Trusted data store for use in connection with trusted computer operating system
IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0456124
(2003-06-06)
|
등록번호 |
US-7269702
(2007-09-11)
|
발명자
/ 주소 |
- Willman,Bryan Mark
- England,Paul
- Kaplan,Keith
- Geller,Alan Stuart
- LaMacchia,Brian A.
- Dillaway,Blair Brewster
- Peinado,Marcus
- Aday,Michael Alfred
- Wilson,Selena
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
3 인용 특허 :
1 |
초록
▼
A trusted data store is provided for use with a trusted element of a trusted operating system on a computing machine. In the trusted data store, a storage medium stores data in a pre-determined arrangement, where the data includes trusted data from the trusted element of the trusted operating system
A trusted data store is provided for use with a trusted element of a trusted operating system on a computing machine. In the trusted data store, a storage medium stores data in a pre-determined arrangement, where the data includes trusted data from the trusted element of the trusted operating system on the computing machine. An access controller writes data to and reads data from the storage medium, and a trust controller is interposed between the computing machine and the access controller. The trust controller allows only the trusted element to perform operations on the trusted data thereof on the storage medium.
대표청구항
▼
The invention claimed is: 1. A trusted data store for use with a trusted element of a trusted operating system on a computing machine, the trusted data store comprising: a storage medium for storing data in a pre-determined arrangement, the data including trusted data from the trusted element of th
The invention claimed is: 1. A trusted data store for use with a trusted element of a trusted operating system on a computing machine, the trusted data store comprising: a storage medium for storing data in a pre-determined arrangement, the data including trusted data from the trusted element of the trusted operating system on the computing machine, and also including other data from other elements of a non-trusted operating system of the computing machine; an access controller by which data including the trusted data and the other data is written to the storage medium and by which data including the trusted data and the other data is read from the storage medium; and a trust controller interposed between the trusted element and the access controller, the trust controller for allowing only the trusted element to perform operations on the trusted data thereof on the storage medium and for prohibiting other elements of the non-trusted operating system from performing operations on the trusted data of the trusted element on the storage medium, the trust controller for receiving a command with respect to the trusted data of the trusted element from the computing machine and for forwarding the command to the access controller only if the command is from the trusted element and not from any other element, whereby the trust controller ensures that only the trusted element may access the trusted data thereof as stored at the storage medium, wherein the trust controller allows the trusted element to perform operations on the trusted data thereof on the storage medium if the trusted element authenticates itself to the trust controller, wherein the trust controller receives from the trusted element as authentication a digital signature, and wherein the trust controller authenticates the trusted element by verifying the received signature based on a verification token from the trusted element, the trusted data store for use with a plurality of trusted elements, wherein the storage medium is divided into a number of logical units, and the access controller receives and responds to commands on a logical unit by logical unit basis, wherein the trust controller for each trusted element seizes logical units of the storage medium on behalf of and for exclusive use by the trusted element and not for use by any other trusted element, and wherein the trusted data store includes an ownership list that specifies for each logical unit of the storage medium at most a single trusted element that has seized such logical unit. 2. The trusted data store of claim 1 comprising at least one of a local hard disk drive, a local server, a local memory card, a local RAM, a remote hard drive, a remote server, a remote memory card, and a remote RAM. 3. The trusted data store of claim 1 in combination with the computing machine, the computing machine comprising one of a personal computer, a server computer, a portable content playback device, a cellular telephone, a landline telephone, a personal digital assistant (PDA), a digital radio, and a digital transceiver. 4. The trusted data store of claim 1 for use with a trusted element of a trusted operating system on each of a plurality of computing machines, the storage medium for storing trusted data from the trusted element of each computing machine, the trust controller interposed between each trusted element and the access controller and with respect to any particular trusted element only allowing the particular trusted element to perform operations on the trusted data thereof on the storage medium and for prohibiting other elements from performing operations on the trusted data of the particular trusted element on the storage medium. 5. The trusted data store of claim 1 wherein the trust controller comprises one of hardware, software, and a combination thereof, and wherein the trust controller is one of separate from and incorporated with the access controller. 6. The trusted data store of claim 1 comprising a plurality of the storage mediums. 7. The storage medium of claim 1 wherein the ownership list includes each logical unit of the storage medium and an identifier of the seizing trusted element thereof, if any. 8. The trusted data store of claim 7 wherein the trusted data store includes an identifier-verification token table that specifies for each identifier employed in the ownership list the corresponding verification token that is to be employed to verify a command with regard to the trusted element corresponding to such identifier.
이 특허에 인용된 특허 (1)
-
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
이 특허를 인용한 특허 (3)
-
Case, Sr., Paul, Case secure computer architecture.
-
Case, Sr., Paul, Case secure computer architecture.
-
Comlekoglu, Fatih, Trustable communities for a computer system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.