公开(公告)号：US08839236B2

公开(公告)日：2014-09-16

申请号：US11696271

申请日：2007-04-04

申请人： Todd L. Carpenter ,  William J. Westerinen ,  Thomas G. Phillips ,  Curt Andrew Steeb ,  Zhangwei Xu ,  Alexander Frank

发明人： Todd L. Carpenter ,  William J. Westerinen ,  Thomas G. Phillips ,  Curt Andrew Steeb ,  Zhangwei Xu ,  Alexander Frank

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F21/53 ,  G06F21/575 ,  G06F2009/45587

摘要： A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.

摘要翻译： 当合格的虚拟机监视器作为可信引导的一部分加载时，以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时，虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款，虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行，处于与虚拟机监视器相同的级别。

公开(公告)号：US20080250406A1

公开(公告)日：2008-10-09

申请号：US11696271

申请日：2007-04-04

申请人： Todd L. Carpenter ,  William J. Westerinen ,  Thomas G. Phillips ,  Curt Andrew Steeb ,  Zhangwei Xu ,  Alexander Frank

发明人： Todd L. Carpenter ,  William J. Westerinen ,  Thomas G. Phillips ,  Curt Andrew Steeb ,  Zhangwei Xu ,  Alexander Frank

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F21/53 ,  G06F21/575 ,  G06F2009/45587

摘要： A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.

摘要翻译： 当合格的虚拟机监视器作为可信引导的一部分加载时，以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时，虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款，虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行，处于与虚拟机监视器相同的级别。

公开(公告)号：US20080319925A1

公开(公告)日：2008-12-25

申请号：US11766595

申请日：2007-06-21

申请人： Jeffrey Alan Herold ,  James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  William J. Westerinen ,  Martin H. Hall ,  Todd L. Carpenter ,  Daniel Makoski ,  Shon Schmidt

发明人： Jeffrey Alan Herold ,  James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  William J. Westerinen ,  Martin H. Hall ,  Todd L. Carpenter ,  Daniel Makoski ,  Shon Schmidt

IPC分类号： H04K1/00 ,  G06F17/00 ,  H04L9/00

CPC分类号： G06F21/123 ,  G06F2221/0797 ,  G06F2221/2135 ,  G06Q30/0283

摘要： A computer or other electronic device may be used in one of several selectable modes of operation. Computer resources, such as a processor, memory, or a graphics controller, are individually settable for operation at different levels of performance. A mode of operation or performance level is determined by the combination of individual settings for the various resources. Pay-per-use operation is charged at a rate determined by the mode of operation or performance level. Operation in a gaming mode may be charged at a higher rate than operation in web-browsing mode. A metering agent may be associated with each scalable use resource to securely set the performance level and to securely report on metered operation of the resource.

摘要翻译： 计算机或其他电子设备可以用于几种可选操作模式之一。 诸如处理器，存储器或图形控制器的计算机资源可以单独设置，以在不同的性能水平下进行操作。 操作模式或性能水平由各种资源的各个设置的组合决定。 每次使用费用操作按照操作模式或性能水平确定的费率收费。 可以以比网络浏览模式下的操作更高的速率对游戏模式进行操作。 测量代理可以与每个可伸缩的使用资源相关联，以安全地设置性能级别并安全地报告资源的计量操作。

公开(公告)号：US08073779B2

公开(公告)日：2011-12-06

申请号：US11353675

申请日：2006-02-14

申请人： Alexander Frank ,  Curt A. Steeb ,  Isaac P. Ahdout ,  Richard B. Thompson ,  Thomas G. Phillips ,  William J. Westerinen ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt A. Steeb ,  Isaac P. Ahdout ,  Richard B. Thompson ,  Thomas G. Phillips ,  William J. Westerinen ,  Zhangwei Xu

IPC分类号： G06F21/00

摘要： An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.

