-
公开(公告)号:US20090113210A1
公开(公告)日:2009-04-30
申请号:US11977273
申请日:2007-10-24
IPC分类号: G06F12/14
摘要: A security module may be used to verify integrity of an executable program and may also be used to verify execution of the executable program on a computer. The security module may directly read a computer memory by asserting bus master control of a system bus. The executable program may be directly verified by calculating a hash or may be indirectly verified by an intermediate program that calculates the hash and passes it to the security module. To verify operation, the executable program may cause an interrupt to be generated when the executable program is in a known state. An interrupt service routine may trigger the security module to read registers in the computer processor via a debug port. If either the verification of the executable program fails or the register values are inconsistent with operation of the executable program, the security module may interrupt operation of the computer.
摘要翻译: 可以使用安全模块来验证可执行程序的完整性,并且也可以用于验证计算机上的可执行程序的执行。 安全模块可以通过断言系统总线的总线主控制来直接读取计算机存储器。 可执行程序可以通过计算散列来直接验证,或者可以由计算哈希的中间程序间接验证,并将其传递给安全模块。 为了验证操作,当可执行程序处于已知状态时,可执行程序可能导致产生中断。 中断服务程序可以触发安全模块通过调试端口读取计算机处理器中的寄存器。 如果可执行程序的验证失败或寄存器值与可执行程序的操作不一致,则安全模块可能会中断计算机的操作。
-
公开(公告)号:US20080282017A1
公开(公告)日:2008-11-13
申请号:US11746268
申请日:2007-05-09
申请人: Todd L. Carpenter , William J. Westerinen , Shon Schmidt , Stephen Richard Drake , Tse-Ching James Yu , Achim Schmidt , Stephan Schoenfeldt , Frank Preiss
发明人: Todd L. Carpenter , William J. Westerinen , Shon Schmidt , Stephen Richard Drake , Tse-Ching James Yu , Achim Schmidt , Stephan Schoenfeldt , Frank Preiss
IPC分类号: G06F13/38
CPC分类号: G06F13/4291 , G06F21/82
摘要: An SPI switch allows selection of a BIOS memory transparent to a Southbridge chipset component. The SPI switch provides address translation to a selected BIOS memory area under the control of a security module processor. The SPI switch also provides command filtering to prevent commands that represent a security risk such as bulk erase commands. Because the SPI switch allows transparent redirection between BIOS programs, booting in different operating modes may be supported without any changes to the basic computer architecture or major chipset components.
摘要翻译: SPI开关允许选择对南桥芯片组组件透明的BIOS内存。 SPI开关在安全模块处理器的控制下,向选定的BIOS存储器区域提供地址转换。 SPI开关还提供命令过滤功能,以防止代表诸如批量擦除命令等安全风险的命令。 因为SPI开关允许在BIOS程序之间进行透明重定向,所以可以支持不同操作模式的启动,而不会改变基本的计算机体系结构或主要的芯片组件。
-
公开(公告)号:US20080250406A1
公开(公告)日:2008-10-09
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US20080238612A1
公开(公告)日:2008-10-02
申请号:US11692237
申请日:2007-03-28
申请人: Todd L. Carpenter
发明人: Todd L. Carpenter
IPC分类号: H04L9/32
CPC分类号: G06F21/575 , G06F2221/2105
摘要: A computer that self-administers operating in restricted and unrestricted operating modes boots from a main processor and operates normally in the unrestricted operating mode and operates from an alternate processor in a security module in the restricted operating mode. The alternate processor may communicate directly with peripheral devices such as a display controller and keyboard. Because the main processor is not used and may not even be started in the restricted operating mode, viruses, shims, and other related attacks are virtually eliminated. In one embodiment, the security module may operate as a PCI bus master when in the restricted operating mode.
