利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

49 条记录 (耗时 0.033 秒)

    Methods and apparatus supporting access to physical and virtual trusted platform modules
    3.
    发明授权
    Methods and apparatus supporting access to physical and virtual trusted platform modules 有权
    支持访问物理和虚拟可信平台模块的方法和设备

    公开(公告)号:US08584229B2

    公开(公告)日:2013-11-12

    申请号:US11963336

    申请日:2007-12-21

    申请人: Tasneem Brutch Alok Kumar Murari Kumar Kalpana M. Roge Vincent R. Scarlata Ned M. Smith Faraz A. Siddiqi Willard M. Wiseman

    发明人: Tasneem Brutch Alok Kumar Murari Kumar Kalpana M. Roge Vincent R. Scarlata Ned M. Smith Faraz A. Siddiqi Willard M. Wiseman

    IPC分类号: G11C7/00

    CPC分类号: G06F21/629 G06F9/45558 G06F21/57 G06F2009/45587 G06F2221/2153

    摘要: A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed.

    摘要翻译: 数据处理系统具有硬件可信平台模块(TPM)和虚拟TPM(vTPM)管理器。 当执行时,vTPM管理器检测来自处理系统中的服务虚拟机(VM)的第一请求,第一请求涉及访问硬件TPM(hTPM)。 作为响应,基于识别hTPM的允许或不允许操作的过滤器规则,vTPM管理器自动确定是否应允许第一个请求。 vTPM管理器还可以检测第二请求以涉及访问处理系统中的软件TPM(sTPM)。 作为响应,基于识别sTPM的允许或不允许的操作的第二过滤器列表,vTPM管理器可以自动确定是否应允许第二请求。 描述和要求保护其他实施例。

    Methods And Apparatus Supporting Access To Physical And Virtual Trusted Platform Modules
    4.
    发明申请
    Methods And Apparatus Supporting Access To Physical And Virtual Trusted Platform Modules 有权
    支持访问物理和虚拟可信平台模块的方法和设备

    公开(公告)号:US20090165117A1

    公开(公告)日:2009-06-25

    申请号:US11963336

    申请日:2007-12-21

    申请人: Tasneem Brutch Alok Kumar Murari Kumar Kalpana M. Roge Vincent R. Scarlata Ned M. Smith Faraz A. Siddiqi Williard M. Wiseman

    发明人: Tasneem Brutch Alok Kumar Murari Kumar Kalpana M. Roge Vincent R. Scarlata Ned M. Smith Faraz A. Siddiqi Williard M. Wiseman

    IPC分类号: G06F9/00

    CPC分类号: G06F21/629 G06F9/45558 G06F21/57 G06F2009/45587 G06F2221/2153

    摘要: A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed.

    摘要翻译: 数据处理系统具有硬件可信平台模块(TPM)和虚拟TPM(vTPM)管理器。 当执行时,vTPM管理器检测来自处理系统中的服务虚拟机(VM)的第一请求,第一请求涉及访问硬件TPM(hTPM)。 作为响应,基于识别hTPM的允许或不允许操作的过滤器规则,vTPM管理器自动确定是否应允许第一个请求。 vTPM管理器还可以检测第二请求以涉及访问处理系统中的软件TPM(sTPM)。 作为响应,基于识别sTPM的允许或不允许的操作的第二过滤器列表,vTPM管理器可以自动确定是否应允许第二请求。 描述和要求保护其他实施例。

    METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES
    6.
    发明申请
    METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES 有权
    提供可升级的平台模块的可升级主要功能的方法和设备

    公开(公告)号:US20090089582A1

    公开(公告)日:2009-04-02

    申请号:US11863233

    申请日:2007-09-27

    申请人: TASNEEM BRUTCH Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    发明人: TASNEEM BRUTCH Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    IPC分类号: H04L9/30

    CPC分类号: G06F21/602 G06F21/57 H04L9/0825 H04L9/0836 H04L9/0897

    摘要: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

    摘要翻译: 具有可信平台模块(TPM)的处理系统支持数字密钥的迁移。 例如,当处理系统具有第一配置时,处理系统中的应用可以创建作为TPM存储根密钥(SRK)的子节点的第一配置密钥。 应用还可以创建与作为第一配置密钥的子级的升级授权机相关联的可升级根用户密钥。 应用程序还可以创建用户密钥作为可升级的根用户密钥的子级。 当处理系统具有第二配置时,应用可以创建作为SRK的子节点的第二配置密钥。 该应用程序可能请求迁移批准从升级授权。 响应于接收到升级授权的批准,应用程序可以将root用户密钥迁移为第二个配置密钥的子节点。 描述和要求保护其他实施例。

    Methods and apparatus for providing upgradeable key bindings for trusted platform modules
    7.
    发明授权
    Methods and apparatus for providing upgradeable key bindings for trusted platform modules 有权
    为可信平台模块提供可升级密钥绑定的方法和装置

    公开(公告)号:US08064605B2

    公开(公告)日:2011-11-22

    申请号:US11863233

    申请日:2007-09-27

    申请人: Tasneem Brutch Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    发明人: Tasneem Brutch Alok Kumar Vincent R. Scarlata Faraz A. Siddiqi Ned M. Smith Willard M. Wiseman

