-
公开(公告)号:DE112010005069T5
公开(公告)日:2012-11-29
申请号:DE112010005069
申请日:2010-12-13
Applicant: INTEL CORP
Inventor: MARTINEZ ALBERTO J , BRICKELL ERNIE , STEVENS WILLIAM A , GOEL PURUSHOTTAM
Abstract: Bei einigen Ausführungsformen wird eine sichere Berechtigungsanfrage, um eine Hardwarekonfiguration zu ändern, erzeugt. Die sichere Berechtigungsanfrage wird an einen entfernten Standort gesendet und eine Berechtigung, die vom entfernten Standort als Reaktion auf die Berechtigungsanfrage gesendet wird, wird empfangen. Die Hardwarekonfiguration wird als Reaktion auf die empfangene Berechtigung geändert. Weitere Ausführungsformen sind beschrieben und werden beansprucht.
-
公开(公告)号:WO2011078855A1
公开(公告)日:2011-06-30
申请号:PCT/US2009069212
申请日:2009-12-22
Applicant: INTEL CORP , MCKEEN FRANCIS X , ROZAS CARLOS V , SAVAGANKAR UDAY R , JOHNSON SIMON P , SCARLATA VINCENT R , GOLDSMITH MICHAEL A , BRICKELL ERNIE , LI JIANGTAO , HERBERT HOWARD C , DEWAN PRASHANT , TOLOPKA STEPHEN J , NEIGER GILBERT , DURHAM DAVID , GRAUNKE GARY , LINT BERNARD , VAN DYKE DON A , CIHULA JOSEPH , JEYASINGH STALINSELVARAJ , VAN DOREN STEPHEN R , RODGERS DION , GARNEY JOHN
Inventor: MCKEEN FRANCIS X , ROZAS CARLOS V , SAVAGANKAR UDAY R , JOHNSON SIMON P , SCARLATA VINCENT R , GOLDSMITH MICHAEL A , BRICKELL ERNIE , LI JIANGTAO , HERBERT HOWARD C , DEWAN PRASHANT , TOLOPKA STEPHEN J , NEIGER GILBERT , DURHAM DAVID , GRAUNKE GARY , LINT BERNARD , VAN DYKE DON A , CIHULA JOSEPH , JEYASINGH STALINSELVARAJ , VAN DOREN STEPHEN R , RODGERS DION , GARNEY JOHN
CPC classification number: G06F12/1491 , G06F12/0802 , G06F12/10 , G06F21/72 , G06F21/74 , G06F2221/2105
Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
Abstract translation: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中,建立一个或多个安全空间,其中可以存储和执行应用和数据。
-
公开(公告)号:ES2781826T3
公开(公告)日:2020-09-08
申请号:ES14194144
申请日:2014-11-20
Applicant: INTEL CORP
Inventor: JOHNSON SIMON , MCKEEN FRANCIS , SCARLATA VINCENT , ROZAS CARLOS , SAVAGAONKAR UDAY , GOLDSMITH MICHAEL , BRICKELL ERNIE
Abstract: Un procesador (200) que comprende: una unidad de instrucción (214) para recibir una primera instrucción, en donde la primera instrucción es inicializar un enclave seguro, y en donde la primera instrucción también incluye establecer un bit de atributo específico de funcionalidad para el enclave seguro; y una unidad de ejecución (270) para ejecutar la primera instrucción, en donde la ejecución de la primera instrucción incluye verificar que una clave de estructura de firma coincida con una clave digital (216) incorporada en el procesador para permitir que el software que se ejecuta dentro del enclave seguro utilice software o hardware para realizar una función fuera del enclave seguro; y en donde la unidad de instrucción (214) sirve también para recibir una segunda instrucción desde dentro del enclave seguro, y la unidad de ejecución (270) sirve para ejecutar la segunda instrucción, en donde la ejecución de la segunda instrucción incluye proporcionar una clave específica de funcionalidad si se activa el bit de atributo específico de funcionalidad.
