专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08024579B2 Authenticating suspect data using key tables 有权
标题翻译：使用关键表验证可疑数据
公开(公告)号：US08024579B2
公开(公告)日：2011-09-20
申请号：US11647932
申请日：2006-12-29
申请人： David Carroll Challener , John H. Nicholson , Joseph Michael Pennisi , Rod D. Waltermann
发明人： David Carroll Challener , John H. Nicholson , Joseph Michael Pennisi , Rod D. Waltermann
IPC分类号： G06F11/30
CPC分类号： G06F21/57 , G06F21/51 , H04L9/0897 , H04L9/3236
摘要： A system and method for authenticating suspect code includes steps of: receiving the suspect code for a first instance of a trusted platform module; loading the suspect code into a trusted platform module device operatively associated with a processor, wherein the suspect code is loaded outside of a shielded location within the trusted platform module device; retrieving a validation public key from a table and storing it in a register in the trusted platform module device, the validation public key indexed by the suspect code; and retrieving a hash algorithm from the table, the hash algorithm indexed by the suspect code. The hash algorithm is run to derive a first hash value; then, using the validation public key, the second hash value is decrypted to derive a second decrypted hash value. The two hash values are compared; and upon determining a match, the suspect code is loaded into the shielded location of the processor for execution by the processor.
摘要翻译：用于认证可疑代码的系统和方法包括以下步骤：接收可信平台模块的第一实例的可疑代码; 将可疑代码加载到与处理器可操作地相关联的可信任的平台模块设备中，其中可疑代码被加载到可信平台模块设备内的屏蔽位置之外; 从表中检索验证公钥并将其存储在可信平台模块设备中的寄存器中，由可疑代码索引的验证公钥; 并从表中检索散列算法，由可疑代码索引的哈希算法。运行散列算法以导出第一散列值; 然后，使用验证公钥，解密第二哈希值以导出第二解密哈希值。比较两个哈希值; 并且在确定匹配时，可疑代码被加载到处理器的屏蔽位置以供处理器执行。

12. 发明授权

US07841000B2 Authentication password storage method and generation method, user authentication method, and computer 有权
标题翻译：认证密码存储方法和生成方法，用户认证方法和计算机
公开(公告)号：US07841000B2
公开(公告)日：2010-11-23
申请号：US11581319
申请日：2006-10-16
申请人： Seiichi Kawano , Yuji Sugiyama , David Carroll Challener , Philip Lee Childs , Norman Arthur Dion, II
发明人： Seiichi Kawano , Yuji Sugiyama , David Carroll Challener , Philip Lee Childs , Norman Arthur Dion, II
IPC分类号： G06F17/30
CPC分类号： H04L9/3236 , G06F21/46 , H04L9/0894 , H04L9/3226 , H04L2209/127
摘要： Protection of an authentication password stored in a database held by a SAM of Windows® is strengthened. A GINA, a part of the OS, receives an authentication password in ASCII codes. The authentication password is converted to first UNICODES, and the first UNICODES are salted with a random number and converted to second UNICODES. The random number used for salting is associated with a user account and a password and stored in a read/write protected non-volatile memory or a non-volatile memory which can be accessed only by a BIOS. An LSA of the OS can process UNICODES without being changed.
摘要翻译：保护存储在由Windows®的SAM持有的数据库中的认证密码得到加强。操作系统的一部分GINA以ASCII码接收认证密码。认证密码被转换成第一个UNICODES，第一个UNICODES用一个随机数进行盐化并转换成第二个UNICODES。用于盐化的随机数与用户帐户和密码相关联，并存储在只能由BIOS访问的读/写保护的非易失性存储器或非易失性存储器中。操作系统的LSA可以处理UNICODES而不改变。

13. 发明授权

US07779454B2 System and method for virtualized hypervisor to detect insertion of removable media 有权
标题翻译：用于虚拟化管理程序的系统和方法，用于检测可移动介质的插入
公开(公告)号：US07779454B2
公开(公告)日：2010-08-17
申请号：US11564832
申请日：2006-11-29
申请人： David Carroll Challener , Daryl Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号： G06F21/20
CPC分类号： H04L63/10 , G06F21/552 , G06F2221/2153
摘要： A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译：提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法，因为客户端与安全网络的最后一次网络会话。管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。当客户端连接到安全网络时，客户端的管理程序会将安全网络通知每个插入，安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求，客户端包括客户端插入值，安全网络与其安全的网络侧跟踪器值进行比较。当两个值不同时，安全网络向客户端发送动作请求，例如执行完整系统扫描的请求。一旦客户端执行操作，客户端的管理程序将重置其客户端插入值，并尝试再次登录到安全网络。

