公开(公告)号：US08713667B2

公开(公告)日：2014-04-29

申请号：US11177715

申请日：2005-07-08

Applicant: Jeff Kalibjian ,  Ralph Bestock ,  Larry Hines ,  W. Dale Hopkins ,  Vladimir Libershteyn ,  Steven W. Wierenga ,  Susan Langford

Inventor： Jeff Kalibjian ,  Ralph Bestock ,  Larry Hines ,  W. Dale Hopkins ,  Vladimir Libershteyn ,  Steven W. Wierenga ,  Susan Langford

IPC: G06F9/00

CPC classification number: G06F21/52 ,  G06F21/602

Abstract: Systems, methods, and apparatus are provided for policy protected cryptographic Application Programming Interfaces (APIs) that are deployed in secure memory. One embodiment is a method of software execution. The method includes executing an application in a first secure memory partition; formatting a request to comply with a pre-defined secure communication protocol; transmitting the request from the application to a cryptographic application programming interface (API) of the application, the API being in a second secure memory partition that is separate and secure from the first secure memory partition; and verifying, in the second secure memory partition, that the request complies with a security policy before executing the request.

Abstract translation: 为安全存储器中部署的策略保护密码应用编程接口（API）提供了系统，方法和设备。 一个实施例是软件执行的方法。 该方法包括在第一安全存储器分区中执行应用程序; 格式化请求以符合预定义的安全通信协议; 将所述应用的请求发送到所述应用的密码应用编程接口（API），所述API位于与所述第一安全存储器分区分离且安全的第二安全存储器分区中; 以及在所述第二安全存储器分区中验证所述请求在执行所述请求之前符合安全策略。

公开(公告)号：US07120248B2

公开(公告)日：2006-10-10

申请号：US09818914

申请日：2001-03-26

Applicant: W. Dale Hopkins ,  Thomas W. Collins ,  Steven W. Wierenga ,  Ruth A. Wang

Inventor： W. Dale Hopkins ,  Thomas W. Collins ,  Steven W. Wierenga ,  Ruth A. Wang

IPC: H04L9/00

CPC classification number: G06F7/72 ,  G06F2207/7204 ,  H04L9/3033 ,  H04L2209/08 ,  H04L2209/125

Abstract: A process is provided for searching in parallel for a plurality of prime number values simultaneously includes the steps of: randomly generating a plurality of k random odd numbers (wherein k is preferably more than 2, but could also be one or more) expressed as n0,0, n1,0, . . . n((k−1)),0, each number providing a prime number candidate; determining a plurality of y additional odd numbers based on each one of the randomly generated odd numbers n0,0, n1,0, . . . n(k−1),0 to provide additional prime number candidates thereby yielding a total number of prime number candidates; sieving the total number of prime number candidates by performing a small divisor test on each of the candidates in order to eliminate candidates revealed to be composite numbers by the small divisor test thereby yielding a sieved number s of candidates; and performing a first probabilistic primality test on each of the sieved number s of candidates, each of the plurality of s first primality tests including an associated exponentiation operation executed by an associated one of a plurality of s of the exponentiation units, the exponentiation operations being performed by the plurality of s exponentiation units substantially simultaneously in order to eliminate candidates revealed to be composite numbers by the primality test thereby yielding a remaining number r of candidates.

Abstract translation: 提供用于并行搜索多个素数值的处理，包括以下步骤：随机生成多个k个随机奇数（其中k优选大于2，但也可以是一个或多个）表示为n 0,0 ，n＆lt; 1,0＆gt;，。 。 。 n（（k-1）），0 <0>，每个数字提供素数候选; 基于随机生成的奇数n 0,0,0，...，1,0＆lt; 1,0＆gt;中的每一个来确定多个y个附加奇数。 。 。 n（k-1），0 以提供附加的素数候选，从而产生素数候选的总数; 通过对每个候选人进行小数除数检验来筛选总数候选人，以便通过小数除数测试来消除透露为复合数的候选者，从而得到筛选的候选人数; 并且对每个所筛选的候选者执行第一概率原语测试，所述多个第一原始测试中的每一个包括由所述乘数单元的多个s中的相关联的一个执行的相关联的乘幂运算，所述求幂运算为 基本同时由多个乘法单元执行，以便通过原始测试来消除被显示为复合数的候选，从而产生候选的剩余数r。

