-
1.发明授权Method and system for updating a root of trust measurement function in a personal computer 有权在个人计算机中更新信任测度功能根的方法和系统公开(公告)号:US06782349B2
公开(公告)日:2004-08-24
申请号:US10063608
申请日:2002-05-03
申请人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1900
CPC分类号: G06F21/6218 , G06F21/575
摘要: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.
摘要翻译: 公开了一种用于更新个人计算机中的信任测度(RTM)功能根的方法和系统。 RTM功能位于个人计算机的引导块中。 该方法和系统包括:初始化更新RTM功能的请求,并基于认证过程来解锁引导块。 该方法和系统还包括更新RTM功能。 通过使用根据本发明的方法和系统,个人计算机中的RTM功能以确保更新是真实的方式被更新。
-
2.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US07013384B2
公开(公告)日:2006-03-14
申请号:US10047219
申请日:2002-01-15
申请人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/24
CPC分类号: G06F21/57 , G06F9/4406 , G06F15/177
摘要: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
-
4.发明授权Data processing system and method for protecting data in a hard drive utilizing a signature device 有权使用签名装置保护硬盘中的数据的数据处理系统和方法公开(公告)号:US06687825B1
公开(公告)日:2004-02-03
申请号:US09527367
申请日:2000-03-17
申请人: David Carroll Challener , Daryl Carvis Cromer , Mark Charles Davis , Dhruv Manmohandas Desai , Charles William Kaufman , Hernando Ovies , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Mark Charles Davis , Dhruv Manmohandas Desai , Charles William Kaufman , Hernando Ovies , James Peter Ward
IPC分类号: G06F1130
CPC分类号: G06F21/80 , G06F21/6209
摘要: A data processing system and method are disclosed for protecting data within a hard disk drive included within a data processing system. Data is generated. A signature value is provided which is stored in a signature device. The signature device is capable of being inserted into and removed from a computer system. A textual description of the data is created. The data is encrypted utilizing both the signature value stored on the device and the textual description. The encrypted data is then stored on the hard disk drive. The data processing system does not permanently store encryption keys.
摘要翻译: 公开了一种用于保护包含在数据处理系统内的硬盘驱动器内的数据的数据处理系统和方法。 生成数据。 提供签名值,其被存储在签名设备中。 签名装置能够插入计算机系统和从计算机系统中移除。 创建数据的文本描述。 使用存储在设备上的签名值和文本描述来加密数据。 然后将加密的数据存储在硬盘驱动器上。 数据处理系统不会永久存储加密密钥。
-
5.发明授权Systems and method for hiding from a computer system entry of a personal identification number (pin) to a smart card 有权将个人识别号码(PIN)的计算机系统入口隐藏到智能卡的系统和方法公开(公告)号:US06598032B1
公开(公告)日:2003-07-22
申请号:US09523490
申请日:2000-03-10
IPC分类号: G06F1760
CPC分类号: G07F7/1008 , G06Q20/382 , G06Q20/401 , G06Q20/4012 , G07F7/1025
摘要: A system and method for isolating a computer system from entry of a personal identification number (PIN) to a smart card. The system and method includes a computer system that is in communication with an unsecure network to allow a user to engage in a purchase transaction. The system and method also includes a smart card reader in which a smart card is inserted and read. A secure personal-identification-number (PIN) entry device is coupled between the computer system and the smart card reader. The secure PIN entry device is used for entering a correct code for the PIN. Communication between computer system and secure PIN entry device is disconnected until the correct code for the PIN is entered at secure PIN entry device and sent to the smart card in order to authorize use of the smart card for the purchase transaction. In response to the correct code for the PIN being entered and sent to the smart card, communication between computer system and secure PIN entry device is established. The secure PIN entry device has a processor for controlling the disconnection and connection of communication between the computer system and the secure PIN entry device. The secure PIN entry device also has a display for displaying a message request relating to the purchase transaction. The message request prompts a user to provide the PIN to authorize use of the smart card for a purchase transaction.
摘要翻译: 一种用于将计算机系统与个人识别号码(PIN)输入到智能卡的系统和方法。 该系统和方法包括与不安全网络通信以允许用户参与购买交易的计算机系统。 该系统和方法还包括其中插入和读取智能卡的智能卡读卡器。 安全的个人识别号码(PIN)输入设备耦合在计算机系统和智能卡读卡器之间。 安全PIN输入设备用于输入PIN的正确代码。 计算机系统和安全PIN输入设备之间的通信被断开,直到PIN的正确代码被输入到安全的PIN输入设备并被发送到智能卡以授权使用智能卡进行购买交易。 为了响应正在输入的PIN并将其发送到智能卡的正确代码,建立计算机系统和安全PIN输入设备之间的通信。 安全PIN输入设备具有用于控制计算机系统和安全PIN输入设备之间的通信的断开和连接的处理器。 安全PIN输入设备还具有用于显示与购买交易相关的消息请求的显示。 消息请求提示用户提供PIN以授权使用智能卡进行购买交易。
-
6.发明授权System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer 有权用于通过便携式计算机限制访问安全数据到与连接到基本计算机的便携式计算机设定的时间的系统和装置公开(公告)号:US07389536B2
公开(公告)日:2008-06-17
申请号:US09993135
申请日:2001-11-14
CPC分类号: G06F21/88 , G06F21/606 , G06F21/62 , G06F2221/2137
摘要: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.
摘要翻译: 只有当系统中的计时器正在运行时才能通过便携式计算系统访问安全数据。 定时器被重置,便携式系统通过电缆直接连接到基本系统,或通过电话网络间接连接。 在初始化过程中,便携式和基本系统交换诸如公共密码密钥的数据,这些密钥稍后用于确认便携式系统连接到相同的基本系统。 在一个实施例中,初始化过程还包括将从便携式系统发送的密码存储在基本系统内,随后在复位过程中需要该密码。
-
公开(公告)号:US07263608B2
公开(公告)日:2007-08-28
申请号:US10735388
申请日:2003-12-12
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
公开(公告)号:US06993648B2
公开(公告)日:2006-01-31
申请号:US09931538
申请日:2001-08-16
IPC分类号: G06F9/24
CPC分类号: G06F9/4401 , G06F8/65
摘要: When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.
-
公开(公告)号:US07484105B2
公开(公告)日:2009-01-27
申请号:US09931629
申请日:2001-08-16
CPC分类号: G06F21/572
摘要: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.
摘要翻译: 更新实用程序请求实用程序的签名的签名验证以及解锁存储在该实用程序中的闪存的请求。 可信平台模块(“TPM”)使用先前存储的公钥执行实用程序的签名验证。 在验证签名后,TPM解锁闪存以允许更新实用程序。 完成更新后,闪存实用程序向TPM发出锁定请求以重新锁定闪存。
-
公开(公告)号:US07269747B2
公开(公告)日:2007-09-11
申请号:US10411408
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.035 秒)
