-
公开(公告)号:US20050278563A1
公开(公告)日:2005-12-15
申请号:US10865354
申请日:2004-06-09
申请人: David Durham , Travis Schluessler , Raj Yavatkar , Vincent Zimmer , Carey Smith
发明人: David Durham , Travis Schluessler , Raj Yavatkar , Vincent Zimmer , Carey Smith
IPC分类号: G06F11/00 , G06F11/273 , G06F21/00
CPC分类号: G06F21/57 , G06F11/2294 , G06F21/552
摘要: Method and Apparatuses for determining integrity of a platform and notifying a remote system. In one embodiment a verification agent accesses a portion of a memory on the platform at initialization of the platform to determine if the data has been compromised or corrupted. The verification agent causes the information to be transmitted to a remote system. The verification agent may be local to the platform for which integrity is determined, and transmit the information to a remote administrator. Alternatively, the agent may access the platform over a bus or private channel, or a network connection and indicate information regarding the verification process to an entity remote to the tested platform.
摘要翻译: 用于确定平台的完整性并通知远程系统的方法和装置。 在一个实施例中,验证代理在平台初始化时访问平台上的存储器的一部分,以确定数据是否已被破坏或损坏。 验证代理使得信息被发送到远程系统。 验证代理可以是确定完整性的平台本地,并将信息发送给远程管理员。 或者,代理可以通过总线或专用信道或网络连接来访问平台,并且向远程到被测平台的实体指示关于验证过程的信息。
-
182.发明申请公开(公告)号:US20050262571A1
公开(公告)日:2005-11-24
申请号:US10786284
申请日:2004-02-25
申请人: Vincent Zimmer , Willard Wiseman , Jing Li
发明人: Vincent Zimmer , Willard Wiseman , Jing Li
CPC分类号: G06F21/57
摘要: A system and method to support platform firmware as a trusted process. Measurement of a trusted portion of original firmware are measured by a core root of trust measurement (CRTM). The measurement is stored in a secure manner during pre-boot. During operating system (OS)-runtime, requests are made to access an unqualified current version of firmware corresponding to a secure execution mode. A portion of the current firmware analogous to the trusted portion is measured. The measurements of the trusted original portion and unqualified current portion are compared to verify they match. If they match, it indicates that the current portion and the trusted portion are one in the same. Thus, the current portion of firmware is trustworthy. Accordingly, the firmware may be executed as a trusted process. Embodiments employ locality to enforce the trusted process. The use of locality prevents unqualified users (i.e., software) from accessing data stored by trusted firmware.
摘要翻译: 将平台固件支持为可信过程的系统和方法。 原始固件的受信任部分的测量是通过信任测量(CRTM)的核心根来测量的。 在预引导期间,以安全的方式存储测量。 在操作系统(OS) - 运行时期间,请求访问对应于安全执行模式的不合格的当前版本的固件。 测量与可信部分类似的当前固件的一部分。 比较可信原始部分和不合格的当前部分的测量结果,以验证它们是否匹配。 如果它们匹配,则表示当前部分和可信部分是相同的。 因此,固件的当前部分是值得信赖的。 因此,固件可以作为可信过程来执行。 实施例采用本地来强制可信过程。 使用本地防止不合格用户(即,软件)访问由可信固件存储的数据。
-
183.发明申请公开(公告)号:US20050071677A1
公开(公告)日:2005-03-31
申请号:US10675381
申请日:2003-09-30
申请人: Rahul Khanna , Vincent Zimmer
发明人: Rahul Khanna , Vincent Zimmer
CPC分类号: G06F21/575 , H04L9/0838 , H04L9/0863 , H04L9/3226 , H04L9/3236 , H04L9/3271 , H04L63/0428 , H04L63/083 , H04L63/162 , H04L67/34 , H04L2209/127 , H04L2209/76 , H04L2463/062
摘要: A method for authenticating clients and boot server hosts to provide a secure network boot environment. Messages are exchanged between a client and a boot server or authentication server proxy for the boot server during pre-boot operations of the client to authentic the boot server and the client. In one embodiment, authentication is performed by comparing shared secrets stored on each of the client and the boot server or authentication proxy. The shared secret comprises authentication credentials that may be provisioned by an administrator, user, or by the client itself via a trusted platform module. Authentication provisioning schemes include an Extensible Authentication Protocol (EAP) exchange. In one embodiment, authentication is performed during the pre-boot via an authenticated Dynamic Host Configuration Protocol (DHCP) process. The scheme provides a faster and more simplified authentication mechanism, without requiring extensive set-up for IT administrators or significantly changing the login and OS boot user experience.
