专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20050114686A1 System and method for multiple users to securely access encrypted data on computer system 审中-公开
标题翻译：多用户安全访问计算机系统上加密数据的系统和方法
公开(公告)号：US20050114686A1
公开(公告)日：2005-05-26
申请号：US10718786
申请日：2003-11-21
申请人： Charles Ball , Ryan Catherman , Philip Childs , James Hoff , Andy Trotter
发明人： Charles Ball , Ryan Catherman , Philip Childs , James Hoff , Andy Trotter
IPC分类号： G06F21/00 , H04L9/08 , H04L9/32
CPC分类号： G06F21/78 , G06F2221/2107 , H04L9/083 , H04L9/0894 , H04L9/14 , H04L9/3213
摘要： A method and system for encrypting non-volatile storage regions, such as volumes, accessible by multiple users. A plurality of non-volatile storage regions is encrypted each with a different encryption key. A subset of the encryption keys is made available to each user thereby granting the user access to a corresponding subset of non-volatile storage regions. To protect a user's encryption keys, a private-public encryption key pair is generated, the private key being made available only to that user. The subset of the user's encryption keys is encrypted using the user's public encryption key. The users' private keys can be stored in a secure encryption module and can be protected with a password. Upon authenticating a user, the corresponding encryption keys may be provided to the user after decrypting the encryption keys using the user's private key. The contents of the non-volatile storage regions are then decrypted using the encryption keys.
摘要翻译：用于加密多个用户可访问的非易失性存储区域（例如卷）的方法和系统。多个非易失性存储区域用不同的加密密钥加密。加密密钥的子集可用于每个用户，从而授予用户对非易失性存储区域的对应子集的访问。为了保护用户的加密密钥，生成私有 - 公共加密密钥对，私钥仅对该用户可用。用户的加密密钥的子集是使用用户的公开加密密钥加密的。用户的私钥可以存储在安全的加密模块中，并且可以用密码进行保护。在对用户进行认证之后，可以在使用用户的私钥解密加密密钥之后，向用户提供对应的加密密钥。然后使用加密密钥解密非易失性存储区域的内容。

2. 发明申请

US20060075223A1 Scalable paging of platform configuration registers 有权
标题翻译：平台配置寄存器的可扩展分页
公开(公告)号：US20060075223A1
公开(公告)日：2006-04-06
申请号：US10957545
申请日：2004-10-01
申请人： Steven Bade , Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人： Steven Bade , Charles Ball , Ryan Catherman , James Hoff , James Ward
IPC分类号： H04L9/00 , G06F12/14 , H04L9/32 , G06F11/30
CPC分类号： G06F21/57
摘要： A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.
摘要翻译：用于寻呼平台配置的方法，计算机程序和系统在可信平台模块内进出。在可信赖的计算平台中，可以通过寻呼获得无限数量的平台配置寄存器。信任平台模块对平台配置寄存器进行加密和解密，以便在可信平台模块之外进行存储。

3. 发明申请

US20050135626A1 Key cache management through multiple localities 有权
标题翻译：通过多个地方进行密钥缓存管理
公开(公告)号：US20050135626A1
公开(公告)日：2005-06-23
申请号：US10744441
申请日：2003-12-22
申请人： Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人： Charles Ball , Ryan Catherman , James Hoff , James Ward
IPC分类号： G06F21/24 , G06F15/00 , G06F21/22 , H04L9/08 , H04L9/00
CPC分类号： H04L9/0894
摘要： A method for a plurality of key cache managers for a plurality of localities to share cryptographic key storage resources of a security chip, includes: loading an application key into the key storage; and saving a restoration data for the application key by a key cache manager, where the restoration data can be used by the key cache manager to reload the application key into the key storage if the application key is evicted from the key storage by another key cache manager. The method allows each of a plurality of key cache managers to recognize that is key had been removed from the security chip and to restore its key. The method also allows each key cache manager to evict or destroy any key currently loaded on the security chip without affecting the functionality of other localities.
摘要翻译：一种用于多个地区的多个密钥高速缓存管理器用于共享安全芯片的加密密钥存储资源的方法，包括：将应用密钥加载到密钥存储器中; 并且由密钥高速缓存管理器保存应用密钥的恢复数据，其中如果应用密钥被另一个密钥高速缓存从密钥存储器中逐出，密钥高速缓存管理器可以使用恢复数据来将应用密钥重新加载到密钥存储器中经理。该方法允许多个密钥高速缓存管理器中的每一个识别已经从安全芯片中移除的密钥并恢复其密钥。该方法还允许每个密钥缓存管理器驱逐或销毁安全芯片上当前加载的任何密钥，而不影响其他地方的功能。

