-
11.发明授权System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer 有权用于通过便携式计算机限制访问安全数据到与连接到基本计算机的便携式计算机设定的时间的系统和装置公开(公告)号:US07389536B2
公开(公告)日:2008-06-17
申请号:US09993135
申请日:2001-11-14
CPC分类号: G06F21/88 , G06F21/606 , G06F21/62 , G06F2221/2137
摘要: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.
摘要翻译: 只有当系统中的计时器正在运行时才能通过便携式计算系统访问安全数据。 定时器被重置,便携式系统通过电缆直接连接到基本系统,或通过电话网络间接连接。 在初始化过程中,便携式和基本系统交换诸如公共密码密钥的数据,这些密钥稍后用于确认便携式系统连接到相同的基本系统。 在一个实施例中,初始化过程还包括将从便携式系统发送的密码存储在基本系统内,随后在复位过程中需要该密码。
-
公开(公告)号:US07263608B2
公开(公告)日:2007-08-28
申请号:US10735388
申请日:2003-12-12
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
13.发明授权Data processing system and method for providing a networked printer's physical location 失效数据处理系统和方法,用于提供网络打印机的物理位置公开(公告)号:US06591297B1
公开(公告)日:2003-07-08
申请号:US09514797
申请日:2000-02-28
IPC分类号: G06F1300
CPC分类号: G06F3/1204 , G06F3/1229 , G06F3/1232 , G06F3/1285
摘要: A data processing system and method are described for providing a networked printer's physical location. The printer, a server computer system, and client computer systems are coupled together utilizing a network. The server computer system first transmits a command to the printer to disable the print function of the printer. Entry of a physical location of the printer is then permitted. The print function of the printer is reenabled by the server computer system only in response to an entry of the physical location of the printer into the printer.
摘要翻译: 描述了一种用于提供联网打印机的物理位置的数据处理系统和方法。 打印机,服务器计算机系统和客户端计算机系统利用网络耦合在一起。 服务器计算机系统首先向打印机发送命令以禁用打印机的打印功能。 然后允许输入打印机的物理位置。 打印机的打印功能仅由服务器计算机系统重新启用,以响应打印机的物理位置进入打印机。
-
14.发明授权Method for migrating a base chip key from one computer system to another 有权将基本芯片密钥从一台计算机系统迁移到另一台计算机系统的方法公开(公告)号:US06944300B2
公开(公告)日:2005-09-13
申请号:US09888176
申请日:2001-06-22
CPC分类号: G06F21/606 , G06F2221/2107 , H04L9/0825 , H04L9/0897 , H04L9/3263
摘要: A method for migrating a base chip key from a first computer system to a second computer system is disclosed. A first computer system includes a base chip key 1, and a second computer system includes a base chip key 2. Using a first certificate for the base chip key 1, a manufacturer of the second computer system generates a second certificate for the base chip key 1. Similarly, using a first certificate for the base chip key 2, a manufacturer of the first computer system generates a second certificate for the base chip key 2. A first data packet is then sent from the first computer system to the second computer system. The first data packet includes a first random number and all the data required to reproduce the base chip key 1 in the first computer system. The first data packet is also encrypted with the base chip key 1's public key. In return, a second data packet is sent from the second computer system to the first computer system, and the second data packet includes the first random number and a second random number, signed by the base chip key 2. The base chip key 1 is then erased from the first computer system. Finally, the base chip key 2 in the second computer system is replaced by the base chip key 1.
摘要翻译: 公开了一种用于将基本芯片密钥从第一计算机系统迁移到第二计算机系统的方法。 第一计算机系统包括基本芯片密钥1,第二计算机系统包括基本密钥密钥2。 使用基本芯片密钥1的第一证书,第二计算机系统的制造商生成用于基本密钥密钥1的第二证书。 类似地,对于基本芯片键2使用第一证书,第一计算机系统的制造商生成用于基本芯片键2的第二证书。 然后,第一数据分组从第一计算机系统发送到第二计算机系统。 第一数据分组包括第一随机数和在第一计算机系统中再现基本芯片密钥1所需的所有数据。 第一数据包也用基本密钥1的公开密钥加密。 作为回报,第二数据分组从第二计算机系统被发送到第一计算机系统,并且第二数据分组包括由基本芯片键2签名的第一随机数和第二随机数。 然后从第一计算机系统擦除基本密钥1。 最后,第二计算机系统中的基本芯片键2由基本芯片键1代替。
-
公开(公告)号:US08504810B2
公开(公告)日:2013-08-06
申请号:US11861577
申请日:2007-09-26
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/305
摘要: A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords.
