会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • System and method for the offline development of passive simulation clients
    • 被动模拟客户端的离线开发系统和方法
    • US20070027669A1
    • 2007-02-01
    • US11181468
    • 2005-07-13
    • Anthony BybellKanna ShimizuKenneth Shiring
    • Anthony BybellKanna ShimizuKenneth Shiring
    • G06F9/45
    • G06F11/3457
    • An improved method and system for development of passive simulation clients includes: running a simulation by a simulator; storing at least a portion of information from the simulation; retrieving the stored information by a simulation proxy; and recreating the simulation by the simulation proxy based on the retrieved information. Full or relevant subset of machine states may be stored in a storage mechanism, which is accessed by the simulation client through the simulation proxy. During code development, instead of accessing the simulator directly, the simulation client code is provided a cycle by cycle view of the simulation model from the storage mechanism as recreated by the simulation proxy. In this manner, development time is quicker as a full simulation environment need not be loaded and run. In addition, machine resources required during client development are reduced drastically.
    • 一种用于开发被动仿真客户端的改进方法和系统包括:通过仿真器运行仿真; 存储来自模拟的信息的至少一部分; 通过模拟代理检索存储的信息; 并基于检索到的信息,通过仿真代理重建仿真。 机器状态的全部或相关子集可以存储在由模拟客户端通过仿真代理访问的存储机制中。 在代码开发过程中,代替直接访问模拟器,仿真客户端代码是从模拟代理重新创建的存储机制中提供的模拟模型的逐周期视图。 以这种方式,开发时间更快,因为不需要加载和运行完整的仿真环境。 此外,在客户开发过程中所需的机器资源大幅减少。
    • 3. 发明申请
    • Updateable Secure Kernel Extensions
    • 可更新的安全内核扩展
    • US20080301440A1
    • 2008-12-04
    • US11754658
    • 2007-05-29
    • Wilfred E. Plouffe, JR.Kanna ShimizuVladimir Zbarsky
    • Wilfred E. Plouffe, JR.Kanna ShimizuVladimir Zbarsky
    • H04L9/00
    • G06F21/575G06F21/51G06F2221/2143
    • A method, computer program product, and data processing system for providing an updateable encrypted operating kernel are disclosed. In a preferred embodiment, secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.
    • 公开了一种用于提供可更新的加密操作内核的方法,计算机程序产品和数据处理系统。 在优选实施例中,安全初始化硬件将包含敏感部分的数据和/或代码的最小安全内核解密成可执行内核的处理器可访问存储器空间的一部分。 大多数系统软件功能并不直接得到安全内核的支持,而是由使用公钥加密的动态加载内核扩展提供,以便只能使用安全内核拥有的私有密钥进行解密。 公钥/私钥对是处理器特定的。 在将控件传递给内核扩展之前,安全内核将删除其敏感部分的一个子集,只保留执行委托给内核扩展的任务所需的敏感部分。 保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。
    • 4. 发明申请
    • System and Method for Securely Saving a Program Context to a Shared Memory
    • 将程序上下文安全地保存到共享内存的系统和方法
    • US20080066074A1
    • 2008-03-13
    • US11530937
    • 2006-09-12
    • Mark Richard NutterKanna Shimizu
    • Mark Richard NutterKanna Shimizu
    • G06F9/46
    • G06F21/71G06F21/52G06F2221/2105
    • A system, method and program product for securely saving a program context to a shared memory is presented. A secured program running on an special purpose processor core running in isolation mode is interrupted. The isolated special purpose processor core is included in a heterogeneous processing environment, that includes purpose processors and general purpose processor cores that each access a shared memory. In isolation mode, the special purpose processor core's local memory is inaccessible from the other heterogeneous processors. The secured program's context is securely saved to the shared memory using a random persistent security data. The lines of code stored in the isolated special purpose processor core's local memory are read along with data values, such as register settings, set by the secured program. The lines of code and data values are encrypted using the persistent security data, and the encrypted code lines and data values are stored in the shared memory.
