专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120110644A1 GLOBALLY VALID MEASURED OPERATING SYSTEM LAUNCH WITH HIBERNATION SUPPORT 有权
标题翻译：全球有效的测量操作系统启动与HIBERNATION支持
公开(公告)号：US20120110644A1
公开(公告)日：2012-05-03
申请号：US12938363
申请日：2010-11-02
申请人： Stefan Thom , Nathan Ide , Scott Daniel Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
发明人： Stefan Thom , Nathan Ide , Scott Daniel Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
IPC分类号： H04L9/32 , G06F15/16 , G06F21/00
CPC分类号： G06F21/57 , G06F2221/2101 , H04L9/0897
摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.
摘要翻译：事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示休眠前的计算设备现在已经恢复。休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是记录。在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

2. 发明授权

US08627464B2 Globally valid measured operating system launch with hibernation support 有权
标题翻译：全球有效的测量操作系统启动与冬眠支持
公开(公告)号：US08627464B2
公开(公告)日：2014-01-07
申请号：US12938363
申请日：2010-11-02
申请人： Stefan Thom , Nathan Ide , Scott Danie Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
发明人： Stefan Thom , Nathan Ide , Scott Danie Anderson , Robert Karl Spiger , David J. Linsley , Mark Fishel Novak , Magnus Nyström
IPC分类号： G06F12/14
CPC分类号： G06F21/57 , G06F2221/2101 , H04L9/0897
摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.
摘要翻译：事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示休眠前的计算设备现在已经恢复。休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是记录。在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

3. 发明授权

US08954965B2 Trusted execution environment virtual machine cloning 有权
标题翻译：可信执行环境虚拟机克隆
公开(公告)号：US08954965B2
公开(公告)日：2015-02-10
申请号：US13566250
申请日：2012-08-03
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F9/455
CPC分类号： G06F21/53
摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要翻译：克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机机。

4. 发明申请

US20140040890A1 TRUSTED EXECUTION ENVIRONMENT VIRTUAL MACHINE CLONING 有权
标题翻译：实施执行环境虚拟机克隆
公开(公告)号：US20140040890A1
公开(公告)日：2014-02-06
申请号：US13566250
申请日：2012-08-03
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F9/455
CPC分类号： G06F21/53
摘要： Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.
摘要翻译：克隆具有可信执行环境的虚拟机，例如基于软件的可信平台模块。为了克隆虚拟机，将复制源虚拟机的虚拟机状态以制定与目标虚拟机相关联的目标虚拟机状态。目标虚拟机是源虚拟机状态的克隆，因此受信任执行环境的存储层次结构对于源虚拟机状态和目标虚拟机状态中的受信任执行环境可能相同。然而，由于目标虚拟机的身份与源虚拟机的身份不同，所以目标虚拟机状态的认可层级被改变，使得其基于目标虚拟机的身份而不是源虚拟机机。

5. 发明授权

US08782423B2 Network based management of protected data sets 有权
标题翻译：基于网络的受保护数据集管理
公开(公告)号：US08782423B2
公开(公告)日：2014-07-15
申请号：US13527439
申请日：2012-06-19
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F3/06
CPC分类号： G06F3/0622 , G06F21/57 , G06F21/602
摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
摘要翻译：包括配置为维护受保护的帐户的帐户管理模块的系统。例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

6. 发明申请

US20130339729A1 NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS 有权
标题翻译：基于网络的保护数据集管理
公开(公告)号：US20130339729A1
公开(公告)日：2013-12-19
申请号：US13527439
申请日：2012-06-19
申请人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
发明人： Mark F. Novak , Andrew John Layman , Magnus Nyström , Stefan Thom
IPC分类号： G06F21/00 , G06F1/24 , H04L29/06
CPC分类号： G06F3/0622 , G06F21/57 , G06F21/602
摘要： A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
摘要翻译：包括配置为维护受保护的帐户的帐户管理模块的系统。例如，特定受保护的帐户包括在系统之外不可读的受保护的数据集，甚至在帐户之外甚至不可读。特定数据集对应于分配给特定帐户的特定实体，并且包括与特定实体相对应的密钥。响应于从特定实体接收到的一个或多个可信执行环境命令，安全处理器使用多个密钥中的至少一些来执行密码处理。

7. 发明授权

US08612766B2 Secure credential unlock using trusted execution environments 有权
公开(公告)号：US08612766B2
公开(公告)日：2013-12-17
申请号：US13176735
申请日：2011-07-05
申请人： Stefan Thom , Robert K. Spiger , Magnus Nyström , Himanshu Soni , Marc R. Barbour , Nick Voicu , Xintong Zhou , Kirk Shoop
发明人： Stefan Thom , Robert K. Spiger , Magnus Nyström , Himanshu Soni , Marc R. Barbour , Nick Voicu , Xintong Zhou , Kirk Shoop
IPC分类号： G06F21/00
CPC分类号： G06F21/602 , G06F21/30 , G06F21/31 , G06F21/57 , G06F2221/2103 , G06F2221/2107 , G06F2221/2131 , H04L9/0822 , H04L9/0861 , H04L9/3271 , H04L2209/127
摘要： Computing devices utilizing trusted execution environments as virtual smart cards are designed to support expected credential recovery operations when a user credential, e.g., personal identification number (PIN), password, etc. has been forgotten or is unknown. A computing device generates a cryptographic key that is protected with a PIN unlock key (PUK) provided by an administrative entity. If the user PIN cannot be input to the computing device the PUK can be input to unlock the locked cryptographic key and thereby provide access to protected data. A computing device can also, or alternatively, generate a group of challenges and formulate responses thereto. The formulated responses are each used to secure a computing device cryptographic key. If the user PIN cannot be input to the computing device an entity may request a challenge. The computing device issues a challenge from the set of generated challenges. Upon receiving a valid response back, the computing device can unlock the secured computing device cryptographic key associated with the issued challenge and subsequently provide access to protected data.