14. 发明申请

US20100205375A1 METHOD, APPARATUS, AND SYSTEM OF FORWARD CACHING FOR A MANAGED CLIENT 有权
标题翻译：用于管理客户端的方法，装置和前向缓存系统
公开(公告)号：US20100205375A1
公开(公告)日：2010-08-12
申请号：US12368882
申请日：2009-02-10
申请人： David Carroll Challener , Richard Wayne Cheston , Howard Locker , Randall Scott Springfield , Rod D. Waltermann
发明人： David Carroll Challener , Richard Wayne Cheston , Howard Locker , Randall Scott Springfield , Rod D. Waltermann
IPC分类号： G06F12/08
CPC分类号： G06F12/0868 , G06F2212/263 , G06F2212/314 , H04L29/08846 , H04L67/1097 , H04L67/2842
摘要： A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.
摘要翻译：公开了一种用于被管理客户端的前向缓存的方法，装置和系统。存储模块将软件映像存储在后端服务器的存储设备上。后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。每个无盘数据处理装置与第一中间网络点直接通信。存储模块在第一中间网络点高速缓存软件映像的图像实例。跟踪模块检测对存储设备上的软件映像的更新。存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。

15. 发明申请

US20100122250A1 Apparatus, System, and Method for Granting Hypervisor Privileges 有权
标题翻译：设备，系统和授予管理程序权限的方法
公开(公告)号：US20100122250A1
公开(公告)日：2010-05-13
申请号：US12269668
申请日：2008-11-12
申请人： David Carroll Challener , Mark Charles Davis , Randall Scott Springfield , Rod D. Waltermann
发明人： David Carroll Challener , Mark Charles Davis , Randall Scott Springfield , Rod D. Waltermann
IPC分类号： G06F9/445 , G06F9/455 , G06F9/46 , G06F15/177
CPC分类号： G06F21/53 , G06F8/61 , G06F9/4401 , G06F9/45558 , G06F9/468 , G06F21/575 , G06F2009/45562 , G06F2009/45587
摘要： An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer
摘要翻译：公开了用于授予管理程序特权的装置，系统和方法。安装模块安装监视器管理程序，其中只有监视器管理程序被计算机授予管理程序的权限。认证模块认证第二管理程序。如果第二个管理程序被认证，驱逐模块将使监视器管理程序移走。在监视器管理程序被驱逐之后，安装模块进一步安装第二管理程序，使得只有第二管理程序被计算机授予管理程序特权

16. 发明申请

US20100106994A1 METHOD, APPARATUS, AND SYSTEM FOR ADAPTING POWER CONSUMPTION 审中-公开
标题翻译：用于适应消耗电力的方法，装置和系统
公开(公告)号：US20100106994A1
公开(公告)日：2010-04-29
申请号：US12259074
申请日：2008-10-27
申请人： David Carroll Challener , Harriss Christopher Neil Ganey , Howard Locker
发明人： David Carroll Challener , Harriss Christopher Neil Ganey , Howard Locker
IPC分类号： G06F1/26 , G06F9/46
CPC分类号： G06F1/3203
摘要： A method, apparatus, and system are disclosed for adapting power consumption. A recording module records a usage record for each component within a computer at scheduled audit times. The usage record comprises a usage level, an application list, a time stamp, a network access point, a computation category, a time category, and a location category. A scenario module creates a plurality of usage scenarios. Each usage scenario comprises a unique combination of a specified computation category, a specified time category, and a specified location category. A profile module creates a power setting profile for each usage scenario. Each power setting profile specifies a target power status for each component of the computer. A scenario detection module detects a first usage scenario. An adjustment module sets a power status of each component to the first usage scenario target power status for the component.
摘要翻译：公开了用于调整功耗的方法，装置和系统。记录模块在计划的审核时间内记录计算机内每个组件的使用记录。使用记录包括使用级别，应用列表，时间戳，网络接入点，计算类别，时间类别和位置类别。场景模块创建多个使用场景。每个使用情景包括指定计算类别，指定时间类别和指定位置类别的唯一组合。配置文件模块为每个使用场景创建功率设置配置文件。每个功率设置配置文件指定计算机的每个组件的目标电源状态。场景检测模块检测第一使用场景。调整模块将每个组件的电源状态设置为组件的第一使用情景目标电源状态。

