专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07945789B2 System and method for securely restoring a program context from a shared memory 有权
标题翻译：用于从共享存储器安全地还原程序上下文的系统和方法
公开(公告)号：US07945789B2
公开(公告)日：2011-05-17
申请号：US11530933
申请日：2006-09-12
申请人： Mark Richard Nutter , Kanna Shimizu
发明人： Mark Richard Nutter , Kanna Shimizu
IPC分类号： G06F12/14
CPC分类号： G06F9/461 , G06F21/52 , G06F21/74
摘要： A system and method for securely restoring software program context is presented. A special purpose processor core is included in a heterogeneous processing environment where each processor can access a shared memory. The isolated special purpose processor core includes an isolated local memory. The isolated special purpose processor core receives an identifier corresponding to the secured program. The identifier is used to read an encrypted context of the secured program from the shared memory. The encrypted context is decrypted using an encryption key. The decrypted context is stored in the isolated special purpose processor core's local memory. The secured program's context integrity is verified by using a persistent security data that is retrieved from a secure location, such as a persistent storage register that can only be accessed when the special purpose processor core is running in isolation mode. If the context is verified, the secured program is executed.
摘要翻译：提出了一种安全恢复软件程序环境的系统和方法。专用处理器核心包含在异构处理环境中，每个处理器可以访问共享内存。隔离的专用处理器内核包括一个隔离的本地存储器。隔离的专用处理器核心接收对应于安全程序的标识符。标识符用于从共享存储器读取加密程序的加密上下文。使用加密密钥对加密的上下文进行解密。解密的上下文存储在隔离的专用处理器核心的本地存储器中。安全程序的上下文完整性通过使用从安全位置检索的持久性安全数据（例如只有专用处理器内核以隔离模式运行时才能访问的持久存储寄存器）来验证。如果上下文被验证，则执行安全程序。

12. 发明申请

US20080298581A1 Application-Specific Secret Generation 有权
标题翻译：特定应用程序的秘密生成
公开(公告)号：US20080298581A1
公开(公告)日：2008-12-04
申请号：US11754667
申请日：2007-05-29
申请人： Masana Murase , Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： H04L9/00
CPC分类号： G06F21/52
摘要： A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access are disclosed. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
摘要翻译：公开了一种用于保护敏感程序代码和数据（包括永久存储的数据）从未经授权的访问的方法，计算机程序产品和数据处理系统。专用硬件将加密的内核解密为内存以供执行。当应用程序被执行时，内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。内核然后删除其秘密信息，并将计算的秘密传递给应用程序。为了将数据永久存储在内存中，应用程序使用计算的秘密之一在存储之前对数据进行加密。如果内核启动同一应用程序的另一个实例，内核（将被重新解密以恢复内核的秘密）将计算相同的一个或多个秘密，从而允许第二个应用程序实例访问由第一个应用程序实例。

13. 发明申请

US20070179904A1 Apparatus and method for providing sealed storage in a data processing device 失效
标题翻译：一种用于在数据处理装置中提供密封存储的装置和方法
公开(公告)号：US20070179904A1
公开(公告)日：2007-08-02
申请号：US11345923
申请日：2006-02-02
申请人： H. Hofstee , Kanna Shimizu
发明人： H. Hofstee , Kanna Shimizu
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , G06F21/6227 , G06Q20/3674 , H04L9/0897 , H04L9/32 , H04L2209/80
摘要： An apparatus and method for providing a sealed storage in a data processing device are provided. Processors of the data processing device may operate in a hardware isolation mode which allows a process to execute in an isolated environment on a processor and associated memory thereby being protected from access by other elements of the data processing device. In addition, a hardware controlled authentication and decryption mechanism is provided that is based on a hardware core key. These two features are tied together such that authentication occurs every time the isolation mode is entered. Based on the core key, which is only accessible from the hardware when in isolation mode, a chain of trust is generated by providing authentication keys for authenticating a next piece of software in the chain, in each piece of software that must be loaded, starting with the core key.
摘要翻译：提供了一种用于在数据处理设备中提供密封存储器的设备和方法。数据处理设备的处理器可以以硬件隔离模式操作，其允许过程在处理器和相关联的存储器上的隔离环境中执行，从而被数据处理设备的其他元件保护免受其访问。另外，提供了基于硬件核心密钥的硬件控制的认证和解密机制。这两个功能被绑在一起，以便每次输入隔离模式时都会进行身份验证。基于核心密钥，只有在隔离模式下才可以从硬件访问，通过提供用于认证链中的下一个软件的认证密钥，在必须加载的每个软件中，产生一个信任链，启动与核心关键。

