专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07996687B2 Product for providing a scalable trusted platform module in a hypervisor environment 失效
标题翻译：用于在管理程序环境中提供可扩展的可信平台模块的产品
公开(公告)号：US07996687B2
公开(公告)日：2011-08-09
申请号：US12262445
申请日：2008-10-31
申请人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F11/30 , H04K1/10
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： Multiple logical partitions are provided in a data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

2. 发明申请

US20100042823A1 Method, Apparatus, and Product for Providing a Scalable Trusted Platform Module in a Hypervisor Environment 失效
标题翻译：在Hypervisor环境中提供可扩展可信平台模块的方法，设备和产品
公开(公告)号：US20100042823A1
公开(公告)日：2010-02-18
申请号：US12262445
申请日：2008-10-31
申请人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, JR. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, JR. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F12/14 , G06F9/24 , G06F9/455
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：描述了一种在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品，其中数据处理系统包括单个硬件可信平台模块（TPM）。在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

3. 发明授权

US07478246B2 Method for providing a scalable trusted platform module in a hypervisor environment 失效
标题翻译：在管理程序环境中提供可扩展的可信平台模块的方法
公开(公告)号：US07478246B2
公开(公告)日：2009-01-13
申请号：US10902670
申请日：2004-07-29
申请人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Richard Louis Arndt , Steven A. Bade , Thomas J. Dewkett , Charles W. Gainey, Jr. , Nia Letise Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F11/30 , H04K1/10
CPC分类号： H04L63/20 , G06F21/57 , H04L63/0876 , H04L63/102
摘要： A method is described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.
摘要翻译：描述了一种在数据处理系统内实现可信计算环境的方法，其中数据处理系统包括单个硬件可信平台模块（TPM）。在数据处理系统中提供了多个逻辑分区。为每个逻辑分区生成唯一的上下文。当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。每个上下文时隙都可以存储一个分区的上下文。每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。至少一个上下文时隙同时与多于一个的逻辑分区相关联。在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

4. 发明授权

US07624283B2 Protocol for trusted platform module recovery through context checkpointing 有权
标题翻译：通过上下文检查点对可信平台模块进行恢复的协议
公开(公告)号：US07624283B2
公开(公告)日：2009-11-24
申请号：US11352762
申请日：2006-02-13
申请人： Steven A. Bade , Thomas J. Dewkett , Nia L. Kelley , Siegfried Sutter , Helmut H. Weber
发明人： Steven A. Bade , Thomas J. Dewkett , Nia L. Kelley , Siegfried Sutter , Helmut H. Weber
IPC分类号： G06F11/30 , H04K1/10
CPC分类号： G06F21/57
摘要： A computer implemented method for recovering a partition context in the event of a system or hardware device failure. Upon receiving a command from a partition to modify context data in a trusted platform module (TPM) hardware device, a trusted platform module input/output host partition (TMPIOP) provides an encrypted copy of the context data and the command to the TPM hardware device, which processes the command and updates the context data. If the TPM hardware device successfully processes the command, the TMPIOP receives the updated context data from the TPM hardware device and stores the updated context data received in encrypted form in a context data cache or a non-volatile storage off-board the TPM hardware device. If the TPM hardware device fails to successfully process the command, the TMPIOP uses a last valid copy of the context data to retry processing of the command on a different TPM hardware device.
摘要翻译：一种用于在系统或硬件设备故障的情况下恢复分区上下文的计算机实现的方法。信任平台模块输入/输出主机分区（TMPIOP）在接收到来自分区的命令以修改可信平台模块（TPM）硬件设备中的上下文数据时，将上下文数据的加密副本提供给TPM硬件设备，它处理命令并更新上下文数据。如果TPM硬件设备成功地处理该命令，则TMPIOP从TPM硬件设备接收更新的上下文数据，并将以加密形式接收到的更新的上下文数据存储在上行数据高速缓存或TPM硬件设备的非易失性存储器。如果TPM硬件设备无法成功处理该命令，则TMPIOP将使用上一个上下文数据的最后一个有效副本来重试不同TPM硬件设备上的命令处理。

5. 发明授权

US08549592B2 Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform 有权
标题翻译：在可信计算平台中为动态生成的认可密钥建立虚拟认可凭据
公开(公告)号：US08549592B2
公开(公告)日：2013-10-01
申请号：US11179238
申请日：2005-07-12
申请人： Steven A. Bade , James Patrick Hoff , Siegfried Sutter , James Peter Ward , Helmut H. Weber
发明人： Steven A. Bade , James Patrick Hoff , Siegfried Sutter , James Peter Ward , Helmut H. Weber
IPC分类号： H04L29/06
CPC分类号： G06F21/57 , H04L9/0877 , H04L9/321 , H04L9/3234 , H04L9/3263
摘要： A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.
摘要翻译：在用于建立虚拟背书凭证的数据处理系统中公开了一种方法和装置。数据处理系统包括硬件可信平台模块（TPM）。逻辑分区在系统中生成。为每个逻辑分区生成不同的虚拟TPM。对于逻辑分区中的每一个，为逻辑分区生成的虚拟TPM然后动态地生成仅存储在相应虚拟TPM内的虚拟签名密钥。使用虚拟认可密钥，每个虚拟TPM还生成供包括虚拟TPM的逻辑分区使用的虚拟签注凭证。在数据处理系统内生成虚拟签注凭证，而数据处理系统或其设备访问数据处理系统外部的受信任的第三方。