8. 发明授权

US09674177B1 Dynamic knowledge-based user authentication without need for presentation of predetermined credential 有权
公开(公告)号：US09674177B1
公开(公告)日：2017-06-06
申请号：US12333385
申请日：2008-12-12
申请人： Magnus Nyström
发明人： Magnus Nyström
IPC分类号： G06F17/30 , H04L29/06
CPC分类号： H04L63/083 , G06F21/31 , G06F2221/2131 , H04L63/0846
摘要： A personal computing device, server or other type of processing device authenticates a user attempting to access a protected resource by verifying user knowledge of one or more extracted characteristics of stored information indicative of an internal operating state of that resource. The one or more extracted characteristics are characteristics that would likely be known to the user if that user had made one or more previous authenticated accesses to the protected resource. For example, the extracted characteristics may be indicative of a manner in which the user had utilized the protected resource during the one or more previous authenticated accesses to the protected resource. The processing device receives input from the user regarding the one or more extracted characteristics, and grants or denies access to the protected resource based at least in part on the input received from the user.

9. 发明授权

US07562221B2 Authentication method and apparatus utilizing proof-of-authentication module 有权
标题翻译：使用认证证明模块的认证方法和设备
公开(公告)号：US07562221B2
公开(公告)日：2009-07-14
申请号：US11530998
申请日：2006-09-12
申请人： Magnus Nyström , Anders Rundgren , William M. Duane
发明人： Magnus Nyström , Anders Rundgren , William M. Duane
IPC分类号： H04L9/32
CPC分类号： G06Q20/3674 , G06F21/41 , H04L9/3213 , H04L9/3228 , H04L63/0807 , H04L63/0815 , H04L63/0838
摘要： A single sign-on technique allows multiple accesses to one or more applications or other resources using a proof-of-authentication module operating in conjunction with a standard authentication component. The application or other resource issues an authentication information request to the standard authentication component responsive to an access request from the user. The application or other resource receives, responsive to the authentication information request, a proof-of-authentication value from the standard authentication component, and authenticates the user based on the proof-of-authentication value. The standard authentication component interacts with the proof-of-authentication module to obtain the proof-of-authentication value. The proof-of-authentication module is configured to generate multiple proof-of-authentication values for authentication of respective access requests of the user.
摘要翻译：单一登录技术允许使用与标准认证组件一起运行的认证证明模块对一个或多个应用程序或其他资源进行多次访问。响应于来自用户的访问请求，应用或其他资源向标准认证组件发出认证信息请求。应用程序或其他资源响应于认证信息请求接收来自标准认证组件的认证证明值，并且基于认证证明值对用户进行认证。标准认证组件与认证证明模块交互以获得认证证明值。身份验证模块被配置为生成用于认证用户的各个访问请求的多个认证证明值。

10. 发明授权

US08826033B1 Data protection using virtual-machine-specific stable system values 有权
标题翻译：使用虚拟机特定的稳定系统值进行数据保护
公开(公告)号：US08826033B1
公开(公告)日：2014-09-02
申请号：US12644195
申请日：2009-12-22
申请人： Ajay Venkateshan Krishnaprasad , Parasuraman Narasimhan , Robert Polansky , Magnus Nyström
发明人： Ajay Venkateshan Krishnaprasad , Parasuraman Narasimhan , Robert Polansky , Magnus Nyström
IPC分类号： G06F21/22
CPC分类号： G06F21/53 , G06F21/554
摘要： A virtual machine on a physical host computer provides controlled access to protected data by creating and storing a “stored system fingerprint” from stable system values (SSVs) as existing when creating the stored system fingerprint. The SSVs include virtual-machine-specific values that change upon cloning the virtual machine (VM) but do not change upon migration of the VM. Upon a request for access to the protected data, a current system fingerprint is calculated from the SSVs as existing when processing the request, the current system fingerprint is compared to the stored system fingerprint to determine whether there is a predetermined degree of matching, and the requested access to the protected data is permitted only if there is the predetermined degree of matching.
摘要翻译：物理主机上的虚拟机通过在创建存储的系统指纹时，从存在的稳定系统值（SSV）中创建并存储“存储的系统指纹”来提供受保护数据的受控访问。 SSV包括在克隆虚拟机（VM）时进行更改但在迁移VM时不会更改的虚拟机特定值。在请求访问受保护的数据时，当处理请求时，从存在的SSV计算当前系统指纹，将当前系统指纹与存储的系统指纹进行比较，以确定是否存在预定的匹配度，并且仅当存在预定匹配度时才允许对受保护数据的访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式