专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08417962B2 Device booting with an initial protection component 有权
公开(公告)号：US08417962B2
公开(公告)日：2013-04-09
申请号：US12813955
申请日：2010-06-11
申请人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
发明人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
IPC分类号： G06F11/30 , G06F12/14
CPC分类号： G06F21/575
摘要： Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.

2. 发明申请

US20110307711A1 DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT 有权
标题翻译：具有初始保护组件的设备启动
公开(公告)号：US20110307711A1
公开(公告)日：2011-12-15
申请号：US12813955
申请日：2010-06-11
申请人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
发明人： Mark F. Novak , Robert Karl Spiger , Stefan Thom , David J. Linsley , Scott A. Field , Anil Francis Thomas
IPC分类号： G06F21/00 , G06F12/14 , G06F15/177
CPC分类号： G06F21/575
摘要： Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.
摘要翻译：启动计算设备包括执行一个或多个固件组件，后跟引导加载程序组件。在执行引导加载程序组件之后，识别并执行诸如反恶意软件程序之类的计算设备的保护组件作为初始组件。还执行一个或多个引导组件，这些一个或多个引导组件仅包括被保护组件批准的引导组件。先前已被保护组件批准的引导组件列表也可以以防篡改的方式进行维护。

3. 发明授权

US08627464B2 Globally valid measured operating system launch with hibernation support 有权
标题翻译：全球有效的测量操作系统启动与冬眠支持
公开(公告)号：US08627464B2
公开(公告)日：2014-01-07
申请号：US12938363
申请日：2010-11-02
申请人： Stefan Thom , Nathan Ide , Scott Danie Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
发明人： Stefan Thom , Nathan Ide , Scott Danie Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
IPC分类号： G06F12/14
CPC分类号： G06F21/57 , G06F2221/2101 , H04L9/0897
摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.
摘要翻译：事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示休眠前的计算设备现在已经恢复。休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是记录。在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

4. 发明申请

US20120110644A1 GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT 有权
标题翻译：全球有效的测量操作系统启动与HIBERNATION支持
公开(公告)号：US20120110644A1
公开(公告)日：2012-05-03
申请号：US12938363
申请日：2010-11-02
申请人： Stefan Thom , Nathan Ide , Scott Daniel Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
发明人： Stefan Thom , Nathan Ide , Scott Daniel Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
IPC分类号： H04L9/32 , G06F15/16 , G06F21/00
CPC分类号： G06F21/57 , G06F2221/2101 , H04L9/0897
摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.
摘要翻译：事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示休眠前的计算设备现在已经恢复。休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是记录。在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

5. 发明申请

US20120297200A1 POLICY BOUND KEY CREATION AND RE-WRAP SERVICE 有权
标题翻译：政策关键创新和重覆服务
公开(公告)号：US20120297200A1
公开(公告)日：2012-11-22
申请号：US13109685
申请日：2011-05-17
申请人： Stefan Thom , Robert Karl Spiger , Valerie Kathleen Bays , Bo Gustaf Magnus Nyström
发明人： Stefan Thom , Robert Karl Spiger , Valerie Kathleen Bays , Bo Gustaf Magnus Nyström
IPC分类号： G06F12/14
CPC分类号： G06F21/57 , G06F21/602 , G06F21/6209 , H04L2209/127
摘要： One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine.
摘要翻译：提供一个或多个技术和/或系统用于供应加密的密钥块和客户端证书。也就是说，第一机器上的受信任执行环境可以向密钥服务提供商提供密码加密密钥。密钥服务提供商可以使用密码加密密钥来加密密钥块，和/或使用一个或多个策略（例如平台策略）来包裹加密的密钥块。密钥服务提供商可以将加密的密钥blob提供给第一台机器上的客户端。客户端可以将加密的密钥blob提交到可信执行环境进行验证，以便客户端可以执行关键操作，例如签署电子邮件或加密数据。由于密钥blob可能是特定的可信任的执行环境和/或机器，所以如果客户端漫游到第二台机器，则密钥服务提供商可以重新包装密钥块。

6. 发明授权

US09690941B2 Policy bound key creation and re-wrap service 有权
公开(公告)号：US09690941B2
公开(公告)日：2017-06-27
申请号：US13109685
申请日：2011-05-17
申请人： Stefan Thom , Robert Karl Spiger , Valerie Kathleen Bays , Bo Gustaf Magnus Nyström
发明人： Stefan Thom , Robert Karl Spiger , Valerie Kathleen Bays , Bo Gustaf Magnus Nyström
IPC分类号： G06F21/57 , G06F21/62 , G06F21/60
CPC分类号： G06F21/57 , G06F21/602 , G06F21/6209 , H04L2209/127
摘要： One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine.

