专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US06988250B1 Trusted computing platform using a trusted device assembly 有权
标题翻译：使用可信设备组件的可信计算平台
公开(公告)号：US06988250B1
公开(公告)日：2006-01-17
申请号：US09913452
申请日：2000-02-15
申请人： Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人： Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号： G06F17/50
CPC分类号： G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要： In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译：在计算平台中，将可信硬件设备（24）添加到主板（20）。可信硬件设备（24）被配置为获取计算平台的完整性度量，例如BIOS存储器（29）的散列。受信任的硬件设备（24）是防篡改的，难以伪造并且不能访问平台的其他功能。该哈希可以用于说服用户，平台（硬件或软件）的操作没有以某种方式颠覆，并且可以安全地与本地或远程应用程序进行交互。更详细地说，计算平台的主处理单元（21）在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备（24）进行寻址。可信硬件设备（24）被配置为从主处理单元（21）接收存储器读取信号，并响应于主处理单元（21）的母语的返回指令，其指示主处理单元建立散列并返回由可信硬件设备（24）存储的值。由于散列是在任何其他系统操作之前计算出来的，所以这是验证系统完整性的相对较强的方法。一旦散列已经返回，最后的指令调用BIOS程序，并且系统引导过程正常进行。每当用户希望与计算平台进行交互时，他首先请求完整性度量，其与被可信方测量的真实完整性度量进行比较。如果指标相同，则会验证平台并继续进行交互。否则，交互停止，基于平台的操作可能已被颠覆。

2. 发明授权

US07444601B2 Trusted computing platform 有权
标题翻译：可信计算平台
公开(公告)号：US07444601B2
公开(公告)日：2008-10-28
申请号：US11249820
申请日：2005-10-12
申请人： Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人： Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号： G06F17/50
CPC分类号： G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要： In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译：在计算平台中，将可信硬件设备（24）添加到主板（20）。可信硬件设备（24）被配置为获取计算平台的完整性度量，例如BIOS存储器（29）的散列。受信任的硬件设备（24）是防篡改的，难以伪造并且不能访问平台的其他功能。该哈希可以用于说服用户，平台（硬件或软件）的操作没有以某种方式颠覆，并且可以安全地与本地或远程应用程序进行交互。更详细地说，计算平台的主处理单元（21）在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备（24）进行寻址。可信硬件设备（24）被配置为从主处理单元（21）接收存储器读取信号，并响应于主处理单元（21）的母语的返回指令，其指示主处理单元建立散列并返回由可信硬件设备（24）存储的值。由于散列是在任何其他系统操作之前计算出来的，所以这是验证系统完整性的相对较强的方法。一旦散列已经返回，最后的指令调用BIOS程序，并且系统引导过程正常进行。每当用户希望与计算平台进行交互时，他首先请求完整性度量，其与被可信方测量的真实完整性度量进行比较。如果指标相同，则会验证平台并继续进行交互。否则，交互停止，基于平台的操作可能已被颠覆。

3. 发明授权

US07194623B1 Data event logging in computing platform 有权
标题翻译：数据事件记录在计算平台上
公开(公告)号：US07194623B1
公开(公告)日：2007-03-20
申请号：US09979902
申请日：2000-05-25
申请人： Graeme John Proudler , Boris Balacheff , Siani Lynne Pearson , David Chan
发明人： Graeme John Proudler , Boris Balacheff , Siani Lynne Pearson , David Chan
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/552 , G06F2211/009 , G06F2221/2101 , G06F2221/2103 , H04L63/0853 , H04L63/1425
摘要： There is disclosed a computer entity having a trusted component which compiles an event log for events occurring on a computer platform. The event log contains event data of types which are pre-specified by a user by inputting details through a dialogue display generated by the trusted component. Items which can be monitored include data files, applications drivers and the like. The trusted component operates through a monitoring agent which may be launched onto the computer platform. The monitoring agent may be periodically interrogated to make sure that it is operating correctly and responding to interrogations by the trusted component.
摘要翻译：公开了一种具有可信组件的计算机实体，该信任组件针对在计算机平台上发生的事件编译事件日志。事件日志包含由用户通过由可信组件生成的对话显示输入细节而预先指定的类型的事件数据。可以监视的项目包括数据文件，应用驱动程序等。受信任的组件通过可以发送到计算机平台上的监视代理来操作。可以定期询问监视代理以确保其正常工作并响应可信部件的询问。

