专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

71. 发明申请

US20100211792A1 COMMUNICATION CHANNEL ACCESS BASED ON CHANNEL IDENTIFIER AND USE POLICY 有权
标题翻译：基于通道识别器的通信通道访问和使用策略
公开(公告)号：US20100211792A1
公开(公告)日：2010-08-19
申请号：US12372476
申请日：2009-02-17
申请人： Octavian T. Ureche , Alex M. Semenko , Sai Vinayak , Carl M. Ellison
发明人： Octavian T. Ureche , Alex M. Semenko , Sai Vinayak , Carl M. Ellison
IPC分类号： H04L9/32 , H04L9/00 , G06F12/14
CPC分类号： H04L9/3247 , H04L63/102 , H04L63/126
摘要： A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译：通信信道具有关联的信道认证器，其包括信道标识符，识别通信信道的所有者如何指示通信信道的使用策略，以及通过信道标识符和使用策略的数字签名。可以由计算设备来验证通信信道的标识符和使用策略，并且通过使用策略来检查计算设备的当前安全策略是否被满足。至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证，允许计算设备被允许对通信信道的访问。

72. 发明申请

US20090007247A1 DOMAIN ID SERVICE 失效
标题翻译：域名服务
公开(公告)号：US20090007247A1
公开(公告)日：2009-01-01
申请号：US11770677
申请日：2007-06-28
申请人： Carl M. Ellison , Paul J. Leach , Butler W. Lampson , Melissa W. Dunn , Ravindra N. Pandya , Charles W. Kaufman
发明人： Carl M. Ellison , Paul J. Leach , Butler W. Lampson , Melissa W. Dunn , Ravindra N. Pandya , Charles W. Kaufman
IPC分类号： G06F21/20 , H04L9/32
CPC分类号： H04L63/145 , G06F21/445 , G06F2221/2115 , G06F2221/2129 , H04L9/0891 , H04L63/0442 , H04L63/0823
摘要： The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.
摘要翻译：主题公开涉及域识别系统，其包括具有密钥和经验无意义的标识符的主体，用于识别网络环境中的组件的经典无意义的标识符。可以通过绑定将符号无意义的标识符绑定到公钥。组件可以是组件邻域的一部分，并且每个成员组件都知道成员的绑定。

73. 发明申请

US20080181412A1 CRYPTOGRAPHIC KEY CONTAINERS ON A USB TOKEN 有权
标题翻译： USB TOKEN上的CRYPTOGRAPHIC KEY CONTAINERS
公开(公告)号：US20080181412A1
公开(公告)日：2008-07-31
申请号：US11627466
申请日：2007-01-26
申请人： Tolga Acar , Carl M. Ellison
发明人： Tolga Acar , Carl M. Ellison
IPC分类号： H04L9/08
CPC分类号： G06F21/6209 , G06F21/79 , H04L9/0897
摘要： A Universal Serial Bus (USB) compatible storage device is utilized as a security token for storage of cryptographic keys. A cryptographic subsystem of a processor accesses cryptographic keys in containers on the USB compatible storage device. Accessing includes storing and/or retrieving. The processor does not include an infrastructure dedicated to the USB compatible storage device. Cryptographic key storage is redirected from an in-processor container to the USB compatible storage device. No password or PIN is required to access the cryptographic keys, yet enhanced security is provided. Utilizing a USB compatible storage device for a cryptographic key container provides a convenient, portable, mechanism for carrying the cryptographic key, and additional security is provided via physical possession of the device.
摘要翻译：通用串行总线（USB）兼容存储设备被用作存储加密密钥的安全令牌。处理器的加密子系统访问USB兼容存储设备上的容器中的加密密钥。访问包括存储和/或检索。处理器不包括专用于USB兼容存储设备的基础设施。加密密钥存储从处理器内容器重定向到USB兼容的存储设备。不需要密码或密码来访问加密密钥，但提供了增强的安全性。利用用于加密密钥容器的USB兼容存储设备提供用于携带加密密钥的便利的便携式机制，并且通过物理拥有该设备来提供额外的安全性。

74. 发明授权

US07380278B2 Protecting software environment in isolated execution 有权
标题翻译：在孤立执行中保护软件环境
公开(公告)号：US07380278B2
公开(公告)日：2008-05-27
申请号：US11386269
申请日：2006-03-21
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
IPC分类号： G06F7/04 , G06F9/00 , G06F12/00 , H04L9/00 , H04L9/32
CPC分类号： G06F21/53 , G06F9/468 , G06F21/562 , G06F21/57 , G06F21/74 , G06F2221/2105
摘要： A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.
摘要翻译：处理系统具有处理器，该处理器可以在正常环0操作模式和高于正常环0操作模式的一个或多个较高环操作模式下操作。此外，处理器可以在隔离的执行模式下操作。处理系统中的存储器可以包括可以从正常环0操作模式访问的普通存储器区域以及可以从隔离执行模式而不是从正常环0操作模式访问的隔离存储器区域。处理系统还可以包括操作系统（OS）nub以及密钥生成器。密钥生成器可以至少部分地基于OS nub的标识和平台的主绑定密钥（BK 0）来生成OS nub密钥（OSNK）。描述和要求保护其他实施例。

