CN102122327B - 使用多个认证代码模块进入安全计算环境 - Google Patents

使用多个认证代码模块进入安全计算环境 Download PDF

Info

Publication number
CN102122327B
CN102122327B CN201010625143.3A CN201010625143A CN102122327B CN 102122327 B CN102122327 B CN 102122327B CN 201010625143 A CN201010625143 A CN 201010625143A CN 102122327 B CN102122327 B CN 102122327B
Authority
CN
China
Prior art keywords
module
processor
authentication codes
independent
main
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010625143.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN102122327A (zh
Inventor
S·M·达塔
E·F·布里克尔
M·J·库马
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of CN102122327A publication Critical patent/CN102122327A/zh
Application granted granted Critical
Publication of CN102122327B publication Critical patent/CN102122327B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
CN201010625143.3A 2009-12-31 2010-12-24 使用多个认证代码模块进入安全计算环境 Expired - Fee Related CN102122327B (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/650579 2009-12-31
US12/650,579 US9202015B2 (en) 2009-12-31 2009-12-31 Entering a secured computing environment using multiple authenticated code modules

Publications (2)

Publication Number Publication Date
CN102122327A CN102122327A (zh) 2011-07-13
CN102122327B true CN102122327B (zh) 2016-05-25

Family

ID=44188915

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010625143.3A Expired - Fee Related CN102122327B (zh) 2009-12-31 2010-12-24 使用多个认证代码模块进入安全计算环境

Country Status (6)

Country Link
US (2) US9202015B2 (enExample)
JP (2) JP5373753B2 (enExample)
CN (1) CN102122327B (enExample)
BR (1) BRPI1005586A2 (enExample)
DE (1) DE102010054614A1 (enExample)
TW (1) TWI582632B (enExample)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9202015B2 (en) * 2009-12-31 2015-12-01 Intel Corporation Entering a secured computing environment using multiple authenticated code modules
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
US9596082B2 (en) 2011-12-15 2017-03-14 Intel Corporation Secure debug trace messages for production authenticated code modules
US9930066B2 (en) 2013-02-12 2018-03-27 Nicira, Inc. Infrastructure level LAN security
US20150082006A1 (en) * 2013-09-06 2015-03-19 Futurewei Technologies, Inc. System and Method for an Asynchronous Processor with Asynchronous Instruction Fetch, Decode, and Issue
US9734313B2 (en) 2014-06-16 2017-08-15 Huawei Technologies Co., Ltd. Security mode prompt method and apparatus
CN105335672B (zh) * 2014-06-16 2020-12-04 华为技术有限公司 一种安全模式提示方法及装置
US9613218B2 (en) 2014-06-30 2017-04-04 Nicira, Inc. Encryption system in a virtualized environment
US10181027B2 (en) * 2014-10-17 2019-01-15 Intel Corporation Interface between a device and a secure processing environment
US10079880B2 (en) * 2015-06-07 2018-09-18 Apple Inc. Automatic identification of invalid participants in a secure synchronization system
US10798073B2 (en) 2016-08-26 2020-10-06 Nicira, Inc. Secure key management protocol for distributed network encryption
EP3788528B1 (en) * 2018-04-30 2022-12-14 Google LLC Enclave interactions
CN112005237B (zh) 2018-04-30 2024-04-30 谷歌有限责任公司 安全区中的处理器与处理加速器之间的安全协作
DE102018120347A1 (de) * 2018-08-21 2020-02-27 Pilz Gmbh & Co. Kg Automatisierungssystem zur Überwachung eines sicherheitskritischen Prozesses

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1445693A (zh) * 2002-03-19 2003-10-01 微软公司 安全的数字数据格式和编码的强制执行政策
CN1568447A (zh) * 2002-04-23 2005-01-19 松下电器产业株式会社 服务器装置及程序管理系统
CN1842757A (zh) * 2003-09-18 2006-10-04 苹果电脑有限公司 用于增量代码签署的方法和装置
CN101410772A (zh) * 2002-03-29 2009-04-15 英特尔公司 用于执行安全环境起始指令的系统和方法

