利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

159 条记录 (耗时 0.041 秒)

    Transferring application secrets in a trusted operating system environment
    51.
    发明授权
    Transferring application secrets in a trusted operating system environment 有权

    公开(公告)号:US07577840B2

    公开(公告)日:2009-08-18

    申请号:US11068007

    申请日:2005-02-28

    申请人: Paul England Marcus Peinado Daniel R. Simon Josh D. Benaloh

    发明人: Paul England Marcus Peinado Daniel R. Simon Josh D. Benaloh

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57 G06F21/606

    摘要: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

    Saving and retrieving data based on symmetric key encryption
    52.
    发明授权
    Saving and retrieving data based on symmetric key encryption 有权

    公开(公告)号:US07487365B2

    公开(公告)日:2009-02-03

    申请号:US10406861

    申请日:2003-04-04

    申请人: Paul England Marcus Peinado

    发明人: Paul England Marcus Peinado

    IPC分类号: H04L9/00 H04N7/167

    CPC分类号: G06F21/6218

    摘要: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

    Multiplexing a secure counter to implement second level secure counters
    53.
    发明授权
    Multiplexing a secure counter to implement second level secure counters 有权
    复用安全计数器来实现二级安全计数器

    公开(公告)号:US07421579B2

    公开(公告)日:2008-09-02

    申请号:US10185506

    申请日:2002-06-28

    申请人: Paul England Marcus Peinado

    发明人: Paul England Marcus Peinado

    IPC分类号: H04L9/00 G06F11/30 H04L9/32 H04K1/00

    CPC分类号: G06F21/64 G06F21/10 G06F2221/2145

    摘要: A multiplexed secure counter is provided, in which a multiplicity of child secure counters are secured by a parent secure counter. Child counters are stored with a parent secure counter value and a signature. Before a child counter is read, the signature is verified and value stored is checked against the current value of the parent secure value. If the verifications are successful, the child secure counter can be used. To increment a child counter, the signature is verified and the value stored checked against the current value of the parent secure value. If the verifications are successful, the parent counter and the child counter are incremented, and the data is signed again.

    摘要翻译: 提供一种复用的安全计数器,其中多个子安全计数器由父安全计数器保护。 子计数器存储有父安全计数器值和签名。 在读取子计数器之前,验证签名,并根据父安全值的当前值检查值存储。 如果验证成功,则可以使用子安全计数器。 要增加子计数器,将验证签名,并根据父安全值的当前值检查存储的值。 如果验证成功,则父计数器和子计数器递增,数据再次签名。

    Secure processor architecture for use with a digital rights management (DRM) system on a computing device
    55.
    发明授权
    Secure processor architecture for use with a digital rights management (DRM) system on a computing device 有权
    与计算设备上的数字版权管理(DRM)系统一起使用的安全处理器架构

    公开(公告)号:US07225333B2

    公开(公告)日:2007-05-29

    申请号:US09892329

    申请日:2001-06-27

    申请人: Marcus Peinado Paul England

    发明人: Marcus Peinado Paul England

    IPC分类号: G06F21/00 G06F21/02

    CPC分类号: H04L63/0442 G06F21/10 G06F21/71 G06F2221/2105 H04L9/0897 H04L9/3236 H04L9/3263 H04L63/068 H04L63/0823 H04L63/12 H04L2209/603

    摘要: A secure processor is operable in normal and preferred modes, and includes a security kernel instantiated when the processor enters into preferred mode and a security key accessible by the security kernel during preferred mode. The security kernel employs the accessed security key to authenticate a secure application, and allows the processor to be trusted to keep hidden a secret of the application. To instantiate the application, the processor enters preferred mode where the security key is accessible, and instantiates and runs the security kernel. The security kernel accesses the security key and applies same to decrypt a key for the application, stores the decrypted key in a location where the application will expect same, and instantiates the application. The processor then enters the normal mode, where the security key is not accessible.

    摘要翻译: 安全处理器在正常和优选模式下可操作,并且包括当处理器进入优选模式时实例化的安全内核以及在优选模式期间由安全内核访问的安全密钥。 安全内核使用访问的安全密钥来认证安全应用程序,并允许处理器被信任以隐藏应用程序的秘密。 为了实例化应用程序,处理器进入可访问安全密钥的首选模式,并实例化和运行安全内核。 安全内核访问安全密钥并应用该密钥对应用程序的密钥进行解密,将解密的密钥存储在应用程序期望相同的位置,并实例化应用程序。 然后,处理器进入正常模式,其中安全密钥不可访问。

    Implementation of memory access control using optimizations
    56.
    发明授权
    Implementation of memory access control using optimizations 有权
    使用优化实现内存访问控制

    公开(公告)号:US07139892B2

    公开(公告)日:2006-11-21

    申请号:US10610666

    申请日:2003-06-30

    申请人: Marcus Peinado Paul England

    发明人: Marcus Peinado Paul England

    IPC分类号: G06F12/00

    CPC分类号: G06F21/79 G06F12/145

    摘要: Mechanisms are disclosed that may allow certain memory access control algorithms to be implemented efficiently. When memory access control is based on controlling changes to an address translation map (or set of maps), it may be necessary to determine whether a particular map change would allow memory to be accessed in an impermissible way. Certain data about the map may be cached in order to allow the determination to be made more efficiently than performing an evaluation of the entire map.

    摘要翻译: 公开了可以有效地实现某些存储器访问控制算法的机制。 当存储器访问控制基于控制对地址转换映射(或映射集)的改变时,可能需要确定特定映射更改是否允许以不允许的方式访问存储器。 可以缓存关于地图的某些数据,以便比执行整个地图的评估更有效地进行确定。

    Memory isolation through address translation data edit control
    58.
    发明授权
    Memory isolation through address translation data edit control 失效

    公开(公告)号:US07058768B2

    公开(公告)日:2006-06-06

    申请号:US10319148

    申请日:2002-12-13

    申请人: Bryan Mark Willman Paul England Marcus Peinado

    发明人: Bryan Mark Willman Paul England Marcus Peinado

    IPC分类号: G06F12/00

    CPC分类号: G06F12/145

    摘要: Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these evaluations are performed by a trusted component in a trusted environment, since isolation of the memory depends on the evaluation component not being compromised. In systems that require all memory access requests to identify their target by virtual address, preventing the address translation maps from pointing to a portion of memory effectively prevents access to that portion of memory, thereby creating an isolated memory.

    Using limits on address translation to control access to an addressable entity
    59.
    发明申请
    Using limits on address translation to control access to an addressable entity 有权

    公开(公告)号:US20060117169A1

    公开(公告)日:2006-06-01

    申请号:US11298033

    申请日:2005-12-09

    申请人: Marcus Peinado Paul England Bryan Willman

    发明人: Marcus Peinado Paul England Bryan Willman

    IPC分类号: G06F9/00

    CPC分类号: G06F12/145

    摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.

    Using limits on address translation to control access to an addressable entity
    60.
    发明申请
    Using limits on address translation to control access to an addressable entity 有权

    公开(公告)号:US20060095689A1

    公开(公告)日:2006-05-04

    申请号:US11299083

    申请日:2005-12-09

    申请人: Marcus Peinado Paul England Bryan Willman

    发明人: Marcus Peinado Paul England Bryan Willman

    IPC分类号: G06F12/14 G06F12/08

    CPC分类号: G06F12/145

    摘要: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.