14. 发明授权

US08010804B2 Method to protect secrets against encrypted section attack 失效
标题翻译：保护秘密免受加密部分攻击的方法
公开(公告)号：US08010804B2
公开(公告)日：2011-08-30
申请号：US12188600
申请日：2008-08-08
申请人： Masana Murase , Kanna Shimizu , Wilfred Edmund Plouffe, Jr.
发明人： Masana Murase , Kanna Shimizu , Wilfred Edmund Plouffe, Jr.
IPC分类号： G06F11/30 , H04L9/32 , H04L9/00
CPC分类号： G06F21/6209 , H04L9/14 , H04L9/3247 , H04L9/3263
摘要： A method, system, and computer-usable medium are disclosed for controlling unauthorized access to encrypted application program code. Predetermined program code is encrypted with a first key. The hash value of an application verification certificate associated with a second key is calculated by performing a one-way hash function. Binding operations are then performed with the first key and the calculated hash value to generate a third key, which is a binding key. The binding key is encrypted with a fourth key to generate an encrypted binding key, which is then embedded in the application. The application is digitally signed with a fifth key to generate an encrypted and signed program code image. To decrypt the encrypted program code, the application verification key certificate is verified and in turn is used to verify the authenticity of the encrypted and signed program code image. The encrypted binding key is then decrypted with a sixth key to extract the binding key. The hash value of the application verification certificate associated with the second key is then calculated and used with the extracted binding key to extract the first key. The extracted first key is then used to decrypt the encrypted application code.
摘要翻译：公开了一种用于控制对加密的应用程序代码的未授权访问的方法，系统和计算机可用介质。预定程序代码用第一个密钥加密。通过执行单向散列函数来计算与第二密钥相关联的应用验证证书的哈希值。然后使用第一个密钥和计算的散列值执行绑定操作，以生成一个绑定密钥的第三个密钥。绑定密钥用第四个密钥加密，以生成一个加密的绑定密钥，然后嵌入应用程序。该应用程序用第五个密钥进行数字签名，以生成加密和签名的程序代码图像。为了对加密的程序代码进行解密，应用验证密钥证书被验证，进而用于验证加密和签名的程序代码图像的真实性。然后用第六个密钥解密加密的绑定密钥以提取绑定密钥。然后计算与第二密钥相关联的应用验证证书的哈希值，并与提取的绑定密钥一起提取第一密钥。然后，提取的第一密钥用于解密加密的应用代码。

15. 发明授权

US07934063B2 Invoking externally assisted calls from an isolated environment 有权
标题翻译：从孤立的环境调用外部辅助呼叫
公开(公告)号：US07934063B2
公开(公告)日：2011-04-26
申请号：US11693406
申请日：2007-03-29
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Masaharu Sakamoto , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Masaharu Sakamoto , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： G06F13/28
CPC分类号： G06F9/544
摘要： A method of invoking power processor element (PPE) serviced C library functions on a synergistic processing element (SPE) running in isolated mode. When the SPE initiates a PPE-serviced function, an SPE stub routine allocates a parameter buffer in an open area of a local store (LS) memory within the SPE. The LS memory includes an open area accessible to the PPE, and an isolated area inaccessible to the PPE. The SPE stub routine copies function parameters corresponding to the PPE-serviced function to a buffer within the open area of the LS memory, and writes a message word, which contains an identification variable of the PPE-serviced function and a location variable of the function parameters, to the open area. When execution is temporarily suspended on the SPE, the PPE reads the message word from the open area of the LS memory and executes the PPE-serviced function.
摘要翻译：一种在隔离模式下运行的协同处理元件（SPE）上调用功率处理器元件（PPE）服务C库函数的方法。当SPE启动PPE服务功能时，SPE stub例程在SPE内的本地存储（LS）存储器的打开区域中分配参数缓冲区。 LS存储器包括PPE可访问的开放区域和PPE无法访问的隔离区域。 SPE存根例程将对应于PPE服务功能的功能参数复制到LS存储器的开放区域内的缓冲区，并写入一个消息字，其中包含PPE服务功能的标识变量和功能的位置变量参数，到开放区域。当执行暂停在SPE上时，PPE从LS存储器的打开区域读取消息字，并执行PPE服务功能。

