公开(公告)号：US20060020781A1

公开(公告)日：2006-01-26

申请号：US10876994

申请日：2004-06-24

申请人： Vincent Scarlata ,  Carlos Rozas

发明人： Vincent Scarlata ,  Carlos Rozas

IPC分类号： G06F1/24

CPC分类号： G06F21/57 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45587

摘要： A method and a related apparatus provide a virtual trusted platform module (TPM). In an example embodiment, a virtual TPM service creates a virtual TPM for use in a processing system that contains a physical TPM. The virtual TPM service may store a key for the virtual TPM in the physical TPM. The virtual TPM service may then use the virtual TPM to provide emulated physical TPM features. In one embodiment, the virtual TPM service may use the virtual TPM to emulate a physical TPM for a virtual machine in the processing system. Other embodiments are described and claimed.

公开(公告)号：US09087200B2

公开(公告)日：2015-07-21

申请号：US13527547

申请日：2012-06-19

申请人： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

发明人： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC分类号： G06F21/72 ,  G06F21/60 ,  G06F21/53 ,  G06F12/14

CPC分类号： G06F21/60 ,  G06F21/53 ,  G06F21/72

摘要： A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

摘要翻译： 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。

公开(公告)号：US20140283098A1

公开(公告)日：2014-09-18

申请号：US13844101

申请日：2013-03-15

申请人： Vinay Phegade ,  Anand Rajan ,  Simon Johnson ,  Vincent Scarlata ,  Carlos Rozas ,  Nikhil Deshpande

发明人： Vinay Phegade ,  Anand Rajan ,  Simon Johnson ,  Vincent Scarlata ,  Carlos Rozas ,  Nikhil Deshpande

IPC分类号： G06F21/60

CPC分类号： H04L63/0428 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2105 ,  H04L63/126 ,  H04L63/302

摘要： An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

摘要翻译： 用于在实体之间共享信息的装置包括处理器和在处理器上执行的可信执行模块。 可信执行模块被配置为从与第一实体相关联的第一客户端设备接收第一机密信息，将可信执行环境中的第一机密信息密封，从与第二实体相关联的第二客户端设备接收第二机密信息， 可信执行环境中的第二机密信息，并在可信执行环境内执行代码。 代码被配置为基于第一机密信息和第二机密信息来计算机密结果。

公开(公告)号：US20130159726A1

公开(公告)日：2013-06-20

申请号：US13527547

申请日：2012-06-19

申请人： Francis X. MCKEEN ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

发明人： Francis X. MCKEEN ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC分类号： G06F21/72

CPC分类号： G06F21/60 ,  G06F21/53 ,  G06F21/72

摘要： A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

摘要翻译： 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。

公开(公告)号：US08249257B2

公开(公告)日：2012-08-21

申请号：US11864512

申请日：2007-09-28

申请人： Tasneem Brutch ,  Alok Kumar ,  Vincent Scarlata ,  Faraz A. Siddiqi ,  Ned M. Smith ,  Willard M. Wiseman

发明人： Tasneem Brutch ,  Alok Kumar ,  Vincent Scarlata ,  Faraz A. Siddiqi ,  Ned M. Smith ,  Willard M. Wiseman

IPC分类号： G06F21/00

CPC分类号： H04L9/0836 ,  H04L2209/127

摘要： The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.

摘要翻译： 与可信计算相关的本主题，更具体地，涉及植根于硬件可信平台模块中的虚拟可信平台模块键。 一些实施例包括可操作以捕获虚拟机可信平台模块调用并且代表一个或多个虚拟机生成，维护和利用硬件可信平台模块密钥的可信平台虚拟化模块。 一些实施例包括虚拟可信平台模块密钥，其具有位于私有部分之上的公共部分，包括加密的硬件可信平台模块密钥。

公开(公告)号：US08032942B2

公开(公告)日：2011-10-04

申请号：US11967300

申请日：2007-12-31

申请人： Ned Smith ,  Willard Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz Siddiqi

发明人： Ned Smith ,  Willard Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz Siddiqi

IPC分类号： H04L9/00 ,  H04L9/32 ,  G06F7/04

CPC分类号： G06F21/572 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.

