Method and system for allowing code to be securely initialized in a computer
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/14
G06F-021/22
G06F-021/00
출원번호
UP-0066890
(2005-02-25)
등록번호
US-7543335
(2009-07-01)
발명자
/ 주소
England, Paul
Willman, Bryan
출원인 / 주소
Microsoft Corporation
인용정보
피인용 횟수 :
7인용 특허 :
107
초록▼
A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memo
A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memory controller). Once an initialization process has been executed by that CPU, the code is operational and any other CPUs are allowed to access memory (after being reset), as are any other bus masters (subject to any controls imposed by the initiated code).
대표청구항▼
The invention claimed is: 1. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including: booting, based on untrustworthy code, a computer; loading a tr
The invention claimed is: 1. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including: booting, based on untrustworthy code, a computer; loading a trusted core into memory; and initiating secure execution of the trusted core by: mapping a central processing unit reset vector to an initialization vector; resetting each of one or more central processing units in the computer; receiving, after the mapping and the resetting, a read request corresponding to the central processing unit reset vector from one of the one or more central processing units; returning, in response to the read request, the initialization vector to the one central processing unit; and allowing the one central processing unit to access the memory beginning with the initialization vector. 2. One or more computer-readable media as recited in claim 1, wherein the initialization vector is an address within the trusted core in the memory. 3. One or more computer-readable media as recited in claim 1, wherein the plurality of instructions further causes the one or more processors to perform acts including: re-mapping the central processing unit reset vector to an additional central processing unit start vector after returning the initialization vector to the one central processing unit; and returning, in response to any other read request corresponding to the central processing unit reset vector from another of the one or more central processing units, the additional central processing unit start vector. 4. One or more computer-readable media as recited in claim 3, wherein the initialization vector is an address within the trusted core in the memory and wherein the additional central processing unit start vector and the initialization vector are different addresses within the trusted core in the memory. 5. A system comprising: means for booting, based on untrustworthy code, a computer; means for loading a trusted core into memory; and means for initiating secure execution of the trusted core including: means for mapping a central processing unit reset vector to an initialization vector; means for resetting each of one or more central processing units in the computer; means for receiving, after the mapping and the resetting, a read request corresponding to the central processing unit reset vector from one of the one or more central processing units; means for returning, in response to the read request, the initialization vector to the one central processing unit; and means for allowing the one central processing unit to access the memory beginning with the initialization vector. 6. A system as recited in claim 5, wherein the initialization vector is an address within the trusted core in the memory. 7. A system as recited in claim 5, further comprising: means for re-mapping the central processing unit reset vector to an additional central processing unit start vector after returning the initialization vector to the one central processing unit; and means for returning, in response to any other read request corresponding to the central processing unit reset vector from another of the one or more central processing units, the additional central processing unit start vector. 8. A system as recited in claim 7, wherein the initialization vector is an address within the trusted core in the memory and wherein the additional central processing unit start vector and the initialization vector are different addresses within the trusted core in the memory. 9. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including: allowing a computer to begin operation based on untrustworthy code; loading, under the control of the untrustworthy code, additional code into memory; initiating execution of the additional code in a secure manner despite the untrustworthy code in the computer; mapping a central processing unit reset vector to an initialization vector; receiving a read request corresponding to the central processing unit reset vector from one central processing unit; returning, in response to the read request, the initialization vector to the one central processing unit; and allowing the one central processing unit to access the memory beginning with the initialization vector. 10. One or more computer-readable media as recited in claim 9, wherein the initiating further comprises initiating execution of the additional code in a secure manner despite both the untrustworthy code in the computer and other pre-existent state of the computer. 11. One or more computer-readable media as recited in claim 9, wherein the initiating execution of the additional code in a secure manner comprises: preventing each of one or more central processing units in the computer from accessing the memory; preventing each of one or more bus masters in the computer from accessing the memory; resetting each of the one or more central processing units; allowing the one central processing unit to access the memory and execute a code initialization process; and after execution of the code initialization process, allowing any other central processing units and any of the one or more bus masters to access the memory. 12. One or more computer-readable media as recited in claim 9, wherein the initiating comprises initiating execution of the additional code in a secure manner without requiring any additional bus transactions to be supported by a processor in the computer. 13. One or more computer-readable media as recited in claim 9, wherein the plurality of instructions further cause the one or more processors to perform acts including: re-mapping the central processing unit reset vector to an additional central processing unit start vector after returning the initialization vector to the one central processing unit; and returning, in response to any other read request corresponding to the central processing unit reset vector from another central processing unit, the additional central processing unit start vector. 14. One or more computer-readable media as recited in claim 9, wherein the loading the additional code comprises copying different portions of the additional code from a plurality of different sources including one or more of: a local mass storage device, a remote device, and a local chipset.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (107)
Campbell Randall B., Apparatus and method for remotely executing commands using distributed computing environment remote procedure calls.
