专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明申请

US20080244746A1 RUN-TIME REMEASUREMENT ON A TRUSTED PLATFORM 审中-公开
标题翻译：对一个有争议的平台的运行时间恢复
公开(公告)号：US20080244746A1
公开(公告)日：2008-10-02
申请号：US11692672
申请日：2007-03-28
申请人： Carlos V. Rozas , David Bowler , Vincent R. Scarlata , Burzin Daruwala
发明人： Carlos V. Rozas , David Bowler , Vincent R. Scarlata , Burzin Daruwala
IPC分类号： G06F15/18
CPC分类号： G06F21/57 , G06F2221/2101
摘要： A method and system are disclosed. In one embodiment, the method includes invoking a run-time measurement agent (RTMA) to run on a trusted platform, the RTMA measuring a core system code block multiple times after a single boot on the trusted platform; and a trusted platform module storing these multiple measurements.
摘要翻译：公开了一种方法和系统。在一个实施例中，该方法包括调用在受信任平台上运行的运行时测量代理（RTMA），RTMA在可信平台上单次引导之后多次测量核心系统代码块; 以及存储这些多个测量的可信平台模块。

32. 发明申请

US20180114012A1 TRUSTED PACKET PROCESSING FOR MULTI-DOMAIN SEPARATIZATION AND SECURITY 审中-公开
公开(公告)号：US20180114012A1
公开(公告)日：2018-04-26
申请号：US15298416
申请日：2016-10-20
申请人： Kapil Sood , Somnath Chakrabarti , Wei Shen , Carlos V. Rozas , Mona Vij , Vincent R. Scarlata
发明人： Kapil Sood , Somnath Chakrabarti , Wei Shen , Carlos V. Rozas , Mona Vij , Vincent R. Scarlata
IPC分类号： G06F21/53 , G06F9/44 , G06F21/57 , G06F21/60 , G06F9/455 , G06F9/445
CPC分类号： G06F21/53 , G06F8/61 , G06F9/4406 , G06F9/45558 , G06F12/1036 , G06F12/109 , G06F12/1425 , G06F21/575 , G06F21/79 , G06F2009/45587 , G06F2212/1052 , H04L41/5041
摘要： Methods and apparatus for implemented trusted packet processing for multi-domain separatization and security. Secure enclaves are created in system memory of a compute platform configured to support a virtualized execution environment including a plurality of virtual machines (VMs) or containers, each secure enclave occupying a respective protected portion of the system memory, wherein software code external from a secure enclave cannot access code or data within a secure enclave, and software code in a secure enclave can access code and data both within the secure enclave and external to the secure enclave. Software code for implementing packet processing operations is installed in the secure enclaves. The software in the secure enclaves is then executed to perform the packet processing operations. Various configurations of secure enclaves and software code may be implemented, including configurations supporting service chains both within a VM or contain or across multiple VMs or containers, as well a parallel packet processing operations.

33. 发明授权

US09280659B2 Methods and apparatus for remeasuring a virtual machine monitor 有权
标题翻译：用于重新测试虚拟机监视器的方法和装置
公开(公告)号：US09280659B2
公开(公告)日：2016-03-08
申请号：US11648103
申请日：2006-12-29
申请人： Carlos V. Rozas , Vincent R. Scarlata
发明人： Carlos V. Rozas , Vincent R. Scarlata
IPC分类号： H04L29/06 , G06F21/53 , G06F9/455 , G06F21/57
CPC分类号： G06F21/57 , G06F9/45533 , G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587 , G06F2221/033
摘要： A data processing system supports remeasurement of a virtual machine monitor (VMM). In one example process, the VMM may obtain a secret value from a trusted platform module (TPM) of the processing system. The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM, for example. However, the VMM may verify the measurement agent before providing the secret value to the measurement agent. The measurement agent may generate a remeasurement value for the VMM, use the secret value that was obtained from the TPM to certify the remeasurement value, and communicate the remeasurement value to a requesting program, via the VMM. Other embodiments are described and claimed.
摘要翻译：数据处理系统支持重新测量虚拟机监视器（VMM）。在一个示例性过程中，VMM可以从处理系统的可信平台模块（TPM）获得秘密值。 VMM可以将来自VMM的秘密值提供给在处理系统的系统管理模式（SMM）中执行的测量代理。测量代理可以是例如可以创建在SMM中执行的虚拟机的系统管理中断（SMI）传送监视器（STM）。然而，VMM可以在向测量代理提供秘密值之前验证测量代理。测量代理可以生成VMM的重新测量值，使用从TPM获得的秘密值来验证重新测量值，并通过VMM将重新测量值传达给请求程序。描述和要求保护其他实施例。

