专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060015717A1 Establishing a trusted platform in a digital processing system 有权
标题翻译：在数字处理系统中建立可信赖的平台
公开(公告)号：US20060015717A1
公开(公告)日：2006-01-19
申请号：US10893137
申请日：2004-07-15
申请人： Zhengrong Liu , Yusuf Purna , Takemura Shinichi , Nicholas Szeto
发明人： Zhengrong Liu , Yusuf Purna , Takemura Shinichi , Nicholas Szeto
IPC分类号： H04L9/00
CPC分类号： G06F21/57
摘要： A trusted platform in a digital processing system is maintained even when modules, or other processes or data, are loaded after a boot sequence. A configuration file is used to include measurements (e.g., hash values, signatures, etc.) of modules to be loaded. After secure boot-up the operating system kernel uses the configuration file to check module integrity prior to loading and executing. If a module does not verify against the configuration file data then the system can prevent further operation, restrict certain operations, indicate the non-trusted nature of the system or take other actions. In one embodiment, if a module does not pass the integrity check then the failed measurement is extended into a specific Platform Configuration Register (PCR) within a Trusted Platform Manager (TPM) process. Subsequently, client applications can determine if the platform is trustable based on the return of the PCR value. A local application (application running in the same platform) can “seal” secrets to a trusted platform. The operation of the application relies on the secrets, which can only be revealed in a trusted platform.
摘要翻译：即使在引导顺序之后加载模块或其他进程或数据，数字处理系统中的信任平台也得以维护。配置文件用于包括要加载的模块的测量（例如散列值，签名等）。在安全启动之后，操作系统内核在加载和执行之前使用配置文件来检查模块的完整性。如果模块没有针对配置文件数据进行验证，则系统可以防止进一步的操作，限制某些操作，指示系统的不受信任的性质或采取其他操作。在一个实施例中，如果模块不通过完整性检查，则将失败的测量扩展到可信平台管理器（TPM）进程内的特定平台配置寄存器（PCR）。随后，客户应用程序可以根据PCR值的返回来确定平台是否可信任。本地应用程序（在同一平台上运行的应用程序）可以将密码“密封”到可信赖的平台。应用程序的操作依赖于只能在可信平台中显示的秘密。

IPRDB

热门服务

关于我们

友情链接

联系方式