利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

58 条记录 (耗时 0.032 秒)

    Dynamic creation and hierarchical organization of trusted platform modules
    1.
    发明申请
    Dynamic creation and hierarchical organization of trusted platform modules 审中-公开
    可信平台模块的动态创建和层次化组织

    公开(公告)号:US20070079120A1

    公开(公告)日:2007-04-05

    申请号:US11242673

    申请日:2005-10-03

    申请人: Steven Bade Stefan Berger Kenneth Goldman Ronald Perez Reiner Sailer Leendert Van Doorn

    发明人: Steven Bade Stefan Berger Kenneth Goldman Ronald Perez Reiner Sailer Leendert Van Doorn

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57

    摘要: A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

    摘要翻译: 提出了一种可信任的平台模块,能够在层次结构中动态创建多个虚拟可信平台模块。 创建可信平台模块域。 可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。 虚拟可信平台模块可以继承父信任平台模块的权限,以便能够自己创建虚拟可信平台模块。 每个虚拟可信平台模块与特定分区关联。 每个分区与单个操作系统相关联。 创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

    Method and apparatus for scalable integrity attestation in virtualization environments
    5.
    发明授权
    Method and apparatus for scalable integrity attestation in virtualization environments 失效
    在虚拟化环境中可扩展完整性认证的方法和设备

    公开(公告)号:US08615788B2

    公开(公告)日:2013-12-24

    申请号:US12539912

    申请日:2009-08-12

    申请人: Stefan Berger Ramon Caceres Kenneth Alan Goldman Ronald Perez Reiner Sailer Deepa Srinivasan

    发明人: Stefan Berger Ramon Caceres Kenneth Alan Goldman Ronald Perez Reiner Sailer Deepa Srinivasan

    IPC分类号: G06F7/04 G06F9/00 G06F12/14 G06F15/177 G06F17/30 H04L9/32

    CPC分类号: G06F21/57 G06F9/45558 G06F21/53 G06F2009/4557 G06F2009/45587 G06F2221/2101

    摘要: A computer implemented method for logging extensions to platform configuration registers inside a trusted platform module instance is provided. A request to extend the current state of at least one of a plurality of platform configuration register is received. At least one platform configuration register within the trusted platform module instance is extended. The extension of the at least one platform configuration register is logged inside the trusted platform module instance as a logged entry by storing at least a tuple of platform configuration register indexes and hash values used for extending the platform configuration register. Information about new entries in the consolidated logs can be retrieved by polling or by subscribing to events that are automatically generated. A report of an extend operation and its logged hash value is sent to subscribers interested in receiving notifications of extend operations on a set of PCR registers.

    摘要翻译: 提供了一种用于在可信平台模块实例内记录扩展到平台配置寄存器的计算机实现的方法。 接收到扩展多个平台配置寄存器中的至少一个的当前状态的请求。 可信平台模块实例中至少有一个平台配置寄存器被扩展。 至少一个平台配置寄存器的扩展通过存储用于扩展平台配置寄存器的平台配置寄存器索引和散列值的至少一个元组来记录在可信平台模块实例内作为记录条目。 可以通过轮询或订阅自动生成的事件来检索关于合并日志中的新条目的信息。 扩展操作的报告及其记录的哈希值被发送给有兴趣接收一组PCR寄存器的扩展操作通知的用户。

    Architecture for supporting attestation of a virtual machine in a single step
    6.
    发明授权
    Architecture for supporting attestation of a virtual machine in a single step 有权
    用于在一个步骤中支持验证虚拟机的体系结构

    公开(公告)号:US07840801B2

    公开(公告)日:2010-11-23

    申请号:US11624911

    申请日:2007-01-19

    申请人: Stefan Berger Kenneth A. Goldman Ronald Perez Reiner Sailer

    发明人: Stefan Berger Kenneth A. Goldman Ronald Perez Reiner Sailer

    IPC分类号: G06F9/445 H04L29/10 G06F15/177

    CPC分类号: G06F9/45558 G06F2009/45566 G06F2009/45587

    摘要: The presented method allows a virtual TRUSTED PLATFORM MODULE (TPM) instance to map the Platform Configuration Registers (PCR) register state of a parent virtual TPM instance into its own register space and export the state of those registers to applications inside the virtual machine associated with the virtual TPM instance. Through the mapping of PCR registers, the procedure of attesting to the overall state of a virtual machine can be accelerated, since the state of all measurements relevant to the trustworthiness of a virtual machine are all visible in the combined view of mapped and non-mapped PCR registers. Registers that are mapped into the register space of a virtual TPM instance reflect the state of trustworthiness of those virtual machines that were involved in the creation of the virtual machine that is being challenged.

