-
51.发明授权System and method for execution of a secured environment initialization instruction 有权用于执行安全环境初始化指令的系统和方法公开(公告)号:US08185734B2
公开(公告)日:2012-05-22
申请号:US12455844
申请日:2009-06-08
CPC分类号: G06F9/4403 , G01N23/223 , G01N33/502 , G01N33/6872 , G01N2223/076 , G06F9/44505 , G06F12/0802 , G06F12/145 , G06F12/1458 , G06F13/4282 , G06F21/57 , G06F21/572 , G06F2212/1052 , G06F2212/60 , G06F2213/0026 , G06F2221/033 , H04L9/32 , H04L9/3247
摘要: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
摘要翻译: 描述了用于在微处理器系统中发起安全操作的方法和装置。 在一个实施例中,一个起始逻辑处理器通过停止其他逻辑处理器的执行,然后将初始化和将虚拟机监视软件安全地保存到存储器中来启动该过程。 起始处理器然后将初始化软件加载到安全存储器中用于认证和执行。 然后,初始化软件在安全系统操作之前对安全虚拟机监控软件进行身份验证和注册。
-
公开(公告)号:US07945786B2
公开(公告)日:2011-05-17
申请号:US11731164
申请日:2007-03-30
申请人: Alok Kumar , Minal B. Patel , Kuo-Lang Tseng , Ramesh M. Thomas , Madhukar Tallam , Aneet Chopra , Ned M. Smith , David W. Grawrock , David Champagne
发明人: Alok Kumar , Minal B. Patel , Kuo-Lang Tseng , Ramesh M. Thomas , Madhukar Tallam , Aneet Chopra , Ned M. Smith , David W. Grawrock , David Champagne
CPC分类号: G06F9/45558 , G06F9/4418 , G06F21/51 , G06F21/79 , G06F2009/45587
摘要: A processing system features random access memory (RAM), a processor, and a trusted platform module (TPM). When the processing system enters a sleep mode during which the RAM is to stay powered, the processing system may measuring a VMM and one or more secure VMs in the processing system. However, the processing system may not measure or encrypt all of system memory. Upon resuming from sleep, the processing system may verify the measurements, to ensure that the VMM and secure VMs have not been tampered with. Other steps may include sealing encryption keys to the TPM, while preserving the blobs in memory. Other embodiments are described and claimed.
摘要翻译: 处理系统具有随机存取存储器(RAM),处理器和可信平台模块(TPM)。 当处理系统进入休眠模式期间,RAM将保持供电状态,处理系统可以测量处理系统中的VMM和一个或多个安全VM。 然而,处理系统可能不能测量或加密所有的系统存储器。 从休眠状态恢复时,处理系统可以验证测量结果,以确保VMM和安全VM没有被篡改。 其他步骤可以包括将加密密钥封装到TPM,同时保留存储器中的斑点。 描述和要求保护其他实施例。
-
53.发明授权Method of delivering direct proof private keys to devices using a distribution CD 有权使用分发CD向设备提供直接验证私钥的方法公开(公告)号:US07792303B2
公开(公告)日:2010-09-07
申请号:US10892265
申请日:2004-07-14
CPC分类号: H04L63/062 , G06F21/57 , G06F21/73 , H04L9/0841 , H04L63/0853 , H04L2209/125
摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质(例如CD)上,并分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果不是,系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。
-
公开(公告)号:US07757081B2
公开(公告)日:2010-07-13
申请号:US12005569
申请日:2007-12-27
申请人: John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
发明人: John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
CPC分类号: G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
-
55.发明授权Platform configuration register virtualization apparatus, systems, and methods 有权平台配置寄存器虚拟化设备,系统和方法公开(公告)号:US07707629B2
公开(公告)日:2010-04-27
申请号:US11095034
申请日:2005-03-31
申请人: David W. Grawrock
发明人: David W. Grawrock
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F9/45533
摘要: Apparatus and systems, as well as methods and articles, may operate to intercept a first request to use a platform configuration register (PCR) directed to a first trusted platform module (TPM) port, a second request to use the PCR directed to the first TPM port, or both, and to re-direct the first and second requests to use the PCR to a second TPM port capable of accessing a first virtual static platform configuration register (VS-PCR) set and a second VS-PCR set.
