-
公开(公告)号:US08364975B2
公开(公告)日:2013-01-29
申请号:US11648472
申请日:2006-12-29
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
IPC分类号: H04L29/06
CPC分类号: G06F21/575 , G06F21/57 , G06F21/85
摘要: An augmented boot code module includes instructions to be executed by a processing unit during a boot process. The augmented boot code module also includes an encrypted version of a cryptographic key that can be decrypted with a cryptographic key that remains in the processing unit despite a reset of the processing unit. In one embodiment, the processing unit may decrypt the encrypted version of the cryptographic key and then use the decrypted key to establish a protected communication channel with a security processor, such as a trusted platform module (TPM). Other embodiments are described and claimed.
摘要翻译: 增强引导代码模块包括在引导过程期间由处理单元执行的指令。 增强的引导代码模块还包括加密密钥的加密版本,其可以利用保留在处理单元中的加密密钥来解密,尽管处理单元的重置。 在一个实施例中,处理单元可以对加密密钥的加密版本进行解密,然后使用解密密钥与安全处理器(例如可信平台模块(TPM))建立受保护的通信信道。 描述和要求保护其他实施例。
-
2.发明申请公开(公告)号:US20120265998A1
公开(公告)日:2012-10-18
申请号:US13532334
申请日:2012-06-25
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F21/575 , G06F2221/2129
摘要: When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
摘要翻译: 当处理系统引导时,它可以从非易失性存储器检索加密密钥的加密版本到处理单元,该处理单元可以解密密码密钥。 处理系统还可以检索用于处理系统的软件的预定认证码,并且处理系统可以使用密码密钥来计算软件的当前认证码。 然后,处理系统可以通过将预定认证码与当前认证码进行比较来确定软件是否应该被信任。 在各种实施例中,处理单元可以使用存储在处理单元的非易失性存储器中的密钥对加密密钥的加密版本进行解密,散列消息认证码(HMAC)可以用作认证码,和/或软件 被认证可以是启动固件,虚拟机监视器(VMM)或其他软件。 描述和要求保护其他实施例。
-
公开(公告)号:US08068614B2
公开(公告)日:2011-11-29
申请号:US11864887
申请日:2007-09-28
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
CPC分类号: G06F21/572 , G06F21/575
摘要: A processing system may include a processing unit and nonvolatile storage responsive to the processing unit. The nonvolatile storage may include a candidate boot code module and an authentication code module. The processing unit may be configured to execute code from the authentication code module before executing code from the candidate boot code module. The authentication code module may have instructions which, when executed by the processing unit, cause the processing unit to read a processor identifier from the processing unit and determine whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier, before executing any instructions from the candidate boot code module. The processing system may also test authenticity of the candidate boot code module before executing any instructions from the candidate boot code module. Other embodiments are described and claimed.
摘要翻译: 处理系统可以包括响应于处理单元的处理单元和非易失性存储器。 非易失性存储器可以包括候选引导代码模块和认证代码模块。 处理单元可以被配置为在从候选引导代码模块执行代码之前从认证代码模块执行代码。 认证代码模块可以具有指令,当由处理单元执行时,处理单元至少从处理单元读取处理器标识符并且确定处理器是否属于与特定供应商相关联的预定处理器集合 部分地在标识符上,在执行来自候选引导代码模块的任何指令之前。 在执行来自候选引导代码模块的任何指令之前,处理系统还可以测试候选引导代码模块的真实性。 描述和要求保护其他实施例。
-
公开(公告)号:US20090067618A1
公开(公告)日:2009-03-12
申请号:US11899574
申请日:2007-09-06
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
CPC分类号: G06F7/588 , G06F7/58 , H04L9/0662 , H04L2209/20
摘要: Systems, methods, and other embodiments associated with random number generators are described. One system embodiment includes a random number generator logic that may produce an initial random number from a first set of three inputs. The system embodiment may receive the three inputs from sources including an internal counter entropy source (ICES), an internal arbitrary entropy source (IAES), and an external entropy source (EES). The system embodiment may generate a first random number from a first set of three inputs (e.g., value from ICES, value from IAES, value from EES) but may then generate subsequent random numbers from a different set of three inputs (e.g., value from ICES, value from IAES, previous random number).