    摘要翻译: 所提出的方法允许虚拟TRUSTED PLATFORM MODULE(TPM)实例将父虚拟TPM实例的平台配置寄存器(PCR)寄存器状态映射到其自己的寄存器空间中,并将这些寄存器的状态导出到与虚拟机相关联的虚拟机内的应用 虚拟TPM实例。 通过PCR寄存器的映射,可以加速验证虚拟机整体状态的过程,因为与映射和未映射的组合视图中虚拟机的可信赖性相关的所有测量的状态都是可见的 PCR寄存器。 映射到虚拟TPM实例的寄存器空间的寄存器反映了参与创建正在受到挑战的虚拟机的虚拟机的可信赖状态。

    Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance
    7.
    发明申请
    Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance 失效
    用于迁移虚拟TPM实例并保留实例的唯一性和完整性的方法和设备

    公开(公告)号:US20070226786A1

    公开(公告)日:2007-09-27

    申请号:US11385965

    申请日:2006-03-21

    申请人: Stefan Berger Kenneth Goldman Reiner Sailer

    发明人: Stefan Berger Kenneth Goldman Reiner Sailer

    IPC分类号: H04L9/32

    CPC分类号: G06F21/57 H04L9/0825 H04L9/3242 H04L2209/127

    摘要: A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt.

    摘要翻译: 介绍了虚拟化可信平台模块的迁移方案。 该过程能够将虚拟可信平台模块的实例从一个物理平台安全迁移到另一个物理平台。 虚拟可信平台模块实例的状态从源虚拟可信平台模块下载,其所有状态信息都使用公共和对称密钥密码术的混合进行加密。 将加密状态传送到目标物理平台,进行解密,重建虚拟可信平台模块实例的状态。

    Dynamic creation and hierarchical organization of trusted platform modules
    8.
    发明授权
    Dynamic creation and hierarchical organization of trusted platform modules 有权
    可信平台模块的动态创建和层次化组织

    公开(公告)号:US08549288B2

    公开(公告)日:2013-10-01

    申请号:US12128952

    申请日:2008-05-29

    申请人: Steven A. Bade Stefan Berger Kenneth Alan Goldman Ronald Perez Reiner Sailer Leendert Peter Van Doorn

    发明人: Steven A. Bade Stefan Berger Kenneth Alan Goldman Ronald Perez Reiner Sailer Leendert Peter Van Doorn

    IPC分类号: H04L29/06

    CPC分类号: G06F21/57

    摘要: A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

    摘要翻译: 提出了一种可信任的平台模块,能够在层次结构中动态创建多个虚拟可信平台模块。 创建可信平台模块域。 可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。 虚拟可信平台模块可以继承父信任平台模块的权限,以便能够自己创建虚拟可信平台模块。 每个虚拟可信平台模块与特定分区关联。 每个分区与单个操作系统相关联。 创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

    Architecture For Supporting Attestation Of A Virtual Machine In A Single Step
    9.
    发明申请
    Architecture For Supporting Attestation Of A Virtual Machine In A Single Step 有权
    支持一台虚拟机的体系结构

    公开(公告)号:US20080178176A1

    公开(公告)日:2008-07-24

    申请号:US11624911

    申请日:2007-01-19

    申请人: Stefan Berger Kenneth A. Goldman Ronald Perez Reiner Sailer

    发明人: Stefan Berger Kenneth A. Goldman Ronald Perez Reiner Sailer

    IPC分类号: G06F9/00 G06F9/455

    CPC分类号: G06F9/45558 G06F2009/45566 G06F2009/45587

    摘要: The presented method allows a virtual TRUSTED PLATFORM MODULE (TPM) instance to map the Platform Configuration Registers (PCR) register state of a parent virtual TPM instance into its own register space and export the state of those registers to applications inside the virtual machine associated with the virtual TPM instance. Through the mapping of PCR registers, the procedure of attesting to the overall state of a virtual machine can be accelerated, since the state of all measurements relevant to the trustworthiness of a virtual machine are all visible in the combined view of mapped and non-mapped PCR registers. Registers that are mapped into the register space of a virtual TPM instance reflect the state of trustworthiness of those virtual machines that were involved in the creation of the virtual machine that is being challenged.

    摘要翻译: 所提出的方法允许虚拟TRUSTED PLATFORM MODULE(TPM)实例将父虚拟TPM实例的平台配置寄存器(PCR)寄存器状态映射到其自己的寄存器空间中,并将这些寄存器的状态导出到与虚拟机相关联的虚拟机内的应用 虚拟TPM实例。 通过PCR寄存器的映射,可以加速验证虚拟机的整体状态的过程,因为与虚拟机的可信赖度相关的所有测量的状态在映射和未映射的组合视图中都是可见的 PCR寄存器。 映射到虚拟TPM实例的寄存器空间的寄存器反映了参与创建正在受到挑战的虚拟机的虚拟机的可信赖状态。