17. 发明授权

US07644278B2 Method for securely creating an endorsement certificate in an insecure environment 失效
标题翻译：在不安全的环境中安全地创建背书证书的方法
公开(公告)号：US07644278B2
公开(公告)日：2010-01-05
申请号：US10750594
申请日：2003-12-31
申请人： Ryan Charles Catherman , David Carroll Challener , James Patrick Hoff
发明人： Ryan Charles Catherman , David Carroll Challener , James Patrick Hoff
IPC分类号： H04L9/32
CPC分类号： G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要： A Method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured trusted platform modules. The endorsement keys are generated for the trusted platform module (TPM). The TPM vendor selects an N-byte secret and stores the N-type secret in the trusted platform module along with the endorsement keys. The secret number cannot be read outside of the trusted platform module. The secret number is also provided to the credential server of the original equipment manufacturer. During the endorsement key (EK) credential process, the trusted platform module generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key withy a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the trusted platform module only when a match is confirmed.
摘要翻译：一种用于确保制造可信平台模块的认可密钥的安全兼容创建和签名的方法和系统。为可信平台模块（TPM）生成认可密钥。 TPM供应商选择N字节的秘密，并将N型秘密与认可密钥一起存储在可信平台模块中。秘密号码不能在受信任的平台模块之外读取。秘密编号也提供给原始设备制造商的凭证服务器。在认可密钥（EK）凭证过程中，可信平台模块生成包括公开密钥和秘密的哈希和公开密钥的认可密钥。凭证服务器使用所接收的公钥（来自认可密钥）和供应商提供的秘密的第二散列表来匹配认可密钥内的散列。仅当匹配确认时，EK证书才会生成并插入可信平台模块。

18. 发明申请

US20090222915A1 System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory 有权
标题翻译：安全清除计算机系统内存中保密数据的系统和方法
公开(公告)号：US20090222915A1
公开(公告)日：2009-09-03
申请号：US12040953
申请日：2008-03-03
申请人： David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号： G06F21/00
CPC分类号： G06F21/57 , G06F21/79
摘要： A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译：提供了一种系统，方法和程序产品，其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。安全模块从请求者接收到秘密的请求。安全模块向请求者释放秘密，所发布的秘密存储在分配给请求者的内存区域中。当秘密被释放时，计数器递增。请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。每次接收到通知时，安全模块都会递减计数器。当计算机系统重新启动时，如果计数器不在初始化值，系统内存将被擦除擦除留在内存中的任何秘密。

19. 发明申请

US20090119785A1 System and Method for Secure Usage of Peripheral Devices Using Shared Secrets 有权
标题翻译：使用共享密码安全使用外围设备的系统和方法
公开(公告)号：US20090119785A1
公开(公告)日：2009-05-07
申请号：US11934829
申请日：2007-11-05
申请人： David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号： G06F21/04
CPC分类号： G06F21/31 , G06F21/78 , G06F21/82 , G06F2221/2129
摘要： A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.
摘要翻译：提供了一种系统，方法和程序产品，其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。建立共享密钥后，外围设备被锁定。在外围设备被锁定之后，接收到解锁请求并将共享密钥发送到外围设备。然后，外围设备尝试验证共享密钥。如果共享密钥被成功验证，则外围设备被解锁，允许使用由验证的共享秘密提供的加密密钥来使用该设备。另一方面，如果未验证共享密钥，则外围设备保持锁定，并且防止了设备的使用。

20. 发明申请

US20090083555A1 REMOTE COMPUTER LOCKDOWN 有权
标题翻译：远程计算机锁定
公开(公告)号：US20090083555A1
公开(公告)日：2009-03-26
申请号：US11861597
申请日：2007-09-26
申请人： David Carroll Challener , Daryl Cromer , Howard Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Cromer , Howard Locker , Randall Scott Springfield
IPC分类号： G06F1/32 , G06F15/16 , G06F21/00
CPC分类号： G06F21/6209 , G06F21/74 , G06F2221/2103 , G06F2221/2105 , H04L63/1441
摘要： A method and system are disclosed for placing a computer in a safe and secure lock down state from a remote location using a remote command device such as a cellular telephone. The method and system includes optional security provisions before restarting the computer.
摘要翻译：公开了一种用于使用诸如蜂窝电话的远程命令装置将计算机从远程位置放置在安全和安全的锁定状态的方法和系统。在重新启动计算机之前，该方法和系统包括可选的安全规定。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式