4. 发明申请

US20060005009A1 Method, system and program product for verifying an attribute of a computing device 审中-公开
标题翻译：用于验证计算设备的属性的方法，系统和程序产品
公开(公告)号：US20060005009A1
公开(公告)日：2006-01-05
申请号：US10881870
申请日：2004-06-30
申请人： Charles Ball , Ryan Catherman , James Hoff , James Ward
发明人： Charles Ball , Ryan Catherman , James Hoff , James Ward
IPC分类号： H04L9/00
CPC分类号： G06F21/57 , H04L9/321 , H04L2209/127 , H04L2209/80
摘要： A solution for verifying an attribute of a computing device. In particular, a computing device can obtain an attribute from another computing device. The attribute can be measure by, for example, a Trusted Platform Module integrated on the other computing device. The computing device can then use an attestation server to determine whether the attribute reflects a desirable value or indicates that the other computing device may have been compromised.
摘要翻译：用于验证计算设备的属性的解决方案。具体地，计算设备可以从另一计算设备获得属性。该属性可以通过例如集成在另一计算设备上的可信平台模块来测量。然后，计算设备可以使用认证服务器来确定属性是否反映了期望值，或者指示其他计算设备可能已被泄密。

5. 发明申请

US20050144477A1 Apparatus, system, and method for shared access to secure computing resources 审中-公开
标题翻译：用于共享访问安全计算资源的装置，系统和方法
公开(公告)号：US20050144477A1
公开(公告)日：2005-06-30
申请号：US10748056
申请日：2003-12-30
申请人： Charles Ball , Ryan Catherman , David Challener , James Hoff , James Ward
发明人： Charles Ball , Ryan Catherman , David Challener , James Hoff , James Ward
IPC分类号： G06F21/00 , H04L9/00 , H04L29/06
CPC分类号： H04L63/083 , G06F21/52 , G06F21/57 , G06F21/602 , G06F2221/2105
摘要： An apparatus, system, and method for shared access to secure computing resources are provided. The apparatus, system, and method include a secure computing module. The secure computing module transacts a secure function for two or more computing modules including an excluding computing module configured to exclusively access the secure computing module. The secure computing module identifies a first computing module transacting the secure function and sets the context of the secure computing module to the first computing module context. The first computing module transacts the secure function, but cannot transact the secure function for a second computing module. The second computing module may also transact the secure function, but may not transact the secure function for the first computing module.
摘要翻译：提供了一种用于共享访问安全计算资源的装置，系统和方法。装置，系统和方法包括安全计算模块。安全计算模块处理两个或多个计算模块的安全功能，包括被配置为独占地访问安全计算模块的排除计算模块。安全计算模块识别交易安全功能的第一计算模块，并将安全计算模块的上下文设置为第一计算模块上下文。第一个计算模块处理安全功能，但不能处理第二个计算模块的安全功能。第二计算模块还可以处理安全功能，但是可以不处理第一计算模块的安全功能。

6. 发明申请

US20060135121A1 System and method of securing data on a wireless device 审中-公开
标题翻译：在无线设备上保护数据的系统和方法
公开(公告)号：US20060135121A1
公开(公告)日：2006-06-22
申请号：US11018274
申请日：2004-12-21
申请人： Scott Abedi , Roger Abrams , Ryan Catherman , James Hoff , James Rutledge
发明人： Scott Abedi , Roger Abrams , Ryan Catherman , James Hoff , James Rutledge
IPC分类号： H04M1/66
CPC分类号： G06F21/57 , G06F21/51 , G06F2221/2111 , G06Q20/3224 , H04L63/107 , H04W12/00503 , H04W12/0802 , H04W12/1208 , H04W48/04
摘要： A system and method for securing data on a wireless device. A secured zone is defined by a boundary sensor. A data processing system is coupled to the boundary sensor and a wireless device. The data processing system includes a boundary controller for determining whether the wireless device has entered the secured zone. If the wireless device has entered the secured zone, a security controller queries the wireless device to determine whether the software stored on the wireless device has been subjected to unauthorized alteration. If the software has not been subjected to unauthorized alteration, the security controller enables the wireless device for operation within the secured zone.
摘要翻译：一种用于在无线设备上保护数据的系统和方法。安全区域由边界传感器定义。数据处理系统耦合到边界传感器和无线设备。数据处理系统包括用于确定无线设备是否已进入安全区域的边界控制器。如果无线设备已经进入安全区域，则安全控制器查询无线设备以确定存储在无线设备上的软件是否已经遭受未经授权的更改。如果软件未经过未经授权的更改，则安全控制器可使无线设备在安全区域内进行操作。

