专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明申请

US20120011578A1 Cross-protocol federated single sign-on (F-SSO) for cloud enablement 有权
标题翻译：交叉协议联合单点登录（F-SSO），用于云启用
公开(公告)号：US20120011578A1
公开(公告)日：2012-01-12
申请号：US12832307
申请日：2010-07-08
申请人： Heather M. Hinton , Steven A. Bade , Jeb Linton , Peter Rodriguez
发明人： Heather M. Hinton , Steven A. Bade , Jeb Linton , Peter Rodriguez
IPC分类号： H04L9/14 , H04L9/30 , G06F15/16 , H04L9/00
CPC分类号： H04L63/0815 , H04L9/3228
摘要： A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.
摘要翻译：能够访问计算云中托管的资源的方法从接收到注册请求开始，以启动用户的注册以使用计算云中托管的资源。在通过接收注册请求发起的注册过程中，接收到联合单点登录（F-SSO）请求。 F-SSO请求包括具有认证数据（例如，SSH公钥，CIFS用户名等）的断言（例如，基于HTTP的SAML断言），用于使直接用户能够访问计算机中托管的资源云。在确认断言之后，将认证数据部署在云中，以使用身份验证数据可以直接访问计算云资源。以这种方式，云提供商为用户提供身份验证，单点登录和生命周期管理，尽管用于F-SSO的HTTP协议与用于用户直接访问的非HTTP协议之间存在“空白” 云资源。

42. 发明授权

US07996687B2 Product for providing a scalable trusted platform module in a hypervisor environment 失效
标题翻译：用于在管理程序环境中提供可扩展的可信平台模块的产品
公开(公告)号：US07996687B2
公开(公告)日：2011-08-09
申请号：US12262445
申请日：2008-10-31
申请人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F11/30 , H04K1/10
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： Multiple logical partitions are provided in a data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

43. 发明授权

US07908492B2 Method for using a compact disk as a smart key device 有权
标题翻译：使用光盘作为智能钥匙装置的方法
公开(公告)号：US07908492B2
公开(公告)日：2011-03-15
申请号：US12118785
申请日：2008-05-12
申请人： Steven A. Bade , Ching-Yun Chao
发明人： Steven A. Bade , Ching-Yun Chao
IPC分类号： H04L29/06 , G06F17/30
CPC分类号： H04L9/3265 , G06F21/33 , G06F21/34 , G06F21/445 , H04L9/0897 , H04L9/3247 , H04L9/3273 , H04L2209/805
摘要： A data processing method accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.
摘要翻译：数据处理方法接受与数据处理系统中的系统单元电接合的可移动存储介质，之后可移动存储介质和硬件安全单元相互认证自身。可移动存储介质存储与硬件安全单元相关联的第一非对称加密密钥对和第二非对称密码密钥对的公钥的私钥，并且硬件安全单元存储第二非对称密码密钥的私钥对和与可移动存储介质相关联的第一非对称加密密钥对的公开密钥。响应于成功地执行可移动存储介质和硬件安全单元之间的相互认证操作，系统单元能够在可移动存储介质保持与系统单元接合的同时在硬件安全单元上调用加密功能。

44. 发明申请

US20100070781A1 METHOD AND SYSTEM FOR BOOTSTRAPPING A TRUSTED SERVER HAVING REDUNDANT TRUSTED PLATFORM MODULES 有权
标题翻译：用于引导具有冗余引导平台模块的有效服务器的方法和系统
公开(公告)号：US20100070781A1
公开(公告)日：2010-03-18
申请号：US12621524
申请日：2009-11-19
申请人： Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , David R. Safford , Leendert Peter Van Doorn
发明人： Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , David R. Safford , Leendert Peter Van Doorn
IPC分类号： G06F11/30
CPC分类号： G06F21/575
摘要： Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
摘要翻译：以冗余的方式使用数据处理系统内的多个可信任的平台模块，其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。管理程序请求每个可信平台模块加密秘密数据的副本，从而生成加密的秘密数据值的多个版本，然后存储在可信平台内的非易失性存储器中。在稍后的时间点，加密的秘密数据值由执行先前加密的可信任平台模块进行解密，然后进行比较。如果解密值中的任何一个与比较操作中的值的数量不匹配，则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的，因为它不能正确解密其先前加密的值。

45. 发明申请

US20100042823A1 Method, Apparatus, and Product for Providing a Scalable Trusted Platform Module in a Hypervisor Environment 失效
标题翻译：在Hypervisor环境中提供可扩展可信平台模块的方法，设备和产品
公开(公告)号：US20100042823A1
公开(公告)日：2010-02-18
申请号：US12262445
申请日：2008-10-31
申请人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, JR. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, JR. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F12/14 , G06F9/24 , G06F9/455
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：描述了一种在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品，其中数据处理系统包括单个硬件可信平台模块（TPM）。在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

