-
公开(公告)号:US20060075223A1
公开(公告)日:2006-04-06
申请号:US10957545
申请日:2004-10-01
申请人: Steven Bade , Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人: Steven Bade , Charles Ball , Ryan Catherman , James Hoff , James Ward
CPC分类号: G06F21/57
摘要: A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.
摘要翻译: 用于寻呼平台配置的方法,计算机程序和系统在可信平台模块内进出。 在可信赖的计算平台中,可以通过寻呼获得无限数量的平台配置寄存器。 信任平台模块对平台配置寄存器进行加密和解密,以便在可信平台模块之外进行存储。
-
2.发明申请Method, apparatus, and product for providing a multi-tiered trust architecture 审中-公开用于提供多层次信任架构的方法,设备和产品公开(公告)号:US20060026418A1
公开(公告)日:2006-02-02
申请号:US10902669
申请日:2004-07-29
申请人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
发明人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
IPC分类号: H04L9/00
CPC分类号: H04L63/20 , G06F21/57 , H04L9/3247 , H04L63/102 , H04L2209/127 , H04L2209/805
摘要: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system. The data processing system includes multiple different service processor-based hardware platforms. Multiple different trusted platform modules (TPMs) are provided in the data processing system. Each TPM provides trust services to only one of the service processor-based hardware platforms. Each TPM provides its trust services to only a portion of the entire data processing system.
摘要翻译: 描述了用于在数据处理系统内实现可信计算环境的方法,装置和计算机程序产品。 数据处理系统包括多个不同的基于服务处理器的硬件平台。 在数据处理系统中提供了多个不同的可信平台模块(TPM)。 每个TPM仅向基于服务处理器的硬件平台之一提供信任服务。 每个TPM仅向整个数据处理系统的一部分提供信任服务。
-
3.发明申请Method and system for hierarchical platform boot measurements in a trusted computing environment 失效在可信计算环境中分层平台引导测量的方法和系统公开(公告)号:US20050246525A1
公开(公告)日:2005-11-03
申请号:US10835503
申请日:2004-04-29
申请人: Steven Bade , Ryan Catherman , James Hoff , William Terrell
发明人: Steven Bade , Ryan Catherman , James Hoff , William Terrell
CPC分类号: G06F21/57
摘要: An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译: 用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联,并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台(例如TPM和CRTM)所需的任何组件。 然后,这些节点级服务处理器与系统级服务处理器互操作,系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。 系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量,此后根据请求报告完整性度量,例如向管理程序报告,从而允许将大型分布式数据处理系统验证为可信任的 同时允许其高度并行化的初始化过程进行。
-
4.发明申请Method and system for providing a trusted platform module in a hypervisor environment 失效在管理程序环境中提供可信平台模块的方法和系统公开(公告)号:US20050246521A1
公开(公告)日:2005-11-03
申请号:US10835350
申请日:2004-04-29
申请人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
发明人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
CPC分类号: G06F21/53
摘要: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
摘要翻译: 呈现一种用于在数据处理系统内实现可信计算环境的方法。 在数据处理系统内初始化管理程序,并且管理程序监视数据处理系统内的多个逻辑,可分割的运行时环境。 虚拟机管理程序为基于虚拟机管理程序的可信平台模块(TPM)预留逻辑分区,并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。 每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时,管理程序也会在保留的分区内实例化一个逻辑TPM,使得逻辑TPM被锚定到基于管理程序的TPM。 虚拟机管理程序管理保留分区内的多个逻辑TPM,使得每个逻辑TPM与逻辑分区唯一相关联。
-
5.发明申请Method, computer program product, and data processing system for source verifiable audit logging 审中-公开方法,计算机程序产品和源可验证审核记录的数据处理系统公开(公告)号:US20050234909A1
公开(公告)日:2005-10-20
申请号:US10825187
申请日:2004-04-15
申请人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
发明人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
CPC分类号: G06F21/64 , G06F21/552 , G06F21/57 , G06F2221/2129
摘要: A method, computer program product, and a data processing system for logging audit events in a data processing system. A sequence of audit records including a final audit record are written to a first log file stored by a data processing system. A respective first hash value of each audit record is calculated. Responsive to calculating each respective first hash value, a corresponding second hash value is calculated from the first hash value and a value of a register associated with the data processing system. The second hash value is written to the register. A second log file is opened in response to closing the first log file. A final second hash value corresponding to a first hash value of the final audit record is written to a first record of the second log file.
摘要翻译: 一种用于在数据处理系统中记录审核事件的方法,计算机程序产品和数据处理系统。 包括最终审核记录在内的一系列审核记录被写入由数据处理系统存储的第一个日志文件。 计算每个审计记录的相应的第一哈希值。 响应于计算每个相应的第一散列值,从第一散列值和与数据处理系统相关联的寄存器的值计算相应的第二散列值。 第二个哈希值被写入寄存器。 打开第二个日志文件以响应关闭第一个日志文件。 对应于最终审核记录的第一散列值的最终的第二散列值被写入第二个日志文件的第一个记录。
-
公开(公告)号:US20060026693A1
公开(公告)日:2006-02-02
申请号:US10902712
申请日:2004-07-29
申请人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
发明人: Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
IPC分类号: G06F11/00
CPC分类号: G06F21/34 , G06F21/57 , G06F21/575 , G06F2221/2129
摘要: A method, apparatus, and computer program product are described for asserting physical presence in a trusted computing environment included within a data processing system. The trusted computing environment includes a trusted platform module (TPM). The data processing system is coupled to a hardware management console. The trusted platform module determines whether the hardware management console is a trusted entity. The trusted platform module also determines whether the hardware management console has knowledge of a secret key that is possessed by the TPM. If the TPM determines that the hardware management console is a trusted entity and has knowledge of the secret key, the TPM determines that physical presence has been asserted. Otherwise, if the TPM determines that either the hardware management console is not a trusted entity or the TPM determines that the hardware management console does not have knowledge of the secret key, the TPM determines that physical presence has not been asserted and will not execute commands that require the successful assertion of “physical presence”.
