专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07007300B1 Secure booting of a personal computer system 失效
标题翻译：安全启动个人计算机系统
公开(公告)号：US07007300B1
公开(公告)日：2006-02-28
申请号：US09870890
申请日：2001-05-30
申请人： Frederick D. Weber , Dale E. Gulick , Geoffrey S. Strongin
发明人： Frederick D. Weber , Dale E. Gulick , Geoffrey S. Strongin
IPC分类号： H04K1/00 , H04L9/32 , H04N7/16
摘要： Methods for securing booting a personal computer system. One method includes establishing a secret between two or more devices and securing the secret in each of the two or more devices. Another method includes processing BIOS code instructions and accessing security hardware. The method also includes accessing a first device, locking the security hardware, and calling boot code. Another method includes reading a secret from a first location, storing the secret in a secure location different from the first location, and locking the first location. Another method includes requesting authentication for a device, receiving authentication for the device, and setting a timer associated with the device. Another method includes requesting authentication for a device, failing authentication for the device, and preventing access to the device upon failing authentication for the device.
摘要翻译：用于确保启动个人计算机系统的方法。一种方法包括在两个或更多个设备之间建立秘密，并且在两个或更多个设备中的每一个中确保秘密。另一种方法包括处理BIOS代码指令和访问安全硬件。该方法还包括访问第一设备，锁定安全硬件和调用引导代码。另一种方法包括从第一位置读取秘密，将秘密存储在与第一位置不同的安全位置，并锁定第一位置。另一种方法包括请求对设备的认证，接收设备的认证，以及设置与设备相关联的定时器。另一种方法包括请求设备认证，设备认证失败，以及在设备认证失败时阻止对设备的访问。

2. 发明授权

US07149854B2 External locking mechanism for personal computer memory locations 失效
公开(公告)号：US07149854B2
公开(公告)日：2006-12-12
申请号：US09870889
申请日：2001-05-30
申请人： Frederick D. Weber , Dale E. Gulick , Geoffrey S. Strongin
发明人： Frederick D. Weber , Dale E. Gulick , Geoffrey S. Strongin
IPC分类号： G06F12/00
CPC分类号： G06F21/74 , G06F21/53 , G06F21/575 , G06F21/72 , G06F21/79 , G06F21/85 , G06F2221/2107 , G06F2221/2141 , G06F2221/2147
摘要： A method and system for providing an external locking mechanism for memory locations. The memory includes a first plurality of storage locations configured with BIOS data and a second plurality of storage locations. The second plurality of storage locations includes a first plurality of blocks readable only in SMM and a second plurality of blocks readable in SMM and at least one operating mode other than SMM. The computer system includes a bus, a memory coupled to the bus, and a device coupled to access the memory over the bus. The memory includes a plurality of storage locations, divided into a plurality of memory units. The device includes one or more locks configured to control access to one or more of the plurality of memory units.

3. 发明授权

US07065654B1 Secure execution box 有权
标题翻译：安全执行箱
公开(公告)号：US07065654B1
公开(公告)日：2006-06-20
申请号：US09852372
申请日：2001-05-10
申请人： Dale E. Gulick , Geoffrey S. Strongin
发明人： Dale E. Gulick , Geoffrey S. Strongin
IPC分类号： H04L9/00
CPC分类号： G06F21/85 , G06F21/72
摘要： A system and method for secure computing. The system includes a processor, one or more secured assets coupled to the processor, and security hardware. The processor is configured to operate in various operating modes, including a secure operating mode. The security hardware is configured to control access to the secured assets dependant upon the operating mode of the processor. The security hardware is configured to allow access to the secure assets in the secure operating mode, preferably only in the secure operating mode. The method includes switching the computer system between operating modes, while allowing or restricting access to the secured assets based on the operating modes. The second operating mode comprises a secure operating mode. The method restricts access to the secured assets in the first operating mode and permits access to the secured assets in the secure operating mode.
摘要翻译：一种用于安全计算的系统和方法。该系统包括处理器，耦合到处理器的一个或多个安全资产以及安全硬件。处理器被配置为在各种操作模式下操作，包括安全操作模式。安全硬件被配置为根据处理器的操作模式控制对安全资产的访问。安全硬件被配置为允许以安全操作模式访问安全资产，优选仅在安全操作模式下。该方法包括在操作模式之间切换计算机系统，同时基于操作模式允许或限制对安全资产的访问。第二操作模式包括安全操作模式。该方法限制了在第一操作模式下对安全资产的访问，并允许以安全操作模式访问安全资产。

