利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

24 条记录 (耗时 0.021 秒)

    Communications channel interposer, method and program product for verifying integrity of untrusted subsystem responses to a request
    2.
    发明授权
    Communications channel interposer, method and program product for verifying integrity of untrusted subsystem responses to a request 有权
    通信通道插入器,方法和程序产品,用于验证不可信子系统对请求的响应的完整性

    公开(公告)号:US07921234B2

    公开(公告)日:2011-04-05

    申请号:US12407879

    申请日:2009-03-20

    申请人: Vincenzo Condorelli Thomas J. Dewkett Michael D. Hocker Tamas Visegrady

    发明人: Vincenzo Condorelli Thomas J. Dewkett Michael D. Hocker Tamas Visegrady

    IPC分类号: G06F3/00 G06F11/00

    CPC分类号: G06F11/1608 G06F11/1616 G06F11/1625

    摘要: In a communications channel coupled to multiple duplicated subsystems, a method, interposer and program product are provided for verifying integrity of subsystem responses. Within the communications channel, a first checksum is calculated with receipt of a first response from a first subsystem responsive to a common request, and a second checksum is calculated for a second response of a second subsystem received responsive to the common request. The first checksum and the second checksum are compared, and if matching, only one of the first response and the second response is forwarded from the communications channel as the response to the common request, with the other of the first response and the second response being discarded by the communications channel.

    摘要翻译: 在耦合到多个重复子系统的通信信道中,提供了用于验证子系统响应的完整性的方法,插入器和程序产品。 在通信信道中,响应于公共请求从第一子系统接收到第一响应来计算第一校验和,并且响应于公共请求而接收响应于第二子系统的第二响应的第二校验和。 比较第一校验和和第二校验和,如果匹配,则只有第一响应和第二响应中的仅一个作为对公共请求的响应从通信信道转发,第一响应和第二响应中的另一个为 由通信信道丢弃。

    Communications channel method for verifying integrity of untrusted subsystem responses to a request
    3.
    发明授权
    Communications channel method for verifying integrity of untrusted subsystem responses to a request 失效
    用于验证不可信子系统响应请求的完整性的通信信道方法

    公开(公告)号:US07516246B2

    公开(公告)日:2009-04-07

    申请号:US11260285

    申请日:2005-10-27

    申请人: Vincenzo Condorelli Thomas J. Dewkett Michael D. Hocker Tamas Visegrady

    发明人: Vincenzo Condorelli Thomas J. Dewkett Michael D. Hocker Tamas Visegrady

    IPC分类号: G06F3/00 G06F11/00

    CPC分类号: G06F11/1608 G06F11/1616 G06F11/1625

    摘要: In a communications channel coupled to multiple duplicated subsystems, a method, interposer and program product are provided for verifying integrity of subsystem responses. Within the communications channel, a first checksum is calculated with receipt of a first response from a first subsystem responsive to a common request, and a second checksum is calculated for a second response of a second subsystem received responsive to the common request. The first checksum and the second checksum are compared, and if matching, only one of the first response and the second response is forwarded from the communications channel as the response to the common request, with the other of the first response and the second response being discarded by the communications channel.

    摘要翻译: 在耦合到多个重复子系统的通信信道中,提供了用于验证子系统响应的完整性的方法,插入器和程序产品。 在通信信道中,响应于公共请求从第一子系统接收到第一响应来计算第一校验和,并且响应于公共请求而接收响应于第二子系统的第二响应的第二校验和。 比较第一校验和和第二校验和,如果匹配,则只有第一响应和第二响应中的仅一个作为对公共请求的响应从通信信道转发,第一响应和第二响应中的另一个为 由通信信道丢弃。

    Secure key management
    4.
    发明授权
    Secure key management 有权
    安全密钥管理

    公开(公告)号:US09264230B2

    公开(公告)日:2016-02-16

    申请号:US13047344

    申请日:2011-03-14

    申请人: Todd W. Arnold Elizabeth A. Dames Thomas J. Dewkett Carsten D. Frehr Michael J. Kelly Kenneth B. Kerr Richard V. Kisley Eric D. Rossman Eric B. Smith

    发明人: Todd W. Arnold Elizabeth A. Dames Thomas J. Dewkett Carsten D. Frehr Michael J. Kelly Kenneth B. Kerr Richard V. Kisley Eric D. Rossman Eric B. Smith

    IPC分类号: G06F7/04 H04L9/08

    CPC分类号: H04L9/0897

    摘要: A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.

