利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

24 条记录 (耗时 0.025 秒)

    Method and means for enabling virtual addressing control by software users over a hardware page transfer control entity
    11.
    发明授权
    Method and means for enabling virtual addressing control by software users over a hardware page transfer control entity 失效
    用于通过硬件页面传送控制实体实现软件用户的虚拟寻址控制的方法和装置

    公开(公告)号:US5377337A

    公开(公告)日:1994-12-27

    申请号:US73815

    申请日:1993-06-08

    申请人: James Antognini Glen A. Brent Thomas E. Cook Thomas J. Dewkett Joseph C. Elliott Francis E. Johnson Casper A. Scalzi Kenneth R. Veraska Joseph A. Williams Harry M. Yudenfriend

    发明人: James Antognini Glen A. Brent Thomas E. Cook Thomas J. Dewkett Joseph C. Elliott Francis E. Johnson Casper A. Scalzi Kenneth R. Veraska Joseph A. Williams Harry M. Yudenfriend

    IPC分类号: G06F13/12 G06F12/10 G06F13/14 G06F9/30

    CPC分类号: G06F12/109

    摘要: Provides a software-to-software interface and a software-to-hardware interface between software users and a hardware ADM facility (ADMF) in a data processing system. Such software user presents only virtual addresses to the software-to-software interface in a MSB list. The user list defines virtual address spaces, including a "hiperspace", in a manner that represents physical backing media as different random-access electronic storages, such main storage (MS) and expanded storage (ES). The real data transfers are within or between the backing storages. The user list is transformed into an ADM operation block (AOB), which is assigned an ADM UCB in a UCB queue which is associated with an ADM subchannel. The software-to-hardware interface generates an ORB, containing the AOB address, as an operand of a SSCB instruction which is executed to queue the associated subchannel onto one of plural co-processor queues in the ADMF. The ADMF uses the AOB to perform the requested page moves, and generates an interruption upon completion of each request which is sent to the hardware-to-software interface to remove the associated ADMF request from the ADM software request queue and free the associated ADM UCB for use by another user request.

    摘要翻译: 在软件用户和数据处理系统中的硬件ADM工具(ADMF)之间提供软件到软件界面和软件到硬件接口。 这样的软件用户仅在MSB列表中向软件到软件界面呈现虚拟地址。 用户列表以表示作为不同随机存取电子存储器(诸如主存储器和扩展存储器(ES))的物理备用介质的方式定义虚拟地址空间,包括“时间空间”。 真正的数据传输在支持存储之间或之间。 用户列表被转换成ADM操作块(AOB),其在与ADM子信道相关联的UCB队列中被分配有ADM UCB。 软件到硬件接口生成包含AOB地址的ORB作为SSCB指令的操作数,该操作数被执行以将相关联的子信道排队到ADMF中的多个协处理器队列中的一个上。 ADMF使用AOB执行所请求的页面移动,并且在完成每个请求时产生中断,该请求被发送到硬件到软件接口以从ADM软件请求队列中移除相关联的ADMF请求并释放相关联的ADM UCB 供其他用户请求使用。

    Secure Key Management
    12.
    发明申请
    Secure Key Management 有权
    安全密钥管理

    公开(公告)号:US20120237023A1

    公开(公告)日:2012-09-20

    申请号:US13047344

    申请日:2011-03-14

    申请人: Todd W. Arnold Elizabeth A. Dames Thomas J. Dewkett Carsten D. Frehr Michael J. Kelly Kenneth B. Kerr Richard V. Kisley Eric D. Rossman Eric B. Smith

    发明人: Todd W. Arnold Elizabeth A. Dames Thomas J. Dewkett Carsten D. Frehr Michael J. Kelly Kenneth B. Kerr Richard V. Kisley Eric D. Rossman Eric B. Smith

    IPC分类号: H04L9/00

    CPC分类号: H04L9/0897

    摘要: A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.

