专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07653819B2 Scalable paging of platform configuration registers 有权
标题翻译：平台配置寄存器的可扩展分页
公开(公告)号：US07653819B2
公开(公告)日：2010-01-26
申请号：US10957545
申请日：2004-10-01
申请人： Steven A. Bade , Charles Douglas Ball , Ryan Charles Catherman , James Patrick Hoff , James Peter Ward
发明人： Steven A. Bade , Charles Douglas Ball , Ryan Charles Catherman , James Patrick Hoff , James Peter Ward
IPC分类号： G06F21/00
CPC分类号： G06F21/57
摘要： A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.
摘要翻译：用于寻呼平台配置的方法，计算机程序和系统在可信平台模块内进出。在可信赖的计算平台中，可以通过寻呼获得无限数量的平台配置寄存器。信任平台模块对平台配置寄存器进行加密和解密，以便在可信平台模块之外进行存储。

2. 发明授权

US07590845B2 Key cache management through multiple localities 有权
标题翻译：通过多个地方进行密钥缓存管理
公开(公告)号：US07590845B2
公开(公告)日：2009-09-15
申请号：US10744441
申请日：2003-12-22
申请人： Charles Douglas Ball , Ryan Charles Catherman , James Patrick Hoff , James Peter Ward
发明人： Charles Douglas Ball , Ryan Charles Catherman , James Patrick Hoff , James Peter Ward
IPC分类号： H04L9/14 , G06F12/08
CPC分类号： H04L9/0894
摘要： A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to re-load the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that its key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.
摘要翻译：一种用于多个地区的多个密钥高速缓存管理器用于共享安全芯片的加密密钥存储资源的方法，包括：将应用密钥加载到密钥存储器中; 并且由密钥高速缓存管理器保存用于应用密钥的恢复数据，其中如果应用密钥从另一个密钥存储器被逐出，密钥高速缓存管理器可以使用恢复数据将应用密钥重新加载到密钥存储器中密钥缓存管理器。该方法允许多个密钥高速缓存管理器中的每一个识别出其密钥已经从安全芯片中移除并恢复其密钥。该方法还允许每个密钥缓存管理器驱逐或销毁安全芯片上当前加载的任何密钥，而不影响其他地方的功能。

3. 发明申请

US20090063857A1 METHOD AND SYSTEM FOR PROVIDING A TRUSTED PLATFORM MODULE IN A HYPERVISOR ENVIRONMENT 有权
公开(公告)号：US20090063857A1
公开(公告)日：2009-03-05
申请号：US12261060
申请日：2008-10-30
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

4. 发明授权

US08086852B2 Providing a trusted platform module in a hypervisor environment 有权
标题翻译：在管理程序环境中提供可信赖的平台模块
公开(公告)号：US08086852B2
公开(公告)日：2011-12-27
申请号：US12207487
申请日：2008-09-09
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号： H04L9/00
CPC分类号： G06F21/53
摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
摘要翻译：呈现一种用于在数据处理系统内实现可信计算环境的方法。在数据处理系统内初始化管理程序，并且管理程序监视数据处理系统内的多个逻辑，可分割的运行时环境。虚拟机管理程序为基于虚拟机管理程序的可信平台模块（TPM）预留逻辑分区，并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时，管理程序也会在保留的分区内实例化一个逻辑TPM，使得逻辑TPM被锚定到基于管理程序的TPM。虚拟机管理程序管理保留分区内的多个逻辑TPM，使得每个逻辑TPM与逻辑分区唯一相关联。

5. 发明授权

US07752458B2 Method and system for hierarchical platform boot measurements in a trusted computing environment 有权
标题翻译：在可信计算环境中分层平台引导测量的方法和系统
公开(公告)号：US07752458B2
公开(公告)日：2010-07-06
申请号：US12258332
申请日：2008-10-24
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrell
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrell
IPC分类号： G06F11/30
CPC分类号： G06F21/57
摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译：用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的同时允许其高度并行化的初始化过程进行。

6. 发明授权

US07707411B2 Method and system for providing a trusted platform module in a hypervisor environment 有权
标题翻译：在管理程序环境中提供可信平台模块的方法和系统
公开(公告)号：US07707411B2
公开(公告)日：2010-04-27
申请号：US12261060
申请日：2008-10-30
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
摘要翻译：呈现一种用于在数据处理系统内实现可信计算环境的方法。在数据处理系统内初始化管理程序，并且管理程序监视数据处理系统内的多个逻辑，可分割的运行时环境。虚拟机管理程序为基于虚拟机管理程序的可信平台模块（TPM）预留逻辑分区，并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时，管理程序也会在保留的分区内实例化一个逻辑TPM，使得逻辑TPM被锚定到基于管理程序的TPM。虚拟机管理程序管理保留分区内的多个逻辑TPM，使得每个逻辑TPM与逻辑分区唯一相关联。

