专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US07096497B2 File checking using remote signing authority via a network 有权
公开(公告)号：US07096497B2
公开(公告)日：2006-08-22
申请号：US09823131
申请日：2001-03-30
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar
IPC分类号： G06F11/30 , H04L9/00
CPC分类号： G06F21/645
摘要： A file is sent to a remote signing authority via a network. The signing authority checks the file and provides a signature indicating file integrity of the file. The signature returned from the signing authority via the network is verified.

22. 发明授权

US06957332B1 Managing a secure platform using a hierarchical executive architecture in isolated execution mode 有权
标题翻译：在隔离执行模式下使用分层执行体系管理安全平台
公开(公告)号：US06957332B1
公开(公告)日：2005-10-18
申请号：US09539344
申请日：2000-03-31
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Milland Mittal
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Milland Mittal
IPC分类号： G06F12/14 , G06F15/00 , G06F21/00 , H04L9/00
CPC分类号： G06F12/1491 , G06F21/57 , G06F21/74
摘要： A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a fused key (FK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the FK and the PE supplement.
摘要翻译：处理器执行（PE）在安全环境中处理操作系统执行程序（OSE）。安全环境具有融合密钥（FK），并且与平台中的隔离存储器区域相关联。 OSE管理在平台上运行的操作系统（OS）的子集。该平台具有以正常执行模式和隔离执行模式之一操作的处理器。在隔离的执行模式下，处理器可以访问隔离的内存区域。 PE补充用PE代替PE补充PE，PE标识符用于标识PE。 PE处理程序使用FK和PE补充来处理PE。

23. 发明授权

US06941458B1 Managing a secure platform using a hierarchical executive architecture in isolated execution mode 有权
标题翻译：在隔离执行模式下使用分层执行体系管理安全平台
公开(公告)号：US06941458B1
公开(公告)日：2005-09-06
申请号：US09668585
申请日：2000-09-22
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Milland Mittal
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Milland Mittal
IPC分类号： G06F12/14 , G06F15/00 , G06F21/00 , H04L9/00
CPC分类号： G06F12/1491 , G06F21/57 , G06F21/74
摘要： A processor executive (PE) handles an operating system executive (OSE) in a secure environment. The secure environment has a platform key (PK) and is associated with an isolated memory area in the platform. The OSE manages a subset of an operating system (OS) running on the platform. The platform has a processor operating in one of a normal execution mode and an isolated execution mode. The isolated memory area is accessible to the processor in the isolated execution mode. A PE supplement supplements the PE with a PE manifest representing the PE and a PE identifier to identify the PE. A PE handler handles the PE using the PK and the PE supplement.
摘要翻译：处理器执行（PE）在安全环境中处理操作系统执行程序（OSE）。安全环境具有平台密钥（PK），并且与平台中的隔离存储器区域相关联。 OSE管理在平台上运行的操作系统（OS）的子集。该平台具有以正常执行模式和隔离执行模式之一操作的处理器。在隔离的执行模式下，处理器可以访问隔离的内存区域。 PE补充用PE代替PE补充PE，PE标识符用于标识PE。 PE处理程序使用PK和PE补充来处理PE。

24. 发明授权

US07516330B2 Platform and method for establishing provable identities while maintaining privacy 有权
标题翻译：在保持隐私的同时建立可证明身份的平台和方法
公开(公告)号：US07516330B2
公开(公告)日：2009-04-07
申请号：US11289747
申请日：2005-11-29
申请人： Carl M. Ellison , James A. Sutton
发明人： Carl M. Ellison , James A. Sutton
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3271 , H04L2209/42
摘要： In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.
摘要翻译：在一个实施例中，描述了一种利用假名来保护平台及其用户的身份的方法。该方法包括产生包含公共假名密钥的假名。公共假名密钥被放置在证书模板中。在证书模板上执行散列操作以产生从平台转换的证书哈希值。此后，将签名结果返回到平台。签名结果是转换的证书哈希值的数字签名。在执行签名结果的逆变换时，恢复证书哈希值的数字签名。该数字签名可以用于使用假名的后续通信的数据完整性检查。

