Apparatus and method for protected execution of graphics applications
    1.
    发明申请
    Apparatus and method for protected execution of graphics applications 审中-公开
    保护执行图形应用的装置和方法

    公开(公告)号:US20050283602A1

    公开(公告)日:2005-12-22

    申请号:US10873803

    申请日:2004-06-21

    摘要: A method and apparatus for protected execution of graphics are described. In one embodiment, the method includes the formation of a translation table for a trusted application. In one embodiment, the translation table is formed according to one or more protected pages assigned to the trusted application in response to a protected page request from the trusted application. During execution of the trusted application, a virtual address space of the trusted application is translated to the one or more protected pages assigned to the trusted application. In one embodiment, the translation is performed according to the translation table assigned to the trusted application. Accordingly, by assigning a unique translation table to each trusted application, the various trusted applications may execute within the platform without generating an access into another application's physical address space. Other embodiments are described and claimed.

    摘要翻译: 描述用于保护执行图形的方法和装置。 在一个实施例中,该方法包括形成可信应用的转换表。 在一个实施例中,响应于受信任应用的受保护的页面请求,根据分配给受信任应用的一个或多个受保护页形成翻译表。 在可信应用的执行期间,可信应用的虚拟地址空间被转换为分配给可信应用的一个或多个受保护的页面。 在一个实施例中,根据分配给可信应用的转换表来执行翻译。 因此,通过为每个可信应用分配唯一的转换表,各种可信应用可以在平台内执行,而不产生对另一个应用的物理地址空间的访问。 描述和要求保护其他实施例。

    Method, apparatus and system for improving security in a virtual machine host
    2.
    发明申请
    Method, apparatus and system for improving security in a virtual machine host 有权
    用于提高虚拟机主机安全性的方法,装置和系统

    公开(公告)号:US20060136910A1

    公开(公告)日:2006-06-22

    申请号:US11016653

    申请日:2004-12-17

    IPC分类号: G06F9/455

    CPC分类号: G06F21/52 G06F21/57

    摘要: A method, apparatus and system for improving security on a virtual machines host is described. A shared file system on the host may include annotations usable by a service module to access files across VMs and to enforce security policies. The service module may additionally enable a unified user interface to improve usability of the host.

    摘要翻译: 描述了一种用于提高虚拟机主机上的安全性的方法,装置和系统。 主机上的共享文件系统可以包括服务模块可用于访问跨VM的文件并执行安全策略的注释。 服务模块还可以使统一的用户界面提高主机的可用性。

    Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment
    3.
    发明申请
    Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment 有权
    在多处理器环境中单方面加载安全操作系统的装置和方法

    公开(公告)号:US20070192577A1

    公开(公告)日:2007-08-16

    申请号:US11340181

    申请日:2006-01-24

    IPC分类号: G06F15/177

    CPC分类号: G06F21/57

    摘要: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

    摘要翻译: 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收到的负载安全区域指令。 否则,响应于接收到的负载安全区域指令,引导存储器保护元件以形成安全存储器环境。 一旦定向,就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后,一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储,外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。

    Method of delivering direct proof private keys in signed groups to devices using a distribution CD
    6.
    发明申请
    Method of delivering direct proof private keys in signed groups to devices using a distribution CD 失效
    将使用分发CD的签名组中的直接证明私钥的方法传递给设备

    公开(公告)号:US20060013400A1

    公开(公告)日:2006-01-19

    申请号:US10892280

    申请日:2004-07-14

    IPC分类号: H04L9/00

    摘要: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

    摘要翻译: 在安装在客户端计算机系统中的设备中的签名密钥组中提供直接证明私钥可以以安全的方式实现,而不需要设备中的重要的非易失性存储。 在制造时生成并存储与设备中的组号一起存储唯一的伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构被存储在可移动存储介质(例如CD或DVD)上的签名组密钥(例如,签名组记录)中,并且分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统从可移动存储介质中获得加密数据结构的关联签名组记录,并验证签名组记录。 该设备使用从其存储的伪随机值重新生成的对称密钥来解密加密的数据结构,以便当组记录有效时获得Direct Proof私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。

    Method for providing trusted time in a computing platform
    7.
    发明申请
    Method for providing trusted time in a computing platform 有权
    在计算平台中提供可信时间的方法