Fisher Jerald C. ; Nguyen Lien Dai ; Young James ; Seaburg Gunnar P. ; Hedlund Galen W. ; Katz Richard S., Channel configuration program server architecture.
Takahashi Kikuo (Hachioji JPX) Kagimasa Toyohiko (Hachioji JPX) Mori Toshiaki (Hachioji JPX), Data processing apparatus having a real memory region with a corresponding fixed memory protection key value and method.
Robert G. Atkinson ; James W. Kelly, Jr. ; Bryan W. Tuttle ; Robert M. Price ; Robert P. Reichel, Embedding certifications in executable files for network transmission.
Bizzaro Mario,ITX ; Condorelli Vincenzo ; Hack Michel Henri Theodore ; Kravitz Jeffrey Kenneth ; Lindemann Mark John ; Palmer Elaine Rivette ; Pedrina Gianluca,ITX ; Smith Sean William ; Weingart Ste, Hardware access control locking.
Benantar Messaoud ; Blakley ; III George Robert ; Nadalin Anthony Joseph, Information handling system, method, and article of manufacture for efficient object security processing by grouping obj.
Guillou Louis C. (Rennes FRX) Quisquater Jean-Jacques (Brussels BEX), Method and apparatus for authenticating accreditations and for authenticating and signing messages.
Stumpf Bernard (Chelmsford MA) Stabler George M. (Nashua NH) Bahr Richard G. (Cambridge MA) Ciavaglia Stephen J. (Nashua NH) Flahive Barry J. (Westford MA) Lauer Hugh (Concord MA), Method and apparatus for bus lock during atomic computer operations.
Novoa Manuel ; McCann Paul H. ; Sharum Wayne P. ; Crisan Adrian ; Hokanson Paul B., Method and apparatus for remote ROM flashing and security management for a computer system.
Hennige Hartmut (23 Packman Lane ; Home Green Kirk Ella Hull HU10 7TH N. Humberside GB3), Method and device for simplifying the use of a plurality of credit cards, or the like.
Chan, Shannon; Jensenworth, Gregory; Goertzel, Mario C.; Shah, Bharat; Swift, Michael M.; Ward, Richard B., Method and system for secure running of untrusted content.
Krishnan Ganapathy ; Guthrie John ; Oyler Scott, Method and system for securely incorporating electronic information into an online purchasing application.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow David Wayne ; Wrench ; Jr. Edwin H., Method for establishing trust in a computer network via association.
Graunke Gary L. ; Carbajal John ; Maliszewski Richard L. ; Rozas Carlos V., Method for securely distributing a conditional use private key to a trusted entity on a remote system.
DeRoo David T. ; Nicol Mark D. ; DeLisle David J. ; Krau Michael P. ; Fakhruddin Saifuddin ; Gauthier Lloyd W. ; Kohtz Robert A., Method to store privileged data within the primary CPU memory space.
Johnson Herrick J. (Marblehead MA) Olson Margaret (Nashua NH) Jones Stuart (Cambridge MA) Bodoff Stephanie (Somerville MA) Bertrand Stephen C. (Waltham MA) Levine Paul H. (Carlisle MA), Network license server.
Rabne Michael W. ; Barker James A. ; Alrashid Tareq M.T. ; Christian Brian S. ; Cox Steven C. ; Slotta Elizabeth A. ; Upthegrove Luella R., Rights management system for digital media.
McMullan ; Jr. Jay C. (Doraville GA) Burleson David B. (Roswell GA) Borsetti ; Jr. Paul (Alpharetta GA) Filion John T. (Lawrenceville GA), Secure authorization and control method and apparatus for a game delivery service.
Grimonprez Georges (Villeneuve d\Asq FRX) Paradinas Pierre (Villeneuve d\Asq FRX), Secured method for loading a plurality of applications into a microprocessor memory card.
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
David M. Van Wie ; Robert P. Weber, Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels.
Barlow Doug ; Dillaway Blair ; Fox Barbara ; Lipscomb Terry ; Spies Terrence, System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer.
Ryan ; Jr. Frederick W. ; Sisson Robert W., System and method for mutual authentication and secure communications between a postage security device and a meter server.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Karl L. Ginter ; Victor H. Shear ; Francis J. Spahn ; David M. Van Wie, Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining, using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
Boyle John ; Holden James M. ; Levin Stephen E. ; Maiwald Eric S. ; Nickel James O. ; Snow ; deceased David Wayne ; Wrench ; Jr. Edwin H., Using trusted associations to establish trust in a computer network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.