公开(公告)号：US07506380B2

公开(公告)日：2009-03-17

申请号：US11035715

申请日：2005-01-14

申请人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

发明人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

IPC分类号： G06F21/02 ,  G06F11/30 ,  G06F9/00 ,  H04L9/00 ,  H04K1/00

CPC分类号： G06F21/575 ,  G06F2221/2101

摘要： Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

摘要翻译： 提供了系统和方法，用于在具有可信平台模块（TPM）的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程，确定防止秘密解密的数据，并将数据返回到原始状态。 在这种类型的恢复不可行的情况下，可以使用用于验证用户的技术，允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器（PCR）值 。 最后，可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程，更新安全引导过程的一个或多个方面，以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。

公开(公告)号：US08028172B2

公开(公告)日：2011-09-27

申请号：US11036018

申请日：2005-01-14

申请人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

发明人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

IPC分类号： H04L9/32

CPC分类号： G06F21/575

摘要： Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.

摘要翻译： 提供了系统和方法，用于在具有可信平台模块（TPM）的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程，确定防止秘密解密的数据，并将数据返回到原始状态。 在这种类型的恢复不可行的情况下，可以使用用于验证用户的技术，允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器（PCR）值 。 最后，可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程，更新安全引导过程的一个或多个方面，以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。

公开(公告)号：US07565553B2

公开(公告)日：2009-07-21

申请号：US11036415

申请日：2005-01-14

申请人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

发明人： Jamie Hunter ,  Paul England ,  Russell Humphries ,  Stefan Thom ,  James Anthony Schwartz, Jr. ,  Kenneth D. Ray ,  Jonathan Schwartz

IPC分类号： G06F12/14

CPC分类号： G06F21/575 ,  G06F21/78

摘要： Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.

摘要翻译： 用于通过安全引导过程控制计算机上的数据访问的系统和方法可以提供用于防止将来访问加密数字资源的高效机制。 这在一系列场景中可能是有利的，例如在出售计算机的地方，并且希望确保硬盘上不存在杂散私有数据。 数据资源，例如与一个或多个特定硬盘分区相关联的所有数据可以被加密。 解密密钥可以通过安全引导过程来获得。 通过擦除，改变或以其他方式禁用诸如解密密钥或获得解密密钥的过程的秘密，使用这种秘密的以前可访问的数据变得不可访问。

公开(公告)号：US20080022132A1

公开(公告)日：2008-01-24

申请号：US11449553

申请日：2006-06-07

申请人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

发明人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

IPC分类号： G06F12/14

CPC分类号： G06F21/85 ,  G06F21/78 ,  G06F2221/2113 ,  H04L9/0836

摘要： Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.

摘要翻译： 通过使用单个密码引擎执行磁盘操作来控制对诸如磁盘的存储设备的访问。 与控制对存储设备的访问相关联的分层结构的每个层相关联的密钥被组合。 这种组合的结果被用作密码引擎的关键。 要从存储装置检索和写入存储装置的数据利用组合密钥由加密引擎进行操作。 通过组合与分层结构的层相关联的功能来组合密钥。 组合功能可以包括排他或功能，加密散列函数或其组合。

公开(公告)号：US08046593B2

公开(公告)日：2011-10-25

申请号：US11449553

申请日：2006-06-07

申请人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

发明人： Carl M. Ellison ,  Jamie Hunter ,  Kenneth D. Ray ,  Niels T. Ferguson ,  Philip J. Lafornara ,  Russell Humphries

IPC分类号： G06F12/14

CPC分类号： G06F21/85 ,  G06F21/78 ,  G06F2221/2113 ,  H04L9/0836

摘要： Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.

摘要翻译： 通过使用单个密码引擎执行磁盘操作来控制对诸如磁盘的存储设备的访问。 与控制对存储设备的访问相关联的分层结构的每个层相关联的密钥被组合。 这种组合的结果被用作密码引擎的关键。 要从存储装置检索和写入存储装置的数据利用组合密钥由加密引擎进行操作。 通过组合与分层结构的层相关联的功能来组合密钥。 组合功能可以包括排他或功能，加密散列函数或其组合。

公开(公告)号：US07694121B2

公开(公告)日：2010-04-06

申请号：US10882134

申请日：2004-06-30

申请人： Bryan Mark Willman ,  Paul England ,  Kenneth D. Ray ,  Jamie Hunter ,  Lonnie Dean McMichael ,  Derek Norman LaSalle ,  Pierre Jacomet ,  Mark Eliot Paley ,  Thekkthalackal Varugis Kurien ,  David B. Cross

发明人： Bryan Mark Willman ,  Paul England ,  Kenneth D. Ray ,  Jamie Hunter ,  Lonnie Dean McMichael ,  Derek Norman LaSalle ,  Pierre Jacomet ,  Mark Eliot Paley ,  Thekkthalackal Varugis Kurien ,  David B. Cross

IPC分类号： G06F9/00

CPC分类号： G06F21/575 ,  G06F9/4401

摘要： A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

摘要翻译： 用于保护操作系统启动的机制，可防止恶意组件与操作系统一起加载，从而防止系统密钥在不适当情况下泄露。 在机器启动过程的一部分发生后，运行操作系统加载程序，验证加载程序，并验证是否存在和/或创建正确的机器状态。 一旦加载程序已被验证为合法的装载程序，并且其运行的机器状态被验证为正确的，则加载程序的未来行为是已知的，以防止可能导致系统密钥泄露的流氓组件的加载。 对于系统密钥，加载程序的行为被认为是安全的，验证器可以打开系统密钥并将其提供给加载程序。

