公开(公告)号：JP2005346689A

公开(公告)日：2005-12-15

申请号：JP2004259781

申请日：2004-09-07

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: PROBLEM TO BE SOLVED: To start a reliable environment in a system. SOLUTION: In one embodiment, this method include steps for: authenticating a start logic processor of the system; evaluating a reliable agent by the start logic processor when the start logic processor is authenticated; and starting the reliable agent by a plurality of processors of the system when the reliable agent is evaluated. In a prescribed embodiment, after the execution of the reliable agent, a secure kernel can be started. For example, the system can be a multiprocessor server system having partially or perfectly connected topology having arbitrary point-to-point interconnection. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：在系统中启动可靠的环境。 解决方案：在一个实施例中，该方法包括以下步骤：验证系统的起始逻辑处理器; 当开始逻辑处理器被认证时由起始逻辑处理器评估可靠代理; 以及当评估可靠代理时，由系统的多个处理器启动可靠代理。 在规定的实施例中，在执行可靠代理之后，可以启动安全内核。 例如，该系统可以是具有具有任意点对点互连的部分或完全连接的拓扑的多处理器服务器系统。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：JP2009089390A

公开(公告)日：2009-04-23

申请号：JP2008248778

申请日：2008-09-26

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: H04L9/08 ,  G06F21/24 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F21/57 ,  H04L9/0825 ,  H04L9/0836 ,  H04L9/0897

Abstract: PROBLEM TO BE SOLVED: To solve the problem that conventional PCR bindings can yield very rigid protection of data, where any change to the software that executes on the system results in the inability to access the data.
SOLUTION: This disclosure describes methods for using the TPM's configuration binding capabilities to lock data to a configuration in a manner that is flexible enough to allow the software in that configuration to be upgraded, under a trusted upgrade service, without causing the processing system to lose access to the data. Additionally, a processing system can provide for recovery of data when the processing system is no longer able to get into the predefined safe and approved configuration, e.g., recovery from a failed upgrade is allowed.
COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：为了解决常规PCR绑定可以产生非常严格的数据保护的问题，在系统上执行的软件的任何改变导致无法访问数据。 解决方案：本公开描述了使用TPM的配置绑定功能以足够灵活的方式将数据锁定到配置的方式，以允许在可信升级服务下升级该配置中的软件，而不会导致处理 系统丢失访问数据。 此外，当处理系统不再能够进入预定义的安全和批准的配置时，处理系统可以提供数据的恢复，例如，允许从故障升级恢复。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：GB2414823A

公开(公告)日：2005-12-07

申请号：GB0421213

申请日：2004-09-23

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

公开(公告)号：GB2429555B

公开(公告)日：2008-08-27

申请号：GB0620519

申请日：2004-09-23

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/00 ,  G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  G06F15/80 ,  H04L9/00

公开(公告)号：DE102005014462A1

公开(公告)日：2005-12-29

申请号：DE102005014462

申请日：2005-03-30

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

公开(公告)号：WO2012087562A2

公开(公告)日：2012-06-28

申请号：PCT/US2011063469

申请日：2011-12-06

Applicant: INTEL CORP ,  JOHNSON SIMON P ,  SCARLATA VINCENT R ,  WISEMAN WILLARD M

Inventor： JOHNSON SIMON P ,  SCARLATA VINCENT R ,  WISEMAN WILLARD M

IPC: G06F21/22 ,  G06F9/44 ,  G06F21/24

CPC classification number: G06F21/71 ,  G06F21/10 ,  G06F21/57 ,  G06F2221/0748 ,  G06F2221/0797 ,  H04L9/3234

Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

Abstract translation: 描述了使用安全飞地实现可信的动态发射和可信平台模块（TPM）的装置和方法。 例如，根据本发明的一个实施例的计算机实现的方法包括：响应于第一命令初始化安全飞地，所述安全飞地包括可信软件执行环境，其防止在飞地之外执行的软件访问软件，以及 飞地内的数据; 以及从所述安全飞地内执行可信平台模块（TPM），所述可信平台模块将处理器或芯片组组件中的一组平台控制寄存器（PCR）中的数据安全地读取到分配给所述安全飞地的存储器区域中。

公开(公告)号：WO2012016086A3

公开(公告)日：2012-04-05

申请号：PCT/US2011045798

申请日：2011-07-28

Applicant: INTEL CORP ,  SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

Inventor： SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

IPC: G06F11/16 ,  G06F13/14

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以实施黑名单并根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种实施可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁步完整性协议未被验证的设备的列表。 描述并要求保护其他实施例。

公开(公告)号：GB2453230B

公开(公告)日：2010-01-06

申请号：GB0817350

申请日：2008-09-23

Applicant: INTEL CORP

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: G06F21/00

Abstract: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

公开(公告)号：GB2414823B

公开(公告)日：2007-04-11

申请号：GB0421213

申请日：2004-09-23

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F1/00 ,  G06F21/24 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

公开(公告)号：DE102005014462B4

公开(公告)日：2013-01-17

申请号：DE102005014462

申请日：2005-03-30

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F9/445 ,  G06F21/24 ,  G06F1/00 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

Abstract: Verfahren zum Starten eines sicheren Kernels in einem System mit einer teilweise oder einer vollständig verbundenen Topologie, das System eine Mehrzahl von Knoten aufweist und jeder Knoten eine Mehrzahl von Prozessoren enthält; umfassend Laden eines Trusted Agents und eines sicheren Kernels in eine sichere Speichereinrichtung, die in dem System vorgesehen ist, wobei die sichere Speichereinrichtung für jeden der Knoten zugänglich ist, und Initiieren eines sicheren Starts auf einem bestimmten Prozessor, der in einem bestimmten Knoten enthalten ist, Konstruieren eines Spannbaums durch den bestimmten Prozessor, wobei der Spannbaum alle anderen Knoten des Systems in Bezug auf den bestimmten Knoten in einer Mehrzahl von Stufen einer Baumstruktur identifiziert; Senden einer sicheren Startmeldung an den anderen Knoten, der in dem Spannbaum identifiziert ist, durch den bestimmten Prozessor; als Antwort auf die sichere Startmeldung von dem anderen Knoten Validieren des in die sichere Speichereinrichtung geladenen Trusted Agents durch den bestimmten...