专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08438658B2 Providing sealed storage in a data processing device 失效
标题翻译：在数据处理设备中提供密封存储
公开(公告)号：US08438658B2
公开(公告)日：2013-05-07
申请号：US11345923
申请日：2006-02-02
申请人： H. Peter Hofstee , Kanna Shimizu
发明人： H. Peter Hofstee , Kanna Shimizu
IPC分类号： G06F17/30 , G06F7/04 , H04N7/16
CPC分类号： G06F21/57 , G06F21/6227 , G06Q20/3674 , H04L9/0897 , H04L9/32 , H04L2209/80
摘要： Mechanisms that provide a sealed storage in a data processing device are provided. Processors of the data processing device may operate in a hardware isolation mode which allows a process to execute in an isolated environment on a processor and associated memory thereby being protected from access by other elements of the data processing device. In addition, a hardware controlled authentication and decryption mechanism is provided that is based on a hardware core key. These two features are tied together such that authentication occurs every time the isolation mode is entered. Based on the core key, which is only accessible from the hardware when in isolation mode, a chain of trust is generated by providing authentication keys for authenticating a next piece of software in the chain, in each piece of software that must be loaded, starting with the core key.
摘要翻译：提供了在数据处理设备中提供密封存储的机制。数据处理设备的处理器可以以硬件隔离模式操作，其允许过程在处理器和相关联的存储器上的隔离环境中执行，从而被数据处理设备的其他元件保护免受其访问。另外，提供了基于硬件核心密钥的硬件控制的认证和解密机制。这两个功能被绑在一起，以便每次输入隔离模式时都会进行身份验证。基于核心密钥，只有在隔离模式下才可以从硬件访问，通过提供用于认证链中的下一个软件的认证密钥，在必须加载的每个软件中，产生一个信任链，启动与核心关键。

2. 发明授权

US07886162B2 Cryptographic secure program overlays 有权
标题翻译：加密安全程序覆盖
公开(公告)号：US07886162B2
公开(公告)日：2011-02-08
申请号：US11754649
申请日：2007-05-29
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Masaharu Sakamoto , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Masaharu Sakamoto , Vladimir Zbarsky
IPC分类号： G06F12/14 , G06F9/24 , G06F7/04 , H04L29/06 , H04L9/28 , G08B29/00 , H04K1/00
CPC分类号： G06F12/1458 , G06F21/52 , G06F21/575 , G06F21/79 , G06F2221/2143
摘要： A method, computer program product, and data processing system for executing larger-than-physical-memory applications while protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault or page fault detection are disclosed. Large applications are accommodated by providing a mechanism for secure program overlays, in which a single large application is broken into two or more smaller applications (overlays) that can be executed from the same memory space by overwriting one of the smaller applications with another of the smaller applications when the latter needs to be executed. So that the data may be shared among these smaller applications, each of the applications contains embedded cryptographic keys, which may be used to encrypt or decrypt information to be stored persistently while control is transferred from one application to the other.
摘要翻译：公开了一种用于执行大于物理存储器应用的方法，计算机程序产品和数据处理系统，同时在不受保护故障或页面故障检测的存储器空间中保护敏感程序代码（以及数据）以防未经授权的访问。通过提供用于安全程序覆盖的机制来容纳大的应用程序，其中单个大型应用程序被分解成可以从相同存储器空间执行的两个或更多个更小的应用程序（覆盖层），通过用另一个较小的应用程序，当后者需要执行。为了使数据可以在这些较小的应用程序之间共享，每个应用程序都包含嵌入式加密密钥，这些密钥可用于加密或解密持续存储的信息，同时控制从一个应用程序传输到另一个应用程序。

