公开(公告)号：US20070192577A1

公开(公告)日：2007-08-16

申请号：US11340181

申请日：2006-01-24

Applicant: Michael Kozuch ,  James Sutton ,  David Grawrock ,  Gilbert Neiger ,  Richard Uhlig ,  Bradley Burgess ,  David Poisner ,  Clifford Hall ,  Andy Glew ,  Lawrence Smith ,  Robert George

Inventor： Michael Kozuch ,  James Sutton ,  David Grawrock ,  Gilbert Neiger ,  Richard Uhlig ,  Bradley Burgess ,  David Poisner ,  Clifford Hall ,  Andy Glew ,  Lawrence Smith ,  Robert George

IPC: G06F15/177

CPC classification number: G06F21/57

Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

Abstract translation: 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收到的负载安全区域指令。 否则，响应于接收到的负载安全区域指令，引导存储器保护元件以形成安全存储器环境。 一旦定向，就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后，一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储，外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。

公开(公告)号：US20060021029A1

公开(公告)日：2006-01-26

申请号：US10881602

申请日：2004-06-29

Applicant: Ernie Brickell ,  Clifford Hall ,  Joseph Cihula ,  Richard Uhlig

Inventor： Ernie Brickell ,  Clifford Hall ,  Joseph Cihula ,  Richard Uhlig

IPC: G06F11/30

CPC classification number: G06F21/53 ,  G06F21/51 ,  G06F21/566 ,  G06F2221/2145

Abstract: Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.

Abstract translation: 可以通过在沙盒虚拟机中执行和访问可疑文件中的至少一个来实现提高处理系统的安全性。

公开(公告)号：US20070234035A1

公开(公告)日：2007-10-04

申请号：US11395010

申请日：2006-03-31

Applicant: Clifford Hall

Inventor： Clifford Hall

IPC: H04L9/00

CPC classification number: H04L63/145 ,  G06F21/53 ,  G06F2221/2105 ,  H04L63/0442

Abstract: A method and apparatus provides for trusted point-to-point communication over an open bus. An embodiment of a computer includes a first software environment, with the first software environment being a trusted environment. The first software environment includes one or more trusted applications, and provides for the generation of trusted data packets in an open bus. The computer also includes a second software environment, with the second software environment being an un-trusted environment. The computer includes a trusted interface for an open bus, the trusted interface being accessible only to the first software environment. Other embodiments are described and claimed.

Abstract translation: 一种方法和装置提供通过开放总线的可信任点对点通信。 计算机的实施例包括第一软件环境，其中第一软件环境是受信任的环境。 第一软件环境包括一个或多个受信任的应用，并且提供在开放总线中产生可信数据分组。 计算机还包括第二软件环境，第二软件环境是不可信任的环境。 计算机包括用于开放总线的信任接口，该信任接口只能由第一软件环境访问。 描述和要求保护其他实施例。

公开(公告)号：US20070038930A1

公开(公告)日：2007-02-15

申请号：US11413051

申请日：2006-04-27

Applicant: John Derrick ,  Richard Trujillo ,  Daniel Cermak ,  Bryan Dobbs ,  Howard Liu ,  Rakesh Bhakta ,  Udi Kalekin ,  Russell Davoli ,  Clifford Hall ,  Avinash Palaniswamy

Inventor： John Derrick ,  Richard Trujillo ,  Daniel Cermak ,  Bryan Dobbs ,  Howard Liu ,  Rakesh Bhakta ,  Udi Kalekin ,  Russell Davoli ,  Clifford Hall ,  Avinash Palaniswamy

IPC: G06F17/00

CPC classification number: G06F17/272 ,  G06F17/2247 ,  G06F17/227

Abstract: Embodiments of systems, methods and apparatuses for an architecture for the processing of structured documents are disclosed. More specifically, embodiments of the architecture may comprise hardware circuitry operable to parse a structured document and transform the document according to a set of transformation instructions to produce an output document.

Abstract translation: 公开了用于处理结构化文档的架构的系统，方法和装置的实施例。 更具体地，该体系结构的实施例可以包括可操作以解析结构化文档并且根据一组变换指令变换文档以产生输出文档的硬件电路。

公开(公告)号：US20060020785A1

公开(公告)日：2006-01-26

申请号：US10883264

申请日：2004-06-30

Applicant: David Grawrock ,  Willard Wiseman ,  James Sutton ,  Clifford Hall ,  Ned Smith

Inventor： David Grawrock ,  Willard Wiseman ,  James Sutton ,  Clifford Hall ,  Ned Smith

IPC: H04L9/00

CPC classification number: G06F21/84 ,  G06F21/57

Abstract: A system and method for secure distribution of a video card public key. The method provides for loading an authentication code module into a processor, authenticating the authentication code module, and executing the authentication code module. Executing the authentication module causes the authentication code module to assert a hardware indicator to access at least one address in a special protected page on a chipset. Receipt of the hardware indicator by the chipset causes a specific reference to be sent via a dedicated port to a circuit card to retrieve a public key from the circuit card.

Abstract translation: 一种用于安全分发视频卡公钥的系统和方法。 该方法提供将认证码模块加载到处理器中，认证认证码模块和执行认证码模块。 执行认证模块使认证码模块断言硬件指示符访问芯片组中特殊保护页面中的至少一个地址。 通过芯片组接收硬件指示符，将特定的参考信号通过专用端口发送到电路卡以从电路卡中取回公钥。

公开(公告)号：US20060015751A1

公开(公告)日：2006-01-19

申请号：US10891699

申请日：2004-07-14

Applicant: Ernie Brickell ,  Alberto Martinez ,  David Grawrock ,  James Sutton ,  Clifford Hall

Inventor： Ernie Brickell ,  Alberto Martinez ,  David Grawrock ,  James Sutton ,  Clifford Hall

IPC: G06F12/14

CPC classification number: G06F21/73

Abstract: Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.