摘要翻译: 一种验证客户端和引导服务器主机以提供安全网络引导环境的方法。 在客户机的预引导操作期间,在客户机和引导服务器或引导服务器的认证服务器代理之间交换消息,以认证引导服务器和客户端。 在一个实施例中,通过比较存储在每个客户端和引导服务器或认证代理之间的共享秘密来执行认证。 共享秘密包括可由管理员,用户或由客户端本身通过可信平台模块来供应的认证凭证。 认证提供方案包括可扩展认证协议(EAP)交换。 在一个实施例中,通过经认证的动态主机配置协议(DHCP)过程在预引导期间执行认证。 该方案提供了一种更快速和更简化的身份验证机制,无需大量设置IT管理员或显着更改登录和操作系统启动用户体验。
-
公开(公告)号:US06633964B2
公开(公告)日:2003-10-14
申请号:US09823573
申请日:2001-03-30
申请人: Vincent Zimmer , Mallik Bulusu
发明人: Vincent Zimmer , Mallik Bulusu
IPC分类号: G06F1214
CPC分类号: G06F9/4403 , G06F12/1433
摘要: A method and system using a virtual lock for boot block flash are disclosed in which code from a boot block of a flash memory is executed. The boot block is hardware protected. One or more ancillary boot blocks in the flash memory are locked based on the executed code such that the ancillary boot blocks are virtually hardware locked. The ancillary boot blocks can be virtually hardware locked using a programmable technique.
摘要翻译: 公开了一种用于引导块闪存的虚拟锁的方法和系统,其中执行来自闪存的引导块的代码。 引导块由硬件保护。 闪存中的一个或多个辅助引导块基于执行的代码被锁定,使得辅助引导块被虚拟地硬件锁定。 辅助引导块可以使用可编程技术实际上硬件锁定。
-
185.发明授权公开(公告)号:US09900448B2
公开(公告)日:2018-02-20
申请号:US13976612
申请日:2011-12-06
申请人: Qi Wang , Jian Javen Wang , Yaohui Shang , Michael A. Rothman , Vincent Zimmer
发明人: Qi Wang , Jian Javen Wang , Yaohui Shang , Michael A. Rothman , Vincent Zimmer
CPC分类号: H04N1/00209 , B60R1/002 , B60R11/04 , B60R2300/802 , B60W30/18036 , B60W50/06 , B60W2420/42 , G06F13/24 , H04N1/00095 , H04N2101/00
摘要: A method and system for improving responsiveness of a vehicle computing platform includes enabling a camera feature during the pre-boot phase of a computing device and using a special-purpose operating mode of the computing device to initiate the streaming of camera image data to a display.
-
186.发明申请MEDIA PROTECTION POLICY ENFORCEMENT FOR MULTIPLE-OPERATING-SYSTEM ENVIRONMENTS 审中-公开多媒体系统环境的媒体保护政策执行公开(公告)号:US20150220737A1
公开(公告)日:2015-08-06
申请号:US14298312
申请日:2014-06-06
CPC分类号: G06F21/572 , G06F9/441 , G06F21/604 , G06F21/6281
摘要: Technologies for media protection policy enforcement include a computing device having multiple operating systems and a data storage device partitioned into a number of regions. During execution of each of the operating systems, a policy enforcement module may intercept media access requests and determine whether to allow the media access requests based on platform media access policies. The media access policies may allow requests based on the identity of the executing operating system, the region of the data storage device, or the requested storage operation. Prior to loading a selected operating system, a firmware policy enforcement module may determine a region of the disk storage device to protect from the selected operating system. The firmware policy enforcement module may configure the data storage device to prevent access to that region. The media access policies may be stored in one or more firmware variables. Other embodiments are described and claimed.
