公开(公告)号：DE10392320T5

公开(公告)日：2005-02-17

申请号：DE10392320

申请日：2003-02-13

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  KOZUCH MICHAEL ,  GRAWROCK DAVID

IPC: G06F21/00 ,  G06F9/40

Abstract: The method involves loading a component of an operating system into a specific region (275) of a memory by the active one of the CPUs (210,220,230) of a multi-processor system (200). The identity of the loaded component is registered. The active CPU is made to jump to a known entry point in the specific region. Independent claims are also included for the following: (1) article of manufacture comprising computer readable medium storing operating system loading program; (2) method of securing a region in computer memory; and (3) apparatus to load trustable operating system.

公开(公告)号：AU2003224737A8

公开(公告)日：2009-10-15

申请号：AU2003224737

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/455 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：GB2403832B

公开(公告)日：2006-01-11

申请号：GB0422099

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID W

IPC: G06F1/00 ,  G06F21/00

Abstract: A method and apparatus for resetting and modifying special registers in a security token is described. In one embodiment, a register may be reset when a reset flag is true when a special transmission on a bus demonstrates the mutual locality of the associated processor and chipset. A modify flag may also be used to indicate whether the register contents may be modified. Modifications may also be dependent upon demonstration of mutual locality.

公开(公告)号：HK1072304A1

公开(公告)日：2005-08-19

申请号：HK05103685

申请日：2005-04-29

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID W

IPC: G06F1/00 ,  G06F21/00 ,  G06F

Abstract: A method and apparatus for resetting and modifying special registers in a security token is described. In one embodiment, a register may be reset when a reset flag is true when a special transmission on a bus demonstrates the mutual locality of the associated processor and chipset. A modify flag may also be used to indicate whether the register contents may be modified. Modifications may also be dependent upon demonstration of mutual locality.

公开(公告)号：AU2003222104A1

公开(公告)日：2003-11-03

申请号：AU2003222104

申请日：2003-03-28

Applicant: INTEL CORP

Inventor： GRAWROCK DAVID ,  SUTTON JAMES II

IPC: G06F21/24 ,  G06F1/00 ,  G06F21/20 ,  H04L9/08 ,  H04L9/10 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the platform into the data center. In an embodiment, the private key is revoked upon determining that the platform has been compromised. In one embodiment, the private key may be revoked in each of the platforms of the data center.

公开(公告)号：HK1052237A1

公开(公告)日：2003-09-05

申请号：HK03104417

申请日：2003-06-19

Applicant: INTEL CORP

Inventor： GOLLIVER ROGER A ,  SUTTON JAMES II ,  LIN DERRICK ,  THAKKAR SHREEKANT ,  NEIGER GILBERT ,  MCKEEN FRANCIS ,  HERBERT HOWARD ,  RENERIS KENNETH ,  ELLISON CARL

IPC: G06F12/14 ,  G06F

公开(公告)号：GB2439160A

公开(公告)日：2007-12-19

申请号：GB0700525

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  HALL CLIFFORD ,  BRICKELL ERNEST ,  GRAWROCK DAVID

IPC: H04L9/08 ,  H04L9/32

Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may he accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

公开(公告)号：DE112005001654T5

公开(公告)日：2007-11-22

申请号：DE112005001654

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30

公开(公告)号：GB2402521A

公开(公告)日：2004-12-08

申请号：GB0419314

申请日：2003-02-13

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  KOZUCH MICHAEL ,  GRAWROCK DAVID W

IPC: G06F21/00 ,  G06F9/445 ,  G06F9/40

Abstract: A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.

公开(公告)号：AU2003231237A8

公开(公告)日：2003-12-22

申请号：AU2003231237

申请日：2003-05-01

Applicant: INTEL CORP

Inventor： GRAWROCK DAVID ,  GEORGE ROBERT ,  HALL CLIFFORD ,  SMITH LAWRENCE III ,  SUTTON JAMES II ,  BURGESS BRADLEY ,  POISNER DAVID ,  NEIGER GILBERT ,  UHLIG RICHARD ,  KOZUCH MICHAEL ,  GLEW ANDREW

IPC: G06F1/00 ,  G06F9/46 ,  G06F12/14 ,  G06F21/00 ,  G06F9/48 ,  G06F9/455

Abstract: Techniques for handling certain virtualization events occurring within a virtual machine environment. More particularly, at least one embodiment of the invention pertains to handling events related to the sub-operating system mode using a dedicated virtual machine monitor (VMM) called the system management mode VMM (SVMM), which exists in a separate portion of memory from a main virtual machine monitor (MVMM) used to handle virtualization events other than those related to the sub-operating system mode. In at least one embodiment, a technique for initializing and managing transitions to and from the SVMM is disclosed.