-
1.发明申请公开(公告)号:US20080178176A1
公开(公告)日:2008-07-24
申请号:US11624911
申请日:2007-01-19
申请人: Stefan Berger , Kenneth A. Goldman , Ronald Perez , Reiner Sailer
发明人: Stefan Berger , Kenneth A. Goldman , Ronald Perez , Reiner Sailer
CPC分类号: G06F9/45558 , G06F2009/45566 , G06F2009/45587
摘要: The presented method allows a virtual TRUSTED PLATFORM MODULE (TPM) instance to map the Platform Configuration Registers (PCR) register state of a parent virtual TPM instance into its own register space and export the state of those registers to applications inside the virtual machine associated with the virtual TPM instance. Through the mapping of PCR registers, the procedure of attesting to the overall state of a virtual machine can be accelerated, since the state of all measurements relevant to the trustworthiness of a virtual machine are all visible in the combined view of mapped and non-mapped PCR registers. Registers that are mapped into the register space of a virtual TPM instance reflect the state of trustworthiness of those virtual machines that were involved in the creation of the virtual machine that is being challenged.
摘要翻译: 所提出的方法允许虚拟TRUSTED PLATFORM MODULE(TPM)实例将父虚拟TPM实例的平台配置寄存器(PCR)寄存器状态映射到其自己的寄存器空间中,并将这些寄存器的状态导出到与虚拟机相关联的虚拟机内的应用 虚拟TPM实例。 通过PCR寄存器的映射,可以加速验证虚拟机的整体状态的过程,因为与虚拟机的可信赖度相关的所有测量的状态在映射和未映射的组合视图中都是可见的 PCR寄存器。 映射到虚拟TPM实例的寄存器空间的寄存器反映了参与创建正在受到挑战的虚拟机的虚拟机的可信赖状态。
-
2.发明授权Architecture for supporting attestation of a virtual machine in a single step 有权用于在一个步骤中支持验证虚拟机的体系结构公开(公告)号:US07840801B2
公开(公告)日:2010-11-23
申请号:US11624911
申请日:2007-01-19
申请人: Stefan Berger , Kenneth A. Goldman , Ronald Perez , Reiner Sailer
发明人: Stefan Berger , Kenneth A. Goldman , Ronald Perez , Reiner Sailer
IPC分类号: G06F9/445 , H04L29/10 , G06F15/177
CPC分类号: G06F9/45558 , G06F2009/45566 , G06F2009/45587
摘要: The presented method allows a virtual TRUSTED PLATFORM MODULE (TPM) instance to map the Platform Configuration Registers (PCR) register state of a parent virtual TPM instance into its own register space and export the state of those registers to applications inside the virtual machine associated with the virtual TPM instance. Through the mapping of PCR registers, the procedure of attesting to the overall state of a virtual machine can be accelerated, since the state of all measurements relevant to the trustworthiness of a virtual machine are all visible in the combined view of mapped and non-mapped PCR registers. Registers that are mapped into the register space of a virtual TPM instance reflect the state of trustworthiness of those virtual machines that were involved in the creation of the virtual machine that is being challenged.
摘要翻译: 所提出的方法允许虚拟TRUSTED PLATFORM MODULE(TPM)实例将父虚拟TPM实例的平台配置寄存器(PCR)寄存器状态映射到其自己的寄存器空间中,并将这些寄存器的状态导出到与虚拟机相关联的虚拟机内的应用 虚拟TPM实例。 通过PCR寄存器的映射,可以加速验证虚拟机整体状态的过程,因为与映射和未映射的组合视图中虚拟机的可信赖性相关的所有测量的状态都是可见的 PCR寄存器。 映射到虚拟TPM实例的寄存器空间的寄存器反映了参与创建正在受到挑战的虚拟机的虚拟机的可信赖状态。
-
3.发明申请Method and Apparatus for Migrating a Virtual TPM Instance and Preserving Uniqueness and Completeness of the Instance 有权用于迁移虚拟TPM实例并保持实例的唯一性和完整性的方法和装置公开(公告)号:US20110283352A1
公开(公告)日:2011-11-17
申请号:US13189418
申请日:2011-07-22
申请人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
发明人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/3242 , H04L2209/127
摘要: A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.
