利索-全球专利检索

  1. Login
  2. Sign Up

Search Results

15 records (took 0.023 seconds)

    Methods and apparatus for trusted boot optimization
    1.
    发明授权
    Methods and apparatus for trusted boot optimization 有权
    可信引导优化的方法和设备

    公开(公告)号:US08892858B2

    公开(公告)日:2014-11-18

    申请号:US13810654

    申请日:2011-12-29

    Applicant: Ned M. Smith Vincent J. Zimmer Victoria C. Moore

    Inventor: Ned M. Smith Vincent J. Zimmer Victoria C. Moore

    IPC: G06F21/57 G06F9/24

    CPC classification number: G06F21/575 G06F9/24 G06F9/4401

    Abstract: A data processing system may include a high integrity storage (HIS) device with a partition or cache that is protected from updates. The data processing system may perform a boot process in response to being reactivated. The boot process may include the operation of executing a boot object. During the boot process, before executing the boot object, the data processing system may retrieve a digest for the boot object from the protected cache of the HIS device. The digest may be a cryptographic hash value for the boot object. During the boot process, the retrieved digest may be extended into a platform configuration register in a trusted platform module of the data processing system. Other embodiments are described and claimed.

    Abstract translation: 数据处理系统可以包括具有防止更新的分区或高速缓存的高完整性存储(HIS)设备。 数据处理系统可以响应于重新激活而执行引导过程。 引导过程可以包括执行引导对象的操作。 在引导过程中,在执行引导对象之前,数据处理系统可以从HIS设备的受保护缓存中检索引导对象的摘要。 摘要可能是引导对象的加密哈希值。 在引导过程中,检索到的摘要可以扩展到数据处理系统的可信平台模块中的平台配置寄存器。 描述和要求保护其他实施例。

    Extensible pre-boot authentication
    2.
    发明授权
    Extensible pre-boot authentication 有权
    可扩展的预引导认证

    公开(公告)号:US08909940B2

    公开(公告)日:2014-12-09

    申请号:US12974244

    申请日:2010-12-21

    Applicant: Jacek Peszek Ned M. Smith Vincent J. Zimmer Victoria C. Moore Alberto J. Martinez

    Inventor: Jacek Peszek Ned M. Smith Vincent J. Zimmer Victoria C. Moore Alberto J. Martinez

    IPC: G06F12/14 G06F21/57

    CPC classification number: G06F21/575

    Abstract: In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.

    Abstract translation: 在一个实施例中,本发明包括一种从配置有全盘加密(FDE)的非易失性存储器获得预引导认证(PBA)图像并将PBA图像存储在存储器中的方法。 然后,可以在执行在芯片组的引擎上的加载器和提供PBA图像以确认PBA图像的完整性的第三方的完整性检查器之间执行回调协议,如果确认完整性则执行PBA图像;以及 否则删除。 描述和要求保护其他实施例。

    METHODS AND APPARATUS FOR TRUSTED BOOT OPTIMIZATION
    3.
    发明申请
    METHODS AND APPARATUS FOR TRUSTED BOOT OPTIMIZATION 有权
    用于引导引导优化的方法和装置

    公开(公告)号:US20140025939A1

    公开(公告)日:2014-01-23

    申请号:US13810654

    申请日:2011-12-29

    Applicant: Ned M. Smith Vincent J. Zimmer Victoria C. Moore

    Inventor: Ned M. Smith Vincent J. Zimmer Victoria C. Moore

    IPC: G06F21/57

    CPC classification number: G06F21/575 G06F9/24 G06F9/4401

    Abstract: A data processing system may include a high integrity storage (HIS) device with a partition or cache that is protected from updates. The data processing system may perform a boot process in response to being reactivated. The boot process may include the operation of executing a boot object. During the boot process, before executing the boot object, the data processing system may retrieve a digest for the boot object from the protected cache of the HIS device. The digest may be a cryptographic hash value for the boot object. During the boot process, the retrieved digest may be extended into a platform configuration register in a trusted platform module of the data processing system. Other embodiments are described and claimed.