公开(公告)号：US08214296B2

公开(公告)日：2012-07-03

申请号：US11353675

申请日：2006-02-14

申请人： Alexander Frank ,  Curt A. Steeb ,  Isaac P. Ahdout ,  Richard B. Thompson ,  Thomas G. Phillips ,  William J. Westerinen ,  Zhangwei Xu

发明人： Alexander Frank ,  Curt A. Steeb ,  Isaac P. Ahdout ,  Richard B. Thompson ,  Thomas G. Phillips ,  William J. Westerinen ,  Zhangwei Xu

IPC分类号： G06F21/00

CPC分类号： H04L9/00 ,  G06F21/55 ,  G06F21/554 ,  G06F2221/2135

摘要： An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.

摘要翻译： 诸如计算机的电子设备可以适于自我监视以符合操作策略。 操作策略可以指定按使用付费或订阅业务模式以及与合规使用相关联的测量。 安全执行环境可以根据业务模式来测量使用情况，并监视和实施对操作策略的遵守。 为了增加攻击或以其他方式禁用安全执行环境的难度，可以分发安全执行环境的元素。 分发点可以包括计算机的其他功能元件，例如接口电路，或者甚至可以远程位于网络上。 还公开了用于分解安全执行环境的实现方法。

公开(公告)号：US20080320312A1

公开(公告)日：2008-12-25

申请号：US11766602

申请日：2007-06-21

申请人： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Jeffrey Alan Herold ,  William Poole ,  William J. Westerinen ,  Martin H. Hall

发明人： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Jeffrey Alan Herold ,  William Poole ,  William J. Westerinen ,  Martin H. Hall

IPC分类号： G06F21/00 ,  G08B13/00

CPC分类号： G08B13/1418 ,  G06F21/88

摘要： A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.

摘要翻译： 基于硬件的安全模块用于保护电子设备，特别是便携式电子设备。 安全模块可以通过看门狗定时器的超时或者通过显式消息来确定来加密电子设备上的所选数据。 此外，电子设备可以进入有限功能模式，其仅允许显示简单的消息并且利用恢复服务支持网络流量。 恢复服务可能能够使用网络流量来定位电子设备。 安全模块可以包括安全存储器，加密功能，定时器和用于在监视器上直接显示数据的支持。

公开(公告)号：US08522043B2

公开(公告)日：2013-08-27

申请号：US11766602

申请日：2007-06-21

申请人： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Jeffrey Alan Herold ,  William Poole ,  William J. Westerinen ,  Martin H. Hall

发明人： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Jeffrey Alan Herold ,  William Poole ,  William J. Westerinen ,  Martin H. Hall

IPC分类号： G06F11/30

CPC分类号： G08B13/1418 ,  G06F21/88

摘要： A hardware-based security module is used to protect an electronic device, especially a portable electronic device. The security module may determine either via timeout of a watchdog timer or via an explicit message to encrypt selected data on the electronic device. In addition, the electronic device may enter a limited function mode that only allows display of simplistic messages and supports network traffic with a recovery service. The recovery service may be able to use the network traffic to locate the electronic device. The security module may include a secure memory, a cryptographic function, a timer, and support for direct display of data on a monitor.

摘要翻译： 基于硬件的安全模块用于保护电子设备，特别是便携式电子设备。 安全模块可以通过看门狗定时器的超时或者通过显式消息来确定来加密电子设备上的所选数据。 此外，电子设备可以进入有限功能模式，其仅允许显示简单的消息并且利用恢复服务支持网络流量。 恢复服务可能能够使用网络流量来定位电子设备。 安全模块可以包括安全存储器，加密功能，定时器和用于在监视器上直接显示数据的支持。

公开(公告)号：US20080319910A1

公开(公告)日：2008-12-25

申请号：US11766613

申请日：2007-06-21

申请人： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Todd L. Carpenter ,  Martin H. Hall ,  Ricardo Lopez-Barquilla ,  Judy Tandog ,  Katie Ann Aldrich ,  Daniel Makoski ,  David James Foster ,  Krista L. Johnson