7. 发明申请

US20090049305A1 METHOD AND SYSTEM FOR HIERARCHICAL PLATFORM BOOT MEASUREMENTS IN A TRUSTED COMPUTING ENVIRONMENT 有权
标题翻译：有意义的计算环境中的分层平台引导测量的方法和系统
公开(公告)号：US20090049305A1
公开(公告)日：2009-02-19
申请号：US12258332
申请日：2008-10-24
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrel
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrel
IPC分类号： H04L9/00 , G06F15/177
CPC分类号： G06F21/57
摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译：用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的同时允许其高度并行化的初始化过程进行。

8. 发明授权

US07480804B2 Method and system for hierarchical platform boot measurements in a trusted computing environment 失效
标题翻译：在可信计算环境中分层平台引导测量的方法和系统
公开(公告)号：US07480804B2
公开(公告)日：2009-01-20
申请号：US10835503
申请日：2004-04-29
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrell
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , William Lee Terrell
IPC分类号： H04L9/00 , G06F12/14
CPC分类号： G06F21/57
摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译：用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的同时允许其高度并行化的初始化过程进行。

9. 发明授权

US07484099B2 Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment 失效
标题翻译：用于在管理程序环境中用可信平台模块断言物理存在的方法，装置和产品
公开(公告)号：US07484099B2
公开(公告)日：2009-01-27
申请号：US10902712
申请日：2004-07-29
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号： H04L9/00
CPC分类号： G06F21/34 , G06F21/57 , G06F21/575 , G06F2221/2129
摘要： A method, apparatus, and computer program product are described for asserting physical presence in a trusted computing environment included within a data processing system. The trusted computing environment includes a trusted platform module (TPM). The data processing system is coupled to a hardware management console. The trusted platform module determines whether the hardware management console is a trusted entity. The trusted platform module also determines whether the hardware management console has knowledge of a secret key that is possessed by the TPM. If the TPM determines that the hardware management console is a trusted entity and has knowledge of the secret key, the TPM determines that physical presence has been asserted. Otherwise, if the TPM determines that either the hardware management console is not a trusted entity or the TPM determines that the hardware management console does not have knowledge of the secret key, the TPM determines that physical presence has not been asserted and will not execute commands that require the successful assertion of “physical presence”.
摘要翻译：描述了一种用于断定包括在数据处理系统内的可信计算环境中的物理存在的方法，装置和计算机程序产品。可信计算环境包括可信平台模块（TPM）。数据处理系统耦合到硬件管理控制台。可信平台模块确定硬件管理控制台是否是可信实体。可信平台模块还确定硬件管理控制台是否具有TPM拥有的秘密密钥的知识。如果TPM确定硬件管理控制台是可信赖的实体并具有秘密密钥的知识，则TPM确定物理存在已经被断言。否则，如果TPM确定硬件管理控制台不是可信实体，或者TPM确定硬件管理控制台不具有秘密密钥的知识，则TPM确定物理存在尚未被断言，并且将不执行命令这要求成功地断言“身体存在”。

10. 发明授权

US07484091B2 Method and system for providing a trusted platform module in a hypervisor environment 失效
标题翻译：在管理程序环境中提供可信平台模块的方法和系统
公开(公告)号：US07484091B2
公开(公告)日：2009-01-27
申请号：US10835350
申请日：2004-04-29
申请人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
发明人： Steven A. Bade , Ryan Charles Catherman , James Patrick Hoff , Nia Letise Kelley , Emily Jane Ratliff
IPC分类号： G06F21/00
CPC分类号： G06F21/53
摘要： A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
摘要翻译：呈现一种用于在数据处理系统内实现可信计算环境的方法。在数据处理系统内初始化管理程序，并且管理程序监视数据处理系统内的多个逻辑，可分割的运行时环境。虚拟机管理程序为基于虚拟机管理程序的可信平台模块（TPM）预留逻辑分区，并通过设备接口将基于虚拟机管理程序的可信平台模块作为虚拟设备呈现给其他逻辑分区。每当虚拟机管理程序在数据处理系统内创建一个逻辑分区时，管理程序也会在保留的分区内实例化一个逻辑TPM，使得逻辑TPM被锚定到基于管理程序的TPM。虚拟机管理程序管理保留分区内的多个逻辑TPM，使得每个逻辑TPM与逻辑分区唯一相关联。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式