    Abstract translation: 数据处理系统可以包括具有防止更新的分区或高速缓存的高完整性存储(HIS)设备。 数据处理系统可以响应于重新激活而执行引导过程。 引导过程可以包括执行引导对象的操作。 在引导过程中,在执行引导对象之前,数据处理系统可以从HIS设备的受保护缓存中检索引导对象的摘要。 摘要可能是引导对象的加密哈希值。 在引导过程中,检索到的摘要可以扩展到数据处理系统的可信平台模块中的平台配置寄存器。 描述和要求保护其他实施例。

    Extensible Pre-Boot Authentication
    4.
    发明申请
    Extensible Pre-Boot Authentication 有权
    可扩展的预引导认证

    公开(公告)号:US20110138166A1

    公开(公告)日:2011-06-09

    申请号:US12974244

    申请日:2010-12-21

    Applicant: Jacek Peszek Ned M. Smith Vincent J. Zimmer Victoria C. Moore Alberto J. Martinez

    Inventor: Jacek Peszek Ned M. Smith Vincent J. Zimmer Victoria C. Moore Alberto J. Martinez

    IPC: G06F9/24

    CPC classification number: G06F21/575

    Abstract: In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.

    Abstract translation: 在一个实施例中,本发明包括一种从配置有全盘加密(FDE)的非易失性存储器获得预引导认证(PBA)图像并将PBA图像存储在存储器中的方法。 然后,可以在执行在芯片组的引擎上的加载器和提供PBA图像以确认PBA图像的完整性的第三方的完整性检查器之间执行回调协议,如果确认完整性则执行PBA图像;以及 否则删除。 描述和要求保护其他实施例。

    Method, apparatus and system for controlling access to computer platform resources
    7.
    发明授权
    Method, apparatus and system for controlling access to computer platform resources 有权
    用于控制对计算机平台资源的访问的方法,装置和系统

    公开(公告)号:US08966600B2

    公开(公告)日:2015-02-24

    申请号:US12976942

    申请日:2010-12-22

    Applicant: Ned M. Smith Victoria C. Moore Moshe Valenci Craig T. Owen

    Inventor: Ned M. Smith Victoria C. Moore Moshe Valenci Craig T. Owen

    IPC: H04L29/00 H04L9/32

    CPC classification number: H04L9/3215 H04L63/0807 H04L2463/082

    Abstract: A manageability engine, and/or operations thereof, for controlling access to one or more resources of a computer device. In an embodiment, the manageability engine executes an authentication agent to perform authentication of a local user of a computer platform which includes the manageability engine. In another embodiment, the manageability engine includes a device driver to control an input/output device for the local user to exchange an authentication factor via a trusted path between the input/output device and the manageability engine.

    Abstract translation: 一种可管理性引擎和/或其操作,用于控制对计算机设备的一个或多个资源的访问。 在一个实施例中,可管理性引擎执行认证代理以执行包括可管理引擎的计算机平台的本地用户的认证。 在另一个实施例中,可管理性引擎包括设备驱动程序,用于控制本地用户的输入/输出设备,以通过输入/输出设备和可管理性引擎之间的信任路径来交换认证因素。

    Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine
    9.
    发明申请
    Privacy Enhanced Key Management For A Web Service Provider Using A Converged Security Engine 有权
    使用融合安全引擎的Web服务提供商的隐私增强密钥管理

    公开(公告)号:US20140181925A1

    公开(公告)日:2014-06-26

    申请号:US13721760

    申请日:2012-12-20

    Applicant: Ned M. Smith Conor P. Cahill Victoria C. Moore Jason Martin Micah J. Sheller

    Inventor: Ned M. Smith Conor P. Cahill Victoria C. Moore Jason Martin Micah J. Sheller

    IPC: G06F21/45 G06F21/31

    CPC classification number: H04L9/0861 G06F21/31 G06F21/33 G06F21/45 H04L9/3234 H04L63/0281 H04L63/061 H04L63/08 H04L63/0815 H04L63/0823 H04L63/0838 H04L63/1466 H04L2209/127 H04L2463/082

    Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.

    Abstract translation: 在一个实施例中,处理器的安全引擎包括身份提供者逻辑,以生成密钥配对关联系统用户的第一密钥对和提供Web服务并具有通过网络耦合到系统的第二系统的服务提供者, 以执行与所述第二系统的安全通信,以使所述第二系统能够验证所述身份提供者逻辑在可信执行环境中正在执行,并且响应于所述验证​​,将所述第一密钥对的第一密钥发送到所述第二系统。 该密钥可以使得第二系统可以根据多因素认证来验证由身份提供者逻辑传达的断言,用户已被认证给系统。 描述和要求保护其他实施例。

Patent Agency Ranking