专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07415620B2 System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权
标题翻译：将操作系统认证到中央处理单元的系统和方法，向CPU / OS提供安全存储，并将CPU / OS认证给第三方
公开(公告)号：US07415620B2
公开(公告)日：2008-08-19
申请号：US11615361
申请日：2006-12-22
申请人： Paul England , John D. DeTreville , Butler W. Lampson
发明人： Paul England , John D. DeTreville , Butler W. Lampson
IPC分类号： G06F11/30
CPC分类号： G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要： In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.
摘要翻译：根据某些方面，在用户单元和内容提供商之间建立信任链。从用户单元向内容提供商提交请求。挑战随机数在内容提供者处产生并返回到用户单元。在订户单元处，形成包含来自软件身份寄存器的操作系统的身份的操作系统（OS）证书，描述操作系统的信息，挑战随机数和CPU公钥，并且使用一个CPU私钥。由CPU制造商提供的OS证书和CPU制造商证书从用户单元传递到内容提供商，并在内容提供商处进行评估，以确定是否拒绝或完成请求。

12. 发明授权

US07356682B2 Attesting to a value of a register and/or memory region 有权
标题翻译：证明寄存器和/或存储器区域的值
公开(公告)号：US07356682B2
公开(公告)日：2008-04-08
申请号：US10431309
申请日：2003-05-07
申请人： Butler W. Lampson , John D. DeTreville , Paul England
发明人： Butler W. Lampson , John D. DeTreville , Paul England
IPC分类号： G06F9/00
CPC分类号： G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要： In accordance with one aspect of attesting to a value of a register and/or memory region, an operating system of a device receives a request, in response to an ATTEST operation being invoked, to make a signed attestation of a value. The operating system signs a statement that includes the value using a private key of a pair of public and private keys of a processor of the device. The value may be stored in a register and/or a region of memory.
摘要翻译：根据证明寄存器和/或存储器区域的值的一个方面，设备的操作系统响应于被调用的ATTEST操作来接收请求以进行值的签名认证。操作系统使用设备的处理器的一对公钥和私钥的私钥来签署包含该值的语句。该值可以存储在存储器的寄存器和/或区域中。

13. 发明授权

US07302709B2 Key-based secure storage 有权
标题翻译：基于密钥的安全存储
公开(公告)号：US07302709B2
公开(公告)日：2007-11-27
申请号：US11221047
申请日：2005-09-07
申请人： Paul England , John D. DeTreville , Butler W. Lampson
发明人： Paul England , John D. DeTreville , Butler W. Lampson
IPC分类号： H04L9/18
CPC分类号： G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要： A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
摘要翻译：单向散列函数应用于由应用程序提供的种子以产生用于生成应用程序存储密钥的散列种子。单向散列函数被应用于由用户提供的种子以产生第一散列种子，该第一散列种子被传递给键入的哈希函数，其被键入用户的身份，以产生第二散列种子。第二个散列种子用于生成用户存储密钥。从未分解的种子生成操作系统存储密钥。其中一个存储密钥用于加密下载的内容。在下载时附加到内容的访问谓词与存储密钥相关联，以对内容的访问执行某些限制。

14. 发明授权

US07496769B2 Hierarchical trusted code for content protection in computers 有权
标题翻译：计算机内容保护的层次可信代码
公开(公告)号：US07496769B2
公开(公告)日：2009-02-24
申请号：US11018065
申请日：2004-12-20
申请人： Butler W. Lampson , Paul England
发明人： Butler W. Lampson , Paul England
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
摘要翻译：在非安全计算机环境中保护优质内容的架构仅在安全存储器中执行少量代码模块。这些模块被布置在信任层级中，其中模块命名它愿意信任的其他模块，而这些模块又命名他们愿意信任的其他模块。安全加载器加载一个安全管理器，该管理器负责监视用于操纵内容的多个内容提供模块。内存管理员将权限分配给安全内存的各个页面。内存具有不同安全性的环。安全模型可以扩展到计算机总线上的程序模块和其他设备，如DMA控制器和外设。