摘要翻译: 描述与随机数生成器相关联的系统,方法和其他实施例。 一个系统实施例包括随机数发生器逻辑,其可以从第一组三个输入产生初始随机数。 系统实施例可以从包括内部计数器熵源(ICES),内部任意熵源(IAES)和外部熵源(EES)的源接收三个输入。 系统实施例可以从第一组三个输入(例如,来自ICES的值,来自IAES的值,来自EES的值)生成第一随机数,然后可以从不同的三个输入集合(例如,来自 ICES,IAES的值,以前的随机数)。
-
5.发明申请公开(公告)号:US20080163383A1
公开(公告)日:2008-07-03
申请号:US11648511
申请日:2006-12-29
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
IPC分类号: H04L9/32
CPC分类号: G06F21/57 , G06F21/575 , G06F2221/2129
摘要: When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
摘要翻译: 当处理系统引导时,它可以从非易失性存储器检索加密密钥的加密版本到处理单元,该处理单元可以解密密码密钥。 处理系统还可以检索用于处理系统的软件的预定认证码,并且处理系统可以使用密码密钥来计算软件的当前认证码。 然后,处理系统可以通过将预定认证码与当前认证码进行比较来确定软件是否应该被信任。 在各种实施例中,处理单元可以使用存储在处理单元的非易失性存储器中的密钥对加密密钥的加密版本进行解密,散列消息认证码(HMAC)可以用作认证码,和/或软件 被认证可以是启动固件,虚拟机监视器(VMM)或其他软件。 描述和要求保护其他实施例。
-
公开(公告)号:US20080159541A1
公开(公告)日:2008-07-03
申请号:US11648472
申请日:2006-12-29
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
CPC分类号: G06F21/575 , G06F21/57 , G06F21/85
摘要: An augmented boot code module includes instructions to be executed by a processing unit during a boot process. The augmented boot code module also includes an encrypted version of a cryptographic key that can be decrypted with a cryptographic key that remains in the processing unit despite a reset of the processing unit. In one embodiment, the processing unit may decrypt the encrypted version of the cryptographic key and then use the decrypted key to establish a protected communication channel with a security processor, such as a trusted platform module (TPM). Other embodiments are described and claimed.
摘要翻译: 增强引导代码模块包括在引导过程期间由处理单元执行的指令。 增强的引导代码模块还包括加密密钥的加密版本,其可以利用保留在处理单元中的加密密钥来解密,尽管处理单元的重置。 在一个实施例中,处理单元可以对加密密钥的加密版本进行解密,然后使用解密密钥与安全处理器(例如可信平台模块(TPM))建立受保护的通信信道。 描述和要求保护其他实施例。
-
7.发明授权公开(公告)号:US08832457B2
公开(公告)日:2014-09-09
申请号:US13532334
申请日:2012-06-25
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
CPC分类号: G06F21/57 , G06F21/575 , G06F2221/2129
摘要: When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
摘要翻译: 当处理系统引导时,它可以从非易失性存储器检索加密密钥的加密版本到处理单元,该处理单元可以解密密码密钥。 处理系统还可以检索用于处理系统的软件的预定认证码,并且处理系统可以使用密码密钥来计算软件的当前认证码。 然后,处理系统可以通过将预定认证码与当前认证码进行比较来确定软件是否应该被信任。 在各种实施例中,处理单元可以使用存储在处理单元的非易失性存储器中的密钥对加密密钥的加密版本进行解密,散列消息认证码(HMAC)可以用作认证码,和/或软件 被认证可以是启动固件,虚拟机监视器(VMM)或其他软件。 描述和要求保护其他实施例。
-
8.发明授权公开(公告)号:US08209542B2
公开(公告)日:2012-06-26
申请号:US11648511
申请日:2006-12-29
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F21/575 , G06F2221/2129
摘要: When a processing system boots, it may retrieve an encrypted version of a cryptographic key from nonvolatile memory to a processing unit, which may decrypt the cryptographic key. The processing system may also retrieve a predetermined authentication code for software of the processing system, and the processing system may use the cryptographic key to compute a current authentication code for the software. The processing system may then determine whether the software should be trusted, by comparing the predetermined authentication code with the current authentication code. In various embodiments, the processing unit may use a key stored in nonvolatile storage of the processing unit to decrypt the encrypted version of the cryptographic key, a hashed message authentication code (HMAC) may be used as the authentication code, and/or the software to be authenticated may be boot firmware, a virtual machine monitor (VMM), or other software. Other embodiments are described and claimed.
