专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07421588B2 Apparatus, system, and method for sealing a data repository to a trusted computing platform 有权
标题翻译：用于将数据存储库密封到可信计算平台的装置，系统和方法
公开(公告)号：US07421588B2
公开(公告)日：2008-09-02
申请号：US10749057
申请日：2003-12-30
申请人： David Carroll Challener , Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield
发明人： David Carroll Challener , Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield
IPC分类号： G06F12/14
CPC分类号： G06F21/575 , G06F21/62 , G06F2221/2107
摘要： An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.
摘要翻译：描述了将数据存储库密封到可信计算平台的装置，方法和系统。可以通过加密存储库中的数据并将密码密封到特定的一组平台资源来密封数据存储库。将数据存储库密封到平台，如果系统配置受到威胁，例如插入“snoopware”或修改的BIOS，则系统引导顺序将失败。另外，如果包含数据存储库的计算机丢失或被盗，加密数据将保持安全，即使存储库附加到修改为绕过正常保护措施的系统。

2. 发明授权

US07412596B2 Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权
标题翻译：如果在系统唤醒期间返回的引导日志无法验证，则防止系统从睡眠状态唤醒的方法
公开(公告)号：US07412596B2
公开(公告)日：2008-08-12
申请号：US10967760
申请日：2004-10-16
申请人： David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人： David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F9/00 , G06F15/177
CPC分类号： G06F21/575
摘要： A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译：一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。当计算设备在成功启动后进入S4状态时，认证日志会追加到TPM刻度计数，并且日志被签名（具有安全签名）。当设备从S4状态唤醒时，BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR，并将这些虚拟PCR引用到日志中。如果值不匹配，则S4状态返回失败，设备重启。

3. 发明申请

US20060184785A1 Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system 审中-公开
标题翻译：用于保护刀片和基于刀片的计算机系统的外围接口设备之间的I / O通信的装置，系统和方法
公开(公告)号：US20060184785A1
公开(公告)日：2006-08-17
申请号：US11058987
申请日：2005-02-16
申请人： David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
IPC分类号： H04L9/00
CPC分类号： G06F21/606 , G06F21/85
摘要： An apparatus, system, and method are disclosed for securing I/O communications between a blade and peripheral interface device. The apparatus includes a determination module, a source security module, and a source communication module. The determination module identifies I/O data configured for transmission to a destination module configured to receive secure I/O data. The source security module encrypts the I/O data to generate secured I/O data such that subsequent decryption of the secured I/O data is restricted to a destination module. The source communication module transmits the secured I/O data over a vulnerable communication link to the destination module. The vulnerable communication link comprises a message intercept vulnerability. The destination module is configured to unencrypt the secure I/O data for a destination device such as a display device.
摘要翻译：公开了用于保护刀片和外围接口设备之间的I / O通信的装置，系统和方法。该装置包括确定模块，源安全模块和源通信模块。确定模块识别配置为传输到配置为接收安全I / O数据的目标模块的I / O数据。源安全模块加密I / O数据以产生安全的I / O数据，使得安全I / O数据的后续解密被限制到目的地模块。源通信模块通过易受攻击的通信链路将目标模块的安全I / O数据发送到目标模块。脆弱的通信链路包括消息拦截漏洞。目的地模块被配置为对诸如显示设备的目的地设备的安全I / O数据进行解密。

4. 发明授权

US07484241B2 Secure single sign-on to operating system via power-on password 有权
标题翻译：通过开机密码保护对操作系统的单一登录
公开(公告)号：US07484241B2
公开(公告)日：2009-01-27
申请号：US10994620
申请日：2004-11-22
申请人： David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
发明人： David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： G06F21/41
摘要： Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.
摘要翻译：公开了仅使用开机密码的安全单点登录到操作系统的方法和布置。在许多实施例中，修改的BIOS代码提示，接收和验证开机密码。开机密码被散列并存储在可信平台模块的平台配置寄存器中。在设置模式下，可信平台模块使用散列开机密码对操作系统密码进行加密。在登录模式下，可信平台模块使用散列开机密码解密操作系统密码。

