-
公开(公告)号:US07024555B2
公开(公告)日:2006-04-04
申请号:US10043843
申请日:2001-11-01
申请人: Michael A. Kozuch , James A. Sutton, II , David Grawrock , Gilbert Neiger , Richard A. Uhlig , Bradley G. Burgess , David I. Poisner , Clifford D. Hall , Andy Glew , Lawrence O. Smith, III , Robert George
发明人: Michael A. Kozuch , James A. Sutton, II , David Grawrock , Gilbert Neiger , Richard A. Uhlig , Bradley G. Burgess , David I. Poisner , Clifford D. Hall , Andy Glew , Lawrence O. Smith, III , Robert George
IPC分类号: G06F1/26
CPC分类号: G06F21/57
摘要: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.
-
公开(公告)号:US08386788B2
公开(公告)日:2013-02-26
申请号:US12615475
申请日:2009-11-10
IPC分类号: H04L29/06
CPC分类号: G06F9/45533 , G06F9/445 , G06F21/57 , G06F21/575 , G06F2009/45583 , G06F2009/45587
摘要: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.
摘要翻译: 提供了一种用于将区域固定在计算机的存储器中的方法和装置。 根据一个实施例,该方法包括在计算机中停止多个处理器中的所有处理器中的所有处理器。 停止的处理器进入特殊的停止状态。 只有在除了多个处理器中的一个处理器之外的所有处理器停止之后,内容被加载到该区域中,并且该区域被保护以免被暂停的处理器访问。 该方法还包括将非暂停处理器置于已知特权状态,并且在非停止处理器已经被置于已知特权状态之后使得暂停的处理器退出停止状态。
-
3.发明授权Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment 有权在多处理器环境中单方面加载安全操作系统的装置和方法公开(公告)号:US07921293B2
公开(公告)日:2011-04-05
申请号:US11340181
申请日:2006-01-24
申请人: Michael A. Kozuch , James A. Sutton, II , David Grawrock , Gilbert Neiger , Richard A. Uhlig , Bradley G. Burgess , David I. Poisner , Clifford D. Hall , Andy Glew , Lawrence O. Smith, III , Robert George
发明人: Michael A. Kozuch , James A. Sutton, II , David Grawrock , Gilbert Neiger , Richard A. Uhlig , Bradley G. Burgess , David I. Poisner , Clifford D. Hall , Andy Glew , Lawrence O. Smith, III , Robert George
CPC分类号: G06F21/57
摘要: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.
摘要翻译: 描述了在多处理器环境内单方面加载安全操作系统的装置和方法。 该方法包括当检测到当前活动的负载安全区域操作时忽略接收的负载安全区域指令。 否则,响应于接收到的负载安全区域指令,引导存储器保护元件以形成安全存储器环境。 一旦定向,就禁止对一个或多个受保护的存储器区域进行未经授权的读/写访问。 最后,一个或多个受保护的存储器区域的加密散列值作为安全的软件识别值存储在摘要信息库中。 一旦存储,外部代理可以请求访问数字签名的软件标识值以建立安全存储器环境内的安全软件的安全验证。
-
公开(公告)号:US08407476B2
公开(公告)日:2013-03-26
申请号:US12615519
申请日:2009-11-10
IPC分类号: H04L29/06
CPC分类号: G06F9/45533 , G06F9/445 , G06F21/57 , G06F21/575 , G06F2009/45583 , G06F2009/45587
摘要: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.
摘要翻译: 提供了一种用于将区域固定在计算机的存储器中的制造物品。 根据一个实施例,制品包括机器可访问介质,其包括当由机器访问时使机器停止计算机中的多个处理元件中除了一个处理元件之外的所有其中停止的处理元件进入的数据 进入特殊的停止状态; 只有在除了多个处理元件中的一个处理元件之外的所有处理器停止之后才将内容加载到该区域中,并且该区域被保护以防止被暂停的处理元件的访问; 将未停止的处理元素置于已知的特权状态; 并且在非停止处理元件已经被置于已知的特权状态之后使得暂停的处理元件退出停止状态。
-
公开(公告)号:US20100058076A1
公开(公告)日:2010-03-04
申请号:US12615519
申请日:2009-11-10
IPC分类号: G06F12/14
CPC分类号: G06F9/45533 , G06F9/445 , G06F21/57 , G06F21/575 , G06F2009/45583 , G06F2009/45587
摘要: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.