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS62126451A (ja) * 1985-11-27 1987-06-08 Mitsubishi Electric Corp 分散処理装置のイニシヤルプログラムロ−ド方式
JPS62128354A (ja) 1985-11-29 1987-06-10 Fuji Electric Co Ltd マルチプロセツサシステムの起動方式
US6948070B1 (en) * 1995-02-13 2005-09-20 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
JP2000215093A (ja) * 1999-01-27 2000-08-04 Fuji Photo Film Co Ltd 画像ファイル装置および方法
US7360076B2 (en) 2001-06-13 2008-04-15 Itt Manufacturing Enterprises, Inc. Security association data cache and structure
TW583568B (en) 2001-08-27 2004-04-11 Dataplay Inc A secure access method and system
US20030126454A1 (en) 2001-12-28 2003-07-03 Glew Andrew F. Authenticated code method and apparatus
US20040117318A1 (en) * 2002-12-16 2004-06-17 Grawrock David W. Portable token controlling trusted environment launch
US7698552B2 (en) 2004-06-03 2010-04-13 Intel Corporation Launching a secure kernel in a multiprocessor system
JP4447977B2 (ja) * 2004-06-30 2010-04-07 富士通マイクロエレクトロニクス株式会社 セキュアプロセッサ、およびセキュアプロセッサ用プログラム。
JP4522372B2 (ja) 2005-02-07 2010-08-11 株式会社ソニー・コンピュータエンタテインメント プロセッサと外部のデバイスとの間にセキュアセッションを実現する方法および装置
US7752428B2 (en) * 2005-03-31 2010-07-06 Intel Corporation System and method for trusted early boot flow
US7831778B2 (en) 2006-03-30 2010-11-09 Silicon Image, Inc. Shared nonvolatile memory architecture
US8458726B2 (en) * 2007-12-03 2013-06-04 Intel Corporation Bios routine avoidance
FR2918830B1 (fr) 2007-07-13 2009-10-30 Viaccess Sa Verification de code mac sans revelation.
US20090204823A1 (en) * 2008-02-07 2009-08-13 Analog Devices, Inc. Method and apparatus for controlling system access during protected modes of operation
US9202015B2 (en) * 2009-12-31 2015-12-01 Intel Corporation Entering a secured computing environment using multiple authenticated code modules

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1445693A (zh) * 2002-03-19 2003-10-01 微软公司 安全的数字数据格式和编码的强制执行政策
CN101410772A (zh) * 2002-03-29 2009-04-15 英特尔公司 用于执行安全环境起始指令的系统和方法
CN1568447A (zh) * 2002-04-23 2005-01-19 松下电器产业株式会社 服务器装置及程序管理系统
CN1842757A (zh) * 2003-09-18 2006-10-04 苹果电脑有限公司 用于增量代码签署的方法和装置

Also Published As

Publication number Publication date
US20130212673A1 (en) 2013-08-15
US20110161676A1 (en) 2011-06-30
JP5373753B2 (ja) 2013-12-18
JP2011141870A (ja) 2011-07-21
DE102010054614A1 (de) 2011-07-07
TW201140367A (en) 2011-11-16
US9208292B2 (en) 2015-12-08
JP2013251016A (ja) 2013-12-12
BRPI1005586A2 (pt) 2012-02-28
US9202015B2 (en) 2015-12-01
TWI582632B (zh) 2017-05-11
CN102122327A (zh) 2011-07-13
JP5752767B2 (ja) 2015-07-22

Similar Documents

Publication Publication Date Title
CN102122327B (zh) 使用多个认证代码模块进入安全计算环境
US11843705B2 (en) Dynamic certificate management as part of a distributed authentication system
EP3582129B1 (en) Technologies for secure hardware and software attestation for trusted i/o
US10255444B2 (en) Method and system for utilizing secure profiles in event detection
CN106127043B (zh) 从远程服务器对数据存储设备进行安全扫描的方法和装置
US10877806B2 (en) Method and apparatus for securely binding a first processor to a second processor
US8799673B2 (en) Seamlessly encrypting memory regions to protect against hardware-based attacks
CN103793654A (zh) 服务器主动管理技术协助的安全引导
US20070180271A1 (en) Apparatus and method for providing key security in a secure processor
JP2014194804A (ja) ポイントツーポイント相互接続システム上のセキュアな環境初期化命令の実行
JP2014135072A (ja) Tpmアクセスを仮想化するシステム
US20210243030A1 (en) Systems And Methods To Cryptographically Verify An Identity Of An Information Handling System
EP3646223A1 (en) Remote attestation for multi-core processor
CN102063591A (zh) 基于可信平台的平台配置寄存器参考值的更新方法
CN103119889B (zh) 使用硬件超级密钥验证和保护正版软件安装的装置、系统、方法和控制器
US20170154184A1 (en) Operating system agnostic validation of firmware images
US20220245252A1 (en) Seamless firmware update mechanism
US8140835B2 (en) Updating a basic input/output system (‘BIOS’) boot block security module in compute nodes of a multinode computer
CN113268447A (zh) 计算机架构及其内的访问控制、数据交互及安全启动方法
CN116325649B (zh) 分布式密钥管理系统
Kotla et al. Pasture: Secure offline data access using commodity trusted hardware
US20250053440A1 (en) Verifying trustworthiness of worker nodes of cluster environments during workload scheduling
CN113515414A (zh) 可编程逻辑器件的验证
US20230010319A1 (en) Deriving independent symmetric encryption keys based upon a type of secure boot using a security processor
US20240121079A1 (en) Data clearing attestation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160525

Termination date: 20181224

CF01 Termination of patent right due to non-payment of annual fee