公开(公告)号：JP2005346689A

公开(公告)日：2005-12-15

申请号：JP2004259781

申请日：2004-09-07

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: PROBLEM TO BE SOLVED: To start a reliable environment in a system. SOLUTION: In one embodiment, this method include steps for: authenticating a start logic processor of the system; evaluating a reliable agent by the start logic processor when the start logic processor is authenticated; and starting the reliable agent by a plurality of processors of the system when the reliable agent is evaluated. In a prescribed embodiment, after the execution of the reliable agent, a secure kernel can be started. For example, the system can be a multiprocessor server system having partially or perfectly connected topology having arbitrary point-to-point interconnection. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：在系统中启动可靠的环境。 解决方案：在一个实施例中，该方法包括以下步骤：验证系统的起始逻辑处理器; 当开始逻辑处理器被认证时由起始逻辑处理器评估可靠代理; 以及当评估可靠代理时，由系统的多个处理器启动可靠代理。 在规定的实施例中，在执行可靠代理之后，可以启动安全内核。 例如，该系统可以是具有具有任意点对点互连的部分或完全连接的拓扑的多处理器服务器系统。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：WO2012016086A3

公开(公告)日：2012-04-05

申请号：PCT/US2011045798

申请日：2011-07-28

Applicant: INTEL CORP ,  SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

Inventor： SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

IPC: G06F11/16 ,  G06F13/14

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以实施黑名单并根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种实施可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁步完整性协议未被验证的设备的列表。 描述并要求保护其他实施例。

公开(公告)号：WO0175564A3

公开(公告)日：2003-01-16

申请号：PCT/US0108891

申请日：2001-03-21

Applicant: INTEL CORP ,  HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

CPC classification number: G06F21/305 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/35 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Abstract translation: 在一个实施例中，用于特殊操作模式的远程证明的方法。 该方法包括将审核日志存储在平台的受保护的存储器内。 审计日志是表示加载到平台中的多个IsoX软件模块中的每一个的数据的列表。 响应于从远程位置的平台接收远程认证请求，从受保护的内存中检索审核日志。 然后，检索的审核日志进行数字签名，以产生数字签名，以转移到位于远程的平台。

公开(公告)号：HK1072307A1

公开(公告)日：2005-08-19

申请号：HK05104208

申请日：2003-03-26

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND ,  NEIGER GILBERT

IPC: G06F20060101 ,  G06F

公开(公告)号：HK1068178A1

公开(公告)日：2005-04-22

申请号：HK04109921

申请日：2004-12-14

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  KOZUCH MICHAEL ,  GRAWROCK DAVID W

IPC: G06F21/00 ,  G06F

Abstract: The method involves loading a component of an operating system into a specific region (275) of a memory by the active one of the CPUs (210,220,230) of a multi-processor system (200). The identity of the loaded component is registered. The active CPU is made to jump to a known entry point in the specific region. Independent claims are also included for the following: (1) article of manufacture comprising computer readable medium storing operating system loading program; (2) method of securing a region in computer memory; and (3) apparatus to load trustable operating system.

公开(公告)号：DE10196007T1

公开(公告)日：2003-10-09

申请号：DE10196007

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

公开(公告)号：DE112017002070T5

公开(公告)日：2019-01-24

申请号：DE112017002070

申请日：2017-05-19

Applicant: INTEL CORP

Inventor： SMITH NED M ,  GRAWROCK DAVID W ,  COOPER GEOFFREY H

IPC: H04L9/06 ,  H04L9/08 ,  H04L29/08 ,  H04L29/12

Abstract: Technologien für die Vorrichtungsinbetriebnahme umfassen einen Rendezvous-Server, um von einer Käufervorrichtung eine Anforderung zu empfangen, Eigentumsrechte einer Rechenvorrichtung auf die Käufervorrichtung zu übertragen. Der Rendezvous-Server verifiziert die Herkunft der Rechenvorrichtung basierend auf einer Blockkette und baut als Reaktion auf die Verifizierung der Herkunft eine sichere Sitzung mit der Rechenvorrichtung auf. Die Blockkette identifiziert jede den Eigentumsrechten der Rechenvorrichtung zugeordnete Transaktion.

公开(公告)号：GB2402788B

公开(公告)日：2006-04-05

申请号：GB0422078

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID W

IPC: G06F12/14 ,  G06F21/00 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：GB2414823A

公开(公告)日：2005-12-07

申请号：GB0421213

申请日：2004-09-23

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

公开(公告)号：GB2377794A

公开(公告)日：2003-01-22

申请号：GB0225050

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  PORSCHE AKTIENGESELLSCHAFT DR ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND ,  NEIGER GILBERT

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.