公开(公告)号：US09098409B2

公开(公告)日：2015-08-04

申请号：US14302390

申请日：2014-06-11

Applicant: CLEVERSAFE, INC.

Inventor： Gary W. Grube ,  Timothy W. Markison

IPC: G06F12/14 ,  G06F11/07 ,  G06F9/44 ,  G06F11/10 ,  G06F9/30 ,  G06F11/16 ,  G06F11/14

CPC classification number: G06F11/1076 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/067 ,  G06F9/30145 ,  G06F9/4401 ,  G06F11/0727 ,  G06F11/10 ,  G06F11/1016 ,  G06F11/1092 ,  G06F11/14 ,  G06F11/1666 ,  G06F12/14

Abstract: A method begins where a processing module accesses at least some of a set of basic input/output system (BIOS) memories to retrieve a decode threshold number of encoded BIOS slices, where a BIOS program is dispersed storage error encoded to produce the set of encoded BIOS slices. The method continues with the processing module reconstructing the BIOS program from the decode threshold number of encoded BIOS slices. The method continues with the processing module detecting a BIOS issue based on one or more of an operational issue with one or more BIOS memories of the set of BIOS memories, a rebuild issue with one or more encoded BIOS slices of the one or more sets of encoded BIOS slices, and a modification to the BIOS program. The method continues with the processing module determining a BIOS change regarding the BIOS issue and implementing the BIOS change.

Abstract translation: 一种方法开始于处理模块访问一组基本输入/输出系统（BIOS）存储器中的至少一些以检索编码的BIOS片段的解码阈值数量，其中BIOS程序被分散存储错误编码以产生编码的集合 BIOS切片。 该方法继续处理模块从编码的BIOS片段的解码阈值数量重建BIOS程序。 该方法继续处理模块基于与一组BIOS存储器的一个或多个BIOS存储器的操作问题中的一个或多个来检测BIOS问题，一个或多个集合的一个或多个编码的BIOS片段的重建问题 编码的BIOS片段，以及对BIOS程序的修改。 该方法继续处理模块确定关于BIOS问题的BIOS改变并实现BIOS更改。

公开(公告)号：US09087202B2

公开(公告)日：2015-07-21

申请号：US13891255

申请日：2013-05-10

Applicant: Intel Corporation

Inventor： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

IPC: G06F21/60 ,  G06F21/78 ,  G06F21/50 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F12/14 ,  G06F21/50 ,  G06F21/60 ,  G06F21/78 ,  G06F2221/034

Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.

Abstract translation: 入口/出口架构可能是保护框架的关键组成部分，使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境（入口体系结构）并脱离可信执行环境（退出体系结构）的步骤，同时防止任何安全信息泄露到不受信任的环境中。

公开(公告)号：US09086996B2

公开(公告)日：2015-07-21

申请号：US13941568

申请日：2013-07-15

Applicant: Samsung Electronics Co., Ltd.

Inventor： Seungjae Lee ,  Jinyub Lee

IPC: G06F21/78 ,  G06F12/14 ,  G06F21/79

CPC classification number: G06F12/14 ,  G06F12/1433 ,  G06F21/78 ,  G06F21/79 ,  G06F2212/202

Abstract: A nonvolatile memory device includes a memory cell array and a read/write circuit connected to the memory cell array through bit lines. The read method of the nonvolatile memory device includes receiving a security read request, receiving security information, and executing a security read operation in response to the security read request. The security read operation includes reading of security data from the memory cell array using the read/write circuit, storing of the read security data in a register, performing security decoding on the read security data stored in the register using the received security information, resetting the read/write circuit, and outputting a result of the security decoding.

Abstract translation: 非易失性存储器件包括存储单元阵列和通过位线连接到存储单元阵列的读/写电路。 非易失性存储器件的读取方法包括接收安全读取请求，接收安全信息，以及响应于安全读取请求执行安全读取操作。 安全读取操作包括使用读/写电路从存储单元阵列读取安全数据，将读取的安全数据存储在寄存器中，使用接收到的安全信息对存储在寄存器中的读取的安全数据执行安全解码，重置 读/写电路，并输出安全解码的结果。

公开(公告)号：US09081675B2

公开(公告)日：2015-07-14

申请号：US14302377

申请日：2014-06-11

Applicant: Cleversafe, Inc.

Inventor： Gary W. Grube ,  Timothy W. Markison

IPC: G06F12/14 ,  G06F11/07 ,  G06F9/44 ,  G06F11/10 ,  G06F9/30 ,  G06F11/16 ,  G06F11/14

CPC classification number: G06F11/1076 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/067 ,  G06F9/30145 ,  G06F9/4401 ,  G06F11/0727 ,  G06F11/10 ,  G06F11/1016 ,  G06F11/1092 ,  G06F11/14 ,  G06F11/1666 ,  G06F12/14

Abstract: A method begins where a processing module segments data into data segments. On a data segment by data segment basis, the method continues with the processing module performing a decode threshold level of dispersed storage error encoding on a data segment to produce a set of decode threshold level encoded data slices and caching the set of decode threshold level encoded data slices. On a set by set basis, the method continues with the processing module performing a redundancy level of dispersed storage error encoding on the set of decode threshold level encoded data slices to produce a set of redundancy error coded data slices. The method continues with the processing module outputting at least one of at least some of a plurality of sets of decode threshold level encoded data slices and at least a corresponding some of a plurality of sets of redundancy error coded data slices.

