公开(公告)号：US07139890B2

公开(公告)日：2006-11-21

申请号：US10135149

申请日：2002-04-30

申请人： Douglas R. Moran ,  Clifford D. Hall ,  Thomas A. Piazza ,  Richard W. Jensen

发明人： Douglas R. Moran ,  Clifford D. Hall ,  Thomas A. Piazza ,  Richard W. Jensen

IPC分类号： G06F12/00

CPC分类号： G06F12/1483

摘要： Methods and arrangements to interface memory are described. Many embodiments comprise comparing a transaction or access from a source to memory addresses associated with the source to determine whether an address associated with the transaction is accessible by the source. Some embodiments may comprise defining protected memory. Several embodiments may comprise defining protected memory by, for example, determining a configuration for memory. Such embodiments may comprise protecting a memory location or limiting access to memory addresses associated with a protected memory location. Some of these embodiments may comprise accessing registers to define protected memory and verifying accesses to a memory location according to the definition of protected memory. Further embodiments may comprise generating an association between a source of an access and a memory location and storing the association to facilitate access to the memory location by the source.

公开(公告)号：US07792303B2

公开(公告)日：2010-09-07

申请号：US10892265

申请日：2004-07-14

申请人： Ernie F. Brickell ,  James A. Sutton, II ,  Clifford D. Hall ,  David W. Grawrock

发明人： Ernie F. Brickell ,  James A. Sutton, II ,  Clifford D. Hall ,  David W. Grawrock

IPC分类号： H04L9/00 ,  H04L9/06 ,  H04L9/32

CPC分类号： H04L63/062 ,  G06F21/57 ,  G06F21/73 ,  H04L9/0841 ,  H04L63/0853 ,  H04L2209/125

摘要： Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

摘要翻译： 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质（例如CD）上，并分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果不是，系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则其可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：US08660266B2

公开(公告)日：2014-02-25

申请号：US12710439

申请日：2010-02-23

申请人： James A. Sutton, II ,  Ernie F. Brickell ,  Clifford D. Hall ,  David W. Grawrock

发明人： James A. Sutton, II ,  Ernie F. Brickell ,  Clifford D. Hall ,  David W. Grawrock

IPC分类号： G06F21/00

CPC分类号： H04L9/0844 ,  H04L2209/127

摘要： Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.

摘要翻译： 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所生成的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。

公开(公告)号：US07809939B2

公开(公告)日：2010-10-05

申请号：US11395010

申请日：2006-03-31

申请人： Clifford D. Hall

发明人： Clifford D. Hall

IPC分类号： H04L29/02 ,  H04L9/08

CPC分类号： H04L63/145 ,  G06F21/53 ,  G06F2221/2105 ,  H04L63/0442

摘要： A method and apparatus provides for trusted point-to-point communication over an open bus. An embodiment of a computer includes a first software environment, with the first software environment being a trusted environment. The first software environment includes one or more trusted applications, and provides for the generation of trusted data packets in an open bus. The computer also includes a second software environment, with the second software environment being an un-trusted environment. The computer includes a trusted interface for an open bus, the trusted interface being accessible only to the first software environment. Other embodiments are described and claimed.

摘要翻译： 一种方法和装置提供通过开放总线的可信任点对点通信。 计算机的实施例包括第一软件环境，其中第一软件环境是受信任的环境。 第一软件环境包括一个或多个受信任的应用，并且提供在开放总线中产生可信数据分组。 计算机还包括第二软件环境，第二软件环境是不可信任的环境。 计算机包括用于开放总线的信任接口，该信任接口只能由第一软件环境访问。 描述和要求保护其他实施例。

公开(公告)号：US07765544B2

公开(公告)日：2010-07-27

申请号：US11016653

申请日：2004-12-17

申请人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard A. Uhlig

发明人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard A. Uhlig

IPC分类号： G06F9/455 ,  G06F17/00 ,  G06F17/30 ,  G06F3/048 ,  G06F15/16

CPC分类号： G06F21/52 ,  G06F21/57

摘要： A method, apparatus and system for improving security on a virtual machines host is described. A shared file system on the host may include annotations usable by a service module to access files across VMs and to enforce security policies. The service module may additionally enable a unified user interface to improve usability of the host.

摘要翻译： 描述了一种用于提高虚拟机主机上的安全性的方法，装置和系统。 主机上的共享文件系统可以包括服务模块可用于访问跨VM的文件并执行安全策略的注释。 服务模块还可以使统一的用户界面提高主机的可用性。

公开(公告)号：US07024555B2

公开(公告)日：2006-04-04

申请号：US10043843

申请日：2001-11-01

申请人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

发明人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

IPC分类号： G06F1/26

CPC分类号： G06F21/57

摘要： An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.

公开(公告)号：US07921293B2

公开(公告)日：2011-04-05

申请号：US11340181

申请日：2006-01-24

申请人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

发明人： Michael A. Kozuch ,  James A. Sutton, II ,  David Grawrock ,  Gilbert Neiger ,  Richard A. Uhlig ,  Bradley G. Burgess ,  David I. Poisner ,  Clifford D. Hall ,  Andy Glew ,  Lawrence O. Smith, III ,  Robert George

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： G06F21/57

摘要： An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.

摘要翻译： 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收的负载安全区域指令。 否则，响应于接收到的负载安全区域指令，引导存储器保护元件以形成安全存储器环境。 一旦定向，就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后，一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储，外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。

公开(公告)号：US07908653B2

公开(公告)日：2011-03-15

申请号：US10881602

申请日：2004-06-29

申请人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard Uhlig

发明人： Ernie F. Brickell ,  Clifford D. Hall ,  Joseph F. Cihula ,  Richard Uhlig

IPC分类号： G06F12/14 ,  G06F12/16

CPC分类号： G06F21/53 ,  G06F21/51 ,  G06F21/566 ,  G06F2221/2145

摘要： Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.

摘要翻译： 可以通过在沙盒虚拟机中执行和访问可疑文件中的至少一个来实现提高处理系统的安全性。

公开(公告)号：US07900017B2

公开(公告)日：2011-03-01

申请号：US10330986

申请日：2002-12-27

申请人： Clifford D. Hall ,  Randolph L. Campbell

发明人： Clifford D. Hall ,  Randolph L. Campbell

IPC分类号： G06F12/08

CPC分类号： G06F12/1036 ,  G06F12/109

摘要： According to one embodiment, a computer system is disclosed. The computer system includes a processor, a chipset coupled to the processor and a memory coupled to the chipset. The chipset translates partitioned virtual machine memory addresses received from the processor to page level addresses.

摘要翻译： 根据一个实施例，公开了一种计算机系统。 计算机系统包括处理器，耦合到处理器的芯片组和耦合到芯片组的存储器。 芯片组将从处理器接收的分区虚拟机存储器地址转换为页面级地址。

公开(公告)号：US20100150351A1

公开(公告)日：2010-06-17

申请号：US12710439

申请日：2010-02-23

申请人： James A. Sutton, II ,  Ernie F. Brickell ,  Clifford D. Hall ,  David W. Grawrock

发明人： James A. Sutton, II ,  Ernie F. Brickell ,  Clifford D. Hall ,  David W. Grawrock

IPC分类号： H04L9/00 ,  H04L9/08 ,  G06F12/14 ,  G06F11/30 ,  G08B29/00

CPC分类号： H04L9/0844 ,  H04L2209/127

摘要： Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

摘要翻译： 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果没有，系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则其可以用于客户端计算机系统中的设备的后续认证处理。