公开(公告)号：US07366887B2

公开(公告)日：2008-04-29

申请号：US11179127

申请日：2005-07-11

Applicant: Rod David Waltermann ,  Nathan J. Peterson ,  Joseph Wayne Freeman ,  Randall Scott Springfield ,  Mark Charles Davis ,  Steven Dale Goodman ,  Isaac Karpel ,  Scott Edwards Kelso

Inventor： Rod David Waltermann ,  Nathan J. Peterson ,  Joseph Wayne Freeman ,  Randall Scott Springfield ,  Mark Charles Davis ,  Steven Dale Goodman ,  Isaac Karpel ,  Scott Edwards Kelso

IPC: G06F7/00

CPC classification number: G06F9/4406

Abstract: A method for booting into computer memory a non-operating system (O.S.) program from a hard disk drive (HDD) prior to booting into memory an O.S. from the HDD. The method includes establishing a table of contents (TOC) on the HDD that contains entries for special O.S. programs. A pointer to the TOC is placed in non-volatile memory of the computer that is associated with the HDD, and when BIOS of the computer is prompted to load into memory one of the special O.S. programs, the pointer is accessed and used to locate the TOC, which in turn is accessed to load the special O.S. program.

Abstract translation: 一种在引导到存储器之前从硬盘驱动器（HDD）引导到计算机存储器的非操作系统（O.S.）程序的方法。 从硬盘。 该方法包括在HDD上建立内容表（TOC），其中包含特殊O.S.的条目。 程式。 指向TOC的指针被放置在与HDD相关联的计算机的非易失性存储器中，并且当计算机的BIOS被提示加载到存储器中时，特别的O.S. 程序中，指针被访问并用于定位TOC，而后者又被访问以加载特殊的O.S. 程序。

公开(公告)号：US07185229B2

公开(公告)日：2007-02-27

申请号：US10727865

申请日：2003-12-04

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F11/00

CPC classification number: G06F11/2294

Abstract: A method and system is described for remotely managing a battery powered client computer. A data packet, which includes a set of instructions, is sent to the client computer from a managing computer. Included in the data packet is a field indicating how much computing time is needed to execute the set of instructions. If the client computer is operating on battery power, the client computer determines if there is enough battery life remaining to execute the set of instructions. If not, then the set of instructions are disregarded.

Abstract translation: 描述了用于远程管理电池供电的客户端计算机的方法和系统。 包括一组指令的数据包从管理计算机发送到客户端计算机。 包含在数据包中的是指示执行该组指令需要多少计算时间的字段。 如果客户端计算机正在使用电池供电，则客户端计算机确定是否有足够的电池寿命来执行该组指令。 如果没有，则忽略该组指令。

公开(公告)号：US07076538B2

公开(公告)日：2006-07-11

申请号：US09759953

申请日：2001-01-12

Applicant: Daryl Carvis Cromer ,  Richard Alan Dayan ,  Eric Richard Kern ,  Randall Scott Springfield ,  Joseph Wayne Freeman ,  Robert Duane Johnson ,  Brandon Jon Ellison

Inventor： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Eric Richard Kern ,  Randall Scott Springfield ,  Joseph Wayne Freeman ,  Robert Duane Johnson ,  Brandon Jon Ellison

IPC: G06F15/16

CPC classification number: H04L63/0407 ,  G06F21/6245 ,  H04L29/12009 ,  H04L29/12594 ,  H04L61/301 ,  H04L61/309 ,  H04L63/0876

Abstract: A method and system are disclosed for substituting an anonymous Universal Unique Identifier (UUID) for a computer system's real UUID in order to disguise an identity of the computer system to an application which is requesting a UUID for the client computer system. A storage device is established in the computer system. The storage device includes a primary and a second location. A UUID stored in the primary location is used as a UUID for the computer system. An anonymous UUID is generated. The anonymous UUID does not identify any particular computer system. The anonymous UUID is stored in the primary location within the storage device, and the real UUID is backed up by moving it into the secondary location. Thereafter, the anonymous UUID is provided in response to requests for the computer system's UUID.

