专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070260545A1 TRUSTED PLATFORM MODULE DATA HARMONIZATION DURING TRUSTED SERVER RENDEVOUS 有权
标题翻译： TRUSTED平台模块数据协调在TRUSTED服务器RENDEVOUS期间
公开(公告)号：US20070260545A1
公开(公告)日：2007-11-08
申请号：US11381237
申请日：2006-05-02
申请人： Steven Bade , Richard Dayan , James Hanna , Andrew Kegel
发明人： Steven Bade , Richard Dayan , James Hanna , Andrew Kegel
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32 , G06F11/30 , H04K1/00
CPC分类号： G06F21/57 , G06F21/575 , H04L2463/101
摘要： Embodiments of the present invention address deficiencies of the art in respect to trusted platform module (TPM) unification in a trusted computing environment and provide a novel and non-obvious method, system and computer program product for trusted platform module data harmonization. In one embodiment of the invention, a TPM log harmonization method can include designating both a single master TPM for a master node among multiple nodes, and also a multiplicity of subsidiary TPMs for remaining ones of the nodes. The method further can include extending the single master TPM with a measurement representing a rendezvous operation for the nodes.
摘要翻译：本发明的实施例解决了可信计算环境中可信任平台模块（TPM）统一方面的技术缺陷，并提供了一种用于可信平台模块数据协调的新颖且非显而易见的方法，系统和计算机程序产品。在本发明的一个实施例中，TPM对数协调方法可以包括指定多个节点之间的主节点的单个主TPM，以及用于剩余节点的多个辅助TPM。该方法还可以包括使用表示节点的会合操作的测量来扩展单个主TPM。

2. 发明申请

US20050257073A1 Method and system for bootstrapping a trusted server having redundant trusted platform modules 失效
标题翻译：用于引导具有冗余可信平台模块的可信服务器的方法和系统
公开(公告)号：US20050257073A1
公开(公告)日：2005-11-17
申请号：US10835498
申请日：2004-04-29
申请人： Steven Bade , Linda Betz , Andrew Kegel , David Safford , Leendert Doorn
发明人： Steven Bade , Linda Betz , Andrew Kegel , David Safford , Leendert Doorn
IPC分类号： G06F21/24 , G06F1/00 , G06F3/06 , G06F12/14 , G06F12/16 , G06F21/00 , H04L9/32
CPC分类号： G06F21/575
摘要： Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
摘要翻译：以冗余的方式使用数据处理系统内的多个可信任的平台模块，其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。管理程序请求每个可信平台模块加密秘密数据的副本，从而生成加密的秘密数据值的多个版本，然后存储在可信平台内的非易失性存储器中。在稍后的时间点，加密的秘密数据值由执行先前加密的可信任平台模块进行解密，然后进行比较。如果解密值中的任何一个与比较操作中的值的数量不匹配，则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的，因为它不能正确解密其先前加密的值。

3. 发明申请

US20070198214A1 TRUST EVALUATION 有权
标题翻译：信任评估
公开(公告)号：US20070198214A1
公开(公告)日：2007-08-23
申请号：US11355719
申请日：2006-02-16
申请人： Steven Bade , Andrew Kegel , Leendert Van Doorn
发明人： Steven Bade , Andrew Kegel , Leendert Van Doorn
IPC分类号： G21C17/00
CPC分类号： G06F21/577 , G06F11/3409 , G06F2201/81
摘要： A solution for evaluating trust in a computer infrastructure is provided. In particular, a plurality of computing devices in the computer infrastructure evaluate one or more other computing devices in the computer infrastructure based on a set of device measurements for the other computing device(s) and a set of reference measurements. To this extent, each of the plurality of computing devices also provides a set of device measurements for processing by the other computing device(s) in the computer infrastructure.
摘要翻译：提供了一种评估计算机基础设施信任的解决方案。特别地，计算机基础设施中的多个计算设备基于用于其他计算设备的一组设备测量值和一组参考测量结果来评估计算机基础结构中的一个或多个其他计算设备。在这种程度上，多个计算设备中的每一个还提供一组设备测量值以供计算机基础设施中的其他计算设备处理。