公开(公告)号：US20060013402A1

公开(公告)日：2006-01-19

申请号：US10892256

申请日：2004-07-14

Applicant: James Sutton ,  Ernie Brickell ,  Clifford Hall ,  David Grawrock

Inventor： James Sutton ,  Ernie Brickell ,  Clifford Hall ,  David Grawrock

IPC: H04L9/00

CPC classification number: H04L9/0844 ,  H04L2209/127

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

Abstract translation: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果没有，系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则其可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：US20050283602A1

公开(公告)日：2005-12-22

申请号：US10873803

申请日：2004-06-21

Applicant: Balaji Vembu ,  Clifford Hall ,  Aditya Sreenivas

Inventor： Balaji Vembu ,  Clifford Hall ,  Aditya Sreenivas

IPC: G06F12/10 ,  G06F12/14 ,  G06F21/00 ,  H04L9/00

CPC classification number: G06F21/53 ,  G06F12/1036 ,  G06F12/1081 ,  G06F12/109 ,  G06F12/145

Abstract: A method and apparatus for protected execution of graphics are described. In one embodiment, the method includes the formation of a translation table for a trusted application. In one embodiment, the translation table is formed according to one or more protected pages assigned to the trusted application in response to a protected page request from the trusted application. During execution of the trusted application, a virtual address space of the trusted application is translated to the one or more protected pages assigned to the trusted application. In one embodiment, the translation is performed according to the translation table assigned to the trusted application. Accordingly, by assigning a unique translation table to each trusted application, the various trusted applications may execute within the platform without generating an access into another application's physical address space. Other embodiments are described and claimed.

Abstract translation: 描述用于保护执行图形的方法和装置。 在一个实施例中，该方法包括形成可信应用的转换表。 在一个实施例中，响应于受信任应用的受保护的页面请求，根据分配给受信任应用的一个或多个受保护页形成翻译表。 在可信应用的执行期间，可信应用的虚拟地址空间被转换为分配给可信应用的一个或多个受保护的页面。 在一个实施例中，根据分配给可信应用的转换表来执行翻译。 因此，通过为每个可信应用分配唯一的转换表，各种可信应用可以在平台内执行，而不产生对另一个应用的物理地址空间的访问。 描述和要求保护其他实施例。

公开(公告)号：US5970051A

公开(公告)日：1999-10-19

申请号：US778078

申请日：1997-01-02

Applicant: David L. Mack ,  Michael W. Elliott ,  Clifford Hall

Inventor： David L. Mack ,  Michael W. Elliott ,  Clifford Hall

IPC: H04J3/14 ,  H04J1/16

CPC classification number: H04J3/14

Abstract: The problem of digital data corruption heat occurs when an analog card is inserted into a card/time slot of a D4 channel bank is effectively remedied by sampling and analyzing the channel bank's transmit enable (TNEN) lead for successive frames of time slots. Unless analyzed TNEN lead samples of a channel unit time slot of interest derived over successive frames have the same logic state associated with an analog channel unit, the PCM data lead remains default-coupled to a digital data transmission lead. This prevents PCM-encoded spurious noise on the analog PAM lead from being erroneously asserted in place of serialized digital data bits that should have been passed directly from the digital data bus to the PCM bus.

Abstract translation: 当将模拟卡插入到D4信道组的卡/时隙中时，会发生数字数据损坏热的问题，通过对连续的时隙帧进行采样和分析信道组的发送使能（TNEN）线来有效地进行纠正。 除非分析在连续帧上导出的通道单位时隙的TNEN引线样本具有与模拟通道单元相关联的相同逻辑状态，否则PCM数据引线保持默认耦合到数字数据传输引线。 这样可以防止PCM编码的模拟PAM引脚上的杂散噪声被错误地置为代替已经从数字数据总线直接传递到PCM总线的串行数字数据位。

公开(公告)号：US20060075402A1

公开(公告)日：2006-04-06

申请号：US10956239

申请日：2004-09-30

Applicant: Gilbert Neiger ,  Steven Bennett ,  Erik Cota-Robles ,  Sebastian Schoenberg ,  Clifford Hall ,  Dion Rodgers ,  Lawrence Smith ,  Andrew Anderson ,  Richard Uhlig ,  Michael Kozuch ,  Andy Glew

Inventor： Gilbert Neiger ,  Steven Bennett ,  Erik Cota-Robles ,  Sebastian Schoenberg ,  Clifford Hall ,  Dion Rodgers ,  Lawrence Smith ,  Andrew Anderson ,  Richard Uhlig ,  Michael Kozuch ,  Andy Glew

IPC: G06F9/455

CPC classification number: G06F9/45558

Abstract: In one embodiment, a method includes transitioning control to a virtual machine (VM) from a virtual machine monitor (VMM), determining that a VMM timer indicator is set to an enabling value, and identifying a VMM timer value configured by the VMM. The method further includes periodically comparing a current value of a timing source with the VMM timer value, generating an internal event if the current value of the timing source has reached the VMM timer value, and transitioning control to the VMM in response to the internal event without incurring an event handling procedure in any one of the VMM and the VM.

Abstract translation: 在一个实施例中，一种方法包括从虚拟机监视器（VMM）向虚拟机（VM）转换控制，确定VMM定时器指示符被设置为使能值，以及识别由VMM配置的VMM定时器值。 该方法还包括周期性地比较定时源的当前值与VMM定时器值，如果定时源的当前值达到VMM定时器值，则产生内部事件，并响应于内部事件转换到VMM 而不会在任何一个VMM和VM中引发事件处理过程。