摘要翻译: 公开了一种方法计算机可用介质和计算机系统电路,用于使用诸如蜂窝电话的远程命令装置从远程位置启动或“启动”计算机。 该方法和系统包括用于远程存储和传输安全密码的安全装置。
-
16.发明授权System and method for virtualized hypervisor to detect insertion of removable media 有权用于虚拟化管理程序的系统和方法,用于检测可移动介质的插入公开(公告)号:US07779454B2
公开(公告)日:2010-08-17
申请号:US11564832
申请日:2006-11-29
IPC分类号: G06F21/20
CPC分类号: H04L63/10 , G06F21/552 , G06F2221/2153
摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求,客户端包括客户端插入值, 安全网络与其安全的网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。
-
17.发明申请公开(公告)号:US20100205375A1
公开(公告)日:2010-08-12
申请号:US12368882
申请日:2009-02-10
申请人: David Carroll Challener , Richard Wayne Cheston , Howard Locker , Randall Scott Springfield , Rod D. Waltermann
发明人: David Carroll Challener , Richard Wayne Cheston , Howard Locker , Randall Scott Springfield , Rod D. Waltermann
IPC分类号: G06F12/08
CPC分类号: G06F12/0868 , G06F2212/263 , G06F2212/314 , H04L29/08846 , H04L67/1097 , H04L67/2842
摘要: A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.
摘要翻译: 公开了一种用于被管理客户端的前向缓存的方法,装置和系统。 存储模块将软件映像存储在后端服务器的存储设备上。 后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。 每个无盘数据处理装置与第一中间网络点直接通信。 存储模块在第一中间网络点高速缓存软件映像的图像实例。 跟踪模块检测对存储设备上的软件映像的更新。 存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。
-
公开(公告)号:US20100122250A1
公开(公告)日:2010-05-13
申请号:US12269668
申请日:2008-11-12
IPC分类号: G06F9/445 , G06F9/455 , G06F9/46 , G06F15/177
CPC分类号: G06F21/53 , G06F8/61 , G06F9/4401 , G06F9/45558 , G06F9/468 , G06F21/575 , G06F2009/45562 , G06F2009/45587
摘要: An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer
摘要翻译: 公开了用于授予管理程序特权的装置,系统和方法。 安装模块安装监视器管理程序,其中只有监视器管理程序被计算机授予管理程序的权限。 认证模块认证第二管理程序。 如果第二个管理程序被认证,驱逐模块将使监视器管理程序移走。 在监视器管理程序被驱逐之后,安装模块进一步安装第二管理程序,使得只有第二管理程序被计算机授予管理程序特权
-
19.发明申请System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory 有权安全清除计算机系统内存中保密数据的系统和方法公开(公告)号:US20090222915A1
公开(公告)日:2009-09-03
申请号:US12040953
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/00
摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。
-
20.发明申请System and Method for Secure Usage of Peripheral Devices Using Shared Secrets 有权使用共享密码安全使用外围设备的系统和方法公开(公告)号:US20090119785A1
公开(公告)日:2009-05-07
申请号:US11934829
申请日:2007-11-05
申请人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/04
CPC分类号: G06F21/31 , G06F21/78 , G06F21/82 , G06F2221/2129
摘要: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.
摘要翻译: 提供了一种系统,方法和程序产品,其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后,外围设备被锁定。 在外围设备被锁定之后,接收到解锁请求并将共享密钥发送到外围设备。 然后,外围设备尝试验证共享密钥。 如果共享密钥被成功验证,则外围设备被解锁,允许使用由验证的共享秘密提供的加密密钥来使用该设备。 另一方面,如果未验证共享密钥,则外围设备保持锁定,并且防止了设备的使用。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.037 秒)