75. 发明授权

US07328340B2 Methods and apparatus to provide secure firmware storage and service access 有权
标题翻译：提供安全固件存储和服务访问的方法和设备
公开(公告)号：US07328340B2
公开(公告)日：2008-02-05
申请号：US10608326
申请日：2003-06-27
申请人： Vincent J. Zimmer , Carl M. Ellison , Michael A. Rothman , Andrew J. Fish , Mark S. Doran
发明人： Vincent J. Zimmer , Carl M. Ellison , Michael A. Rothman , Andrew J. Fish , Mark S. Doran
IPC分类号： H04L9/00
CPC分类号： G06F21/51 , G06F21/575 , G06F2221/2141
摘要： Methods and apparatus to provide secure firmware storage and service access are disclosed. One example method may include receiving a request to execute an instruction in a pre-boot environment, determining an identity of the instruction, determining if an access control list includes an entry corresponding to the instruction, and selectively allowing the execution of the instruction if the access control list includes an entry corresponding to the instruction.
摘要翻译：公开了提供安全固件存储和服务访问的方法和装置。一个示例性方法可以包括接收在预引导环境中执行指令的请求，确定指令的身份，确定访问控制列表是否包括与该指令相对应的条目，以及如果访问控制列表包括与该指令相对应的条目。

76. 发明授权

US07089418B1 Managing accesses in a processor for isolated execution 有权
标题翻译：管理处理器中的访问以进行隔离执行
公开(公告)号：US07089418B1
公开(公告)日：2006-08-08
申请号：US09540611
申请日：2000-03-31
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
IPC分类号： G06F13/16
CPC分类号： G06F12/0831 , G06F12/1491
摘要： In one embodiment, a method comprises configuring an access transaction generated by a processor by a configuration storage containing configuration parameters. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. In a further embodiment, a method comprises checking the access transaction by an access checking circuit using at least one of the configuration parameters and the access information.
摘要翻译：在一个实施例中，一种方法包括通过包含配置参数的配置存储器配置由处理器生成的访问事务。处理器具有正常执行模式和隔离执行模式。访问事务具有访问信息。在另一实施例中，一种方法包括使用至少一个配置参数和访问信息来检查访问检查电路的访问事务。

77. 发明授权

US06990579B1 Platform and method for remote attestation of a platform 失效
标题翻译：平台和平台的远程认证方法
公开(公告)号：US06990579B1
公开(公告)日：2006-01-24
申请号：US09541108
申请日：2000-03-31
申请人： Howard C. Herbert , David W. Grawrock , Carl M. Ellison , Roger A. Golliver , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
发明人： Howard C. Herbert , David W. Grawrock , Carl M. Ellison , Roger A. Golliver , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
IPC分类号： H04L9/00
CPC分类号： G06F21/305 , G06F9/30189 , G06F12/1491 , G06F21/35 , G06F21/53 , G06F21/57 , G06F21/575 , G06F21/64 , G06F21/74 , G06F2221/2101 , G06F2221/2103 , G06F2221/2105 , G06F2221/2149
摘要： In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.
摘要翻译：在一个实施例中，用于特殊操作模式的远程认证的方法。该方法包括将审核日志存储在平台的受保护的存储器内。审计日志是表示加载到平台中的多个IsoX软件模块中的每一个的数据的列表。响应于从远程位置的平台接收远程认证请求，从受保护的内存中检索审核日志。然后，检索的审核日志进行数字签名，以产生数字签名，以转移到位于远程的平台。