25. 发明授权

US06976162B1 Platform and method for establishing provable identities while maintaining privacy 失效
标题翻译：在保持隐私的同时建立可证明身份的平台和方法
公开(公告)号：US06976162B1
公开(公告)日：2005-12-13
申请号：US09605605
申请日：2000-06-28
申请人： Carl M. Ellison , James A. Sutton
发明人： Carl M. Ellison , James A. Sutton
IPC分类号： H04L9/32 , H04L9/16
CPC分类号： H04L9/3265 , H04L9/3271 , H04L2209/42
摘要： In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.
摘要翻译：在一个实施例中，描述了一种利用假名来保护平台及其用户的身份的方法。该方法包括产生包含公共假名密钥的假名。公共假名密钥被放置在证书模板中。在证书模板上执行散列操作以产生从平台转换的证书哈希值。此后，将签名结果返回到平台。签名结果是转换的证书哈希值的数字签名。在执行签名结果的逆变换时，恢复证书哈希值的数字签名。该数字签名可以用于使用假名的后续通信的数据完整性检查。

26. 发明授权

US07308576B2 Authenticated code module 有权
标题翻译：认证代码模块
公开(公告)号：US07308576B2
公开(公告)日：2007-12-11
申请号：US10039595
申请日：2001-12-31
申请人： Andrew F. Glew , James A. Sutton , Lawrence O. Smith , David W. Grawrock , Gilbert Neiger , Michael A. Kozuch
发明人： Andrew F. Glew , James A. Sutton , Lawrence O. Smith , David W. Grawrock , Gilbert Neiger , Michael A. Kozuch
IPC分类号： H04L9/00 , G06F11/30 , G06F15/16 , H04L29/06 , G06G1/00 , G06G12/14
CPC分类号： G06F21/52
摘要： An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.
摘要翻译：认证代码模块包括证明模块真实性的值。该值使用与要执行该模块的计算设备的密钥对应的密钥加密。

27. 发明授权

US07725713B2 Launching a secure kernel in a multiprocessor system 有权
标题翻译：在多处理器系统中启动安全内核
公开(公告)号：US07725713B2
公开(公告)日：2010-05-25
申请号：US12005450
申请日：2007-12-27
申请人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
发明人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
IPC分类号： G06F9/30 , H04L29/06
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trust agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
摘要翻译：在本发明的一个实施例中，一种方法包括验证系统的起始逻辑处理器; 如果启动逻辑处理器被验证，则使用起始逻辑处理器验证可信代理; 以及如果所述可信代理被验证，则在所述系统的多个处理器上启动所述信任代理。在执行这样的可信代理之后，在某些实施例中可以启动安全内核。该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

28. 发明申请

US20130254905A1 Launching A Secure Kernel In A Multiprocessor System 有权
公开(公告)号：US20130254905A1
公开(公告)日：2013-09-26
申请号：US13897906
申请日：2013-05-20
申请人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Williard M. Wiseman
发明人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Williard M. Wiseman
IPC分类号： G06F21/64
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

29. 发明授权

US07774600B2 Launching a secure kernel in a multiprocessor system 有权
公开(公告)号：US07774600B2
公开(公告)日：2010-08-10
申请号：US12005570
申请日：2007-12-27
申请人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
发明人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
IPC分类号： G06F9/30 , H04L29/06
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

30. 发明申请

US20100058075A1 METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM 有权
标题翻译：用于装载可信操作系统的方法和装置
公开(公告)号：US20100058075A1
公开(公告)日：2010-03-04
申请号：US12615475
申请日：2009-11-10
申请人： Michael A. Kozuch , James A. Sutton , David Grawrock
发明人： Michael A. Kozuch , James A. Sutton , David Grawrock
IPC分类号： G06F12/14 , G06F11/30
CPC分类号： G06F9/45533 , G06F9/445 , G06F21/57 , G06F21/575 , G06F2009/45583 , G06F2009/45587
摘要： A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.
摘要翻译：提供了一种用于将区域固定在计算机的存储器中的方法和装置。根据一个实施例，该方法包括在计算机中停止多个处理器中的所有处理器中的所有处理器。停止的处理器进入特殊的停止状态。只有在除了多个处理器中的一个处理器之外的所有处理器停止之后，内容被加载到该区域中，并且该区域被保护以免被暂停的处理器访问。该方法还包括将非暂停处理器置于已知特权状态，并且在非停止处理器已经被置于已知特权状态之后使得暂停的处理器退出停止状态。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式