专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

81. 发明申请

US20050144448A1 Transferring application secrets in a trusted operating system environment 有权
公开(公告)号：US20050144448A1
公开(公告)日：2005-06-30
申请号：US11068007
申请日：2005-02-28
申请人： Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
发明人： Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/57 , G06F21/606
摘要： Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

82. 发明申请

US20050144447A1 Transferring application secrets in a trusted operating system environment 有权
标题翻译：在受信任的操作系统环境中传送应用程序秘密
公开(公告)号：US20050144447A1
公开(公告)日：2005-06-30
申请号：US11068006
申请日：2005-02-28
申请人： Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
发明人： Paul England , Marcus Peinado , Daniel Simon , Josh Benaloh
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/57 , G06F21/606
摘要： Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
摘要翻译：在受信任的操作系统环境中传送应用程序秘密涉及接收将应用数据从源计算设备传送到目的地计算设备的请求。检查应用数据是否可以传送到目的地计算设备，如果是，可以在用户或第三方的控制下传送应用数据。如果这些检查成功，还要检查目的地计算设备是否是运行已知可靠软件的值得信赖的设备。还从适当的用户或第三方接收输入以控制将应用数据传送到目的地计算设备。此外，应用数据以便于确定是否可以传送应用数据的方式存储在源计算设备上，并且如果可以传送应用数据便于传送应用数据。

83. 发明申请

US20050010818A1 Communication of information via a side-band channel, and use of same to verify positional relationship 失效
标题翻译：通过边带通道进行信息通信，并使用它来验证位置关系
公开(公告)号：US20050010818A1
公开(公告)日：2005-01-13
申请号：US10759325
申请日：2004-01-16
申请人： John Paff , Marcus Peinado , Thekkthalackal Kurien , Bryan Willman , Paul England , Andrew Thornton
发明人： John Paff , Marcus Peinado , Thekkthalackal Kurien , Bryan Willman , Paul England , Andrew Thornton
IPC分类号： G06F3/00 , G06F1/00 , G06F13/38 , H04L9/00 , H04Q1/30
CPC分类号： G06F21/606 , G06F21/85
摘要： The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.
摘要翻译：本发明提供计算机系统中的组件之间的可靠的边带通信，从而可以避免使用系统总线。两个组件可以通过除总线（例如，红外线端口，电线，未使用的引脚等）之外的方式连接，由此这些组件可以在不使用系统总线的情况下进行通信。非总线通信信道可以被称为“边带”。边带频道可以用于传达可能识别用户硬件（例如，公共密钥）的信息或用户可能不希望容易被公众容易地截获的其他信息。通过边带信道的通信也可以用于验证通信中的参与者在彼此之间的定义的位置关系内。

84. 发明授权

US08738890B2 Coupled symbiotic operating system 有权
标题翻译：耦合共生操作系统
公开(公告)号：US08738890B2
公开(公告)日：2014-05-27
申请号：US13178908
申请日：2011-07-08
申请人： Paul England , Jork Loeser , Luis Irun-Briz
发明人： Paul England , Jork Loeser , Luis Irun-Briz
IPC分类号： G06F9/52 , G06F12/08
CPC分类号： G06F12/1036 , G06F9/545 , G06F12/109 , G06F2212/656
摘要： A single application can be executed across multiple execution environments in an efficient manner if at least a relevant portion of the virtual memory assigned to the application was equally accessible by each of the multiple execution environments. A request by a process in one execution environment can, thereby, be directed to an operating system, or other core software, in another execution environment and can be made by a shadow of the requesting process in the same manner as the original request was made by the requesting process itself. Because of the memory invariance between the execution environments, the results of the request will be equally accessible to the original requesting process even though the underlying software that responded to the request may be executing in a different execution environment. A similar thread invariance can be maintained to provide for accurate translation of requests between execution environments.
摘要翻译：如果分配给应用的虚拟存储器的至少相关部分可以被多个执行环境中的每个执行环境同等地访问，则可以以有效的方式在多个执行环境中执行单个应用。一个执行环境中的进程的请求可以由此被引导到另一执行环境中的操作系统或其他核心软件，并且可以以与原始请求相同的方式通过请求进程的阴影来进行通过请求过程本身。由于执行环境之间的内存不变性，即使响应请求的底层软件可能在不同的执行环境中执行，原始请求进程的请求结果也可以同样访问。可以维护类似的线程不变性，以便在执行环境之间提供精确的请求转换。