78. 发明授权

US06769058B1 Resetting a processor in an isolated execution environment 有权
标题翻译：在独立的执行环境中重置处理器
公开(公告)号：US06769058B1
公开(公告)日：2004-07-27
申请号：US09751586
申请日：2000-12-29
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , James A. Sutton , Shreekant S. Thakkar , Millind Mittal , Ken Reneris
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , James A. Sutton , Shreekant S. Thakkar , Millind Mittal , Ken Reneris
IPC分类号： G06F900
CPC分类号： G06F9/30076 , G06F1/24 , G06F9/45558 , G06F21/53 , G06F2009/45583 , G06F2009/45587
摘要： A method, apparatus, and system for invoking a reset process in response to a logical processor being individually reset is disclosed. When a last logical processor operating within a platform in an isolated execution mode and associated with an isolated area of memory is reset, it is reset without clearing a cleanup flag. Subsequently, an initializing physical processor invokes an initialization process that determines that the cleanup flag is set. The initialization process invokes the execution of a processor nub loader, and if the cleanup flag is set, the processor nub loader scrubs the isolated area of memory and invokes a controlled close for the initializing physical processor which clears the cleanup flag. The initializing physical processor then re-performs the initialization process. Upon the second iteration of the initialization process, with the cleanup flag not set, a new clean isolated area of memory is created for the initializing physical processor.
摘要翻译：公开了一种用于响应于逻辑处理器被单独复位来调用复位过程的方法，装置和系统。当处于隔离执行模式并与存储器隔离区域相关联的最后一个逻辑处理器在平台内运行时，它将被复位而不清除清除标志。随后，初始化物理处理器调用确定清除标志被设置的初始化过程。初始化过程调用处理器nub加载程序的执行，并且如果设置了清除标志，则处理器nub加载器将擦除存储器的隔离区域，并调用初始化物理处理器的受控关闭，该物理处理器将清除清除标志。然后，初始化物理处理器重新执行初始化过程。在初始化过程的第二次迭代时，在清除标志未设置的情况下，将为初始化物理处理器创建一个新的干净的隔离区。

79. 发明授权

US5991406A System and method for data recovery 失效
标题翻译：用于数据恢复的系统和方法
公开(公告)号：US5991406A
公开(公告)日：1999-11-23
申请号：US62748
申请日：1998-04-20
申请人： Steven B. Lipner , David M. Balenson , Carl M. Ellison , Stephen T. Walker
发明人： Steven B. Lipner , David M. Balenson , Carl M. Ellison , Stephen T. Walker
IPC分类号： G09C1/00 , H04L9/08 , H04L9/32 , H04L9/00
CPC分类号： H04L9/3271 , H04L9/0894
摘要： A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.
摘要翻译：描述了用于数据托管密码术的系统和方法。加密用户使用秘密存储密钥（KS）加密消息，并将包括访问规则索引（ARI）和KS的数据恢复字段（DRF）附加到加密消息。 DRF和加密消息存储在存储设备中。为了恢复KS，解密用户提取并发送DRF到基于由加密用户最初定义的访问规则（AR）发出挑战的数据恢复中心（DRC）。如果解密用户满足挑战，则DRC将消息中的KS发送给解密用户。通常，KS不需要加密密钥，但可以代表可以适合DRF内部的任何机密信息。在所有情况下，DRC限制对可以满足加密用户定义的AR或为覆盖访问定义的AR定义的挑战的解密用户的访问。

80. 发明授权

US5956403A System and method for access field verification 失效
标题翻译：用于访问字段验证的系统和方法
公开(公告)号：US5956403A
公开(公告)日：1999-09-21
申请号：US874459
申请日：1997-06-16
申请人： Steven B. Lipner , David M. Balenson , Carl M. Ellison , Stephen T. Walker
发明人： Steven B. Lipner , David M. Balenson , Carl M. Ellison , Stephen T. Walker
IPC分类号： H04L9/08 , H04L9/32 , H04L9/00
CPC分类号： H04L9/0894
摘要： A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS). The receiver generates a second LEAF by encrypting a combination of the second EKS and the extracted UIP with a copy of the KFpub stored in the receiver. The receiver then compares the first LEAF to the second LEAF. If the first LEAF is equal to the second LEAF, then the receiver decrypts the encrypted message using the KS.
摘要翻译：一种用于在包括发送器和接收器的系统中使用的密钥代管密码术的系统和方法。只有公共托管密钥存储在发件人和接收者中。发送方使用秘密会话密钥（KS）对消息进行加密，并通过组合唯一程序标识符（UIP），程序唯一密钥（KUpub）的公共部分和签名来生成叶验证字符串（LVS）。发送者使用KUpub加密KS以生成第一加密会话密钥（EKS），并且通过用第一执行访问字段（LEAF）的公共部分的副本加密第一EKS和UIP的组合来生成第一执法访问字段（LEAF）家庭密钥（KFpub）存储在发件人中。加密消息，LVS和第一LEAF从发送方发送到接收方。接收器在其中存储KEPF密钥（KEPFpub）的公共部分。接收方从LVS提取UIP，KUpub和签名，然后使用提取的KUpub对KS进行加密，生成第二个加密会话密钥（EKS）。接收器通过用存储在接收器中的KFpub的副本加密第二EKS和提取的UIP的组合来生成第二LEAF。然后，接收器将第一LEAF与第二LEAF进行比较。如果第一个LEAF等于第二个LEAF，则接收者使用KS解密加密的消息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式