    IPC分类号: H04L9/00 H04L29/06

    CPC分类号: G06F21/602 G06F21/57 H04L9/0825 H04L9/0836 H04L9/0897

    摘要: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

    摘要翻译: 具有可信平台模块(TPM)的处理系统支持数字密钥的迁移。 例如,当处理系统具有第一配置时,处理系统中的应用可以创建作为TPM存储根密钥(SRK)的子节点的第一配置密钥。 应用还可以创建与作为第一配置密钥的子级的升级授权机相关联的可升级根用户密钥。 应用程序还可以创建用户密钥作为可升级的根用户密钥的子级。 当处理系统具有第二配置时,应用可以创建作为SRK的子节点的第二配置密钥。 该应用程序可能请求迁移批准从升级授权。 响应于接收到升级授权的批准,应用程序可以将root用户密钥迁移为第二个配置密钥的子节点。 描述和要求保护其他实施例。

    Device, system, and method for provisioning trusted platform module policies to a virtual machine monitor
    8.
    发明申请
    Device, system, and method for provisioning trusted platform module policies to a virtual machine monitor 审中-公开
    用于将可信平台模块策略提供给虚拟机监视器的设备,系统和方法

    公开(公告)号:US20090133097A1

    公开(公告)日:2009-05-21

    申请号:US11984321

    申请日:2007-11-15

    申请人: Ned Smith Willard M. Wiseman Alok Kumar Vincent R. Scarlata Faraz Siddiqi Tasneem Brutch

    发明人: Ned Smith Willard M. Wiseman Alok Kumar Vincent R. Scarlata Faraz Siddiqi Tasneem Brutch

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57 G06F21/53

    摘要: A method, apparatus and system for a trusted platform module accepting a customized integrity policy provisioned to a virtual machine monitor, verifying the security of a first policy object, for example, including the customized integrity policy, by comparing a counter associated with the first policy object with a counter associated with a second policy object, and customizing a virtual trusted platform module of the virtual machine monitor according to the first policy object, for example, when the first policy object is verified. The customized integrity policy may include user specified configurations for implementing a customized virtual environment. Other embodiments are described and claimed.

    摘要翻译: 一种可信平台模块的方法,装置和系统,其接受提供给虚拟机监视器的定制完整性策略,通过比较与第一策略相关联的计数器来验证第一策略对象的安全性,例如包括定制完整性策略 对象与与第二策略对象相关联的计数器,以及根据第一策略对象,例如当第一策略对象被验证时,自定义虚拟机监视器的虚拟可信平台模块。 定制的完整性策略可以包括用于实现定制的虚拟环境的用户指定的配置。 描述和要求保护其他实施例。

    Secure video ouput path
    9.
    发明授权
    Secure video ouput path 有权
    安全视频输出路径

    公开(公告)号:US09501668B2

    公开(公告)日:2016-11-22

    申请号:US14036263

    申请日:2013-09-25

    申请人: Siddhartha Chhabra Uday R. Savagaonkar Prashant Dewan David M. Durham Balaji Vembu Xiaozhu Kang Scott Janus Jason Martin Vincent R. Scarlata

    发明人: Siddhartha Chhabra Uday R. Savagaonkar Prashant Dewan David M. Durham Balaji Vembu Xiaozhu Kang Scott Janus Jason Martin Vincent R. Scarlata

    IPC分类号: H04N7/167 G06F21/82 G06F21/84 G06F21/85 H04N21/41 H04N21/4143 H04N21/4367

    CPC分类号: G06F21/82 G06F21/84 G06F21/85 H04N21/4122 H04N21/4143 H04N21/4367

    摘要: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.

    摘要翻译: 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括:架构受保护的存储器; 以及处理核心,其通信地耦合到所述体系结构保护的存储器,所述处理核心包括处理逻辑,所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境:执行驻留在所述体系结构保护的存储器中的指令, 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径,其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。

    System and method for implementing a trusted dynamic launch and trusted platform module (TPM) using secure enclaves
    10.
    发明授权
    System and method for implementing a trusted dynamic launch and trusted platform module (TPM) using secure enclaves 有权
    使用安全飞行器实现可信的动态启动和可信平台模块(TPM)的系统和方法

    公开(公告)号:US08832452B2

    公开(公告)日:2014-09-09

    申请号:US12976831

    申请日:2010-12-22

    申请人: Simon P. Johnson Vincent R. Scarlata Willard M. Wiseman

    发明人: Simon P. Johnson Vincent R. Scarlata Willard M. Wiseman

    IPC分类号: G06F21/00 H04L9/32 G06F21/10 G06F21/57

    CPC分类号: G06F21/71 G06F21/10 G06F21/57 G06F2221/0748 G06F2221/0797 H04L9/3234

    摘要: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

    摘要翻译: 描述了使用安全飞地实现可信的动态发射和可信平台模块(TPM)的装置和方法。 例如,根据本发明的一个实施例的计算机实现的方法包括:响应于第一命令来初始化安全飞地,所述安全飞地包括可信软件执行环境,其防止在飞地之外执行的软件访问软件,以及 飞地内的数据; 以及从所述安全飞地内执行可信平台模块(TPM),所述可信平台模块将处理器或芯片组组件中的一组平台控制寄存器(PCR)中的数据安全地读取到分配给所述安全飞地的存储器区域中。