公开(公告)号：GB2439160A

公开(公告)日：2007-12-19

申请号：GB0700525

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  HALL CLIFFORD ,  BRICKELL ERNEST ,  GRAWROCK DAVID

IPC: H04L9/08 ,  H04L9/32

Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may he accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

公开(公告)号：DE112005001654T5

公开(公告)日：2007-11-22

申请号：DE112005001654

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30

公开(公告)号：DE112005001672T5

公开(公告)日：2007-05-31

申请号：DE112005001672

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/08

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.

公开(公告)号：DE60123259T2

公开(公告)日：2007-05-10

申请号：DE60123259

申请日：2001-06-14

Applicant: INTEL CORP

Inventor： GRAWROCK DAVID

IPC: G06F9/00 ,  G06F9/445 ,  G06F21/00

Abstract: In one embodiment, an integrated circuit device comprises a trusted platform module and a boot block memory unit covered by a common package. The boot block memory unit is in communication with the trusted platform module and provides boot information to the trusted platform module. An example of the boot information includes a boot block code.

公开(公告)号：DE60123259D1

公开(公告)日：2006-11-02

申请号：DE60123259

申请日：2001-06-14

Applicant: INTEL CORP

Inventor： GRAWROCK DAVID

IPC: G06F9/00 ,  G06F9/445 ,  G06F21/00

Abstract: In one embodiment, an integrated circuit device comprises a trusted platform module and a boot block memory unit covered by a common package. The boot block memory unit is in communication with the trusted platform module and provides boot information to the trusted platform module. An example of the boot information includes a boot block code.

公开(公告)号：GB2419989B

公开(公告)日：2006-09-27

申请号：GB0601326

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F21/00 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：GB2419989A

公开(公告)日：2006-05-10

申请号：GB0601326

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F21/00 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialisation and secure virtual machine monitor software into memory. The initiating processor then loads the initialisation software into secure memory for authentication and execution. The initialisation software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. Executing a secured enter instruction, and preventing access to a secured virtual machine monitor by a non-processor device.

公开(公告)号：AU2003290767A1

公开(公告)日：2004-07-29

申请号：AU2003290767

申请日：2003-11-12

Applicant: INTEL CORP

Inventor： GRAWROCK DAVID

IPC: G06F21/00 ,  H04L9/00 ,  G06F1/00

Abstract: Methods, apparatus and machine readable medium are described for creating and using protected key blobs that require a particular portable token be present before use of the key or keys of the protected key blob is granted. Such protected key blobs may be used to establish a level of trust between a local user and the computing device.

公开(公告)号：AU2003231237A8

公开(公告)日：2003-12-22

申请号：AU2003231237

申请日：2003-05-01

Applicant: INTEL CORP

Inventor： GRAWROCK DAVID ,  GEORGE ROBERT ,  HALL CLIFFORD ,  SMITH LAWRENCE III ,  SUTTON JAMES II ,  BURGESS BRADLEY ,  POISNER DAVID ,  NEIGER GILBERT ,  UHLIG RICHARD ,  KOZUCH MICHAEL ,  GLEW ANDREW

IPC: G06F1/00 ,  G06F9/46 ,  G06F12/14 ,  G06F21/00 ,  G06F9/48 ,  G06F9/455

Abstract: Techniques for handling certain virtualization events occurring within a virtual machine environment. More particularly, at least one embodiment of the invention pertains to handling events related to the sub-operating system mode using a dedicated virtual machine monitor (VMM) called the system management mode VMM (SVMM), which exists in a separate portion of memory from a main virtual machine monitor (MVMM) used to handle virtualization events other than those related to the sub-operating system mode. In at least one embodiment, a technique for initializing and managing transitions to and from the SVMM is disclosed.

公开(公告)号：AU2003223438A1

公开(公告)日：2003-11-03

申请号：AU2003223438

申请日：2003-04-02

Applicant: INTEL CORP

Inventor： POISNER DAVID ,  GRAWROCK DAVID ,  SUTTON JAMES II

IPC: G06F21/00 ,  G06F1/00

Abstract: A method and apparatus to communicate with a token using a previously reserved binary number in the start field of a cycle, wherein the cycle is not echoed on any bus other than the bus through which the communication is received.