公开(公告)号：US07587765B2

公开(公告)日：2009-09-08

申请号：US10827165

申请日：2004-04-16

Applicant: David Carroll Challener ,  Richard W. Cheston ,  Daryl Carvis Cromer ,  Mark Charles Davis ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Richard W. Cheston ,  Daryl Carvis Cromer ,  Mark Charles Davis ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F11/00

CPC classification number: G06F8/65 ,  G06F21/568

Abstract: A client computer is connected via a network to an anti-virus server. A signal from the anti-virus server notifies the client computer that an anti-virus needs to be immediately downloaded from the anti-virus server. The client computer disengages from the network, and re-establishes a link with only the trusted anti-virus server. The anti-virus fix is installed, the client computer re-booted, and the client computer is then allowed to reconnect to the full network. If the client's primary operating system (OS) is infected, a secondary OS in the client computer performs the anti-virus download and execution. The disengagement from the network is performed by applying a filter in a network interface card (NIC) driver by the primary OS, the secondary OS, a service processor (SP), or by a virtual machine manager (VMM), depending on which is available at the client computer.

Abstract translation: 客户端计算机通过网络连接到防病毒服务器。 来自防病毒服务器的信号通知客户端计算机需要立即从防病毒服务器下载防病毒。 客户端计算机与网络脱离联系，并重新建立与唯一可信任的防病毒服务器的链接。 安装了防病毒修复程序，客户端计算机重新启动，然后允许客户端计算机重新连接到完整的网络。 如果客户端的主操作系统（OS）被感染，客户端计算机中的辅助操作系统将执行防病毒下载和执行。 通过由主OS，辅助OS，服务处理器（SP）或虚拟机管理器（VMM）在网络接口卡（NIC）驱动器中应用过滤器来执行从网络的脱离，这取决于哪个是 在客户端计算机上可用。

公开(公告)号：US20090204822A1

公开(公告)日：2009-08-13

申请号：US12426519

申请日：2009-04-20

Applicant: Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F9/24 ,  G06F9/30 ,  G06F9/22

CPC classification number: G06F21/572 ,  G06F21/575

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract translation: 一种用于减少基于TCPA的计算系统的启动时间的方法，计算机程序产品和系统。 基于TCPA的计算系统中的闪速存储器可以包括寄存器，其包括被配置为指示闪速存储器的段是否已被更新的位。 闪存可以进一步包括被配置为存储闪存的片段的测量的表。 闪速存储器还可以包括引导块代码，其包括用于测量的信任核心根（CRTM）。 CRTM可以读取寄存器中的位，以确定闪存中的任何段是否已更新。 CRTM可以进一步获得存储POST BIOS代码的那些片段的表中的测量值，从而节省了测量POST BIOS代码的时间，从而减少了引导时间。

公开(公告)号：US20090178033A1

公开(公告)日：2009-07-09

申请号：US11970038

申请日：2008-01-07

Applicant: David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod David Waltermann

Inventor： David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod David Waltermann

IPC: G06F9/445 ,  G06F21/00

CPC classification number: G06F9/45537 ,  G06F9/4411

Abstract: A system, method, and program product is provided that has a virtualized environment provided by a hypervisor. In the virtualized environment, one or more guest operating systems operate simultaneously with a privileged operating system. One of the guest operating systems identifies a device software update, such as a device driver or firmware update, corresponding to a hardware device that is attached to the computer system. The hypervisor is used to notify the privileged operating system of the device software update. When the privileged operating system is notified of the update, the privileged operating system uses one or more techniques to deny the guest operating systems access to the device. The privileged operating system then updates the device software update. After the device software update has been applied, the privileged operating system resumes access between the guest operating systems and the hardware device.

