-
61.发明授权Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权在可信计算平台中为动态生成的认可密钥建立虚拟认可凭据公开(公告)号:US08549592B2
公开(公告)日:2013-10-01
申请号:US11179238
申请日:2005-07-12
IPC分类号: H04L29/06
CPC分类号: G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要: A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译: 在用于建立虚拟背书凭证的数据处理系统中公开了一种方法和装置。 数据处理系统包括硬件可信平台模块(TPM)。 逻辑分区在系统中生成。 为每个逻辑分区生成不同的虚拟TPM。 对于逻辑分区中的每一个,为逻辑分区生成的虚拟TPM然后动态地生成仅存储在相应虚拟TPM内的虚拟签名密钥。 使用虚拟认可密钥,每个虚拟TPM还生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。 在数据处理系统内生成虚拟签注凭证,而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。
-
公开(公告)号:US07263608B2
公开(公告)日:2007-08-28
申请号:US10735388
申请日:2003-12-12
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
公开(公告)号:US07167982B2
公开(公告)日:2007-01-23
申请号:US09952103
申请日:2001-09-14
申请人: Scott Thomas Elliott , James Patrick Hoff , Christopher Scott Long , David Rivera , James Peter Ward
发明人: Scott Thomas Elliott , James Patrick Hoff , Christopher Scott Long , David Rivera , James Peter Ward
IPC分类号: H04L9/00
CPC分类号: H04L63/04 , G06F21/6218 , G06F2221/2147 , Y10S707/99953 , Y10S707/99955
摘要: A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e.g., a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e.g., a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.
摘要翻译: 一种用于在共享环境中保护解密文件的方法,系统和计算机程序产品。 内核空间中的过滤器驱动程序可以被配置为将服务请求控制为存储在共享区域(例如,可由多个用户访问的磁盘单元上的共享目录)上的加密文件。 过滤器驱动程序可以接收服务请求以在从授权用户发出的共享区域中打开加密文档。 在接收到加密数据之后,过滤器驱动程序可以对加密的数据进行解密。 滤波器驱动器可随后将解密的数据存储在非共享区域(例如非共享目录)中的文件中。 非共享区域可以仅由请求访问加密文件的授权用户访问。 通过将解密的数据存储在非共享区域中的文件中,一旦解密的文件可以在文件共享环境中被保护。
-
公开(公告)号:US07013384B2
公开(公告)日:2006-03-14
申请号:US10047219
申请日:2002-01-15
申请人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/24
CPC分类号: G06F21/57 , G06F9/4406 , G06F15/177
摘要: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
-
65.发明授权Systems and method for hiding from a computer system entry of a personal identification number (pin) to a smart card 有权将个人识别号码(PIN)的计算机系统入口隐藏到智能卡的系统和方法公开(公告)号:US06598032B1
公开(公告)日:2003-07-22
申请号:US09523490
申请日:2000-03-10
IPC分类号: G06F1760
CPC分类号: G07F7/1008 , G06Q20/382 , G06Q20/401 , G06Q20/4012 , G07F7/1025
摘要: A system and method for isolating a computer system from entry of a personal identification number (PIN) to a smart card. The system and method includes a computer system that is in communication with an unsecure network to allow a user to engage in a purchase transaction. The system and method also includes a smart card reader in which a smart card is inserted and read. A secure personal-identification-number (PIN) entry device is coupled between the computer system and the smart card reader. The secure PIN entry device is used for entering a correct code for the PIN. Communication between computer system and secure PIN entry device is disconnected until the correct code for the PIN is entered at secure PIN entry device and sent to the smart card in order to authorize use of the smart card for the purchase transaction. In response to the correct code for the PIN being entered and sent to the smart card, communication between computer system and secure PIN entry device is established. The secure PIN entry device has a processor for controlling the disconnection and connection of communication between the computer system and the secure PIN entry device. The secure PIN entry device also has a display for displaying a message request relating to the purchase transaction. The message request prompts a user to provide the PIN to authorize use of the smart card for a purchase transaction.
摘要翻译: 一种用于将计算机系统与个人识别号码(PIN)输入到智能卡的系统和方法。 该系统和方法包括与不安全网络通信以允许用户参与购买交易的计算机系统。 该系统和方法还包括其中插入和读取智能卡的智能卡读卡器。 安全的个人识别号码(PIN)输入设备耦合在计算机系统和智能卡读卡器之间。 安全PIN输入设备用于输入PIN的正确代码。 计算机系统和安全PIN输入设备之间的通信被断开,直到PIN的正确代码被输入到安全的PIN输入设备并被发送到智能卡以授权使用智能卡进行购买交易。 为了响应正在输入的PIN并将其发送到智能卡的正确代码,建立计算机系统和安全PIN输入设备之间的通信。 安全PIN输入设备具有用于控制计算机系统和安全PIN输入设备之间的通信的断开和连接的处理器。 安全PIN输入设备还具有用于显示与购买交易相关的消息请求的显示。 消息请求提示用户提供PIN以授权使用智能卡进行购买交易。
-
66.发明授权Self powered electronic memory identification tag with dual communication ports 失效具有双通信端口的自供电电子存储器识别标签
公开(公告)号:US6046676A
公开(公告)日:2000-04-04
申请号:US971154
申请日:1997-11-14
申请人: James Peter Ward , Kerry Maletsky
发明人: James Peter Ward , Kerry Maletsky
CPC分类号: G06K19/0701 , G06K19/0723
摘要: A tag for use in identifying and communicating with an electronic device such as a computer is disclosed. The tag is self powered from an RF interrogation signal when the electronic device is not operating. The tag is provided with DC power from the electronic device when it is communicating with the electronic device to which it is attached as a portion of memory of the electronic device.