公开(公告)号：US06925557B2

公开(公告)日：2005-08-02

申请号：US10055452

申请日：2001-10-26

Applicant: Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC: G06F9/445 ,  G06F15/177 ,  G06F21/57 ,  G06F13/00

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F15/177

Abstract: A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

Abstract translation: 公开了一种包含用于启动具有多个设备的计算机系统的编程指令的方法，系统和计算机可读介质。 它们包括在计算机系统中启动引导顺序并确定多个设备中的设备是可引导设备还是不可引导设备的规定。 如果设备是不可引导设备，则执行启动顺序的干净重新启动，其中在干净重新启动期间将绕过不可引导设备。

公开(公告)号：US06892305B1

公开(公告)日：2005-05-10

申请号：US09689460

申请日：2000-10-12

Applicant: Richard Alan Dayan ,  Steven Dale Goodman ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  James Peter Ward ,  Joseph Wayne Freeman

Inventor： Richard Alan Dayan ,  Steven Dale Goodman ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  James Peter Ward ,  Joseph Wayne Freeman

IPC: G06F9/00 ,  G06F12/14 ,  G06F21/00 ,  H04L9/32

CPC classification number: G06F21/575

Abstract: A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised. It is also an object of the present invention to preclude the system from compromising any keys and associated secrets if a security feature element in the system was not previously present in the system.

Abstract translation: 公开了一种以安全方式引导计算机系统的方法和系统。 该方法和系统包括在计算机系统的初始化期间确定安全特征元素的存在，其中安全特征元素包括公共密钥和相应的私钥，将公钥的一部分存储在计算机系统内的非易失性存储器中 如果存在安全特征元素并且利用算法来确定在计算机系统的后续引导之前的安全特征元素的存在。 通过使用本发明，计算机系统能够被启动，由此计算机系统确定安全特征元素是否先前存在于系统中。 如果安全特征元素以前存在于计算机系统中，则防止任何存储的密钥以及它们保护的秘密被泄露。 如果系统中的安全特征元素先前不存在于系统中，则本发明的另一个目的是排除系统损害任何密钥和相关联的秘密。

公开(公告)号：US06823464B2

公开(公告)日：2004-11-23

申请号：US09793239

申请日：2001-02-26

Applicant: Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield ,  James Peter Ward

Inventor： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F124

CPC classification number: G06F21/305 ,  G06F21/57

Abstract: Authentication of an entity remotely managing a data processing system is enabled to allow changes by the remote entity to hard-locked critical security information normally accessible only during the POST and only to trusted entities such as the system BIOS. The remote entity builds a change request and generates a hash from the change request with a current password appended. The change request and the hash are stored in a lockable non-volatile buffer which, once locked, requires a system reset to access. During the next POST, a trusted entity such as the system BIOS reads the change request, generates an authentication hash from the change request and the current password within the hard-locked security information, and compares the buffered hash with the generated hash. If a match is determined, the security information is updated; otherwise a tamper error is reported.

Abstract translation: 允许远程管理数据处理系统的实体的认证允许远程实体更改硬锁定通常只能在POST期间可访问的关键安全性信息，并且只允许受信任的实体（如系统BIOS）。 远程实体构建更改请求，并从附加当前密码的更改请求生成哈希值。 更改请求和哈希存储在可锁定的非易失性缓冲区中，该缓冲区一旦被锁定就需要系统重置才能访问。 在下一个POST期间，诸如系统BIOS的受信任的实体读取更改请求，从改变请求中生成认证散列，并在硬锁定的安全信息内生成当前密码，并将缓冲的散列与生成的散列进行比较。 如果确定匹配，则更新安全信息; 否则报告篡改错误。

公开(公告)号：US06782349B2

公开(公告)日：2004-08-24

申请号：US10063608

申请日：2002-05-03

Applicant: David Carroll Challener ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Hernando Ovies ,  Randall Scott Springfield ,  James Peter Ward

Inventor： David Carroll Challener ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Hernando Ovies ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F1900

CPC classification number: G06F21/6218 ,  G06F21/575

Abstract: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.

