公开(公告)号：US07653819B2

公开(公告)日：2010-01-26

申请号：US10957545

申请日：2004-10-01

申请人： Steven A. Bade ,  Charles Douglas Ball ,  Ryan Charles Catherman ,  James Patrick Hoff ,  James Peter Ward

发明人： Steven A. Bade ,  Charles Douglas Ball ,  Ryan Charles Catherman ,  James Patrick Hoff ,  James Peter Ward

IPC分类号： G06F21/00

CPC分类号： G06F21/57

摘要： A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.

摘要翻译： 用于寻呼平台配置的方法，计算机程序和系统在可信平台模块内进出。 在可信赖的计算平台中，可以通过寻呼获得无限数量的平台配置寄存器。 信任平台模块对平台配置寄存器进行加密和解密，以便在可信平台模块之外进行存储。

公开(公告)号：US07590845B2

公开(公告)日：2009-09-15

申请号：US10744441

申请日：2003-12-22

申请人： Charles Douglas Ball ,  Ryan Charles Catherman ,  James Patrick Hoff ,  James Peter Ward

发明人： Charles Douglas Ball ,  Ryan Charles Catherman ,  James Patrick Hoff ,  James Peter Ward

IPC分类号： H04L9/14 ,  G06F12/08

CPC分类号： H04L9/0894

摘要： A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to re-load the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that its key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.

摘要翻译： 一种用于多个地区的多个密钥高速缓存管理器用于共享安全芯片的加密密钥存储资源的方法，包括：将应用密钥加载到密钥存储器中; 并且由密钥高速缓存管理器保存用于应用密钥的恢复数据，其中如果应用密钥从另一个密钥存储器被逐出，密钥高速缓存管理器可以使用恢复数据将应用密钥重新加载到密钥存储器中 密钥缓存管理器。 该方法允许多个密钥高速缓存管理器中的每一个识别出其密钥已经从安全芯片中移除并恢复其密钥。 该方法还允许每个密钥缓存管理器驱逐或销毁安全芯片上当前加载的任何密钥，而不影响其他地方的功能。

公开(公告)号：US07254722B2

公开(公告)日：2007-08-07

申请号：US10411415

申请日：2003-04-10

申请人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F1/28

CPC分类号： G06F21/57 ,  G06F21/575 ,  H05K1/181

摘要： A motherboard for a computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the motherboard is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset on the motherboard.

摘要翻译： 提供了一种用于计算机系统的主板，其提供可信赖的平台，通过该平台可以以更高级别的信任和置信度执行操作。 主板的信任基础由加密协处理器和与加密协处理器接口的代码建立，并为平台建立信任度量的根源。 构建加密协处理器，使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于主板上核心芯片组中寄存器的状态，推理确定物理存在。

公开(公告)号：US07590870B2

公开(公告)日：2009-09-15

申请号：US10411454

申请日：2003-04-10

申请人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F1/28

CPC分类号： G06F21/57 ,  G06F21/575

摘要： A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

摘要翻译： 提出了一种计算机系统，其提供可信赖的平台，通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立，并为平台建立信任度量的根。 构建加密协处理器，使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。

公开(公告)号：US07581097B2

公开(公告)日：2009-08-25

申请号：US10745172

申请日：2003-12-23

申请人： Ryan Charles Catherman ,  Dave Carroll Challener ,  Akira Hino ,  James Patrick Hoff ,  James Peter Ward

发明人： Ryan Charles Catherman ,  Dave Carroll Challener ,  Akira Hino ,  James Patrick Hoff ,  James Peter Ward

IPC分类号： H04L9/00

CPC分类号： G06F21/83 ,  G06F21/606

摘要： An apparatus, system and method of secure communications from a human interface device are provided. The apparatus, system, and method receive input data and calculate encrypted data from the input data using a secure credential. In one embodiment the apparatus, system, and method request and receive a single instance credential and calculate the encrypted data using the secure credential and the single instance credential. The encrypted data may be a secure authorization that may be valid for one use. Communication of the encrypted data through networks and communicating devices is secure. The encrypted data may not be decrypted even if intercepted without the secure credential. The apparatus, system, and method enable secure communications from the human interface device.

