-
公开(公告)号:US20120005721A1
公开(公告)日:2012-01-05
申请号:US13171993
申请日:2011-06-29
申请人: Zhangwei Xu , Thomas G. Phillips , Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Martin H. Hall , James S. Duffus
发明人: Zhangwei Xu , Thomas G. Phillips , Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Martin H. Hall , James S. Duffus
IPC分类号: G06F21/00
摘要: A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.
摘要翻译: 用于电子设备的处理单元包括标准指令处理和通信接口,并且还包括在操作系统中发现的或替代操作系统中的功能能力。 处理单元内的安全存储器可以包含硬件标识符,策略数据和诸如安全时钟,策略管理和策略实施之类的子系统功能。 安全存储器内的功能中的数据不能从处理单元外部访问。
-
公开(公告)号:US08176564B2
公开(公告)日:2012-05-08
申请号:US11152214
申请日:2005-06-14
申请人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , James S. Duffus , Martin Hall , Nicholas Temple , Rajagopal Venkatachalam , Thomas Phillips , Zhangwei Xu
发明人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , James S. Duffus , Martin Hall , Nicholas Temple , Rajagopal Venkatachalam , Thomas Phillips , Zhangwei Xu
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , G06F21/72 , G06F21/74 , G06F21/87
摘要: A system and method for monitoring a computer, particularly a pay-per-use computer, uses an isolated computing environment or supervisor. The isolated computing environment boots prior to any boot device associated with an operating system, runs concurrently with the operating system and monitors and measures the computer in operation. Once the isolated computing environment determines the computer is not in compliance with the required policies, the isolated computing environment may either impose an impediment to use such as slowing clock speed or completely disable the operating system. The user may have to return the computer to a service provider to restore it from the offending condition and reset the computer to an operational state.
摘要翻译: 用于监视计算机的系统和方法,特别是按使用付费的计算机,使用隔离的计算环境或主管。 隔离的计算环境在与操作系统相关联的任何引导设备之前启动,与操作系统并发运行,并监视和测量运行中的计算机。 一旦隔离的计算环境确定计算机不符合所需的策略,孤立的计算环境可能会施加障碍,例如减慢时钟速度或完全禁用操作系统。 用户可能必须将计算机返回给服务提供商以将其从违规状态恢复,并将计算机重置为操作状态。
-
公开(公告)号:US08073779B2
公开(公告)日:2011-12-06
申请号:US11353675
申请日:2006-02-14
申请人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
发明人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
IPC分类号: G06F21/00
摘要: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.
-
公开(公告)号:US08214296B2
公开(公告)日:2012-07-03
申请号:US11353675
申请日:2006-02-14
申请人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
发明人: Alexander Frank , Curt A. Steeb , Isaac P. Ahdout , Richard B. Thompson , Thomas G. Phillips , William J. Westerinen , Zhangwei Xu
IPC分类号: G06F21/00
CPC分类号: H04L9/00 , G06F21/55 , G06F21/554 , G06F2221/2135
摘要: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.
摘要翻译: 诸如计算机的电子设备可以适于自我监视以符合操作策略。 操作策略可以指定按使用付费或订阅业务模式以及与合规使用相关联的测量。 安全执行环境可以根据业务模式来测量使用情况,并监视和实施对操作策略的遵守。 为了增加攻击或以其他方式禁用安全执行环境的难度,可以分发安全执行环境的元素。 分发点可以包括计算机的其他功能元件,例如接口电路,或者甚至可以远程位于网络上。 还公开了用于分解安全执行环境的实现方法。
-
公开(公告)号:US08112798B2
公开(公告)日:2012-02-07
申请号:US11418710
申请日:2006-05-05
申请人: Alexander Frank , Curt A. Steeb , Zhangwei Xu
发明人: Alexander Frank , Curt A. Steeb , Zhangwei Xu
IPC分类号: G06F12/14
CPC分类号: G06F11/0751 , G06F11/0706
摘要: Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code's being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.