Abstract translation: 提供了具有由管理程序提供的虚拟化环境的系统，方法和程序产品。 在虚拟化环境中，一个或多个客户机操作系统与特权操作系统同时操作。 其中一个客户操作系统识别对应于连接到计算机系统的硬件设备的设备软件更新，例如设备驱动程序或固件更新。 管理程序用于通知特权操作系统的设备软件更新。 当特权操作系统被通知更新时，特权操作系统使用一种或多种技术来拒绝来宾操作系统对设备的访问。 特权操作系统然后更新设备软件更新。 在应用设备软件更新之后，特权操作系统在客户操作系统和硬件设备之间恢复访问。

公开(公告)号：US07464406B2

公开(公告)日：2008-12-09

申请号：US10830378

申请日：2004-04-22

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F7/04 ,  H04L9/00

CPC classification number: G06F21/85 ,  G06F21/57 ,  G06F2221/2153

Abstract: A secure computer system includes a central processing unit in which plural programs reside. The system includes means for verifying whether the at least one program is trusted or not trusted. That means can be an external key device that includes a verification program that can communicate with the programs residing within the central processing unit.

Abstract translation: 安全的计算机系统包括多个程序所在的中央处理单元。 该系统包括用于验证至少一个程序是否被信任或不被信任的装置。 这意味着可以是外部密钥设备，其包括可以与驻留在中央处理单元内的程序进行通信的验证程序。

公开(公告)号：US20080263378A1

公开(公告)日：2008-10-23

申请号：US11788654

申请日：2007-04-19

Applicant: David Carroll Challener ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F1/26 ,  G06F7/04

CPC classification number: G06F21/80

Abstract: To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state.

Abstract translation: 要在计算机处于挂起状态时解锁HDD，在BIOS和HDD两者中，将密码与密码相结合以呈现新的一次性密码。 BIOS将其新的一次性密码发送到HDD，只有在找到匹配时才会自动解锁。 然后将新的一次性密码保存为“旧”密码，以便随后从后续挂起状态中与秘密组合。 以这种方式，如果计算机被盗，小偷不能在BIOS和HDD之间嗅探总线，以获得一旦计算机重新进入暂停状态就可以使用的密码。

公开(公告)号：US20080229301A1

公开(公告)日：2008-09-18

申请号：US11686832

申请日：2007-03-15

Applicant: Howard J. Locker ,  Richard Wayne Cheston ,  Daryl C. Cromer ,  Randall Scott Springfield ,  Hans Goran Ingemar Wibran

Inventor： Howard J. Locker ,  Richard Wayne Cheston ,  Daryl C. Cromer ,  Randall Scott Springfield ,  Hans Goran Ingemar Wibran

IPC: G06F9/44

CPC classification number: G06F8/60

Abstract: A computer system is disclosed that includes a primary processor and a service processor operable regardless of a power state of the computer system. A non-volatile memory device is communicatively coupled to the primary processor and the service processor. The non-volatile memory device stores firmware which includes a first list of patches required for installation on the computer system and a second list of patches previously installed on the computer system. A comparator module is provided to determine whether there are patches included in the first list that are not included in second list. A boot module is provided to boot a maintenance operating system in the event the first list includes patches not included in the second list. The maintenance operating system is configured to install, on the computer system, patches included in the first list but not the second list.

Abstract translation: 公开了一种包括主处理器和服务处理器的计算机系统，其可操作而不管计算机系统的功率状态如何。 非易失性存储器设备通信地耦合到主处理器和服务处理器。 非易失性存储器设备存储固件，其包括在计算机系统上安装所需的补丁的第一列表以及先前安装在计算机系统上的补丁的第二列表。 提供比较器模块以确定在第一列表中是否包括未包括在第二列表中的补丁。 提供引导模块以在第一列表包括不包括在第二列表中的补丁的情况下引导维护操作系统。 维护操作系统被配置为在计算机系统上安装包括在第一列表中而不是第二列表中的补丁。

公开(公告)号：US20080228619A1

公开(公告)日：2008-09-18

申请号：US11686854

申请日：2007-03-15

Applicant: Howard J. Locker ,  Richard Wayne Cheston ,  Daryl C. Cromer ,  Randall Scott Springfield ,  Michael Terrell Vanover

Inventor： Howard J. Locker ,  Richard Wayne Cheston ,  Daryl C. Cromer ,  Randall Scott Springfield ,  Michael Terrell Vanover

IPC: G06Q40/00

CPC classification number: G06Q30/08 ,  G06Q40/04

Abstract: An apparatus, system, and method are disclosed for allocating service requests. A category module categorizes a service request for an information technology support service with a service category. The service request comprises a service requirement. An I/O module communicates the service request to a plurality of providers that are certified to provide the service category and receives bids from the providers. A selection module selects a bid according to a selection policy. A history module may store a history of bid prices and response times.

