-
1.发明授权Trusted platform motherboard having physical presence detection based on activation of power-on-switch 有权基于上电开关激活的可信平台主板具有物理存在检测公开(公告)号:US07254722B2
公开(公告)日:2007-08-07
申请号:US10411415
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575 , H05K1/181
摘要: A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.
摘要翻译: 提供了一种用于计算机系统的主板,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 主板的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根源。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于主板上核心芯片组中寄存器的状态,推理确定物理存在。
-
公开(公告)号:US07269747B2
公开(公告)日:2007-09-11
申请号:US10411408
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
公开(公告)号:US07590870B2
公开(公告)日:2009-09-15
申请号:US10411454
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
公开(公告)号:US06993648B2
公开(公告)日:2006-01-31
申请号:US09931538
申请日:2001-08-16
IPC分类号: G06F9/24
CPC分类号: G06F9/4401 , G06F8/65
摘要: When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.
-
公开(公告)号:US07484105B2
公开(公告)日:2009-01-27
申请号:US09931629
申请日:2001-08-16
CPC分类号: G06F21/572
摘要: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.
摘要翻译: 更新实用程序请求实用程序的签名的签名验证以及解锁存储在该实用程序中的闪存的请求。 可信平台模块(“TPM”)使用先前存储的公钥执行实用程序的签名验证。 在验证签名后,TPM解锁闪存以允许更新实用程序。 完成更新后,闪存实用程序向TPM发出锁定请求以重新锁定闪存。
-
6.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US07653819B2
公开(公告)日:2010-01-26
申请号:US10957545
申请日:2004-10-01
申请人: Steven A. Bade , Charles Douglas Ball , Ryan Charles Catherman , James Patrick Hoff , James Peter Ward
发明人: Steven A. Bade , Charles Douglas Ball , Ryan Charles Catherman , James Patrick Hoff , James Peter Ward
IPC分类号: G06F21/00
CPC分类号: G06F21/57
摘要: A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.
摘要翻译: 用于寻呼平台配置的方法,计算机程序和系统在可信平台模块内进出。 在可信赖的计算平台中,可以通过寻呼获得无限数量的平台配置寄存器。 信任平台模块对平台配置寄存器进行加密和解密,以便在可信平台模块之外进行存储。
-
公开(公告)号:US07590845B2
公开(公告)日:2009-09-15
申请号:US10744441
申请日:2003-12-22
CPC分类号: H04L9/0894
摘要: A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to re-load the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that its key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.
摘要翻译: 一种用于多个地区的多个密钥高速缓存管理器用于共享安全芯片的加密密钥存储资源的方法,包括:将应用密钥加载到密钥存储器中; 并且由密钥高速缓存管理器保存用于应用密钥的恢复数据,其中如果应用密钥从另一个密钥存储器被逐出,密钥高速缓存管理器可以使用恢复数据将应用密钥重新加载到密钥存储器中 密钥缓存管理器。 该方法允许多个密钥高速缓存管理器中的每一个识别出其密钥已经从安全芯片中移除并恢复其密钥。 该方法还允许每个密钥缓存管理器驱逐或销毁安全芯片上当前加载的任何密钥,而不影响其他地方的功能。
-
9.发明授权Apparatus, system, and method for secure communications from a human interface device 有权用于从人机接口设备进行安全通信的设备,系统和方法公开(公告)号:US07581097B2
公开(公告)日:2009-08-25
申请号:US10745172
申请日:2003-12-23
申请人: Ryan Charles Catherman , Dave Carroll Challener , Akira Hino , James Patrick Hoff , James Peter Ward
发明人: Ryan Charles Catherman , Dave Carroll Challener , Akira Hino , James Patrick Hoff , James Peter Ward
IPC分类号: H04L9/00
CPC分类号: G06F21/83 , G06F21/606
摘要: An apparatus, system and method of secure communications from a human interface device are provided. The apparatus, system, and method receive input data and calculate encrypted data from the input data using a secure credential. In one embodiment the apparatus, system, and method request and receive a single instance credential and calculate the encrypted data using the secure credential and the single instance credential. The encrypted data may be a secure authorization that may be valid for one use. Communication of the encrypted data through networks and communicating devices is secure. The encrypted data may not be decrypted even if intercepted without the secure credential. The apparatus, system, and method enable secure communications from the human interface device.
摘要翻译: 提供了一种从人机接口设备进行安全通信的装置,系统和方法。 设备,系统和方法使用安全证书从输入数据接收输入数据并计算加密数据。 在一个实施例中,装置,系统和方法请求并接收单个实例凭证并使用安全凭证和单个实例凭证来计算加密的数据。 加密数据可以是对一次使用可能有效的安全授权。 通过网络和通信设备进行加密数据的通信是安全的。 即使在没有安全凭证的情况下被拦截,加密数据也可能不被解密。 该装置,系统和方法能够实现来自人机接口装置的安全通信。
-
公开(公告)号:US07013384B2
公开(公告)日:2006-03-14
申请号:US10047219
申请日:2002-01-15
申请人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/24
CPC分类号: G06F21/57 , G06F9/4406 , G06F15/177
摘要: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.045 秒)