-
1.发明授权公开(公告)号:US08495361B2
公开(公告)日:2013-07-23
申请号:US11858971
申请日:2007-09-21
IPC分类号: H04L29/06
CPC分类号: G06F21/57
摘要: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密,并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥(EK)凭证处理过程中,TPM产生一个签名密钥,其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥(来自认可密钥)和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
2.发明授权Method for securely creating an endorsement certificate in an insecure environment 失效在不安全的环境中安全地创建背书证书的方法公开(公告)号:US07644278B2
公开(公告)日:2010-01-05
申请号:US10750594
申请日:2003-12-31
IPC分类号: H04L9/32
CPC分类号: G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要: A Method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured trusted platform modules. The endorsement keys are generated for the trusted platform module (TPM). The TPM vendor selects an N-byte secret and stores the N-type secret in the trusted platform module along with the endorsement keys. The secret number cannot be read outside of the trusted platform module. The secret number is also provided to the credential server of the original equipment manufacturer. During the endorsement key (EK) credential process, the trusted platform module generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key withy a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the trusted platform module only when a match is confirmed.
摘要翻译: 一种用于确保制造可信平台模块的认可密钥的安全兼容创建和签名的方法和系统。 为可信平台模块(TPM)生成认可密钥。 TPM供应商选择N字节的秘密,并将N型秘密与认可密钥一起存储在可信平台模块中。 秘密号码不能在受信任的平台模块之外读取。 秘密编号也提供给原始设备制造商的凭证服务器。 在认可密钥(EK)凭证过程中,可信平台模块生成包括公开密钥和秘密的哈希和公开密钥的认可密钥。 凭证服务器使用所接收的公钥(来自认可密钥)和供应商提供的秘密的第二散列表来匹配认可密钥内的散列。 仅当匹配确认时,EK证书才会生成并插入可信平台模块。
-
3.发明授权Method for securely creating an endorsement certificate utilizing signing key pairs 失效使用签名密钥对安全地创建签注证书的方法公开(公告)号:US07751568B2
公开(公告)日:2010-07-06
申请号:US10749261
申请日:2003-12-31
IPC分类号: H04K1/00
CPC分类号: G06F21/602 , G06F21/57
摘要: A method and system for ensuring security-compliant creation and certificate generation for endorsement keys of manufactured TPMs. The endorsement keys are generated by the TPM manufacturer and stored within the TPM. The TPM manufacturer also creates a signing key pair and associated signing key certificate. The signing key pair is also stored within the TPM, while the certificate is provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates a signed endorsement key, which comprises the public endorsement key signed with the public signing key. The credential server matches the public signing key of the endorsement key with a public signing key within the received certificate. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的认可密钥的安全兼容创建和证书生成的方法和系统。 认可密钥由TPM制造商生成并存储在TPM内。 TPM制造商还创建了一个签名密钥对和相关的签名密钥证书。 签名密钥对也存储在TPM中,同时将证书提供给OEM的凭据服务器。 在认可密钥(EK)凭证过程中,TPM生成签名的背书密钥,其包括用公共签名密钥签名的公开签名密钥。 凭证服务器将签名密钥的公共签名密钥与接收到的证书中的公共签名密钥相匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
4.发明授权Method for securely creating an endorsement certificate in an insecure environment 有权在不安全的环境中安全地创建背书证书的方法公开(公告)号:US07861079B2
公开(公告)日:2010-12-28
申请号:US11858977
申请日:2007-09-21
IPC分类号: H04L29/06
CPC分类号: G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密,并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥(EK)凭证处理过程中,TPM产生一个签名密钥,其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥(来自认可密钥)和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
公开(公告)号:US07673134B2
公开(公告)日:2010-03-02
申请号:US11101290
申请日:2005-04-07
CPC分类号: H04L63/0428 , G06F11/1446 , G06F21/6209 , H04L9/0822 , H04L2209/60 , H04L2463/062
摘要: A method and system for remotely storing a user's admin key to gain access to an intranet is presented. The user's admin key and intranet user identification (ID) are encrypted using an enterprise's public key, and together they are concatenated into a single backup admin file, which is stored in the user's client computer. If the user needs his admin file and is unable to access it in a backup client computer, he sends the encrypted backup admin file to a backup server and his unencrypted intranet user ID to an intranet authentication server. The backup server decrypts the user's single backup admin file to obtain the user's admin key and intranet user ID. If the unencrypted intranet user ID in the authentication server matches the decrypted intranet user ID in the backup server, then the backup server sends the backup client computer the decrypted admin key.
