-
公开(公告)号:US07082523B2
公开(公告)日:2006-07-25
申请号:US10321022
申请日:2002-12-16
IPC分类号: G06F15/177 , G06F12/00
CPC分类号: G06F9/4401
摘要: The present disclosure relates to bridging access to a memory space across pre-boot and runtime phases and, more particularly, to accessing the memory utilizing a separate pre-boot memory accessor and a runtime accessor.
摘要翻译: 本公开涉及在预引导和运行阶段之间桥接对存储器空间的访问,更具体地,涉及使用单独的预引导存储器存取器和运行时存取器访问存储器。
-
公开(公告)号:US06993608B2
公开(公告)日:2006-01-31
申请号:US10847600
申请日:2004-05-17
IPC分类号: G06F13/10
CPC分类号: G06F3/023
摘要: Apparatus and methods for keyboard data normalization are disclosed. The example apparatus and methods convert physical location dependent keyboard data into keycap dependent data in a pre-boot environment.
摘要翻译: 公开了用于键盘数据归一化的装置和方法。 示例性设备和方法在预引导环境中将物理位置相关的键盘数据转换为与键帽相关的数据。
-
公开(公告)号:US5940587A
公开(公告)日:1999-08-17
申请号:US989421
申请日:1997-12-12
申请人: Vincent J. Zimmer
发明人: Vincent J. Zimmer
CPC分类号: G06F12/0292 , G06F9/32
摘要: The invention relates to the alteration of a segment and an offset used to form an effective address of the default interrupt handler routine. The method comprising a number of steps. First, a trap address of a default interrupt handler routine is provided. This trap address includes a segment and an offset normally used to calculate the effective address via conventional circuitry. However, an unique segment is produced by performing an arithmetic operation on the segment. Thereafter, another arithmetic operation is performed to produce a unique segment. These unique segment and offset values may still be used by the conventional circuitry to still produce the same effective addresses so that only one default interrupt handler routine is required. While this alteration produces a unique segment and offset which can be assigned to an interrupt, the segment and offset are modified appropriately to still use a common default interrupt handler.
摘要翻译: 本发明涉及用于形成默认中断处理程序例程的有效地址的段和偏移的改变。 该方法包括多个步骤。 首先,提供默认中断处理程序的陷阱地址。 该陷阱地址包括通常用于通过常规电路计算有效地址的段和偏移。 然而,通过在段上执行算术运算来产生唯一段。 此后,执行另一个算术运算以产生唯一的段。 传统电路仍然可以使用这些唯一的段和偏移值来仍然产生相同的有效地址,因此只需要一个默认中断处理程序。 虽然此更改产生可分配给中断的唯一段和偏移量,但段和偏移量已适当修改,仍然使用通用的默认中断处理程序。
-
公开(公告)号:US09858412B2
公开(公告)日:2018-01-02
申请号:US14749856
申请日:2015-06-25
CPC分类号: G06F21/53 , G06F3/0623 , G06F3/0655 , G06F3/0679 , G06F12/1408 , G06F21/572 , G06F2212/1052 , G06F2221/2111
摘要: Systems, apparatuses and methods may provide for receiving, from a host driver, factory data including one or more of calibration data, platform identifier data, manufacturer data or wireless carrier data, and verifying integrity of the factory data. Additionally, the factory data may be provisioned into non-volatile memory (NVM) in accordance with an operating system independent format managed by a platform root-of-trust such as a Trusted Execution Environment (TEE). In one example, provisioning the factory data includes defining one or more partitions in the NVM, initiating storage of the factory data to the NVM along the one or more partitions, and specifying a restriction profile for the one or more partitions, wherein the restriction profile includes one or more of read restrictions, write restrictions, time bound restrictions or location bound restrictions.
-
105.发明申请Dynamic Firmware Module Loader in a Trusted Execution Environment Container 审中-公开可执行环境容器中的动态固件模块装载程序公开(公告)号:US20160275290A1
公开(公告)日:2016-09-22
申请号:US14662415
申请日:2015-03-19
申请人: Karunakara Kotary , Vincent J. Zimmer , Scott D. Brenden , Jose Benchimol , Panner Kumar , Rajesh Poornachandran
发明人: Karunakara Kotary , Vincent J. Zimmer , Scott D. Brenden , Jose Benchimol , Panner Kumar , Rajesh Poornachandran
IPC分类号: G06F21/57
摘要: A dynamic firmware module loader loads one of a plurality of a firmware contexts or modules as needed in a containerized environment for secure isolated execution. The modules, called applets, may be loaded and unloaded in a firmware context. The loader may use a hardware inter process communication channel (IPC) to communicate with the secure engine. The modules may be designed to implement specific features desired by basic input/output system vendors, without the use of a system management mode. Designed modules may provide necessary storage and I/O access driver capabilities to be run in trusted execution environment containers.
摘要翻译: 动态固件模块加载器根据需要在容器化环境中加载多个固件上下文中的一个,以进行安全的隔离执行。 称为小程序的模块可以在固件上下文中加载和卸载。 加载器可以使用硬件进程间通信信道(IPC)来与安全引擎进行通信。 模块可以被设计为实现基本输入/输出系统供应商所需的特定特征,而不使用系统管理模式。 设计的模块可以提供必要的存储和I / O访问驱动程序功能,以在受信任的执行环境容器中运行。
-
公开(公告)号:US20160092681A1
公开(公告)日:2016-03-31
申请号:US14497523
申请日:2014-09-26
CPC分类号: G06F21/554 , G06F2221/2101
摘要: Systems and methods may provide for identifying a runtime behavioral pattern of an application and detecting an anomaly in the runtime behavioral pattern. In addition, a security event may be triggered in response to the anomaly. In one example, the anomaly is detected with regard to one or more of a library call count, a library call type, a library call argument configuration or a library call timing associated with a runtime operation of the application.