    摘要翻译: 提供了一种实现计算机安全的系统。 该系统包括计算机处理器和被配置为在计算机处理器上执行的应用程序,该应用程序实现一种方法,该方法包括使用密钥材料创建令牌和填充令牌的有效载荷部分,并且选择包装方法,该方法指定密钥材料 安全地绑定到关键控制信息。 令牌中的关键控制信息的结构与包装方法无关。 实施计算机安全还包括将密钥材料和密钥控制信息绑定到令牌中的密钥材料。 关键控制信息包括与密钥材料的使用和管理有关的信息。

    Product for providing a scalable trusted platform module in a hypervisor environment
    14.
    发明授权
    Product for providing a scalable trusted platform module in a hypervisor environment 失效
    用于在管理程序环境中提供可扩展的可信平台模块的产品

    公开(公告)号:US07996687B2

    公开(公告)日:2011-08-09

    申请号:US12262445

    申请日:2008-10-31

    申请人: Richard Louis Arndt Steven A. Bade Thomas J. Dewkett Charles W. Gainey, Jr. Nia Letise Kelley Siegfried Sutter Helmut H. Weber

    发明人: Richard Louis Arndt Steven A. Bade Thomas J. Dewkett Charles W. Gainey, Jr. Nia Letise Kelley Siegfried Sutter Helmut H. Weber

    IPC分类号: G06F11/30 H04K1/10

    CPC分类号: H04L63/20 G06F21/57 H04L63/0876 H04L63/102

    摘要: Multiple logical partitions are provided in a data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

    摘要翻译: 在数据处理系统中提供了多个逻辑分区。 为每个逻辑分区生成唯一的上下文。 当其中一个逻辑分区需要访问硬件TPM时,该分区的上下文需要存储在硬件TPM中。 硬件TPM包括有限数量的存储位置,称为上下文时隙,用于存储上下文。 每个上下文时隙都可以存储一个分区的上下文。 每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。 至少一个上下文时隙同时与多于一个的逻辑分区相关联。 在数据处理系统的运行期间,上下文交换进出硬件TPM,以便当这些分区中的一个需要访问硬件TPM时,其所需的上下文当前存储在硬件TPM中。

    Method, Apparatus, and Product for Providing a Scalable Trusted Platform Module in a Hypervisor Environment
    16.
    发明申请
    Method, Apparatus, and Product for Providing a Scalable Trusted Platform Module in a Hypervisor Environment 失效
    在Hypervisor环境中提供可扩展可信平台模块的方法,设备和产品

    公开(公告)号:US20100042823A1

    公开(公告)日:2010-02-18

    申请号:US12262445

    申请日:2008-10-31

    申请人: Richard Louis Arndt Steven A. Bade Thomas J. Dewkett Charles W. Gainey, JR. Nia Letise Kelley Siegfried Sutter Helmut H. Weber

    发明人: Richard Louis Arndt Steven A. Bade Thomas J. Dewkett Charles W. Gainey, JR. Nia Letise Kelley Siegfried Sutter Helmut H. Weber

    IPC分类号: G06F12/14 G06F9/24 G06F9/455

    CPC分类号: H04L63/20 G06F21/57 H04L63/0876 H04L63/102

    摘要: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

    摘要翻译: 描述了一种在数据处理系统内实现可信计算环境的方法,装置和计算机程序产品,其中数据处理系统包括单个硬件可信平台模块(TPM)。 在数据处理系统中提供了多个逻辑分区。 为每个逻辑分区生成唯一的上下文。 当其中一个逻辑分区需要访问硬件TPM时,该分区的上下文需要存储在硬件TPM中。 硬件TPM包括有限数量的存储位置,称为上下文时隙,用于存储上下文。 每个上下文时隙都可以存储一个分区的上下文。 每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。 至少一个上下文时隙同时与多于一个的逻辑分区相关联。 在数据处理系统的运行期间,上下文交换进出硬件TPM,以便当这些分区中的一个需要访问硬件TPM时,其所需的上下文当前存储在硬件TPM中。

    Asynchronous co-processor data mover method and means
    18.
    发明授权
    Asynchronous co-processor data mover method and means 失效
    异步协处理器数据移动器的方​​法和手段