Abstract translation: 处理模块将数据分段成数据段的方法开始。 在基于数据段的数据段上，该方法继续处理模块执行在数据段上的分散存储错误编码的解码阈值级别，以产生一组解码阈值级编码数据片，并缓存编码的解码阈值级 数据片。 在一组集合的基础上，该方法继续处理模块对解码阈值级编码数据片集合执行分散存储错误编码的冗余级别，以产生一组冗余错误编码数据片。 该方法继续，处理模块输出多组解码阈值级编码数据片段中的至少一些以及多个冗余错误编码数据片段中的至少一个中的至少一个。

公开(公告)号：US20150160998A1

公开(公告)日：2015-06-11

申请号：US14099954

申请日：2013-12-08

Applicant: H. Peter Anvin ,  Martin G. Dixon

Inventor： H. Peter Anvin ,  Martin G. Dixon

IPC: G06F11/10

CPC classification number: G06F12/1475 ,  G06F9/3004 ,  G06F9/30145 ,  G06F9/30185 ,  G06F9/3877 ,  G06F12/0817 ,  G06F12/1009 ,  G06F12/1045 ,  G06F12/14 ,  G06F12/1466 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2212/621 ,  G06F2212/68

Abstract: Instructions and logic provide memory key protection functionality. Embodiments include a processor having a register to store a memory protection field. A decoder decodes an instruction having an addressing form field for a memory operand to specify one or more memory addresses, and a memory protection key. One or more execution units, responsive to the memory protection field having a first value and to the addressing form field of the decoded instruction having a second value, enforce memory protection according to said first value of the memory protection field, using the specified memory protection key, for accessing the one or more memory addresses, and fault if a portion of the memory protection key specified by the decoded instruction does not match a stored key value associated with the one or more memory addresses.

Abstract translation: 说明和逻辑提供内存密钥保护功能。 实施例包括具有用于存储存储器保护域的寄存器的处理器。 解码器对具有用于存储器操作数的寻址形式字段的指令进行解码以指定一个或多个存储器地址以及存储器保护密钥。 一个或多个执行单元，响应于具有第一值的存储器保护域和具有第二值的解码指令的寻址形式字段，使用指定的存储器保护根据存储器保护字段的所述第一值强制存储器保护 键，用于访问所述一个或多个存储器地址，以及如果由所解码的指令指定的所述存储器保护密钥的一部分与所述一个或多个存储器地址相关联的存储的密钥值不匹配，则发生故障。

公开(公告)号：US09052920B2

公开(公告)日：2015-06-09

申请号：US13731904

申请日：2012-12-31

Applicant: WISTRON CORP.

Inventor： Tung-Sheng Ting

IPC: G06F9/24 ,  G06F15/177 ,  G06F9/44 ,  G06F12/14 ,  G06F3/06

CPC classification number: G06F9/4411 ,  G06F3/0605 ,  G06F9/441 ,  G06F12/14

Abstract: A method for switching between dual operating systems for an electronic device installed with at least two operating systems is provided. The method includes the steps of: activating and operating a first operating system, wherein the first operating system initializes at least one peripheral device; switching to and activating a second operating system; preventing the first operating system from issuing a setting command to the peripheral device when the first operating system is switched to the second operating system; and enabling the second operating system to obtain the control right of the peripheral device to initialize the peripheral device.

Abstract translation: 提供了一种用于在安装有至少两个操作系统的电子设备的双操作系统之间进行切换的方法。 该方法包括以下步骤：激活和操作第一操作系统，其中第一操作系统初始化至少一个外围设备; 切换到并激活第二操作系统; 当所述第一操作系统切换到所述第二操作系统时，防止所述第一操作系统向所述外围设备发出设置命令; 并且使得第二操作系统能够获得外围设备的初始化外围设备的控制权。

公开(公告)号：US09047471B2

公开(公告)日：2015-06-02

申请号：US13626585

申请日：2012-09-25

Applicant: Apple Inc.

Inventor： R. Stephen Polzin ,  Fabrice L. Gautier ,  Mitchell D. Adler ,  Timothy R. Paaske ,  Michael J. Smith

IPC: G06F9/24 ,  G06F1/24 ,  G06F15/177 ,  G06F7/04 ,  H04N7/16 ,  G06F21/57 ,  G06F21/74 ,  G06F21/76 ,  G06F21/00 ,  G06F9/44 ,  G06F12/14 ,  G06F9/445 ,  G06F15/167

CPC classification number: G06F21/575 ,  G06F1/24 ,  G06F9/24 ,  G06F9/4401 ,  G06F9/44505 ,  G06F12/14 ,  G06F15/167 ,  G06F21/00 ,  G06F21/572 ,  G06F21/60 ,  G06F21/74 ,  G06F21/76 ,  G06F21/81

Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.