15. 发明授权

US06651171B1 Secure execution of program code 有权
标题翻译：安全执行程序代码
公开(公告)号：US06651171B1
公开(公告)日：2003-11-18
申请号：US09287393
申请日：1999-04-06
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： G06F1208
CPC分类号： G06F21/53 , G06F12/1491
摘要： Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.
摘要翻译：窗帘操作提供可信赖的代码执行和安全存储器中数据的保密性。窗帘代码只能从窗帘内存区域的特定地址范围内执行，以防止无区域的代码访问。代码入口点受到限制，原子执行得到保证。存储器被组织成多个分层帘式环，并且对等子被拒绝彼此访问以及更安全的环。

16. 发明授权

US06976175B2 Hierarchical trusted code for content protection in computers 失效
公开(公告)号：US06976175B2
公开(公告)日：2005-12-13
申请号：US11011457
申请日：2004-12-13
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： G06F21/00 , G06Q10/10 , H04L9/00 , G06F17/60
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

17. 发明授权

US07020772B2 Secure execution of program code 失效
公开(公告)号：US07020772B2
公开(公告)日：2006-03-28
申请号：US10667612
申请日：2003-09-22
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： G06F17/30
CPC分类号： G06F21/53 , G06F12/1491
摘要： Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.

18. 发明授权

US06986059B2 Hierarchical trusted code for content protection in computers 失效
公开(公告)号：US06986059B2
公开(公告)日：2006-01-10
申请号：US10870845
申请日：2004-06-17
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： H04L9/00 , G06F17/60
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

19. 发明授权

US06775779B1 Hierarchical trusted code for content protection in computers 有权
公开(公告)号：US06775779B1
公开(公告)日：2004-08-10
申请号：US09287698
申请日：1999-04-06
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： H04L900
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

20. 发明授权

US06745306B1 Method and system for restricting the load of physical address translations of virtual addresses 有权
标题翻译：用于限制虚拟地址的物理地址转换的负载的方法和系统
公开(公告)号：US06745306B1
公开(公告)日：2004-06-01
申请号：US09520203
申请日：2000-03-07
申请人： Bryan M. Willman , Paul England , John D. DeTreville
发明人： Bryan M. Willman , Paul England , John D. DeTreville
IPC分类号： G06F1214
CPC分类号： G06F12/145 , G06F12/1027 , G06F12/1081 , G06F12/1491
摘要： A method and system for protecting data on a computer system uses one or more restricted areas of memory to store proprietary or confidential data. The translation lookaside buffer (TLB) is used to regulate access to the restricted memory. When a TLB miss occurs during the execution of a program, the TLB miss handling logic determines whether the program is attempting to access restricted memory. If so, then the TLB miss handling logic determines whether the program is authorized to have access. If the program is not authorized to have access, then the TLB miss handling logic generates an exception, such as an invalid page fault, and the TLB is not loaded. If the program is authorized to have access to the restricted page, then the TLB is loaded with the appropriate address translation. As long as the translation remains in the TLB, future accesses to the page by an authorized program will require no additional checks and no additional CPU time.
摘要翻译：用于在计算机系统上保护数据的方法和系统使用存储器的一个或多个限制区域来存储专用或机密数据。翻译后备缓冲器（TLB）用于调节对受限内存的访问。当在程序执行期间出现TLB未命中时，TLB未命中处理逻辑确定程序是否尝试访问受限存储器。如果是这样，则TLB未命中处理逻辑确定该程序是否被授权进行访问。如果程序没有权限访问，则TLB未命中处理逻辑会产生异常，例如无效页错误，TLB未加载。如果该程序被授权访问受限制的页面，则TLB将加载适当的地址转换。只要转换保留在TLB中，未来的授权程序对页面的访问将不需要额外的检查，也不需要额外的CPU时间。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式