-
公开(公告)号:US20090086979A1
公开(公告)日:2009-04-02
申请号:US11864512
申请日:2007-09-28
申请人: Tasneem Brutch , Alok Kumar , Vincent Scarlata , Faraz A. Siddiqi , Ned M. Smith , Willard M. Wiseman
发明人: Tasneem Brutch , Alok Kumar , Vincent Scarlata , Faraz A. Siddiqi , Ned M. Smith , Willard M. Wiseman
IPC分类号: H04L9/08
CPC分类号: H04L9/0836 , H04L2209/127
摘要: The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.
摘要翻译: 与可信计算相关的本主题,更具体地,涉及植根于硬件可信平台模块中的虚拟可信平台模块键。 一些实施例包括可操作以捕获虚拟机可信平台模块调用并且代表一个或多个虚拟机生成,维护和利用硬件可信平台模块密钥的可信平台虚拟化模块。 一些实施例包括虚拟可信平台模块密钥,其具有位于私有部分之上的公共部分,包括加密的硬件可信平台模块密钥。
-
12.发明申请公开(公告)号:US20060256107A1
公开(公告)日:2006-11-16
申请号:US11171856
申请日:2005-06-29
申请人: Vincent Scarlata , Willard Wiseman
发明人: Vincent Scarlata , Willard Wiseman
IPC分类号: G06T1/00
摘要: A virtual manufacturer authority is launched in a protected portion of a processing system. A key for the virtual manufacturer authority is created. The key is protected by a security coprocessor of the processing system, such as a trusted platform module (TPM). Also, the key is bound to a current state of the virtual manufacturer authority. A virtual security coprocessor is created in the processing system. A delegation request is transmitted from the processing system to an external processing system, such as a certificate authority (CA). After transmission of the delegation request, the key is used to attest to trustworthiness of the virtual security coprocessor. Other embodiments are described and claimed.
-
公开(公告)号:US09087200B2
公开(公告)日:2015-07-21
申请号:US13527547
申请日:2012-06-19
申请人: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
发明人: Francis X. McKeen , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
摘要: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要翻译: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
公开(公告)号:US20130159726A1
公开(公告)日:2013-06-20
申请号:US13527547
申请日:2012-06-19
申请人: Francis X. MCKEEN , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
发明人: Francis X. MCKEEN , Carlos V. Rozas , Uday R. Savagaonkar , Simon P. Johnson , Vincent Scarlata , Michael A. Goldsmith , Ernie Brickell , Jiang Tao Li , Howard C. Herbert , Prashant Dewan , Stephen J. Tolopka , Gilbert Neiger , David Durham , Gary Graunke , Bernard Lint , Don A. Van Dyke , Joseph Cihula , Stalinselvaraj Jeyasingh , Stephen R. Van Doren , Dion Rodgers , John Garney , Asher Altman
IPC分类号: G06F21/72
摘要: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
摘要翻译: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
公开(公告)号:US08249257B2
公开(公告)日:2012-08-21
申请号:US11864512
申请日:2007-09-28
申请人: Tasneem Brutch , Alok Kumar , Vincent Scarlata , Faraz A. Siddiqi , Ned M. Smith , Willard M. Wiseman
发明人: Tasneem Brutch , Alok Kumar , Vincent Scarlata , Faraz A. Siddiqi , Ned M. Smith , Willard M. Wiseman
IPC分类号: G06F21/00
CPC分类号: H04L9/0836 , H04L2209/127
摘要: The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.
摘要翻译: 与可信计算相关的本主题,更具体地,涉及植根于硬件可信平台模块中的虚拟可信平台模块键。 一些实施例包括可操作以捕获虚拟机可信平台模块调用并且代表一个或多个虚拟机生成,维护和利用硬件可信平台模块密钥的可信平台虚拟化模块。 一些实施例包括虚拟可信平台模块密钥,其具有位于私有部分之上的公共部分,包括加密的硬件可信平台模块密钥。
-
公开(公告)号:US08032942B2
公开(公告)日:2011-10-04
申请号:US11967300
申请日:2007-12-31
申请人: Ned Smith , Willard Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz Siddiqi
发明人: Ned Smith , Willard Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz Siddiqi
CPC分类号: G06F21/572 , G06F21/57 , G06F2221/2101
摘要: Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.
摘要翻译: 公开了用于配置虚拟平台模块的系统,方法和机器可读介质。 一种方法包括启动虚拟机监视器,并且利用虚拟机监视器确定定义虚拟可信平台模块的配置的配置策略是否被信任。 该方法还包括根据虚拟机监视器确定配置策略被信任来配置每个配置策略的虚拟可信平台模块。 该方法还包括通过虚拟机监视器启动与虚拟可信平台模块相关联的虚拟机。
-
公开(公告)号:US20090169012A1
公开(公告)日:2009-07-02
申请号:US11967143
申请日:2007-12-29
申请人: Ned M. Smith , Willard M. Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz A. Siddiqi
发明人: Ned M. Smith , Willard M. Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz A. Siddiqi
IPC分类号: H04L9/06
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/0836 , H04L9/0897
摘要: The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module.
