-
1.发明申请Apparatus, system, and method for shared access to secure computing resources 审中-公开用于共享访问安全计算资源的装置,系统和方法公开(公告)号:US20050144477A1
公开(公告)日:2005-06-30
申请号:US10748056
申请日:2003-12-30
申请人: Charles Ball , Ryan Catherman , David Challener , James Hoff , James Ward
发明人: Charles Ball , Ryan Catherman , David Challener , James Hoff , James Ward
CPC分类号: H04L63/083 , G06F21/52 , G06F21/57 , G06F21/602 , G06F2221/2105
摘要: An apparatus, system, and method for shared access to secure computing resources are provided. The apparatus, system, and method include a secure computing module. The secure computing module transacts a secure function for two or more computing modules including an excluding computing module configured to exclusively access the secure computing module. The secure computing module identifies a first computing module transacting the secure function and sets the context of the secure computing module to the first computing module context. The first computing module transacts the secure function, but cannot transact the secure function for a second computing module. The second computing module may also transact the secure function, but may not transact the secure function for the first computing module.
摘要翻译: 提供了一种用于共享访问安全计算资源的装置,系统和方法。 装置,系统和方法包括安全计算模块。 安全计算模块处理两个或多个计算模块的安全功能,包括被配置为独占地访问安全计算模块的排除计算模块。 安全计算模块识别交易安全功能的第一计算模块,并将安全计算模块的上下文设置为第一计算模块上下文。 第一个计算模块处理安全功能,但不能处理第二个计算模块的安全功能。 第二计算模块还可以处理安全功能,但是可以不处理第一计算模块的安全功能。
-
公开(公告)号:US20060075223A1
公开(公告)日:2006-04-06
申请号:US10957545
申请日:2004-10-01
申请人: Steven Bade , Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人: Steven Bade , Charles Ball , Ryan Catherman , James Hoff , James Ward
CPC分类号: G06F21/57
摘要: A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.
摘要翻译: 用于寻呼平台配置的方法,计算机程序和系统在可信平台模块内进出。 在可信赖的计算平台中,可以通过寻呼获得无限数量的平台配置寄存器。 信任平台模块对平台配置寄存器进行加密和解密,以便在可信平台模块之外进行存储。
-
公开(公告)号:US20050135626A1
公开(公告)日:2005-06-23
申请号:US10744441
申请日:2003-12-22
申请人: Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人: Charles Ball , Ryan Catherman , James Hoff , James Ward
CPC分类号: H04L9/0894
摘要: A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to reload the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that is key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.
摘要翻译: 一种用于多个地区的多个密钥高速缓存管理器用于共享安全芯片的加密密钥存储资源的方法,包括:将应用密钥加载到密钥存储器中; 并且由密钥高速缓存管理器保存应用密钥的恢复数据,其中如果应用密钥被另一个密钥高速缓存从密钥存储器中逐出,密钥高速缓存管理器可以使用恢复数据来将应用密钥重新加载到密钥存储器中 经理。 该方法允许多个密钥高速缓存管理器中的每一个识别已经从安全芯片中移除的密钥并恢复其密钥。 该方法还允许每个密钥缓存管理器驱逐或销毁安全芯片上当前加载的任何密钥,而不影响其他地方的功能。
-
4.发明申请Method, system and program product for verifying an attribute of a computing device 审中-公开用于验证计算设备的属性的方法,系统和程序产品公开(公告)号:US20060005009A1
公开(公告)日:2006-01-05
申请号:US10881870
申请日:2004-06-30
申请人: Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人: Charles Ball , Ryan Catherman , James Hoff , James Ward
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , H04L9/321 , H04L2209/127 , H04L2209/80
摘要: A solution for verifying an attribute of a computing device. In particular, a computing device can obtain an attribute from another computing device. The attribute can be measure by, for example, a Trusted Platform Module integrated on the other computing device. The computing device can then use an attestation server to determine whether the attribute reflects a desirable value or indicates that the other computing device may have been compromised.
摘要翻译: 用于验证计算设备的属性的解决方案。 具体地,计算设备可以从另一计算设备获得属性。 该属性可以通过例如集成在另一计算设备上的可信平台模块来测量。 然后,计算设备可以使用认证服务器来确定属性是否反映了期望值,或者指示其他计算设备可能已被泄密。
-
公开(公告)号:US20060101286A1
公开(公告)日:2006-05-11
申请号:US10984400
申请日:2004-11-08
IPC分类号: G06F12/14
摘要: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.
