-
1.发明申请PROVIDING SECURE INPUT TO A SYSTEM WITH A HIGH-ASSURANCE EXECUTION ENVIROMENT 有权提供安全输入到具有高保证执行环境的系统公开(公告)号:US20090083862A1
公开(公告)日:2009-03-26
申请号:US12323169
申请日:2008-11-25
IPC分类号: G06F21/04
摘要: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.
摘要翻译: 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态,通过第二环境和安全执行环境的安全内核来定向用户输入流。
-
公开(公告)号:US07574610B2
公开(公告)日:2009-08-11
申请号:US10954917
申请日:2004-09-30
CPC分类号: G06F21/577 , Y10S257/922
摘要: A security device watches over the secure functionality in a computer system. This “watcher” security device may be integrated within the computer system or may be separate from it. The security device queries the secure functionality to determine whether the state of the secure functionality is acceptable. If no satisfactory state exists, or if no response is received, then a signal is transmitted. The signal may be auditory (a buzzer) or visual (a flashing light) in order to signal to any user that the secure functionality has been compromised. Optionally, human input devices may be disabled, or a monitoring service notified, in conjunction with or in lieu of the signal. If the secure functionality includes a secret shared between the secure functionality and the user, then the security device may signal the secret. For example, where the secret is visual, the security device may display the secret. Where there is more than one element of secure functionality in the computer system, the security device may separately watch and report on more than one element of secure functionality. The security device may also display status information regarding the computer system. Some or all of the security device may be distributed via a trusted distribution infrastructure.
摘要翻译: 安全设备监视计算机系统中的安全功能。 该“观察者”安全装置可以集成在计算机系统内,或者可以与计算机系统分开。 安全设备查询安全功能以确定安全功能的状态是否可接受。 如果不存在令人满意的状态,或者如果没有接收到响应,则发送信号。 该信号可以是听觉(蜂鸣器)或视觉(闪烁的光),以便向任何用户发出信号安全功能被破坏。 可选地,可以结合或代替信号来禁止人类输入设备或通知监视服务。 如果安全功能包括在安全功能和用户之间共享的秘密,则安全设备可以发出秘密信号。 例如,秘密是可视的,安全设备可以显示秘密。 在计算机系统中存在多于一个安全功能的元件的情况下,安全设备可以分别监视和报告安全功能的多个元件。 安全设备还可以显示关于计算机系统的状态信息。 安全设备的一些或全部可以经由受信任的分发基础设施来分发。
-
3.发明授权Communication of information via a side-band channel, and use of same to verify positional relationship 失效通过边带通道进行信息通信,并使用它来验证位置关系公开(公告)号:US07493429B2
公开(公告)日:2009-02-17
申请号:US10759325
申请日:2004-01-16
申请人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
发明人: John E. Paff , Marcus Peinado , Thekkthalackal Varugis Kurien , Bryan Mark Willman , Paul England , Andrew John Thornton
CPC分类号: G06F21/606 , G06F21/85
摘要: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译: 本发明提供计算机系统中的组件之间的可靠的边带通信,从而可以避免使用系统总线。 两个组件可以通过除总线(例如,红外线端口,电线,未使用的引脚等)之外的方式连接,由此这些组件可以在不使用系统总线的情况下进行通信。 非总线通信信道可以被称为“边带”。 边带频道可以用于传达可能识别用户硬件(例如,公共密钥)的信息或用户可能不希望容易被公众容易地截获的其他信息。 通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。
-
4.发明授权Providing secure input to a system with a high-assurance execution environment 有权为具有高度执行环境的系统提供安全输入公开(公告)号:US07464412B2
公开(公告)日:2008-12-09
申请号:US10693061
申请日:2003-10-24
IPC分类号: G06F12/14
摘要: Techniques are disclosed to provide security for user input in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Two modes are presented. In a first mode, user data is passed to the host operating system. In a second mode, user data is retained in the second operating system for the use of the second operating system or processes running on the second operating system. Transitions between the nodes can be accomplished according to hypothecated user actions such as keystroke combinations, or when the user performs an action which indicates a programmatic activation of a process running in the second operating system. Where shadow graphical elements are run by the first operating system to indicate the location of graphical elements from processes running on the second operating system, this programmatic activation may be indicated by programmatic activation of a shadow graphical element.
摘要翻译: 公开了技术来为用户输入提供安全性,其中第一主机操作系统与第二高保证操作系统一起使用,其中第一系统为第二系统提供至少一些基础设施。 提出了两种模式。 在第一模式中,用户数据被传递到主机操作系统。 在第二模式中,用户数据被保留在第二操作系统中,以便使用在第二操作系统上运行的第二操作系统或进程。 节点之间的转换可以根据诸如按键组合之类的假设的用户动作,或当用户执行指示在第二操作系统中运行的进程的编程激活的动作时完成。 在阴影图形元素由第一操作系统运行以指示来自在第二操作系统上运行的进程的图形元素的位置的情况下,可以通过阴影图形元素的编程激活来指示该程序化激活。
-
5.发明授权Providing secure input to a system with a high-assurance execution environment 有权为具有高度执行环境的系统提供安全输入公开(公告)号:US07882566B2
公开(公告)日:2011-02-01
申请号:US12323169
申请日:2008-11-25
IPC分类号: G06F12/14
摘要: Methods for maintaining the security of a secured execution environment on a system comprising said secured execution environment and a second execution environment are disclosed. A maintained current state for the secured execution environment is selected from among a group of possible states including a standard input mode state and a nexus input mode state. A flow of user input is directed according to the current state through a secure kernel of both the second environment and the secured execution environment.