34. 发明授权

US08458480B2 Method and apparatus for binding TPM keys to execution entities 有权
标题翻译：将TPM密钥绑定到执行实体的方法和装置
公开(公告)号：US08458480B2
公开(公告)日：2013-06-04
申请号：US13016145
申请日：2011-01-28
申请人： Alexander Iliev , Vincent R. Scarlata , Carlos V. Rozas
发明人： Alexander Iliev , Vincent R. Scarlata , Carlos V. Rozas
IPC分类号： H04L29/06 , H04L9/32 , H04L9/00 , G06F21/00
CPC分类号： G06F21/57 , G06F21/72 , G06F2221/2141 , H04L9/0897
摘要： A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.
摘要翻译：描述了将可信平台模块（TPM）密钥绑定到执行实体的方法和装置。在一个实施例中，该方法包括接收由执行实体发出的授权数据的授权请求。根据授权请求，可以测量执行实体以生成实体摘要值。一旦生成实体摘要值，如果实体摘要值验证执行实体是TPM持有的密钥的所有者，则平台引用模块可以授予授权请求。因此，在一个实施例中，平台参考模块而不是执行实体保存TPM所需的授权数据，以使用由执行实体拥有的密钥并由TPM保存在密封存储器内。描述和要求保护其他实施例。

35. 发明授权

US07908483B2 Method and apparatus for binding TPM keys to execution entities 有权
标题翻译：将TPM密钥绑定到执行实体的方法和装置
公开(公告)号：US07908483B2
公开(公告)日：2011-03-15
申请号：US11170853
申请日：2005-06-30
申请人： Alexander Iliev , Vincent R. Scarlata , Carlos V. Rozas
发明人： Alexander Iliev , Vincent R. Scarlata , Carlos V. Rozas
IPC分类号： H04L29/06 , H04L9/32 , G06F21/00 , H04L9/00
CPC分类号： G06F21/57 , G06F21/72 , G06F2221/2141 , H04L9/0897
摘要： A method and apparatus for binding trusted platform module (TPM) keys to execution entities are described. In one embodiment, the method includes the receipt of an authorization request issued by an execution entity for authorization data. According to the authorization request, the execution entity may be measured to generate an entity digest value. Once the entity digest value is generated, a platform reference module may grant the authorization request if the entity digest value verifies that the execution entity is an owner of the key held by the TPM. Accordingly, in one embodiment, a platform reference module, rather than an execution entity, holds the authorization data required by a TPM to use a key owned by the execution entity and held within sealed storage by the TPM. Other embodiments are described and claimed.
摘要翻译：描述了将可信平台模块（TPM）密钥绑定到执行实体的方法和装置。在一个实施例中，该方法包括接收由执行实体发出的授权数据的授权请求。根据授权请求，可以测量执行实体以生成实体摘要值。一旦生成实体摘要值，如果实体摘要值验证执行实体是TPM持有的密钥的所有者，则平台引用模块可以授予授权请求。因此，在一个实施例中，平台参考模块而不是执行实体保存TPM所需的授权数据，以使用由执行实体拥有的密钥并由TPM保存在密封存储器内。描述和要求保护其他实施例。

