-
1.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US07263608B2
公开(公告)日:2007-08-28
申请号:US10735388
申请日:2003-12-12
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
公开(公告)号:US07484241B2
公开(公告)日:2009-01-27
申请号:US10994620
申请日:2004-11-22
申请人: David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
发明人: David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
CPC分类号: G06F21/41
摘要: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.
摘要翻译: 公开了仅使用开机密码的安全单点登录到操作系统的方法和布置。 在许多实施例中,修改的BIOS代码提示,接收和验证开机密码。 开机密码被散列并存储在可信平台模块的平台配置寄存器中。 在设置模式下,可信平台模块使用散列开机密码对操作系统密码进行加密。 在登录模式下,可信平台模块使用散列开机密码解密操作系统密码。
-
公开(公告)号:US07013384B2
公开(公告)日:2006-03-14
申请号:US10047219
申请日:2002-01-15
申请人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/24
CPC分类号: G06F21/57 , G06F9/4406 , G06F15/177
摘要: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
-
5.发明授权Method and system for updating a root of trust measurement function in a personal computer 有权在个人计算机中更新信任测度功能根的方法和系统公开(公告)号:US06782349B2
公开(公告)日:2004-08-24
申请号:US10063608
申请日:2002-05-03
申请人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1900
CPC分类号: G06F21/6218 , G06F21/575
摘要: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.
摘要翻译: 公开了一种用于更新个人计算机中的信任测度(RTM)功能根的方法和系统。 RTM功能位于个人计算机的引导块中。 该方法和系统包括:初始化更新RTM功能的请求,并基于认证过程来解锁引导块。 该方法和系统还包括更新RTM功能。 通过使用根据本发明的方法和系统,个人计算机中的RTM功能以确保更新是真实的方式被更新。
-
6.发明授权Trusted platform motherboard having physical presence detection based on activation of power-on-switch 有权基于上电开关激活的可信平台主板具有物理存在检测公开(公告)号:US07254722B2
公开(公告)日:2007-08-07
申请号:US10411415
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575 , H05K1/181
摘要: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.
摘要翻译: 提供了一种用于计算机系统的主板,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 主板的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根源。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于主板上核心芯片组中寄存器的状态,推理确定物理存在。
-
公开(公告)号:US07107460B2
公开(公告)日:2006-09-12
申请号:US10077135
申请日:2002-02-15
申请人: Daryl Carvis Cromer , Scott Thomas Elliott , James Patrick Hoff , Howard Jeffrey Locker , David Rivera , Randall Scott Springfield , James Peter Ward
发明人: Daryl Carvis Cromer , Scott Thomas Elliott , James Patrick Hoff , Howard Jeffrey Locker , David Rivera , Randall Scott Springfield , James Peter Ward
摘要: An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.
-
公开(公告)号:US06993648B2
公开(公告)日:2006-01-31
申请号:US09931538
申请日:2001-08-16
IPC分类号: G06F9/24
CPC分类号: G06F9/4401 , G06F8/65
摘要: When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.
-
公开(公告)号:US07484105B2
公开(公告)日:2009-01-27
申请号:US09931629
申请日:2001-08-16
CPC分类号: G06F21/572
摘要: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.
摘要翻译: 更新实用程序请求实用程序的签名的签名验证以及解锁存储在该实用程序中的闪存的请求。 可信平台模块(“TPM”)使用先前存储的公钥执行实用程序的签名验证。 在验证签名后,TPM解锁闪存以允许更新实用程序。 完成更新后,闪存实用程序向TPM发出锁定请求以重新锁定闪存。
-
公开(公告)号:US07269747B2
公开(公告)日:2007-09-11
申请号:US10411408
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
-
-
-
-
-
-
-
-
搜索结果
170 条记录 (耗时 0.027 秒)
