专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070016801A1 Method, apparatus, and product for establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权
标题翻译：用于在可信计算平台中为动态生成的认可密钥建立虚拟背书凭证的方法，装置和产品
公开(公告)号：US20070016801A1
公开(公告)日：2007-01-18
申请号：US11179238
申请日：2005-07-12
申请人： Steven Bade , James Hoff , Siegfried Sutter , James Ward , Helmut Weber
发明人： Steven Bade , James Hoff , Siegfried Sutter , James Ward , Helmut Weber
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32 , G06F11/30
CPC分类号： G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要： A method, apparatus, and computer program product are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译：在用于建立虚拟背书凭证的数据处理系统中公开了一种方法，装置和计算机程序产品。数据处理系统包括硬件可信平台模块（TPM）。逻辑分区在系统中生成。为每个逻辑分区生成不同的虚拟TPM。对于逻辑分区中的每一个，为逻辑分区生成的虚拟TPM然后动态地生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。在数据处理系统内生成虚拟签注凭证，而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。

2. 发明申请

US20060059574A1 System for securely configuring a field programmable gate array or other programmable hardware 审中-公开
标题翻译：用于安全配置现场可编程门阵列或其他可编程硬件的系统
公开(公告)号：US20060059574A1
公开(公告)日：2006-03-16
申请号：US10938775
申请日：2004-09-10
申请人： Camil Fayad , John Li , Siegfried Sutter
发明人： Camil Fayad , John Li , Siegfried Sutter
IPC分类号： G06F11/00
CPC分类号： H03K19/17768 , G06F21/76
摘要： A system and method are provided for securely providing configuration information, that is, programming, to programmable hardware such as a Field Programmable Gate Array (FPGA) or a Programmable Logic Device (PLD). Security is provided by first verifying authority to enter configuration information via the decryption of an encrypted certificate of authority. The decryption is carried out using a cryptography engine disposed on the chip containing the programmable hardware. Additionally, the configuration information is itself provided in an encrypted form which requires recognition of the certificate of authority in order to decrypt it and to place it in storage locations within the programmable hardware. In this manner, the flexibility advantages of programmable hardware are fully met without the disadvantage of the programmable hardware being compromised by other users.
摘要翻译：提供了一种系统和方法，用于将诸如现场可编程门阵列（FPGA）或可编程逻辑器件（PLD）等可编程硬件的配置信息即编程安全地提供。安全性由第一验证机构通过解密加密的授权证书来输入配置信息。使用设置在包含可编程硬件的芯片上的密码引擎进行解密。此外，配置信息本身以加密形式提供，其需要识别权限证书以便将其解密并将其放置在可编程硬件内的存储位置中。以这种方式，可完全满足可编程硬件的灵活性优势，而没有可编程硬件被其他用户损害的缺点。

3. 发明申请

US20060059368A1 System and method for processing by distinct entities securely configurable circuit chips 审中-公开
标题翻译：通过不同实体处理的系统和方法安全可配置的电路芯片
公开(公告)号：US20060059368A1
公开(公告)日：2006-03-16
申请号：US10938834
申请日：2004-09-10
申请人： Camil Fayad , John Li , Siegfried Sutter
发明人： Camil Fayad , John Li , Siegfried Sutter
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32 , G06F11/30
CPC分类号： G06F21/72 , G06F21/76 , G06F21/87 , G06F2221/2115 , G06F2221/2143 , H04L9/3247 , H04L9/3263 , H04L9/3297 , H04L2209/56
摘要： A system and method are provided in which a third party chip vendor is enabled to securely program an electronic circuit chip supplied from a chip manufacturer. The chip vendor supplies a vendor's public cryptography key to the chip manufacturer who hard codes it on the chip along with a chip private key and a chip public key. One or more cryptographic engines on the chip, which preferably has a tamper resistant/detecting boundary, are used to decrypt program instructions supplied to the chip after having been encrypted with the vendor's private key and the chip public key. The chip includes a processor and an associated memory which receives a version of the instructions decrypted with the chip private key and the vendor's public key. The chip also preferably includes programmable hardware which is also securely programmable by the downstream chip vendor. The chip, as processed by the chip vendor is shipped with a battery in place to provide power for maintaining data held in volatile memory portions of the chip.
摘要翻译：提供了一种系统和方法，其中第三方芯片供应商能够安全地编程从芯片制造商提供的电子电路芯片。芯片供应商向芯片制造商提供供应商的公共密码密钥，芯片制造商将其与芯片私钥和芯片公钥一起在芯片上进行硬编码。优选地具有防篡改/检测边界的芯片上的一个或多个密码引擎被用于在用供应商的私钥和芯片公开密钥加密之后解密提供给芯片的程序指令。芯片包括处理器和相关联的存储器，其接收用芯片私钥和供应商的公钥解密的指令的版本。该芯片还优选地包括也可由下游芯片供应商可编程的可编程硬件。由芯片供应商处理的芯片随机提供电池，以提供用于维持保持在芯片的易失性存储器部分中的数据的电力。

