专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100058075A1 METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM 有权
标题翻译：用于装载可信操作系统的方法和装置
公开(公告)号：US20100058075A1
公开(公告)日：2010-03-04
申请号：US12615475
申请日：2009-11-10
申请人： Michael A. Kozuch , James A. Sutton , David Grawrock
发明人： Michael A. Kozuch , James A. Sutton , David Grawrock
IPC分类号： G06F12/14 , G06F11/30
CPC分类号： G06F9/45533 , G06F9/445 , G06F21/57 , G06F21/575 , G06F2009/45583 , G06F2009/45587
摘要： A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.
摘要翻译：提供了一种用于将区域固定在计算机的存储器中的方法和装置。根据一个实施例，该方法包括在计算机中停止多个处理器中的所有处理器中的所有处理器。停止的处理器进入特殊的停止状态。只有在除了多个处理器中的一个处理器之外的所有处理器停止之后，内容被加载到该区域中，并且该区域被保护以免被暂停的处理器访问。该方法还包括将非暂停处理器置于已知特权状态，并且在非停止处理器已经被置于已知特权状态之后使得暂停的处理器退出停止状态。

2. 发明授权

US07631196B2 Method and apparatus for loading a trustable operating system 有权
标题翻译：用于加载可信任操作系统的方法和装置
公开(公告)号：US07631196B2
公开(公告)日：2009-12-08
申请号：US10085839
申请日：2002-02-25
申请人： Michael A. Kozuch , James A. Sutton , David Grawrock
发明人： Michael A. Kozuch , James A. Sutton , David Grawrock
IPC分类号： G06F11/30 , G06F12/14
CPC分类号： G06F9/45533 , G06F9/445 , G06F21/57 , G06F21/575 , G06F2009/45583 , G06F2009/45587
摘要： A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.
摘要翻译：提供了一种方法和装置，其中可信操作系统被加载到存储器中的区域中。启动安全操作（SSO）触发连接安全操作（JSO），以在多处理器计算机中停止除一个中央处理器（CPU）之外的所有其他操作。 SSO使活动CPU将操作系统的组件加载到存储器中的指定区域中，通过在存储器中记录指定区域的内容的加密散列来注册加载的操作系统的标识，以已知条目开始执行指向指定的区域并触发JSO以使停止的CPU执行相同操作。

3. 发明授权

US07308576B2 Authenticated code module 有权
标题翻译：认证代码模块
公开(公告)号：US07308576B2
公开(公告)日：2007-12-11
申请号：US10039595
申请日：2001-12-31
申请人： Andrew F. Glew , James A. Sutton , Lawrence O. Smith , David W. Grawrock , Gilbert Neiger , Michael A. Kozuch
发明人： Andrew F. Glew , James A. Sutton , Lawrence O. Smith , David W. Grawrock , Gilbert Neiger , Michael A. Kozuch
IPC分类号： H04L9/00 , G06F11/30 , G06F15/16 , H04L29/06 , G06G1/00 , G06G12/14
CPC分类号： G06F21/52
摘要： An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.
摘要翻译：认证代码模块包括证明模块真实性的值。该值使用与要执行该模块的计算设备的密钥对应的密钥加密。

4. 发明授权

US07725713B2 Launching a secure kernel in a multiprocessor system 有权
标题翻译：在多处理器系统中启动安全内核
公开(公告)号：US07725713B2
公开(公告)日：2010-05-25
申请号：US12005450
申请日：2007-12-27
申请人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
发明人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
IPC分类号： G06F9/30 , H04L29/06
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trust agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
摘要翻译：在本发明的一个实施例中，一种方法包括验证系统的起始逻辑处理器; 如果启动逻辑处理器被验证，则使用起始逻辑处理器验证可信代理; 以及如果所述可信代理被验证，则在所述系统的多个处理器上启动所述信任代理。在执行这样的可信代理之后，在某些实施例中可以启动安全内核。该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

5. 发明授权

US07516330B2 Platform and method for establishing provable identities while maintaining privacy 有权
标题翻译：在保持隐私的同时建立可证明身份的平台和方法
公开(公告)号：US07516330B2
公开(公告)日：2009-04-07
申请号：US11289747
申请日：2005-11-29
申请人： Carl M. Ellison , James A. Sutton
发明人： Carl M. Ellison , James A. Sutton
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3271 , H04L2209/42
摘要： In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.
摘要翻译：在一个实施例中，描述了一种利用假名来保护平台及其用户的身份的方法。该方法包括产生包含公共假名密钥的假名。公共假名密钥被放置在证书模板中。在证书模板上执行散列操作以产生从平台转换的证书哈希值。此后，将签名结果返回到平台。签名结果是转换的证书哈希值的数字签名。在执行签名结果的逆变换时，恢复证书哈希值的数字签名。该数字签名可以用于使用假名的后续通信的数据完整性检查。

6. 发明授权

US07096497B2 File checking using remote signing authority via a network 有权
公开(公告)号：US07096497B2
公开(公告)日：2006-08-22
申请号：US09823131
申请日：2001-03-30
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar
IPC分类号： G06F11/30 , H04L9/00
CPC分类号： G06F21/645
摘要： A file is sent to a remote signing authority via a network. The signing authority checks the file and provides a signature indicating file integrity of the file. The signature returned from the signing authority via the network is verified.

