-
公开(公告)号:US20050273644A1
公开(公告)日:2005-12-08
申请号:US11193267
申请日:2005-07-30
申请人: Cormac Herley , Paul England
发明人: Cormac Herley , Paul England
CPC分类号: H04L1/1812
摘要: The invention disclosed herein includes a system and method for electronically transferring data through a communications connection in a transparent manner such that the data transfer does not interfere with other traffic sharing the connection. The invention transfers data using bandwidth of the connection that other traffic are not using. If other traffic desires to use the bandwidth currently being used by the invention, the invention relinquishes the bandwidth to the other traffic and retreats to avoid bandwidth contention. Although a retreat may cause gaps in the data transferred, a key aspect of the invention is that any missing data due to these gaps is recovered easily and in a bandwidth-efficient way using novel error correction and recovery.
-
公开(公告)号:US20050235362A1
公开(公告)日:2005-10-20
申请号:US11018065
申请日:2004-12-20
申请人: Paul England , Butler Lampson
发明人: Paul England , Butler Lampson
摘要: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
摘要翻译: 在非安全计算机环境中保护优质内容的架构仅在安全存储器中执行少量代码模块。 这些模块被布置在信任层级中,其中模块命名它愿意信任的其他模块,而这些模块又命名他们愿意信任的其他模块。 安全加载器加载一个安全管理器,该管理器负责监视用于操纵内容的多个内容提供模块。 内存管理员将权限分配给安全内存的各个页面。 内存具有不同安全性的环。 安全模型可以扩展到计算机总线上的程序模块和其他设备,如DMA控制器和外设。
-
43.发明申请Method and system for allowing code to be securely initialized in a computer 有权允许在计算机中安全地初始化代码的方法和系统公开(公告)号:US20050235166A1
公开(公告)日:2005-10-20
申请号:US11152909
申请日:2005-06-15
申请人: Paul England , Bryan Willman
发明人: Paul England , Bryan Willman
CPC分类号: G06F15/177 , G06F9/4405 , G06F21/575
摘要: A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memory controller). Once an initialization process has been executed by that CPU, the code is operational and any other CPUs are allowed to access memory (after being reset), as are any other bus masters (subject to any controls imposed by the initiated code).
摘要翻译: 存储器控制器防止CPU和其他I / O总线主机在代码(例如,可信核心)初始化过程中访问存储器。 存储器控制器重置计算机中的CPU,并允许CPU开始访问特定位置的存储器(由存储器控制器标识给CPU)。 一旦该CPU执行了初始化过程,代码就可以运行,任何其他CPU都可以访问存储器(复位后),以及任何其他总线主机(受到启动代码的任何控制)。
-
公开(公告)号:US06948073B2
公开(公告)日:2005-09-20
申请号:US09892283
申请日:2001-06-27
CPC分类号: G06F21/10
摘要: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.
-
公开(公告)号:US20050171904A1
公开(公告)日:2005-08-04
申请号:US11087922
申请日:2005-03-23
申请人: Yacov Yacobi , Paul England
发明人: Yacov Yacobi , Paul England
CPC分类号: G06Q20/06 , G06Q20/02 , G06Q20/102 , G06Q20/108 , G06Q20/12 , G06Q20/29 , G06Q20/3825
摘要: An electronic asset system mints a stick of electronic assets that can be spent by the user with multiple vendors. Assets sticks are issued anonymously or non-anonymously in a way without requiring dedication to a particular vendor, hence allowing the user to spend one or more assets from the stick with different vendors. The auditor randomly audit samples of the spent assets to detect whether the assets have been fraudulently used. The electronic asset system employs tamper-resistant electronic wallets constructed as dedicated hardware devices, or as devices with secure-processor architecture. The electronic asset system also facilitates handling of electronic coupons in a manner that enforces compliance between the user and the vendor. The user and vendor each maintain a stick of corresponding coupons with pointers to the most recent and oldest coupons available for expenditure. When a coupon is used or granted, the user and vendor both update the appropriate pointer to their respective sticks and then exchange signed data describing placement of the pointer to verify a correspondence between the referenced coupons.
-
公开(公告)号:US20050097355A1
公开(公告)日:2005-05-05
申请号:US11011457
申请日:2004-12-13
申请人: Paul England , Butler Lampson
发明人: Paul England , Butler Lampson
摘要: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
-
公开(公告)号:US08621243B2
公开(公告)日:2013-12-31
申请号:US13015402
申请日:2011-01-27
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F12/14
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.
-
48.发明授权Systems and methods for updating a secure boot process on a computer with a hardware security module 有权使用硬件安全模块在计算机上更新安全引导过程的系统和方法公开(公告)号:US08028172B2
公开(公告)日:2011-09-27
申请号:US11036018
申请日:2005-01-14
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
IPC分类号: H04L9/32
CPC分类号: G06F21/575
摘要: Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
摘要翻译: 提供了系统和方法,用于在具有可信平台模块(TPM)的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程,确定防止秘密解密的数据,并将数据返回到原始状态。 在这种类型的恢复不可行的情况下,可以使用用于验证用户的技术,允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器(PCR)值 。 最后,可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程,更新安全引导过程的一个或多个方面,以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。
-
公开(公告)号:US07890771B2
公开(公告)日:2011-02-15
申请号:US10407117
申请日:2003-04-04
申请人: Paul England , Marcus Peinado
发明人: Paul England , Marcus Peinado
IPC分类号: G06F11/30
CPC分类号: G06F21/6218
摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.
摘要翻译: 根据某些方面,从呼叫程序接收数据。 使用公钥加密来生成包含数据的密文,只允许一个或多个目标程序能够从密文获得数据。 根据另一方面,从调用程序接收位串。 检查调用程序的标识符以确定是否允许调用程序访问以位串的密文加密的数据。 数据使用公开密钥解密解密,只有在允许调用程序访问数据的情况下才能返回到调用程序。
-
50.发明授权Virtualization of software configuration registers of the TPM cryptographic processor 有权虚拟化TPM加密处理器的软件配置寄存器公开(公告)号:US07836299B2
公开(公告)日:2010-11-16
申请号:US11080906
申请日:2005-03-15
申请人: Paul England , Matthew C. Setzer
发明人: Paul England , Matthew C. Setzer
CPC分类号: G06F21/57
摘要: A virtual PCR (VPCR) construct is provided that can be cryptographically tagged as optionally resettable or as enduring for the life of a client (process, virtual machine, and the like) and that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform Module (TPM). The VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in number and may be given general names (UUIDs) that are less likely to collide. The VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. The VPCRs thus enable all software using the TPM to be given access to TPM functionality (sealing, quoting, etc.) without security concerns.
摘要翻译: 提供虚拟PCR(VPCR)构造,其可以被加密地标记为可选择地重置或在客户端(过程,虚拟机等)的寿命中持久,并且可以将其加载到可重置的硬件PCR中以利用 可信平台模块(TPM)的功能。 VPCR可以加密地反映其存储值的特性(可重置或不可复位)。 此外,由于PCR被虚拟化,它们(有效地)数量无限制,并且可以被给予不太可能发生冲突的通用名称(UUID)。 VPCR可以根据需要加载到物理PCR中,但可以阻止一块软件冒充另一块软件。 因此,VPCR可以使所有使用TPM的软件都能够获得TPM功能(密封,引用等),而无需安全考虑。
-
-
-
-
-
-
-
-
-
搜索结果
208 条记录 (耗时 0.026 秒)