摘要翻译: 用于媒体保护策略实施的技术包括具有多个操作系统的计算设备和分割成多个区域的数据存储设备。 在执行每个操作系统期间,策略执行模块可以拦截媒体访问请求并且基于平台媒体访问策略来确定是否允许媒体访问请求。 媒体访问策略可以允许基于执行操作系统的身份,数据存储设备的区域或所请求的存储操作的请求。 在加载所选择的操作系统之前,固件策略执行模块可以确定磁盘存储设备的区域以保护所选择的操作系统。 固件策略执行模块可以配置数据存储设备以防止访问该区域。 媒体访问策略可以存储在一个或多个固件变量中。 描述和要求保护其他实施例。
-
187.发明申请公开(公告)号:US20140025941A1
公开(公告)日:2014-01-23
申请号:US13993540
申请日:2012-03-30
CPC分类号: G06F21/561 , G06F9/4401 , G06F11/1417 , G06F21/56 , G06F21/568 , G06F21/575
摘要: In one embodiment, a method includes initializing a portion of a computing system in a pre-boot environment using a basic input/output system (BIOS) stored in a non-volatile storage of the computing system, launching a boot manager to enable a launch of an operating system (OS) payload, and if the OS payload is not successfully launched, executing an OS payload portion and an antivirus stack stored in the non-volatile storage to restore an integrity of the mass storage. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,一种方法包括使用存储在计算系统的非易失性存储器中的基本输入/输出系统(BIOS)在预引导环境中初始化计算系统的一部分,启动引导管理器以使能启动 的操作系统(OS)有效载荷,并且如果OS有效载荷未成功启动,则执行存储在非易失性存储器中的OS有效载荷部分和防病毒栈以恢复大容量存储的完整性。 描述和要求保护其他实施例。
-
188.发明申请METHOD TO QUALIFY ACCESS TO A BLOCK STORAGE DEVICE VIA AUGMENTATION OF THE DEVICE'S CONTROLLER AND FIRMWARE FLOW 有权通过设备控制器和固件流程的接收来确定访问块存储设备的方法公开(公告)号:US20120198193A1
公开(公告)日:2012-08-02
申请号:US13403869
申请日:2012-02-23
申请人: Mark Doran , Vincent Zimmer , Michael A. Rothman
发明人: Mark Doran , Vincent Zimmer , Michael A. Rothman
IPC分类号: G06F12/14
CPC分类号: G06F3/0644 , G06F3/0623 , G06F3/0676
摘要: A method to qualify access to a block storage device via augmentation of the device's controller and firmware flow. The method employs one or more block exclusion vectors (BEVs) that include attributes specifying allowed access operations for corresponding block address ranges. Logic in accordance with the BEVs is programmed into the controller for the block storage device, such as a disk drive controller for a disk drive. In response to an access request, a block address range corresponding to the storage block(s) requested to be accessed is determined. Based on the BEV entries, a determination is made to whether the determined logical block address range is covered by a corresponding BEV entry. If so, the attributes of the BEV are used to determine whether the access operation is allowed.
摘要翻译: 一种通过增加设备的控制器和固件流来限制访问块存储设备的方法。 该方法采用一个或多个块排除向量(BEV),其包括指定相应块地址范围的允许访问操作的属性。 根据BEV的逻辑被编程到用于块存储设备的控制器中,例如用于磁盘驱动器的磁盘驱动器控制器。 响应于访问请求,确定与请求访问的存储块相对应的块地址范围。 基于BEV条目,确定所确定的逻辑块地址范围是否被相应的BEV条目覆盖。 如果是,则使用BEV的属性来确定是否允许访问操作。
-
189.发明申请Method for provisioning of credentials and software images in secure network environments 审中-公开在安全网络环境中提供凭据和软件映像的方法公开(公告)号:US20080082680A1
公开(公告)日:2008-04-03
申请号:US11540352
申请日:2006-09-29
IPC分类号: G06F15/16
CPC分类号: G06F9/4416 , G06F21/575 , H04L63/0428 , H04L63/12 , H04L67/34
摘要: A method of providing a secure download of a boot image to a remote boot environment of a computer system. In one embodiment of the invention, the remote boot environment and a boot image source engage in a boot image exchange through an authentication channel. In another embodiment, data related to the boot image exchange is tunneled in the authentication channel to protect the boot image exchange from security attacks.
摘要翻译: 提供引导映像到计算机系统的远程引导环境的安全下载的方法。 在本发明的一个实施例中,远程引导环境和引导映像源通过认证通道参与引导映像交换。 在另一个实施例中,与引导映像交换有关的数据在认证通道中被隧道传送,以保护启动映像交换免受安全攻击。
-
公开(公告)号:US20060148458A1
公开(公告)日:2006-07-06
申请号:US11028817
申请日:2005-01-04
申请人: Eshwari Komaria , Vincent Zimmer
发明人: Eshwari Komaria , Vincent Zimmer
IPC分类号: H04M3/42
CPC分类号: H04M3/42093 , H04M3/42102 , H04M3/42365 , H04M2242/14
摘要: According to some embodiments, a destination telephone identifier associated with a destination telephone is determined. For example, a caller might enter a telephone number of the destination telephone. A current local time associated with the destination telephone may then be determined. For example, a local time of day may be determined based on the current location of the destination telephone.
摘要翻译: 根据一些实施例,确定与目的地电话相关联的目的地电话标识符。 例如,呼叫者可能输入目的地电话的电话号码。 然后可以确定与目的地电话相关联的当前本地时间。 例如,可以基于目的地电话的当前位置来确定当地时间。
-
-
-
-
-
-
-
-
-
搜索结果
237 条记录 (耗时 0.028 秒)