摘要翻译: 公开了一种用于识别和诸如计算机之类的电子设备的通信的标签。 当电子设备不工作时,标签由RF询问信号自动供电。 当电子设备与作为电子设备的存储器的一部分连接的电子设备进行通信时,该标签被提供有来自电子设备的DC电力。
-
67.发明授权Apparatus, system, and method for secure communications from a human interface device 有权用于从人机接口设备进行安全通信的设备,系统和方法公开(公告)号:US07581097B2
公开(公告)日:2009-08-25
申请号:US10745172
申请日:2003-12-23
申请人: Ryan Charles Catherman , Dave Carroll Challener , Akira Hino , James Patrick Hoff , James Peter Ward
发明人: Ryan Charles Catherman , Dave Carroll Challener , Akira Hino , James Patrick Hoff , James Peter Ward
IPC分类号: H04L9/00
CPC分类号: G06F21/83 , G06F21/606
摘要: An apparatus, system and method of secure communications from a human interface device are provided. The apparatus, system, and method receive input data and calculate encrypted data from the input data using a secure credential. In one embodiment the apparatus, system, and method request and receive a single instance credential and calculate the encrypted data using the secure credential and the single instance credential. The encrypted data may be a secure authorization that may be valid for one use. Communication of the encrypted data through networks and communicating devices is secure. The encrypted data may not be decrypted even if intercepted without the secure credential. The apparatus, system, and method enable secure communications from the human interface device.
摘要翻译: 提供了一种从人机接口设备进行安全通信的装置,系统和方法。 设备,系统和方法使用安全证书从输入数据接收输入数据并计算加密数据。 在一个实施例中,装置,系统和方法请求并接收单个实例凭证并使用安全凭证和单个实例凭证来计算加密的数据。 加密数据可以是对一次使用可能有效的安全授权。 通过网络和通信设备进行加密数据的通信是安全的。 即使在没有安全凭证的情况下被拦截,加密数据也可能不被解密。 该装置,系统和方法能够实现来自人机接口装置的安全通信。
-
公开(公告)号:US07484105B2
公开(公告)日:2009-01-27
申请号:US09931629
申请日:2001-08-16
CPC分类号: G06F21/572
摘要: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.
摘要翻译: 更新实用程序请求实用程序的签名的签名验证以及解锁存储在该实用程序中的闪存的请求。 可信平台模块(“TPM”)使用先前存储的公钥执行实用程序的签名验证。 在验证签名后,TPM解锁闪存以允许更新实用程序。 完成更新后,闪存实用程序向TPM发出锁定请求以重新锁定闪存。
-
公开(公告)号:US07269747B2
公开(公告)日:2007-09-11
申请号:US10411408
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
公开(公告)号:US06889298B2
公开(公告)日:2005-05-03
申请号:US10015814
申请日:2001-11-02
CPC分类号: G06F21/81 , G06F21/6218
摘要: An apparatus and method for exclusively binding data to a data processing system. The logical binding apparatus of the present invention includes a detachable circuit device mounted within a system planar. Data to be bound within the system planar is stored in a memory device within the detachable circuit device. A battery signal is applied from the system planar to a binding pin on the detachable circuit device, wherein the binding pin is applied to the input of a binding latch. The binding latch remains in a reset state while the battery signal is applied. Upon removal of said binding signal from the binding pin, the binding latch is set thus signaling a processing unit within the detachable circuit device to remove the data from the memory device.
摘要翻译: 一种用于将数据独占于数据处理系统的装置和方法。 本发明的逻辑装订装置包括安装在系统平面内的可拆卸电路装置。 在系统平面内绑定的数据被存储在可拆卸电路装置内的存储装置中。 电池信号从系统平面施加到可拆卸电路装置上的装订销上,其中装订销被施加到装订闩锁的输入。 当施加电池信号时,装订锁定器保持复位状态。 在从绑定销移除所述绑定信号之后,设置绑定锁存器,从而向可拆卸电路装置内的处理单元发出信号,以从存储器装置移除数据。
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.026 秒)