摘要翻译: 介绍一种用于远程存储用户管理密钥以访问内联网的方法和系统。 用户的管理密钥和内部网用户标识(ID)使用企业的公钥进行加密,并将它们并入一个备份管理文件,该文件存储在用户的客户端计算机中。 如果用户需要他的管理员文件,并且无法在备份客户端计算机中访问它,则他将加密的备份管理文件发送到备份服务器,并将其未加密的内部网用户ID发送到内部网认证服务器。 备份服务器解密用户的单备份管理文件,获取用户的管理密钥和内部网用户ID。 如果身份验证服务器中未加密的Intranet用户ID与备份服务器中的解密内网用户ID匹配,则备份服务器将备份客户端计算机发送解密的管理密钥。
-
6.发明申请Method for Securely Creating an Endorsement Certificate in an Insecure Environment 失效在不安全的环境中安全地创建认可证书的方法公开(公告)号:US20090083539A1
公开(公告)日:2009-03-26
申请号:US11858971
申请日:2007-09-21
IPC分类号: H04L9/00
CPC分类号: G06F21/57
摘要: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密,并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥(EK)凭证处理过程中,TPM产生一个签名密钥,其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥(来自认可密钥)和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
公开(公告)号:US20090063857A1
公开(公告)日:2009-03-05
申请号:US12261060
申请日:2008-10-30
申请人: Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人: Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号: G06F21/00
CPC分类号: G06F21/53
摘要: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
-
公开(公告)号:US08086852B2
公开(公告)日:2011-12-27
申请号:US12207487
申请日:2008-09-09
申请人: Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人: Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号: H04L9/00
CPC分类号: G06F21/53
摘要: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
摘要翻译: 呈现一种用于在数据处理系统内实现可信计算环境的方法。 在数据处理系统内初始化管理程序,并且管理程序监视数据处理系统内的多个逻辑,可分割的运行时环境。 虚拟机管理程序为基于虚拟机管理程序的可信平台模块(TPM)预留逻辑分区,并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。 每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时,管理程序也会在保留的分区内实例化一个逻辑TPM,使得逻辑TPM被锚定到基于管理程序的TPM。 虚拟机管理程序管理保留分区内的多个逻辑TPM,使得每个逻辑TPM与逻辑分区唯一相关联。
-
9.发明授权Method and system for hierarchical platform boot measurements in a trusted computing environment 有权在可信计算环境中分层平台引导测量的方法和系统公开(公告)号:US07752458B2
公开(公告)日:2010-07-06
申请号:US12258332
申请日:2008-10-24
IPC分类号: G06F11/30
CPC分类号: G06F21/57
摘要: An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译: 用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联,并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台(例如TPM和CRTM)所需的任何组件。 然后,这些节点级服务处理器与系统级服务处理器互操作,系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。 系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量,此后根据请求报告完整性度量,例如向管理程序报告,从而允许将大型分布式数据处理系统验证为可信任的 同时允许其高度并行化的初始化过程进行。
-
10.发明授权Method and system for providing a trusted platform module in a hypervisor environment 有权在管理程序环境中提供可信平台模块的方法和系统公开(公告)号:US07707411B2
公开(公告)日:2010-04-27
申请号:US12261060
申请日:2008-10-30
申请人: Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人: Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号: G06F21/00
CPC分类号: G06F21/53
摘要: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
摘要翻译: 呈现一种用于在数据处理系统内实现可信计算环境的方法。 在数据处理系统内初始化管理程序,并且管理程序监视数据处理系统内的多个逻辑,可分割的运行时环境。 虚拟机管理程序为基于虚拟机管理程序的可信平台模块(TPM)预留逻辑分区,并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。 每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时,管理程序也会在保留的分区内实例化一个逻辑TPM,使得逻辑TPM被锚定到基于管理程序的TPM。 虚拟机管理程序管理保留分区内的多个逻辑TPM,使得每个逻辑TPM与逻辑分区唯一相关联。
-
-
-
-
-
-
-
-
-
搜索结果
35 条记录 (耗时 0.022 秒)