16. 发明申请

US20100037068A1 Method to Protect Secrets Against Encrypted Section Attack 失效
标题翻译：保护秘密免受加密部分攻击的方法
公开(公告)号：US20100037068A1
公开(公告)日：2010-02-11
申请号：US12188600
申请日：2008-08-08
申请人： Masana Murase , Kanna Shimizu , Wilfred Edmund Plouffe, JR.
发明人： Masana Murase , Kanna Shimizu , Wilfred Edmund Plouffe, JR.
IPC分类号： H04L9/06
CPC分类号： G06F21/6209 , H04L9/14 , H04L9/3247 , H04L9/3263
摘要： A method, system, and computer-usable medium are disclosed for controlling unauthorized access to encrypted application program code. Predetermined program code is encrypted with a first key. The hash value of an application verification certificate associated with a second key is calculated by performing a one-way hash function. Binding operations are then performed with the first key and the calculated hash value to generate a third key, which is a binding key. The binding key is encrypted with a fourth key to generate an encrypted binding key, which is then embedded in the application. The application is digitally signed with a fifth key to generate an encrypted and signed program code image. To decrypt the encrypted program code, the application verification key certificate is verified and in turn is used to verify the authenticity of the encrypted and signed program code image. The encrypted binding key is then decrypted with a sixth key to extract the binding key. The hash value of the application verification certificate associated with the second key is then calculated and used with the extracted binding key to extract the first key. The extracted first key is then used to decrypt the encrypted application code.
摘要翻译：公开了一种用于控制对加密的应用程序代码的未授权访问的方法，系统和计算机可用介质。预定程序代码用第一个密钥加密。通过执行单向散列函数来计算与第二密钥相关联的应用验证证书的哈希值。然后使用第一个密钥和计算的散列值执行绑定操作，以生成一个绑定密钥的第三个密钥。绑定密钥用第四个密钥加密，以生成一个加密的绑定密钥，然后嵌入应用程序。该应用程序用第五个密钥进行数字签名，以生成加密和签名的程序代码图像。为了对加密的程序代码进行解密，应用验证密钥证书被验证，进而用于验证加密和签名的程序代码图像的真实性。然后用第六个密钥解密加密的绑定密钥以提取绑定密钥。然后计算与第二密钥相关联的应用验证证书的哈希值，并与提取的绑定密钥一起提取第一密钥。然后，提取的第一密钥用于解密加密的应用代码。

17. 发明授权

US07660769B2 System and method for digital content player with secure processing vault 有权
标题翻译：具有安全处理保险库的数字内容播放器的系统和方法
公开(公告)号：US07660769B2
公开(公告)日：2010-02-09
申请号：US11530940
申请日：2006-09-12
申请人： Kanna Shimizu
发明人： Kanna Shimizu
IPC分类号： G06F17/60
CPC分类号： G06F21/6209 , G06F21/72
摘要： A system and method for digital content player with secure processing vault is presented. A system uses an attached processing unit and a local storage area as a hardware-based secure processing vault. The secure processing vault calculates a title key based upon stored device keys, and decrypts encrypted/encoded digital content using the calculated title key. The decryption process results in encoded digital content, which remains within the secure processing vault until the secure processing vault decodes the encoded digital content. The decoded digital content is then passed to a main processing unit or a graphics card for further processing. In one embodiment, a secure processing vault may process multiple threads in parallel. In another embodiment, multiple secure processing vaults may be used to process a single, highly computational thread.
摘要翻译：提出了一种具有安全处理保险库的数字内容播放器的系统和方法。系统使用附加的处理单元和本地存储区域作为基于硬件的安全处理库。安全处理保险库基于存储的设备密钥来计算标题密钥，并且使用所计算的标题密钥对加密/编码的数字内容进行解密。解密过程导致编码的数字内容，其保持在安全处理库内，直到安全处理保险库解码编码的数字内容。然后将经解码的数字内容传送到主处理单元或图形卡用于进一步处理。在一个实施例中，安全处理保险库可以并行处理多个线程。在另一个实施例中，多个安全处理保险库可用于处理单个高度计算的线程。