    • 提出了一种用于将程序上下文安全地保存到共享存储器的系统,方法和程序产品。 在隔离模式下运行的专用处理器核心上运行的安全程序被中断。 独立的专用处理器核心包含在异构处理环境中,其中包括各自访问共享内存的目标处理器和通用处理器内核。 在隔离模式下,专用处理器核心的本地内存无法从其他异构处理器访问。 使用随机持久的安全性数据将安全程序的上下文安全地保存到共享内存中。 存储在隔离专用处理器核心的本地存储器中的代码行与安全程序设置的数据值(如寄存器设置)一起读取。 使用持久的安全数据对代码和数据值的行进行加密,并将加密的代码行和数据值存储在共享存储器中。
    • 5. 发明授权
    • Application-specific secret generation
    • 特定于应用程序的秘密生成
    • US08422674B2
    • 2013-04-16
    • US11754667
    • 2007-05-29
    • Masana MuraseWilfred E. Plouffe, Jr.Kanna ShimizuVladimir Zbarsky
    • Masana MuraseWilfred E. Plouffe, Jr.Kanna ShimizuVladimir Zbarsky
    • H04L9/00H04L29/06H04L9/28G06F9/24G06F12/14G06F7/04G08B29/00H04K1/00
    • G06F21/52
    • A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
    • 一种用于保护敏感程序代码和数据(包括永久存储的数据)的未经授权的访问的方法,计算机程序产品和数据处理系统。 专用硬件将加密的内核解密为内存以供执行。 当应用程序被执行时,内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。 内核然后删除其秘密信息,并将计算的秘密传递给应用程序。 为了将数据永久存储在内存中,应用程序使用计算的秘密之一在存储之前对数据进行加密。 如果内核启动同一应用程序的另一个实例,内核(将被重新解密以恢复内核的秘密)将计算相同的一个或多个秘密,从而允许第二个应用程序实例访问由第一个 应用程序实例。
    • 6. 发明授权
    • System and method for securely saving a program context to a shared memory
    • 用于将程序上下文安全地保存到共享存储器的系统和方法
    • US08095802B2
    • 2012-01-10
    • US11530937
    • 2006-09-12
    • Mark Richard NutterKanna Shimizu
    • Mark Richard NutterKanna Shimizu
    • G06F12/14
    • G06F21/71G06F21/52G06F2221/2105
    • A system, method and program product for securely saving a program context to a shared memory is presented. A secured program running on an special purpose processor core running in isolation mode is interrupted. The isolated special purpose processor core is included in a heterogeneous processing environment, that includes purpose processors and general purpose processor cores that each access a shared memory. In isolation mode, the special purpose processor core's local memory is inaccessible from the other heterogeneous processors. The secured program's context is securely saved to the shared memory using a random persistent security data. The lines of code stored in the isolated special purpose processor core's local memory are read along with data values, such as register settings, set by the secured program. The lines of code and data values are encrypted using the persistent security data, and the encrypted code lines and data values are stored in the shared memory.
    • 提出了一种用于将程序上下文安全地保存到共享存储器的系统,方法和程序产品。 在隔离模式下运行的专用处理器核心上运行的安全程序被中断。 独立的专用处理器核心包含在异构处理环境中,其中包括各自访问共享内存的目标处理器和通用处理器内核。 在隔离模式下,专用处理器核心的本地内存无法从其他异构处理器访问。 使用随机持久的安全性数据将安全程序的上下文安全地保存到共享内存中。 存储在隔离专用处理器核心的本地存储器中的代码行与安全程序设置的数据值(如寄存器设置)一起读取。 使用持久的安全数据对代码和数据值的行进行加密,并将加密的代码行和数据值存储在共享存储器中。
    • 7. 发明申请
    • System and Method for Securely Saving and Restoring a Context of a Secure Program Loader
    • 用于安全地保存和恢复安全程序加载程序上下文的系统和方法
    • US20080066075A1
    • 2008-03-13
    • US11530942
    • 2006-09-12
    • Mark Richard NutterKanna Shimizu
    • Mark Richard NutterKanna Shimizu
    • G06F9/46
    • G06F9/485
    • A system, method and program product that securely saves and restores the context of a secure program loader is presented. An interrupt is sent to a secured program running on an special purpose processor core that is running in isolation mode. The special purpose processor core is included in a heterogeneous processing environment that includes the special purpose processor cores (including the isolated special purpose processor core), and one or more general purpose processors. Each of the processors can access a shared memory. The isolated special purpose processor core includes a local memory that is inaccessible from the other processors. The system encrypts the secured program's context using a randomly generated encryption key and stores the context in the shared memory. A secure loader's context is updated with the generated encryption key and then the secure loader's context is saved to the shared memory.