    公开(公告)号:US5442802A

    公开(公告)日:1995-08-15

    申请号:US240301

    申请日:1994-05-09

    申请人: Glen A. Brent Thomas J. Dewkett David B. Lindquist Casper A. Scalzi

    发明人: Glen A. Brent Thomas J. Dewkett David B. Lindquist Casper A. Scalzi

    IPC分类号: G06F12/02 G06F12/00 G06F13/28

    CPC分类号: G06F13/28

    摘要: Virtual addressing is available to a co-processor to asynchronously control the movement of multiple page units of data between different locations in the same or a different media, e.g. main store (MS) and expanded store (ES), or both may be in ES, or both may be in MS. The co-processor controls the asynchronous page movement in parallel with continuing execution of other instructions by the central processor (CP) which requested the page movement. Each page to be moved is specified by an MSB (Move Specification Block). A set of MSBs are addressed by a special type of channel control word (CCW) in a channel program containing one or more CCWs, some of which may address one or more sets of MSBs (one MSB set per CCW) to control the movement of any number of pages. The CPU executes a special ADM SSCH (start subchannel) instruction that passes the page move work to the co-processor to perform the requested page transfer involving one or more sets of MSBs. Flag fields in source and sink specifications in each MSB contains a plurality of flag bits that define: the associated source or sink media, whether the specified address is to be translated as a virtual address or to be handled as an absolute address, whether replication of the source page(s) is to be done at the sink location, and whether the page(s) are to be erased by only accessing the sink pages to control the writing of a predetermined padding character, such as zero, through-out the content of the sink page(s).

    摘要翻译: 虚拟寻址可用于协处理器以异步地控制在相同或不同介质中的不同位置之间的多页数据单元的移动,例如, 主存储(MS)和扩展存储(ES),或两者可以在ES中,或者两者都可以是MS。 协处理器通过请求页面移动的中央处理器(CP)继续执行其他指令来并行控制异步页面移动。 要移动的每个页面由MSB(移动规范块)指定。 一组MSB由包含一个或多个CCW的信道节目中的特殊类型的信道控制字(CCW)寻址,其中一些可以寻址一个或多个MSB集合(每个CCW设置一个MSB)以控制移动 任意数量的页面。 CPU执行特殊的ADM SSCH(启动子信道)指令,该指令将页面移动工作传递给协处理器,以执行涉及一个或多个MSB集合的所请求的页面传送。 每个MSB中的源和接收器规范中的标志字段包含多个标志位,其定义:相关联的源或宿介质,指定的地址是否被转换为虚拟地址或被作为绝对地址处理,是否复制 源页面将在接收器位置完成,并且通过仅访问接收器页面来擦除页面,以控制写入预定的填充字符,例如零,通过 内容页面的内容。

    Protocol for trusted platform module recovery through context checkpointing
    19.
    发明授权
    Protocol for trusted platform module recovery through context checkpointing 有权
    通过上下文检查点对可信平台模块进行恢复的协议

    公开(公告)号:US07624283B2

    公开(公告)日:2009-11-24

    申请号:US11352762

    申请日:2006-02-13

    申请人: Steven A. Bade Thomas J. Dewkett Nia L. Kelley Siegfried Sutter Helmut H. Weber

    发明人: Steven A. Bade Thomas J. Dewkett Nia L. Kelley Siegfried Sutter Helmut H. Weber

    IPC分类号: G06F11/30 H04K1/10

    CPC分类号: G06F21/57

    摘要: A computer implemented method for recovering a partition context in the event of a system or hardware device failure. Upon receiving a command from a partition to modify context data in a trusted platform module (TPM) hardware device, a trusted platform module input/output host partition (TMPIOP) provides an encrypted copy of the context data and the command to the TPM hardware device, which processes the command and updates the context data. If the TPM hardware device successfully processes the command, the TMPIOP receives the updated context data from the TPM hardware device and stores the updated context data received in encrypted form in a context data cache or a non-volatile storage off-board the TPM hardware device. If the TPM hardware device fails to successfully process the command, the TMPIOP uses a last valid copy of the context data to retry processing of the command on a different TPM hardware device.

    摘要翻译: 一种用于在系统或硬件设备故障的情况下恢复分区上下文的计算机实现的方法。 信任平台模块输入/输出主机分区(TMPIOP)在接收到来自分区的命令以修改可信平台模块(TPM)硬件设备中的上下文数据时,将上下文数据的加密副本提供给TPM硬件设备 ,它处理命令并更新上下文数据。 如果TPM硬件设备成功地处理该命令,则TMPIOP从TPM硬件设备接收更新的上下文数据,并将以加密形式接收到的更新的上下文数据存储在上行数据高速缓存或TPM硬件设备的非易失性存储器 。 如果TPM硬件设备无法成功处理该命令,则TMPIOP将使用上一个上下文数据的最后一个有效副本来重试不同TPM硬件设备上的命令处理。