摘要翻译: 系统和方法可以提供用于识别应用的运行时行为模式并且检测运行时行为模式中的异常。 此外,响应于异常可以触发安全事件。 在一个示例中,相对于与应用的运行时操作相关联的库调用计数,库调用类型,库调用参数配置或库调用定时中的一个或多个来检测异常。
-
公开(公告)号:US20160085995A1
公开(公告)日:2016-03-24
申请号:US14493786
申请日:2014-09-23
CPC分类号: G06F21/73 , G06F21/55 , G06F21/575 , G06F21/74
摘要: Technologies for verifying hardware components of a computing device include retrieving platform identification data of the computing device, wherein the platform identification data is indicative of one or more reference hardware components of the computing device, accessing hardware component identification data from one or more dual-headed identification devices of the computing device, and comparing the platform identification data to the hardware component identification data to determine whether a hardware component of the computing device has been modified. Each of the one or more dual-headed identification devices is secured to a corresponding hardware component of the computing device, includes identification data indicative of an identity of the corresponding hardware component of the computing device, and is capable of wired and wireless communication.
摘要翻译: 用于验证计算设备的硬件组件的技术包括检索所述计算设备的平台识别数据,其中所述平台标识数据指示所述计算设备的一个或多个参考硬件组件,从一个或多个双头 计算装置的识别装置,以及将平台识别数据与硬件部件识别数据进行比较,以确定计算装置的硬件部件是否已被修改。 一个或多个双头识别装置中的每一个被固定到计算装置的对应的硬件部件,包括指示计算装置的对应硬件部件的身份的识别数据,并且能够进行有线和无线通信。
-
公开(公告)号:US09158920B2
公开(公告)日:2015-10-13
申请号:US11770464
申请日:2007-06-28
CPC分类号: G06F21/575
摘要: In some embodiments, the invention involves using a dedicated service processor with out-of-band capabilities to enable a secure boot using biometric data to authenticate the user. In some embodiments, at least a secondary token is used enhance the secure boot. An off-line database may be accessed by the service processor during boot to store or retrieve biometric templates to compare with scanned, live, biometric data. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及使用具有带外能力的专用服务处理器,以使得能够使用生物特征数据进行安全启动来认证用户。 在一些实施例中,至少使用辅助令牌来增强安全引导。 服务处理器在引导期间可以访问离线数据库以存储或检索生物特征模板以与扫描的,活的生物特征数据进行比较。 描述和要求保护其他实施例。
-
公开(公告)号:US20150281186A1
公开(公告)日:2015-10-01
申请号:US14361759
申请日:2013-12-24
申请人: Ned M. Smith , Nathan Heldt-Sheller , Pablo A. Michelis , Vincent J. Zimmer , Matthew D. Wood , Richard T. Beckwith , Michael A. Rothman
发明人: Ned M. Smith , Nathan Heldt-Sheller , Pablo A. Michelis , Vincent J. Zimmer , Matthew D. Wood , Richard T. Beckwith , Michael A. Rothman
CPC分类号: H04L63/0428 , G06F21/10 , G06F21/60 , H04L63/0485 , H04L2463/101 , H04N21/4405 , H04N21/4627
摘要: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.
摘要翻译: 本公开涉及数据即服务(DaaS)的内容保护。 设备可以经由DaaS从内容提供商接收加密数据,所述加密数据至少包括用于在设备上呈现的内容。 例如,内容提供商可以利用可信执行环境(TEE)模块中的安全多路转换(SMT)模块来从内容和数字版权管理(DRM)数据生成编码数据,并从编码数据生成加密数据 。 该设备还可以包括TEE模块,该TEE模块包括安全解复用变换(SDT)模块,用于从加密的数据解密编码数据,并从编码的数据解码内容和DRM数据。 SMT和SDT模块可以通过安全通信会话交互以验证安全性,分发解密密钥等。在一个实施例中,信任代理可以执行TEE模块验证和密钥分发。
-
110.发明授权Processsor integral technologies for BIOS flash attack protection and notification 有权用于BIOS闪存攻击保护和通知的进程集成技术公开(公告)号:US09015455B2
公开(公告)日:2015-04-21
申请号:US13178338
申请日:2011-07-07
CPC分类号: G06F21/575 , G06F9/4401 , G06F21/64
摘要: A system and method for BIOS flash attack protection and notification. A processor initialization module, including initialization firmware verification module may be configured to execute first in response to a power on and/or reset and to verify initialization firmware stored in non-volatile memory in a processor package. The initialization firmware is configured to verify the BIOS. If the verification of the initialization firmware and/or the BIOS fails, the system is configured to select at least one of a plurality of responses including, but not limited to, preventing the BIOS from executing, initiating recovery, reporting the verification failure, halting, shutting down and/or allowing the BIOS to execute and an operating system (OS) to boot in a limited functionality mode.
摘要翻译: 用于BIOS闪存防护和通知的系统和方法。 包括初始化固件验证模块的处理器初始化模块可以被配置为响应于电源接通和/或复位而首先执行并且验证处理器封装中存储在非易失性存储器中的初始化固件。 初始化固件配置为验证BIOS。 如果初始化固件和/或BIOS的验证失败,则系统被配置为选择多个响应中的至少一个,包括但不限于防止BIOS执行,启动恢复,报告验证失败,停止 ,关闭和/或允许BIOS执行,以及操作系统(OS)以有限的功能模式进行引导。
-
-
-
-
-
-
-
-
-
搜索结果
537 条记录 (耗时 0.022 秒)