-
7.发明申请Method, apparatus, and product for establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权用于在可信计算平台中为动态生成的认可密钥建立虚拟背书凭证的方法,装置和产品公开(公告)号:US20070016801A1
公开(公告)日:2007-01-18
申请号:US11179238
申请日:2005-07-12
申请人: Steven Bade , James Hoff , Siegfried Sutter , James Ward , Helmut Weber
发明人: Steven Bade , James Hoff , Siegfried Sutter , James Ward , Helmut Weber
CPC分类号: G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要: A method, apparatus, and computer program product are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译: 在用于建立虚拟背书凭证的数据处理系统中公开了一种方法,装置和计算机程序产品。 数据处理系统包括硬件可信平台模块(TPM)。 逻辑分区在系统中生成。 为每个逻辑分区生成不同的虚拟TPM。 对于逻辑分区中的每一个,为逻辑分区生成的虚拟TPM然后动态地生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。 在数据处理系统内生成虚拟签注凭证,而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。
-
8.发明申请Method and system for bootstrapping a trusted server having redundant trusted platform modules 失效用于引导具有冗余可信平台模块的可信服务器的方法和系统公开(公告)号:US20050257073A1
公开(公告)日:2005-11-17
申请号:US10835498
申请日:2004-04-29
申请人: Steven Bade , Linda Betz , Andrew Kegel , David Safford , Leendert Doorn
发明人: Steven Bade , Linda Betz , Andrew Kegel , David Safford , Leendert Doorn
CPC分类号: G06F21/575
摘要: Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
摘要翻译: 以冗余的方式使用数据处理系统内的多个可信任的平台模块,其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本,从而生成加密的秘密数据值的多个版本,然后存储在可信平台内的非易失性存储器中。 在稍后的时间点,加密的秘密数据值由执行先前加密的可信任平台模块进行解密,然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配,则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的,因为它不能正确解密其先前加密的值 。
-
9.发明申请Method and system for automatic error recovery in an electronic mail system 审中-公开电子邮件系统自动错误恢复的方法和系统公开(公告)号:US20050039100A1
公开(公告)日:2005-02-17
申请号:US10640822
申请日:2003-08-14
申请人: Steven Bade , Janice Girouard , Emily Ratliff
发明人: Steven Bade , Janice Girouard , Emily Ratliff
CPC分类号: G06Q10/107
摘要: A method and system for automatic address error recovery in an electronic mail system where electronic mail messages are transferred by identifying an address which includes a user name and a domain name which includes a top level domain suffix. In the event an electronic mail message destination cannot be determined, likely appropriate destinations are automatically determined by systematically determining common alternate spellings of the user name, likely alternate domain names or an alternate top level domain suffix. Alternately, a table of expired addresses and corresponding new addresses can be maintained and examined to determine a likely appropriate address. At least one likely appropriate address is presented to a sender and the electronic mail message is then transmitted to a destination by the sender.
摘要翻译: 一种用于通过识别包括用户名的地址和包括顶级域后缀的域名的电子邮件系统中的电子邮件系统中的自动地址错误恢复的方法和系统。 在无法确定电子邮件消息目的地的情况下,通过系统地确定用户名,可能的替代域名或备用顶级域后缀的公用备用拼写来自动确定可能的适当目的地。 或者,可以维护和检查过期地址和对应的新地址的表以确定可能的适当地址。 至少一个可能的适当的地址被呈现给发送者,并且电子邮件消息然后由发送者发送到目的地。
-
10.发明申请TRUSTED PLATFORM MODULE DATA HARMONIZATION DURING TRUSTED SERVER RENDEVOUS 有权TRUSTED平台模块数据协调在TRUSTED服务器RENDEVOUS期间公开(公告)号:US20070260545A1
公开(公告)日:2007-11-08
申请号:US11381237
申请日:2006-05-02
申请人: Steven Bade , Richard Dayan , James Hanna , Andrew Kegel
发明人: Steven Bade , Richard Dayan , James Hanna , Andrew Kegel
CPC分类号: G06F21/57 , G06F21/575 , H04L2463/101
摘要: Embodiments of the present invention address deficiencies of the art in respect to trusted platform module (TPM) unification in a trusted computing environment and provide a novel and non-obvious method, system and computer program product for trusted platform module data harmonization. In one embodiment of the invention, a TPM log harmonization method can include designating both a single master TPM for a master node among multiple nodes, and also a multiplicity of subsidiary TPMs for remaining ones of the nodes. The method further can include extending the single master TPM with a measurement representing a rendezvous operation for the nodes.
摘要翻译: 本发明的实施例解决了可信计算环境中可信任平台模块(TPM)统一方面的技术缺陷,并提供了一种用于可信平台模块数据协调的新颖且非显而易见的方法,系统和计算机程序产品。 在本发明的一个实施例中,TPM对数协调方法可以包括指定多个节点之间的主节点的单个主TPM,以及用于剩余节点的多个辅助TPM。 该方法还可以包括使用表示节点的会合操作的测量来扩展单个主TPM。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.025 秒)