摘要翻译: 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载,其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台,进行解密,重建虚拟可信平台模块实例的状态。
-
4.发明申请METHOD AND APPARATUS FOR MIGRATING A VIRTUAL TPM INSTANCE AND PRESERVING UNIQUENESS AND COMPLETENESS OF THE INSTANCE 有权用于移植虚拟TPM实例的方法和装置,并保持独特性和完整性公开(公告)号:US20090328145A1
公开(公告)日:2009-12-31
申请号:US12114133
申请日:2008-05-02
申请人: STEFAN BERGER , Kenneth A. Goldman , Reiner Sailer
发明人: STEFAN BERGER , Kenneth A. Goldman , Reiner Sailer
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/3242 , H04L2209/127
摘要: A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.
摘要翻译: 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载,其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台,进行解密,重建虚拟可信平台模块实例的状态。
-
5.发明授权Migrating a virtual TPM instance and preserving uniqueness and completeness of the instance 有权迁移虚拟TPM实例并保留实例的唯一性和完整性公开(公告)号:US08356347B2
公开(公告)日:2013-01-15
申请号:US13189418
申请日:2011-07-22
申请人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
发明人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/3242 , H04L2209/127
摘要: A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.
摘要翻译: 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载,其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台,进行解密,重建虚拟可信平台模块实例的状态。
-
6.发明授权Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance 有权用于迁移虚拟TPM实例并保留实例的唯一性和完整性的方法和设备公开(公告)号:US08020204B2
公开(公告)日:2011-09-13
申请号:US12114133
申请日:2008-05-02
申请人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
发明人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/3242 , H04L2209/127
摘要: A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.
摘要翻译: 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载,其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台,进行解密,重建虚拟可信平台模块实例的状态。
-
7.发明授权Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance 失效用于迁移虚拟TPM实例并保留实例的唯一性和完整性的方法和设备公开(公告)号:US07444670B2
公开(公告)日:2008-10-28
申请号:US11385965
申请日:2006-03-21
申请人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
发明人: Stefan Berger , Kenneth A. Goldman , Reiner Sailer
CPC分类号: G06F21/57 , H04L9/0825 , H04L9/3242 , H04L2209/127
摘要: A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.
摘要翻译: 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载,其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台,进行解密,重建虚拟可信平台模块实例的状态。
-
8.发明授权Method for securely merging multiple nodes having trusted platform modules 有权用于安全地合并具有可信平台模块的多个节点的方法公开(公告)号:US08589672B2
公开(公告)日:2013-11-19
申请号:US12270888
申请日:2008-11-14
申请人: Shiva R. Dasari , Lee H. Wilson , Scott N. Durham , Sumeet Kochar , William B. Schwartz , Kenneth A. Goldman
发明人: Shiva R. Dasari , Lee H. Wilson , Scott N. Durham , Sumeet Kochar , William B. Schwartz , Kenneth A. Goldman
CPC分类号: G06F9/5061 , G06F21/57 , G06F2221/2105
摘要: Method, apparatus and computer program product are provided for operating a plurality of computer nodes while maintaining trust. A primary computer node and at least one secondary computer node are connected into a cluster, wherein each of the clustered computer nodes includes a trusted platform module (TPM) that is accessible to software and includes security status information about the respective computer node. Each clustered computer node is then merged into a single node with only the TPM of the primary computer node being accessible to software. The TPM of the primary computer node is updated to include the security status information of each TPM in the cluster. Preferably, the step of merging is controlled by power on self test (POST) basic input output system (BIOS) code associated with a boot processor in the primary node.