公开(公告)号：US4888684A

公开(公告)日：1989-12-19

申请号：US845906

申请日：1986-03-28

Applicant: David J. Lilja ,  A. Richard Zacher ,  Steven W. Wierenga

Inventor： David J. Lilja ,  A. Richard Zacher ,  Steven W. Wierenga

IPC: G06F11/20 ,  G06F13/22 ,  G06F13/42

CPC classification number: G06F13/4217 ,  G06F13/22

Abstract: A bus protocol system for interprocessor communications in valves polling the processors of a multiprocessor unit in an open loop fashion to determine which processors are ready to send. Upon completion of a simultaneous poll of all processors the system identifies which processor are ready to send by utilizing a send mask generated by the ready processors. The ready processors are sequentially selected as send processors and granted access to the bus for a complete data transfer cycle unless the selected processor indicates it is not ready to send. The system also includes a timing signal system that provides for a high data transfer rate. A send clock signal strobes words onto the bus from a send processor and a receive clock signal loads words from the bus to a receive processor. The send processor generates the receive clock signal by delaying the send clock signal by a fixed delay, DR.

Abstract translation: 一种用于阀中处理器间通信的总线协议系统，以开环方式轮询多处理器单元的处理器，以确定哪些处理器已准备好发送。 在完成对所有处理器的同时轮询时，系统通过利用就绪处理器产生的发送掩码来识别哪个处理器准备发送。 准备好的处理器被顺序地选择为发送处理器，并允许访问总线以进行完整的数据传输周期，除非所选择的处理器指示它尚未准备好发送。 该系统还包括提供高数据传输速率的定时信号系统。 发送时钟信号从发送处理器将字选通到总线上，并且接收时钟信号将字从总线加载到接收处理器。 发送处理器通过将发送时钟信号延迟固定延迟DR来产生接收时钟信号。

公开(公告)号：US4672609A

公开(公告)日：1987-06-09

申请号：US846463

申请日：1986-03-28

Applicant: Richard A. Humphrey ,  Steven D. Fisher ,  Steven W. Wierenga ,  Jon Sjostedt

Inventor： Richard A. Humphrey ,  Steven D. Fisher ,  Steven W. Wierenga ,  Jon Sjostedt

IPC: G06F11/00 ,  G06F11/10 ,  G11C29/02 ,  G11C29/00 ,  G06F11/30

CPC classification number: G06F11/1016 ,  G06F11/0751 ,  G11C29/02

Abstract: A memory system for a computer detects data errors, address errors and operation errors to increase the reliability of data stored in the memory system. Address errors are detected by encoding address parity information into the data check field of each memory location. A signal is generated in each memory module indicating the status of operations of that memory module and is transmitted to the processor subsystem of the computer for comparison with a signal indicating the status of operations of the processor subsystem to insure that all memory modules and the memory control in the processor are receiving the same commands.

Abstract translation: 用于计算机的存储器系统检测数据错误，地址错误和操作错误以增加存储在存储器系统中的数据的可靠性。 通过将地址奇偶校验信息编码到每个存储器位置的数据检查字段来检测地址错误。 在每个存储器模块中产生指示该存储器模块的操作状态的信号，并将其发送到计算机的处理器子系统以与指示处理器子系统的操作状态的信号进行比较，以确保所有存储器模块和存储器 处理器中的控制正在接收相同的命令。

公开(公告)号：US4672537A

公开(公告)日：1987-06-09

申请号：US727614

申请日：1985-04-29

Applicant: James A. Katzman ,  Joel F. Bartlett ,  Richard M. Bixler ,  William H. Davidow ,  John A. Despotakis ,  Peter J. Graziano ,  Michael D. Green ,  David A. Greig ,  Steven J. Hayashi ,  David R. Mackie ,  Dennis L. McEvoy ,  James G. Treybig ,  Steven W. Wierenga