    摘要翻译: 提供了一种实现计算机安全的系统。 该系统包括计算机处理器和被配置为在计算机处理器上执行的应用程序,该应用程序实现一种方法,该方法包括使用密钥材料创建令牌和填充令牌的有效载荷部分,并且选择包装方法,该方法指定密钥材料 安全地绑定到关键控制信息。 令牌中的关键控制信息的结构与包装方法无关。 实施计算机安全还包括将密钥材料和密钥控制信息绑定到令牌中的密钥材料。 关键控制信息包括与密钥材料的使用和管理有关的信息。

    Method for providing a scalable trusted platform module in a hypervisor environment
    5.
    发明授权
    Method for providing a scalable trusted platform module in a hypervisor environment 失效
    在管理程序环境中提供可扩展的可信平台模块的方法

    公开(公告)号:US07478246B2

    公开(公告)日:2009-01-13

    申请号:US10902670

    申请日:2004-07-29

    申请人: Richard Louis Arndt Steven A. Bade Thomas J. Dewkett Charles W. Gainey, Jr. Nia Letise Kelley Siegfried Sutter Helmut H. Weber

    发明人: Richard Louis Arndt Steven A. Bade Thomas J. Dewkett Charles W. Gainey, Jr. Nia Letise Kelley Siegfried Sutter Helmut H. Weber

    IPC分类号: G06F11/30 H04K1/10

    CPC分类号: H04L63/20 G06F21/57 H04L63/0876 H04L63/102

    摘要: A method is described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

    摘要翻译: 描述了一种在数据处理系统内实现可信计算环境的方法,其中数据处理系统包括单个硬件可信平台模块(TPM)。 在数据处理系统中提供了多个逻辑分区。 为每个逻辑分区生成唯一的上下文。 当其中一个逻辑分区需要访问硬件TPM时,该分区的上下文需要存储在硬件TPM中。 硬件TPM包括有限数量的存储位置,称为上下文时隙,用于存储上下文。 每个上下文时隙都可以存储一个分区的上下文。 每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。 至少一个上下文时隙同时与多于一个的逻辑分区相关联。 在数据处理系统的运行期间,上下文交换进出硬件TPM,以便当这些分区中的一个需要访问硬件TPM时,其所需的上下文当前存储在硬件TPM中。

    Scalable interactive multimedia server system for providing on demand data
    6.
    发明授权
    Scalable interactive multimedia server system for providing on demand data 失效
    可扩展的交互式多媒体服务器系统,用于提供按需数据

    公开(公告)号:US5646676A

    公开(公告)日:1997-07-08

    申请号:US452920

    申请日:1995-05-30

    申请人: Thomas J. Dewkett William Todd Boyd

    发明人: Thomas J. Dewkett William Todd Boyd

    IPC分类号: G06F13/00 H04N5/765 H04N5/781 H04N5/93 H04N7/14 H04N7/173 H04N21/226 H04N21/2387

    CPC分类号: H04N21/21 H04N21/23 H04N7/148 H04N7/17336

    摘要: Connects a host computer system (such as a mainframe or host server system) to a large multimedia (MM) distribution network having wide scalability without being limited by bandwidth constraints in the host system or in any multimedia controller for controlling "on demand" viewing of movies at a large number of set-top-boxes (STBs) with TV sets. Connected to the host system is a network distribution arrangement comprised of a plurality of multimedia (MM) adapters, each MM adapter containing a plurality of MM controllers, each MM controller being connected to a multiplicity of MM pairs, each MM pair being connected to the network for controlling a direct distribution of movies to a large number of STBs. Each MM pair includes a disk adapter and a network adapter connected by a common MM pair bus for transmitting disk data blocks directly to the STBs. The disk adapter controls and receives data from one or more disk devices. The network adapter sends the disk data to the network. In each MM pair, a pair bus connects the network adapter to transmit data from the disk adapter to the network. Data files (movies) are stored on the disks, and any file can be selected by an STB for transmission to the STB. Data blocks are read directly from the disk to the pair bus and then directly through the network to the requesting STB. Any STB may issue interactive commands to control a data file while it is being received.

    摘要翻译: 将主计算机系统(例如主机或主机服务器系统)连接到具有广泛可扩展性的大型多媒体(MM)分配网络,而不受主机系统或任何多媒体控制器中的带宽限制的限制,用于控制“按需”观看 电影在大量具有电视机的机顶盒(STB)。 连接到主机系统的是由多个多媒体(MM)适配器组成的网络分配装置,每个MM适配器包含多个MM控制器,每个MM控制器连接到多个MM对,每个MM对连接到 用于控制电影直接分发到大量STB的网络。 每个MM对包括通过公共MM对总线连接的磁盘适配器和网络适配器,用于将磁盘数据块直接发送到STB。 磁盘适配器控制和接收来自一个或多个磁盘设备的数据。 网络适​​配器将磁盘数据发送到网络。 在每个MM对中,一对总线连接网络适配器,以将数据从磁盘适配器传输到网络。 数据文件(电影)存储在磁盘上,STB可以选择任何文件传输到STB。 数据块从磁盘直接读取到对总线,然后直接通过网络读取到请求的STB。 任何机顶盒可能会发出交互式命令来在数据文件被接收时控制数据文件。