Abstract translation: 公开了一种用于更新个人计算机中的信任测度（RTM）功能根的方法和系统。 RTM功能位于个人计算机的引导块中。 该方法和系统包括：初始化更新RTM功能的请求，并基于认证过程来解锁引导块。 该方法和系统还包括更新RTM功能。 通过使用根据本发明的方法和系统，个人计算机中的RTM功能以确保更新是真实的方式被更新。

公开(公告)号：US06532497B1

公开(公告)日：2003-03-11

申请号：US09060280

申请日：1998-04-14

Applicant: Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric R. Kern ,  Gregory William Kilmer ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

Inventor： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric R. Kern ,  Gregory William Kilmer ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F1516

CPC classification number: H04L43/0817

Abstract: An intelligent network interface monitors activity states of a client and reports them to a network manager using a single network connection. The network interface monitors interrupts occurring on the client, derives activity states from the interrupts, and logs the activity states on the network interface. An activity state specifies whether the client is in a hung state, but may also specify whether the client is off, sleeping, inactive, or active. The network interface may periodically report the activity states to the network manager or report upon receiving a command. The network interface is preferably powered full time using a trickle power supply and therefore operates even when the remainder of the client is off. By including a processor or specialized logic on the network interface, the interface operates independently of the client operating system and therefore monitors and reports even when the client malfunctions.

Abstract translation: 智能网络接口监视客户端的活动状态，并使用单个网络连接将其报告给网络管理员。 网络接口监视客户端发生的中断，从中断导出活动状态，并记录网络接口上的活动状态。 活动状态指定客户端是否处于挂起状态，但也可以指定客户端是否处于关闭，睡眠，不活动或活动状态。 网络接口可以在接收到命令时定期向网络管理器报告活动状态或报告。 网络接口优选地使用涓流电源全时供电，因此即使当客户端的其余部分关闭时也是这样。 通过在网络接口上包含处理器或专用逻辑，接口独立于客户端操作系统运行，因此即使客户端发生故障也能监视和报告。

公开(公告)号：US06415324B1

公开(公告)日：2002-07-02

申请号：US09253416

申请日：1999-02-19

Applicant: Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Robert Duane Johnson ,  Eric Richard Kern ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Robert Duane Johnson ,  Eric Richard Kern ,  Randall Scott Springfield

IPC: G06F1314

CPC classification number: H04L67/42

Abstract: A data processing system and method including a server computer system and a client computer system coupled together utilizing a network are described for permitting the client computer system to temporarily prohibit remote management of the client computer system. The client computer system sets a remote override condition in the client computer system for temporarily prohibiting remote management of the client. The client temporarily prohibits all attempts to manage the client remotely utilizing the network when the remote override condition is set.

Abstract translation: 描述了包括使用网络耦合在一起的服务器计算机系统和客户计算机系统的数据处理系统和方法，以允许客户端计算机系统临时禁止客户端计算机系统的远程管理。 客户端计算机系统在客户端计算机系统中设置远程重写条件，用于临时禁止客户端的远程管理。 当设置远程重写条件时，客户端暂时禁止所有尝试使用网络远程管理客户端。

公开(公告)号：US06334147B1

公开(公告)日：2001-12-25

申请号：US09201572

申请日：1998-11-30

Applicant: Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Randall Scott Springfield ,  Howard J. Locker

Inventor： Daryl Carvis Cromer ,  Brandon Jon Ellison ,  Eric Richard Kern ,  Randall Scott Springfield ,  Howard J. Locker

IPC: G06F1516

CPC classification number: H04L41/00 ,  G06F21/305 ,  H04L12/12 ,  H04L29/12783 ,  H04L61/35 ,  H04L63/10 ,  Y02D50/40

Abstract: A data processing system and method are described for remotely accessing a client computer system's individual initialization settings. The client computer system is coupled to a server computer system to form a local area network. The server computer system transmits a command to the client computer system to access a selected one of the client computer system's initialization settings. In response to a receipt of this command by the client computer system, the client computer system accesses only selected ones of the initialization settings. The client computer system may be powered off while the initialization setting is accessed.

Abstract translation: 描述了用于远程访问客户端计算机系统的各个初始化设置的数据处理系统和方法。 客户端计算机系统耦合到服务器计算机系统以形成局域网。 服务器计算机系统向客户端计算机系统发送命令以访问所选择的客户端计算机系统的初始化设置。 响应于由客户端计算机系统接收到该命令，客户端计算机系统仅访问所选择的初始化设置。 当访问初始化设置时，可以关闭客户端计算机系统。