公开(公告)号：US07818574B2

公开(公告)日：2010-10-19

申请号：US10938808

申请日：2004-09-10

Applicant: Camil Fayad ,  John K. Li ,  Siegfried Sutter

Inventor： Camil Fayad ,  John K. Li ,  Siegfried Sutter

IPC: H04L9/32

CPC classification number: G06F21/72 ,  G06F2221/2115 ,  H04L9/3263 ,  H04L2209/56

Abstract: A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.

Abstract translation: 提供了一种机制，其中通过加密的授权证书来控制存在于集成电路芯片上的功能，其包括指示允许的操作周期或允许的操作持续时间的时间信息。 该芯片包括至少一个加密引擎和至少一个处理器。 该芯片还包含硬编码密码密钥，包括芯片私钥，芯片公钥和第三方的公钥。 该芯片还配有电池备份的易失性存储器，其中包含用于验证操作权限的信息。 授权证书也不仅用于控制操作的时间方面，而且还可用于控制对可能存在于芯片上的某些功能的访问，诸如访问与结合在一起提供的一些或全部密码特征 加密引擎的存在，如密钥大小。

公开(公告)号：US07624283B2

公开(公告)日：2009-11-24

申请号：US11352762

申请日：2006-02-13

Applicant: Steven A. Bade ,  Thomas J. Dewkett ,  Nia L. Kelley ,  Siegfried Sutter ,  Helmut H. Weber

Inventor： Steven A. Bade ,  Thomas J. Dewkett ,  Nia L. Kelley ,  Siegfried Sutter ,  Helmut H. Weber

IPC: G06F11/30 ,  H04K1/10

CPC classification number: G06F21/57

Abstract: A computer implemented method for recovering a partition context in the event of a system or hardware device failure. Upon receiving a command from a partition to modify context data in a trusted platform module (TPM) hardware device, a trusted platform module input/output host partition (TMPIOP) provides an encrypted copy of the context data and the command to the TPM hardware device, which processes the command and updates the context data. If the TPM hardware device successfully processes the command, the TMPIOP receives the updated context data from the TPM hardware device and stores the updated context data received in encrypted form in a context data cache or a non-volatile storage off-board the TPM hardware device. If the TPM hardware device fails to successfully process the command, the TMPIOP uses a last valid copy of the context data to retry processing of the command on a different TPM hardware device.

Abstract translation: 一种用于在系统或硬件设备故障的情况下恢复分区上下文的计算机实现的方法。 信任平台模块输入/输出主机分区（TMPIOP）在接收到来自分区的命令以修改可信平台模块（TPM）硬件设备中的上下文数据时，将上下文数据的加密副本提供给TPM硬件设备 ，它处理命令并更新上下文数据。 如果TPM硬件设备成功地处理该命令，则TMPIOP从TPM硬件设备接收更新的上下文数据，并将以加密形式接收到的更新的上下文数据存储在上行数据高速缓存或TPM硬件设备的非易失性存储器 。 如果TPM硬件设备无法成功处理该命令，则TMPIOP将使用上一个上下文数据的最后一个有效副本来重试不同TPM硬件设备上的命令处理。

公开(公告)号：US20060059369A1

公开(公告)日：2006-03-16

申请号：US10938835

申请日：2004-09-10

Applicant: Camil Fayad ,  John Li ,  Siegfried Sutter

Inventor： Camil Fayad ,  John Li ,  Siegfried Sutter

IPC: G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC classification number: G06F21/72 ,  G06F21/6218 ,  G06F21/79

Abstract: A mechanism is provided in which a secure chip for performing cryptographic and/or other functions is able to securely access a separate random access memory externally disposed with respect to a secure chip boundary. Addressing of the external memory is controlled so as to define certain regions therein which receive and store only encrypted information from the chip. Other regions of the external memory are set aside for the receipt and storage of unencrypted information. Access to the external memory is provided through a controlled interface which communicates with internal chip hardware which operates to control the flow of communication between various internal components such as cryptographic engines, data processors, internal memory of both the volatile and the nonvolatile variety and an external interface which provides the only other access to the chip. The internal chip hardware with which the external memory interface communicates is implemented as a combined ASIC and programmable hardware circuit, wherein the programmable hardware circuit is also securely configurable.