摘要翻译: 公开了在包括所述安全执行环境和第二执行环境的系统上维护安全执行环境的安全性的方法。 从包括标准输入模式状态和接合输入模式状态的一组可能状态中选择用于安全执行环境的维持当前状态。 根据当前状态,通过第二环境和安全执行环境的安全内核来定向用户输入流。
-
公开(公告)号:US07457964B2
公开(公告)日:2008-11-25
申请号:US10771888
申请日:2004-02-04
CPC分类号: G06F21/10 , G06F21/606 , G06F2221/2129
摘要: A method is provided for a processor of a computing device to obtain a trusted identification of a hardware peripheral of the computing device, for the computing device and the peripheral to derive a set of shared keys, and for the processor to send trusted data to the peripheral.
摘要翻译: 提供了一种用于计算设备的处理器以获得计算设备的硬件外围设备的可信标识的方法,用于计算设备和外围设备以导出一组共享密钥,并且为了使处理器将可信数据发送到 外围设备
-
公开(公告)号:US08253774B2
公开(公告)日:2012-08-28
申请号:US12413782
申请日:2009-03-30
申请人: Christian Huitema , William A. S. Buxton , John E. Paff , Zicheng Liu , Rajesh Kutpadi Hegde , Zhengyou Zhang , Kori Marie Quinn , Jin Li , Michel Pahud
发明人: Christian Huitema , William A. S. Buxton , John E. Paff , Zicheng Liu , Rajesh Kutpadi Hegde , Zhengyou Zhang , Kori Marie Quinn , Jin Li , Michel Pahud
IPC分类号: H04N7/14
CPC分类号: H04N7/147 , H04L12/1827 , H04N7/142 , H04N7/15 , H04N21/42203 , H04N21/4223 , H04N21/44213 , H04N21/4788 , H04N2007/145
摘要: The claimed subject matter provides a system and/or a method that facilitates managing one or more devices utilized for communicating data within a telepresence session. A telepresence session can be initiated within a communication framework that includes two or more virtually represented users that communicate therein. A device can be utilized by at least one virtually represented user that enables communication within the telepresence session, the device includes at least one of an input to transmit a portion of a communication to the telepresence session or an output to receive a portion of a communication from the telepresence session. A detection component can adjust at least one of the input related to the device or the output related to the device based upon the identification of a cue, the cue is at least one of a movement detected, an event detected, or an ambient variation.
摘要翻译: 所要求保护的主题提供了一种有助于管理用于在远程呈现会话内传送数据的一个或多个设备的系统和/或方法。 可以在通信框架内启动远程呈现会话,该通信框架包括在其中通信的两个或更多虚拟表示的用户。 至少一个虚拟表示的用户可以利用设备来实现远程呈现会话内的通信,该设备包括将通信的一部分传送到远程呈现会话的输入或输出以接收通信的一部分中的至少一个 从远程呈现会话。 检测部件可以基于提示的识别来调整与设备相关的输入或输出中的至少一个,所述提示是检测到的运动,检测到的事件或环境变化中的至少一个。
-
8.发明授权Communication of information via an in-band channel using a trusted configuration space 有权使用可信配置空间通过带内频道进行信息通信公开(公告)号:US07779275B2
公开(公告)日:2010-08-17
申请号:US11285882
申请日:2005-11-23
IPC分类号: G06F12/14
CPC分类号: G06F21/57 , G06F2221/2105
摘要: Communication of information via an in-band channel using a trusted configuration space is provided. The introduction of using a trusted configuration space associated with a computer bus system, such as PCI Express® (PCIe™), for example, enables the design of trusted computing platforms capable of providing compliant devices with assurance that their trusted configuration registers can only be accessed by software running in the trusted software environment. Establishing device trust in the software that initiates trusted configuration requests makes it possible to secure and control access to certain secret, sensitive, or personally-identifiable information these devices may contain (e.g., a uniquely-identifying public key, as described above or certificate which the device provides for revocation purposes).
摘要翻译: 提供了使用信任配置空间通过带内信道进行信息通信。 例如,使用与计算机总线系统(例如PCIExpress®(PCIe TM))相关联的可信配置空间的引入使得能够设计可信计算平台,其能够提供兼容设备以确保其可信配置寄存器只能是 由可信软件环境中运行的软件访问。 在启动信任配置请求的软件中建立设备信任使得可以保护和控制对这些设备可能包含的某些秘密,敏感或个人身份信息的访问(例如,如上所述的唯一标识的公共密钥或证书, 该设备提供撤销目的)。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.044 秒)