-
公开(公告)号:US07194623B1
公开(公告)日:2007-03-20
申请号:US09979902
申请日:2000-05-25
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F21/552 , G06F2211/009 , G06F2221/2101 , G06F2221/2103 , H04L63/0853 , H04L63/1425
摘要: There is disclosed a computer entity having a trusted component which compiles an event log for events occurring on a computer platform. The event log contains event data of types which are pre-specified by a user by inputting details through a dialogue display generated by the trusted component. Items which can be monitored include data files, applications drivers and the like. The trusted component operates through a monitoring agent which may be launched onto the computer platform. The monitoring agent may be periodically interrogated to make sure that it is operating correctly and responding to interrogations by the trusted component.
摘要翻译: 公开了一种具有可信组件的计算机实体,该信任组件针对在计算机平台上发生的事件编译事件日志。 事件日志包含由用户通过由可信组件生成的对话显示输入细节而预先指定的类型的事件数据。 可以监视的项目包括数据文件,应用驱动程序等。 受信任的组件通过可以发送到计算机平台上的监视代理来操作。 可以定期询问监视代理以确保其正常工作并响应可信部件的询问。
-
公开(公告)号:US06988250B1
公开(公告)日:2006-01-17
申请号:US09913452
申请日:2000-02-15
申请人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US07444601B2
公开(公告)日:2008-10-28
申请号:US11249820
申请日:2005-10-12
申请人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US07904730B2
公开(公告)日:2011-03-08
申请号:US11861127
申请日:2007-09-25
申请人: Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
发明人: Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
IPC分类号: G06F12/14
CPC分类号: H04L9/3234 , G06F21/84 , G06F2211/009 , G09C5/00 , H04L9/3247 , H04L9/3273 , H04L2209/38 , H04L2209/56
摘要: The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
摘要翻译: 本发明的优选实施例包括使用可信显示处理器(260)的计算机系统,该可信显示处理器(260)具有物理和功能上不同于处理器和存储器的可信处理器(300)和可信存储器(305,315,335,345) 计算机系统。 受信任的显示处理器(260)不受未经授权的修改或内部数据的检查。 防止伪造,防篡改,防止伪造,具有密码功能(340)可远距离安全通信是物理的。 可信赖的显示处理器(260)与用户的智能卡(122)交互以提取和显示可信图像,或者密封(1000),生成文档图像的位图的数字签名并控制视频存储器(315) 使得计算机系统的其他进程在签名过程中不能颠覆图像。 用户通过可信交换机(135)与受信任的显示处理器进行交互。
-
公开(公告)号:US07302585B1
公开(公告)日:2007-11-27
申请号:US09979905
申请日:2000-05-25
申请人: Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
发明人: Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
CPC分类号: H04L9/3234 , G06F21/84 , G06F2211/009 , G09C5/00 , H04L9/3247 , H04L9/3273 , H04L2209/38 , H04L2209/56
摘要: The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
摘要翻译: 本发明的优选实施例包括使用可信显示处理器(260)的计算机系统,该可信显示处理器(260)具有物理和功能上不同于处理器和存储器的可信处理器(300)和可信存储器(305,315,335,345) 计算机系统。 受信任的显示处理器(260)不受未经授权的修改或内部数据的检查。 防止伪造,防篡改,防止伪造,具有密码功能(340)可远距离安全通信是物理的。 可信赖的显示处理器(260)与用户的智能卡(122)交互以提取和显示可信图像,或者密封(1000),生成文档图像的位图的数字签名并控制视频存储器(315) 使得计算机系统的其他进程在签名过程中不能颠覆图像。 用户通过可信交换机(135)与受信任的显示处理器进行交互。
-
6.发明授权公开(公告)号:US08219496B2
公开(公告)日:2012-07-10
申请号:US10080479
申请日:2002-02-22
CPC分类号: G06F21/57 , G06Q20/3674
摘要: In order to facilitate a user's ability to trust a computing environment, a trusted computing device (2) is arranged to challenge other devices in the computing environment and to record a log of the facilities available within the computing environment and an indication of whether those facilities are trustworthy. A new user (40) entering the computing environment can obtain the log from the trusted computing device in order to ascertain the status of the environment. Alternatively any device can hold data concerning platforms in its vicinity and its operation can be authenticated by the trusted device.