Abstract translation: 提供了一种机制，其中用于执行加密和/或其他功能的安全芯片能够安全地访问相对于安全芯片边界而外部设置的单独的随机存取存储器。 控制外部存储器的寻址以便限定其中接收并存储来自芯片的加密信息的某些区域。 留出外部存储器的其他区域用于接收和存储未加密的信息。 通过与内部芯片硬件进行通信的受控接口提供对外部存储器的访问，该内部芯片硬件用于控制各种内部组件（例如密码引擎，数据处理器，易失性和非易失性品种的内部存储器）之间的通信流和外部 接口，只提供对芯片的唯一访问。 外部存储器接口通信的内部芯片硬件被实现为组合ASIC和可编程硬件电路，其中可编程硬件电路也可以可靠地配置。

公开(公告)号：US20060026422A1

公开(公告)日：2006-02-02

申请号：US10902711

申请日：2004-07-29

Applicant: Steven Bade ,  Thomas Dewkett ,  Nia Kelley ,  Siegfried Sutter ,  Helmut Weber

Inventor： Steven Bade ,  Thomas Dewkett ,  Nia Kelley ,  Siegfried Sutter ,  Helmut Weber

IPC: H04L9/00

CPC classification number: H04L63/104 ,  H04L9/0877 ,  H04L9/0897 ,  H04L63/20 ,  H04L2209/805

Abstract: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system. The data processing system includes a primary hardware trusted platform module (TPM) and a secondary hardware backup TPM. The data processing system also includes multiple logical partitions. The primary hardware TPM is used to provide trusted computing services to the logical partitions. A determination is made as to whether the primary hardware TPM is malfunctioning. If a determination is made that the primary hardware TPM is malfunctioning, the secondary hardware TPM is designated as a new primary hardware TPM and is utilized instead of the primary TPM to provide trusted computing services to the logical partitions.

Abstract translation: 描述了用于在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品。 数据处理系统包括主硬件可信平台模块（TPM）和辅助硬件备份TPM。 数据处理系统还包括多个逻辑分区。 主要硬件TPM用于向逻辑分区提供可信计算服务。 确定主要硬件TPM是否发生故障。 如果确定主硬件TPM出现故障，则辅助硬件TPM被指定为新的主要硬件TPM，并且被使用而不是主TPM来向逻辑分区提供可信计算服务。

公开(公告)号：US20060026419A1

公开(公告)日：2006-02-02

申请号：US10902670

申请日：2004-07-29

Applicant: Richard Arndt ,  Steven Bade ,  Thomas Dewkett ,  Charles Gainey ,  Nia Kelley ,  Siegfried Sutter ,  Helmut Weber

Inventor： Richard Arndt ,  Steven Bade ,  Thomas Dewkett ,  Charles Gainey ,  Nia Kelley ,  Siegfried Sutter ,  Helmut Weber

IPC: H04L9/00

CPC classification number: H04L63/20 ,  G06F21/57 ,  H04L63/0876 ,  H04L63/102

Abstract: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

Abstract translation: 描述了一种在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品，其中数据处理系统包括单个硬件可信平台模块（TPM）。 在数据处理系统中提供了多个逻辑分区。 为每个逻辑分区生成唯一的上下文。 当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。 硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。 每个上下文时隙都可以存储一个分区的上下文。 每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。 至少一个上下文时隙同时与多于一个的逻辑分区相关联。 在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

公开(公告)号：US07996687B2

公开(公告)日：2011-08-09

申请号：US12262445

申请日：2008-10-31

Applicant: Richard Louis Arndt ,  Steven A. Bade ,  Thomas J. Dewkett ,  Charles W. Gainey, Jr. ,  Nia Letise Kelley ,  Siegfried Sutter ,  Helmut H. Weber

Inventor： Richard Louis Arndt ,  Steven A. Bade ,  Thomas J. Dewkett ,  Charles W. Gainey, Jr. ,  Nia Letise Kelley ,  Siegfried Sutter ,  Helmut H. Weber

IPC: G06F11/30 ,  H04K1/10

CPC classification number: H04L63/20 ,  G06F21/57 ,  H04L63/0876 ,  H04L63/102

Abstract: Multiple logical partitions are provided in a data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

Abstract translation: 在数据处理系统中提供了多个逻辑分区。 为每个逻辑分区生成唯一的上下文。 当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。 硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。 每个上下文时隙都可以存储一个分区的上下文。 每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。 至少一个上下文时隙同时与多于一个的逻辑分区相关联。 在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

公开(公告)号：US07873830B2

公开(公告)日：2011-01-18

申请号：US11331918

申请日：2006-01-13

Applicant: Camil Fayad ,  John K. Li ,  Siegfried Sutter

Inventor： Camil Fayad ,  John K. Li ,  Siegfried Sutter

IPC: H04L9/32 ,  G06F9/50 ,  G06F15/167 ,  G06F13/00

CPC classification number: G06F21/76 ,  G06F21/72 ,  G06F21/79

Abstract: Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.

