专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07281125B2 Securing sensitive configuration data remotely 有权
标题翻译：远程保护敏感的配置数据
公开(公告)号：US07281125B2
公开(公告)日：2007-10-09
申请号：US09940155
申请日：2001-08-24
申请人： David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
发明人： David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
IPC分类号： H04L29/00
CPC分类号： G06F21/572 , G06F21/575 , G06F21/62
摘要： A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.
摘要翻译：一种用于保护可变数据的方法，计算机程序产品和计算机系统。远程管理的计算机可能配备有只能通过BIOS代码访问的受保护存储。受保护的存储器可以具有存储对称加密密钥的能力。通常包含BIOS代码的EEPROM可用于存储可访问的配置数据以及远程不可访问的敏感访问信息（例如，密码）。远程不可访问的敏感数据通过BIOS代码用对称加密密钥加密。通过安全通道提交给BIOS代码的更改请求，可以远程访问敏感数据。然后，BIOS代码确定请求是否有效。如果是这样，那么敏感数据将被解密，更改，加密并重新写入EEPROM。对可访问数据的正常访问不受影响，并且允许远程访问，而无需更改计算机系统架构。

2. 发明申请

US20060184785A1 Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system 审中-公开
标题翻译：用于保护刀片和基于刀片的计算机系统的外围接口设备之间的I / O通信的装置，系统和方法
公开(公告)号：US20060184785A1
公开(公告)日：2006-08-17
申请号：US11058987
申请日：2005-02-16
申请人： David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
发明人： David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
IPC分类号： H04L9/00
CPC分类号： G06F21/606 , G06F21/85
摘要： An apparatus, system, and method are disclosed for securing I/O communications between a blade and peripheral interface device. The apparatus includes a determination module, a source security module, and a source communication module. The determination module identifies I/O data configured for transmission to a destination module configured to receive secure I/O data. The source security module encrypts the I/O data to generate secured I/O data such that subsequent decryption of the secured I/O data is restricted to a destination module. The source communication module transmits the secured I/O data over a vulnerable communication link to the destination module. The vulnerable communication link comprises a message intercept vulnerability. The destination module is configured to unencrypt the secure I/O data for a destination device such as a display device.
摘要翻译：公开了用于保护刀片和外围接口设备之间的I / O通信的装置，系统和方法。该装置包括确定模块，源安全模块和源通信模块。确定模块识别配置为传输到配置为接收安全I / O数据的目标模块的I / O数据。源安全模块加密I / O数据以产生安全的I / O数据，使得安全I / O数据的后续解密被限制到目的地模块。源通信模块通过易受攻击的通信链路将目标模块的安全I / O数据发送到目标模块。脆弱的通信链路包括消息拦截漏洞。目的地模块被配置为对诸如显示设备的目的地设备的安全I / O数据进行解密。

3. 发明授权

US07412596B2 Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权
标题翻译：如果在系统唤醒期间返回的引导日志无法验证，则防止系统从睡眠状态唤醒的方法
公开(公告)号：US07412596B2
公开(公告)日：2008-08-12
申请号：US10967760
申请日：2004-10-16
申请人： David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人： David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F9/00 , G06F15/177
CPC分类号： G06F21/575
摘要： A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译：一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。当计算设备在成功启动后进入S4状态时，认证日志会追加到TPM刻度计数，并且日志被签名（具有安全签名）。当设备从S4状态唤醒时，BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR，并将这些虚拟PCR引用到日志中。如果值不匹配，则S4状态返回失败，设备重启。

4. 发明授权

US07484241B2 Secure single sign-on to operating system via power-on password 有权
标题翻译：通过开机密码保护对操作系统的单一登录
公开(公告)号：US07484241B2
公开(公告)日：2009-01-27
申请号：US10994620
申请日：2004-11-22
申请人： David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
发明人： David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： G06F21/41
摘要： Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.
摘要翻译：公开了仅使用开机密码的安全单点登录到操作系统的方法和布置。在许多实施例中，修改的BIOS代码提示，接收和验证开机密码。开机密码被散列并存储在可信平台模块的平台配置寄存器中。在设置模式下，可信平台模块使用散列开机密码对操作系统密码进行加密。在登录模式下，可信平台模块使用散列开机密码解密操作系统密码。

5. 发明授权

US07013384B2 Computer system with selectively available immutable boot block code 失效
公开(公告)号：US07013384B2
公开(公告)日：2006-03-14
申请号：US10047219
申请日：2002-01-15
申请人： David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人： David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F9/24
CPC分类号： G06F21/57 , G06F9/4406 , G06F15/177
摘要： A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.