7. 发明授权

US07082615B1 Protecting software environment in isolated execution 失效
标题翻译：在孤立执行中保护软件环境
公开(公告)号：US07082615B1
公开(公告)日：2006-07-25
申请号：US09668610
申请日：2000-09-22
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
IPC分类号： G06F7/04
CPC分类号： G06F21/53 , G06F9/468 , G06F21/562 , G06F21/57 , G06F21/74 , G06F2221/2105
摘要： The present invention is a method and apparatus to protect a subset of a software environment. A key generator generates an operating system nub key (OSNK). The OSNK is unique to an operating system (OS) nub. The OS nub is part of an operating system in a secure platform. A usage protector uses the OSNK to protect usage of a subset of the software environment.
摘要翻译：本发明是一种保护软件环境子集的方法和装置。密钥生成器生成操作系统nub（OSNK）。 OSNK是操作系统（OS）nub所独有的。 OS nub是安全平台中操作系统的一部分。使用保护程序使用OSNK来保护软件环境的子集的使用。

8. 发明授权

US06678825B1 Controlling access to multiple isolated memories in an isolated execution environment 有权
标题翻译：在独立的执行环境中控制对多个隔离存储器的访问
公开(公告)号：US06678825B1
公开(公告)日：2004-01-13
申请号：US09618738
申请日：2000-07-18
申请人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
发明人： Carl M. Ellison , Roger A. Golliver , Howard C. Herbert , Derrick C. Lin , Francis X. McKeen , Gilbert Neiger , Ken Reneris , James A. Sutton , Shreekant S. Thakkar , Millind Mittal
IPC分类号： G06F1760
CPC分类号： G06F12/145 , G06F12/0831 , G06F12/1009 , G06F12/1491 , G06F21/74 , G06F2212/1016 , G06F2212/1041 , G06F2212/1052
摘要： The present invention provides a method, apparatus, and system for controlling memory accesses to multiple isolated memory areas in an isolated execution environment. A page manager is used to distribute a plurality of pages to a plurality of different areas of a memory, respectively. The memory is divided into non-isolated areas and isolated areas. The page manager is located in an isolated area of memory. Further, a memory ownership page table describes each page of memory and is also located in an isolated area of memory. The page manager assigns an isolated attribute to a page if the page is distributed to an isolated area of memory. On the other hand, the page manager assigns a non-isolated attribute to a page if the page is distributed to a non-isolated area of memory. The memory ownership page table records the attribute for each page. In one embodiment, a processor having a normal execution mode and an isolated execution mode generates an access transaction. The access transaction is configured using a configuration storage that contains configuration settings related to a page and access information. An access checking circuit coupled to the configuration storage checks the access transaction using at least one of the configuration settings and the access information and generates an access grant signal if the access transaction is valid.
摘要翻译：本发明提供一种用于控制对隔离执行环境中的多个隔离存储器区域的存储器访问的方法，装置和系统。页面管理器用于分别将多个页面分发到存储器的多个不同区域。记忆分为非隔离区和隔离区。页面管理器位于隔离区内。此外，存储器所有权页表描述了存储器的每一页，并且还位于存储器的隔离区域中。页面管理器将一个隔离的属性分配给页面，如果该页面被分发到一个隔离的内存区域。另一方面，如果页面被分发到存储器的非隔离区域，则页面管理器将非隔离属性分配给页面。内存所有权页表记录每个页面的属性。在一个实施例中，具有正常执行模式和隔离执行模式的处理器生成访问事务。访问事务使用包含与页面和访问信息相关的配置设置的配置存储进行配置。耦合到配置存储器的访问检查电路使用配置设置和访问信息中的至少一个来检查访问事务，并且如果访问事务有效则生成访问许可信号。

9. 发明申请

US20130254905A1 Launching A Secure Kernel In A Multiprocessor System 有权
公开(公告)号：US20130254905A1
公开(公告)日：2013-09-26
申请号：US13897906
申请日：2013-05-20
申请人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Williard M. Wiseman
发明人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Williard M. Wiseman
IPC分类号： G06F21/64
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

10. 发明授权

US07774600B2 Launching a secure kernel in a multiprocessor system 有权
公开(公告)号：US07774600B2
公开(公告)日：2010-08-10
申请号：US12005570
申请日：2007-12-27
申请人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
发明人： John H. Wilson , Ioannis T. Schoinas , Mazin S. Yousif , Linda J. Rankin , David W. Grawrock , Robert J. Greiner , James A. Sutton , Kushagra Vaid , Willard M. Wiseman
IPC分类号： G06F9/30 , H04L29/06
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式