5. 发明授权

US07281125B2 Securing sensitive configuration data remotely 有权
标题翻译：远程保护敏感的配置数据
公开(公告)号：US07281125B2
公开(公告)日：2007-10-09
申请号：US09940155
申请日：2001-08-24
申请人： David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
发明人： David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
IPC分类号： H04L29/00
CPC分类号： G06F21/572 , G06F21/575 , G06F21/62
摘要： A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.
摘要翻译：一种用于保护可变数据的方法，计算机程序产品和计算机系统。远程管理的计算机可能配备有只能通过BIOS代码访问的受保护存储。受保护的存储器可以具有存储对称加密密钥的能力。通常包含BIOS代码的EEPROM可用于存储可访问的配置数据以及远程不可访问的敏感访问信息（例如，密码）。远程不可访问的敏感数据通过BIOS代码用对称加密密钥加密。通过安全通道提交给BIOS代码的更改请求，可以远程访问敏感数据。然后，BIOS代码确定请求是否有效。如果是这样，那么敏感数据将被解密，更改，加密并重新写入EEPROM。对可访问数据的正常访问不受影响，并且允许远程访问，而无需更改计算机系统架构。

6. 发明授权

US07013384B2 Computer system with selectively available immutable boot block code 失效
公开(公告)号：US07013384B2
公开(公告)日：2006-03-14
申请号：US10047219
申请日：2002-01-15
申请人： David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人： David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F9/24
CPC分类号： G06F21/57 , G06F9/4406 , G06F15/177
摘要： A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.

7. 发明授权

US06782349B2 Method and system for updating a root of trust measurement function in a personal computer 有权
标题翻译：在个人计算机中更新信任测度功能根的方法和系统
公开(公告)号：US06782349B2
公开(公告)日：2004-08-24
申请号：US10063608
申请日：2002-05-03
申请人： David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
发明人： David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F1900
CPC分类号： G06F21/6218 , G06F21/575
摘要： A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.
摘要翻译：公开了一种用于更新个人计算机中的信任测度（RTM）功能根的方法和系统。 RTM功能位于个人计算机的引导块中。该方法和系统包括：初始化更新RTM功能的请求，并基于认证过程来解锁引导块。该方法和系统还包括更新RTM功能。通过使用根据本发明的方法和系统，个人计算机中的RTM功能以确保更新是真实的方式被更新。

8. 发明授权

US08504810B2 Remote PC bootup via a handheld communication device 有权
标题翻译：远程PC通过手持通信设备启动
公开(公告)号：US08504810B2
公开(公告)日：2013-08-06
申请号：US11861577
申请日：2007-09-26
申请人： David Carroll Challener , Daryl Cromer , Howard Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Cromer , Howard Locker , Randall Scott Springfield
IPC分类号： G06F9/00 , G06F15/177
CPC分类号： G06F21/305
摘要： A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords.
摘要翻译：公开了一种方法计算机可用介质和计算机系统电路，用于使用诸如蜂窝电话的远程命令装置从远程位置启动或“启动”计算机。该方法和系统包括用于远程存储和传输安全密码的安全装置。

9. 发明授权

US07779454B2 System and method for virtualized hypervisor to detect insertion of removable media 有权
标题翻译：用于虚拟化管理程序的系统和方法，用于检测可移动介质的插入
公开(公告)号：US07779454B2
公开(公告)日：2010-08-17
申请号：US11564832
申请日：2006-11-29
申请人： David Carroll Challener , Daryl Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号： G06F21/20
CPC分类号： H04L63/10 , G06F21/552 , G06F2221/2153
摘要： A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译：提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法，因为客户端与安全网络的最后一次网络会话。管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。当客户端连接到安全网络时，客户端的管理程序会将安全网络通知每个插入，安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求，客户端包括客户端插入值，安全网络与其安全的网络侧跟踪器值进行比较。当两个值不同时，安全网络向客户端发送动作请求，例如执行完整系统扫描的请求。一旦客户端执行操作，客户端的管理程序将重置其客户端插入值，并尝试再次登录到安全网络。

10. 发明申请

US20100205375A1 METHOD, APPARATUS, AND SYSTEM OF FORWARD CACHING FOR A MANAGED CLIENT 有权
标题翻译：用于管理客户端的方法，装置和前向缓存系统
公开(公告)号：US20100205375A1
公开(公告)日：2010-08-12
申请号：US12368882
申请日：2009-02-10
申请人： David Carroll Challener , Richard Wayne Cheston , Howard Locker , Randall Scott Springfield , Rod D. Waltermann
发明人： David Carroll Challener , Richard Wayne Cheston , Howard Locker , Randall Scott Springfield , Rod D. Waltermann
IPC分类号： G06F12/08
CPC分类号： G06F12/0868 , G06F2212/263 , G06F2212/314 , H04L29/08846 , H04L67/1097 , H04L67/2842
摘要： A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.
摘要翻译：公开了一种用于被管理客户端的前向缓存的方法，装置和系统。存储模块将软件映像存储在后端服务器的存储设备上。后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。每个无盘数据处理装置与第一中间网络点直接通信。存储模块在第一中间网络点高速缓存软件映像的图像实例。跟踪模块检测对存储设备上的软件映像的更新。存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式