4. 发明授权

US07603551B2 Initialization of a computer system including a secure execution mode-capable processor 有权
标题翻译：包括安全执行模式处理器的计算机系统的初始化
公开(公告)号：US07603551B2
公开(公告)日：2009-10-13
申请号：US10419121
申请日：2003-04-18
申请人： Kevin J. McGrath , Geoffrey S. Strongin , David S. Christie , William A. Hughes , Dale E. Gulick
发明人： Kevin J. McGrath , Geoffrey S. Strongin , David S. Christie , William A. Hughes , Dale E. Gulick
IPC分类号： G06F9/44 , H04L29/06
CPC分类号： G06F9/4403
摘要： The initialization of a computer system including a secure execution mode-capable processor includes storing a secure operating system code segment loader to a plurality of locations corresponding to a particular range of addresses within a system memory. The method also includes executing a security initialization instruction. Executing the security initialization instruction may cause several operations to be performed including transmitting a start transaction including a base address of the particular range of addresses. In addition, executing the security instruction may also cause another operation to be performed including retrieving the secure operating system code segment loader from the system memory and transmitting the secure operating system code segment loader for validation as a plurality of data transactions.
摘要翻译：包括具有安全执行模式能力的处理器的计算机系统的初始化包括将安全操作系统代码段加载器存储到对应于系统存储器内的特定地址范围的多个位置。该方法还包括执行安全初始化指令。执行安全初始化指令可能导致执行若干操作，包括发送包括特定地址范围的基地址的开始事务。此外，执行安全指令还可以引起执行另一操作，包括从系统存储器检索安全操作系统代码段加载器，并将安全操作系统代码段加载器发送为多个数据事务。

5. 发明授权

US07216362B1 Enhanced security and manageability using secure storage in a personal computer system 有权
标题翻译：在个人计算机系统中使用安全存储来增强安全性和可管理性
公开(公告)号：US07216362B1
公开(公告)日：2007-05-08
申请号：US09853395
申请日：2001-05-11
申请人： Geoffrey S. Strongin , Dale E. Gulick
发明人： Geoffrey S. Strongin , Dale E. Gulick
IPC分类号： G06F12/14 , G06F12/00 , G06F7/04 , G06F13/00
CPC分类号： G06F12/1441 , G06F7/582 , G06F12/1458 , G06F21/53 , G06F21/72
摘要： A method and system for enhanced security and manageability using secure storage. The system may include a crypto-processor and a memory coupled to receive memory transactions through the crypto-processor. The memory transactions are passed to the memory by the crypto-processor. The system may include a first processor, a second processor coupled to the first processor, and a storage device operably coupled to the first processor through the second processor. The second processor is configured to control access to the storage device. The method includes transmitting a request for a memory transaction for a storage location in the storage device and receiving the request for the memory transaction at the crypto-processor. The method also includes determining if the memory transaction is authorized for the storage location, and passing the request for the memory transaction to the storage device if the memory transaction is authorized for the storage location.
摘要翻译：一种使用安全存储来增强安全性和可管理性的方法和系统。该系统可以包括加密处理器和耦合以通过密码处理器接收存储器事务的存储器。存储器事务由加密处理器传递到存储器。该系统可以包括第一处理器，耦合到第一处理器的第二处理器，以及通过第二处理器可操作地耦合到第一处理器的存储设备。第二处理器被配置为控制对存储设备的访问。该方法包括向存储设备发送对存储位置的存储器事务的请求，并在密码处理器处接收对存储器事务的请求。该方法还包括确定存储器事务是否被授权用于存储位置，并且如果存储器事务被授权用于存储位置，则将存储器事务的请求传递到存储设备。