摘要翻译： 公开了用于配置虚拟平台模块的系统，方法和机器可读介质。 一种方法包括启动虚拟机监视器，并且利用虚拟机监视器确定定义虚拟可信平台模块的配置的配置策略是否被信任。 该方法还包括根据虚拟机监视器确定配置策略被信任来配置每个配置策略的虚拟可信平台模块。 该方法还包括通过虚拟机监视器启动与虚拟可信平台模块相关联的虚拟机。

公开(公告)号：US20090169012A1

公开(公告)日：2009-07-02

申请号：US11967143

申请日：2007-12-29

申请人： Ned M. Smith ,  Willard M. Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz A. Siddiqi

发明人： Ned M. Smith ,  Willard M. Wiseman ,  Alok Kumar ,  Tasneem Brutch ,  Vincent Scarlata ,  Faraz A. Siddiqi

IPC分类号： H04L9/06

CPC分类号： G06F21/57 ,  H04L9/0825 ,  H04L9/0836 ,  H04L9/0897

摘要： The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module.

摘要翻译： 本主题涉及可信计算，更具体地涉及根植于硬件可信平台模块中的虚拟可信平台模块密钥的迁移。 一些实施例包括可执行入站和出站可信平台模块密钥迁移中的一个或多个的可信平台虚拟化模块。 这样的迁移可以在虚拟可信平台模块和硬件或虚拟可信平台模块之间执行。

公开(公告)号：US20060256105A1

公开(公告)日：2006-11-16

申请号：US11171133

申请日：2005-06-29

申请人： Vincent Scarlata ,  Carlos Rozas

发明人： Vincent Scarlata ,  Carlos Rozas

IPC分类号： G06T1/00

CPC分类号： G06F21/72 ,  G06F21/53 ,  G06F21/552 ,  G06F21/577 ,  G06F21/602 ,  G06F21/74 ,  G06F21/79 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

摘要： A virtual security coprocessor framework supports creation of at least one device model to emulate a predetermined cryptographic coprocessor. In one embodiment, the virtual security coprocessor framework uses a cryptographic coprocessor in a processing system to create an instance of the device model (DM) in the processing system. The DM may be based at least in part on a predetermined device model design. The DM may emulate the predetermined cryptographic coprocessor in accordance with the control logic of the device model design. In one embodiment, the virtual security coprocessor framework uses a physical trusted platform module (TPM) in a processing system to support one or more virtual TPMs (vTPMs) for one or more virtual machines (VMs) in the processing system. Other embodiments are described and claimed.

公开(公告)号：US20090086979A1

公开(公告)日：2009-04-02

申请号：US11864512

申请日：2007-09-28

申请人： Tasneem Brutch ,  Alok Kumar ,  Vincent Scarlata ,  Faraz A. Siddiqi ,  Ned M. Smith ,  Willard M. Wiseman

发明人： Tasneem Brutch ,  Alok Kumar ,  Vincent Scarlata ,  Faraz A. Siddiqi ,  Ned M. Smith ,  Willard M. Wiseman

IPC分类号： H04L9/08

CPC分类号： H04L9/0836 ,  H04L2209/127

摘要： The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.

摘要翻译： 与可信计算相关的本主题，更具体地，涉及植根于硬件可信平台模块中的虚拟可信平台模块键。 一些实施例包括可操作以捕获虚拟机可信平台模块调用并且代表一个或多个虚拟机生成，维护和利用硬件可信平台模块密钥的可信平台虚拟化模块。 一些实施例包括虚拟可信平台模块密钥，其具有位于私有部分之上的公共部分，包括加密的硬件可信平台模块密钥。

公开(公告)号：US20070006169A1

公开(公告)日：2007-01-04

申请号：US11170853

申请日：2005-06-30

申请人： Alexander Iliev ,  Vincent Scarlata ,  Carlos Rozas

发明人： Alexander Iliev ,  Vincent Scarlata ,  Carlos Rozas

IPC分类号： G06F9/44

CPC分类号： G06F21/57 ,  G06F21/72 ,  G06F2221/2141 ,  H04L9/0897

摘要： A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.

摘要翻译： 描述了将可信平台模块（TPM）密钥绑定到执行实体的方法和装置。 在一个实施例中，该方法包括接收由执行实体发出的授权数据的授权请求。 根据授权请求，可以测量执行实体以生成实体摘要值。 一旦生成实体摘要值，如果实体摘要值验证执行实体是TPM持有的密钥的所有者，则平台引用模块可以授予授权请求。 因此，在一个实施例中，平台参考模块而不是执行实体保存TPM所需的授权数据，以使用由执行实体拥有的密钥并由TPM保存在密封存储器内。 描述和要求保护其他实施例。