4. 发明申请

US20060059345A1 System and method for providing dynamically authorized access to functionality present on an integrated circuit chip 有权
标题翻译：用于提供对集成电路芯片上存在的功能的动态授权访问的系统和方法
公开(公告)号：US20060059345A1
公开(公告)日：2006-03-16
申请号：US10938808
申请日：2004-09-10
申请人： Camil Fayad , John Li , Siegfried Sutter
发明人： Camil Fayad , John Li , Siegfried Sutter
IPC分类号： H04L9/00
CPC分类号： G06F21/72 , G06F2221/2115 , H04L9/3263 , H04L2209/56
摘要： A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.
摘要翻译：提供了一种机制，其中通过加密的授权证书来控制存在于集成电路芯片上的功能，其包括指示允许的操作周期或允许的操作持续时间的时间信息。该芯片包括至少一个加密引擎和至少一个处理器。该芯片还包含硬编码密码密钥，包括芯片私钥，芯片公钥和第三方的公钥。该芯片还配有电池备份的易失性存储器，其中包含用于验证操作权限的信息。授权证书也不仅用于控制操作的时间方面，而且还可用于控制对可能存在于芯片上的某些功能的访问，诸如访问与结合在一起提供的一些或全部密码特征加密引擎的存在，如密钥大小。

5. 发明授权

US08549592B2 Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权
标题翻译：在可信计算平台中为动态生成的认可密钥建立虚拟认可凭据
公开(公告)号：US08549592B2
公开(公告)日：2013-10-01
申请号：US11179238
申请日：2005-07-12
申请人： Steven A. Bade , James Patrick Hoff , Siegfried Sutter , James Peter Ward , Helmut H. Weber
发明人： Steven A. Bade , James Patrick Hoff , Siegfried Sutter , James Peter Ward , Helmut H. Weber
IPC分类号： H04L29/06
CPC分类号： G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要： A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译：在用于建立虚拟背书凭证的数据处理系统中公开了一种方法和装置。数据处理系统包括硬件可信平台模块（TPM）。逻辑分区在系统中生成。为每个逻辑分区生成不同的虚拟TPM。对于逻辑分区中的每一个，为逻辑分区生成的虚拟TPM然后动态地生成仅存储在相应虚拟TPM内的虚拟签名密钥。使用虚拟认可密钥，每个虚拟TPM还生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。在数据处理系统内生成虚拟签注凭证，而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。

6. 发明授权

US07783864B2 Vertical and horizontal pipelining in a system for performing modular multiplication 失效
标题翻译：用于执行模数乘法的系统中的垂直和水平流水线
公开(公告)号：US07783864B2
公开(公告)日：2010-08-24
申请号：US11673752
申请日：2007-02-12
申请人： Camil Fayad , John K. Li , Siegfried Sutter , Tamas Visegrady
发明人： Camil Fayad , John K. Li , Siegfried Sutter , Tamas Visegrady
IPC分类号： G06F9/44 , G06F7/38
CPC分类号： G06F9/3001 , G06F7/722
摘要： The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.
摘要翻译：将硬件结构中的大阵列用于乘法和加法分割成更小的结构导致乘法器设计，其包括以链式方式链接在一起的一系列几乎相同的处理元件。作为每个处理元件的两个子阶段同时操作并且处理元件链接在一起的结果，整体结构以流水线方式操作以提高生产量和速度。链接的处理元件被构造成提供具有用于处理模量因子的单独部件的可赦免链。