6. 发明申请

US20080184040A1 METHOD FOR EXTENDING THE CRTM IN A TRUSTED PLATFORM 失效
标题翻译：用于扩展信号平台中CRTM的方法
公开(公告)号：US20080184040A1
公开(公告)日：2008-07-31
申请号：US12059274
申请日：2008-03-31
申请人： Steven A. Bade , Ronald Perez , Leendert Peter Van Doorn , Helmut H. Weber
发明人： Steven A. Bade , Ronald Perez , Leendert Peter Van Doorn , Helmut H. Weber
IPC分类号： H04L9/06
CPC分类号： G06F21/572
摘要： A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.
摘要翻译：一种用于增强现有核心信任度量（CRTM）功能的方法，系统和计算机程序产品。 CRTM被扩展为允许平台制造商控制和认证的代码被并入CRTM的功能，其中制造商可以将接受新功能的策略定义到CRTM中。当编译固件或软件模块图像时，构建过程产生编译的固件或软件映像的哈希值，其中散列值反映编译图像的指纹（或短手）表示。确定固件或软件映像的哈希值是否为CRTM扩展。如果是这样，使用CRTM扩展专用密钥创建模块的数字签名。该签名值被添加到固件或软件模块。

7. 发明授权

US08185750B2 Method for extending the CRTM in a trusted platform 失效
标题翻译：在可信平台上扩展CRTM的方法
公开(公告)号：US08185750B2
公开(公告)日：2012-05-22
申请号：US12059274
申请日：2008-03-31
申请人： Steven A. Bade , Ronald Perez , Leendert Peter Van Doorn , Helmut H. Weber
发明人： Steven A. Bade , Ronald Perez , Leendert Peter Van Doorn , Helmut H. Weber
IPC分类号： G06F12/14 , G06F21/22
CPC分类号： G06F21/572
摘要： A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.
摘要翻译：一种用于增强现有核心信任度量（CRTM）功能的方法，系统和计算机程序产品。 CRTM被扩展为允许平台制造商控制和认证的代码被并入CRTM的功能，其中制造商可以将接受新功能的策略定义到CRTM中。当编译固件或软件模块图像时，构建过程产生编译的固件或软件映像的哈希值，其中散列值反映编译图像的指纹（或短手）表示。确定固件或软件映像的哈希值是否为CRTM扩展。如果是这样，使用CRTM扩展专用密钥创建模块的数字签名。该签名值被添加到固件或软件模块。

8. 发明授权

US08527724B2 Blocked based end-to-end data protection for extended count key data (ECKD) 有权
标题翻译：针对扩展计数密钥数据（ECKD）的基于阻塞的端到端数据保护
公开(公告)号：US08527724B2
公开(公告)日：2013-09-03
申请号：US13219510
申请日：2011-08-26
申请人： Gerhard Banzhaf , Maor Ben-Dayan , Kenneth W. Boyd , Thomas Schlipf , Helmut H. Weber
发明人： Gerhard Banzhaf , Maor Ben-Dayan , Kenneth W. Boyd , Thomas Schlipf , Helmut H. Weber
IPC分类号： G06F12/00
CPC分类号： G06F11/1076
摘要： Exemplary method, system, and computer program product embodiments for block based end-to-end data protection for extended count key data (ECKD) in a computing environment are provided. In one embodiment, by way of example only, information units (IU's) are aligned in a block boundary format. Block protection trailer data is added to each one of the IU's. Additional system and computer program product embodiments are disclosed and provide related advantages.
摘要翻译：提供了用于在计算环境中用于扩展计数密钥数据（ECKD）的基于块的端到端数据保护的示例性方法，系统和计算机程序产品实施例。在一个实施例中，仅作为示例，信息单元（IU）以块边界格式对准。块保护拖车数据被添加到IU的每一个。公开了附加的系统和计算机程序产品实施例并提供相关的优点。

