-
公开(公告)号:US08073779B2
公开(公告)日:2011-12-06
申请号:US11353675
申请日:2006-02-14
申请人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
发明人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
IPC分类号: G06F21/00
摘要: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.
-
公开(公告)号:US08214296B2
公开(公告)日:2012-07-03
申请号:US11353675
申请日:2006-02-14
申请人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
发明人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
IPC分类号: G06F21/00
CPC分类号: H04L9/00 , G06F21/55 , G06F21/554 , G06F2221/2135
摘要: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.
摘要翻译: 诸如计算机的电子设备可以适于自我监视以符合操作策略。 操作策略可以指定按使用付费或订阅业务模式以及与合规使用相关联的测量。 安全执行环境可以根据业务模式来测量使用情况,并监视和实施对操作策略的遵守。 为了增加攻击或以其他方式禁用安全执行环境的难度,可以分发安全执行环境的元素。 分发点可以包括计算机的其他功能元件,例如接口电路,或者甚至可以远程位于网络上。 还公开了用于分解安全执行环境的实现方法。
-
公开(公告)号:US07669048B2
公开(公告)日:2010-02-23
申请号:US11515410
申请日:2006-08-31
IPC分类号: G06F9/00
CPC分类号: G06F21/575 , G06F21/572 , G06F2221/2105 , G06Q20/085 , G06Q30/0283 , G06Q30/0284
摘要: Described is a technology by which a computing device is booted into a normal mode of operation or a limited mode of operation, depending on whether the computing device was operating correctly (e.g., with respect to policy) prior to a reboot. The reboot may be forced. Examples of incorrect state include an overdue payment on a leased computer, or improper execution of certain important software. A metering mechanism evaluates the state of the computing device, and when an incorrect state is detected, configures the computing device for operation in the limited mode, by setting the computing device to boot via one boot path (e.g., a limited-mode BIOS) instead of another boot path (e.g., a normal-mode BIOS). A BIOS selector switches to the limited BIOS on the next reboot, wherein the computing device is restricted to the limited mode of operation (regardless of subsequent reboots) until the correct state is restored.
摘要翻译: 描述了根据计算设备在重新启动之前是否正确地操作(例如,关于策略)是否将计算设备引导到正常操作模式或有限操作模式的技术。 重启可能会被强制。 错误状态的示例包括租用计算机上的逾期付款或某些重要软件的不当执行。 计量机构评估计算装置的状态,并且当检测到不正确的状态时,通过将计算装置通过一个引导路径(例如,限制模式BIOS)来设置计算装置来配置在限制模式中操作的计算装置, 而不是另一个引导路径(例如,普通模式BIOS)。 BIOS选择器在下一次重新启动时切换到有限的BIOS,其中计算设备被限制到有限的操作模式(不管后续重新启动),直到恢复正确的状态。
-
公开(公告)号:US08839236B2
公开(公告)日:2014-09-16
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US20080250406A1
公开(公告)日:2008-10-09
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US20080047024A1
公开(公告)日:2008-02-21
申请号:US11455947
申请日:2006-06-20
IPC分类号: G06F11/00
CPC分类号: G06F21/74 , G06F21/30 , G06F21/50 , G06F2221/2137
摘要: To enforce contractual usage terms on an electronic device, such as a computer, a security function or circuit may consume all the devices processing power except enough to run a restoration program. The security function may provide problems or challenges for the processor to solve that are designed to consume all but a fraction of the processors compute power. Another embodiment occupies nearly all the device's system memory with a pattern and requires the device to respond to requests related to the memory contents. Both approaches place time limits on the response to help ensure the resource allocations are not being avoided. The security circuit may reset the computer when an incorrect or when no response is received within the time limit.
