Deriving security and privacy solutions to mitigate risk
    2.
    发明申请
    Deriving security and privacy solutions to mitigate risk 审中-公开
    获得安全和隐私解决方案以减轻风险

    公开(公告)号:US20050080720A1

    公开(公告)日:2005-04-14

    申请号:US10683022

    申请日:2003-10-10

    IPC分类号: G06Q40/00 G06F17/60

    CPC分类号: G06Q40/08 G06Q40/025

    摘要: Techniques are disclosed for systematically assessing an enterprise's security risks in view of a set of security patterns. Each pattern that is applicable to the enterprise's operation is then considered against the backdrop of a set of common attributes that are used, in turn, to further distinguish each pattern from a risk and security solution perspective. Using the disclosed techniques, specific security risks can be identified and appropriate security products can be selected to address those risks in a systematic manner, thereby assisting information technology decision makers across a wide variety of enterprises in deriving security solutions. These security solutions will typically be more effective and efficient from a functional perspective, as well as being more cost-effective, than security solutions created using prior art ad hoc approaches. The disclosed techniques may also be leveraged to create a requirements list for function to be included in a security product.

    摘要翻译: 公开了一种系统地评估企业的安全风险的技术,以鉴于一套安全模式。 那么适用于企业运营的每个模式都是在一组常用属性的背景下进行考虑的,而这些属性又被用于进一步区分每种模式与风险和安全解决方案的角度。 使用公开的技术,可以确定具体的安全风险,并且可以选择适当的安全产品来系统地解决这些风险,从而帮助各种企业的信息技术决策者获得安全解决方案。 与使用现有技术的临时方法创建的安全解决方案相比,这些安全解决方案通常从功能角度更有效和高效,并且更具成本效益。 还可以利用所公开的技术来创建要包括在安全产品中的功能需求列表。

    Method and system for virtualization of trusted platform modules
    4.
    发明申请
    Method and system for virtualization of trusted platform modules 有权
    可信平台模块虚拟化的方法和系统

    公开(公告)号:US20050246552A1

    公开(公告)日:2005-11-03

    申请号:US10835330

    申请日:2004-04-29

    摘要: A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.

    摘要翻译: 提出了一种方法,装置,系统和计算机程序产品,用于虚拟化数据处理系统内的可信平台模块。 使用物理可信平台模块的平台签名密钥在数据处理系统内的物理可信平台模块内创建虚拟可信平台模块以及虚拟认证密钥,从而在虚拟可信平台模块和虚拟可信平台模块之间提供传递信任关系 信任平台的核心信任根源。 虚拟可信平台模块可以与数据处理系统内的可分区运行时环境中的分区唯一关联。

    Method and system for bootstrapping a trusted server having redundant trusted platform modules
    5.
    发明申请
    Method and system for bootstrapping a trusted server having redundant trusted platform modules 失效
    用于引导具有冗余可信平台模块的可信服务器的方法和系统

    公开(公告)号:US20050257073A1

    公开(公告)日:2005-11-17

    申请号:US10835498

    申请日:2004-04-29

    CPC分类号: G06F21/575

    摘要: Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.

    摘要翻译: 以冗余的方式使用数据处理系统内的多个可信任的平台模块,其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本,从而生成加密的秘密数据值的多个版本,然后存储在可信平台内的非易失性存储器中。 在稍后的时间点,加密的秘密数据值由执行先前加密的可信任平台模块进行解密,然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配,则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的,因为它不能正确解密其先前加密的值 。