专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060256107A1 Methods and apparatus for generating endorsement credentials for software-based security coprocessors 有权
公开(公告)号：US20060256107A1
公开(公告)日：2006-11-16
申请号：US11171856
申请日：2005-06-29
申请人： Vincent Scarlata , Willard Wiseman
发明人： Vincent Scarlata , Willard Wiseman
IPC分类号： G06T1/00
CPC分类号： G06F21/57 , G06F21/53
摘要： A virtual manufacturer authority is launched in a protected portion of a processing system. A key for the virtual manufacturer authority is created. The key is protected by a security coprocessor of the processing system, such as a trusted platform module (TPM). Also, the key is bound to a current state of the virtual manufacturer authority. A virtual security coprocessor is created in the processing system. A delegation request is transmitted from the processing system to an external processing system, such as a certificate authority (CA). After transmission of the delegation request, the key is used to attest to trustworthiness of the virtual security coprocessor. Other embodiments are described and claimed.

2. 发明授权

US08032942B2 Configuration of virtual trusted platform module 有权
标题翻译：虚拟可信平台模块的配置
公开(公告)号：US08032942B2
公开(公告)日：2011-10-04
申请号：US11967300
申请日：2007-12-31
申请人： Ned Smith , Willard Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz Siddiqi
发明人： Ned Smith , Willard Wiseman , Alok Kumar , Tasneem Brutch , Vincent Scarlata , Faraz Siddiqi
IPC分类号： H04L9/00 , H04L9/32 , G06F7/04
CPC分类号： G06F21/572 , G06F21/57 , G06F2221/2101
摘要： Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.
摘要翻译：公开了用于配置虚拟平台模块的系统，方法和机器可读介质。一种方法包括启动虚拟机监视器，并且利用虚拟机监视器确定定义虚拟可信平台模块的配置的配置策略是否被信任。该方法还包括根据虚拟机监视器确定配置策略被信任来配置每个配置策略的虚拟可信平台模块。该方法还包括通过虚拟机监视器启动与虚拟可信平台模块相关联的虚拟机。

3. 发明申请

US20050262571A1 System and method to support platform firmware as a trusted process 有权
标题翻译：支持平台固件作为受信任流程的系统和方法
公开(公告)号：US20050262571A1
公开(公告)日：2005-11-24
申请号：US10786284
申请日：2004-02-25
申请人： Vincent Zimmer , Willard Wiseman , Jing Li
发明人： Vincent Zimmer , Willard Wiseman , Jing Li
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/57
摘要： A system and method to support platform firmware as a trusted process. Measurement of a trusted portion of original firmware are measured by a core root of trust measurement (CRTM). The measurement is stored in a secure manner during pre-boot. During operating system (OS)-runtime, requests are made to access an unqualified current version of firmware corresponding to a secure execution mode. A portion of the current firmware analogous to the trusted portion is measured. The measurements of the trusted original portion and unqualified current portion are compared to verify they match. If they match, it indicates that the current portion and the trusted portion are one in the same. Thus, the current portion of firmware is trustworthy. Accordingly, the firmware may be executed as a trusted process. Embodiments employ locality to enforce the trusted process. The use of locality prevents unqualified users (i.e., software) from accessing data stored by trusted firmware.
摘要翻译：将平台固件支持为可信过程的系统和方法。原始固件的受信任部分的测量是通过信任测量（CRTM）的核心根来测量的。在预引导期间，以安全的方式存储测量。在操作系统（OS） - 运行时期间，请求访问对应于安全执行模式的不合格的当前版本的固件。测量与可信部分类似的当前固件的一部分。比较可信原始部分和不合格的当前部分的测量结果，以验证它们是否匹配。如果它们匹配，则表示当前部分和可信部分是相同的。因此，固件的当前部分是值得信赖的。因此，固件可以作为可信过程来执行。实施例采用本地来强制可信过程。使用本地防止不合格用户（即，软件）访问由可信固件存储的数据。

4. 发明申请

US20170185814A1 EPID attestation using RFID 有权
公开(公告)号：US20170185814A1
公开(公告)日：2017-06-29
申请号：US14757398
申请日：2015-12-23
申请人： Ned Smith , Sven Schrecker , Willard Wiseman , David Clark , Jennifer Gilburg De Magnin , Howard Herbert
发明人： Ned Smith , Sven Schrecker , Willard Wiseman , David Clark , Jennifer Gilburg De Magnin , Howard Herbert
IPC分类号： G06K7/10
CPC分类号： G06F21/00 , G06K7/10257 , G06Q10/10 , G06Q50/10 , G06Q2220/00 , H04L9/0819
摘要： Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.

