公开(公告)号：US06754826B1

公开(公告)日：2004-06-22

申请号：US09282713

申请日：1999-03-31

申请人： David Carroll Challener ,  Daryl Carvis Cromer ,  Dhruv M. Desai ,  Brandon Jon Ellison ,  Howard Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： David Carroll Challener ,  Daryl Carvis Cromer ,  Dhruv M. Desai ,  Brandon Jon Ellison ,  Howard Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： H04L932

CPC分类号： H04L63/0823 ,  H04L63/10

摘要： A data processing system and method are disclosed for providing an access connector which limits access to a network to only authorized client computer systems. The network is controlled by a server computer system. The access connector is provided for physically coupling a client computer system to the network. The access connector is physically coupled to the network. Prior to permitting the client computer system to attempt to establish a client communication link with the network, the client computer system attempts to authenticate itself to the server computer system. In response to the client computer system being unable to authenticate itself to the server computer system, the access connector prohibits the client computer system from establishing a client communication link between the client computer system and the network.

摘要翻译： 公开了一种用于提供访问连接器的数据处理系统和方法，其将对网络的访问限于仅授权的客户端计算机系统。 网络由服务器计算机系统控制。 提供接入连接器用于将客户端计算机系统物理耦合到网络。 接入连接器物理耦合到网络。 在允许客户端计算机系统尝试与网络建立客户端通信链路之前，客户端计算机系统尝试向服务器计算机系统认证自身。 响应于客户端计算机系统无法向服务器计算机系统认证自身，访问连接器禁止客户端计算机系统在客户端计算机系统和网络之间建立客户端通信链路。

公开(公告)号：US06567920B1

公开(公告)日：2003-05-20

申请号：US09282892

申请日：1999-03-31

申请人： Daryl Carvis Cromer ,  Dhruv M. Desai ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Dhruv M. Desai ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： G06F1130

CPC分类号： G06F21/313 ,  G06F21/31

摘要： A data processing system and method are disclosed for authenticating a client computer system to a secure network prior to permitting the client computer system to attempt to log-on to the network. The secure network is controlled by a server computer system. A unique identifier is established which identifies the client computer system. The unique identifier is encrypted. Prior to permitting the client computer system to attempt to log-on to the secure network, the client computer system transmits the encrypted identifier to the server computer system. Also prior to permitting the client computer system to attempt to log-on to the network, the server computer system utilizes the unique identifier to determine whether to permit the client computer system to attempt to log-on to the network. The client computer system is authenticated prior to permitting the client computer system to attempt to log-on to the network.

摘要翻译： 公开了一种数据处理系统和方法，用于在允许客户端计算机系统尝试登录到网络之前将客户端计算机系统认证到安全网络。 安全网络由服务器计算机系统控制。 建立了识别客户端计算机系统的唯一标识符。 唯一标识符被加密。 在允许客户端计算机系统尝试登录到安全网络之前，客户端计算机系统将加密的标识符发送到服务器计算机系统。 此外，在允许客户端计算机系统尝试登录到网络之前，服务器计算机系统利用唯一标识符来确定是否允许客户端计算机系统尝试登录到网络。 在允许客户端计算机系统尝试登录到网络之前，客户端计算机系统被认证。

公开(公告)号：US06628663B1

公开(公告)日：2003-09-30

申请号：US09206014

申请日：1998-12-04

申请人： Daryl Carvis Cromer ,  Dhruv M. Desai ,  Brandon Jon Ellison ,  Howard Locker ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Dhruv M. Desai ,  Brandon Jon Ellison ,  Howard Locker ,  James Peter Ward

IPC分类号： H04L1266

CPC分类号： H04L29/06 ,  H04L67/00 ,  H04L69/08 ,  H04L69/329

摘要： A method and system are described for permitting a dumb device having no operating system to create and transmit a network packet utilizing a network. The dumb device is coupled to a client computer system utilizing the network. A network interface is established within the dumb device. In response to an event, the dumb device generates an internal output signal. The output signal is received within the dumb device by the network interface. In response to a receipt of the output signal, the network interface creates and transmits a network packet including an indication of the event to the client computer system, wherein a dumb device having no operating system creates and transmits a network packet.