7. 发明授权

US07478246B2 Method for providing a scalable trusted platform module in a hypervisor environment 失效
标题翻译：在管理程序环境中提供可扩展的可信平台模块的方法
公开(公告)号：US07478246B2
公开(公告)日：2009-01-13
申请号：US10902670
申请日：2004-07-29
申请人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F11/30 , H04K1/10
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： A method is described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：描述了一种在数据处理系统内实现可信计算环境的方法，其中数据处理系统包括单个硬件可信平台模块（TPM）。在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

8. 发明申请

US20080195848A1 Vertical and Horizontal Pipelining in a System for Performing Modular Multiplication 失效
标题翻译：用于执行模块化乘法的系统中的垂直和水平流水线
公开(公告)号：US20080195848A1
公开(公告)日：2008-08-14
申请号：US11673752
申请日：2007-02-12
申请人： Camil Fayad , John K. Li , Siegfried Sutter , Tamas Visegrady
发明人： Camil Fayad , John K. Li , Siegfried Sutter , Tamas Visegrady
IPC分类号： G06F9/302
CPC分类号： G06F9/3001 , G06F7/722
摘要： The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.
摘要翻译：将硬件结构中的大阵列用于乘法和加法分割成更小的结构导致乘法器设计，其包括以链式方式链接在一起的一系列几乎相同的处理元件。作为每个处理元件的两个子阶段同时操作并且处理元件链接在一起的结果，整体结构以流水线方式操作以提高生产量和速度。链接的处理元件被构造成提供具有用于处理模量因子的单独部件的可赦免链。

9. 发明申请

US20070168676A1 Methods for coordinating access to memory from at least two cryptography secure processing units 失效
标题翻译：用于协调从至少两个加密安全处理单元访问存储器的方法
公开(公告)号：US20070168676A1
公开(公告)日：2007-07-19
申请号：US11331918
申请日：2006-01-13
申请人： Camil Fayad , John Li , Siegfried Sutter
发明人： Camil Fayad , John Li , Siegfried Sutter
IPC分类号： H04L9/00
CPC分类号： G06F21/76 , G06F21/72 , G06F21/79
摘要： Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.
摘要翻译：包括加密功能的电子电路芯片通过利用共享的外部存储器而被布置成多芯片配置。通过握手协议来保护芯片的安全性，该握手协议允许每个芯片访问存储器的有限部分，其以与防篡改芯片本身保持相同的高安全级别的方式定义。芯片可以被操作以在不同的任务上工作或者在相同的任务上工作，从而提供了一种用于在需要时对速度与冗余进行交换的机制。

10. 发明申请

US20060059372A1 Integrated circuit chip for encryption and decryption having a secure mechanism for programming on-chip hardware 审中-公开
标题翻译：用于加密和解密的集成电路芯片具有用于对片上硬件进行编程的安全机制
公开(公告)号：US20060059372A1
公开(公告)日：2006-03-16
申请号：US10938773
申请日：2004-09-10
申请人： Camil Fayar , John Li , Siegfried Sutter
发明人： Camil Fayar , John Li , Siegfried Sutter
IPC分类号： G06F12/14
CPC分类号： G06F21/72 , G06F21/79
摘要： An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using cryptographic keys that are present in hard coded form on the chip. In particular the flow control circuit includes a programmable hardware portion which is configurable in a secure manner to create a flexible internal chip architecture. The chip also includes a volatile memory disposed on a voltage island on which is maintained either through a battery backup or from a fixed power source (mains). The chip is thus enabled to securely perform cryptographic operations with the processors controlling the cryptographic engines through the flow control circuit.
摘要翻译：提供一种集成电路芯片，其包含一个或多个处理器和一个或多个加密引擎。具有命令处理器的流控制电路经由安全的外部接口接收请求和数据，通过该外部接口仅传递加密的信息。流控制电路使用以硬编码形式存在于芯片上的加密密钥介入该信息的解密。特别地，流控制电路包括可编程硬件部分，其可以以安全的方式配置以创建灵活的内部芯片架构。该芯片还包括布置在电压岛上的易失性存储器，其上通过电池备份或从固定电源（电源）保持。因此，芯片能够通过流量控制电路与控制密码引擎的处理器进行安全地执行加密操作。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式