-
公开(公告)号:DE112010005069B4
公开(公告)日:2021-08-26
申请号:DE112010005069
申请日:2010-12-13
Applicant: INTEL CORP
Inventor: MARTINEZ ALBERTO J , STEVENS WILLIAM A , GOEL PURUSHOTTAM , BRICKELL ERNIE
Abstract: Verfahren, umfassend:das Erzeugen einer sicheren Berechtigungsanfrage, um eine Hardwarekonfiguration zu ändern;das Senden der sicheren Berechtigungsanfrage zu einem entfernten Standort;das Empfangen einer Berechtigung, die vom entfernten Standort als Reaktion auf die Berechtigungsanfrage gesendet wird;unddas Ändern der Hardwarekonfiguration als Reaktion auf die empfangene Berechtigung;wobei der private Teil eines eindeutigen Schlüssels während der Herstellung der Hardware dauerhaft in der Hardware eingeschlossen wurde und der private Teil verwendet wird, um eine sichere Kommunikation und Berechtigungsauthentifizierung mit dem entfernten Standort sicherzustellen, wobei der private Teil zum Erzeugen einer Signatur auf einem Zeitstempel und einer Nonce verwendet wird, die unter Verwendung des Gruppenteils des eindeutigen Schlüssels verifiziert werden kann, der in einem Serversystem gespeichert ist; undwobei der private Teil des eindeutigen Schlüssels in die Hardware während der Herstellung einzigartig programmiert wird, indem zufällig Sicherungen in der Hardware während der Herstellung durchgebrannt werden.
-
公开(公告)号:DE112005001666B4
公开(公告)日:2009-12-31
申请号:DE112005001666
申请日:2005-07-08
Applicant: INTEL CORP
Inventor: SUTTON JAMES , HALL CLIFFORD , BRICKELL ERNIE , GRAWROCK DAVID
-
Patent Agency Ranking
公开(公告)号:WO2010057065A3
公开(公告)日:2010-08-19
申请号:PCT/US2009064493
申请日:2009-11-14
Applicant: INTEL CORP , MCKEEN FRANK , SAVAGAONKAR UDAY , ROZAS CARLOS V , GOLDSMITH MICHAEL A , HERBERT HOWARD C , ALTMAN ASHER , GRAUNKE GARY , DURHAM DAVID , JOHNSON SIMON P , KOUNAVIS MICHAEL E , SCARLATA VINCENT R , CIHULA JOSEPH , JEYASINGH STALINSELVARAJ , LINT BERNARD , NEIGER GIL , RODGERS DION , BRICKELL ERNIE , LI JIANGUO
Inventor: MCKEEN FRANK , SAVAGAONKAR UDAY , ROZAS CARLOS V , GOLDSMITH MICHAEL A , HERBERT HOWARD C , ALTMAN ASHER , GRAUNKE GARY , DURHAM DAVID , JOHNSON SIMON P , KOUNAVIS MICHAEL E , SCARLATA VINCENT R , CIHULA JOSEPH , JEYASINGH STALINSELVARAJ , LINT BERNARD , NEIGER GIL , RODGERS DION , BRICKELL ERNIE , LI JIANGUO
CPC classification number: G06F9/30043 , G06F9/30032 , G06F21/56
Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
Abstract translation: 一种在计算机系统内实现安全应用程序和数据完整性的技术。 在一个实施例中,建立一个或多个安全区域,其中可以存储和执行应用程序和数据。
-
7.发明申请METHOD OF DELIVERING DIRECT PROOF PRIVATE KEYS IN SIGNED GROUPS TO DEVICES USING A DISTRIBUTION CD 审中-公开使用分发CD将设备中的直接证明私人密钥交付给设备的方法
公开(公告)号:WO2006019614A3
公开(公告)日:2006-12-07
申请号:PCT/US2005024253
申请日:2005-07-08
Applicant: INTEL CORP , SUTTON JAMES II , HALL CLIFFORD , BRICKELL ERNIE , GRAWROCK DAVID
Inventor: SUTTON JAMES II , HALL CLIFFORD , BRICKELL ERNIE , GRAWROCK DAVID
CPC classification number: H04L63/083 , G06F9/4843 , G06F12/1036 , G06F21/57 , G06F21/73 , H04L9/0897 , H04L9/3218 , H04L9/3236 , H04L63/04
Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
Abstract translation: 在安装在客户端计算机系统中的设备中的签名密钥组中提供直接证明私钥可以以安全的方式实现,而不需要在设备中的显着的非易失性存储。 在制造时生成并存储与设备中的组号一起存储唯一的伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构被存储在可移动存储介质(例如CD或DVD)上的签名组密钥(例如,签名组记录)中,并且分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统从可移动存储介质中获得加密数据结构的关联签名组记录,并验证签名组记录。 该设备使用从其存储的伪随机值重新生成的对称密钥来解密加密的数据结构,以便当组记录有效时获得Direct Proof私钥。 如果私钥有效,则可以用于客户端计算机系统中的设备的后续认证处理。
-
公开(公告)号:WO2011081890A3
公开(公告)日:2011-11-03
申请号:PCT/US2010060115
申请日:2010-12-13
Applicant: INTEL CORP , MARTINEZ ALBERTO J , STEVENS WILLIAM A , GOEL PURUSHOTTAM , BRICKELL ERNIE
Inventor: MARTINEZ ALBERTO J , STEVENS WILLIAM A , GOEL PURUSHOTTAM , BRICKELL ERNIE
CPC classification number: H04L63/08 , G06F21/57 , H04L9/3249 , H04L63/06 , H04L2209/56
Abstract: In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed.
