专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

US20050144440A1 Method for securely creating an endorsement certificate in an insecure environment 失效
标题翻译：在不安全的环境中安全地创建背书证书的方法
公开(公告)号：US20050144440A1
公开(公告)日：2005-06-30
申请号：US10750594
申请日：2003-12-31
申请人： Ryan Catherman , David Challener , James Hoff
发明人： Ryan Catherman , David Challener , James Hoff
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要： A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译：一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密，并将N字节的秘密与支持密钥一起存储在TPM中。无法在TPM之外读取密码。秘密编号也提供给OEM的凭据服务器。在认可密钥（EK）凭证处理过程中，TPM产生一个签名密钥，其包括公开密钥和密钥的散列以及公开密钥。凭证服务器将签名密钥内的散列与接收到的公钥（来自认可密钥）和供应商提供的秘密的第二散列进行匹配。仅当匹配确认时，EK证书才会生成并插入到TPM中。

12. 发明申请

US20080069363A1 Method for Securely Creating an Endorsement Certificate in an Insecure Environment 有权
标题翻译：在不安全的环境中安全地创建认可证书的方法
公开(公告)号：US20080069363A1
公开(公告)日：2008-03-20
申请号：US11858977
申请日：2007-09-21
申请人： Ryan Catherman , David Challener , James Hoff
发明人： Ryan Catherman , David Challener , James Hoff
IPC分类号： H04L9/08 , H04L9/28 , H04L9/30
CPC分类号： G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要： A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译：一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密，并将N字节的秘密与支持密钥一起存储在TPM中。无法在TPM之外读取密码。秘密编号也提供给OEM的凭据服务器。在认可密钥（EK）凭证处理过程中，TPM产生一个签名密钥，其包括公开密钥和密钥的散列以及公开密钥。凭证服务器将签名密钥内的散列与接收到的公钥（来自认可密钥）和供应商提供的秘密的第二散列进行匹配。仅当匹配确认时，EK证书才会生成并插入到TPM中。

13. 发明申请

US20060005009A1 Method, system and program product for verifying an attribute of a computing device 审中-公开
标题翻译：用于验证计算设备的属性的方法，系统和程序产品
公开(公告)号：US20060005009A1
公开(公告)日：2006-01-05
申请号：US10881870
申请日：2004-06-30
申请人： Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人： Charles Ball , Ryan Catherman , James Hoff , James Ward
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , H04L9/321 , H04L2209/127 , H04L2209/80
摘要： A solution for verifying an attribute of a computing device. In particular, a computing device can obtain an attribute from another computing device. The attribute can be measure by, for example, a Trusted Platform Module integrated on the other computing device. The computing device can then use an attestation server to determine whether the attribute reflects a desirable value or indicates that the other computing device may have been compromised.
摘要翻译：用于验证计算设备的属性的解决方案。具体地，计算设备可以从另一计算设备获得属性。该属性可以通过例如集成在另一计算设备上的可信平台模块来测量。然后，计算设备可以使用认证服务器来确定属性是否反映了期望值，或者指示其他计算设备可能已被泄密。

14. 发明申请

US20050149733A1 Method for securely creating an endorsement certificate utilizing signing key pairs 失效
标题翻译：使用签名密钥对安全地创建签注证书的方法
公开(公告)号：US20050149733A1
公开(公告)日：2005-07-07
申请号：US10749261
申请日：2003-12-31
申请人： Ryan Catherman , David Challener , James Hoff
发明人： Ryan Catherman , David Challener , James Hoff
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/602 , G06F21/57
摘要： A method and system for ensuring security-compliant creation and certificate generation for endorsement keys of manufactured TPMs. The endorsement keys are generated by the TPM manufacturer and stored within the TPM. The TPM manufacturer also creates a signing key pair and associated signing key certificate. The signing key pair is also stored within the TPM, while the certificate is provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates a signed endorsement key, which comprises the public endorsement key signed with the public signing key. The credential server matches the public signing key of the endorsement key with a public signing key within the received certificate. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译：一种用于确保制造TPM的认可密钥的安全兼容创建和证书生成的方法和系统。认可密钥由TPM制造商生成并存储在TPM内。 TPM制造商还创建了一个签名密钥对和相关的签名密钥证书。签名密钥对也存储在TPM中，同时将证书提供给OEM的凭据服务器。在认可密钥（EK）凭证过程中，TPM生成签名的背书密钥，其包括用公共签名密钥签名的公开签名密钥。凭证服务器将签名密钥的公共签名密钥与接收到的证书中的公共签名密钥相匹配。仅当匹配确认时，EK证书才会生成并插入到TPM中。