摘要翻译: 当处理系统引导时,它可以从非易失性存储器检索加密密钥的加密版本到处理单元,该处理单元可以解密密码密钥。 处理系统还可以检索用于处理系统的软件的预定认证码,并且处理系统可以使用密码密钥来计算软件的当前认证码。 然后,处理系统可以通过将预定认证码与当前认证码进行比较来确定软件是否应该被信任。 在各种实施例中,处理单元可以使用存储在处理单元的非易失性存储器中的密钥对加密密钥的加密版本进行解密,散列消息认证码(HMAC)可以用作认证码,和/或软件 被认证可以是启动固件,虚拟机监视器(VMM)或其他软件。 描述和要求保护其他实施例。
-
公开(公告)号:US08010587B2
公开(公告)日:2011-08-30
申请号:US11899574
申请日:2007-09-06
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
IPC分类号: G06F1/02
CPC分类号: G06F7/588 , G06F7/58 , H04L9/0662 , H04L2209/20
摘要: Systems, methods, and other embodiments associated with random number generators are described. One system embodiment includes a random number generator logic that may produce an initial random number from a first set of three inputs. The system embodiment may receive the three inputs from sources including an internal counter entropy source (ICES), an internal arbitrary entropy source (IAES), and an external entropy source (EES). The system embodiment may generate a first random number from a first set of three inputs (e.g., value from ICES, value from IAES, value from EES) but may then generate subsequent random numbers from a different set of three inputs (e.g., value from ICES, value from IAES, previous random number).
摘要翻译: 描述与随机数生成器相关联的系统,方法和其他实施例。 一个系统实施例包括随机数发生器逻辑,其可以从第一组三个输入产生初始随机数。 系统实施例可以从包括内部计数器熵源(ICES),内部任意熵源(IAES)和外部熵源(EES)的源接收三个输入。 系统实施例可以从第一组三个输入(例如,来自ICES的值,来自IAES的值,来自EES的值)生成第一随机数,然后可以从不同的三个输入集合(例如,来自 ICES,IAES的值,以前的随机数)。
-
公开(公告)号:US20090086981A1
公开(公告)日:2009-04-02
申请号:US11864887
申请日:2007-09-28
申请人: Mohan J. Kumar , Shay Gueron
发明人: Mohan J. Kumar , Shay Gueron
IPC分类号: G06F21/00 , H04L9/08 , G06F15/177 , H04L9/30
CPC分类号: G06F21/572 , G06F21/575
摘要: A processing system may include a processing unit and nonvolatile storage responsive to the processing unit. The nonvolatile storage may include a candidate boot code module and an authentication code module. The processing unit may be configured to execute code from the authentication code module before executing code from the candidate boot code module. The authentication code module may have instructions which, when executed by the processing unit, cause the processing unit to read a processor identifier from the processing unit and determine whether the processor belongs to a predetermined set of processors associated with a specific vendor, based at least in part on the identifier, before executing any instructions from the candidate boot code module. The processing system may also test authenticity of the candidate boot code module before executing any instructions from the candidate boot code module. Other embodiments are described and claimed.
摘要翻译: 处理系统可以包括响应于处理单元的处理单元和非易失性存储器。 非易失性存储器可以包括候选引导代码模块和认证代码模块。 处理单元可以被配置为在从候选引导代码模块执行代码之前从认证代码模块执行代码。 认证码模块可以具有指令,当由处理单元执行时,处理单元至少从处理单元读取处理器标识符并且确定处理器是否属于与特定供应商相关联的预定处理器集合 部分地在标识符上,在执行来自候选引导代码模块的任何指令之前。 在执行来自候选引导代码模块的任何指令之前,处理系统还可以测试候选引导代码模块的真实性。 描述和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
113 条记录 (耗时 0.021 秒)