Abstract translation: SOC实现安全飞地处理器（SEP）。 SEP可以包括处理器和一个或多个安全外设。 SEP可以与SOC的其余部分隔离（例如SOC中的一个或多个中央处理单元（CPU），或SOC中的应用处理器（AP））。 对SEP的访问可以由硬件严格控制。 例如，描述了CPU / AP仅能访问SEP中的邮箱位置的机制。 CPU / AP可以向邮箱写入消息，SEP可以读取并响应。 在一些实施例中，SEP可以包括以下一个或多个：使用包装密钥的安全密钥管理，引导和/或电源管理的SEP控制以及存储器中的单独的信任区域。

公开(公告)号：US20150135322A1

公开(公告)日：2015-05-14

申请号：US14403354

申请日：2013-05-09

Applicant: Julio Enrique Rovelli ,  Cristina Viviana Rovelli

Inventor： Julio Enrique Rovelli ,  Cristina Viviana Rovelli

IPC: G06F21/56 ,  G06F12/14

CPC classification number: G06F21/561 ,  G06F12/14 ,  G06F21/79

Abstract: The invention relates to a method for safeguarding a Windows operating system against computer viruses, spyware, and/or hackers and to the hard drive used in the method. The method includes the following steps: any version of Windows, the programs and corresponding files associated with the operating system and the drivers associated with the equipment are installed in a first partition of the hard drive. The files of all of the utility associated to the programs contained and installed in the first partition are redirected to a second partition. The information contained in the first partition is copied to a third backup partition in a USB flash memory integrated in a logic board belonging to the hard drive containing it. The hard disk includes a logic board and storage plates. First and second partitions are included in the storage plates. The first partition containing the Windows Operating System with its associated drivers plus the programs installed. The second partition containing all of the files redirected from the first partition. In addition, a third backup partition is included, defined by a USB flash memory disposed integrally in the logic board in the hard drive.

Abstract translation: 本发明涉及一种用于保护Windows操作系统免受计算机病毒，间谍软件和/或黑客以及该方法中使用的硬盘驱动器的方法。 该方法包括以下步骤：任何版本的Windows，与操作系统相关联的程序和相应文件以及与设备相关联的驱动程序都安装在硬盘驱动器的第一个分区中。 与包含并安装在第一个分区中的程序相关联的所有实用程序的文件被重定向到第二个分区。 包含在第一分区中的信息被复制到集成在属于包含它的硬盘驱动器的逻辑板中的USB闪存中的第三备份分区。 硬盘包括一个逻辑板和存储板。 第一和第二分区包括在存储板中。 第一个分区包含Windows操作系统及其相关驱动程序加上安装的程序。 第二个分区包含从第一个分区重定向的所有文件。 此外，包括由硬盘驱动器中的逻辑板一体设置的USB闪速存储器定义的第三备份分区。

公开(公告)号：US09032218B2

公开(公告)日：2015-05-12

申请号：US12697045

申请日：2010-01-29

Applicant: Geoffrey Ignatius Iswandhi ,  Mihai Damian ,  Vijaykumar Immanuel

Inventor： Geoffrey Ignatius Iswandhi ,  Mihai Damian ,  Vijaykumar Immanuel

IPC: G06F11/30 ,  G06F13/00 ,  G06F12/00 ,  G06F12/14 ,  G06F12/16 ,  H04L9/14

CPC classification number: G06F12/00 ,  G06F12/14 ,  G06F12/16 ,  H04L9/14

Abstract: Encryption key rotation is performed in computing environments having mirrored volumes by initializing a target storage media with a new key, performing a mirror revive operation from a first storage media to the target storage media, and configuring the first storage media and the target storage media to comprise a mirrored volume.

Abstract translation: 通过使用新的密钥初始化目标存储介质，执行从第一存储介质到目标存储介质的镜像恢复操作，以及将第一存储介质和目标存储介质配置为，将加密密钥旋转在具有镜像卷的计算环境中执行 包括镜像卷。

公开(公告)号：US20150127918A1

公开(公告)日：2015-05-07

申请号：US14595494

申请日：2015-01-13

Applicant: Paul Case, SR.

Inventor： Paul Case, SR.

IPC: G06F12/14

CPC classification number: G06F12/14 ,  G06F21/567 ,  G06F21/572 ,  G06F2212/1052

Abstract: Two computing subsystems are disclosed, one a control subsystem, the other a user subsystem, each using engines with augmented conventional instruction sets, together with hardware and/or firmware, to compartmentalize execution of user programs to insure their behavior does not exceed defined bounds. Programs hidden in data cannot execute. User programs cannot alter the control program that manages the overall system.

Abstract translation: 公开了两个计算子系统，一个控制子系统，另一个用户子系统，每个使用具有增强的常规指令集的引擎以及硬件和/或固件来区分用户程序的执行以确保其行为不超过限定的界限。 隐藏在数据中的程序无法执行。 用户程序无法更改管理整个系统的控制程序。