摘要翻译: 为了在诸如计算机的电子设备上执行合同使用条款,安全功能或电路可以消耗除了足够运行恢复程序之外处理能力的所有设备。 安全功能可能会为处理器提供解决被设计为消耗处理器计算能力的一部分的所有问题或挑战。 另一实施例占据了几乎所有设备的系统存储器的模式,并且要求设备响应与存储器内容有关的请求。 这两种方法对响应都设置时间限制,以帮助确保资源分配不被避免。 安全电路可能会在计算机不正确或在时间内没有收到响应的情况下重置计算机。
-
公开(公告)号:US07596671B2
公开(公告)日:2009-09-29
申请号:US11370411
申请日:2006-03-08
申请人: Alexander Frank , Jack Creasey , Nicholas Temple , Thomas C. Phillips , William J. Westerinen , Zhangwei Xu
发明人: Alexander Frank , Jack Creasey , Nicholas Temple , Thomas C. Phillips , William J. Westerinen , Zhangwei Xu
IPC分类号: G06F12/14
CPC分类号: G07F7/1008 , G06Q20/341 , G06Q20/3576
摘要: A computer is modified to add a memory management module between a memory controller and memory. The module may control or intercept signals between the memory controller and the memory to disable a portion or all of the computer's normal function. The memory management module may be a discrete device or may be part of the memory controller itself.
摘要翻译: 修改计算机以在存储器控制器和存储器之间添加存储器管理模块。 该模块可以控制或截取存储器控制器和存储器之间的信号以禁用计算机的正常功能的一部分或全部。 存储器管理模块可以是分立设备,也可以是存储器控制器本身的一部分。
-
8.发明申请Independent Computation Environment and Provisioning of Computing Device Functionality 审中-公开独立计算环境和计算设备功能的提供公开(公告)号:US20080005560A1
公开(公告)日:2008-01-03
申请号:US11427666
申请日:2006-06-29
CPC分类号: G06F21/629 , G06F2221/2141 , G06F2221/2149 , H04L63/101
摘要: Techniques are described which provide an independent computation environment. The independent computation environment is contained at least in part in a set of one or more hardware components and configured to host a provisioning module that is executable to provision functionality of the computing device according to a wide variety of factors. In an implementation, when the provisioning module determines that particular functionality is referenced in an inclusion list, the computing device is permitted to access the particular functionality. When the provisioning module determines that the particular functionality is referenced in an exclusion list, the computing device is prevented from accessing the particular functionality.
摘要翻译: 描述了提供独立计算环境的技术。 独立计算环境至少部分地包含在一个或多个硬件组件的集合中,并且被配置为托管可执行以根据各种因素来提供计算设备的功能的供应模块。 在实现中,当配置模块确定在包含列表中引用特定功能时,允许计算设备访问特定功能。 当配置模块确定特定功能在排除列表中被引用时,防止计算设备访问特定功能。
-
公开(公告)号:US08151118B2
公开(公告)日:2012-04-03
申请号:US11668446
申请日:2007-01-29
申请人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
发明人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
IPC分类号: H04L29/06
摘要: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.
摘要翻译: 需要其组件的物理完整性的计算机或其他电子设备,例如,每次使用付费的计算机可以使用与多个从属安全设备(称为安全性bean)通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件,并且可以具有禁用该关联组件的能力。 在一个实施例中,安全性bean具有模拟开关,其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动,并响应来自主安全设备的已验证信号以启用其相应的组件。
-
公开(公告)号:US20080183305A1
公开(公告)日:2008-07-31
申请号:US11668446
申请日:2007-01-29
申请人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
发明人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
IPC分类号: G05B19/02
摘要: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.
摘要翻译: 需要其组件的物理完整性的计算机或其他电子设备,例如,每次使用付费的计算机可以使用与多个从属安全设备(称为安全性bean)通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件,并且可以具有禁用该关联组件的能力。 在一个实施例中,安全性bean具有模拟开关,其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动,并响应来自主安全设备的已验证信号以启用其相应的组件。
-
-
-
-
-
-
-
-
-
搜索结果
106 条记录 (耗时 0.037 秒)
