-
公开(公告)号:US08375219B2
公开(公告)日:2013-02-12
申请号:US11977273
申请日:2007-10-24
IPC分类号: G06F21/00
摘要: A security module may be used to verify integrity of an executable program and may also be used to verify execution of the executable program on a computer. The security module may directly read a computer memory by asserting bus master control of a system bus. The executable program may be directly verified by calculating a hash or may be indirectly verified by an intermediate program that calculates the hash and passes it to the security module. To verify operation, the executable program may cause an interrupt to be generated when the executable program is in a known state. An interrupt service routine may trigger the security module to read registers in the computer processor via a debug port. If either the verification of the executable program fails or the register values are inconsistent with operation of the executable program, the security module may interrupt operation of the computer.
-
公开(公告)号:US08151118B2
公开(公告)日:2012-04-03
申请号:US11668446
申请日:2007-01-29
申请人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
发明人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
IPC分类号: H04L29/06
摘要: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.
摘要翻译: 需要其组件的物理完整性的计算机或其他电子设备,例如,每次使用付费的计算机可以使用与多个从属安全设备(称为安全性bean)通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件,并且可以具有禁用该关联组件的能力。 在一个实施例中,安全性bean具有模拟开关,其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动,并响应来自主安全设备的已验证信号以启用其相应的组件。
-
公开(公告)号:US20090112521A1
公开(公告)日:2009-04-30
申请号:US11977281
申请日:2007-10-24
CPC分类号: G06F21/577
摘要: A security module is used to perform an audit of both a computer memory and the computer's processor status. The security module may assert itself as a bus master to read the computer memory without dependence on a program running on the computer. In addition, using a separate hardware path, the security module may access processor register data using a debug port. The security module may collect both memory and processor status information without the use of any of the computer resources being measured, avoiding either alteration of the data by the measurement tool or tampering with the data while being collected.
摘要翻译: 安全模块用于对计算机内存和计算机的处理器状态进行审核。 安全模块可以将其本身作为总线主机来读取计算机存储器,而不依赖于在计算机上运行的程序。 此外,使用单独的硬件路径,安全模块可以使用调试端口访问处理器寄存器数据。 安全模块可以在不使用被测量的任何计算机资源的情况下收集存储器和处理器状态信息,避免测量工具改变数据或在收集时篡改数据。
-
公开(公告)号:US20080222407A1
公开(公告)日:2008-09-11
申请号:US11684312
申请日:2007-03-09
IPC分类号: G06F9/00
CPC分类号: G06F21/575
摘要: A security circuit in a computer monitors data busses that support memory capable of booting the computer during the computer reset/boot cycle. When activity oil one of the data busses indicates the computer is booting from a non-authorized memory location, the security circuit disrupts the computer, for example, by causing a reset. Execution from the non-authorized memory location may occur when an initial jump address at a known location, such as the top of memory, is re-programmed to a memory location having a rogue BIOS program.
摘要翻译: 计算机中的安全电路监视支持在计算机复位/引导周期期间能够引导计算机的存储器的数据总线。 当活动油数据总线中的一个指示计算机从非授权存储器位置引导时,安全电路例如通过引起复位来中断计算机。 当已知位置(诸如存储器顶部)的初始跳转地址被重新编程到具有流氓BIOS程序的存储器位置时,可能会发生来自非授权存储器位置的执行。
-
公开(公告)号:US08014976B2
公开(公告)日:2011-09-06
申请号:US11977281
申请日:2007-10-24
IPC分类号: G06F11/30
CPC分类号: G06F21/577
摘要: A security module is used to perform an audit of both a computer memory and the computer's processor status. The security module may assert itself as a bus master to read the computer memory without dependence on a program running on the computer. In addition, using a separate hardware path, the security module may access processor register data using a debug port. The security module may collect both memory and processor status information without the use of any of the computer resources being measured, avoiding either alteration of the data by the measurement tool or tampering with the data while being collected.