摘要翻译： 描述了一种用于允许没有操作系统的哑设备利用网络来创建和发送网络分组的方法和系统。 该哑设备被耦合到利用网络的客户端计算机系统。 网络接口建立在哑设备内。 响应于事件，哑设备产生内部输出信号。 输出信号由网络接口​​在哑设备内接收。 响应于输出信号的接收，网络接口创建并发送包括事件指示的网络分组给客户端计算机系统，其中没有操作系统的哑设备创建并发送网络分组。

公开(公告)号：US06701349B1

公开(公告)日：2004-03-02

申请号：US09356190

申请日：1999-07-16

申请人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Jeffery Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Jeffery Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： G06F1300

CPC分类号： H04L63/10 ,  G06F13/385 ,  H04L63/126 ,  H04L67/322 ,  H04L69/329

摘要： A data processing system and method are disclosed for prohibiting an unauthorized user from modifying a priority level associated with a client computer system. The priority level is utilized by a client computer system during transmission of the client's data over a network. One of a plurality of priority levels is associated with the client computer system. The plurality of priority levels includes a higher priority level and a lower priority level. The client computer system associates the priority level with the data transmitted by the client computer system over the network. The data associated with the higher priority level is typically transmitted prior to data associated with the lower priority level. In response to an attempt to modify the associated priority level, the client determines whether the attempt is being made by an approved user. In response to a determination that the attempt is not being made by an approved user, the attempted modification of the priority level is prohibited. In another embodiment, a priority level may be associated with each class of data. When the client computer system transmits a packet, the client determines which class of data is included in the packet. The priority level associated with that class is then associated with the packet including that class of data. The client, then, transmits the packet which is associated with one of the priority levels.

摘要翻译： 公开了一种数据处理系统和方法，用于禁止未经授权的用户修改与客户端计算机系统相关联的优先级。 在通过网络传送客户端的数据时，客户端计算机系统利用优先级。 多个优先级中的一个与客户端计算机系统相关联。 多个优先级包括较高优先级和较低优先级。 客户端计算机系统将优先级与客户端计算机系统通过网络发送的数据相关联。 与较高优先级相关联的数据通常在与较低优先级相关联的数据之前传输。 响应于尝试修改相关联的优先级，客户端确定尝试是否由批准​​用户进行。 为了对被许可用户不进行尝试的确定作出回应，禁止尝试修改优先级。 在另一个实施例中，优先级可以与每类数据相关联。 当客户端计算机系统发送数据包时，客户端确定数据包中包含哪一类数据。 然后，与该类相关联的优先级与包括该类数据的分组相关联。 然后，客户端发送与优先级中的一个相关联的分组。

公开(公告)号：US06988196B2

公开(公告)日：2006-01-17

申请号：US09748654

申请日：2000-12-22

申请人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Howard Jeffrey Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Howard Jeffrey Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： H04L9/00

CPC分类号： G06F21/31

摘要： A computer system and method are disclosed for generating a certificate that can be validated against a trusted hardware subsystem within a computer system. A security subsystem is established within the computer system. A master key pair including a master public key and master private key are established. The master private key is stored in protected storage within the security subsystem such that the master private key is inaccessible outside of the security subsystem. Generation of a self-verifying certificate is requested. A user of the computer system is then prompted to enter an authentication code in response to the request for generation of the certificate. A certificate is generated utilizing the master key pair only in response to a correct entry of the authentication code. The certificate is used only internally within the computer system.