Inventor： James A. Katzman ,  Joel F. Bartlett ,  Richard M. Bixler ,  William H. Davidow ,  John A. Despotakis ,  Peter J. Graziano ,  Michael D. Green ,  David A. Greig ,  Steven J. Hayashi ,  David R. Mackie ,  Dennis L. McEvoy ,  James G. Treybig ,  Steven W. Wierenga

IPC: G06F11/18 ,  G06F1/26 ,  G06F5/06 ,  G06F7/78 ,  G06F9/46 ,  G06F9/52 ,  G06F11/00 ,  G06F11/10 ,  G06F11/16 ,  G06F11/20 ,  G06F12/08 ,  G06F12/10 ,  G06F12/12 ,  G06F12/14 ,  G06F13/00 ,  G06F13/12 ,  G06F13/20 ,  G06F13/28 ,  G06F13/366 ,  G06F13/38 ,  G06F15/16 ,  G06F15/167 ,  G06F15/173

CPC classification number: G06F7/78 ,  G06F11/10 ,  G06F11/1044 ,  G06F11/2007 ,  G06F11/2015 ,  G06F11/2023 ,  G06F11/2035 ,  G06F11/2043 ,  G06F11/2097 ,  G06F12/08 ,  G06F12/14 ,  G06F12/1458 ,  G06F13/122 ,  G06F13/20 ,  G06F13/287 ,  G06F13/366 ,  G06F13/38 ,  G06F15/16 ,  G06F15/167 ,  G06F15/173 ,  G06F5/06

Abstract: A multiprocessor system of the kind in which two or more separate processor modules are interconnected for parallel processing includes interprocessor buses dedicated exclusively to interprocessor communication. The multiprocessor system includes an input/output system having multi-port device controllers and input/output buses connecting each device controller for access by the input/output channels of at least two different processor modules. Each device controller includes logic which insures that only one port is selected for access at a time. An enable latch in each port dynamically disables that port from placing any signals on the related input/output bus in response to a failure of any portion of the device controller, and the enable latch is not responsive to the processor module for re-enabling the port. The device controller controls the transfer of information between a processor module and a peripheral device, and information is gated into a register in a port in a device controller in response to a gating signal generated by a processor module. Parity generation and check means continuously monitor parity for the duration of the gating signal.

Abstract translation: 两个或多个单独的处理器模块互连用于并行处理的多处理器系统包括专用于处理器间通信的专用处理器总线。 多处理器系统包括具有多端口设备控制器的输入/输出系统和连接每个设备控制器的输入/输出总线，用于由至少两个不同处理器模块的输入/输出通道进行访问。 每个设备控制器包括一个逻辑，确保一次只选择一个端口进行访问。 每个端口中的启用锁存器动态地禁用该端口在相关输入/输出总线上放置任何信号以响应设备控制器的任何部分的故障，并且使能锁存器不响应于处理器模块以重新启用 港口。 设备控制器控制处理器模块和外围设备之间的信息传送，并且响应于由处理器模块产生的选通信号，将信息选通到设备控制器的端口中的寄存器中。 奇偶校验生成和检查意味着持续监视门控信号的持续时间。

公开(公告)号：US4356550A

公开(公告)日：1982-10-26

申请号：US147305

申请日：1980-05-06

Applicant: James A. Katzman ,  Joel F. Bartlett ,  Richard M. Bixler ,  William H. Davidow ,  John A. Despotakis ,  Peter J. Graziano ,  Michael D. Green ,  David A. Greig ,  Steven J. Hayashi ,  David R. Mackie ,  Dennis L. McEvoy ,  James G. Treybig ,  Steven W. Wierenga

Inventor： James A. Katzman ,  Joel F. Bartlett ,  Richard M. Bixler ,  William H. Davidow ,  John A. Despotakis ,  Peter J. Graziano ,  Michael D. Green ,  David A. Greig ,  Steven J. Hayashi ,  David R. Mackie ,  Dennis L. McEvoy ,  James G. Treybig ,  Steven W. Wierenga