15. 发明申请

US20050138434A1 Apparatus, system, and method for secure communications from a human interface device 有权
标题翻译：用于从人机接口设备进行安全通信的设备，系统和方法
公开(公告)号：US20050138434A1
公开(公告)日：2005-06-23
申请号：US10745172
申请日：2003-12-23
申请人： Ryan Catherman , Dave Challener , Akira Hino , James Hoff , James Ward
发明人： Ryan Catherman , Dave Challener , Akira Hino , James Hoff , James Ward
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/83 , G06F21/606
摘要： An apparatus, system and method of secure communications from a human interface device are provided. The apparatus, system, and method receive input data and calculate encrypted data from the input data using a secure credential. In one embodiment the apparatus, system, and method request and receive a single instance credential and calculate the encrypted data using the secure credential and the single instance credential. The encrypted data may be a secure authorization that may be valid for one use. Communication of the encrypted data through networks and communicating devices is secure. The encrypted data may not be decrypted even if intercepted without the secure credential. The apparatus, system, and method enable secure communications from the human interface device.
摘要翻译：提供了一种从人机接口设备进行安全通信的装置，系统和方法。设备，系统和方法使用安全证书从输入数据接收输入数据并计算加密数据。在一个实施例中，装置，系统和方法请求并接收单个实例凭证并使用安全凭证和单个实例凭证来计算加密的数据。加密数据可以是对一次使用可能有效的安全授权。通过网络和通信设备进行加密数据的通信是安全的。即使在没有安全凭证的情况下被拦截，加密数据也可能不被解密。该装置，系统和方法能够实现来自人机接口装置的安全通信。

16. 发明申请

US20050129244A1 System and method for mitigating denial of service attacks on trusted platform 审中-公开
标题翻译：减轻受信任平台拒绝服务攻击的系统和方法
公开(公告)号：US20050129244A1
公开(公告)日：2005-06-16
申请号：US10736973
申请日：2003-12-16
申请人： Ryan Catherman , David Challener , James Hoff , Hernando Ovies
发明人： Ryan Catherman , David Challener , James Hoff , Hernando Ovies
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/50
摘要： Trusted platform module (TPM) keys are copied to a floppy diskette or fob that is external to the customer device in which the TPM resides, so that if the keys in TPM are zeroed as a result of, e.g., a malicious denial of service attack, they can be copied back from the diskette or fob.
摘要翻译：可信平台模块（TPM）密钥被复制到TPM所在的客户设备外部的软盘或小插件，以便如果TPM中的密钥由于例如恶意拒绝服务攻击而被归零，它们可以从软盘或Fob复制回来。

17. 发明申请

US20060133612A1 System and method of preventing alteration of data on a wireless device 有权
标题翻译：防止无线设备上的数据变更的系统和方法
公开(公告)号：US20060133612A1
公开(公告)日：2006-06-22
申请号：US11019040
申请日：2004-12-21
申请人： Scott Abedi , Roger Abrams , Ryan Catherman , James Hoff , James Rutledge
发明人： Scott Abedi , Roger Abrams , Ryan Catherman , James Hoff , James Rutledge
IPC分类号： H04K1/00
CPC分类号： H04K1/00
摘要： A system and method for securing data on a wireless device. A secured zone is defined by a boundary sensor. A data processing system is coupled to the boundary sensor and a wireless device. If the data processing system detects that the signal strength of the wireless device has fallen below a first predetermined value for longer than a second predetermined value, the data processing system deletes a digital certificate corresponding to the wireless device from memory. Thus, when the wireless device is reintroduced into the secured zone, in response to determining that a digital certificate corresponding to the wireless device is not stored in memory, the disabling module disables the wireless device from operation within the secured zone.
摘要翻译：一种用于在无线设备上保护数据的系统和方法。安全区域由边界传感器定义。数据处理系统耦合到边界传感器和无线设备。如果数据处理系统检测到无线设备的信号强度已经低于第一预定值长于第二预定值，则数据处理系统从存储器中删除对应于无线设备的数字证书。因此，当无线设备被重新引入安全区域时，响应于确定与无线设备相对应的数字证书没有被存储在存储器中，禁用模块禁止无线设备在安全区域内的操作。

