公开(公告)号：US20080298581A1

公开(公告)日：2008-12-04

申请号：US11754667

申请日：2007-05-29

申请人： Masana Murase ,  Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Vladimir Zbarsky

发明人： Masana Murase ,  Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Vladimir Zbarsky

IPC分类号： H04L9/00

CPC分类号： G06F21/52

摘要： A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access are disclosed. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.

摘要翻译： 公开了一种用于保护敏感程序代码和数据（包括永久存储的数据）从未经授权的访问的方法，计算机程序产品和数据处理系统。 专用硬件将加密的内核解密为内存以供执行。 当应用程序被执行时，内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。 内核然后删除其秘密信息，并将计算的秘密传递给应用程序。 为了将数据永久存储在内存中，应用程序使用计算的秘密之一在存储之前对数据进行加密。 如果内核启动同一应用程序的另一个实例，内核（将被重新解密以恢复内核的秘密）将计算相同的一个或多个秘密，从而允许第二个应用程序实例访问由第一个 应用程序实例。

公开(公告)号：US20090086974A1

公开(公告)日：2009-04-02

申请号：US11866020

申请日：2007-10-02

申请人： Masana Murase ,  Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Vladimir Zbarsky

发明人： Masana Murase ,  Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Vladimir Zbarsky

IPC分类号： H04L9/30 ,  H04L9/32

CPC分类号： H04L9/3247 ,  G06F21/51 ,  H04L9/0836 ,  H04L2209/56

摘要： A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair's public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.

摘要翻译： 公开了一种方法，计算机程序产品和数据处理系统，用于确保在数据处理系统中执行的应用仅来自可信源。 在优选实施例中，安全操作内核维护包含与可信软件供应商对应的密钥的“密钥环”。 安全内核使用供应商密钥来验证给定的应用程序是否由经过批准的供应商签名。 为了使独立开发人员能够为本文所述的平台开发软件，提供了一种“全局密钥对”，其中该对的公钥和私钥都是公知的，以便任何人可以使用全局 键。 可以通过将密钥环中的全局密钥对的公钥作为“供应商密钥”来包括全局密钥对的公钥来执行这样的应用，或者相反地，可以通过从密钥环中排除全局公钥来实现。

公开(公告)号：US20080301468A1

公开(公告)日：2008-12-04

申请号：US11754649

申请日：2007-05-29

申请人： Masana Murase ,  Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Masaharu Sakamoto ,  Vladimir Zbarsky

发明人： Masana Murase ,  Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Masaharu Sakamoto ,  Vladimir Zbarsky

IPC分类号： G06F12/14

CPC分类号： G06F12/1458 ,  G06F21/52 ,  G06F21/575 ,  G06F21/79 ,  G06F2221/2143

摘要： A method, computer program product, and data processing system for executing larger-than-physical-memory applications while protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault or page fault detection are disclosed. Large applications are accommodated by providing a mechanism for secure program overlays, in which a single large application is broken into two or more smaller applications (overlays) that can be executed from the same memory space by overwriting one of the smaller applications with another of the smaller applications when the latter needs to be executed. So that the data may be shared among these smaller applications, each of the applications contains embedded cryptographic keys, which may be used to encrypt or decrypt information to be stored persistently while control is transferred from one application to the other.

摘要翻译： 公开了一种用于执行大于物理存储器应用的方法，计算机程序产品和数据处理系统，同时在不受保护故障或页面故障检测的存储器空间中保护敏感程序代码（以及数据）以防未经授权的访问。 通过提供用于安全程序覆盖的机制来容纳大的应用程序，其中单个大型应用程序被分解成可以从相同存储器空间执行的两个或更多个更小的应用程序（覆盖层），通过用另一个 较小的应用程序，当后者需要执行。 为了使数据可以在这些较小的应用程序之间共享，每个应用程序都包含嵌入式加密密钥，这些密钥可用于加密或解密持续存储的信息，同时控制从一个应用程序传输到另一个应用程序。

公开(公告)号：US20080301440A1

公开(公告)日：2008-12-04

申请号：US11754658

申请日：2007-05-29

申请人： Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Vladimir Zbarsky

发明人： Wilfred E. Plouffe, JR. ,  Kanna Shimizu ,  Vladimir Zbarsky

IPC分类号： H04L9/00

CPC分类号： G06F21/575 ,  G06F21/51 ,  G06F2221/2143

摘要： A method, computer program product, and data processing system for providing an updateable encrypted operating kernel are disclosed. In a preferred embodiment, secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.

摘要翻译： 公开了一种用于提供可更新的加密操作内核的方法，计算机程序产品和数据处理系统。 在优选实施例中，安全初始化硬件将包含敏感部分的数据和/或代码的最小安全内核解密成可执行内核的处理器可访问存储器空间的一部分。 大多数系统软件功能并不直接得到安全内核的支持，而是由使用公钥加密的动态加载内核扩展提供，以便只能使用安全内核拥有的私有密钥进行解密。 公钥/私钥对是处理器特定的。 在将控件传递给内核扩展之前，安全内核将删除其敏感部分的一个子集，只保留执行委托给内核扩展的任务所需的敏感部分。 保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。

公开(公告)号：US20080301469A1

公开(公告)日：2008-12-04

申请号：US11754678

申请日：2007-05-29

申请人： Wilfred E. Plouffe, JR. ,  Kanna Shimizu

发明人： Wilfred E. Plouffe, JR. ,  Kanna Shimizu

IPC分类号： G06F12/14

CPC分类号： G06F12/1458 ,  G06F21/51 ,  G06F21/572 ,  G06F21/74

摘要： A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access.

摘要翻译： 公开了一种方法，计算机程序产品和数据处理系统，用于在不受保护故障检测的存储器空间中保护敏感程序代码（以及数据）免于未经授权的访问。 在优选实施例中，安全初始化硬件将敏感代码从仅可访问安全初始化硬件本身的存储位置加载，并将敏感代码解密为可执行代码的处理器可访问存储器空间的一部分。 一旦敏感代码的执行完成，则在将控制传递给应用软件之前，所有或至少一部分代码被删除。 如果应用软件需要执行敏感代码，则激活安全初始化硬件，将敏感代码的新鲜副本重新加载/解密到存储器空间中，并使代码被执行。 在控制返回到应用软件之前，敏感代码将被重新删除，以防止未经授权的访问。