摘要翻译: 本主题涉及可信计算,更具体地涉及根植于硬件可信平台模块中的虚拟可信平台模块密钥的迁移。 一些实施例包括可执行入站和出站可信平台模块密钥迁移中的一个或多个的可信平台虚拟化模块。 这样的迁移可以在虚拟可信平台模块和硬件或虚拟可信平台模块之间执行。
-
18.发明申请Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms 失效控制加密密钥访问的机制,并证明已批准的计算机平台配置公开(公告)号:US20080059799A1
公开(公告)日:2008-03-06
申请号:US11511773
申请日:2006-08-29
申请人: Vincent Scarlata
发明人: Vincent Scarlata
IPC分类号: H04L9/00
CPC分类号: H04L9/0897
摘要: Methods and arrangements to control access to cryptographic keys and to attest to the approved configurations of computer platforms able to access these keys, which include trusted platform modules (TPMs) are contemplated. Embodiments include transformations, code, state machines or other logic to control access to a cryptographic key by creating an authorization blob locking authorization data to access the cryptographic key to platform configuration register (PCR) values of a TPM, the PCR values representing a configuration of a computing platform. Embodiments may also involve generating a first TPM cryptographic key bound to PCR values, receiving a second TPM cryptographic key owned by software, and receiving evidence of the identity of an upgrade service controlling the upgrading of the software. Embodiment may also include certifying the first TPM cryptographic key; certifying the second TPM cryptographic key; concatenating the first certification, the second certification, and the evidence of the identity of the upgrade service; and signing the concatenation.
摘要翻译: 控制对加密密钥的访问并证实能够访问这些密钥(包括可信平台模块(TPM))的计算机平台的已批准配置的方法和布置。 实施例包括转换,代码,状态机或其他逻辑,以通过创建授权区块锁定授权数据来访问加密密钥到TPM的平台配置寄存器(PCR)值来控制对加密密钥的访问,所述PCR值表示 一个计算平台。 实施例还可以包括生成绑定到PCR值的第一TPM加密密钥,接收由软件拥有的第二TPM加密密钥,以及接收控制软件升级的升级服务的身份的证据。 实施例还可以包括证明第一TPM密码密钥; 验证第二个TPM加密密钥; 连接第一认证,第二认证和升级服务身份证明; 并签署连接。
-
公开(公告)号:US20070094719A1
公开(公告)日:2007-04-26
申请号:US11512989
申请日:2006-08-29
申请人: Vincent Scarlata
发明人: Vincent Scarlata
IPC分类号: H04L9/32
CPC分类号: G06F21/552 , G06F21/53 , G06F21/57 , G06F21/577 , G06F21/602 , G06F21/72 , G06F21/74 , G06F2221/2103 , G06F2221/2105 , G06F2221/2149 , H04L9/0825 , H04L9/0897 , H04L63/0823 , H04L63/0876
摘要: A first processing system determines whether a second processing system provides a trustworthy state for supporting a virtual trusted platform module (TPM), based at least in part on an assertion made by a management authority. The first processing system also determines whether the management authority is trusted. The first processing system may transfer state for the virtual TPM to the second processing system only if (a) the management authority is trusted and (b) the assertion made by the management authority indicates that the second processing system provides a trustworthy environment for supporting the virtual TPM. In one embodiment, the first processing system transfers state for the virtual TPM to the second processing system only if a trust level designation for the second processing system is equal or greater than a trust level for the first processing system. Other embodiments are described and claimed.
摘要翻译: 第一处理系统至少部分地基于由管理机构做出的断言来确定第二处理系统是否提供用于支持虚拟可信平台模块(TPM)的可信状态。 第一处理系统还确定管理机构是否被信任。 第一处理系统可以将虚拟TPM的状态转移到第二处理系统,只有(a)管理机构被信任,并且(b)由管理机构作出的断言指示第二处理系统提供可靠的环境以支持 虚拟TPM。 在一个实施例中,仅当第二处理系统的信任级别指定等于或大于第一处理系统的信任级别时,第一处理系统将虚拟TPM的状态传送到第二处理系统。 描述和要求保护其他实施例。
-
公开(公告)号:US08259948B2
公开(公告)日:2012-09-04
申请号:US11967143
申请日:2007-12-29
申请人: Ned M. Smith , Willard M. Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz A. Siddiqi
发明人: Ned M. Smith , Willard M. Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz A. Siddiqi
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/0836 , H04L9/0897
摘要: The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module.
摘要翻译: 本主题涉及可信计算,更具体地涉及根植于硬件可信平台模块中的虚拟可信平台模块密钥的迁移。 一些实施例包括可执行入站和出站可信平台模块密钥迁移中的一个或多个的可信平台虚拟化模块。 这样的迁移可以在虚拟可信平台模块和硬件或虚拟可信平台模块之间执行。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.057 秒)