18. 发明申请

US20050144477A1 Apparatus, system, and method for shared access to secure computing resources 审中-公开
标题翻译：用于共享访问安全计算资源的装置，系统和方法
公开(公告)号：US20050144477A1
公开(公告)日：2005-06-30
申请号：US10748056
申请日：2003-12-30
申请人： Charles Ball , Ryan Catherman , David Challener , James Hoff , James Ward
发明人： Charles Ball , Ryan Catherman , David Challener , James Hoff , James Ward
IPC分类号： G06F21/00 , H04L9/00 , H04L29/06
CPC分类号： H04L63/083 , G06F21/52 , G06F21/57 , G06F21/602 , G06F2221/2105
摘要： An apparatus, system, and method for shared access to secure computing resources are provided. The apparatus, system, and method include a secure computing module. The secure computing module transacts a secure function for two or more computing modules including an excluding computing module configured to exclusively access the secure computing module. The secure computing module identifies a first computing module transacting the secure function and sets the context of the secure computing module to the first computing module context. The first computing module transacts the secure function, but cannot transact the secure function for a second computing module. The second computing module may also transact the secure function, but may not transact the secure function for the first computing module.
摘要翻译：提供了一种用于共享访问安全计算资源的装置，系统和方法。装置，系统和方法包括安全计算模块。安全计算模块处理两个或多个计算模块的安全功能，包括被配置为独占地访问安全计算模块的排除计算模块。安全计算模块识别交易安全功能的第一计算模块，并将安全计算模块的上下文设置为第一计算模块上下文。第一个计算模块处理安全功能，但不能处理第二个计算模块的安全功能。第二计算模块还可以处理安全功能，但是可以不处理第一计算模块的安全功能。

19. 发明申请

US20050114686A1 System and method for multiple users to securely access encrypted data on computer system 审中-公开
标题翻译：多用户安全访问计算机系统上加密数据的系统和方法
公开(公告)号：US20050114686A1
公开(公告)日：2005-05-26
申请号：US10718786
申请日：2003-11-21
申请人： Charles Ball , Ryan Catherman , Philip Childs , James Hoff , Andy Trotter
发明人： Charles Ball , Ryan Catherman , Philip Childs , James Hoff , Andy Trotter
IPC分类号： G06F21/00 , H04L9/08 , H04L9/32
CPC分类号： G06F21/78 , G06F2221/2107 , H04L9/083 , H04L9/0894 , H04L9/14 , H04L9/3213
摘要： A method and system for encrypting non-volatile storage regions, such as volumes, accessible by multiple users. A plurality of non-volatile storage regions is encrypted each with a different encryption key. A subset of the encryption keys is made available to each user thereby granting the user access to a corresponding subset of non-volatile storage regions. To protect a user's encryption keys, a private-public encryption key pair is generated, the private key being made available only to that user. The subset of the user's encryption keys is encrypted using the user's public encryption key. The users' private keys can be stored in a secure encryption module and can be protected with a password. Upon authenticating a user, the corresponding encryption keys may be provided to the user after decrypting the encryption keys using the user's private key. The contents of the non-volatile storage regions are then decrypted using the encryption keys.
摘要翻译：用于加密多个用户可访问的非易失性存储区域（例如卷）的方法和系统。多个非易失性存储区域用不同的加密密钥加密。加密密钥的子集可用于每个用户，从而授予用户对非易失性存储区域的对应子集的访问。为了保护用户的加密密钥，生成私有 - 公共加密密钥对，私钥仅对该用户可用。用户的加密密钥的子集是使用用户的公开加密密钥加密的。用户的私钥可以存储在安全的加密模块中，并且可以用密码进行保护。在对用户进行认证之后，可以在使用用户的私钥解密加密密钥之后，向用户提供对应的加密密钥。然后使用加密密钥解密非易失性存储区域的内容。

20. 发明申请

US20070016801A1 Method, apparatus, and product for establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权
标题翻译：用于在可信计算平台中为动态生成的认可密钥建立虚拟背书凭证的方法，装置和产品
公开(公告)号：US20070016801A1
公开(公告)日：2007-01-18
申请号：US11179238
申请日：2005-07-12
申请人： Steven Bade , James Hoff , Siegfried Sutter , James Ward , Helmut Weber
发明人： Steven Bade , James Hoff , Siegfried Sutter , James Ward , Helmut Weber
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32 , G06F11/30
CPC分类号： G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要： A method, apparatus, and computer program product are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译：在用于建立虚拟背书凭证的数据处理系统中公开了一种方法，装置和计算机程序产品。数据处理系统包括硬件可信平台模块（TPM）。逻辑分区在系统中生成。为每个逻辑分区生成不同的虚拟TPM。对于逻辑分区中的每一个，为逻辑分区生成的虚拟TPM然后动态地生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。在数据处理系统内生成虚拟签注凭证，而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式