IPC: G06F11/18 ,  G06F1/26 ,  G06F5/06 ,  G06F7/78 ,  G06F9/46 ,  G06F9/52 ,  G06F11/00 ,  G06F11/10 ,  G06F11/16 ,  G06F11/20 ,  G06F12/08 ,  G06F12/10 ,  G06F12/12 ,  G06F12/14 ,  G06F13/00 ,  G06F13/12 ,  G06F13/20 ,  G06F13/28 ,  G06F13/366 ,  G06F13/38 ,  G06F15/16 ,  G06F15/167 ,  G06F15/173

CPC classification number: G06F7/78 ,  G06F11/10 ,  G06F11/1044 ,  G06F11/2007 ,  G06F11/2015 ,  G06F11/2023 ,  G06F11/2035 ,  G06F11/2043 ,  G06F11/2097 ,  G06F12/08 ,  G06F12/14 ,  G06F12/1458 ,  G06F13/122 ,  G06F13/20 ,  G06F13/287 ,  G06F13/366 ,  G06F13/38 ,  G06F15/16 ,  G06F15/167 ,  G06F15/173 ,  G06F5/06

Abstract: A multiprocessor system, the kind in which two or more separate processor modules are interconnected for two power supplies, provides the entire power for the device controller in the event the other power supply fails. The distributed power supply system permits any processor module or device controller to be powered down so that on-line maintenance can be performed in a power-off condition while the rest of the multiprocessor system is on-line and functional.The multiprocessor system includes a memory system in which the memory of each processor module is divided into four logical address areas--user data, system data, user code and system code. The memory system includes a map which translates logical addresses to physical addresses and which coacts with the multiprocessor system to bring pages from secondary memory into primary main memory as required to implement a virtual memory system. The map also provides a protection function. It provides inherent protection among users in a multiprogramming environment, isolates programs from data and protects system programs from the actions of user program. The map also provides a reference history information for each logical page as an aid to efficient memory management by the operating system.The multiprocessor system includes in the memory of each processor module an error detection and correction system which detects all single bit and double bit errors and which corrects all single bit errors in semiconductor memory storage.

Abstract translation: 一个多处理器系统，两个或更多个独立的处理器模块相互连接的两个电源的类型，在其他电源出现故障的情况下为设备控制器提供整个电源。 分布式电源系统允许任何处理器模块或设备控制器断电，以便在多处理器系统的其余部分在线和功能的同时，可以在断电状态下进行在线维护。 多处理器系统包括存储器系统，其中每个处理器模块的存储器被分成四个逻辑地址区域 - 用户数据，系统数据，用户代码和系统代码。 存储器系统包括映射，其将逻辑地址转换为物理地址，并且与多处理器系统协作，以将页面从次要存储器引入主要主存储器，以实现虚拟存储器系统。 地图还提供保护功能。 它在多程序环境中为用户提供固有的保护，将程序与数据隔离开来，并保护系统程序免受用户程序的影响。 地图还提供每个逻辑页面的参考历史信息，以帮助操作系统进行高效的内存管理。 多处理器系统在每个处理器模块的存储器中包括错误检测和校正系统，其检测所有单个位和双位错误，并且校正半导体存储器存储器中的所有单个位错误。

公开(公告)号：US4228496A

公开(公告)日：1980-10-14

申请号：US721043

申请日：1976-09-07

Applicant: James A. Katzman ,  Joel F. Bartlett ,  Richard M. Bixler ,  William H. Davidow ,  John A. Despotakis ,  Peter J. Graziano ,  Michael D. Green ,  David A. Greig ,  Steven J. Hayashi ,  David R. Mackie ,  Dennis L. McEvoy ,  James G. Treybig ,  Steven W. Wierenga

Inventor： James A. Katzman ,  Joel F. Bartlett ,  Richard M. Bixler ,  William H. Davidow ,  John A. Despotakis ,  Peter J. Graziano ,  Michael D. Green ,  David A. Greig ,  Steven J. Hayashi ,  David R. Mackie ,  Dennis L. McEvoy ,  James G. Treybig ,  Steven W. Wierenga

