Abstract: A method for dependent trust in a computer system is provided. In this method, trust dependency relationships are defined among components of the computer system, specifying, for a component, which components it relies on in ensuring the integrity or confidentiality of its code or data. Subsequently, trust dependencies are resolved and the results are used in performing certain operations described in Trusted Computing Group standards including generating an attestation reply, sealing data, and unsealing data. In addition, methods for computing an integrity measurement for a Core Root of Trust for Measurement of a trust-dependent component are included. A system for dependent trust in a computer system is also described.

Abstract: Systems and methods are provided for viewing portions of an image in high resolution and in context with a full image, which is displayed at a base resolution that is lower resolution than the resolution of the high-resolution image. A user can select an area of interest from the base-resolution image for viewing at a higher resolution on the client device. The server, or in some implementations the client device, can generate a high-resolution image representing the area of interest and the client device can display a portion of the high-resolution image in a virtual lens overlaid on the base-resolution image.

Abstract: A system for establishing an encrypted multicast communication session over a communications network can include a client means (e.g., a radio, laptop, workstation, phone, PDA) and a server means. The client means can transmit a request for a first user to join a pre-defined collaborative group, including at least the first user and a second user. The client means can transmit a request for a first user to create or select a collaborative group based on specified criteria. The system can also include a server means that can retrieve, select or generate an encryption key for the collaborative group and transmit the encryption key to the first user via the client means. The server can transmit the encryption key to the second user via a second client means. The client means can communicate via multicast, encrypting end-to-end above the network layer using the encryption key received from the server means.

Abstract: A cryptographic module for limiting exposure of cryptographic keys protected by a trusted platform module (TPM) is provided. The cryptographic module includes logic for establishing a session with the TPM on behalf of a cryptographic client and logic for sending a request from the cryptographic client to the TPM to retrieve in plaintext a cryptographic key of the cryptographic client. Logic for receiving the cryptographic key in plaintext from the TPM are also included in cryptographic module. Further, cryptographic module includes logic for performing a cryptographic operation requested by the cryptographic client using the cryptographic key, and logic for sending the results of the cryptographic operation to the cryptographic client. A hardware-based method and system for limiting exposure of cryptographic keys also are described.

Abstract: A method for dependent trust in a computer system is provided. In this method, trust dependency relationships are defined among components of the computer system, specifying, for a component, which components it relies on in ensuring the integrity or confidentiality of its code or data. Subsequently, trust dependencies are resolved and the results are used in performing certain operations described in Trusted Computing Group standards including generating an attestation reply, sealing data, and unsealing data. In addition, methods for computing an integrity measurement for a Core Root of Trust for Measurement of a trust-dependent component are included. A system for dependent trust in a computer system is also described.

Abstract: A method for secure cryptographic communication comprises transmitting information that identifies a group key from a first device to a second device. The method further comprises, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: A hardware-based method for binding a hardware component and a platform is provided. In this hardware-based method, a cryptographic binding is established between the hardware component and the platform. The cryptographic binding is the registration of cryptographic keys between the hardware component and the platform. Subsequently, an identity exchange is performed between the hardware component and the platform using the cryptographic keys as inputs to cryptographic operations, where the identity exchange enables a challenger to verify the identity of a responder. A hardware component to be bound with a platform, a platform identity module, and a system for binding a hardware component and a platform also are described.

Abstract: A hardware-based method for performing secure communications between an authorized computing platform (ACP) and a hardware component is provided. In this method, a secure communication path is established between the ACP and the hardware component. Thereafter, data transmitted over the secure communication path between the ACP and the hardware component is protected.

Abstract: A method for securing a computer boot is provided. In this method, integrity measurements of program code being loaded for execution are taken during the computer boot, and the integrity measurements are stored in a system board trusted platform module (SBTPM). Subsequently, the integrity measurements are transferred from the SBTPM to a trusted platform module peripheral (TPMP) when the TPMP is initialized and accessible. Systems for securing a computer boot are also described.