18. 发明申请

US20090086974A1 Support for Multiple Security Policies on a Unified Authentication Architecture 有权
标题翻译：支持统一认证体系结构中的多个安全策略
公开(公告)号：US20090086974A1
公开(公告)日：2009-04-02
申请号：US11866020
申请日：2007-10-02
申请人： Masana Murase , Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： H04L9/30 , H04L9/32
CPC分类号： H04L9/3247 , G06F21/51 , H04L9/0836 , H04L2209/56
摘要： A method, computer program product, and data processing system are disclosed for ensuring that applications executed in the data processing system originate only from trusted sources are disclosed. In a preferred embodiment, a secure operating kernel maintains a “key ring” containing keys corresponding to trusted software vendors. The secure kernel uses vendor keys to verify that a given application was signed by an approved vendor. To make it possible for independent developers to develop software for the herein-described platform, a “global key pair” is provided in which both the public and private keys of the pair are publicly known, so that anyone may sign an application with the global key. Such an application may be allowed to execute by including the global key pair's public key in the key ring as a “vendor key” or, conversely, it may be disallowed by excluding the global public key from the key ring.
摘要翻译：公开了一种方法，计算机程序产品和数据处理系统，用于确保在数据处理系统中执行的应用仅来自可信源。在优选实施例中，安全操作内核维护包含与可信软件供应商对应的密钥的“密钥环”。安全内核使用供应商密钥来验证给定的应用程序是否由经过批准的供应商签名。为了使独立开发人员能够为本文所述的平台开发软件，提供了一种“全局密钥对”，其中该对的公钥和私钥都是公知的，以便任何人可以使用全局键。可以通过将密钥环中的全局密钥对的公钥作为“供应商密钥”来包括全局密钥对的公钥来执行这样的应用，或者相反地，可以通过从密钥环中排除全局公钥来实现。

19. 发明申请

US20080104711A1 SYSTEM AND METHOD FOR AN ISOLATED PROCESS TO CONTROL ADDRESS TRANSLATION 失效
标题翻译：用于控制地址转换的隔离过程的系统和方法
公开(公告)号：US20080104711A1
公开(公告)日：2008-05-01
申请号：US11553008
申请日：2006-10-26
申请人： Charles R. Johns , Kanna Shimizu
发明人： Charles R. Johns , Kanna Shimizu
IPC分类号： H04L9/32 , G06F17/30 , H04L9/00 , G06F12/14 , G06F7/04 , G06K9/00 , G06F11/30 , H03M1/68 , H04K1/00 , H04N7/16
CPC分类号： G06F12/145 , G06F21/53
摘要： A system, method, and computer-usable medium for an isolated process to control address translation. According to a preferred embodiment of the present invention, an isolation region that is accessible only to a first processing unit in a data processing system is created. A loader is executed to load a secure process in the isolation region. If the secure process is determined to be allowed to issue real mode direct memory access commands, real mode direct memory access commands are enabled to allow the secure process to issue non-translated direct memory access commands.
摘要翻译：用于控制地址转换的隔离过程的系统，方法和计算机可用介质。根据本发明的优选实施例，创建了仅在数据处理系统中的第一处理单元可访问的隔离区域。执行加载器以在隔离区域中加载安全处理。如果确定安全过程被允许发出实模式直接存储器访问命令，则启用实模式直接存储器访问命令以允许安全过程发出非转换的直接存储器访问命令。

20. 发明申请

US20080065547A1 System and Method for Digital Content Player with Secure Processing Vault 有权
标题翻译：具有安全处理保险柜的数字内容播放器的系统和方法
公开(公告)号：US20080065547A1
公开(公告)日：2008-03-13
申请号：US11530940
申请日：2006-09-12
申请人： Kanna Shimizu
发明人： Kanna Shimizu
IPC分类号： G06Q99/00
CPC分类号： G06F21/6209 , G06F21/72
摘要： A system and method for digital content player with secure processing vault is presented. A system uses an attached processing unit and a local storage area as a hardware-based secure processing vault. The secure processing vault calculates a title key based upon stored device keys, and decrypts encrypted/encoded digital content using the calculated title key. The decryption process results in encoded digital content, which remains within the secure processing vault until the secure processing vault decodes the encoded digital content. The decoded digital content is then passed to a main processing unit or a graphics card for further processing. In one embodiment, a secure processing vault may process multiple threads in parallel. In another embodiment, multiple secure processing vaults may be used to process a single, highly computational thread.
摘要翻译：提出了一种具有安全处理保险库的数字内容播放器的系统和方法。系统使用附加的处理单元和本地存储区域作为基于硬件的安全处理库。安全处理保险库基于存储的设备密钥来计算标题密钥，并且使用所计算的标题密钥对加密/编码的数字内容进行解密。解密过程导致编码的数字内容，其保持在安全处理库内，直到安全处理保险库解码编码的数字内容。然后将经解码的数字内容传送到主处理单元或图形卡用于进一步处理。在一个实施例中，安全处理保险库可以并行处理多个线程。在另一个实施例中，多个安全处理保险库可用于处理单个高度计算的线程。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式