4. 发明授权

US07096204B1 Electronic commerce system 有权
标题翻译：电子商务系统
公开(公告)号：US07096204B1
公开(公告)日：2006-08-22
申请号：US10110280
申请日：2000-10-06
申请人： Liqun Chen , Boris Balacheff , Roelf du Toit , Siani Lynne Pearson , David Chan
发明人： Liqun Chen , Boris Balacheff , Roelf du Toit , Siani Lynne Pearson , David Chan
IPC分类号： G06Q99/00
CPC分类号： G06Q30/06 , G06Q20/02 , G06Q20/04 , G06Q20/105 , G06Q20/12 , G06Q20/20 , G06Q20/367 , G06Q20/3674 , G06Q20/383 , G06Q20/385
摘要： A method of brokering a transaction between a consumer and a vendor by a broker, wherein the consumer, the broker and the vendor are all attached to a public network, the consumer having a secure token containing a true consumer identity. The method comprising the steps of: the consumer obtaining a temporary identity from the broker by using the true consumer identity from the secure token; the consumer selecting a purchase to be made from the vendor; the consumer requesting the purchase from the vendor and providing the temporary identity to the vendor; the vendor requesting transaction authorisation from the broker by forwarding the request and the temporary identity to the broker; the broker matching the temporary identity to a current list of temporary identities, and obtaining the true consumer identity; the broker providing authorisation for the transaction based on transaction details and true consumer identity.
摘要翻译：由经纪人代理消费者和供应商之间的交易的方法，其中消费者，经纪商和供应商都连接到公共网络，消费者具有包含真实消费者身份的安全令牌。该方法包括以下步骤：消费者通过使用来自安全令牌的真实消费者身份从代理获取临时身份; 消费者选择从供应商进行的购买; 消费者请求从供应商购买并向供应商提供临时身份; 供应商通过将请求和临时身份转发给经纪人从代理商请求交易授权; 经纪人将临时身份与当前的临时身份列表进行匹配，并获得真实的消费者身份; 经纪人根据交易细节和真实的消费者身份为交易提供授权。

5. 发明授权

US07904730B2 System for providing a trustworthy user interface 有权
标题翻译：提供可靠的用户界面的系统
公开(公告)号：US07904730B2
公开(公告)日：2011-03-08
申请号：US11861127
申请日：2007-09-25
申请人： Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
发明人： Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
IPC分类号： G06F12/14
CPC分类号： H04L9/3234 , G06F21/84 , G06F2211/009 , G09C5/00 , H04L9/3247 , H04L9/3273 , H04L2209/38 , H04L2209/56
摘要： The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
摘要翻译：本发明的优选实施例包括使用可信显示处理器（260）的计算机系统，该可信显示处理器（260）具有物理和功能上不同于处理器和存储器的可信处理器（300）和可信存储器（305,315,335,345）计算机系统。受信任的显示处理器（260）不受未经授权的修改或内部数据的检查。防止伪造，防篡改，防止伪造，具有密码功能（340）可远距离安全通信是物理的。可信赖的显示处理器（260）与用户的智能卡（122）交互以提取和显示可信图像，或者密封（1000），生成文档图像的位图的数字签名并控制视频存储器（315）使得计算机系统的其他进程在签名过程中不能颠覆图像。用户通过可信交换机（135）与受信任的显示处理器进行交互。