7. 发明申请

US20060101286A1 Theft deterrence using trusted platform module authorization 有权
公开(公告)号：US20060101286A1
公开(公告)日：2006-05-11
申请号：US10984400
申请日：2004-11-08
申请人： Ryan Catherman , David Challener , James Hoff , Joseph Pennisi , Randall Springfield
发明人： Ryan Catherman , David Challener , James Hoff , Joseph Pennisi , Randall Springfield
IPC分类号： G06F12/14
CPC分类号： G06F21/57 , G06F21/88
摘要： A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.

8. 发明申请

US20060230264A1 Backup restore in a corporate infrastructure 有权
标题翻译：企业基础架构中的备份还原
公开(公告)号：US20060230264A1
公开(公告)日：2006-10-12
申请号：US11101290
申请日：2005-04-07
申请人： Ryan Catherman , David Challener , Scott Elliott , James Hoff
发明人： Ryan Catherman , David Challener , Scott Elliott , James Hoff
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , G06F11/1446 , G06F21/6209 , H04L9/0822 , H04L2209/60 , H04L2463/062
摘要： A method and system for remotely storing a user's admin key to gain access to an intranet is presented. The user's admin key and intranet user identification (ID) are encrypted using an enterprise's public key, and together they are concatenated into a single backup admin file, which is stored in the user's client computer. If the user needs his admin file and is unable to access it in a backup client computer, he sends the encrypted backup admin file to a backup server and his unencrypted intranet user ID to an intranet authentication server. The backup server decrypts the user's single backup admin file to obtain the user's admin key and intranet user ID. If the unencrypted intranet user ID in the authentication server matches the decrypted intranet user ID in the backup server, then the backup server sends the backup client computer the decrypted admin key.
摘要翻译：介绍一种用于远程存储用户管理密钥以访问内联网的方法和系统。用户的管理密钥和内部网用户标识（ID）使用企业的公钥进行加密，并将它们并入一个备份管理文件，该文件存储在用户的客户端计算机中。如果用户需要他的管理员文件，并且无法在备份客户端计算机中访问它，则他将加密的备份管理文件发送到备份服务器，并将其未加密的内部网用户ID发送到内部网认证服务器。备份服务器解密用户的单备份管理文件，获取用户的管理密钥和内部网用户ID。如果身份验证服务器中未加密的Intranet用户ID与备份服务器中的解密内网用户ID匹配，则备份服务器将备份客户端计算机发送解密的管理密钥。

9. 发明申请

US20060026418A1 Method, apparatus, and product for providing a multi-tiered trust architecture 审中-公开
标题翻译：用于提供多层次信任架构的方法，设备和产品
公开(公告)号：US20060026418A1
公开(公告)日：2006-02-02
申请号：US10902669
申请日：2004-07-29
申请人： Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
发明人： Steven Bade , Ryan Catherman , James Hoff , Nia Kelley , Emily Ratliff
IPC分类号： H04L9/00
CPC分类号： H04L63/20 , G06F21/57 , H04L9/3247 , H04L63/102 , H04L2209/127 , H04L2209/805
摘要： A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system. The data processing system includes multiple different service processor-based hardware platforms. Multiple different trusted platform modules (TPMs) are provided in the data processing system. Each TPM provides trust services to only one of the service processor-based hardware platforms. Each TPM provides its trust services to only a portion of the entire data processing system.
摘要翻译：描述了用于在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品。数据处理系统包括多个不同的基于服务处理器的硬件平台。在数据处理系统中提供了多个不同的可信平台模块（TPM）。每个TPM仅向基于服务处理器的硬件平台之一提供信任服务。每个TPM仅向整个数据处理系统的一部分提供信任服务。

10. 发明申请

US20050246525A1 Method and system for hierarchical platform boot measurements in a trusted computing environment 失效
标题翻译：在可信计算环境中分层平台引导测量的方法和系统
公开(公告)号：US20050246525A1
公开(公告)日：2005-11-03
申请号：US10835503
申请日：2004-04-29
申请人： Steven Bade , Ryan Catherman , James Hoff , William Terrell
发明人： Steven Bade , Ryan Catherman , James Hoff , William Terrell
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： G06F21/57
摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.
摘要翻译：用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的同时允许其高度并行化的初始化过程进行。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式