    • 提出了安全地保存和恢复安全程序加载程序的上下文的系统,方法和程序产品。 中断发送到运行在隔离模式下的专用处理器核心上的安全程序。 专用处理器核心包括在异构处理环境中,包括专用处理器内核(包括隔离专用处理器内核)和一个或多个通用处理器。 每个处理器都可以访问共享内存。 隔离的专用处理器核心包括不能从其他处理器访问的本地存储器。 系统使用随机生成的加密密钥对安全程序的上下文进行加密,并将上下文存储在共享存储器中。 使用生成的加密密钥更新安全加载程序的上下文,然后将安全加载程序的上下文保存到共享内存。
    • 8. 发明申请
    • System and Method for Securely Restoring a Program Context from a Shared Memory
    • 从共享内存中安全地恢复程序上下文的系统和方法
    • US20080065907A1
    • 2008-03-13
    • US11530933
    • 2006-09-12
    • Mark Richard NutterKanna Shimizu
    • Mark Richard NutterKanna Shimizu
    • H04L9/00H04L9/32G06F12/14G06F11/30
    • G06F9/461G06F21/52G06F21/74
    • A system and method for securely restoring software program context is presented. A special purpose processor core is included in a heterogeneous processing environment where each processor can access a shared memory. The isolated special purpose processor core includes an isolated local memory. The isolated special purpose processor core receives an identifier corresponding to the secured program. The identifier is used to read an encrypted context of the secured program from the shared memory. The encrypted context is decrypted using an encryption key. The decrypted context is stored in the isolated special purpose processor core's local memory. The secured program's context integrity is verified by using a persistent security data that is retrieved from a secure location, such as a persistent storage register that can only be accessed when the special purpose processor core is running in isolation mode. If the context is verified, the secured program is executed.
    • 提出了一种安全恢复软件程序环境的系统和方法。 专用处理器核心包含在异构处理环境中,每个处理器可以访问共享内存。 隔离的专用处理器内核包括一个隔离的本地存储器。 隔离的专用处理器核心接收对应于安全程序的标识符。 标识符用于从共享存储器读取加密程序的加密上下文。 使用加密密钥对加密的上下文进行解密。 解密的上下文存储在隔离的专用处理器核心的本地存储器中。 安全程序的上下文完整性通过使用从安全位置检索的持久性安全数据(例如只有专用处理器内核以隔离模式运行时才能访问的持久存储寄存器)来验证。 如果上下文被验证,则执行安全程序。
    • 9. 发明授权
    • Cryptographically-enabled privileged mode execution
    • 密码学启用特权模式执行
    • US08433927B2
    • 2013-04-30
    • US11754678
    • 2007-05-29
    • Wilfred E. Plouffe, Jr.Kanna Shimizu
    • Wilfred E. Plouffe, Jr.Kanna Shimizu
    • G06F12/14G06F9/24G06F7/04H04L29/06H04L9/28G08B29/00H04K1/00
    • G06F12/1458G06F21/51G06F21/572G06F21/74
    • A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access.
    • 公开了一种方法,计算机程序产品和数据处理系统,用于在不受保护故障检测的存储器空间中保护敏感程序代码(以及数据)免于未经授权的访问。 在优选实施例中,安全初始化硬件将敏感代码从仅可访问安全初始化硬件本身的存储位置加载,并将敏感代码解密为可执行代码的处理器可访问存储器空间的一部分。 一旦敏感代码的执行完成,则在将控制传递给应用软件之前,所有或至少一部分代码被删除。 如果应用软件需要执行敏感代码,则激活安全初始化硬件,将敏感代码的新鲜副本重新加载/解密到存储器空间中,并使代码被执行。 在控制返回到应用软件之前,敏感代码将被重新删除,以防止未经授权的访问。