4. 发明申请

US20070136577A1 Sealing of data for applications 有权
标题翻译：密封应用程序的数据
公开(公告)号：US20070136577A1
公开(公告)日：2007-06-14
申请号：US11301803
申请日：2005-12-13
申请人： Steven Bade , Andrew Kegel , Leendert Van Doorn
发明人： Steven Bade , Andrew Kegel , Leendert Van Doorn
IPC分类号： H04L9/00
CPC分类号： G06F21/57
摘要： A method, system and computer program product for implementing general purpose PCRs with extended semantics (referred to herein as “ePCRs”) in a trusted, measured software module. The module is designed to run in one of a hypervisor context, an isolated partition, or under other isolated configurations. Because the software module is provided using trusted (measured) code, the software implementing the PCRs is able to run as a simple software process in the operating system (OS), as long as the software is first measured and logged. The software-implemented ePCRs are generated as needed to record specific measurements of the software and hardware elements on which an application depends, and the ePCRs are able to ignore other non-dependencies.
摘要翻译：一种用于在可信测量的软件模块中实现具有扩展语义（在本文中称为“ePCR”）的通用PCR的方法，系统和计算机程序产品。该模块设计为在虚拟机管理程序上下文，隔离分区或其他隔离配置之一下运行。由于使用可信（测量）代码提供软件模块，所以实施PCR的软件只要首先测量和记录软件，就可以在操作系统（OS）中作为简单的软件过程运行。根据需要生成软件实现的ePCR，以记录应用程序所依赖的软件和硬件元素的特定测量，ePCR可以忽略其他不依赖性。

5. 发明申请

US20050246552A1 Method and system for virtualization of trusted platform modules 有权
标题翻译：可信平台模块虚拟化的方法和系统
公开(公告)号：US20050246552A1
公开(公告)日：2005-11-03
申请号：US10835330
申请日：2004-04-29
申请人： Steven Bade , Linda Betz , Andrew Kegel , Michael Kelly , William Terrell
发明人： Steven Bade , Linda Betz , Andrew Kegel , Michael Kelly , William Terrell
IPC分类号： G06F11/30 , G06F12/14 , G06F21/00 , H04L9/32
CPC分类号： G06F21/57 , G06F21/53 , H04L9/0897
摘要： A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.
摘要翻译：提出了一种方法，装置，系统和计算机程序产品，用于虚拟化数据处理系统内的可信平台模块。使用物理可信平台模块的平台签名密钥在数据处理系统内的物理可信平台模块内创建虚拟可信平台模块以及虚拟认证密钥，从而在虚拟可信平台模块和虚拟可信平台模块之间提供传递信任关系信任平台的核心信任根源。虚拟可信平台模块可以与数据处理系统内的可分区运行时环境中的分区唯一关联。

6. 发明申请

US20050234909A1 Method, computer program product, and data processing system for source verifiable audit logging 审中-公开
标题翻译：方法，计算机程序产品和源可验证审核记录的数据处理系统
公开(公告)号：US20050234909A1
公开(公告)日：2005-10-20
申请号：US10825187
申请日：2004-04-15
申请人： Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
发明人： Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
IPC分类号： G06F7/00 , G06F21/00
CPC分类号： G06F21/64 , G06F21/552 , G06F21/57 , G06F2221/2129
摘要： A method, computer program product, and a data processing system for logging audit events in a data processing system. A sequence of audit records including a final audit record are written to a first log file stored by a data processing system. A respective first hash value of each audit record is calculated. Responsive to calculating each respective first hash value, a corresponding second hash value is calculated from the first hash value and a value of a register associated with the data processing system. The second hash value is written to the register. A second log file is opened in response to closing the first log file. A final second hash value corresponding to a first hash value of the final audit record is written to a first record of the second log file.
摘要翻译：一种用于在数据处理系统中记录审核事件的方法，计算机程序产品和数据处理系统。包括最终审核记录在内的一系列审核记录被写入由数据处理系统存储的第一个日志文件。计算每个审计记录的相应的第一哈希值。响应于计算每个相应的第一散列值，从第一散列值和与数据处理系统相关联的寄存器的值计算相应的第二散列值。第二个哈希值被写入寄存器。打开第二个日志文件以响应关闭第一个日志文件。对应于最终审核记录的第一散列值的最终的第二散列值被写入第二个日志文件的第一个记录。

7. 发明申请

US20050039100A1 Method and system for automatic error recovery in an electronic mail system 审中-公开
标题翻译：电子邮件系统自动错误恢复的方法和系统
公开(公告)号：US20050039100A1
公开(公告)日：2005-02-17
申请号：US10640822
申请日：2003-08-14
申请人： Steven Bade , Janice Girouard , Emily Ratliff
发明人： Steven Bade , Janice Girouard , Emily Ratliff
IPC分类号： G06F11/00 , G06F11/30 , G06Q10/00 , G08C25/00 , G11C29/00 , H03M13/00 , H04L1/00
CPC分类号： G06Q10/107
摘要： A method and system for automatic address error recovery in an electronic mail system where electronic mail messages are transferred by identifying an address which includes a user name and a domain name which includes a top level domain suffix. In the event an electronic mail message destination cannot be determined, likely appropriate destinations are automatically determined by systematically determining common alternate spellings of the user name, likely alternate domain names or an alternate top level domain suffix. Alternately, a table of expired addresses and corresponding new addresses can be maintained and examined to determine a likely appropriate address. At least one likely appropriate address is presented to a sender and the electronic mail message is then transmitted to a destination by the sender.
摘要翻译：一种用于通过识别包括用户名的地址和包括顶级域后缀的域名的电子邮件系统中的电子邮件系统中的自动地址错误恢复的方法和系统。在无法确定电子邮件消息目的地的情况下，通过系统地确定用户名，可能的替代域名或备用顶级域后缀的公用备用拼写来自动确定可能的适当目的地。或者，可以维护和检查过期地址和对应的新地址的表以确定可能的适当地址。至少一个可能的适当的地址被呈现给发送者，并且电子邮件消息然后由发送者发送到目的地。

