会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 11. 发明授权
    • Method to use secure passwords in an unsecure program environment
    • 在不安全的程序环境中使用安全密码的方法
    • US07200761B1
    • 2007-04-03
    • US09711028
    • 2000-11-09
    • Joseph Wayne FreemanRandall Scott SpringfieldSteven Dale GoodmanIsaac Karpel
    • Joseph Wayne FreemanRandall Scott SpringfieldSteven Dale GoodmanIsaac Karpel
    • G06F9/00G06F11/30G06F15/173G06F15/16H04L9/00
    • G06F21/575G06F11/2284G06F21/79
    • During power up initialization, security data such as passwords and other sensitive data which are stored in a lockable memory device are read and copied to protected system management interrupt (SMI) memory space, subject to verification by code running in the SMI memory space that the call to write the security data originates with a trusted entity. Once copied to SMI memory space, the security data is erased from regular system memory and the lockable storage device is hard locked (requiring a reset to unlock) against direct access prior to starting the operating system. The copy of the security data within the SMI memory space is invisible to the operating system. However, the operating system may initiate a call to code running in the SMI memory space to check a password entered by the user, with the SMI code returning a “match” or “no match” indication. The security data may thus be employed after the lockable memory device is hard locked and the operating system is started.
    • 在上电初始化期间,存储在可锁定存储器设备中的安全数据(例如密码和其他敏感数据)被读取并复制到受保护的系统管理中断(SMI)存储器空间,经由在SMI存储器空间中运行的代码进行验证, 调用写入安全数据来源于受信任的实体。 一旦复制到SMI内存空间,安全数据将从常规系统内存中擦除,锁定的存储设备在启动操作系统之前就被硬锁定(需要重新启动)以防止直接访问。 SMI内存空间中的安全数据的副本对于操作系统是不可见的。 然而,操作系统可以启动对在SMI存储器空间中运行的代码的调用,以检查由用户输入的密码,SMI代码返回“匹配”或“不匹配”指示。 因此,在可锁定存储器件被硬锁定并且操作系统启动之后可以采用安全数据。
    • 14. 发明授权
    • Method and system for tracking a secure boot in a trusted computing environment
    • 用于在可信计算环境中跟踪安全引导的方法和系统
    • US07191464B2
    • 2007-03-13
    • US09978381
    • 2001-10-16
    • Daryl Carvis CromerJoseph Wayne FreemanSteven Dale GoodmanEric Richard KernRandall Scott Springfield
    • Daryl Carvis CromerJoseph Wayne FreemanSteven Dale GoodmanEric Richard KernRandall Scott Springfield
    • H04L9/32G06F15/177
    • G06F21/575
    • A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.
    • 公开了一种包含用于在具有多个设备的计算机系统中跟踪安全引导的编程指令的方法,系统和计算机可读介质。 所述方法,系统和计算机可读介质包括在所述计算机系统中提供嵌入式安全系统(ESS),其中所述ESS包括用于所述至少一个启动PCR中的每一个的至少一个引导平台配置寄存器(PCR)和阴影PCR, 启动平台重置以通过BIOS引导计算机系统,并且对于引导的设备,生成所述设备的测量值并将该值扩展到所述至少一个启动PCR中的一个及其相应的阴影PCR。 本发明的系统,方法和计算机可读介质还包括将引导PCR的测量值与其相应的阴影PCR进行比较,从而如果测量值匹配,则计算机系统被信任。
    • 16. 发明授权
    • Secure method and system to prevent external unauthorized remotely initiated power up events in computer
    • 安全的方法和系统,以防止外部未经授权的远程启动电脑中的加电事件
    • US07082129B2
    • 2006-07-25
    • US10134936
    • 2002-04-29
    • Daryl Carvis CromerJoseph Wayne FreemanChad Lee GettelfingerSteven Dale GoodmanEric Richard KernRandall Scott Springfield
    • Daryl Carvis CromerJoseph Wayne FreemanChad Lee GettelfingerSteven Dale GoodmanEric Richard KernRandall Scott Springfield
    • H04L12/28
    • G06F1/3209H04L12/12H04L45/20Y02D50/40
    • In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method and system of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from one of the computers in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. Further, the sleeping computer compares a transit value in the incoming packet to a predetermined value stored at the sleeping computer. The transit value indicates how far the data packet has traveled through the network, indicating the approximate origin of the data packet. Knowing the approximate origin of the data packet allows the client system to identify if the data packet originated from an external network. The predetermined value represents an origin within the internal network. Accordingly, if the incoming packet matches the particular data sequence associated with the sleeping computer, and the transit value in the packet matches the predetermined value stored at the sleeping computer, then a signal is issued to wake the sleeping computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awaken.
    • 在包括多个相互连接的计算机的计算机网络中,计算机中的一个是处于断电状态的休眠计算机,睡眠计算机监听与休眠计算机相关联的分组,从计算机唤醒睡眠计算机的方法和系统 网络。 传入的数据包从网络中的一台计算机发送到睡眠计算机。 当睡眠计算机检测到传入分组时,它确定传入分组是否包含与睡眠计算机相关联的数据序列。 此外,睡眠计算机将输入分组中的传输值与存储在睡眠计算机上的预定值进行比较。 传输值表示数据分组通过网络传播的距离,指示数据分组的近似来源。 知道数据包的近似来源允许客户端系统识别数据包是否源自外部网络。 预定值表示内部网络内的原点。 因此,如果输入分组与休眠计算机相关联的特定数据序列匹配,并且分组中的传输值与存储在睡眠计算机上的预定值匹配,则发出信号以唤醒睡眠计算机。 否则,传入的数据包被丢弃,并且睡眠的计算机没有被唤醒。