Abstract translation: 公开了一种用于分配服务请求的装置，系统和方法。 类别模块将具有服务类别的信息技术支持服务的服务请求分类。 服务请求包括服务要求。 I / O模块将服务请求传达给被认证为提供服务类别并从提供商接收投标的多个提供商。 选择模块根据选择策略选择出价。 历史模块可以存储出价价格和响应时间的历史。

公开(公告)号：US07421588B2

公开(公告)日：2008-09-02

申请号：US10749057

申请日：2003-12-30

Applicant: David Carroll Challener ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F12/14

CPC classification number: G06F21/575 ,  G06F21/62 ,  G06F2221/2107

Abstract: An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.

Abstract translation: 描述了将数据存储库密封到可信计算平台的装置，方法和系统。 可以通过加密存储库中的数据并将密码密封到特定的一组平台资源来密封数据存储库。 将数据存储库密封到平台，如果系统配置受到威胁，例如插入“snoopware”或修改的BIOS，则系统引导顺序将失败。 另外，如果包含数据存储库的计算机丢失或被盗，加密数据将保持安全，即使存储库附加到修改为绕过正常保护措施的系统。

公开(公告)号：US20080155075A1

公开(公告)日：2008-06-26

申请号：US11955886

申请日：2007-12-13

Applicant: Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F9/4416 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4408 ,  G06F15/177 ,  H04L29/12235 ,  H04L67/34 ,  H04N21/443

Abstract: Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.

Abstract translation: 可以考虑通过用于具有LAN唤醒（WOL）功能的计算机的WOL分组来远程选择可启动图像的系统和布置。 服务器端实施例包括用于确定要管理的客户机的硬件和/或软件，确定客户端是否在网络上是活动的，以及发送具有向量的WOL分组或操作系统分区标识（OSPID）来描述可引导的 WOL功能的计算机可访问的图像。 一些实施例可以包括指向安全可启动图像的OSPID，例如硬盘驱动器上的可引导映像，连接到计算机的光盘（CD）或其他本地资源。 客户端实施例可以在例如网络接口卡（NIC）处接收WOL分组，识别WOL分组包括描述可启动图像引导的OSPID，并且实现替代引导顺序以从该可启动图像引导 。

公开(公告)号：US20080140946A1

公开(公告)日：2008-06-12

申请号：US11609221

申请日：2006-12-11

Applicant: Mark Charles Davis ,  Joseph Wayne Freeman ,  Steven D. Goodman ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： Mark Charles Davis ,  Joseph Wayne Freeman ,  Steven D. Goodman ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F12/00

CPC classification number: G06F12/145

Abstract: An apparatus, system, and method are disclosed for protecting hard disk data in multiple operating system environments. The present invention restricts access of a hard file to a range of logical addresses using a controller module configured to access a hard file in response to a request for a logical address, a set zero module configured to add an offset value to each request for a logical address on a hard file, and a set max module configured to set a maximum logical address accessible on a hard file. The invention limits access to a lower protected area with logical addresses below the range of logical address and a host protected area with logical address above the range of logical addresses.

Abstract translation: 公开了用于在多个操作系统环境中保护硬盘数据的装置，系统和方法。 本发明使用配置成响应于对逻辑地址的请求来访问硬文件的控制器模块来限制硬文件到一系列逻辑地址的访问，设置零模块被配置为向每个请求添加偏移值 硬文件上的逻辑地址，以及配置为设置硬文件可访问的最大逻辑地址的set max模块。 本发明限制对逻辑地址低于逻辑地址范围的较低保护区的访问以及逻辑地址高于逻辑地址范围的主机保护区。