专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060031790A1 Trusted computing platform 有权
标题翻译：可信计算平台
公开(公告)号：US20060031790A1
公开(公告)日：2006-02-09
申请号：US11249820
申请日：2005-10-12
申请人： Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
发明人： Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
IPC分类号： G06F17/50
CPC分类号： G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要： In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal. Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译：在计算平台中，将可信硬件设备（24）添加到主板（20）。可信硬件设备（24）被配置为获取计算平台的完整性度量，例如BIOS存储器（29）的散列。受信任的硬件设备（24）是防篡改的，难以伪造并且不能访问平台的其他功能。该哈希可以用于说服用户，平台（硬件或软件）的操作没有以某种方式颠覆，并且可以安全地与本地或远程应用程序进行交互。更详细地说，计算平台的主处理单元（21）在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备（24）进行寻址。可信硬件设备（24）被配置为从主处理单元（21）接收存储器读取信号，并响应于主处理单元（21）的母语的返回指令，其指示主处理单元建立散列并返回由可信硬件设备（24）存储的值。由于散列是在任何其他系统操作之前计算出来的，所以这是验证系统完整性的相对较强的方法。一旦散列已经返回，最后的指令调用BIOS程序，并且系统引导过程正常进行。每当用户希望与计算平台进行交互时，他首先请求完整性度量，其与被可信方测量的真实完整性度量进行比较。如果指标相同，则会验证平台并继续进行交互。否则，交互停止，基于平台的操作可能已被颠覆。

IPRDB

热门服务

关于我们

友情链接

联系方式