    公开(公告)号:US20070074044A1

    公开(公告)日:2007-03-29

    申请号:US11233543

    申请日:2005-09-23

    IPC分类号: G06F12/14 H04L9/32 G06F11/30

    CPC分类号: G06F21/725

    摘要: Providing trusted time in a computing platform, while still supporting privacy, may be accomplished by having a trusted time device provide the trusted time to an application executing on the computing platform. The trusted time device may be reset by determining if a value in a trusted time random number register has been set, and if not, waiting a period of time, generating a new random number, and storing the new random number in the trusted time random number register. The trusted time random number register is set to zero whenever electrical power is first applied to the trusted time device upon power up of the computing platform, and whenever a battery powering the trusted time device is removed and reconnected. By keeping the size of the trusted time random number register relatively small, and waiting the specified period of time, attacks on the computing platform to determine the trusted time may be minimized, while deterring the computing platform from being uniquely identified.

    摘要翻译: 在支持隐私的同时,在计算平台中提供可信时间可以通过使可信时间设备向在计算平台上执行的应用程序提供可信时间来实现。 信任时间设备可以通过确定可信时间随机数寄存器中的值是否已经被设置而被重置,如果不是,则等待一段时间,生成新的随机数,并将新的随机数存储在可信时间随机 数字寄存器。 无论何时在计算平台上电时首次对可信时间设备施加电力,并且每当为可信时间设备供电的电池被去除并重新连接时,信任时间随机数寄存器将被设置为零。 通过保持可信时间随机数寄存器的大小相对较小,并且等待指定的时间段,可以最小化计算平台上的攻击以确定可信时间,同时阻止计算平台被唯一标识。

    Media memory system
    8.
    发明申请
    Media memory system 有权
    媒体存储系统

    公开(公告)号:US20060136693A1

    公开(公告)日:2006-06-22

    申请号:US11022503

    申请日:2004-12-22

    IPC分类号: G06F12/00

    CPC分类号: G06F12/1072

    摘要: A method and apparatus for matching parent processor address translations to media processors' address translations and providing concurrent memory access to a plurality of media processors through separate translation table information. In particular, a page directory for a given media application is copied to a media processor's page directory when the media application allocates memory that is to be shared by a media application running on the parent processor and media processors.

    摘要翻译: 一种用于将母处理器地址转换与媒体处理器的地址转换相匹配并通过单独的转换表信息提供对多个媒体处理器的并发存储器访问的方法和装置。 特别地,当媒体应用程序分配要由父处理器和媒体处理器上运行的媒体应用程序共享的内存时,给定媒体应用程序的页面目录将被复制到媒体处理器的页面目录。

    Method of delivering direct proof private keys to devices using a distribution CD
    9.
    发明申请
    Method of delivering direct proof private keys to devices using a distribution CD 有权
    使用分发CD向设备提供直接验证私钥的方法

    公开(公告)号:US20060013399A1

    公开(公告)日:2006-01-19

    申请号:US10892265

    申请日:2004-07-14

    IPC分类号: H04L9/00

    摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

    摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质(例如CD)上,并分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果不是,系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。

    Trusted point-to-point communication over open bus
    10.
    发明申请
    Trusted point-to-point communication over open bus 有权
    通过开放式总线进行可靠的点对点通信

    公开(公告)号:US20070234035A1

    公开(公告)日:2007-10-04

    申请号:US11395010

    申请日:2006-03-31

    申请人: Clifford Hall

    发明人: Clifford Hall

    IPC分类号: H04L9/00

    摘要: A method and apparatus provides for trusted point-to-point communication over an open bus. An embodiment of a computer includes a first software environment, with the first software environment being a trusted environment. The first software environment includes one or more trusted applications, and provides for the generation of trusted data packets in an open bus. The computer also includes a second software environment, with the second software environment being an un-trusted environment. The computer includes a trusted interface for an open bus, the trusted interface being accessible only to the first software environment. Other embodiments are described and claimed.

    摘要翻译: 一种方法和装置提供通过开放总线的可信任点对点通信。 计算机的实施例包括第一软件环境,其中第一软件环境是受信任的环境。 第一软件环境包括一个或多个受信任的应用,并且提供在开放总线中产生可信数据分组。 计算机还包括第二软件环境,第二软件环境是不可信任的环境。 计算机包括用于开放总线的信任接口,该信任接口只能由第一软件环境访问。 描述和要求保护其他实施例。