利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

16 条记录 (耗时 0.014 秒)

    SECURELY UPGRADING OR DOWNGRADING PLATFORM COMPONENTS
    1.
    发明申请
    SECURELY UPGRADING OR DOWNGRADING PLATFORM COMPONENTS 失效
    安全升级或升级平台组件

    公开(公告)号:US20130212380A1

    公开(公告)日:2013-08-15

    申请号:US13371195

    申请日:2012-02-10

    申请人: Tasneem BRUTCH Onur ACIICMEZ

    发明人: Tasneem BRUTCH Onur ACIICMEZ

    IPC分类号: H04L9/32

    CPC分类号: H04L63/0823 G06F8/65 H04L9/083 H04L9/321 H04L9/3247 H04L9/3263 H04L29/06775 H04L29/06816

    摘要: A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.

    摘要翻译: 提供一种用于安全地改变平台组件的方法,包括:为所述设备分配用于公共加密的证书和签名验证密钥; 为升级服务器分配公共加密证书和签名验证密钥; 相互验证包含平台组件和升级服务器的设备; 使设备和升级服务器交换会话密钥; 并且使用会话密钥向平台组件提供从升级服务器到设备的改变。

    Securely upgrading or downgrading platform components
    2.
    发明授权
    Securely upgrading or downgrading platform components 失效
    安全升级或降级平台组件

    公开(公告)号:US08667270B2

    公开(公告)日:2014-03-04

    申请号:US13371195

    申请日:2012-02-10

    申请人: Tasneem Brutch Onur Aciicmez

    发明人: Tasneem Brutch Onur Aciicmez

    IPC分类号: H04L29/06 H04L9/32 G06F9/44 G06F9/445

    CPC分类号: H04L63/0823 G06F8/65 H04L9/083 H04L9/321 H04L9/3247 H04L9/3263 H04L29/06775 H04L29/06816

    摘要: A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.

    摘要翻译: 提供一种用于安全地改变平台组件的方法,包括:为所述设备分配用于公共加密的证书和签名验证密钥; 为升级服务器分配公共加密证书和签名验证密钥; 相互验证包含平台组件和升级服务器的设备; 使设备和升级服务器交换会话密钥; 并且使用会话密钥向平台组件提供从升级服务器到设备的改变。

    Methods and apparatus for providing upgradeable key bindings for trusted platform modules
    3.
    发明授权
    Methods and apparatus for providing upgradeable key bindings for trusted platform modules 有权
    为可信平台模块提供可升级密钥绑定的方法和装置

    公开(公告)号:US08064605B2

    公开(公告)日:2011-11-22

    申请号:US11863233

    申请日:2007-09-27

    申请人: Tasneem Brutch Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    发明人: Tasneem Brutch Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    IPC分类号: H04L9/00 H04L29/06

    CPC分类号: G06F21/602 G06F21/57 H04L9/0825 H04L9/0836 H04L9/0897

    摘要: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

    摘要翻译: 具有可信平台模块(TPM)的处理系统支持数字密钥的迁移。 例如,当处理系统具有第一配置时,处理系统中的应用可以创建作为TPM存储根密钥(SRK)的子节点的第一配置密钥。 应用还可以创建与作为第一配置密钥的子级的升级授权机相关联的可升级根用户密钥。 应用程序还可以创建用户密钥作为可升级的根用户密钥的子级。 当处理系统具有第二配置时,应用可以创建作为SRK的子节点的第二配置密钥。 该应用程序可能请求迁移批准从升级授权。 响应于接收到升级授权的批准,应用程序可以将root用户密钥迁移为第二个配置密钥的子节点。 描述和要求保护其他实施例。

    METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES
    5.
    发明申请
    METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES 有权
    提供可升级的平台模块的可升级主要功能的方法和设备

    公开(公告)号:US20090089582A1

    公开(公告)日:2009-04-02

    申请号:US11863233

    申请日:2007-09-27

    申请人: TASNEEM BRUTCH Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    发明人: TASNEEM BRUTCH Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    IPC分类号: H04L9/30

    CPC分类号: G06F21/602 G06F21/57 H04L9/0825 H04L9/0836 H04L9/0897

    摘要: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

    摘要翻译: 具有可信平台模块(TPM)的处理系统支持数字密钥的迁移。 例如,当处理系统具有第一配置时,处理系统中的应用可以创建作为TPM存储根密钥(SRK)的子节点的第一配置密钥。 应用还可以创建与作为第一配置密钥的子级的升级授权机相关联的可升级根用户密钥。 应用程序还可以创建用户密钥作为可升级的根用户密钥的子级。 当处理系统具有第二配置时,应用可以创建作为SRK的子节点的第二配置密钥。 该应用程序可能请求迁移批准从升级授权。 响应于接收到升级授权的批准,应用程序可以将root用户密钥迁移为第二个配置密钥的子节点。 描述和要求保护其他实施例。

    VIRTUAL TPM KEYS ROOTED IN A HARDWARE TPM
    6.
    发明申请
    VIRTUAL TPM KEYS ROOTED IN A HARDWARE TPM 有权
    虚拟TPM KEYS在硬件TPM中销售

    公开(公告)号:US20090086979A1

    公开(公告)日:2009-04-02

    申请号:US11864512

    申请日:2007-09-28

    申请人: Tasneem Brutch Alok Kumar Vincent Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    发明人: Tasneem Brutch Alok Kumar Vincent Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    IPC分类号: H04L9/08

    CPC分类号: H04L9/0836 H04L2209/127

    摘要: The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.