6. 发明授权

US07302585B1 System for providing a trustworthy user interface 有权
标题翻译：提供可靠的用户界面的系统
公开(公告)号：US07302585B1
公开(公告)日：2007-11-27
申请号：US09979905
申请日：2000-05-25
申请人： Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
发明人： Graeme John Proudler , Boris Balacheff , Liqun Chen , David Chan
IPC分类号： G06F12/14 , H04L9/32 , G06K19/00
CPC分类号： H04L9/3234 , G06F21/84 , G06F2211/009 , G09C5/00 , H04L9/3247 , H04L9/3273 , H04L2209/38 , H04L2209/56
摘要： The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
摘要翻译：本发明的优选实施例包括使用可信显示处理器（260）的计算机系统，该可信显示处理器（260）具有物理和功能上不同于处理器和存储器的可信处理器（300）和可信存储器（305,315,335,345）计算机系统。受信任的显示处理器（260）不受未经授权的修改或内部数据的检查。防止伪造，防篡改，防止伪造，具有密码功能（340）可远距离安全通信是物理的。可信赖的显示处理器（260）与用户的智能卡（122）交互以提取和显示可信图像，或者密封（1000），生成文档图像的位图的数字签名并控制视频存储器（315）使得计算机系统的其他进程在签名过程中不能颠覆图像。用户通过可信交换机（135）与受信任的显示处理器进行交互。

7. 发明申请

US20060031790A1 Trusted computing platform 有权
标题翻译：可信计算平台
公开(公告)号：US20060031790A1
公开(公告)日：2006-02-09
申请号：US11249820
申请日：2005-10-12
申请人： Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
发明人： Graeme Proudler , Dipankar Gupta , Liqun Chen , Siani Pearson , Boris Balacheff , Bruno Van Wilder , David Chan
IPC分类号： G06F17/50
CPC分类号： G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要： In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal. Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译：在计算平台中，将可信硬件设备（24）添加到主板（20）。可信硬件设备（24）被配置为获取计算平台的完整性度量，例如BIOS存储器（29）的散列。受信任的硬件设备（24）是防篡改的，难以伪造并且不能访问平台的其他功能。该哈希可以用于说服用户，平台（硬件或软件）的操作没有以某种方式颠覆，并且可以安全地与本地或远程应用程序进行交互。更详细地说，计算平台的主处理单元（21）在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备（24）进行寻址。可信硬件设备（24）被配置为从主处理单元（21）接收存储器读取信号，并响应于主处理单元（21）的母语的返回指令，其指示主处理单元建立散列并返回由可信硬件设备（24）存储的值。由于散列是在任何其他系统操作之前计算出来的，所以这是验证系统完整性的相对较强的方法。一旦散列已经返回，最后的指令调用BIOS程序，并且系统引导过程正常进行。每当用户希望与计算平台进行交互时，他首先请求完整性度量，其与被可信方测量的真实完整性度量进行比较。如果指标相同，则会验证平台并继续进行交互。否则，交互停止，基于平台的操作可能已被颠覆。