85. 发明授权

US08619971B2 Local secure service partitions for operating system security 有权
标题翻译：用于操作系统安全的本地安全服务分区
公开(公告)号：US08619971B2
公开(公告)日：2013-12-31
申请号：US11097697
申请日：2005-04-01
申请人： Thekkthalackal Varugis Kurien , Paul England , Ravindra Nath Pandya , Niels Ferguson
发明人： Thekkthalackal Varugis Kurien , Paul England , Ravindra Nath Pandya , Niels Ferguson
IPC分类号： H04K1/04 , H04K1/06
CPC分类号： G06F21/57 , G06F9/5077 , G06F2221/2149
摘要： Systems and methods provide multiple partitions hosted on an isolation technology such as a hypervisor where at least one of the partitions, a local secure service partition (LSSP), provides security services to other partitions. The service partitions (LSSPs) host those high assurance services that require strict security isolation, where the service can be shared across partitions and accessed even when the user is not connected to a network. The LSSP also can certify the results of any computation using a key signed by a TPM attestation identity key (AIK), or other key held securely by the hypervisor or a service partition. The LSSPs may be configured to provide trusted audit logs, trusted security scans, trusted cryptographic services, trusted compilation and testing, trusted logon services, and the like.
摘要翻译：系统和方法提供了诸如管理程序之类的隔离技术上托管的多个分区，其中至少一个分区本地安全服务分区（LSSP）为其他分区提供安全服务。服务分区（LSSP）承载需要严格安全隔离的高保证服务，即使在用户未连接到网络时，也可以跨分区共享服务并进行访问。 LSSP还可以使用由TPM认证身份密钥（AIK）签名的密钥或由管理程序或服务分区安全地保存的其他密钥来证明任何计算的结果。可以将LSSP配置为提供可信的审核日志，可信的安全扫描，可信密码服务，可信的编译和测试，可信登录服务等。

86. 发明授权

US08352740B2 Secure execution environment on external device 有权
标题翻译：外部设备上的安全执行环境
公开(公告)号：US08352740B2
公开(公告)日：2013-01-08
申请号：US12125929
申请日：2008-05-23
申请人： Paul England
发明人： Paul England
IPC分类号： G06F21/00
CPC分类号： H04L9/0897 , H04L9/3234 , H04L9/3263 , H04L9/3271 , H04L2209/76
摘要： A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM.
摘要翻译：诸如智能卡的设备可以被外部连接到主机平台，并且可以用于增强或扩展由主机平台的可信平台模块（TPM）提供的安全服务。设备和平台交换密钥，以便于设备对平台的可靠识别，反之亦然，并支持加密隧道。主机上的代理组件可以在平台和设备之间隧道传输信息，还可以让设备访问TPM的服务，如密封和认证。该设备可以向平台提供安全服务，并且可以在诸如通过交换的密钥确认平台的身份或由TPM报告的平台状态测量的条件下对这些服务的提供进行调节。

87. 发明申请

US20110307888A1 PROTECTION OF VIRTUAL MACHINES EXECUTING ON A HOST DEVICE 有权
标题翻译：在主机设备上执行虚拟机的保护
公开(公告)号：US20110307888A1
公开(公告)日：2011-12-15
申请号：US12815415
申请日：2010-06-15
申请人： Himanshu Raj , Paul England
发明人： Himanshu Raj , Paul England
IPC分类号： G06F9/455 , G06F12/02 , G06F12/00
CPC分类号： G06F21/74 , G06F9/45558 , G06F2009/45587
摘要： Technology is described for protection of virtual machines executing on a host device having host processors and host memory. The system can include a hypervisor configured to enable the virtual machines to execute concurrently on the host device. An emancipated partition can be provided with a communication channel to the hypervisor. A primary partition can be configured to interface with the emancipated partition through the communication channel via the hypervisor. In addition, an emancipated memory space and virtual register state for the emancipated partition can be protected from direct access by the primary partition.
摘要翻译：描述了用于保护在具有主机处理器和主机存储器的主机设备上执行的虚拟机的技术。该系统可以包括配置为使虚拟机能够在主机设备上同时执行的管理程序。可以向解放的分区提供与管理程序的通信信道。主分区可以配置为通过管理程序通过通信通道与解放的分区进行接口。此外，解放的分区的解放存储空间和虚拟寄存器状态可以被保护免受主分区的直接访问。