3. 发明申请

US20080301440A1 Updateable Secure Kernel Extensions 有权
标题翻译：可更新的安全内核扩展
公开(公告)号：US20080301440A1
公开(公告)日：2008-12-04
申请号：US11754658
申请日：2007-05-29
申请人： Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
发明人： Wilfred E. Plouffe, JR. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： H04L9/00
CPC分类号： G06F21/575 , G06F21/51 , G06F2221/2143
摘要： A method, computer program product, and data processing system for providing an updateable encrypted operating kernel are disclosed. In a preferred embodiment, secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.
摘要翻译：公开了一种用于提供可更新的加密操作内核的方法，计算机程序产品和数据处理系统。在优选实施例中，安全初始化硬件将包含敏感部分的数据和/或代码的最小安全内核解密成可执行内核的处理器可访问存储器空间的一部分。大多数系统软件功能并不直接得到安全内核的支持，而是由使用公钥加密的动态加载内核扩展提供，以便只能使用安全内核拥有的私有密钥进行解密。公钥/私钥对是处理器特定的。在将控件传递给内核扩展之前，安全内核将删除其敏感部分的一个子集，只保留执行委托给内核扩展的任务所需的敏感部分。保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。

4. 发明申请

US20080066074A1 System and Method for Securely Saving a Program Context to a Shared Memory 有权
标题翻译：将程序上下文安全地保存到共享内存的系统和方法
公开(公告)号：US20080066074A1
公开(公告)日：2008-03-13
申请号：US11530937
申请日：2006-09-12
申请人： Mark Richard Nutter , Kanna Shimizu
发明人： Mark Richard Nutter , Kanna Shimizu
IPC分类号： G06F9/46
CPC分类号： G06F21/71 , G06F21/52 , G06F2221/2105
摘要： A system, method and program product for securely saving a program context to a shared memory is presented. A secured program running on an special purpose processor core running in isolation mode is interrupted. The isolated special purpose processor core is included in a heterogeneous processing environment, that includes purpose processors and general purpose processor cores that each access a shared memory. In isolation mode, the special purpose processor core's local memory is inaccessible from the other heterogeneous processors. The secured program's context is securely saved to the shared memory using a random persistent security data. The lines of code stored in the isolated special purpose processor core's local memory are read along with data values, such as register settings, set by the secured program. The lines of code and data values are encrypted using the persistent security data, and the encrypted code lines and data values are stored in the shared memory.
摘要翻译：提出了一种用于将程序上下文安全地保存到共享存储器的系统，方法和程序产品。在隔离模式下运行的专用处理器核心上运行的安全程序被中断。独立的专用处理器核心包含在异构处理环境中，其中包括各自访问共享内存的目标处理器和通用处理器内核。在隔离模式下，专用处理器核心的本地内存无法从其他异构处理器访问。使用随机持久的安全性数据将安全程序的上下文安全地保存到共享内存中。存储在隔离专用处理器核心的本地存储器中的代码行与安全程序设置的数据值（如寄存器设置）一起读取。使用持久的安全数据对代码和数据值的行进行加密，并将加密的代码行和数据值存储在共享存储器中。

5. 发明授权

US08422674B2 Application-specific secret generation 有权
标题翻译：特定于应用程序的秘密生成
公开(公告)号：US08422674B2
公开(公告)日：2013-04-16
申请号：US11754667
申请日：2007-05-29
申请人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
发明人： Masana Murase , Wilfred E. Plouffe, Jr. , Kanna Shimizu , Vladimir Zbarsky
IPC分类号： H04L9/00 , H04L29/06 , H04L9/28 , G06F9/24 , G06F12/14 , G06F7/04 , G08B29/00 , H04K1/00
CPC分类号： G06F21/52
摘要： A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
摘要翻译：一种用于保护敏感程序代码和数据（包括永久存储的数据）的未经授权的访问的方法，计算机程序产品和数据处理系统。专用硬件将加密的内核解密为内存以供执行。当应用程序被执行时，内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。内核然后删除其秘密信息，并将计算的秘密传递给应用程序。为了将数据永久存储在内存中，应用程序使用计算的秘密之一在存储之前对数据进行加密。如果内核启动同一应用程序的另一个实例，内核（将被重新解密以恢复内核的秘密）将计算相同的一个或多个秘密，从而允许第二个应用程序实例访问由第一个应用程序实例。