摘要翻译: 自主管理以受限和无限制的操作模式操作的计算机从主处理器引导并且在非限制性操作模式下正常工作,并且以受限操作模式从安全模块中的替代处理器操作。 备用处理器可以直接与诸如显示控制器和键盘的外围设备进行通信。 由于主处理器未被使用,甚至在受限操作模式下甚至不能启动,因此几乎可以消除病毒,垫片和其他相关的攻击。 在一个实施例中,当处于受限制的操作模式时,安全模块可以作为PCI总线主机工作。
-
公开(公告)号:US20080222663A1
公开(公告)日:2008-09-11
申请号:US11684307
申请日:2007-03-09
IPC分类号: G06F9/44
CPC分类号: G06F13/28 , G06F12/1081 , G06F12/145 , G06F2009/45583
摘要: A computer that operates in a metered mode for normal use and a restricted mode uses an input/output memory management unit (I/O MMU) in conjunction with a security policy to determine which peripheral devices are allowed direct memory access during the restricted mode of operation. During restricted mode operation, non-authorized peripheral devices are removed from virtual address page tables or given vectors to non-functioning memory areas.
摘要翻译: 以正常使用的计量模式操作的计算机和受限模式使用输入/输出存储器管理单元(I / O MMU)结合安全策略来确定在受限模式期间允许哪些外围设备被允许直接存储器访问 操作。 在限制模式操作期间,未授权的外围设备从虚拟地址页表或给定向量移除到非功能存储区。
-
公开(公告)号:US20080183305A1
公开(公告)日:2008-07-31
申请号:US11668446
申请日:2007-01-29
申请人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
发明人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
IPC分类号: G05B19/02
摘要: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.
摘要翻译: 需要其组件的物理完整性的计算机或其他电子设备,例如,每次使用付费的计算机可以使用与多个从属安全设备(称为安全性bean)通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件,并且可以具有禁用该关联组件的能力。 在一个实施例中,安全性bean具有模拟开关,其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动,并响应来自主安全设备的已验证信号以启用其相应的组件。
-
公开(公告)号:US20080148065A1
公开(公告)日:2008-06-19
申请号:US11612433
申请日:2006-12-18
IPC分类号: H04L9/32
CPC分类号: G06F21/554 , G06F21/74 , G06F21/78 , H04L9/3236 , H04L2209/56 , H04L2209/60
摘要: A computer is configured for either full operation with metering or limited mode operation. When in limited mode operation, the system memory may be partitioned into active and restricted memory. The active memory may be limited to an amount needed to execute a limited mode operation application. The remaining restricted memory may be made inaccessible to the computer's processor. To verify the restricted memory remains unused, it may be filled with a pattern and the pattern periodically verified to determine that unauthorized programs are not using the restricted memory.
摘要翻译: 计算机配置为在计量或限制模式操作时进行全面操作。 当处于限制模式操作时,系统存储器可以被划分成活动和受限的存储器。 活动存储器可以被限制为执行限制模式操作应用所需的量。 剩余的受限内存可能使计算机的处理器无法访问。 为了验证受限存储器保持未使用,可以填充图案并且周期性地验证模式以确定未经授权的程序不使用受限制的存储器。
-
公开(公告)号:US20080148036A1
公开(公告)日:2008-06-19
申请号:US11612435
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
CPC分类号: G06F21/70 , G06F21/30 , G06F21/575 , G06F21/81 , G06F2221/2105 , G06F2221/2135 , G06F2221/2149
摘要: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
摘要翻译: 用于付费电脑的计算机的安全模块为给定的操作模式提供适当的BIOS。 安全模块中的电源管理器只能运行必要的电路,直到BIOS运行,以防止替换未经授权的BIOS。 安全模块还包括监视和限制主计算机处理器和计算机系统存储器之间总线上的数据线的功能。 当计算机在受限使用模式下操作时,数据线可能被限制为仅允许对计算机系统存储器的最小访问。 可以监视总线事务,以确保只有有效的事务正在发生并且在指定的存储空间内。
-
公开(公告)号:US06874473B2
公开(公告)日:2005-04-05
申请号:US10891993
申请日:2004-07-15
申请人: Todd L. Carpenter
发明人: Todd L. Carpenter
CPC分类号: F02D41/009 , F02B63/02 , F02B75/22 , F02B77/08 , F02B2075/027 , F02B2075/1808 , F02D41/0097 , F02D2200/1012 , F02P7/06
摘要: Piston stroke recognition methods for small internal combustion engines, such as single and two cylinder engines, in which the ignition-related trigger pulses corresponding to the engine cylinders are the only input signal used for stroke recognition.
摘要翻译: 用于小型内燃机(例如单缸和二缸发动机)的活塞冲程识别方法,其中与发动机气缸相对应的点火相关触发脉冲是用于中风识别的唯一输入信号。
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.043 秒)
