公开(公告)号：US07085933B2

公开(公告)日：2006-08-01

申请号：US10166835

申请日：2002-06-11

申请人： David Carroll Challener ,  David Robert Safford ,  Leendert Peter Van Doorn

发明人： David Carroll Challener ,  David Robert Safford ,  Leendert Peter Van Doorn

IPC分类号： H04L9/00

CPC分类号： G06F21/57 ,  G06F2221/2105

摘要： A computer system, method of operation, and program product which gives a clear indication to a user when a computer system has transitioned to a trusted state.

公开(公告)号：US07664965B2

公开(公告)日：2010-02-16

申请号：US10835498

申请日：2004-04-29

申请人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  David R. Safford ,  Leendert Peter Van Doorn

发明人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  David R. Safford ,  Leendert Peter Van Doorn

IPC分类号： G06F11/30

CPC分类号： G06F21/575

摘要： Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.

摘要翻译： 以冗余的方式使用数据处理系统内的多个可信任的平台模块，其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本，从而生成加密的秘密数据值的多个版本，然后存储在可信平台内的非易失性存储器中。 在稍后的时间点，加密的秘密数据值由执行先前加密的可信任平台模块进行解密，然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配，则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的，因为它不能正确解密其先前加密的值 。

公开(公告)号：US20080235804A1

公开(公告)日：2008-09-25

申请号：US12128952

申请日：2008-05-29

申请人： Steven A. Bade ,  Stefan Berger ,  Kenneth Alan Goldman ,  Ronald Perez ,  Reiner Sailer ,  Leendert Peter Van Doorn

发明人： Steven A. Bade ,  Stefan Berger ,  Kenneth Alan Goldman ,  Ronald Perez ,  Reiner Sailer ,  Leendert Peter Van Doorn

IPC分类号： G06F21/00

CPC分类号： G06F21/57

摘要： A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

摘要翻译： 提出了一种可信任的平台模块，能够在层次结构中动态创建多个虚拟可信平台模块。 创建可信平台模块域。 可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。 虚拟可信平台模块可以继承父信任平台模块的权限，以便能够自己创建虚拟可信平台模块。 每个虚拟可信平台模块与特定分区关联。 每个分区与单个操作系统相关联。 创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

公开(公告)号：US20080184040A1

公开(公告)日：2008-07-31

申请号：US12059274

申请日：2008-03-31

申请人： Steven A. Bade ,  Ronald Perez ,  Leendert Peter Van Doorn ,  Helmut H. Weber

发明人： Steven A. Bade ,  Ronald Perez ,  Leendert Peter Van Doorn ,  Helmut H. Weber

IPC分类号： H04L9/06

CPC分类号： G06F21/572

摘要： A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.

摘要翻译： 一种用于增强现有核心信任度量（CRTM）功能的方法，系统和计算机程序产品。 CRTM被扩展为允许平台制造商控制和认证的代码被并入CRTM的功能，其中制造商可以将接受新功能的策略定义到CRTM中。 当编译固件或软件模块图像时，构建过程产生编译的固件或软件映像的哈希值，其中散列值反映编译图像的指纹（或短手）表示。 确定固件或软件映像的哈希值是否为CRTM扩展。 如果是这样，使用CRTM扩展专用密钥创建模块的数字签名。 该签名值被添加到固件或软件模块。