6. 发明授权

US07421588B2 Apparatus, system, and method for sealing a data repository to a trusted computing platform 有权
标题翻译：用于将数据存储库密封到可信计算平台的装置，系统和方法
公开(公告)号：US07421588B2
公开(公告)日：2008-09-02
申请号：US10749057
申请日：2003-12-30
申请人： David Carroll Challener , Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield
发明人： David Carroll Challener , Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield
IPC分类号： G06F12/14
CPC分类号： G06F21/575 , G06F21/62 , G06F2221/2107
摘要： An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.
摘要翻译：描述了将数据存储库密封到可信计算平台的装置，方法和系统。可以通过加密存储库中的数据并将密码密封到特定的一组平台资源来密封数据存储库。将数据存储库密封到平台，如果系统配置受到威胁，例如插入“snoopware”或修改的BIOS，则系统引导顺序将失败。另外，如果包含数据存储库的计算机丢失或被盗，加密数据将保持安全，即使存储库附加到修改为绕过正常保护措施的系统。

7. 发明授权

US06782349B2 Method and system for updating a root of trust measurement function in a personal computer 有权
标题翻译：在个人计算机中更新信任测度功能根的方法和系统
公开(公告)号：US06782349B2
公开(公告)日：2004-08-24
申请号：US10063608
申请日：2002-05-03
申请人： David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
发明人： David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F1900
CPC分类号： G06F21/6218 , G06F21/575
摘要： A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.
摘要翻译：公开了一种用于更新个人计算机中的信任测度（RTM）功能根的方法和系统。 RTM功能位于个人计算机的引导块中。该方法和系统包括：初始化更新RTM功能的请求，并基于认证过程来解锁引导块。该方法和系统还包括更新RTM功能。通过使用根据本发明的方法和系统，个人计算机中的RTM功能以确保更新是真实的方式被更新。

8. 发明授权

US07533274B2 Reducing the boot time of a TCPA based computing system when the core root of trust measurement is embedded in the boot block code 失效
标题翻译：当信任测度的核心根源嵌入引导块代码时，减少基于TCPA的计算系统的启动时间
公开(公告)号：US07533274B2
公开(公告)日：2009-05-12
申请号：US10712237
申请日：2003-11-13
申请人： Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield
发明人： Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield
IPC分类号： G06F9/24 , G06F9/22 , G06F9/30
CPC分类号： G06F21/572 , G06F21/575
摘要： A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.
摘要翻译：一种用于减少基于TCPA的计算系统的启动时间的方法，计算机程序产品和系统。基于TCPA的计算系统中的闪速存储器可以包括寄存器，其包括被配置为指示闪速存储器的段是否已被更新的位。闪存可以进一步包括被配置为存储闪存的片段的测量的表。闪速存储器还可以包括引导块代码，其包括用于测量的信任核心根（CRTM）。 CRTM可以读取寄存器中的位，以确定闪存中的任何段是否已更新。 CRTM可以进一步获得存储POST BIOS代码的那些片段的表中的测量值，从而节省了测量POST BIOS代码的时间，从而减少了引导时间。

9. 发明授权

US07319299B2 Determining types of cooling fans used in a personal computer thereby using optimum parameters to control each unique cooling fan 有权
标题翻译：确定个人计算机中使用的冷却风扇的类型，从而使用最佳参数来控制每个独特的冷却风扇
公开(公告)号：US07319299B2
公开(公告)日：2008-01-15
申请号：US11167751
申请日：2005-06-27
申请人： Joseph Wayne Freeman , Steven Dale Goodman , Isaac Karpel , Randall Scott Springfield
发明人： Joseph Wayne Freeman , Steven Dale Goodman , Isaac Karpel , Randall Scott Springfield
IPC分类号： H02P5/00
CPC分类号： G06F1/20 , F04D27/00 , F04D27/001 , F04D29/582
摘要： A cooling fan, system and method for controlling cooling fans in a personal computer. A unique series of sensing points is placed on a rotating hub of a cooling fan in order to uniquely identify the particular type of cooling fan. A tachometer sensor mounted in the cooling fan detects the unique series of sensing points as the cooling fan rotates and generates a sequence of pulses corresponding to the detected sending points. This generated pulse signal may be transmitted by the sensor to the fan control code. The fan control code may determine a particular type of cooling fan that the cooling fan is based on the generated pulse signal. Once the fan control code determines the particular type of cooling fan that the cooling fan is, the fan control code uses particular control parameters set for that particular type of cooling fan to control the cooling fan so that it operates optimally.
摘要翻译：一种用于控制个人计算机中的冷却风扇的冷却风扇，系统和方法。为了唯一地识别特定类型的冷却风扇，将一系列传感点放置在冷却风扇的旋转轮毂上。安装在冷却风扇中的转速计传感器在冷却风扇旋转时检测独特的感测点系列，并产生与检测到的发送点相对应的脉冲序列。该生成的脉冲信号可以由传感器传输到风扇控制代码。风扇控制代码可以确定冷却风扇基于生成的脉冲信号的特定类型的冷却风扇。一旦风扇控制代码确定了冷却风扇的特定类型的冷却风扇，则风扇控制代码使用为特定类型的冷却风扇设置的特定控制参数来控制冷却风扇，使其最佳运行。

10. 发明授权

US06993648B2 Proving BIOS trust in a TCPA compliant system 有权
公开(公告)号：US06993648B2
公开(公告)日：2006-01-31
申请号：US09931538
申请日：2001-08-16
申请人： Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人： Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号： G06F9/24
CPC分类号： G06F9/4401 , G06F8/65
摘要： When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式