摘要翻译: 装置和系统以及方法和文章可以操作以截取使用针对第一可信平台模块(TPM)端口的平台配置寄存器(PCR)的第一请求,第二请求使用针对第一信任平台模块 TPM端口或两者,并且将第一和第二请求重新定向到能够访问第一虚拟静态平台配置寄存器(VS-PCR)集合和第二VS-PCR集合的第二TPM端口。
-
公开(公告)号:US07318235B2
公开(公告)日:2008-01-08
申请号:US10321751
申请日:2002-12-16
申请人: David W. Grawrock
发明人: David W. Grawrock
IPC分类号: G06F12/00 , G06F12/14 , G06F13/00 , G06F17/30 , G06F7/04 , G06K19/00 , H04L9/00 , H04K1/00 , G06F11/00 , G06F12/16
CPC分类号: G06F21/34 , G06Q20/367 , H04L9/0827 , H04L9/0877 , H04L9/3234
摘要: Methods, apparatus and machine readable medium are described for creating and using protected key blobs that require a particular portable token be present before use of the key or keys of the protected key blob is granted. Such protected key blobs may be used to establish a level of trust between a local user and the computing device.
摘要翻译: 描述了用于创建和使用需要特定便携式令牌的保护密钥块的方法,装置和机器可读介质,在使用密钥或保护密钥块的密钥被授予之前存在。 这种受保护的密钥块可以用于建立本地用户和计算设备之间的信任级别。
-
公开(公告)号:US07254707B2
公开(公告)日:2007-08-07
申请号:US11203538
申请日:2005-08-12
申请人: Howard C. Herbert , David W. Grawrock , Carl M. Ellison , Roger A. Golliver , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
发明人: Howard C. Herbert , David W. Grawrock , Carl M. Ellison , Roger A. Golliver , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
IPC分类号: H04L9/00
CPC分类号: G06F21/305 , G06F9/30189 , G06F12/1491 , G06F21/35 , G06F21/53 , G06F21/57 , G06F21/575 , G06F21/64 , G06F21/74 , G06F2221/2101 , G06F2221/2103 , G06F2221/2105 , G06F2221/2149
摘要: In one embodiment, a method of attestation involves a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing one or more software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving an attestation request. Then, the retrieved audit log is digitally signed to produce a digital signature in response to the attestation request.
摘要翻译: 在一个实施例中,认证方法涉及特殊的操作模式。 该方法包括将审核日志存储在平台的受保护的存储器内。 审计日志是表示加载到平台中的一个或多个软件模块的数据列表。 响应于接收到认证请求,从受保护的存储器检索审核日志。 然后,检索的审核日志被数字签名以响应于认证请求产生数字签名。
-
公开(公告)号:US07215781B2
公开(公告)日:2007-05-08
申请号:US09747238
申请日:2000-12-22
申请人: David W. Grawrock
发明人: David W. Grawrock
IPC分类号: H04L9/12
CPC分类号: G06F21/445 , G06F21/606
摘要: In general, one embodiment of the invention features a method comprising operations performed internally within a device. A first operation involves generating data for permanent storage in a protected area of internal memory of the device. This prevents subsequent modification of the data. A second operation involves producing a secret value being a combination of both the data and a short term value generated in response to a periodic event such as a power-up sequence of a platform employing the device.
摘要翻译: 通常,本发明的一个实施例的特征在于包括在设备内部执行的操作的方法。 第一操作涉及在设备的内部存储器的保护区域中生成用于永久存储的数据。 这样可以防止数据的后续修改。 第二操作涉及产生秘密值,该秘密值是数据和响应周期性事件(例如采用该设备的平台的上电序列)生成的短期值的组合。
-
公开(公告)号:US07076669B2
公开(公告)日:2006-07-11
申请号:US10122544
申请日:2002-04-15
IPC分类号: H04L9/00
摘要: A method and apparatus to communicate with a token using a previously reserved binary number in the start field of a cycle, wherein the cycle is not echoed on any bus other than the bus through which the communication is received.
-
公开(公告)号:US07058807B2
公开(公告)日:2006-06-06
申请号:US10122785
申请日:2002-04-15
IPC分类号: H04L9/00
CPC分类号: H04L63/062 , G06F21/57 , G06F21/73 , G06F2221/2103 , H04L63/104
摘要: In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the platform into the data center. In an embodiment, the private key is revoked upon determining that the platform has been compromised. In one embodiment, the private key may be revoked in each of the platforms of the data center.
-
-
-
-
-
-
-
-
-
搜索结果
61 条记录 (耗时 0.025 秒)