专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07496769B2 Hierarchical trusted code for content protection in computers 有权
标题翻译：计算机内容保护的层次可信代码
公开(公告)号：US07496769B2
公开(公告)日：2009-02-24
申请号：US11018065
申请日：2004-12-20
申请人： Butler W. Lampson , Paul England
发明人： Butler W. Lampson , Paul England
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
摘要翻译：在非安全计算机环境中保护优质内容的架构仅在安全存储器中执行少量代码模块。这些模块被布置在信任层级中，其中模块命名它愿意信任的其他模块，而这些模块又命名他们愿意信任的其他模块。安全加载器加载一个安全管理器，该管理器负责监视用于操纵内容的多个内容提供模块。内存管理员将权限分配给安全内存的各个页面。内存具有不同安全性的环。安全模型可以扩展到计算机总线上的程序模块和其他设备，如DMA控制器和外设。

2. 发明授权

US06651171B1 Secure execution of program code 有权
标题翻译：安全执行程序代码
公开(公告)号：US06651171B1
公开(公告)日：2003-11-18
申请号：US09287393
申请日：1999-04-06
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： G06F1208
CPC分类号： G06F21/53 , G06F12/1491
摘要： Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.
摘要翻译：窗帘操作提供可信赖的代码执行和安全存储器中数据的保密性。窗帘代码只能从窗帘内存区域的特定地址范围内执行，以防止无区域的代码访问。代码入口点受到限制，原子执行得到保证。存储器被组织成多个分层帘式环，并且对等子被拒绝彼此访问以及更安全的环。

3. 发明授权

US07543336B2 System and method for secure storage of data using public and private keys 有权
标题翻译：使用公钥和私钥安全存储数据的系统和方法
公开(公告)号：US07543336B2
公开(公告)日：2009-06-02
申请号：US10431011
申请日：2003-05-07
申请人： Butler W. Lampson , John D. DeTreville , Paul England
发明人： Butler W. Lampson , John D. DeTreville , Paul England
IPC分类号： G06F7/00
CPC分类号： G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要： In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
摘要翻译：在一个方面中，接收要加密的数据结构，该数据结构包括内容以及内容可被解密的条件语句。使用要解密数据结构的设备的一对公钥和私钥的公钥来加密内容。在另一方面，使用一对公钥和私钥的私钥对数据结构进行解密。获得可解密数据结构中的内容的条件声明，并且对条件是否满足进行测试。解密的内容只有在满足条件的情况下才会被返回。

4. 发明授权

US07434263B2 System and method for secure storage data using a key 有权
标题翻译：使用密钥安全存储数据的系统和方法
公开(公告)号：US07434263B2
公开(公告)日：2008-10-07
申请号：US10430994
申请日：2003-05-07
申请人： Butler W. Lampson , John D. DeTreville , Paul England
发明人： Butler W. Lampson , John D. DeTreville , Paul England
IPC分类号： G06F21/27
CPC分类号： G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要： In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
摘要翻译：一方面，在设备中接收要加密的数据结构，该数据结构包括内容以及内容可被解密的条件语句。使用设备的处理器的对称密钥对数据结构进行加密。在另一方面，使用处理器对称密钥解密数据结构。获得可解密数据结构中的内容的条件声明，并且对条件是否满足进行测试。解密的内容只有在满足条件的情况下才会被返回。

5. 发明授权

US07415620B2 System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权
标题翻译：将操作系统认证到中央处理单元的系统和方法，向CPU / OS提供安全存储，并将CPU / OS认证给第三方
公开(公告)号：US07415620B2
公开(公告)日：2008-08-19
申请号：US11615361
申请日：2006-12-22
申请人： Paul England , John D. DeTreville , Butler W. Lampson
发明人： Paul England , John D. DeTreville , Butler W. Lampson
IPC分类号： G06F11/30
CPC分类号： G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要： In accordance with certain aspects, a chain of trust is established between a subscriber unit and a content provider. A request is submitted from the subscriber unit to the content provider. A challenge nonce is generated at the content provider and returned to the subscriber unit. At the subscriber unit, an operating system (OS) certificate containing an identity of the operating system from the software identity register, information describing the operating system, the challenge nonce, and a CPU public key is formed, and the OS certificate is signed using a CPU private key. The OS certificate and a CPU manufacturer certificate supplied by a manufacturer of the CPU are passed from the subscriber unit to the content provider, and are evaluated at the content provider to determine whether to reject or fulfill the request.
摘要翻译：根据某些方面，在用户单元和内容提供商之间建立信任链。从用户单元向内容提供商提交请求。挑战随机数在内容提供者处产生并返回到用户单元。在订户单元处，形成包含来自软件身份寄存器的操作系统的身份的操作系统（OS）证书，描述操作系统的信息，挑战随机数和CPU公钥，并且使用一个CPU私钥。由CPU制造商提供的OS证书和CPU制造商证书从用户单元传递到内容提供商，并在内容提供商处进行评估，以确定是否拒绝或完成请求。