摘要翻译: 描述了内置在计算机系统的一个或多个硬件组件中的独立计算环境,其中独立计算环境承载测量在存储器中执行的其他软件代码的健康状况的逻辑。 衡量健康的方法的示例包括执行诸如在存储器中的软件代码上计算散列/数字签名的数学计算,和/或评估与代码的执行相关的统计信息和/或被加载到存储器中的代码 。 通过在独立的计算环境中执行逻辑,可以根据防篡改或防篡改环境中的策略/元数据来衡量软件代码的健康状况。 当软件代码测量不符合该策略时,可采取一些行动来惩罚计算机系统。
-
公开(公告)号:US07669048B2
公开(公告)日:2010-02-23
申请号:US11515410
申请日:2006-08-31
IPC分类号: G06F9/00
CPC分类号: G06F21/575 , G06F21/572 , G06F2221/2105 , G06Q20/085 , G06Q30/0283 , G06Q30/0284
摘要: Described is a technology by which a computing device is booted into a normal mode of operation or a limited mode of operation, depending on whether the computing device was operating correctly (e.g., with respect to policy) prior to a reboot. The reboot may be forced. Examples of incorrect state include an overdue payment on a leased computer, or improper execution of certain important software. A metering mechanism evaluates the state of the computing device, and when an incorrect state is detected, configures the computing device for operation in the limited mode, by setting the computing device to boot via one boot path (e.g., a limited-mode BIOS) instead of another boot path (e.g., a normal-mode BIOS). A BIOS selector switches to the limited BIOS on the next reboot, wherein the computing device is restricted to the limited mode of operation (regardless of subsequent reboots) until the correct state is restored.
摘要翻译: 描述了根据计算设备在重新启动之前是否正确地操作(例如,关于策略)是否将计算设备引导到正常操作模式或有限操作模式的技术。 重启可能会被强制。 错误状态的示例包括租用计算机上的逾期付款或某些重要软件的不当执行。 计量机构评估计算装置的状态,并且当检测到不正确的状态时,通过将计算装置通过一个引导路径(例如,限制模式BIOS)来设置计算装置来配置在限制模式中操作的计算装置, 而不是另一个引导路径(例如,普通模式BIOS)。 BIOS选择器在下一次重新启动时切换到有限的BIOS,其中计算设备被限制到有限的操作模式(不管后续重新启动),直到恢复正确的状态。
-
公开(公告)号:US08839236B2
公开(公告)日:2014-09-16
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US20080250406A1
公开(公告)日:2008-10-09
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US20130090169A1
公开(公告)日:2013-04-11
申请号:US13291354
申请日:2011-11-08
申请人: Min Liu , Anthony V. Discolo , Edmund Hon-Sum Lui , Kean Ee Lim , Ryan B. Elgram , Donald F. Box , Martin J. Gudgin , Zhangwei Xu , Todd R. Manion , Grant Gardner , Jeremy L. Dewey , Shiraz J. Cupala , Curt A. Steeb
发明人: Min Liu , Anthony V. Discolo , Edmund Hon-Sum Lui , Kean Ee Lim , Ryan B. Elgram , Donald F. Box , Martin J. Gudgin , Zhangwei Xu , Todd R. Manion , Grant Gardner , Jeremy L. Dewey , Shiraz J. Cupala , Curt A. Steeb
CPC分类号: H04W8/005 , A63F13/12 , A63F13/213 , A63F13/215 , A63F13/323 , A63F13/327 , A63F13/71 , A63F13/79 , A63F2300/403 , A63F2300/405 , A63F2300/407 , A63F2300/8017 , H04L12/2809 , H04L12/2829 , H04L29/08576 , H04L67/16 , H04L67/18 , H04L67/30 , H04L67/306
摘要: Device linking is described. In one or more implementations, data is maintained at a network service that describes characteristics of a plurality of devices that are associated with a user account of the network service. A communication is formed to be received by one of the plurality of devices that includes a portion of the data that pertains to another one of the plurality of devices and that is suitable by the receiving device to discover the other one of the plurality of devices to initiate a local network connection between the devices.
-
10.发明授权公开(公告)号:US08190923B2
公开(公告)日:2012-05-29
申请号:US11312021
申请日:2005-12-20
申请人: Kurt Daverman , Rajagopal K. Venkatachalam , Zhangwei Xu , Isaac P. Ahdout , Ricardo Lopez-Barquilla
发明人: Kurt Daverman , Rajagopal K. Venkatachalam , Zhangwei Xu , Isaac P. Ahdout , Ricardo Lopez-Barquilla
IPC分类号: G06F11/30
CPC分类号: G06F21/554 , G06F21/725
摘要: The claimed method and system monitors computer system timer(s) relative to other timers to detect discrepancies and/or may capture an offset to provide a method of more accurately determining a current time. The invention may also provide a method to detect power source tampering using a last known good time and may provide a means to securely initialize system time using an encrypted time stamp.
摘要翻译: 所要求保护的方法和系统监视相对于其他定时器的计算机系统定时器以检测差异和/或可以捕获偏移以提供更精确地确定当前时间的方法。 本发明还可以提供一种使用最后已知的良好时间来检测电源篡改的方法,并且可以提供使用加密的时间戳来安全地初始化系统时间的手段。
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.034 秒)