摘要翻译: 安全模块用于对计算机内存和计算机的处理器状态进行审核。 安全模块可以将其本身作为总线主机来读取计算机存储器,而不依赖于在计算机上运行的程序。 此外,使用单独的硬件路径,安全模块可以使用调试端口访问处理器寄存器数据。 安全模块可以在不使用被测量的任何计算机资源的情况下收集存储器和处理器状态信息,避免测量工具改变数据或在收集时篡改数据。
-
公开(公告)号:US07844808B2
公开(公告)日:2010-11-30
申请号:US11612435
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
CPC分类号: G06F21/70 , G06F21/30 , G06F21/575 , G06F21/81 , G06F2221/2105 , G06F2221/2135 , G06F2221/2149
摘要: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
摘要翻译: 用于付费电脑的计算机的安全模块为给定的操作模式提供适当的BIOS。 安全模块中的电源管理器只能运行必要的电路,直到BIOS运行,以防止替换未经授权的BIOS。 安全模块还包括监视和限制主计算机处理器和计算机系统存储器之间总线上的数据线的功能。 当计算机在受限使用模式下操作时,数据线可能被限制为仅允许对计算机系统存储器的最小访问。 可以监视总线事务,以确保只有有效的事务正在发生并且在指定的存储空间内。
-
公开(公告)号:US20100037325A1
公开(公告)日:2010-02-11
申请号:US11612436
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
IPC分类号: G06F21/02
CPC分类号: H05K1/0275 , G06F21/86 , H05K1/141 , H05K3/3436 , H05K2201/049 , H05K2201/10545 , H05K2201/10674
摘要: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.
摘要翻译: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击,可以在安全模块上安装第二电路,以帮助防止访问安全模块。 两个电路可以安装在插入器上,并且插入器安装到电路板,产生包括第一电路,插入器,安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时,将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时,攻击安全模块的风险/报酬大大增加,并且可能阻止除了最确定的黑客之外的所有电路。
-
公开(公告)号:US20080246774A1
公开(公告)日:2008-10-09
申请号:US11696848
申请日:2007-04-05
IPC分类号: G06T1/00
CPC分类号: G09G3/3611 , G06F21/10 , G06F21/84 , G06F21/88 , G06F2221/0731 , G06F2221/2105 , G06Q50/188 , H04N21/4405 , H04N21/4623
摘要: A display device for use with a computer adapted for operation in an unrestricted use mode and a limited function mode and a method for enforcing a limited function mode display is disclosed. The display device enters a limited function mode when a condition of non-compliance with an operating policy is discovered by the computer. Additionally, the display device may also enter a limited function mode upon powering up or when connections to the computer and/or selected components of the display are disabled or disconnected. When in the limited function mode, the display may support a limited function interface for use in correcting the condition of non-compliance.
摘要翻译: 公开了一种与适用于无限制使用模式和有限功能模式操作的计算机一起使用的显示装置,以及用于实施有限功能模式显示的方法。 当计算机发现不符合操作策略的条件时,显示设备进入有限功能模式。 此外,显示设备在上电时或当连接到计算机和/或显示器的选定组件被禁用或断开时也可以进入有限功能模式。 当处于有限功能模式时,显示器可以支持用于校正不符合条件的有限功能接口。
-
公开(公告)号:US08839236B2
公开(公告)日:2014-09-16
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US07979721B2
公开(公告)日:2011-07-12
申请号:US11612436
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
CPC分类号: H05K1/0275 , G06F21/86 , H05K1/141 , H05K3/3436 , H05K2201/049 , H05K2201/10545 , H05K2201/10674
摘要: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.
摘要翻译: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击,可以在安全模块上安装第二电路,以帮助防止访问安全模块。 两个电路可以安装在插入器上,并且插入器安装到电路板,产生包括第一电路,插入器,安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时,将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时,攻击安全模块的风险/报酬大大增加,并且可能阻止除了最确定的黑客之外的所有电路。
-
-
-
-
-
-
-
-
-
搜索结果
106 条记录 (耗时 0.02 秒)