5. 发明申请

US20140095876A1 INTRODUCTION OF DISCRETE ROOTS OF TRUST 有权
标题翻译：介绍信托的分歧
公开(公告)号：US20140095876A1
公开(公告)日：2014-04-03
申请号：US13629887
申请日：2012-09-28
申请人： Ned Smith , Sharon Smith , Willard Wiseman
发明人： Ned Smith , Sharon Smith , Willard Wiseman
IPC分类号： H04L9/32
CPC分类号： G06F21/57 , H04L9/32 , H04L9/3265 , H04L9/3271
摘要： Systems and methods may provide introducing a first root of trust on a platform to a second root of trust on the same platform. In one example, the method may include using an authenticated code module to transfer a first encryption key from a first root of trust on a platform to a second root of trust on the platform, receiving a challenge response from the first root of trust at the second root of trust, and using the first encryption key to verify the challenge response
摘要翻译：系统和方法可以提供将平台上的第一信任根引入同一平台上的第二信任根。在一个示例中，该方法可以包括使用经认证的代码模块将第一加密密钥从平台上的第一信任根传递到平台上的第二信任根，在第一根信任根源处接收挑战响应第二个信任根，并使用第一个加密密钥验证挑战响应

6. 发明申请

US20080109638A1 Launching a secure kernel in a multiprocessor system 有权
公开(公告)号：US20080109638A1
公开(公告)日：2008-05-08
申请号：US12005570
申请日：2007-12-27
申请人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
发明人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
IPC分类号： G06F9/06
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

7. 发明申请

US20080109636A1 Launching a secure kernel in a multiprocessor system 有权
公开(公告)号：US20080109636A1
公开(公告)日：2008-05-08
申请号：US12005450
申请日：2007-12-27
申请人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
发明人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
IPC分类号： G06F9/06
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

8. 发明申请

US20050273602A1 Launching a secure kernel in a multiprocessor system 有权
标题翻译：在多处理器系统中启动安全内核
公开(公告)号：US20050273602A1
公开(公告)日：2005-12-08
申请号：US10859897
申请日：2004-06-03
申请人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
发明人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
IPC分类号： G06F21/24 , G06F1/00 , G06F9/445 , G06F9/46 , G06F12/14 , G06F15/163 , G06F15/177 , H04L9/00
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
摘要翻译：在本发明的一个实施例中，一种方法包括验证系统的起始逻辑处理器; 如果启动逻辑处理器被验证，则使用起始逻辑处理器验证可信代理; 以及如果所述信任代理被验证，则在所述系统的多个处理器上启动所述可信代理。在执行这样的可信代理之后，在某些实施例中可以启动安全内核。该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

9. 发明申请

US20080109655A1 Launching a secure kernel in a multiprocessor system 有权
标题翻译：在多处理器系统中启动安全内核
公开(公告)号：US20080109655A1
公开(公告)日：2008-05-08
申请号：US12005455
申请日：2007-12-27
申请人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
发明人： John Wilson , Ioannis Schoinas , Mazin Yousif , Linda Rankin , David Grawrock , Robert Greiner , James Sutton , Kushagra Vaid , Willard Wiseman
IPC分类号： H04L9/00
CPC分类号： G06F21/575 , G06F21/44 , G06F21/445 , G06F21/50 , G06F21/606 , G06F21/64 , G06F21/71 , G06F2221/034
摘要： In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
摘要翻译：在本发明的一个实施例中，一种方法包括验证系统的起始逻辑处理器; 如果启动逻辑处理器被验证，则使用起始逻辑处理器验证可信代理; 以及如果所述信任代理被验证，则在所述系统的多个处理器上启动所述可信代理。在执行这样的可信代理之后，在某些实施例中可以启动安全内核。该系统可以是例如具有任意点到点互连的部分或完全连接的拓扑的多处理器服务器系统。

10. 发明申请

US20070003064A1 Apparatus and method for group session key and establishment using a certified migration key 有权
标题翻译：使用认证的迁移密钥进行组会话密钥和建立的装置和方法
公开(公告)号：US20070003064A1
公开(公告)日：2007-01-04
申请号：US11173486
申请日：2005-06-30
申请人： Willard Wiseman , Brett McKown
发明人： Willard Wiseman , Brett McKown
IPC分类号： H04L9/00
CPC分类号： H04L9/0836 , H04L9/0825
摘要： A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed.
摘要翻译：描述了使用认证的迁移密钥进行组会话密钥和建立的方法和装置。在一个实施例中，该方法包括将受保护的认证迁移密钥（CMK）导出到目标平台。在一个实施例中，受保护的CMK的导出要求目标平台被授权参与组并且具有包括符合组安全策略的属性的存储密钥。一旦导出受保护的CMK，在一个实施例中，组主密钥由CMK的公共部分加密，以形成受保护的组主密钥。随后，保护组主密钥被传送到目标平台。在一个实施例中，拥有组主密钥使得目标平台能够参与安全组通信会话。描述和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式