6. 发明授权

US07356682B2 Attesting to a value of a register and/or memory region 有权
标题翻译：证明寄存器和/或存储器区域的值
公开(公告)号：US07356682B2
公开(公告)日：2008-04-08
申请号：US10431309
申请日：2003-05-07
申请人： Butler W. Lampson , John D. DeTreville , Paul England
发明人： Butler W. Lampson , John D. DeTreville , Paul England
IPC分类号： G06F9/00
CPC分类号： G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要： In accordance with one aspect of attesting to a value of a register and/or memory region, an operating system of a device receives a request, in response to an ATTEST operation being invoked, to make a signed attestation of a value. The operating system signs a statement that includes the value using a private key of a pair of public and private keys of a processor of the device. The value may be stored in a register and/or a region of memory.
摘要翻译：根据证明寄存器和/或存储器区域的值的一个方面，设备的操作系统响应于被调用的ATTEST操作来接收请求以进行值的签名认证。操作系统使用设备的处理器的一对公钥和私钥的私钥来签署包含该值的语句。该值可以存储在存储器的寄存器和/或区域中。

7. 发明授权

US07302709B2 Key-based secure storage 有权
标题翻译：基于密钥的安全存储
公开(公告)号：US07302709B2
公开(公告)日：2007-11-27
申请号：US11221047
申请日：2005-09-07
申请人： Paul England , John D. DeTreville , Butler W. Lampson
发明人： Paul England , John D. DeTreville , Butler W. Lampson
IPC分类号： H04L9/18
CPC分类号： G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要： A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
摘要翻译：单向散列函数应用于由应用程序提供的种子以产生用于生成应用程序存储密钥的散列种子。单向散列函数被应用于由用户提供的种子以产生第一散列种子，该第一散列种子被传递给键入的哈希函数，其被键入用户的身份，以产生第二散列种子。第二个散列种子用于生成用户存储密钥。从未分解的种子生成操作系统存储密钥。其中一个存储密钥用于加密下载的内容。在下载时附加到内容的访问谓词与存储密钥相关联，以对内容的访问执行某些限制。

8. 发明授权

US07020772B2 Secure execution of program code 失效
公开(公告)号：US07020772B2
公开(公告)日：2006-03-28
申请号：US10667612
申请日：2003-09-22
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： G06F17/30
CPC分类号： G06F21/53 , G06F12/1491
摘要： Curtained operation provides trusted execution of code and secrecy of data in a secure memory. Curtained code can only be executed from within certain address ranges of a curtained memory region secure against access by code from without the region. Code entry points are restricted, and atomic execution is assured. The memory is organized into multiple hierarchically curtained rings, and peer subrings are denied access to each other as well as to more secure rings.

9. 发明授权

US06986059B2 Hierarchical trusted code for content protection in computers 失效
公开(公告)号：US06986059B2
公开(公告)日：2006-01-10
申请号：US10870845
申请日：2004-06-17
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： H04L9/00 , G06F17/60
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

10. 发明授权

US06775779B1 Hierarchical trusted code for content protection in computers 有权
公开(公告)号：US06775779B1
公开(公告)日：2004-08-10
申请号：US09287698
申请日：1999-04-06
申请人： Paul England , Butler W. Lampson
发明人： Paul England , Butler W. Lampson
IPC分类号： H04L900
CPC分类号： G06Q10/10 , G06F21/57
摘要： An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式