9. 发明授权

US08230317B2 Data protection method for variable length records by utilizing high performance block storage metadata 有权
标题翻译：通过利用高性能块存储元数据为可变长度记录提供数据保护方法
公开(公告)号：US08230317B2
公开(公告)日：2012-07-24
申请号：US12100249
申请日：2008-04-09
申请人： Stefan Amann , Gerhard Banzhaf , Kenneth Wayne Boyd , Kenneth Fairclough Day, III , Jeffrey William Palm , Helmut H. Weber , Harry Morris Yudenfriend
发明人： Stefan Amann , Gerhard Banzhaf , Kenneth Wayne Boyd , Kenneth Fairclough Day, III , Jeffrey William Palm , Helmut H. Weber , Harry Morris Yudenfriend
IPC分类号： G06F11/00
CPC分类号： G11B20/1833 , G06F3/061 , G06F3/0661 , G06F3/0671 , G11B2020/1843 , G11B2220/2516
摘要： An enhanced mechanism for providing data protection for variable length records utilizes high performance block storage metadata. In an embodiment, an emulated record that emulates a variable length record, such as a Count-Key-Data (CKD) record or an Extended-Count-Key-Data (ECKD) record, is generated by a Host Bus Adapter (HBA) of a mainframe system. The emulated record comprises a sequence of extended fixed-length blocks, each of which includes a data block and a footer. A confluence of the footers defines a high performance block storage metadata unit associated with the emulated record and includes a checksum that covers all data blocks and all footers of the entire emulated record. In one embodiment, the checksum is checked during transit of the emulated record between a HBA and a storage subsystem (e.g., by the HBA when the emulated record is received from the storage subsystem, and/or by a switch in the data transfer path), during a hardening step when writing the emulated record to a disk, and/or during a verification step when reading the emulated record from the disk.
摘要翻译：用于为可变长度记录提供数据保护的增强机制利用高性能块存储元数据。在一个实施例中，仿真诸如计数密钥数据（CKD）记录或扩展计数密钥数据（ECKD）记录的可变长度记录的仿真记录由主机总线适配器（HBA）生成，的大型机系统。仿真记录包括一系列扩展的固定长度块，每个块包括数据块和页脚。页脚的汇合定义了与仿真记录相关联的高性能块存储元数据单元，并且包括覆盖整个模拟记录的所有数据块和所有页脚的校验和。在一个实施例中，在仿真记录在HBA和存储子系统之间（例如，当从存储子系统接收到仿真记录和/或通过数据传输路径中的交换机通过HBA）传送期间检查校验和，在将仿真记录写入磁盘的硬化步骤期间和/或在从盘读取仿真记录时的验证步骤期间。

10. 发明申请

US20090259924A1 Data Protection Method for Variable Length Records by Utilizing High Performance Block Storage Metadata 有权
标题翻译：通过利用高性能块存储元数据实现可变长度记录的数据保护方法
公开(公告)号：US20090259924A1
公开(公告)日：2009-10-15
申请号：US12100249
申请日：2008-04-09
申请人： Stefan Amann , Gerhard Banzhaf , Kenneth Wayne Boyd , Kenneth Fairclough Day, III , Jeffrey William Palm , Helmut H. Weber , Harry Morris Yudenfriend
发明人： Stefan Amann , Gerhard Banzhaf , Kenneth Wayne Boyd , Kenneth Fairclough Day, III , Jeffrey William Palm , Helmut H. Weber , Harry Morris Yudenfriend
IPC分类号： G06F11/08
CPC分类号： G11B20/1833 , G06F3/061 , G06F3/0661 , G06F3/0671 , G11B2020/1843 , G11B2220/2516
摘要： An enhanced mechanism for providing data protection for variable length records utilizes high performance block storage metadata. In an embodiment, an emulated record that emulates a variable length record, such as a Count-Key-Data (CKD) record or an Extended-Count-Key-Data (ECKD) record, is generated by a Host Bus Adapter (HBA) of a mainframe system. The emulated record comprises a sequence of extended fixed-length blocks, each of which includes a data block and a footer. A confluence of the footers defines a high performance block storage metadata unit associated with the emulated record and includes a checksum that covers all data blocks and all footers of the entire emulated record. In one embodiment, the checksum is checked during transit of the emulated record between a HBA and a storage subsystem (e.g., by the HBA when the emulated record is received from the storage subsystem, and/or by a switch in the data transfer path), during a hardening step when writing the emulated record to a disk, and/or during a verification step when reading the emulated record from the disk.
摘要翻译：用于为可变长度记录提供数据保护的增强机制利用高性能块存储元数据。在一个实施例中，仿真诸如计数密钥数据（CKD）记录或扩展计数密钥数据（ECKD）记录的可变长度记录的仿真记录由主机总线适配器（HBA）生成，的大型机系统。仿真记录包括一系列扩展的固定长度块，每个块包括数据块和页脚。页脚的汇合定义了与仿真记录相关联的高性能块存储元数据单元，并且包括覆盖整个模拟记录的所有数据块和所有页脚的校验和。在一个实施例中，在仿真记录在HBA和存储子系统之间（例如，当从存储子系统接收到仿真记录和/或通过数据传输路径中的交换机通过HBA）传送期间检查校验和，在将仿真记录写入磁盘的硬化步骤期间和/或在从盘读取仿真记录时的验证步骤期间。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式