-
公开(公告)号:US20150379269A1
公开(公告)日:2015-12-31
申请号:US14317595
申请日:2014-06-27
申请人: David W. Grawrock , Sarat Kompalli
发明人: David W. Grawrock , Sarat Kompalli
IPC分类号: G06F21/57
摘要: Technologies for monitoring protected functionality of an integrated circuit device include an integrated circuit device having a protected function module. The protected function module includes a modifiable security device. When the protected function module is activated or powered up, an attribute of the modifiable security device is irreversibly modified. The integrated circuit device may be a processor, and the protected function module may be a debug module of the processor. The modifiable circuit device may be an oscillator. The frequency of the oscillator may change when the oscillator is powered due to oscillator aging. The integrated circuit device may be included in a computing device. The integrated circuit device may expose data indicative of the attribute of the modifiable security device to firmware or software of the computing device. The data may be exposed through a cryptographically signed, firmware-readable memory space. Other embodiments are described and claimed.
摘要翻译: 用于监视集成电路装置的受保护功能的技术包括具有受保护功能模块的集成电路装置。 受保护的功能模块包括可修改的安全设备。 当保护功能模块被激活或加电时,可修改的安全设备的属性是不可逆修改的。 集成电路设备可以是处理器,并且受保护的功能模块可以是处理器的调试模块。 可修改的电路装置可以是振荡器。 当振荡器由于振荡器老化而供电时,振荡器的频率可能会改变。 集成电路设备可以包括在计算设备中。 集成电路设备可以将指示可修改安全设备的属性的数据暴露给计算设备的固件或软件。 数据可以通过加密签名的固件可读存储空间来暴露。 描述和要求保护其他实施例。
-
2.发明授权System and method for execution of a secured environment initialization instruction 有权用于执行安全环境初始化指令的系统和方法公开(公告)号:US08645688B2
公开(公告)日:2014-02-04
申请号:US13444450
申请日:2012-04-11
CPC分类号: G06F9/4403 , G01N23/223 , G01N33/502 , G01N33/6872 , G01N2223/076 , G06F9/44505 , G06F12/0802 , G06F12/145 , G06F12/1458 , G06F13/4282 , G06F21/57 , G06F21/572 , G06F2212/1052 , G06F2212/60 , G06F2213/0026 , G06F2221/033 , H04L9/32 , H04L9/3247
摘要: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
摘要翻译: 描述了用于在微处理器系统中发起安全操作的方法和装置。 在一个实施例中,一个起始逻辑处理器通过停止其他逻辑处理器的执行,然后将初始化和将虚拟机监视软件安全地保存到存储器中来启动该过程。 起始处理器然后将初始化软件加载到安全存储器中用于认证和执行。 然后,初始化软件在安全系统操作之前对安全虚拟机监控软件进行身份验证和注册。
-
公开(公告)号:US20130283369A1
公开(公告)日:2013-10-24
申请号:US13925991
申请日:2013-06-25
申请人: Ned M. Smith , Vedvyas Shanbhogue , Geoffrey S. Strongin , Willard M. Wiseman , David W. Grawrock
发明人: Ned M. Smith , Vedvyas Shanbhogue , Geoffrey S. Strongin , Willard M. Wiseman , David W. Grawrock
IPC分类号: G06F21/44
CPC分类号: G06F21/44 , G06F21/50 , G06F21/57 , G06F21/575 , G06F21/85 , H04L63/126 , H04L67/125
摘要: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器可以强制黑名单并且根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种执行可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁定完整性协议未被验证的设备的列表。 描述和要求保护其他实施例。
-
公开(公告)号:US08516551B2
公开(公告)日:2013-08-20
申请号:US12845528
申请日:2010-07-28
申请人: Ned M. Smith , Vedvyas Shanbhogue , Geoffrey S. Strongin , Willard M. Wiseman , David W. Grawrock
发明人: Ned M. Smith , Vedvyas Shanbhogue , Geoffrey S. Strongin , Willard M. Wiseman , David W. Grawrock
IPC分类号: G06F7/04
CPC分类号: G06F21/44 , G06F21/50 , G06F21/57 , G06F21/575 , G06F21/85 , H04L63/126 , H04L67/125
摘要: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器可以强制黑名单并且根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种执行可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁定完整性协议未被验证的设备的列表。 描述和要求保护其他实施例。
-
公开(公告)号:US07725713B2
公开(公告)日:2010-05-25
申请号:US12005450
申请日:2007-12-27
申请人: John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
发明人: John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
CPC分类号: G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trust agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
摘要翻译: 在本发明的一个实施例中,一种方法包括验证系统的起始逻辑处理器; 如果启动逻辑处理器被验证,则使用起始逻辑处理器验证可信代理; 以及如果所述可信代理被验证,则在所述系统的多个处理器上启动所述信任代理。 在执行这样的可信代理之后,在某些实施例中可以启动安全内核。 该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。
-
公开(公告)号:US07624272B2
公开(公告)日:2009-11-24
申请号:US10404717
申请日:2003-03-31
IPC分类号: H04K1/00
CPC分类号: G06F21/57 , G06F21/64 , H04L9/3234 , H04L9/3247
摘要: An integrity signature may provide information about a platform used to create a digital signature. The value of a digital signature may be related to the integrity and trustworthiness of the platform on which it is created. Signed platform integrity information provides a measure of trust regarding the platform used to create the digital signature. The integrity signature may be created separately from a document signature, or a combined integrity and document signature may be provided.