8. 发明申请

US20060136748A1 Method and system for using a compact disk as a smart key device 有权
标题翻译：使用光盘作为智能钥匙装置的方法和系统
公开(公告)号：US20060136748A1
公开(公告)日：2006-06-22
申请号：US11014559
申请日：2004-12-16
申请人： Steven Bade , Ching-Yun Chao
发明人： Steven Bade , Ching-Yun Chao
IPC分类号： G06F12/14
CPC分类号： H04L9/3265 , G06F21/33 , G06F21/34 , G06F21/445 , H04L9/0897 , H04L9/3247 , H04L9/3273 , H04L2209/805
摘要： A data processing system accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.
摘要翻译：数据处理系统接受与数据处理系统内的系统单元电接合的可移动存储介质，之后可拆卸存储介质和硬件安全单元相互认证自身。可移动存储介质存储与硬件安全单元相关联的第一非对称加密密钥对和第二非对称密码密钥对的公钥的私钥，并且硬件安全单元存储第二非对称密码密钥的私钥对和与可移动存储介质相关联的第一非对称加密密钥对的公开密钥。响应于成功地执行可移动存储介质和硬件安全单元之间的相互认证操作，系统单元能够在可移动存储介质保持与系统单元接合的同时在硬件安全单元上调用加密功能。

9. 发明申请

US20060026422A1 Method, apparatus, and product for providing a backup hardware trusted platform module in a hypervisor environment 审中-公开
标题翻译：用于在管理程序环境中提供备份硬件可信平台模块的方法，装置和产品
公开(公告)号：US20060026422A1
公开(公告)日：2006-02-02
申请号：US10902711
申请日：2004-07-29
申请人： Steven Bade , Thomas Dewkett , Nia Kelley , Siegfried Sutter , Helmut Weber
发明人： Steven Bade , Thomas Dewkett , Nia Kelley , Siegfried Sutter , Helmut Weber
IPC分类号： H04L9/00
CPC分类号： H04L63/104 , H04L9/0877 , H04L9/0897 , H04L63/20 , H04L2209/805
摘要： A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system. The data processing system includes a primary hardware trusted platform module (TPM) and a secondary hardware backup TPM. The data processing system also includes multiple logical partitions. The primary hardware TPM is used to provide trusted computing services to the logical partitions. A determination is made as to whether the primary hardware TPM is malfunctioning. If a determination is made that the primary hardware TPM is malfunctioning, the secondary hardware TPM is designated as a new primary hardware TPM and is utilized instead of the primary TPM to provide trusted computing services to the logical partitions.
摘要翻译：描述了用于在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品。数据处理系统包括主硬件可信平台模块（TPM）和辅助硬件备份TPM。数据处理系统还包括多个逻辑分区。主要硬件TPM用于向逻辑分区提供可信计算服务。确定主要硬件TPM是否发生故障。如果确定主硬件TPM出现故障，则辅助硬件TPM被指定为新的主要硬件TPM，并且被使用而不是主TPM来向逻辑分区提供可信计算服务。

10. 发明申请

US20060026419A1 Method, apparatus, and product for providing a scalable trusted platform module in a hypervisor environment 失效
标题翻译：用于在管理程序环境中提供可扩展的可信平台模块的方法，装置和产品
公开(公告)号：US20060026419A1
公开(公告)日：2006-02-02
申请号：US10902670
申请日：2004-07-29
申请人： Richard Arndt , Steven Bade , Thomas Dewkett , Charles Gainey , Nia Kelley , Siegfried Sutter , Helmut Weber
发明人： Richard Arndt , Steven Bade , Thomas Dewkett , Charles Gainey , Nia Kelley , Siegfried Sutter , Helmut Weber
IPC分类号： H04L9/00
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：描述了一种在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品，其中数据处理系统包括单个硬件可信平台模块（TPM）。在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式