摘要翻译： 公开了一种计算机系统和方法，用于生成可以针对计算机系统内的可信硬件子系统进行验证的证书。 在计算机系统内建立安全子系统。 建立包括主公钥和主密钥的主密钥对。 主私钥存储在安全子系统内的受保护存储器中，使得主私钥在安全子系统之外是不可访问的。 要求生成自我验证证书。 然后响应于产生证书的请求，提示计算机系统的用户输入认证码。 只有在正确输入验证码时才使用主密钥对生成证书。 该证书仅在计算机系统内部使用。

公开(公告)号：US06959390B1

公开(公告)日：2005-10-25

申请号：US09262123

申请日：1999-03-03

申请人： David Carroll Challener ,  Daryl Carvis Cromer ,  Mark Charles Davis ,  Scott Thomas Elliott ,  Howard Jeffrey Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： David Carroll Challener ,  Daryl Carvis Cromer ,  Mark Charles Davis ,  Scott Thomas Elliott ,  Howard Jeffrey Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： G06F11/30 ,  H04L9/00 ,  H04L9/08 ,  H04L9/30

CPC分类号： H04L9/0894

摘要： A data processing system and method are disclosed for maintaining secure user private keys in a non-secure storage device. A master key pair is established for the system. The master key pair includes a master private key and a master public key. The master key pair is stored in a protected storage device. A unique user key pair is established for each user. The user key pair includes a user private key and a user public key. The user private key is encrypted utilizing the master public key. The encrypted user private key is stored in the non-secure storage device, wherein the encrypted user private key is secure while stored in the non-secure storage device.

摘要翻译： 公开了一种用于在非安全存储设备中维护安全用户私钥的数据处理系统和方法。 为系统建立主密钥对。 主密钥对包括主密钥和主公钥。 主密钥对存储在受保护的存储设备中。 为每个用户建立一个独特的用户密钥对。 用户密钥对包括用户私钥和用户公钥。 使用主公钥加密用户专用密钥。 加密的用户私钥存储在非安全存储设备中，其中加密的用户私钥在存储在非安全存储设备中时是安全的。

公开(公告)号：US06654886B1

公开(公告)日：2003-11-25

申请号：US09356189

申请日：1999-07-16

申请人： David Carroll Challener ,  Daryl Carvis Cromer ,  Dhruv Manmohandas Desai ,  Howard Jeffrey Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： David Carroll Challener ,  Daryl Carvis Cromer ,  Dhruv Manmohandas Desai ,  Howard Jeffrey Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： G06F1130

CPC分类号： H04L63/0853 ,  G06F21/31 ,  G06F2221/2129

摘要： A data processing system and method are disclosed for permitting only preregistered client computer hardware to access a service executing on a remote server computer system. A log-in token is established including a unique identifier which identifies a particular client computer hardware. The client computer hardware logs-on to the server computer system. Subsequent to the client computer hardware logging-on to the server computer system, the client computer hardware attempts to access the service. During the attempt, the client computer hardware transmits the log-in token to the server computer system. The server computer system utilizes the unique identifier included within the log-in token to determine if the client computer hardware is registered to access the service. In response to a determination that the client computer hardware is registered to access the service, the server computer system permits the client computer hardware to access the service. In response to a determination that the client computer hardware is not registered to access the service, the server computer system prohibits the client computer hardware from accessing the service.

摘要翻译： 公开了一种用于仅允许预注册的客户端计算机硬件访问在远程服务器计算机系统上执行的服务的数据处理系统和方法。 建立登录令牌，其包括标识特定客户端计算机硬件的唯一标识符。 客户端计算机硬件登录到服务器计算机系统。 在客户端计算机硬件登录到服务器计算机系统之后，客户端计算机硬件尝试访问该服务。 在尝试期间，客户端计算机硬件将登录令牌传输到服务器计算机系统。 服务器计算机系统利用包括在登录令牌内的唯一标识符来确定客户端计算机硬件是否被注册以访问该服务。 响应于确定客户端计算机硬件被注册以访问服务，服务器计算机系统允许客户端计算机硬件访问该服务。 响应于确定客户端计算机硬件未被注册以访问服务，服务器计算机系统禁止客户端计算机硬件访问服务。

公开(公告)号：US07155605B1

公开(公告)日：2006-12-26

申请号：US09281852

申请日：1999-03-31

申请人： Daryl Carvis Cromer ,  Howard Locker ,  Andy Lloyd Trotter ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Howard Locker ,  Andy Lloyd Trotter ,  James Peter Ward

IPC分类号： H04K9/00

CPC分类号： G06F21/6263 ,  Y10S707/99939

摘要： A data processing system and method are disclosed for maintaining a secure data block within the system. A block of data is established within the system. The block of data is associated with a particular user and a particular application. A hardware master key pair is established for the system. The hardware master key pair includes a master private key and a master public key. The hardware master key pair is associated with the system for which it was established so that the master private key is known to only that system. The block of data is encrypted utilizing the master public key. The master private key is required to decrypt the encrypted block of data. This data processing system is the only system capable of decrypting the encrypted block of data.