发明人： James S. Duffus ,  Curt Andrew Steeb ,  Thomas G. Phillips ,  Todd L. Carpenter ,  Martin H. Hall ,  Ricardo Lopez-Barquilla ,  Judy Tandog ,  Katie Ann Aldrich ,  Daniel Makoski ,  David James Foster ,  Krista L. Johnson

IPC分类号： H04L9/00

CPC分类号： G06Q30/06 ,  G06F21/123 ,  G06F2221/0742 ,  G06F2221/0797

摘要： A computer with scalable performance level components and selectable software and service options has a user interface that allows individual performance levels to be selected. The scalable performance level components may include a processor, memory, graphics controller, etc. Software and services may include word processing, email, browsing, database access, etc. To support a pay-per-use business model, each selectable item may have a cost associated with it, allowing a user to pay for the services actually selected and that presumably correspond to the task or tasks being performed. An administrator may use a similar user interface to set performance levels for each computer in a network, allowing performance and cost to be set according to a user's requirements.

摘要翻译： 具有可扩展性能级别组件和可选软件和服务选项的计算机具有允许选择单独性能级别的用户界面。 可扩展的性能级组件可以包括处理器，存储器，图形控制器等。软件和服务可以包括文字处理，电子邮件，浏览，数据库访问等。为了支持按需付费的商业模式，每个可选项目可以具有 与其相关联的成本，允许用户支付实际选择的服务，并且大概对应于正在执行的任务或任务。 管理员可以使用类似的用户界面来设置网络中每台计算机的性能等级，从而允许根据用户要求设置性能和成本。

公开(公告)号：US20080005560A1

公开(公告)日：2008-01-03

申请号：US11427666

申请日：2006-06-29

申请人： James Duffus ,  Thomas G. Phillips ,  Alexander Frank ,  William J. Westerinen

发明人： James Duffus ,  Thomas G. Phillips ,  Alexander Frank ,  William J. Westerinen

IPC分类号： H04L9/00 ,  G06F1/00

CPC分类号： G06F21/629 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/101

摘要： Techniques are described which provide an independent computation environment. The independent computation environment is contained at least in part in a set of one or more hardware components and configured to host a provisioning module that is executable to provision functionality of the computing device according to a wide variety of factors. In an implementation, when the provisioning module determines that particular functionality is referenced in an inclusion list, the computing device is permitted to access the particular functionality. When the provisioning module determines that the particular functionality is referenced in an exclusion list, the computing device is prevented from accessing the particular functionality.

摘要翻译： 描述了提供独立计算环境的技术。 独立计算环境至少部分地包含在一个或多个硬件组件的集合中，并且被配置为托管可执行以根据各种因素来提供计算设备的功能的供应模块。 在实现中，当配置模块确定在包含列表中引用特定功能时，允许计算设备访问特定功能。 当配置模块确定特定功能在排除列表中被引用时，防止计算设备访问特定功能。

公开(公告)号：US20120005721A1

公开(公告)日：2012-01-05

申请号：US13171993

申请日：2011-06-29

申请人： Zhangwei Xu ,  Thomas G. Phillips ,  Alexander Frank ,  Curt A. Steeb ,  Isaac P. Ahdout ,  Martin H. Hall ,  James S. Duffus

发明人： Zhangwei Xu ,  Thomas G. Phillips ,  Alexander Frank ,  Curt A. Steeb ,  Isaac P. Ahdout ,  Martin H. Hall ,  James S. Duffus

IPC分类号： G06F21/00

CPC分类号： G06F21/79 ,  G06F21/10 ,  G06F21/57 ,  G06F21/71 ,  G06F21/73 ,  G06F21/86 ,  G06F2221/2135

摘要： A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.

摘要翻译： 用于电子设备的处理单元包括标准指令处理和通信接口，并且还包括在操作系统中发现的或替代操作系统中的功能能力。 处理单元内的安全存储器可以包含硬件标识符，策略数据和诸如安全时钟，策略管理和策略实施之类的子系统功能。 安全存储器内的功能中的数据不能从处理单元外部访问。