摘要翻译: 为了促进用户信任计算环境的能力,可信计算设备(2)被布置成挑战计算环境中的其他设备并且记录计算环境内可用的设施的日志以及这些设施的指示 值得信赖 进入计算环境的新用户(40)可以从可信计算设备获得日志,以便确定环境的状态。 或者,任何设备可以容纳关于其附近的平台的数据,并且其操作可以由受信任的设备认证。
-
公开(公告)号:US08218765B2
公开(公告)日:2012-07-10
申请号:US10080476
申请日:2002-02-22
IPC分类号: H04K1/00
CPC分类号: H04L63/08 , G06F21/57 , H04L63/0492 , H04L63/0853 , H04L67/18
摘要: A trusted service which publishes information describing security attributes of computing platforms in a defined physical area, for use by a visitor to a building, for example, who is unfamiliar with the computing platforms available for use therein. In a preferred embodiment, the system provides only details and/or a list of public keys of genuine trusted computing platforms within the area.In another embodiment of the invention, the information system comprises a trusted computing platform for providing selected information to a user's portable computing apparatus.
摘要翻译: 一种可信任的服务,其将描述计算平台的安全属性的信息发布在定义的物理区域中,供建筑物的访问者使用,例如不熟悉可用于其中的计算平台。 在优选实施例中,系统仅提供该区域内的真实可信计算平台的细节和/或公钥列表。 在本发明的另一个实施例中,信息系统包括用于向用户的便携式计算设备提供选定信息的可信计算平台。
-
公开(公告)号:US07457951B1
公开(公告)日:2008-11-25
申请号:US09979903
申请日:2000-05-25
IPC分类号: H04L9/00
CPC分类号: G06F21/567 , G06F21/566 , G06F21/57 , G06F21/64 , G06F2207/7219 , G06F2211/009 , G06F2211/1097
摘要: A method of security monitoring of data files in a computer platform is carried out by a trusted component having a processor and trusted memory area. The method comprises creating one or a plurality of data files in an untrusted memory area of said computing platform, for each created data file, periodically generating a digest data by applying a hash function to each data file, storing the digest data in a trusted memory area and for each file periodically comparing a current digest data of the file with a previously generated digest data of the file. Any differences between a previous and a current digest data indicate that a file in the untrusted memory area has been corrupted.
摘要翻译: 由计算机平台中的数据文件进行安全监控的方法由具有处理器和可信存储器区域的可信部件执行。 该方法包括在每个创建的数据文件的所述计算平台的不受信任的存储器区域中创建一个或多个数据文件,通过对每个数据文件应用散列函数来周期性地生成摘要数据,将摘要数据存储在可信存储器 区域,并且对于每个文件,周期性地将文件的当前摘要数据与先前生成的文件的摘要数据进行比较。 之前和当前摘要数据之间的任何差异表明不可信内存区域中的文件已损坏。
-
公开(公告)号:US07376974B2
公开(公告)日:2008-05-20
申请号:US10303690
申请日:2002-11-21
申请人: Graeme John Proudler , Boris Balacheff , John S. Worley , Chris D. Hyser , William S Worley, Jr.
发明人: Graeme John Proudler , Boris Balacheff , John S. Worley , Chris D. Hyser , William S Worley, Jr.
CPC分类号: G06F21/57 , G06F21/575 , G06F21/62 , G06F2221/2105 , G06F2221/2145 , G06F2221/2149 , G06F2221/2153
摘要: A computer apparatus for creating a trusted environment comprising a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and associated first operating environment, and means for restricting the first operating environment access to resources available to the trust routine, wherein the trust routine being arranged to acquire the first integrity metric and a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner.
-
公开(公告)号:US07467370B2
公开(公告)日:2008-12-16
申请号:US11090964
申请日:2005-03-25
IPC分类号: G06F9/44
CPC分类号: G06F21/57 , G06F21/575 , G06F21/62 , G06F2221/2105 , G06F2221/2145 , G06F2221/2149 , G06F2221/2153
摘要: A computer apparatus for creating a trusted environment comprising a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and associated first operating environment, and means for restricting the first operating environment access to resources available to the trust routine, wherein the trust routine being arranged to acquire the first integrity metric and a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner.
摘要翻译: 一种用于创建可信环境的计算机设备,包括被配置为获取第一完整性度量以允许确定所述计算机设备是否以可信任方式操作的信任设备; 布置成允许执行第一信任例程和相关联的第一操作环境的处理器以及用于限制第一操作环境访问可用于信任例程的资源的装置,其中所述信任例程被布置为获取第一完整性度量和第二完整性度量 以允许确定第一操作环境是否以可信任的方式操作。
-
-
-
-
-
-
-
-
-
搜索结果
43 条记录 (耗时 0.024 秒)