88. 发明申请

US20090292919A1 SECURE EXECUTION ENVIRONMENT ON EXTERNAL DEVICE 有权
标题翻译：外部设备安全执行环境
公开(公告)号：US20090292919A1
公开(公告)日：2009-11-26
申请号：US12125929
申请日：2008-05-23
申请人： Paul England
发明人： Paul England
IPC分类号： H04L9/32
CPC分类号： H04L9/0897 , H04L9/3234 , H04L9/3263 , H04L9/3271 , H04L2209/76
摘要： A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM.
摘要翻译：诸如智能卡的设备可以被外部连接到主机平台，并且可以用于增强或扩展由主机平台的可信平台模块（TPM）提供的安全服务。设备和平台交换密钥，以便于设备对平台的可靠识别，反之亦然，并支持加密隧道。主机上的代理组件可以在平台和设备之间隧道传输信息，还可以让设备访问TPM的服务，如密封和认证。该设备可以向平台提供安全服务，并且可以在诸如通过交换的密钥确认平台的身份或由TPM报告的平台状态测量的条件下对这些服务的提供进行调节。

89. 发明授权

US07580526B2 Methods and apparatus for protecting signals transmitted between a source and destination device over multiple signals lines 失效
标题翻译：用于保护在多个信号线上在源和目的地设备之间传输的信号的方法和装置
公开(公告)号：US07580526B2
公开(公告)日：2009-08-25
申请号：US11134111
申请日：2005-05-20
申请人： Paul England , Andrew D. Rosen , Yacov Yacobi , Gideon A. Yuval
发明人： Paul England , Andrew D. Rosen , Yacov Yacobi , Gideon A. Yuval
IPC分类号： H04K1/00 , H04N7/167
CPC分类号： H04N9/641 , H04N5/765 , H04N5/775 , H04N5/913 , H04N7/163 , H04N7/1675 , H04N9/8042 , H04N21/2541 , H04N21/4122 , H04N21/4367 , H04N21/835 , H04N2005/91328 , H04N2005/91364
摘要： Methods and apparatus for protecting copyrighted information, e.g., video signals, from unauthorized use are described. Encrypted video signals are transmitted from a source device, e.g., display adapter, to a display device, e.g., monitor, over analog signal lines after the identity of the destination device is confirmed by receipt of a certificate assigned to the destination device. A session key, used for encrypting the analog signals, is generated and exchanged between the source and destination devices. The source and destination devices each include a pseudo-random number generator driven by the session key. As part of the encryption process a false video signal is generated. The false video signal and R, G, B video signals are transmitted to the display device over four lines. The lines used to transmit the R, G, B and false video signals are periodically swapped as a function of the output of the pseudo random number generator to encrypt, e.g., scramble, the video signals. To avoid having to provide an additional line between the display adapter and the display device beyond those used in conventional displays, horizontal synchronization information is combined with, e.g., modulated on, one or more of the other signals transmitted to the display. The horizontal sync line is then used to convey one of the four video signals. The display device extracts the horizontal timing information from the received video signals and decrypts the signals using the output of its pseudo random number generator to reverse the scrambling process used to encrypt the transmitted video signals.
摘要翻译：描述用于保护未经授权的使用的受版权保护的信息（例如，视频信号）的方法和装置。在通过接收到分配给目的地设备的证书来确认目的地设备的身份之后，加密的视频信号通过模拟信号线从源设备（例如，显示适配器）发送到显示设备，例如监视器。用于加密模拟信号的会话密钥在源设备和目的设备之间生成和交换。源和目的地设备每个都包括由会话密钥驱动的伪随机数发生器。作为加密处理的一部分，生成假视频信号。伪视频信号和R，G，B视频信号通过四行传输到显示设备。用于传输R，G，B和假视频信号的线路作为伪随机数发生器的输出的周期性交换，以加密（例如）加扰视频信号。为了避免在显示适配器和显示设备之间提供除了传统显示器中使用的显示适配器和显示设备之外的附加线路，水平同步信息与例如调制在传输到显示器的其它信号中的一个或多个相结合。然后，水平同步线用于传送四个视频信号中的一个。显示装置从接收到的视频信号中提取水平定时信息，并使用其伪随机数发生器的输出对信号进行解密，以反转用于加密所发送的视频信号的加扰处理。

90. 发明授权

US07457412B2 System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权
标题翻译：将操作系统认证到中央处理单元的系统和方法，向CPU / OS提供安全存储，并将CPU / OS认证给第三方
公开(公告)号：US07457412B2
公开(公告)日：2008-11-25
申请号：US11615266
申请日：2006-12-22
申请人： Paul England , Butler W. Lampson , John D. DeTreville
发明人： Paul England , Butler W. Lampson , John D. DeTreville
IPC分类号： H04L9/00
CPC分类号： G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要： In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.
摘要翻译：根据某些方面，计算机系统具有中央处理单元（CPU）和操作系统（OS），所述CPU具有一对专用和公共密钥以及保存操作系统的身份的软件身份寄存器。创建一个OS证书，包括软件身份登记器的身份，描述操作系统的信息和CPU公钥。创建的OS证书使用CPU私钥进行签名。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式