-
公开(公告)号:US20060015717A1
公开(公告)日:2006-01-19
申请号:US10893137
申请日:2004-07-15
申请人: Zhengrong Liu , Yusuf Purna , Takemura Shinichi , Nicholas Szeto
发明人: Zhengrong Liu , Yusuf Purna , Takemura Shinichi , Nicholas Szeto
IPC分类号: H04L9/00
CPC分类号: G06F21/57
摘要: A trusted platform in a digital processing system is maintained even when modules, or other processes or data, are loaded after a boot sequence. A configuration file is used to include measurements (e.g., hash values, signatures, etc.) of modules to be loaded. After secure boot-up the operating system kernel uses the configuration file to check module integrity prior to loading and executing. If a module does not verify against the configuration file data then the system can prevent further operation, restrict certain operations, indicate the non-trusted nature of the system or take other actions. In one embodiment, if a module does not pass the integrity check then the failed measurement is extended into a specific Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trustable based on the return of the PCR value. A local application (application running in the same platform) can “seal” secrets to a trusted platform. The operation of the application relies on the secrets, which can only be revealed in a trusted platform.
摘要翻译: 即使在引导顺序之后加载模块或其他进程或数据,数字处理系统中的信任平台也得以维护。 配置文件用于包括要加载的模块的测量(例如散列值,签名等)。 在安全启动之后,操作系统内核在加载和执行之前使用配置文件来检查模块的完整性。 如果模块没有针对配置文件数据进行验证,则系统可以防止进一步的操作,限制某些操作,指示系统的不受信任的性质或采取其他操作。 在一个实施例中,如果模块不通过完整性检查,则将失败的测量扩展到可信平台管理器(TPM)进程内的特定平台配置寄存器(PCR)。 随后,客户应用程序可以根据PCR值的返回来确定平台是否可信任。 本地应用程序(在同一平台上运行的应用程序)可以将密码“密封”到可信赖的平台。 应用程序的操作依赖于只能在可信平台中显示的秘密。
-
公开(公告)号:US07716494B2
公开(公告)日:2010-05-11
申请号:US10893137
申请日:2004-07-15
IPC分类号: H04L9/00
CPC分类号: G06F21/57
摘要: A trusted platform in a digital processing system is maintained even when modules, or other processes or data, are loaded after a boot sequence. A configuration file is used to include measurements (e.g., hash values, signatures, etc.) of modules to be loaded. After secure boot-up the operating system kernel uses the configuration file to check module integrity prior to loading and executing. If a module does not verify against the configuration file data then the system can prevent further operation, restrict certain operations, indicate the non-trusted nature of the system or take other actions. In one embodiment, if a module does not pass the integrity check then the failed measurement is extended into a specific Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trustable based on the return of the PCR value. A local application (application running in the same platform) can “seal” secrets to a trusted platform. The operation of the application relies on the secrets, which can only be revealed in a trusted platform.
摘要翻译: 即使在引导顺序之后加载模块或其他进程或数据,数字处理系统中的信任平台也得以维护。 配置文件用于包括要加载的模块的测量(例如散列值,签名等)。 在安全启动之后,操作系统内核在加载和执行之前使用配置文件来检查模块的完整性。 如果模块没有针对配置文件数据进行验证,则系统可以防止进一步的操作,限制某些操作,指示系统的不受信任的性质或采取其他操作。 在一个实施例中,如果模块不通过完整性检查,则将失败的测量扩展到可信平台管理器(TPM)进程内的特定平台配置寄存器(PCR)。 随后,客户应用程序可以根据PCR值的返回来确定平台是否可信任。 本地应用程序(在同一平台上运行的应用程序)可以将密码“密封”到可信赖的平台。 应用程序的操作依赖于只能在可信平台中显示的秘密。
-
3.发明申请System and method for storing attributes in a file for processing an operating system 审中-公开用于在用于处理操作系统的文件中存储属性的系统和方法公开(公告)号:US20060015860A1
公开(公告)日:2006-01-19
申请号:US10893129
申请日:2004-07-15
申请人: Zhengrong Liu , Takemura Shinichi
发明人: Zhengrong Liu , Takemura Shinichi
IPC分类号: G06F9/44
CPC分类号: G06F21/64
摘要: A method and apparatus for adding sections to a file used for executing a process in a Linux operating system. The file includes existing sections, an executable linking format, and other attributes for the application. Sections are added to the existing sections of the file which may be used to execute a process in a Linux operating system.
摘要翻译: 一种用于在Linux操作系统中为用于执行进程的文件添加部分的方法和装置。 该文件包括现有的部分,可执行链接格式和应用程序的其他属性。 部分将添加到文件的现有部分,可用于在Linux操作系统中执行进程。
-
-
搜索结果
3 条记录 (耗时 0.015 秒)