公开(公告)号：US20190213325A1

公开(公告)日：2019-07-11

申请号：US16310251

申请日：2016-06-29

申请人： Daniel Salvatore SCHIAPPA ,  Kenneth D. RAY ,  Ross MCKERCHAR ,  Andrew J. THOMAS ,  Russell HUMPHRIES ,  John Edward Tyrone SHAW ,  Sophos Limited

发明人： Ross McKerchar ,  John Edward Tyrone Shaw ,  Andrew J. Thomas ,  Russell Humphries ,  Kenneth D. Ray ,  Daniel Salvatore Schiappa

IPC分类号： G06F21/53 ,  G06F21/56 ,  G06F21/51 ,  G06F17/21

CPC分类号： G06F21/53 ,  G06F17/212 ,  G06F21/51 ,  G06F21/56

摘要： Attachments or other documents can be transmitted to a sandbox environment where they can be concurrently opened for remote preview from an endpoint and scanned for possible malware. A gateway or other intermediate network element may enforce this process by replacing attachments, e.g., in incoming electronic mail communications, with links to a document preview hosted in the sandbox environment.

公开(公告)号：US07529946B2

公开(公告)日：2009-05-05

申请号：US11155071

申请日：2005-06-16

申请人： Kenneth D. Ray ,  Paul England ,  Peter Nicholas Biddle

发明人： Kenneth D. Ray ,  Paul England ,  Peter Nicholas Biddle

IPC分类号： G06F11/30 ,  G06F12/14 ,  H04L9/32

CPC分类号： G06F21/53 ,  G06F21/10 ,  G06F2221/2149

摘要： Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.

摘要翻译： 通过将启用比特密封到环境来实现防止未使用的使能位，使得这些比特仅能够被环境打开，或者通过使用隔离机制将环境与机器上的其它环境隔离开来 环境运行。 环境被信任不使用启用位，除了根据一组管理位的规则。 启用位可以是用于受DRM保护的内容的解密密钥，并且规则可以是管理该内容的使用的许可证。 相信启用位不会被滥用是通过信任环境不使用与规则相反的使能位来建立的，相信隔离机制来隔离环境，并且信任开封机制仅仅是为了解开环境的位。

公开(公告)号：US20090313397A1

公开(公告)日：2009-12-17

申请号：US12348487

申请日：2009-01-05

申请人： Paul England ,  Kenneth D. Ray ,  Marcus Peinado ,  John C. Dunn ,  Glen Slick ,  Bryan Willman

发明人： Paul England ,  Kenneth D. Ray ,  Marcus Peinado ,  John C. Dunn ,  Glen Slick ,  Bryan Willman

IPC分类号： G06F13/28

CPC分类号： G06F12/1408 ,  G06F3/065 ,  G06F13/28 ,  G06F13/362 ,  G06F13/4282 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/78 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2221/0704 ,  G06F2221/2105 ,  G06F2221/2129 ,  G06F2221/2147 ,  G06F2221/2153

摘要： The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

摘要翻译： 下面描述的各种实施例旨在从在USB总线上操作的I / O设备到主机（例如安全软件应用或安全内核）上执行的软件提供经认证和保密的消息传递。 这些实施例可以防止在主计算机上执行的软件所征收的攻击。 在一些实施例中，提供了安全的功能部件或模块，并且可以使用加密技术来提供对USB数据的观察和操纵的保护。 在其他实施例中，USB数据可以通过不被利用（或不需要利用）加密技术的技术来保护。 根据这些实施例，USB设备可以被指定为“安全”，因此，可以通过USB向这些指定设备发送和从这些指定设备发送的数据提供到受保护的存储器中。 可以利用内存间接技术来确保进出安全设备的数据受到保护。

公开(公告)号：US07418512B2

公开(公告)日：2008-08-26

申请号：US10692224

申请日：2003-10-23

申请人： Paul England ,  Anshul Dhir ,  Thekkthalackal Varugis Kurien ,  Kenneth D. Ray

发明人： Paul England ,  Anshul Dhir ,  Thekkthalackal Varugis Kurien ,  Kenneth D. Ray

IPC分类号： G06F15/16

CPC分类号： G06F21/62

摘要： A resource is obtained from a resource provider (RP) for a resource requester (RR) operating on a computing device. The RR has an identity descriptor (id) associated therewith, where the id including security-related information specifying an environment in which the RR operates. A code identity (code-ID) is calculated corresponding to and based on the loaded RR and loaded id. The RP verifies that the calculated code-ID in a request for the resource matches one of one or more valid code-IDs for the identified RR to conclude that the RR and id can be trusted, and the RP responds to the forwarded request by providing the requested resource to the RR.

摘要翻译： 从用于在计算设备上操作的资源请求者（RR）的资源提供者（RP）获得资源。 RR具有与其相关联的身份描述符（id），其中id包括指定RR操作的环境的安全相关信息。 代码标识（代码ID）是根据加载的RR和加载的id来计算的。 RP验证在资源请求中计算的代码ID与所识别的RR的一个或多个有效代码ID中的一个匹配，以得出可以信任的RR和ID，并且RP通过提供转发的请求来响应转发的请求 向RR请求的资源。