6. 发明授权

US07210009B2 Computer system employing a trusted execution environment including a memory controller configured to clear memory 有权
标题翻译：计算机系统采用可信执行环境，包括配置为清除存储器的存储器控制器
公开(公告)号：US07210009B2
公开(公告)日：2007-04-24
申请号：US10654734
申请日：2003-09-04
申请人： Dale E. Gulick , Geoffrey S. Strongin , William A. Hughes
发明人： Dale E. Gulick , Geoffrey S. Strongin , William A. Hughes
IPC分类号： G06F12/12 , G06F12/16
CPC分类号： G06F21/74 , G06F21/79 , G06F2221/2105 , G06F2221/2143
摘要： A computer system includes a processor which may initialize a secure execution mode by executing a security initialization instruction. Further, the processor may operate in the secure execution mode by executing a secure operating system code segment. The computer system also includes a system memory configured to store data in a plurality of locations. The computer system also includes a memory controller which may selectively clear the data from a programmed range of the memory locations of the system memory when enabled in response to a reset of the processor.
摘要翻译：计算机系统包括可以通过执行安全初始化指令来初始化安全执行模式的处理器。此外，处理器可以通过执行安全操作系统代码段在安全执行模式下操作。计算机系统还包括被配置为在多个位置存储数据的系统存储器。计算机系统还包括存储器控制器，当响应于处理器的复位使能时，存储器控制器可以选择性地从系统存储器的存储器位置的编程范围中清除数据。

7. 发明授权

US07603550B2 Computer system including a secure execution mode-capable CPU and a security services processor connected via a secure communication path 有权
标题翻译：计算机系统包括安全执行模式的CPU和通过安全通信路径连接的安全服务处理器
公开(公告)号：US07603550B2
公开(公告)日：2009-10-13
申请号：US10419082
申请日：2003-04-18
申请人： Kevin J. McGrath , Geoffrey S. Strongin , Dale E. Gulick , William A. Hughes , David S. Christie
发明人： Kevin J. McGrath , Geoffrey S. Strongin , Dale E. Gulick , William A. Hughes , David S. Christie
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： G06F9/4403 , G06F21/10 , G06F21/74
摘要： A computer system includes a processor which may initialize a secure execution mode by executing a security initialization instruction. Further, the processor may operate in the secure execution mode by executing a secure operating system code segment. The computer system also includes an input/output (I/O) interface coupled to the processor via an I/O link. The I/O interface may receive transactions performed as a result of the execution of the security initialization instruction. The transactions include at least a portion of the secure operating system code segment. The I/O interface may also determine whether the processor is a source of the transactions. The computer system further includes a security services processor coupled to the I/O interface via a peripheral bus. The I/O interface may convey the transactions to the security services processor dependent upon determining that the processor is the source of the transactions.
摘要翻译：计算机系统包括可以通过执行安全初始化指令来初始化安全执行模式的处理器。此外，处理器可以通过执行安全操作系统代码段在安全执行模式下操作。计算机系统还包括通过I / O链路耦合到处理器的输入/输出（I / O）接口。 I / O接口可以接收由于执行安全初始化指令而执行的事务。交易包括安全操作系统代码段的至少一部分。 I / O接口还可以确定处理器是否是事务的来源。计算机系统还包括通过外围总线耦合到I / O接口的安全服务处理器。取决于确定处理器是交易的来源，I / O接口可以将交易传达给安全服务处理器。