-
公开(公告)号:US20060230264A1
公开(公告)日:2006-10-12
申请号:US11101290
申请日:2005-04-07
申请人: Ryan Catherman , David Challener , Scott Elliott , James Hoff
发明人: Ryan Catherman , David Challener , Scott Elliott , James Hoff
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F11/1446 , G06F21/6209 , H04L9/0822 , H04L2209/60 , H04L2463/062
摘要: A method and system for remotely storing a user's admin key to gain access to an intranet is presented. The user's admin key and intranet user identification (ID) are encrypted using an enterprise's public key, and together they are concatenated into a single backup admin file, which is stored in the user's client computer. If the user needs his admin file and is unable to access it in a backup client computer, he sends the encrypted backup admin file to a backup server and his unencrypted intranet user ID to an intranet authentication server. The backup server decrypts the user's single backup admin file to obtain the user's admin key and intranet user ID. If the unencrypted intranet user ID in the authentication server matches the decrypted intranet user ID in the backup server, then the backup server sends the backup client computer the decrypted admin key.
摘要翻译: 介绍一种用于远程存储用户管理密钥以访问内联网的方法和系统。 用户的管理密钥和内部网用户标识(ID)使用企业的公钥进行加密,并将它们并入一个备份管理文件,该文件存储在用户的客户端计算机中。 如果用户需要他的管理员文件,并且无法在备份客户端计算机中访问它,则他将加密的备份管理文件发送到备份服务器,并将其未加密的内部网用户ID发送到内部网认证服务器。 备份服务器解密用户的单备份管理文件,获取用户的管理密钥和内部网用户ID。 如果身份验证服务器中未加密的Intranet用户ID与备份服务器中的解密内网用户ID匹配,则备份服务器将备份客户端计算机发送解密的管理密钥。
-
7.发明申请Method for securely creating an endorsement certificate in an insecure environment 失效在不安全的环境中安全地创建背书证书的方法公开(公告)号:US20050144440A1
公开(公告)日:2005-06-30
申请号:US10750594
申请日:2003-12-31
申请人: Ryan Catherman , David Challener , James Hoff
发明人: Ryan Catherman , David Challener , James Hoff
CPC分类号: G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密,并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥(EK)凭证处理过程中,TPM产生一个签名密钥,其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥(来自认可密钥)和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
8.发明申请Method for Securely Creating an Endorsement Certificate in an Insecure Environment 有权在不安全的环境中安全地创建认可证书的方法公开(公告)号:US20080069363A1
公开(公告)日:2008-03-20
申请号:US11858977
申请日:2007-09-21
申请人: Ryan Catherman , David Challener , James Hoff
发明人: Ryan Catherman , David Challener , James Hoff
CPC分类号: G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密,并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥(EK)凭证处理过程中,TPM产生一个签名密钥,其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥(来自认可密钥)和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
9.发明申请Method for securely creating an endorsement certificate utilizing signing key pairs 失效使用签名密钥对安全地创建签注证书的方法公开(公告)号:US20050149733A1
公开(公告)日:2005-07-07
申请号:US10749261
申请日:2003-12-31
申请人: Ryan Catherman , David Challener , James Hoff
发明人: Ryan Catherman , David Challener , James Hoff
CPC分类号: G06F21/602 , G06F21/57
摘要: A method and system for ensuring security-compliant creation and certificate generation for endorsement keys of manufactured TPMs. The endorsement keys are generated by the TPM manufacturer and stored within the TPM. The TPM manufacturer also creates a signing key pair and associated signing key certificate. The signing key pair is also stored within the TPM, while the certificate is provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates a signed endorsement key, which comprises the public endorsement key signed with the public signing key. The credential server matches the public signing key of the endorsement key with a public signing key within the received certificate. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的认可密钥的安全兼容创建和证书生成的方法和系统。 认可密钥由TPM制造商生成并存储在TPM内。 TPM制造商还创建了一个签名密钥对和相关的签名密钥证书。 签名密钥对也存储在TPM中,同时将证书提供给OEM的凭据服务器。 在认可密钥(EK)凭证过程中,TPM生成签名的背书密钥,其包括用公共签名密钥签名的公开签名密钥。 凭证服务器将签名密钥的公共签名密钥与接收到的证书中的公共签名密钥相匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
10.发明申请System and method for mitigating denial of service attacks on trusted platform 审中-公开减轻受信任平台拒绝服务攻击的系统和方法公开(公告)号:US20050129244A1
公开(公告)日:2005-06-16
申请号:US10736973
申请日:2003-12-16
申请人: Ryan Catherman , David Challener , James Hoff , Hernando Ovies
发明人: Ryan Catherman , David Challener , James Hoff , Hernando Ovies
CPC分类号: G06F21/50
摘要: Trusted platform module (TPM) keys are copied to a floppy diskette or fob that is external to the customer device in which the TPM resides, so that if the keys in TPM are zeroed as a result of, e.g., a malicious denial of service attack, they can be copied back from the diskette or fob.
摘要翻译: 可信平台模块(TPM)密钥被复制到TPM所在的客户设备外部的软盘或小插件,以便如果TPM中的密钥由于例如恶意拒绝服务攻击而被归零 ,它们可以从软盘或Fob复制回来。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.037 秒)