46. 发明申请

US20090327763A1 Method for Using a Compact Disk as a Smart Key Device 有权
标题翻译：使用光盘作为智能钥匙装置的方法
公开(公告)号：US20090327763A1
公开(公告)日：2009-12-31
申请号：US12118785
申请日：2008-05-12
申请人： Steven A. Bade , Ching-Yun Chao
发明人： Steven A. Bade , Ching-Yun Chao
IPC分类号： G06F11/30
CPC分类号： H04L9/3265 , G06F21/33 , G06F21/34 , G06F21/445 , H04L9/0897 , H04L9/3247 , H04L9/3273 , H04L2209/805
摘要： A data processing method accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.
摘要翻译：数据处理方法接受与数据处理系统内的系统单元电接合的可移动存储介质，之后可移动存储介质和硬件安全单元相互认证自身。可移动存储介质存储与硬件安全单元相关联的第一非对称加密密钥对和第二非对称密码密钥对的公钥的私钥，并且硬件安全单元存储第二非对称密码密钥的私钥对和与可移动存储介质相关联的第一非对称加密密钥对的公开密钥。响应于成功地执行可移动存储介质和硬件安全单元之间的相互认证操作，系统单元能够在可移动存储介质保持与系统单元接合的同时在硬件安全单元上调用加密功能。

47. 发明申请

US20090313470A1 Using a Portable Computing Device as a Smart Key Device 有权
标题翻译：使用便携式计算设备作为智能钥匙设备
公开(公告)号：US20090313470A1
公开(公告)日：2009-12-17
申请号：US12348475
申请日：2009-01-05
申请人： Steven A. Bade , Ching-Yun Chao
发明人： Steven A. Bade , Ching-Yun Chao
IPC分类号： H04L9/32 , H04L9/30
CPC分类号： G06F21/33 , G06F21/34 , G06F21/445 , H04L9/3265 , H04L9/3273 , H04L2209/56 , H04L2209/805
摘要： A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.
摘要翻译：包括第一密码装置的第一数据处理系统与包括第二密码装置的第二数据处理系统通信地耦合。然后密码设备会自己相互认证。第一加密设备存储与第二数据处理系统相关联的第一非对称密码密钥对和第二非对称密码密钥对的公钥的私钥。第二加密设备存储第二非对称密码密钥对的私钥和与第一数据处理系统相关联的第一非对称密码密钥对的公开密钥。响应于成功地执行两个加密系统之间的相互认证操作，第一数据处理系统能够在第一数据处理系统保持与第二数据处理系统通信耦合的同时在第一密码装置上调用敏感的加密功能。

48. 发明申请

US20090049305A1 METHOD AND SYSTEM FOR HIERARCHICAL PLATFORM BOOT MEASUREMENTS IN A TRUSTED COMPUTING ENVIRONMENT 有权
标题翻译：有意义的计算环境中的分层平台引导测量的方法和系统
公开(公告)号：US20090049305A1
公开(公告)日：2009-02-19
申请号：US12258332
申请日：2008-10-24
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrel
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrel
IPC分类号： H04L9/00 , G06F15/177
CPC分类号： G06F21/57
摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译：用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的同时允许其高度并行化的初始化过程进行。

49. 发明授权

US07480804B2 Method and system for hierarchical platform boot measurements in a trusted computing environment 失效
标题翻译：在可信计算环境中分层平台引导测量的方法和系统
公开(公告)号：US07480804B2
公开(公告)日：2009-01-20
申请号：US10835503
申请日：2004-04-29
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrell
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrell
IPC分类号： H04L9/00 , G06F12/14
CPC分类号： G06F21/57
摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译：用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的同时允许其高度并行化的初始化过程进行。

50. 发明授权

US07475247B2 Method for using a portable computing device as a smart key device 有权
标题翻译：使用便携式计算装置作为智能钥匙装置的方法
公开(公告)号：US07475247B2
公开(公告)日：2009-01-06
申请号：US11014067
申请日：2004-12-16
申请人： Steven A. Bade , Ching-Yun Chao
发明人： Steven A. Bade , Ching-Yun Chao
IPC分类号： H04L9/00
CPC分类号： G06F21/33 , G06F21/34 , G06F21/445 , H04L9/3265 , H04L9/3273 , H04L2209/56 , H04L2209/805
摘要： A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.
摘要翻译：包括第一密码装置的第一数据处理系统与包括第二密码装置的第二数据处理系统通信地耦合。然后密码设备会自己相互认证。第一加密设备存储与第二数据处理系统相关联的第一非对称密码密钥对和第二非对称密码密钥对的公钥的私钥。第二加密设备存储第二非对称密码密钥对的私钥和与第一数据处理系统相关联的第一非对称密码密钥对的公开密钥。响应于成功地执行两个加密系统之间的相互认证操作，第一数据处理系统能够在第一数据处理系统保持与第二数据处理系统通信耦合的同时在第一密码装置上调用敏感的加密功能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式