36. 发明授权

US07636442B2 Method and apparatus for migrating software-based security coprocessors 有权
标题翻译：用于迁移基于软件的安全协处理器的方法和装置
公开(公告)号：US07636442B2
公开(公告)日：2009-12-22
申请号：US11171134
申请日：2005-06-29
申请人： Vincent R. Scarlata , Carlos V. Rozas
发明人： Vincent R. Scarlata , Carlos V. Rozas
IPC分类号： H04L9/00
CPC分类号： H04L63/0823 , G06F21/53 , G06F21/552 , G06F21/57 , G06F21/577 , G06F21/602 , G06F21/72 , G06F21/74 , G06F2221/2103 , G06F2221/2105 , G06F2221/2149 , H04L63/0876
摘要： A first processing system determines whether a second processing system provides a trustworthy state for supporting a virtual security coprocessor. In response to determining that the second processing system provides a trustworthy state for supporting the virtual security coprocessor, the first processing system transfers the virtual security coprocessor to the second processing system. In one embodiment, the first processing system receives a key and proof of bindings of the key from the second processing system. The first processing system may determine whether the second processing system provides a trustworthy state for migration of the virtual security coprocessor, based at least in part on the proof of bindings received from the second processing system. After the second processing system receives the virtual security coprocessor, the virtual security coprocessor may be removed from the first processing system. Other embodiments are described and claimed.
摘要翻译：第一处理系统确定第二处理系统是否提供用于支持虚拟安全协处理器的可信状态。响应于确定第二处理系统提供用于支持虚拟安全协处理器的可信状态，第一处理系统将虚拟安全协处理器传送到第二处理系统。在一个实施例中，第一处理系统接收密钥和来自第二处理系统的密钥的绑定的证明。第一处理系统可以至少部分地基于从第二处理系统接收到的绑定的证明来确定第二处理系统是否为虚拟安全协处理器的迁移提供可信赖的状态。在第二处理系统接收到虚拟安全协处理器之后，可以从第一处理系统移除虚拟安全协处理器。描述和要求保护其他实施例。

37. 发明授权

US07590867B2 Method and apparatus for providing secure virtualization of a trusted platform module 有权
标题翻译：用于提供可信平台模块的安全虚拟化的方法和装置
公开(公告)号：US07590867B2
公开(公告)日：2009-09-15
申请号：US10876994
申请日：2004-06-24
申请人： Vincent R. Scarlata , Carlos V. Rozas
发明人： Vincent R. Scarlata , Carlos V. Rozas
IPC分类号： G06F12/14
CPC分类号： G06F21/57 , G06F9/45558 , G06F21/53 , G06F2009/45587
摘要： A method and a related apparatus provide a virtual trusted platform module (TPM). In an example embodiment, a virtual TPM service creates a virtual TPM for use in a processing system that contains a physical TPM. The virtual TPM service may store a key for the virtual TPM in the physical TPM. The virtual TPM service may then use the virtual TPM to provide emulated physical TPM features. In one embodiment, the virtual TPM service may use the virtual TPM to emulate a physical TPM for a virtual machine in the processing system. Other embodiments are described and claimed.
摘要翻译：一种方法和相关装置提供虚拟可信平台模块（TPM）。在示例实施例中，虚拟TPM服务创建用于在包含物理TPM的处理系统中使用的虚拟TPM。虚拟TPM服务可以在物理TPM中存储虚拟TPM的密钥。然后，虚拟TPM服务可以使用虚拟TPM来提供模拟的物理TPM特征。在一个实施例中，虚拟TPM服务可以使用虚拟TPM来模拟处理系统中的虚拟机的物理TPM。描述和要求保护其他实施例。