摘要翻译: 完整性签名可以提供关于用于创建数字签名的平台的信息。 数字签名的价值可能与创建它的平台的完整性和可信度有关。 签名的平台完整性信息提供了关于用于创建数字签名的平台的信任度量。 完整性签名可以与文档签名分开创建,或者可以提供组合的完整性和文档签名。
-
公开(公告)号:US07571329B2
公开(公告)日:2009-08-04
申请号:US10891699
申请日:2004-07-14
申请人: Ernie F. Brickell , Alberto J. Martinez , David W. Grawrock , James A. Sutton, II , Clifford D. Hall
发明人: Ernie F. Brickell , Alberto J. Martinez , David W. Grawrock , James A. Sutton, II , Clifford D. Hall
CPC分类号: G06F21/73
摘要: Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.
摘要翻译: 安全地存储和检索与/从处理系统的存储器中的设备相关联的唯一值。 在至少一个实施例中,设备需要能够跨越处理系统复位来访问唯一值,并且设备没有足够的非易失性存储来存储唯一值本身。 相反,唯一的值被存储在处理系统存储器中,使得存储的唯一值不会为处理系统或设备创建唯一的标识符。 可以使用伪随机或随机生成的初始化向量来改变用于在存储器中存储唯一值的加密数据结构。
-
公开(公告)号:US07526649B2
公开(公告)日:2009-04-28
申请号:US10748773
申请日:2003-12-30
CPC分类号: H04L63/061 , H04L9/321 , H04L9/3263 , H04L63/067 , H04L63/0823 , H04L2209/127 , H04L2209/56
摘要: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.
摘要翻译: 根据本发明的实施例,描述了用于会话密钥交换的方法和装置。 一种方法的实施例包括请求一个平台的服务; 证明使用该服务的平台的一个或多个可接受的配置; 以及接收所述服务的会话的会话密钥,所述服务被限制为所述平台的所述一个或多个可接受的配置。
-
公开(公告)号:US10198333B2
公开(公告)日:2019-02-05
申请号:US13997182
申请日:2010-12-23
申请人: Mark B. Trobough , Keshavan K. Tiruvallur , Chinna B. Prudvi , Christian E. Iovin , David W. Grawrock , Jay J. Nejedlo , Ashok N. Kabadi , Travis K. Goff , Evan J. Halprin , Kapila B. Udawatta , Jiun Long Foo , Wee Hoo Cheah , Vui Yong Liew , Selvakumar Raja Gopal , Yuen Tat Lee , Samie B. Samaan , Kip C. Killpack , Neil Dobler , Nagib Z. Hakim , Brian Meyer , William H. Penner , John L. Baudrexl , Russell J. Wunderlich , James J. Grealish , Kyle Markley , Timothy S. Storey , Loren J. McConnell , Lyle E. Cool , Mukesh Kataria , Rahima K. Mohammed , Tieyu Zheng , Yi Amy Xia , Ridvan A. Sahan , Arun R. Ramadorai , Priyadarsan Patra , Edwin E. Parks , Abhijit Davare , Padmakumar Gopal , Bruce Querbach , Hermann W. Gartler , Keith Drescher , Sanjay S. Salem , David C. Florey
发明人: Mark B. Trobough , Keshavan K. Tiruvallur , Chinna B. Prudvi , Christian E. Iovin , David W. Grawrock , Jay J. Nejedlo , Ashok N. Kabadi , Travis K. Goff , Evan J. Halprin , Kapila B. Udawatta , Jiun Long Foo , Wee Hoo Cheah , Vui Yong Liew , Selvakumar Raja Gopal , Yuen Tat Lee , Samie B. Samaan , Kip C. Killpack , Neil Dobler , Nagib Z. Hakim , Brian Meyer , William H. Penner , John L. Baudrexl , Russell J. Wunderlich , James J. Grealish , Kyle Markley , Timothy S. Storey , Loren J. McConnell , Lyle E. Cool , Mukesh Kataria , Rahima K. Mohammed , Tieyu Zheng , Yi Amy Xia , Ridvan A. Sahan , Arun R. Ramadorai , Priyadarsan Patra , Edwin E. Parks , Abhijit Davare , Padmakumar Gopal , Bruce Querbach , Hermann W. Gartler , Keith Drescher , Sanjay S. Salem , David C. Florey
IPC分类号: G06F11/273 , G06F11/267
摘要: An apparatus and method is described herein for providing a test, validation, and debug architecture. At a target or base level, hardware hooks (Design for Test or DFx) are designed into and integrated with silicon parts. A controller may provide abstracted access to such hooks, such as through an abstraction layer that abstracts low level details of the hardware DFx. In addition, the abstraction layer through an interface, such as APIs, provides services, routines, and data structures to higher-level software/presentation layers, which are able to collect test data for validation and debug of a unit/platform under test. Moreover, the architecture potentially provides tiered (multiple levels of) secure access to the test architecture. Additionally, physical access to the test architecture for a platform may be simplified through use of a unified, bi-directional test access port, while also potentially allowing remote access to perform remote test and debug of a part/platform under test. In essence, a complete test architecture stack is described herein for test, validation, and debug of electronic parts, devices, and platforms.
-
公开(公告)号:US20130254905A1
公开(公告)日:2013-09-26
申请号:US13897906
申请日:2013-05-20
申请人: John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Williard M. Wiseman
发明人: John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Williard M. Wiseman
IPC分类号: G06F21/64
CPC分类号: G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
-
-
-
-
-
-
-
-
-
搜索结果
61 条记录 (耗时 0.024 秒)