6. 发明授权

US08095802B2 System and method for securely saving a program context to a shared memory 有权
标题翻译：用于将程序上下文安全地保存到共享存储器的系统和方法
公开(公告)号：US08095802B2
公开(公告)日：2012-01-10
申请号：US11530937
申请日：2006-09-12
申请人： Mark Richard Nutter , Kanna Shimizu
发明人： Mark Richard Nutter , Kanna Shimizu
IPC分类号： G06F12/14
CPC分类号： G06F21/71 , G06F21/52 , G06F2221/2105
摘要： A system, method and program product for securely saving a program context to a shared memory is presented. A secured program running on an special purpose processor core running in isolation mode is interrupted. The isolated special purpose processor core is included in a heterogeneous processing environment, that includes purpose processors and general purpose processor cores that each access a shared memory. In isolation mode, the special purpose processor core's local memory is inaccessible from the other heterogeneous processors. The secured program's context is securely saved to the shared memory using a random persistent security data. The lines of code stored in the isolated special purpose processor core's local memory are read along with data values, such as register settings, set by the secured program. The lines of code and data values are encrypted using the persistent security data, and the encrypted code lines and data values are stored in the shared memory.
摘要翻译：提出了一种用于将程序上下文安全地保存到共享存储器的系统，方法和程序产品。在隔离模式下运行的专用处理器核心上运行的安全程序被中断。独立的专用处理器核心包含在异构处理环境中，其中包括各自访问共享内存的目标处理器和通用处理器内核。在隔离模式下，专用处理器核心的本地内存无法从其他异构处理器访问。使用随机持久的安全性数据将安全程序的上下文安全地保存到共享内存中。存储在隔离专用处理器核心的本地存储器中的代码行与安全程序设置的数据值（如寄存器设置）一起读取。使用持久的安全数据对代码和数据值的行进行加密，并将加密的代码行和数据值存储在共享存储器中。

7. 发明申请

US20080066075A1 System and Method for Securely Saving and Restoring a Context of a Secure Program Loader 有权
标题翻译：用于安全地保存和恢复安全程序加载程序上下文的系统和方法
公开(公告)号：US20080066075A1
公开(公告)日：2008-03-13
申请号：US11530942
申请日：2006-09-12
申请人： Mark Richard Nutter , Kanna Shimizu
发明人： Mark Richard Nutter , Kanna Shimizu
IPC分类号： G06F9/46
CPC分类号： G06F9/485
摘要： A system, method and program product that securely saves and restores the context of a secure program loader is presented. An interrupt is sent to a secured program running on an special purpose processor core that is running in isolation mode. The special purpose processor core is included in a heterogeneous processing environment that includes the special purpose processor cores (including the isolated special purpose processor core), and one or more general purpose processors. Each of the processors can access a shared memory. The isolated special purpose processor core includes a local memory that is inaccessible from the other processors. The system encrypts the secured program's context using a randomly generated encryption key and stores the context in the shared memory. A secure loader's context is updated with the generated encryption key and then the secure loader's context is saved to the shared memory.
摘要翻译：提出了安全地保存和恢复安全程序加载程序的上下文的系统，方法和程序产品。中断发送到运行在隔离模式下的专用处理器核心上的安全程序。专用处理器核心包括在异构处理环境中，包括专用处理器内核（包括隔离专用处理器内核）和一个或多个通用处理器。每个处理器都可以访问共享内存。隔离的专用处理器核心包括不能从其他处理器访问的本地存储器。系统使用随机生成的加密密钥对安全程序的上下文进行加密，并将上下文存储在共享存储器中。使用生成的加密密钥更新安全加载程序的上下文，然后将安全加载程序的上下文保存到共享内存。