8. 发明授权

US07334123B2 Computer system including a bus bridge for connection to a security services processor 失效
标题翻译：计算机系统包括用于连接到安全服务处理器的总线桥
公开(公告)号：US07334123B2
公开(公告)日：2008-02-19
申请号：US10429132
申请日：2003-05-02
申请人： Dale E. Gulick , Geoffrey S. Strongin , Larry D. Hewitt
发明人： Dale E. Gulick , Geoffrey S. Strongin , Larry D. Hewitt
IPC分类号： H04L9/00 , G06F9/44 , G06F15/00
CPC分类号： G06F21/74 , G06F21/85 , G06F2221/2105
摘要： A computer system including a bus bridge for bridging transactions between a secure execution mode-capable processor and a security services processor. The bus bridge may include a transaction source detector, a configuration header and control logic. The transaction source detector may receive a security initialization transaction performed as a result of execution of a security initialization instruction. Further, the transaction source detector may determine whether the secure execution mode-capable processor is a source of the security initialization transaction. The configuration header may provide storage of information associated with the security services processor. The control logic may determine whether the security services processor is coupled to the bus bridge via a non-enumerable, peripheral bus. The control logic may also cause the configuration header to be accessible during a boot-up sequence in response to determining that the security services processor is coupled to the non-enumerable, peripheral bus.
摘要翻译：一种计算机系统，包括用于桥接安全执行模式处理器和安全服务处理器之间的事务的总线桥。总线桥可以包括事务源检测器，配置头和控制逻辑。事务源检测器可以接收由于执行安全初始化指令而执行的安全初始化事务。此外，事务源检测器可以确定安全执行模式处理器是否是安全初始化事务的源。配置头可以提供与安全服务处理器相关联的信息的存储。控制逻辑可以确定安全服务处理器是否经由不可枚举的外围总线耦合到总线桥。响应于确定安全服务处理器耦合到不可枚举的外围总线，控制逻辑还可以使得配置头在引导序列期间可访问。

9. 发明授权

US06862641B1 Interruptable and re-enterable system management mode programming code 有权
标题翻译：可中断和可重新进入的系统管理模式编程代码
公开(公告)号：US06862641B1
公开(公告)日：2005-03-01
申请号：US09853234
申请日：2001-05-11
申请人： Geoffrey S. Strongin , Dale E. Gulick
发明人： Geoffrey S. Strongin , Dale E. Gulick
IPC分类号： G06F11/30 , G06F13/24 , H04K1/00
CPC分类号： G06F21/85 , G06F21/72
摘要： Interruptable and re-enterable system management mode (SMM) programming code. The code includes one or more instructions, an entry or exit location, and one or more instructions. The code is executable while the personal computer system is in SMM.
摘要翻译：可中断和可重新进入的系统管理模式（SMM）编程代码。代码包括一个或多个指令，入口或出口位置以及一个或多个指令。当个人计算机系统在SMM中时，该代码是可执行的。

10. 发明授权

US06832317B1 Personal computer security mechanism 有权
标题翻译：个人电脑安全机制
公开(公告)号：US06832317B1
公开(公告)日：2004-12-14
申请号：US09853437
申请日：2001-05-11
申请人： Geoffrey S. Strongin , Dale E. Gulick
发明人： Geoffrey S. Strongin , Dale E. Gulick
IPC分类号： H04K100
CPC分类号： G06F21/85 , G06F21/72
摘要： A device, method, and system for authenticating devices in a computer system. The device includes a storage location for storing a GUID. The device is configured to provide the GUID to a master in the computer system during a trusted setup. The device is further configured to provide at least an indication of the GUID during a data transaction. The computer system includes a master device and a device comprising a storage location for storing a GUID. The device is configured to provide the GUID to the master device during a trusted setup. The device is further configured to provide at least an indication of the GUID during a data transaction. The method includes providing a GUID and receiving a request for a data transaction. The method also includes transmitting data in the data transaction and at least an indication of the GUID in the data transaction and authenticating the data using at least the indication of the GUID in the data transaction.
摘要翻译：用于在计算机系统中验证设备的设备，方法和系统。该设备包括用于存储GUID的存储位置。该设备被配置为在可信设置期间向计算机系统中的主设备提供GUID。该设备还被配置为在数据交易期间提供GUID的至少一个指示。计算机系统包括主设备和包括用于存储GUID的存储位置的设备。设备配置为在可信设置期间向主设备提供GUID。该设备还被配置为在数据交易期间提供GUID的至少一个指示。该方法包括提供GUID并接收对数据事务的请求。该方法还包括在数据事务中传送数据和至少在数据事务中的GUID的指示，并且至少使用数据事务中的GUID的指示来认证数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式