公开(公告)号：US20150033316A1

公开(公告)日：2015-01-29

申请号：US13949213

申请日：2013-07-23

申请人： Vincent Scarlata ,  Carlos Rozas ,  Simon Johnson ,  Uday Savagaonkar ,  Ittai Anati ,  Francis McKeen ,  Michael Goldsmith

发明人： Vincent Scarlata ,  Carlos Rozas ,  Simon Johnson ,  Uday Savagaonkar ,  Ittai Anati ,  Francis McKeen ,  Michael Goldsmith

IPC分类号： G06F21/10 ,  H04L9/32

CPC分类号： H04L9/3213 ,  G06F21/12 ,  G06F21/53 ,  H04L9/3263

摘要： Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.

摘要翻译： 公开了在安全处理环境中的特征许可的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元将接收初始化安全飞地的指令。 执行单元执行指令。 指令的执行包括确定所请求的特征是否被许可用于安全飞地。

公开(公告)号：US08259948B2

公开(公告)日：2012-09-04

申请号：US11967143

申请日：2007-12-29

申请人： Ned M. Smith ,  Willard M. Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz A. Siddiqi

发明人： Ned M. Smith ,  Willard M. Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz A. Siddiqi

IPC分类号： H04L9/06 ,  H04L9/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

CPC分类号： G06F21/57 ,  H04L9/0825 ,  H04L9/0836 ,  H04L9/0897

摘要： The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module.

摘要翻译： 本主题涉及可信计算，更具体地涉及根植于硬件可信平台模块中的虚拟可信平台模块密钥的迁移。 一些实施例包括可执行入站和出站可信平台模块密钥迁移中的一个或多个的可信平台虚拟化模块。 这样的迁移可以在虚拟可信平台模块和硬件或虚拟可信平台模块之间执行。

公开(公告)号：US07711960B2

公开(公告)日：2010-05-04

申请号：US11511773

申请日：2006-08-29

申请人： Vincent Scarlata

发明人： Vincent Scarlata

IPC分类号： G06F21/00

CPC分类号： H04L9/0897

摘要： Methods and arrangements to control access to cryptographic keys and to attest to the approved configurations of computer platforms able to access these keys, which include trusted platform modules (TPMs) are contemplated. Embodiments include transformations, code, state machines or other logic to control access to a cryptographic key by creating an authorization blob locking authorization data to access the cryptographic key to platform configuration register (PCR) values of a TPM, the PCR values representing a configuration of a computing platform. Embodiments may also involve generating a first TPM cryptographic key bound to PCR values, receiving a second TPM cryptographic key owned by software, and receiving evidence of the identity of an upgrade service controlling the upgrading of the software. Embodiment may also include certifying the first TPM cryptographic key; certifying the second TPM cryptographic key; concatenating the first certification, the second certification, and the evidence of the identity of the upgrade service; and signing the concatenation.

摘要翻译： 控制对加密密钥的访问并证实能够访问这些密钥（包括可信平台模块（TPM））的计算机平台的已批准配置的方法和布置。 实施例包括转换，代码，状态机或其他逻辑，以通过创建授权区块锁定授权数据来访问加密密钥到TPM的平台配置寄存器（PCR）值来控制对加密密钥的访问，所述PCR值表示 一个计算平台。 实施例还可以包括生成绑定到PCR值的第一TPM加密密钥，接收由软件拥有的第二TPM加密密钥，以及接收控制软件升级的升级服务的身份的证据。 实施例还可以包括证明第一TPM密码密钥; 验证第二个TPM加密密钥; 连接第一认证，第二认证和升级服务身份证明; 并签署连接。

公开(公告)号：US20090169017A1

公开(公告)日：2009-07-02

申请号：US11967300

申请日：2007-12-31

申请人： Ned Smith ,  Willard M. Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz Siddiqi

发明人： Ned Smith ,  Willard M. Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz Siddiqi

IPC分类号： G06F21/00 ,  H04L9/14

CPC分类号： G06F21/572 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.

摘要翻译： 公开了用于配置虚拟平台模块的系统，方法和机器可读介质。 一种方法包括启动虚拟机监视器，并且利用虚拟机监视器确定定义虚拟可信平台模块的配置的配置策略是否被信任。 该方法还包括根据虚拟机监视器确定配置策略被信任来配置每个配置策略的虚拟可信平台模块。 该方法还包括通过虚拟机监视器启动与虚拟可信平台模块相关联的虚拟机。