8. 发明申请

US20080065907A1 System and Method for Securely Restoring a Program Context from a Shared Memory 有权
标题翻译：从共享内存中安全地恢复程序上下文的系统和方法
公开(公告)号：US20080065907A1
公开(公告)日：2008-03-13
申请号：US11530933
申请日：2006-09-12
申请人： Mark Richard Nutter , Kanna Shimizu
发明人： Mark Richard Nutter , Kanna Shimizu
IPC分类号： H04L9/00 , H04L9/32 , G06F12/14 , G06F11/30
CPC分类号： G06F9/461 , G06F21/52 , G06F21/74
摘要： A system and method for securely restoring software program context is presented. A special purpose processor core is included in a heterogeneous processing environment where each processor can access a shared memory. The isolated special purpose processor core includes an isolated local memory. The isolated special purpose processor core receives an identifier corresponding to the secured program. The identifier is used to read an encrypted context of the secured program from the shared memory. The encrypted context is decrypted using an encryption key. The decrypted context is stored in the isolated special purpose processor core's local memory. The secured program's context integrity is verified by using a persistent security data that is retrieved from a secure location, such as a persistent storage register that can only be accessed when the special purpose processor core is running in isolation mode. If the context is verified, the secured program is executed.
摘要翻译：提出了一种安全恢复软件程序环境的系统和方法。专用处理器核心包含在异构处理环境中，每个处理器可以访问共享内存。隔离的专用处理器内核包括一个隔离的本地存储器。隔离的专用处理器核心接收对应于安全程序的标识符。标识符用于从共享存储器读取加密程序的加密上下文。使用加密密钥对加密的上下文进行解密。解密的上下文存储在隔离的专用处理器核心的本地存储器中。安全程序的上下文完整性通过使用从安全位置检索的持久性安全数据（例如只有专用处理器内核以隔离模式运行时才能访问的持久存储寄存器）来验证。如果上下文被验证，则执行安全程序。

9. 发明申请

US20070027669A1 System and method for the offline development of passive simulation clients 审中-公开
标题翻译：被动模拟客户端的离线开发系统和方法
公开(公告)号：US20070027669A1
公开(公告)日：2007-02-01
申请号：US11181468
申请日：2005-07-13
申请人： Anthony Bybell , Kanna Shimizu , Kenneth Shiring
发明人： Anthony Bybell , Kanna Shimizu , Kenneth Shiring
IPC分类号： G06F9/45
CPC分类号： G06F11/3457
摘要： An improved method and system for development of passive simulation clients includes: running a simulation by a simulator; storing at least a portion of information from the simulation; retrieving the stored information by a simulation proxy; and recreating the simulation by the simulation proxy based on the retrieved information. Full or relevant subset of machine states may be stored in a storage mechanism, which is accessed by the simulation client through the simulation proxy. During code development, instead of accessing the simulator directly, the simulation client code is provided a cycle by cycle view of the simulation model from the storage mechanism as recreated by the simulation proxy. In this manner, development time is quicker as a full simulation environment need not be loaded and run. In addition, machine resources required during client development are reduced drastically.
摘要翻译：一种用于开发被动仿真客户端的改进方法和系统包括：通过仿真器运行仿真; 存储来自模拟的信息的至少一部分; 通过模拟代理检索存储的信息; 并基于检索到的信息，通过仿真代理重建仿真。机器状态的全部或相关子集可以存储在由模拟客户端通过仿真代理访问的存储机制中。在代码开发过程中，代替直接访问模拟器，仿真客户端代码是从模拟代理重新创建的存储机制中提供的模拟模型的逐周期视图。以这种方式，开发时间更快，因为不需要加载和运行完整的仿真环境。此外，在客户开发过程中所需的机器资源大幅减少。

10. 发明授权

US08433927B2 Cryptographically-enabled privileged mode execution 有权
标题翻译：密码学启用特权模式执行
公开(公告)号：US08433927B2
公开(公告)日：2013-04-30
申请号：US11754678
申请日：2007-05-29
申请人： Wilfred E. Plouffe, Jr. , Kanna Shimizu
发明人： Wilfred E. Plouffe, Jr. , Kanna Shimizu
IPC分类号： G06F12/14 , G06F9/24 , G06F7/04 , H04L29/06 , H04L9/28 , G08B29/00 , H04K1/00
CPC分类号： G06F12/1458 , G06F21/51 , G06F21/572 , G06F21/74
摘要： A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access.
摘要翻译：公开了一种方法，计算机程序产品和数据处理系统，用于在不受保护故障检测的存储器空间中保护敏感程序代码（以及数据）免于未经授权的访问。在优选实施例中，安全初始化硬件将敏感代码从仅可访问安全初始化硬件本身的存储位置加载，并将敏感代码解密为可执行代码的处理器可访问存储器空间的一部分。一旦敏感代码的执行完成，则在将控制传递给应用软件之前，所有或至少一部分代码被删除。如果应用软件需要执行敏感代码，则激活安全初始化硬件，将敏感代码的新鲜副本重新加载/解密到存储器空间中，并使代码被执行。在控制返回到应用软件之前，敏感代码将被重新删除，以防止未经授权的访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式