    Interface control process between using programs and shared hardware facilities
    7.
    发明授权
    Interface control process between using programs and shared hardware facilities 失效
    使用程序和共享硬件设施之间的接口控制过程

    公开(公告)号:US5495614A

    公开(公告)日:1996-02-27

    申请号:US355756

    申请日:1994-12-14

    申请人: Glen A. Brent Thomas J. Dewkett Casper A. Scalzi

    发明人: Glen A. Brent Thomas J. Dewkett Casper A. Scalzi

    IPC分类号: G06F13/10 G06F9/00

    CPC分类号: G06F13/102

    摘要: A control process which enables a non-supervisory "using program" (e.g. application programs) to directly interface one or more shared asynchronous hardware facilities in a computer system. Any using program may request the operating system (OS) to set up a "special environment" with an AHF during which the using program can directly issue requests to the AHF for its services. The OS sets up a session for the using program having the "special environment", which specifies restrictions on storage accesses by the AHF for accesses made on behalf of the using program--to insure system data integrity. These restrictions are not changeable by the using program. The "special environment" exists until the session is ended by the using program or by a terminating condition. The "special environment" is tailored to be different among the different using program concurrently using the same AHF, so that the "special environment" of one using program cannot interfere with the "special environment" of another using program. During a session, work requests for any using program are communicated directly to the AHF from the using program, and completion of any work request is communicated directly by the AHF to the using program without any interruption of the using program or OS involvement.

    摘要翻译: 能够使非监督“使用程序”(例如应用程序)直接接入计算机系统中的一个或多个共享异步硬件设施的控制过程。 任何使用程序可以请求操作系统(OS)与AHF建立“特殊环境”,在此期间,使用程序可以直接向AHF发送其服务请求。 操作系统为具有“特殊环境”的使用程序设置会话,该特定环境指定AHF对代表使用程序进行访问的存储访问的限制,以确保系统数据完整性。 使用程序不能更改这些限制。 存在“特殊环境”,直到会话由使用程序或终止条件结束。 “特殊环境”在不同的使用程序中使用相同的AHF进行了不同的定制,使得一个使用程序的“特殊环境”不能干扰另一个使用程序的“特殊环境”。 在会议期间,任何使用程序的工作请求都从使用程序直接发送到AHF,AHF直接将任务完成任务发送到使用程序,而不会中断使用程序或操作系统的参与。

    COMMUNICATIONS CHANNEL INTERPOSER, METHOD AND PROGRAM PRODUCT FOR VERIFYING INTEGRITY OF UNTRUSTED SUBSYSTEM RESPONSES TO A REQUEST
    9.
    发明申请
    COMMUNICATIONS CHANNEL INTERPOSER, METHOD AND PROGRAM PRODUCT FOR VERIFYING INTEGRITY OF UNTRUSTED SUBSYSTEM RESPONSES TO A REQUEST 有权
    通信信道交换机,方法和程序产品,用于验证非请求子系统响应请求的完整性

    公开(公告)号:US20090183058A1

    公开(公告)日:2009-07-16

    申请号:US12407879

    申请日:2009-03-20

    申请人: Vincenzo Condorelli Thomas J. Dewkett Michael D. Hocker Tamas Visegrady

    发明人: Vincenzo Condorelli Thomas J. Dewkett Michael D. Hocker Tamas Visegrady

    IPC分类号: G06F11/10

    CPC分类号: G06F11/1608 G06F11/1616 G06F11/1625

    摘要: In a communications channel coupled to multiple duplicated subsystems, a method, interposer and program product are provided for verifying integrity of subsystem responses. Within the communications channel, a first checksum is calculated with receipt of a first response from a first subsystem responsive to a common request, and a second checksum is calculated for a second response of a second subsystem received responsive to the common request. The first checksum and the second checksum are compared, and if matching, only one of the first response and the second response is forwarded from the communications channel as the response to the common request, with the other of the first response and the second response being discarded by the communications channel.

    摘要翻译: 在耦合到多个重复子系统的通信信道中,提供了用于验证子系统响应的完整性的方法,插入器和程序产品。 在通信信道中,响应于公共请求从第一子系统接收到第一响应来计算第一校验和,并且响应于公共请求而接收响应于第二子系统的第二响应的第二校验和。 比较第一校验和和第二校验和,如果匹配,则只有第一响应和第二响应中的仅一个作为对公共请求的响应从通信信道转发,第一响应和第二响应中的另一个为 由通信信道丢弃。