摘要翻译: 提供了用于操作多个计算机节点同时保持信任的方法,装置和计算机程序产品。 主计算机节点和至少一个辅助计算机节点连接到集群中,其中每个集群计算机节点包括可由软件访问的可信平台模块(TPM),并且包括关于相应计算机节点的安全状态信息。 然后将每个集群计算机节点合并到单个节点,只有主计算机节点的TPM才能被软件访问。 更新主计算机节点的TPM以包括集群中每个TPM的安全状态信息。 优选地,合并步骤由与主节点中的引导处理器相关联的上电自检(POST)基本输入输出系统(BIOS)代码来控制。
-
公开(公告)号:US09064364B2
公开(公告)日:2015-06-23
申请号:US10690778
申请日:2003-10-22
申请人: Naoki Abe , Carl E. Abrams , Chidanand V. Apte , Bishwaranjan Bhattacharjee , Kenneth A. Goldman , Matthias Gruetzner , Matthew A. Hilbert , John Langford , Sriram K. Padmanabhan , Charles P. Tresser , Kathleen M. Troidle , Philip S. Yu
发明人: Naoki Abe , Carl E. Abrams , Chidanand V. Apte , Bishwaranjan Bhattacharjee , Kenneth A. Goldman , Matthias Gruetzner , Matthew A. Hilbert , John Langford , Sriram K. Padmanabhan , Charles P. Tresser , Kathleen M. Troidle , Philip S. Yu
CPC分类号: G06Q20/4016 , G06F21/121 , G06F21/602 , G06F21/6218 , G06F21/6245 , G06F21/72 , G06F2221/07 , G06F2221/2101 , G06Q20/341 , G06Q20/3829 , G06Q2220/00 , G07F7/1008 , G07F7/1083 , G07F19/207 , H04L63/04
摘要: Various embodiments for maintaining security and confidentiality of data and operations within a fraud detection system. Each of these embodiments utilizes a secure architecture in which: (1) access to data is limited to only approved or authorized entities; (2) confidential details in received data can be readily identified and concealed; and (3) confidential details that have become non-confidential can be identified and exposed.
摘要翻译: 用于维护欺诈检测系统内的数据和操作的安全性和机密性的各种实施例。 这些实施例中的每一个都利用安全架构,其中:(1)对数据的访问仅限于批准或授权的实体; (2)接收到的数据的机密细节可以很容易地识别和隐藏; 和(3)可以识别和暴露出非机密的机密细节。
-
10.发明申请METHOD FOR SECURELY MERGING MULTIPLE NODES HAVING TRUSTED PLATFORM MODULES 有权用于安全地合并具有有争议的平台模块的多个节点的方法公开(公告)号:US20100125731A1
公开(公告)日:2010-05-20
申请号:US12270888
申请日:2008-11-14
申请人: Shiva R. Dasari , Lee H. Wilson , Scott N. Durham , Sumeet Kochar , William B. Schwartz , Kenneth A. Goldman
发明人: Shiva R. Dasari , Lee H. Wilson , Scott N. Durham , Sumeet Kochar , William B. Schwartz , Kenneth A. Goldman
IPC分类号: H04L9/00
CPC分类号: G06F9/5061 , G06F21/57 , G06F2221/2105
摘要: Method, apparatus and computer program product are provided for operating a plurality of computer nodes while maintaining trust. A primary computer node and at least one secondary computer node are connected into a cluster, wherein each of the clustered computer nodes includes a trusted platform module (TPM) that is accessible to software and includes security status information about the respective computer node. Each clustered computer node is then merged into a single node with only the TPM of the primary computer node being accessible to software. The TPM of the primary computer node is updated to include the security status information of each TPM in the cluster. Preferably, the step of merging is controlled by power on self test (POST) basic input output system (BIOS) code associated with a boot processor in the primary node.
摘要翻译: 提供了用于操作多个计算机节点同时保持信任的方法,装置和计算机程序产品。 主计算机节点和至少一个辅助计算机节点连接到集群中,其中每个集群计算机节点包括可由软件访问的可信平台模块(TPM),并且包括关于相应计算机节点的安全状态信息。 然后将每个集群计算机节点合并到单个节点,只有主计算机节点的TPM才能被软件访问。 更新主计算机节点的TPM以包括集群中每个TPM的安全状态信息。 优选地,合并步骤由与主节点中的引导处理器相关联的上电自检(POST)基本输入输出系统(BIOS)代码来控制。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.02 秒)