摘要翻译: 提供了一种用于将区域固定在计算机的存储器中的制造物品。 根据一个实施例,制品包括机器可访问介质,其包括当由机器访问时使机器停止计算机中的多个处理元件中除了一个处理元件之外的所有其中停止的处理元件进入的数据 进入特殊的停止状态; 只有在除了多个处理元件中的一个处理元件之外的所有处理器停止之后才将内容加载到该区域中,并且该区域被保护以防止被暂停的处理元件的访问; 将未停止的处理元素置于已知的特权状态; 并且在非停止处理元件已经被置于已知的特权状态之后使得暂停的处理元件退出停止状态。
-
6.发明授权System and method for execution of a secured environment initialization instruction 有权用于执行安全环境初始化指令的系统和方法公开(公告)号:US08645688B2
公开(公告)日:2014-02-04
申请号:US13444450
申请日:2012-04-11
CPC分类号: G06F9/4403 , G01N23/223 , G01N33/502 , G01N33/6872 , G01N2223/076 , G06F9/44505 , G06F12/0802 , G06F12/145 , G06F12/1458 , G06F13/4282 , G06F21/57 , G06F21/572 , G06F2212/1052 , G06F2212/60 , G06F2213/0026 , G06F2221/033 , H04L9/32 , H04L9/3247
摘要: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
摘要翻译: 描述了用于在微处理器系统中发起安全操作的方法和装置。 在一个实施例中,一个起始逻辑处理器通过停止其他逻辑处理器的执行,然后将初始化和将虚拟机监视软件安全地保存到存储器中来启动该过程。 起始处理器然后将初始化软件加载到安全存储器中用于认证和执行。 然后,初始化软件在安全系统操作之前对安全虚拟机监控软件进行身份验证和注册。
-
公开(公告)号:US07571329B2
公开(公告)日:2009-08-04
申请号:US10891699
申请日:2004-07-14
申请人: Ernie F. Brickell , Alberto J. Martinez , David W. Grawrock , James A. Sutton, II , Clifford D. Hall
发明人: Ernie F. Brickell , Alberto J. Martinez , David W. Grawrock , James A. Sutton, II , Clifford D. Hall
CPC分类号: G06F21/73
摘要: Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.
摘要翻译: 安全地存储和检索与/从处理系统的存储器中的设备相关联的唯一值。 在至少一个实施例中,设备需要能够跨越处理系统复位来访问唯一值,并且设备没有足够的非易失性存储来存储唯一值本身。 相反,唯一的值被存储在处理系统存储器中,使得存储的唯一值不会为处理系统或设备创建唯一的标识符。 可以使用伪随机或随机生成的初始化向量来改变用于在存储器中存储唯一值的加密数据结构。
-
8.发明授权Method of delivering direct proof private keys to devices using an on-line service 有权使用在线服务向设备提供直接验证私钥的方法公开(公告)号:US08660266B2
公开(公告)日:2014-02-25
申请号:US12710439
申请日:2010-02-23
IPC分类号: G06F21/00
CPC分类号: H04L9/0844 , H04L2209/127
摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.
摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所生成的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。
-
9.发明授权System and method for execution of a secured environment initialization instruction 有权执行安全环境初始化指令的系统和方法公开(公告)号:US07546457B2
公开(公告)日:2009-06-09
申请号:US11096618
申请日:2005-03-31
CPC分类号: G06F9/4403 , G01N23/223 , G01N33/502 , G01N33/6872 , G01N2223/076 , G06F9/44505 , G06F12/0802 , G06F12/145 , G06F12/1458 , G06F13/4282 , G06F21/57 , G06F21/572 , G06F2212/1052 , G06F2212/60 , G06F2213/0026 , G06F2221/033 , H04L9/32 , H04L9/3247
摘要: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
摘要翻译: 描述了用于在微处理器系统中发起安全操作的方法和装置。 在一个实施例中,一个起始逻辑处理器通过停止其他逻辑处理器的执行,然后将初始化和将虚拟机监视软件安全地保存到存储器中来启动该过程。 起始处理器然后将初始化软件加载到安全存储器中用于认证和执行。 然后,初始化软件在安全系统操作之前对安全虚拟机监控软件进行身份验证和注册。
-
公开(公告)号:US07069442B2
公开(公告)日:2006-06-27
申请号:US10112169
申请日:2002-03-29
CPC分类号: G06F9/4403 , G01N23/223 , G01N33/502 , G01N33/6872 , G01N2223/076 , G06F9/44505 , G06F12/0802 , G06F12/145 , G06F12/1458 , G06F13/4282 , G06F21/57 , G06F21/572 , G06F2212/1052 , G06F2212/60 , G06F2213/0026 , G06F2221/033 , H04L9/32 , H04L9/3247
摘要: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.027 秒)