摘要翻译： 提供了一种从人机接口设备进行安全通信的装置，系统和方法。 设备，系统和方法使用安全证书从输入数据接收输入数据并计算加密数据。 在一个实施例中，装置，系统和方法请求并接收单个实例凭证并使用安全凭证和单个实例凭证来计算加密的数据。 加密数据可以是对一次使用可能有效的安全授权。 通过网络和通信设备进行加密数据的通信是安全的。 即使在没有安全凭证的情况下被拦截，加密数据也可能不被解密。 该装置，系统和方法能够实现来自人机接口装置的安全通信。

公开(公告)号：US07269747B2

公开(公告)日：2007-09-11

申请号：US10411408

申请日：2003-04-10

申请人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F1/28

CPC分类号： G06F21/57 ,  G06F21/575

摘要： A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

摘要翻译： 提出了一种计算机系统，其提供可信赖的平台，通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立，并为平台建立信任度量的根。 构建加密协处理器，使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。

公开(公告)号：US08549592B2

公开(公告)日：2013-10-01

申请号：US11179238

申请日：2005-07-12

申请人： Steven A. Bade ,  James Patrick Hoff ,  Siegfried Sutter ,  James Peter Ward ,  Helmut H. Weber

发明人： Steven A. Bade ,  James Patrick Hoff ,  Siegfried Sutter ,  James Peter Ward ,  Helmut H. Weber

IPC分类号： H04L29/06

CPC分类号： G06F21/57 ,  H04L9/0877 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3263

摘要： A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.

摘要翻译： 在用于建立虚拟背书凭证的数据处理系统中公开了一种方法和装置。 数据处理系统包括硬件可信平台模块（TPM）。 逻辑分区在系统中生成。 为每个逻辑分区生成不同的虚拟TPM。 对于逻辑分区中的每一个，为逻辑分区生成的虚拟TPM然后动态地生成仅存储在相应虚拟TPM内的虚拟签名密钥。 使用虚拟认可密钥，每个虚拟TPM还生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。 在数据处理系统内生成虚拟签注凭证，而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。

公开(公告)号：US06993648B2

公开(公告)日：2006-01-31

申请号：US09931538

申请日：2001-08-16

申请人： Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F9/24

CPC分类号： G06F9/4401 ,  G06F8/65

摘要： When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.

公开(公告)号：US07263608B2

公开(公告)日：2007-08-28

申请号：US10735388

申请日：2003-12-12

申请人： David Carroll Challener ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： David Carroll Challener ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： H04L9/00

CPC分类号： G06F21/57 ,  G06F2221/2117

摘要： A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.

摘要翻译： 通过将由TPM所属的计算设备的所有者发送的可信平台模块（TPM）公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟（TCPA）认可证书 自动售货机。 如果发现匹配，则使用公钥创建证书，然后发送给计算设备的所有者。

公开(公告)号：US07167982B2

公开(公告)日：2007-01-23

申请号：US09952103

申请日：2001-09-14

申请人： Scott Thomas Elliott ,  James Patrick Hoff ,  Christopher Scott Long ,  David Rivera ,  James Peter Ward

发明人： Scott Thomas Elliott ,  James Patrick Hoff ,  Christopher Scott Long ,  David Rivera ,  James Peter Ward

IPC分类号： H04L9/00

CPC分类号： H04L63/04 ,  G06F21/6218 ,  G06F2221/2147 ,  Y10S707/99953 ,  Y10S707/99955

摘要： A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e.g., a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e.g., a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.

摘要翻译： 一种用于在共享环境中保护解密文件的方法，系统和计算机程序产品。 内核空间中的过滤器驱动程序可以被配置为将服务请求控制为存储在共享区域（例如，可由多个用户访问的磁盘单元上的共享目录）上的加密文件。 过滤器驱动程序可以接收服务请求以在从授权用户发出的共享区域中打开加密文档。 在接收到加密数据之后，过滤器驱动程序可以对加密的数据进行解密。 滤波器驱动器可随后将解密的数据存储在非共享区域（例如非共享目录）中的文件中。 非共享区域可以仅由请求访问加密文件的授权用户访问。 通过将解密的数据存储在非共享区域中的文件中，一旦解密的文件可以在文件共享环境中被保护。