摘要翻译： 公开了一种用于在系统内维护安全数据块的数据处理系统和方法。 在系统内建立一个数据块。 数据块与特定用户和特定应用相关联。 为系统建立了硬件主密钥对。 硬件主密钥对包括主专用密钥和主公钥。 硬件主密钥对与其建立的系统相关联，以便只有该系统才能知道主密钥。 使用主公钥对数据块进行加密。 主密钥需要解密加密的数据块。 该数据处理系统是能够解密加密的数据块的唯一系统。

公开(公告)号：US06609207B1

公开(公告)日：2003-08-19

申请号：US09260921

申请日：1999-03-02

申请人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F1214

CPC分类号： G06F21/88 ,  G06F21/31

摘要： A data processing system and method including a docking station and a portable computer capable of being coupled to the docking station are disclosed for securing the docking station, the portable computer, and for securing the attachment of the docking station to the portable computer. The portable computer is coupled to the docking station. A disconnection password is established. When the portable computer is disconnected from the docking station, a user is prompted for the disconnection password. The portable computer is disabled in response to a failure to correctly enter the disconnection password, wherein the portable computer is inoperable without a correct entry of the disconnection password. When a portable computer is connected to the docking station, a correct entry of a connection password is required. In response to a failure to correctly enter the connection password, access to the docking station is prohibited. When the docking station is physically removed from its stationary support, correct entry of a relocation password is required. In response to a failure to correctly enter the password, access to the docking station is prohibited.

摘要翻译： 公开了一种数据处理系统和方法，其包括对接站和能够连接到对接站的便携式计算机，用于固定对接站，便携式计算机，以及用于将对接站的连接固定到便携式计算机。 便携式计算机耦合到对接站。 断开密码建立。 当便携式计算机与对接站断开连接时，提示用户断开连接密码。 响应于无法正确输入断开密码，便携式计算机被禁用，其中便携式计算机在不正确输入断开密码的情况下是不可操作的。 当便携式计算机连接到扩展坞时，需要正确输入连接密码。 响应于无法正确输入连接密码，禁止访问扩展坞。 当对接站从其固定支架物理上移除时，需要正确输入重新定位密码。 为了不正确输入密码，禁止访问扩展坞。

公开(公告)号：US06480972B1

公开(公告)日：2002-11-12

申请号：US09257547

申请日：1999-02-24

申请人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06K1100

CPC分类号： G06F11/079 ,  G06F11/0748 ,  G06F11/2294

摘要： A data processing system and method are described for permitting a server computer system to perform remote diagnostics on a malfunctioning client computer system coupled to the server computer system utilizing a network. The server computer system transmits a diagnostic command to the malfunctioning client computer system utilizing the network. A network adapter operating as a bus controller for an internal bus within the malfunctioning client computer system executes the diagnostic command. The network adapter transmits a result of the execution of the diagnostic command to the server computer system. In this manner, the diagnostic command is executed within a malfunctioning client computer system by a remote, server computer system.

摘要翻译： 描述了一种数据处理系统和方法，用于允许服务器计算机系统对利用网络耦合到服务器计算机系统的故障客户端计算机系统执行远程诊断。 服务器计算机系统利用网络向故障的客户端计算机系统发送诊断命令。 作为故障客户端计算机系统内部总线的总线控制器的网络适配器执行诊断命令。 网络适​​配器将诊断命令的执行结果发送到服务器计算机系统。 以这种方式，通过远程服务器计算机系统在故障的客户端计算机系统内执行诊断命令。