Abstract translation: 在一些实施例中,创建用于改变硬件配置的安全许可请求。 安全许可请求被发送到远程位置,并且接收响应于许可请求从远程位置发送的许可。 响应收到的许可证,硬件配置发生变化。 描述并要求保护其他实施例。
-
公开(公告)号:WO2007038031A3
公开(公告)日:2007-06-07
申请号:PCT/US2006036151
申请日:2006-09-14
Applicant: INTEL CORP , BRICKELL ERNIE , HALL CLIFFORD
Inventor: BRICKELL ERNIE , HALL CLIFFORD
IPC: G06F21/02
CPC classification number: G06F21/725
Abstract: Providing trusted time in a computing platform, while still supporting privacy, may be accomplished by having a trusted time device provide the trusted time to an application executing on the computing platform. The trusted time device may be reset by determining if a value in a trusted time random number register has been set, and if not, waiting a period of time, generating a new random number, and storing the new random number in the trusted time random number register. The trusted time random number register is set to zero whenever electrical power is first applied to the trusted time device upon power up of the computing platform, and whenever a battery powering the trusted time device is removed and reconnected. By keeping the size of the trusted time random number register relatively small, and waiting the specified period of time, attacks on the computing platform to determine the trusted time may be minimized, while deterring the computing platform from being uniquely identified.
Abstract translation: 在支持隐私的同时,在计算平台中提供可信时间可以通过使可信时间设备向在计算平台上执行的应用程序提供可信时间来实现。 信任时间设备可以通过确定可信时间随机数寄存器中的值是否已经被设置而被重置,如果不是,则等待一段时间,生成新的随机数,并将新的随机数存储在可信时间随机 数字寄存器。 无论何时在计算平台上电时首次对可信时间设备施加电力,并且每当为可信时间设备供电的电池被去除并重新连接时,信任时间随机数寄存器将被设置为零。 通过保持可信时间随机数寄存器的大小相对较小,并且等待指定的时间段,可以最小化计算平台上的攻击以确定可信时间,同时阻止计算平台被唯一标识。
-
10.发明申请TRUSTED PLATFORM MODULE CERTIFICATION AND ATTESTATION UTILIZING AN ANONYMOUS KEY SYSTEM 审中-公开值得信赖的平台模块认证和利用匿名密钥系统进行验证
公开(公告)号:WO2016077017A3
公开(公告)日:2017-05-11
申请号:PCT/US2015055508
申请日:2015-10-14
Applicant: INTEL CORP
Inventor: SARANGDHAR NITIN V , NEMIROFF DANIEL , SMITH NED M , BRICKELL ERNIE , LI JIANGTAO
CPC classification number: H04L9/3234 , H04L9/0861 , H04L9/0866 , H04L9/14 , H04L9/3263 , H04L2209/127
Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.
Abstract translation: 该应用针对可信平台模块认证和利用匿名密钥系统进行认证。 一般而言,TPM认证和TPM认证可以通过使用匿名密钥系统(AKS)认证在利用集成TPM的设备中得到支持。 示例设备可以包括至少组合的AKS和TPM资源,其将AKS和TPM固件(FW)加载到运行时间环境中,该运行时间环境还可以至少包括操作系统(OS)加密模块,AKS服务模块和TPM认证和证明 (CA)模块。 对于TPM认证,CA模块可以与运行时环境中的其他模块交互以生成TPM证书,该证书由AKS证书签名,可以传输到认证平台进行验证。 对于TPM证明,CA模块可能会导致TPM证书与TPM和/或AKS证书一起提供给证明平台进行验证。
-
-
-
-
-
-
-
-
-
Search Results
19
records
(took 0.021 seconds)