    摘要翻译: 与可信计算相关的本主题,更具体地,涉及植根于硬件可信平台模块中的虚拟可信平台模块键。 一些实施例包括可操作以捕获虚拟机可信平台模块调用并且代表一个或多个虚拟机生成,维护和利用硬件可信平台模块密钥的可信平台虚拟化模块。 一些实施例包括虚拟可信平台模块密钥,其具有位于私有部分之上的公共部分,包括加密的硬件可信平台模块密钥。

    Methods and apparatus supporting access to physical and virtual trusted platform modules
    7.
    发明授权
    Methods and apparatus supporting access to physical and virtual trusted platform modules 有权
    支持访问物理和虚拟可信平台模块的方法和设备

    公开(公告)号:US08584229B2

    公开(公告)日:2013-11-12

    申请号:US11963336

    申请日:2007-12-21

    申请人: Tasneem Brutch Alok Kumar Murari Kumar Kalpana M. Roge Vincent R. Scarlata Ned M. Smith Faraz A. Siddiqi Willard M. Wiseman

    发明人: Tasneem Brutch Alok Kumar Murari Kumar Kalpana M. Roge Vincent R. Scarlata Ned M. Smith Faraz A. Siddiqi Willard M. Wiseman

    IPC分类号: G11C7/00

    CPC分类号: G06F21/629 G06F9/45558 G06F21/57 G06F2009/45587 G06F2221/2153

    摘要: A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed.

    摘要翻译: 数据处理系统具有硬件可信平台模块(TPM)和虚拟TPM(vTPM)管理器。 当执行时,vTPM管理器检测来自处理系统中的服务虚拟机(VM)的第一请求,第一请求涉及访问硬件TPM(hTPM)。 作为响应,基于识别hTPM的允许或不允许操作的过滤器规则,vTPM管理器自动确定是否应允许第一个请求。 vTPM管理器还可以检测第二请求以涉及访问处理系统中的软件TPM(sTPM)。 作为响应,基于识别sTPM的允许或不允许的操作的第二过滤器列表,vTPM管理器可以自动确定是否应允许第二请求。 描述和要求保护其他实施例。

    CONFIGURATION OF VIRTUAL TRUSTED PLATFORM MODULE
    9.
    发明申请
    CONFIGURATION OF VIRTUAL TRUSTED PLATFORM MODULE 有权
    虚拟信号平台模块的配置

    公开(公告)号:US20090169017A1

    公开(公告)日:2009-07-02

    申请号:US11967300

    申请日:2007-12-31

    申请人: Ned Smith Willard M. Wiseman Alok Kumar Tasneem Brutch Vincent Scarlata Faraz Siddiqi

    发明人: Ned Smith Willard M. Wiseman Alok Kumar Tasneem Brutch Vincent Scarlata Faraz Siddiqi

    IPC分类号: G06F21/00 H04L9/14

    CPC分类号: G06F21/572 G06F21/57 G06F2221/2101

    摘要: Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.

    摘要翻译: 公开了用于配置虚拟平台模块的系统,方法和机器可读介质。 一种方法包括启动虚拟机监视器,并且利用虚拟机监视器确定定义虚拟可信平台模块的配置的配置策略是否被信任。 该方法还包括根据虚拟机监视器确定配置策略被信任来配置每个配置策略的虚拟可信平台模块。 该方法还包括通过虚拟机监视器启动与虚拟可信平台模块相关联的虚拟机。

    Device, system, and method for provisioning trusted platform module policies to a virtual machine monitor
    10.
    发明申请
    Device, system, and method for provisioning trusted platform module policies to a virtual machine monitor 审中-公开
    用于将可信平台模块策略提供给虚拟机监视器的设备,系统和方法

    公开(公告)号:US20090133097A1

    公开(公告)日:2009-05-21

    申请号:US11984321

    申请日:2007-11-15

    申请人: Ned Smith Willard M. Wiseman Alok Kumar Vincent R. Scarlata Faraz Siddiqi Tasneem Brutch

    发明人: Ned Smith Willard M. Wiseman Alok Kumar Vincent R. Scarlata Faraz Siddiqi Tasneem Brutch

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57 G06F21/53

    摘要: A method, apparatus and system for a trusted platform module accepting a customized integrity policy provisioned to a virtual machine monitor, verifying the security of a first policy object, for example, including the customized integrity policy, by comparing a counter associated with the first policy object with a counter associated with a second policy object, and customizing a virtual trusted platform module of the virtual machine monitor according to the first policy object, for example, when the first policy object is verified. The customized integrity policy may include user specified configurations for implementing a customized virtual environment. Other embodiments are described and claimed.

    摘要翻译: 一种可信平台模块的方法,装置和系统,其接受提供给虚拟机监视器的定制完整性策略,通过比较与第一策略相关联的计数器来验证第一策略对象的安全性,例如包括定制完整性策略 对象与与第二策略对象相关联的计数器,以及根据第一策略对象,例如当第一策略对象被验证时,自定义虚拟机监视器的虚拟可信平台模块。 定制的完整性策略可以包括用于实现定制的虚拟环境的用户指定的配置。 描述和要求保护其他实施例。