7. 发明授权

US08924737B2 Digital signing authority dependent platform secret 有权
标题翻译：数字签名权依赖平台秘密
公开(公告)号：US08924737B2
公开(公告)日：2014-12-30
申请号：US13218029
申请日：2011-08-25
申请人： Stefan Thom , Robert Karl Spiger , Magnus Bo Gustaf Nyström , David R. Wooten
发明人： Stefan Thom , Robert Karl Spiger , Magnus Bo Gustaf Nyström , David R. Wooten
IPC分类号： G06F21/60 , G06F21/62 , G06F21/57
CPC分类号： G06F21/575 , G06F21/602 , G06F21/73
摘要： In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret.
摘要翻译：根据一个或多个方面，生成设备的固件环境的配置的表示。获得设备的秘密，并且基于固件环境配置表示和设备的秘密生成平台秘密。可以基于平台秘密生成一个或多个密钥。

8. 发明申请

US20130054946A1 DIGITAL SIGNING AUTHORITY DEPENDENT PLATFORM SECRET 有权
标题翻译：数字签名机构相关平台秘密
公开(公告)号：US20130054946A1
公开(公告)日：2013-02-28
申请号：US13218029
申请日：2011-08-25
申请人： Stefan Thom , Robert Karl Spiger , Magnus Bo Gustaf Nyström , David R. Wooten
发明人： Stefan Thom , Robert Karl Spiger , Magnus Bo Gustaf Nyström , David R. Wooten
IPC分类号： G06F21/22 , G06F9/06
CPC分类号： G06F21/575 , G06F21/602 , G06F21/73
摘要： In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret.
摘要翻译：根据一个或多个方面，生成设备的固件环境的配置的表示。获得设备的秘密，并且基于固件环境配置表示和设备的秘密生成平台秘密。可以基于平台秘密生成一个或多个密钥。

9. 发明申请

US20110246785A1 HARDWARE SUPPORTED VIRTUALIZED CRYPTOGRAPHIC SERVICE 有权
标题翻译：硬件支持的VIRTUALIZED CRYPTOGRAPHIC服务
公开(公告)号：US20110246785A1
公开(公告)日：2011-10-06
申请号：US12750141
申请日：2010-03-30
申请人： David J. Linsley , Stefan Thom
发明人： David J. Linsley , Stefan Thom
IPC分类号： G06F21/00 , H04L9/00 , G06F12/14 , G06F9/455
CPC分类号： G06F21/53 , G06F9/45558 , G06F21/57 , G06F21/602 , G06F21/72 , G06F2009/45587 , G06F2221/2149 , G06F2221/2153 , H04L63/061
摘要： A Trusted Platform Module (TPM) can be utilized to provide hardware-based protection of cryptographic information utilized within a virtual computing environment. A virtualized cryptographic service can interface with the virtual environment and enumerate a set of keys that encryption mechanisms within the virtual environment can utilize to protect their keys. The keys provided by the virtualized cryptographic service can be further protected by the TPM-specific keys of the TPM on the computing device hosting the virtual environment. Access to the protected data within the virtual environment can, thereby, only be granted if the virtualized cryptographic service's keys have been protected by the TPM-specific keys of the TPM on the computing device that is currently hosting the virtual environment. The virtualized cryptographic service's keys can be protected by TPM-specific keys of TPMs on selected computing devices to enable the virtual environment to be hosted by other computing devices.
摘要翻译：可信平台模块（TPM）可用于为虚拟计算环境中使用的加密信息提供基于硬件的保护。虚拟化加密服务可以与虚拟环境接口并枚举一组密钥，虚拟环境中的加密机制可以利用这些密钥来保护其密钥。由虚拟化加密服务提供的密钥可以由托管虚拟环境的计算设备上的TPM专用密钥进一步保护。因此，只有当虚拟化加密服务的密钥已被当前托管虚拟环境的计算设备上的TPM的TPM特定密钥保护时，才能访问虚拟环境中的受保护数据。虚拟化加密服务的密钥可以由TPM在特定计算设备上的特定TPM密钥进行保护，以使虚拟环境由其他计算设备托管。

10. 发明授权

US08375437B2 Hardware supported virtualized cryptographic service 有权
标题翻译：硬件支持虚拟化加密服务
公开(公告)号：US08375437B2
公开(公告)日：2013-02-12
申请号：US12750141
申请日：2010-03-30
申请人： David J. Linsley , Stefan Thom
发明人： David J. Linsley , Stefan Thom
IPC分类号： G06F9/00 , G06F11/30
CPC分类号： G06F21/53 , G06F9/45558 , G06F21/57 , G06F21/602 , G06F21/72 , G06F2009/45587 , G06F2221/2149 , G06F2221/2153 , H04L63/061
摘要： A Trusted Platform Module (TPM) can be utilized to provide hardware-based protection of cryptographic information utilized within a virtual computing environment. A virtualized cryptographic service can interface with the virtual environment and enumerate a set of keys that encryption mechanisms within the virtual environment can utilize to protect their keys. The keys provided by the virtualized cryptographic service can be further protected by the TPM-specific keys of the TPM on the computing device hosting the virtual environment. Access to the protected data within the virtual environment can, thereby, only be granted if the virtualized cryptographic service's keys have been protected by the TPM-specific keys of the TPM on the computing device that is currently hosting the virtual environment. The virtualized cryptographic service's keys can be protected by TPM-specific keys of TPMs on selected computing devices to enable the virtual environment to be hosted by other computing devices.
摘要翻译：可信平台模块（TPM）可用于为虚拟计算环境中使用的加密信息提供基于硬件的保护。虚拟化加密服务可以与虚拟环境接口并枚举一组密钥，虚拟环境中的加密机制可以利用这些密钥来保护其密钥。由虚拟化加密服务提供的密钥可以由托管虚拟环境的计算设备上的TPM专用密钥进一步保护。因此，只有当虚拟化加密服务的密钥已被当前托管虚拟环境的计算设备上的TPM的TPM特定密钥保护时，才能访问虚拟环境中的受保护数据。虚拟化加密服务的密钥可以由TPM在特定计算设备上的特定TPM密钥进行保护，以使虚拟环境由其他计算设备托管。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式