38. 发明申请

US20080163209A1 Methods and apparatus for remeasuring a virtual machine monitor 有权
标题翻译：用于重新测试虚拟机监视器的方法和装置
公开(公告)号：US20080163209A1
公开(公告)日：2008-07-03
申请号：US11648103
申请日：2006-12-29
申请人： Carlos V. Rozas , Vincent R. Scarlata
发明人： Carlos V. Rozas , Vincent R. Scarlata
IPC分类号： G06F9/455
CPC分类号： G06F21/57 , G06F9/45533 , G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587 , G06F2221/033
摘要： A data processing system supports remeasurement of a virtual machine monitor (VMM). In one example process, the VMM may obtain a secret value from a trusted platform module (TPM) of the processing system. The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM, for example. However, the VMM may verify the measurement agent before providing the secret value to the measurement agent. The measurement agent may generate a remeasurement value for the VMM, use the secret value that was obtained from the TPM to certify the remeasurement value, and communicate the remeasurement value to a requesting program, via the VMM. Other embodiments are described and claimed.
摘要翻译：数据处理系统支持重新测量虚拟机监视器（VMM）。在一个示例性过程中，VMM可以从处理系统的可信平台模块（TPM）获得秘密值。 VMM可以将来自VMM的秘密值提供给在处理系统的系统管理模式（SMM）中执行的测量代理。测量代理可以是例如可以创建在SMM中执行的虚拟机的系统管理中断（SMI）传送监视器（STM）。然而，VMM可以在向测量代理提供秘密值之前验证测量代理。测量代理可以生成VMM的重新测量值，使用从TPM获得的秘密值来验证重新测量值，并通过VMM将重新测量值传达给请求程序。描述和要求保护其他实施例。

39. 发明授权

US08595483B2 Associating a multi-context trusted platform module with distributed platforms 有权
标题翻译：将多上下文信任平台模块与分布式平台相关联
公开(公告)号：US08595483B2
公开(公告)日：2013-11-26
申请号：US13329713
申请日：2011-12-19
申请人： Carlos V. Rozas
发明人： Carlos V. Rozas
IPC分类号： H04L29/00
CPC分类号： G06F21/57 , G06F2221/2101 , G06F2221/2129 , G06F2221/2145
摘要： In one embodiment, the present invention includes a method for creating an instance of a virtual trusted platform module (TPM) in a central platform and associating the instance with a managed platform coupled to the central platform. Multiple such vTPM's may be instantiated, each associated with a different managed platform coupled to the central platform. The instances may all be maintained on the central platform, improving security. Other embodiments are described and claimed.
摘要翻译：在一个实施例中，本发明包括用于在中央平台中创建虚拟可信平台模块（TPM）的实例并将该实例与耦合到中央平台的受管平台相关联的方法。多个这样的vTPM可以被实例化，每个都与耦合到中央平台的不同的管理平台相关联。这些实例都可以在中央平台上维护，从而提高安全性。描述和要求保护其他实施例。

40. 发明授权

US08108668B2 Associating a multi-context trusted platform module with distributed platforms 有权
标题翻译：将多上下文信任平台模块与分布式平台相关联
公开(公告)号：US08108668B2
公开(公告)日：2012-01-31
申请号：US11474778
申请日：2006-06-26
申请人： Carlos V. Rozas
发明人： Carlos V. Rozas
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F2221/2101 , G06F2221/2129 , G06F2221/2145
摘要： In one embodiment, the present invention includes a method for creating an instance of a virtual trusted platform module (TPM) in a central platform and associating the instance with a managed platform coupled to the central platform. Multiple such vTPM's may be instantiated, each associated with a different managed platform coupled to the central platform. The instances may all be maintained on the central platform, improving security. Other embodiments are described and claimed.
摘要翻译：在一个实施例中，本发明包括用于在中央平台中创建虚拟可信平台模块（TPM）的实例并将该实例与耦合到中央平台的受管平台相关联的方法。多个这样的vTPM可以被实例化，每个都与耦合到中央平台的不同的管理平台相关联。这些实例都可以在中央平台上维护，从而提高安全性。描述和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式