IPC: G06F11/18 ,  G06F1/26 ,  G06F5/06 ,  G06F7/78 ,  G06F9/46 ,  G06F9/52 ,  G06F11/00 ,  G06F11/10 ,  G06F11/16 ,  G06F11/20 ,  G06F12/08 ,  G06F12/10 ,  G06F12/12 ,  G06F12/14 ,  G06F13/00 ,  G06F13/12 ,  G06F13/20 ,  G06F13/28 ,  G06F13/366 ,  G06F13/38 ,  G06F15/16 ,  G06F15/167 ,  G06F15/173 ,  G06F15/06

CPC classification number: G06F7/78 ,  G06F11/10 ,  G06F11/1044 ,  G06F11/2007 ,  G06F11/2015 ,  G06F11/2023 ,  G06F11/2035 ,  G06F11/2043 ,  G06F11/2097 ,  G06F12/08 ,  G06F12/14 ,  G06F12/1458 ,  G06F13/122 ,  G06F13/20 ,  G06F13/287 ,  G06F13/366 ,  G06F13/38 ,  G06F15/16 ,  G06F15/167 ,  G06F15/173 ,  G06F5/06

Abstract: A multiprocessor system the kind in which two or more separate processor modules are interconnected for parallel processing includes two redundant interprocessor buses dedicated exclusively to interprocessor communication. Any processor module may send information to any other processor module by either bus. The buses are shared in use by the processor modules on a time-sharing basis. Use of each bus is controlled by a special bus controller.The multiprocessor system includes an input/output system having multi-port device controllers and input/output buses connecting each device controller for access by the input/output channels of at least two different processor modules. Each device controller includes logic which insures that only one port is selected for access at a time.The multiprocessor system includes a distributed power supply system which insures nonstop operation of the remainder of the multiprocessor system in the event of a failure of a power supply for a part of the system. The distributed power supply system includes a separate power supply for each processor module and two separate power supplies for each device controller. Either one of the two power supplies provides the entire power for the device controller in the event the other power supply fails. The distributed power supply system permits any processor module or device controller to be powered down so that on-line maintenance can be performed in a power-off condition while the rest of the multiprocessor system is on-line and functional.The multiprocessor system includes a memory system in which the memory of each processor module is divided into four logical address areas--user data, system data, user code and system code. The memory system includes a map which translates logical addresses to physical addresses and which coacts with the multiprocessor system to bring pages from secondary memory into primary main memory as required to implement a virtual memory system. The map also provides a protection function. It provides inherent protection among users in a multiprogramming environment, isolates programs from data and protects system programs from the actions of user programs. The map also provides a reference history information for each logical page as an aid to efficient memory management by the operating system.The multiprocessor system includes in the memory of each processor module an error detection and correction system which detects all single bit and double bit errors and which corrects all single bit errors in semiconductor memory storage.

公开(公告)号：US20080098230A1

公开(公告)日：2008-04-24

申请号：US11584859

申请日：2006-10-23

Applicant: Jeff Kalibjian ,  Vladimir Libershteyn ,  Steven W. Wierenga ,  John W. Clark ,  Susan Langford

Inventor： Jeff Kalibjian ,  Vladimir Libershteyn ,  Steven W. Wierenga ,  John W. Clark ,  Susan Langford

IPC: H04L9/00

CPC classification number: G06F21/57 ,  G06F21/53

Abstract: In one embodiment, a method of implementing trusted compliance operations inside secure computing boundaries comprises receiving, in a secure computing environment, a data envelope from an application operating outside the secure computing environment, the data envelope comprising data and a compliance operation command, verifying, in the secure computing environment, a signature associated with the data envelope, authenticating, in the secure computing environment, the data envelope, notarizing, in the secure computing environment, the application of the command to the data in the envelope, executing the compliance operation in the secure environment; and confirming a result of the compliance operation to a client via trusted communication tunnel.

