Abstract: A method of controlling information exposure in a multiparty transaction includes an originating transaction participant cryptographically encoding all information for each of the transaction participants such that a unique data content and encryption are used for each of the messages destined to the other transaction participants. The cryptographically encoded messages are transmitted to the transaction participants such that each may decrypt their message and respond to a primary transaction participant with status concerning their portion of the transaction. After reception of affirmative status messages from the transaction participants, the primary transaction participant may transmit messages to the responding transaction participants to execute the multiparty transaction. The originating transaction participant may also be provided an indication that the multiparty transaction is executed.

Abstract: A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memory controller). Once an initialization process has been executed by that CPU, the code is operational and any other CPUs are allowed to access memory (after being reset), as are any other bus masters (subject to any controls imposed by the initiated code).

Abstract: A method of assessing risk in an electronic transaction involves assignment of quality attributes to cryptographic identities presented in a digital transaction. The quality assignment supports assessment of risk in the transaction. The evaluation of risk in the transaction is made by assessing machine readable attributes of the digital identities along with transaction details. The digital identity attributes may be constructed using extensions of existing standards. A guarantee against risk of loss may be obtained by procuring insurance on the transaction before execution. Third party insurers may analyze the risk of loss in a transaction by assessing the attributes of digital identities along with transaction details and may provide a requestor with an insurance premium quote. Based on the value of the quote, the transaction participants may decide whether or not to execute the transaction.

Abstract: A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memory controller). Once an initialization process has been executed by that CPU, the code is operational and any other CPUs are allowed to access memory (after being reset), as are any other bus masters (subject to any controls imposed by the initiated code).

Abstract: Techniques are disclosed to provide security for graphical user interface elements being displayed in a system in which a first, host operating system is used along with a second, high assurance operating system, where the first system provides at least some of the infrastructure for the second system. Graphical user interface elements associated with the high-assurance operating system are prevented from being obscured and from any partial transparency. Additionally, a piece of secret information is stored which can be displayed upon command by graphical user interface elements associated with the high-assurance operating system. Coordinating certain elements of the display of all graphical user interface elements associated with the high assurance operating system also helps to identify legitimate elements associated with the high assurance operating system, as opposed to impostor elements which are not.

Abstract: Techniques are disclosed to provide security for user output and input in which a first, host operating system is used along with a second, high assurance operating system (nexus), where the first system provides at least some of the infrastructure for the second system. A trusted UI engine has a trusted input manager and a trusted output manager. The trusted input manager controls access to trusted input, distributing decrypted input to the host operating system where appropriate, or to the appropriate process running in the nexus. The trusted output manager manages output to the display, and allows trusted agents in the nexus to output data for display without needing to be aware of output-device-dependent details.

Abstract: Methods of providing and limiting access to trusted memory are provided. Trusted memory pages are not mapped with page map pages. When a central processor is operated in a page-mapping mode, access to the trusted memory is limited. In particular, without mapping information, software and hardware modules cannot access and modify the contents of trusted memory sections.

Abstract: In a single machine that has entities running in an untrusted environment and entities running in a trusted environment, the trustworthiness of the entities in the trusted environment is projected to the entities in the untrusted environment. This is applicable, for example, to Microsoft®'s Next Generation Secure Computing Base (NGSCB), where a regular operating system (e.g., the Windows® operating system) hosts a secure operating system (e.g., the nexus).

Abstract: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: A multi-processor system includes memory and at least two central processing units (CPUs) that may execute different threads of computation of a same task at the same time. CPU-specific data is segregated from shared task information of different threads of computation of the task. In particular, the shared task information is placed in memory locations of the memory that are directly addressable by both CPUs, and CPU-specific data are placed in memory locations that are directly addressable by only the associated CPU. No additional hardware is needed, and the memory and run-time costs of the invention are miniscule.