8. 发明授权

US06378070B1 Secure printing 有权
标题翻译：安全打印
公开(公告)号：US06378070B1
公开(公告)日：2002-04-23
申请号：US09227162
申请日：1999-01-08
申请人： David Chan , Dipankar Gupta , Bruno Edgard Van Wilder
发明人： David Chan , Dipankar Gupta , Bruno Edgard Van Wilder
IPC分类号： G06F0124
CPC分类号： G06F21/608 , G06F21/84 , G06F2211/008
摘要： In a distributed computing environment, a user is able to send a document to a secure printer (140) in such a way that only a specified intended recipient can print the document. When the user specifies that the document is to be printed securely, a special print job is created in which the document is encrypted using a session key and a bulk encryption algorithm, and the session key is encrypted using the intended recipient's public key. Then, the encrypted session key, the encrypted document and an indication of the intended recipient's identity is transmitted to a print server (130), where the print job is held. When the recipient's smart card (145) is inserted into a smart card reader of the secure printer (140), the recipient's identity, taken from the smart card (145), is transmitted to the print server (130). The print server uses the identity to search for and retrieve documents intended for the recipient. If the recipient is the intended recipient, the encrypted document and encrypted session key are transmitted to the secure printer (140). The secure printer (140) then forward the encrypted session key to the smart card (145), which decrypts the session key using an embedded private key. Then secure printer (140) receives and uses the session key to decrypt the encrypted document and, finally, prints the document for the recipient.
摘要翻译：在分布式计算环境中，用户能够以仅仅指定的预期接收者可以打印文档的方式将文档发送到安全打印机（140）。当用户指定要打印文档时，创建使用会话密钥和批量加密算法对文档进行加密的特殊打印作业，并使用预期的收件人的公钥加密会话密钥。然后，加密的会话密钥，加密的文档和预期接收者的身份的指示被发送到打印服务器（130），在打印服务器（130）处保持打印作业。当接收者的智能卡（145）插入到智能卡读卡器所述安全打印机（140）的所述接收者身份被从所述智能卡（145）取出，被传送到所述打印服务器（130）。打印服务器使用身份来搜索和检索用于收件人的文档。如果收件人是预期的收件人，则将加密的文档和加密的会话密钥发送到安全打印机（140）。安全打印机（140）然后将加密的会话密钥转发到智能卡（145），该智能卡使用嵌入式私钥对会话密钥进行解密。然后，安全打印机（140）接收和使用会话密钥来解密加密的文档，最后打印接收者的文档。

9. 发明申请

US20080022128A1 SYSTEM FOR PROVIDING A TRUSTWORTHY USER INTERFACE 有权
标题翻译：提供信任用户界面的系统
公开(公告)号：US20080022128A1
公开(公告)日：2008-01-24
申请号：US11861127
申请日：2007-09-25
申请人： Graeme Proudler , Boris Balacheff , Liqun Chen , David Chan
发明人： Graeme Proudler , Boris Balacheff , Liqun Chen , David Chan
IPC分类号： G06F12/14
CPC分类号： H04L9/3234 , G06F21/84 , G06F2211/009 , G09C5/00 , H04L9/3247 , H04L9/3273 , H04L2209/38 , H04L2209/56
摘要： The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (266) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
摘要翻译：本发明的优选实施例包括使用可信显示处理器（260）的计算机系统，该可信显示处理器（260）具有物理和功能上不同于处理器和存储器的可信处理器（300）和可信存储器（305,315,335,345）计算机系统。受信任的显示处理器（260）不受未经授权的修改或内部数据的检查。防止伪造，防篡改，防止伪造，具有密码功能（340）可远距离安全通信是物理的。可信赖的显示处理器（266）与用户的智能卡（122）交互以提取和显示可信图像，或者密封（1000），生成文档图像的位图的数字签名并控制视频存储器（315）使得计算机系统的其他进程在签名过程中不能颠覆图像。用户通过可信交换机（135）与受信任的显示处理器进行交互。

10. 发明授权

US07996669B2 Computer platforms and their methods of operation 有权
标题翻译：计算机平台及其操作方法
公开(公告)号：US07996669B2
公开(公告)日：2011-08-09
申请号：US12244180
申请日：2008-10-02
申请人： Siani Lynne Pearson , David Chan
发明人： Siani Lynne Pearson , David Chan
IPC分类号： G06F21/02 , G06F12/14 , H04L9/00
CPC分类号： G06F21/445 , G06F21/10 , G06F21/123 , G06F21/57 , G06F2211/009 , G06F2221/0797 , G06F2221/2105
摘要： A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.
摘要翻译：计算机平台（100）使用计算机平台的防篡改组件（120）或“可信模块”，其结合软件，优选地在防窜改组件内运行，其控制数据的上传和使用平台作为该平台的通用加密狗。授权检查可以在受信任的环境中发生（换句话说，可以信任的环境可以像用户期望的那样运行）; 这可以通过上传和许可证检查软件的完整性检查来实施。计量记录可以存储在防篡改设备中，并根据需要向管理员报告。可以有一个相关的交换所机制来启用数据的注册和支付。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式