ,  John Peter Shewchuk, JR. ,  Shiung-Vei Yong ,  Charles Edgar Passmore ,  Hervey Oliver Wilson ,  Caleb Geoffrey Baker

发明人： David E. Langworthy ,  Qian Wang ,  Andrew John Layman ,  John Peter Shewchuk, JR. ,  Shiung-Vei Yong ,  Charles Edgar Passmore ,  Hervey Oliver Wilson ,  Caleb Geoffrey Baker

IPC分类号： H04L9/32

CPC分类号： G06F21/00 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2141

摘要： The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.

摘要翻译： 本公开涉及基于对可以对资源执行的动作授予的许可的确定的授权。 许可的确定是基于一组规则，这些规则表示包括被分成不同大小的表的信任概念的理论。 这些表用于评估两个或更多个输入权利要求，并且有助于确定是否允许对至少一个系统资源的访问。 评估可以包括将两个或多个输入声明匹配到表中的行，其中如果找到匹配则允许访问。

公开(公告)号：US08763093B2

公开(公告)日：2014-06-24

申请号：US13230799

申请日：2011-09-12

申请人： David E. Langworthy ,  Qian Wang ,  Andrew John Layman ,  John Peter Shewchuk, Jr. ,  Shiung-Vei Yong ,  Charles Edgar Passmore ,  Hervey Oliver Wilson ,  Caleb Geoffrey Baker

发明人： David E. Langworthy ,  Qian Wang ,  Andrew John Layman ,  John Peter Shewchuk, Jr. ,  Shiung-Vei Yong ,  Charles Edgar Passmore ,  Hervey Oliver Wilson ,  Caleb Geoffrey Baker

IPC分类号： G06F17/30 ,  G06F15/16 ,  G06F7/04 ,  G06F21/00

CPC分类号： G06F21/00 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2141

摘要： The subject disclosure relates to authorization based on a determination of permissions that can be granted for an action(s) to be performed on a resource. The determination of the permission is based on a set of rules that represent a theory including a notion of trust that has been divided into different sized tables. The tables are utilized to evaluate two or more input claims and to facilitate a determination of whether access to at least one system resource is to be granted. The evaluation can include matching the two or more input claims to rows in the table, wherein access is allowed if a match is found.

摘要翻译： 本公开涉及基于对可以对资源执行的动作授予的许可的确定的授权。 许可的确定是基于一组规则，这些规则表示包括被分成不同大小的表的信任概念的理论。 这些表用于评估两个或更多个输入权利要求，并且有助于确定是否允许对至少一个系统资源的访问。 评估可以包括将两个或多个输入声明匹配到表中的行，其中如果找到匹配则允许访问。

公开(公告)号：US08954965B2

公开(公告)日：2015-02-10

申请号：US13566250

申请日：2012-08-03

申请人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

发明人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

IPC分类号： G06F9/455

CPC分类号： G06F21/53

摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.

摘要翻译： 克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。 为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。 目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。 然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机 机。

公开(公告)号：US08782423B2

公开(公告)日：2014-07-15

申请号：US13527439

申请日：2012-06-19

申请人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

发明人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

IPC分类号： G06F3/06

CPC分类号： G06F3/0622 ,  G06F21/57 ,  G06F21/602

摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.

摘要翻译： 包括配置为维护受保护的帐户的帐户管理模块的系统。 例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。 特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。 响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

公开(公告)号：US20130339729A1

公开(公告)日：2013-12-19

申请号：US13527439

申请日：2012-06-19

申请人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

发明人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

IPC分类号： G06F21/00 ,  G06F1/24 ,  H04L29/06

CPC分类号： G06F3/0622 ,  G06F21/57 ,  G06F21/602

摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.

摘要翻译： 包括配置为维护受保护的帐户的帐户管理模块的系统。 例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。 特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。 响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

公开(公告)号：US20140040890A1

公开(公告)日：2014-02-06

申请号：US13566250

申请日：2012-08-03

申请人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

发明人： Mark F. Novak ,  Andrew John Layman ,  Magnus Nyström ,  Stefan Thom

IPC分类号： G06F9/455

CPC分类号： G06F21/53

摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.

摘要翻译： 克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。 为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。 目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。 然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机 机。