Abstract translation: 在一个实施例中，在安全计算边界内实现可信任合规性操作的方法包括在安全计算环境中从在安全计算环境之外运行的应用程序接收数据包络，所述数据包络包括数据和合规操作命令， 在安全计算环境中，与数据包络相关联的签名，在安全计算环境中认证在安全计算环境中的数据包络，公证应用命令到信封中的数据，执行合规操作 在安全的环境中 并通过可信通信隧道向客户端确认合规操作的结果。

公开(公告)号：US07318160B2

公开(公告)日：2008-01-08

申请号：US10062808

申请日：2002-02-01

Applicant: Dale W. Hopkins ,  Thomas W. Collins ,  Steven W. Wierenga

Inventor： Dale W. Hopkins ,  Thomas W. Collins ,  Steven W. Wierenga

IPC: H04L9/00 ,  H04K1/00

CPC classification number: G06F21/72 ,  G06F21/86

Abstract: A method is disclosed for performing cryptographic tasks, that include key setup tasks and work data processing tasks. This method comprises the steps of processing the key data in a first cryptographic engine and processing the work data in a second cryptographic engine. The processing of the key data comprises the steps of receiving key data, processing the key data, and generating processed key data. The processing of the work data comprises the steps of receiving the processed key data, receiving work data, processing the work data, and outputting the processed work data. In this method of the invention, the first cryptographic engine performs its tasks independently of the second cryptographic engine. A method for allocating cryptographic engines in a cryptographic system is also disclosed comprising monitoring a queue of cryptographic tasks, monitoring activity levels of a first allocation of a plurality of cryptographic engines, and dynamically adjusting the first allocation.

Abstract translation: 公开了一种用于执行包括关键设置任务和工作数据处理任务的密码任务的方法。 该方法包括在第一密码引擎中处理密钥数据并在第二密码引擎中处理工作数据的步骤。 关键数据的处理包括接收密钥数据，处理密钥数据和生成已处理密钥数据的步骤。 工作数据的处理包括接收处理后的密钥数据，接收工作数据，处理工作数据以及输出处理的工作数据的步骤。 在本发明的这种方法中，第一密码引擎独立于第二密码引擎执行其任务。 还公开了一种用于在密码系统中分配加密引擎的方法，包括：监视加密任务的队列，监视多个密码引擎的第一分配的活动级别，以及动态地调整第一分配。

公开(公告)号：US07093133B2

公开(公告)日：2006-08-15

申请号：US10037238

申请日：2001-12-20

Applicant: Dale W. Hopkins ,  Thomas W. Collins ,  Steven W. Wierenga

Inventor： Dale W. Hopkins ,  Thomas W. Collins ,  Steven W. Wierenga

IPC: G06F11/30

CPC classification number: H04L9/302 ,  H04L9/3255 ,  H04L2209/56

Abstract: A method is provided for generating a group digital signature wherein each of a group of individuals may sign a message M to create a group digital signature S, wherein M corresponds to a number representative of a message, 0≦M≦n−1, n is a composite number formed from the product of a number k of distinct random prime factors p1·p2· . . . ·pk, k is an integer greater than 2, and S≡Md(mod n). The method may include: performing a first partial digital signature subtask on a message M using a first individual private key to produce a first partial digital signature S1; performing at least a second partial digital signature subtask on the message M using a second individual private key to produce a second partial digital signature S2; and combining the partial digital signature results to produce a group digital signature S.

Abstract translation: 提供了一种用于生成组数字签名的方法，其中一组个体中的每一个可以签署消息M以创建组数字签名S，其中M对应于表示消息的数字，0≤M≤= n-1 ，n是由k个不同随机素数因子p 1> 2 <2> 2的乘积形成的复合数。 。 。 。 k是大于2的整数，以及S≡MD（mod n）。 该方法可以包括：使用第一个体专用密钥在消息M上执行第一部分数字签名子任务以产生第一部分数字签名S 1; 使用第二单独专用密钥对消息M执行至少第二部分数字签名子任务，以产生第二部分数字签名S 2; 并组合部分数字签名结果以产生组数字签名S.