Abstract translation: 包括加密功能的电子电路芯片通过利用共享的外部存储器而被布置成多芯片配置。 通过握手协议来保护芯片的安全性，该握手协议允许每个芯片访问存储器的有限部分，其以与防篡改芯片本身保持相同的高安全级别的方式定义。 芯片可以被操作以在不同的任务上工作或者在相同的任务上工作，从而提供了一种用于在需要时对速度与冗余进行交换的机制。

公开(公告)号：US20100042823A1

公开(公告)日：2010-02-18

申请号：US12262445

申请日：2008-10-31

Applicant: Richard Louis Arndt ,  Steven A. Bade ,  Thomas J. Dewkett ,  Charles W. Gainey, JR. ,  Nia Letise Kelley ,  Siegfried Sutter ,  Helmut H. Weber

Inventor： Richard Louis Arndt ,  Steven A. Bade ,  Thomas J. Dewkett ,  Charles W. Gainey, JR. ,  Nia Letise Kelley ,  Siegfried Sutter ,  Helmut H. Weber

IPC: G06F12/14 ,  G06F9/24 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F21/57 ,  H04L63/0876 ,  H04L63/102

Abstract: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

Abstract translation: 描述了一种在数据处理系统内实现可信计算环境的方法，装置和计算机程序产品，其中数据处理系统包括单个硬件可信平台模块（TPM）。 在数据处理系统中提供了多个逻辑分区。 为每个逻辑分区生成唯一的上下文。 当其中一个逻辑分区需要访问硬件TPM时，该分区的上下文需要存储在硬件TPM中。 硬件TPM包括有限数量的存储位置，称为上下文时隙，用于存储上下文。 每个上下文时隙都可以存储一个分区的上下文。 每个分区与硬件TPM中的有限数量的上下文存储时隙中的一个相关联。 至少一个上下文时隙同时与多于一个的逻辑分区相关联。 在数据处理系统的运行期间，上下文交换进出硬件TPM，以便当这些分区中的一个需要访问硬件TPM时，其所需的上下文当前存储在硬件TPM中。

公开(公告)号：US20070220369A1

公开(公告)日：2007-09-20

申请号：US11358174

申请日：2006-02-21

Applicant: Camil Fayad ,  John Li ,  Siegfried Sutter

Inventor： Camil Fayad ,  John Li ,  Siegfried Sutter

IPC: G06F11/00

CPC classification number: G06F11/181 ,  G06F11/1004 ,  G06F11/184 ,  G06F11/2236

Abstract: A method and apparatus are provided for identifying a defective processor of a plurality of processors of a multi-processor system. In such method, a first command is submitted to a first processor and to a second processor within the multi-processor system. The first command is executed by each of the first and second processors. A first result of executing the first command by the first processor is compared with a second result of executing the second command by the second processor. A hard error is indicated when the first result does not match the second result. To further isolate a fault within the system, commands are submitted to different pairings of processors and the results are compared to isolate a faulty processor from among them.

Abstract translation: 提供了一种用于识别多处理器系统的多个处理器的有缺陷的处理器的方法和装置。 在这种方法中，将第一命令提交给多处理器系统内的第一处理器和第二处理器。 第一命令由第一和第二处理器中的每一个执行。 将由第一处理器执行第一命令的第一结果与由第二处理器执行第二命令的第二结果进行比较。 当第一个结果与第二个结果不匹配时，会显示硬错误。 为了进一步隔离系统中的故障，将命令提交给不同的处理器配对，并将结果与​​其中的故障处理器进行比较。

公开(公告)号：US20070192597A1

公开(公告)日：2007-08-16

申请号：US11352762

申请日：2006-02-13

Applicant: Steven Bade ,  Thomas Dewkett ,  Nia Kelley ,  Siegfried Sutter ,  Helmut Weber

Inventor： Steven Bade ,  Thomas Dewkett ,  Nia Kelley ,  Siegfried Sutter ,  Helmut Weber

IPC: H04L9/00

CPC classification number: G06F21/57

Abstract: A computer implemented method for recovering a partition context in the event of a system or hardware device failure. Upon receiving a command from a partition to modify context data in a trusted platform module (TPM) hardware device, a trusted platform module input/output host partition (TMPIOP) provides an encrypted copy of the context data and the command to the TPM hardware device, which processes the command and updates the context data. If the TPM hardware device successfully processes the command, the TMPIOP receives the updated context data from the TPM hardware device and stores the updated context data received in encrypted form in a context data cache or a non-volatile storage off-board the TPM hardware device. If the TPM hardware device fails to successfully process the command, the TMPIOP uses a last valid copy of the context data to retry processing of the command on a different TPM hardware device.

Abstract translation: 一种用于在系统或硬件设备故障的情况下恢复分区上下文的计算机实现的方法。 信任平台模块输入/输出主机分区（TMPIOP）在接收到来自分区的命令以修改可信平台模块（TPM）硬件设备中的上下文数据时，将上下文数据的加密副本提供给TPM硬件设备 ，它处理命令并更新上下文数据。 如果TPM硬件设备成功地处理该命令，则TMPIOP从TPM硬件设备接收更新的上下文数据，并将以加密形式接收到的更新的上下文数据存储在上行数据高速缓存或TPM硬件设备的非易失性存储器 。 如果TPM硬件设备无法成功处理该命令，则TMPIOP将使用上一个上下文数据的最后一个有效副本来重试不同TPM硬件设备上的命令处理。