公开(公告)号：US07840796B2

公开(公告)日：2010-11-23

申请号：US12058696

申请日：2008-03-29

Applicant: Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

Inventor： Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F9/4406 ,  G06F11/1417 ,  G06F11/1441

Abstract: A system, computer program product and method for booting to a partition in a non-volatile storage unit without a local operator. In one embodiment, one or more bits in a BOOT register may be set by an operating system indicating if the BIOS should boot to the partition. The BIOS may then read the BOOT register to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition. In another embodiment, a network interface card may insert directive information received from a packet in a register within the network interface card. The BIOS may then read the register within the network interface card to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition.

Abstract translation: 用于在没有本地操作者的情况下引导到非易失性存储单元中的分区的系统，计算机程序产品和方法。 在一个实施例中，BOOT寄存器中的一个或多个位可以由操作系统设置，指示是否BIOS应该引导到分区。 然后，BIOS可以读取BOOT寄存器，以确定BIOS是否要引导到分区，以及BIOS是否要引导到分区时执行的任何活动。 在另一个实施例中，网络接口卡可以将从分组接收的指令信息插入网络接口卡内的寄存器中。 然后，BIOS可以读取网络接口卡内的寄存器，以确定BIOS是否要引导到分区，以及BIOS要启动到分区的任何活动。

公开(公告)号：US07412596B2

公开(公告)日：2008-08-12

申请号：US10967760

申请日：2004-10-16

Applicant: David Carroll Challener ,  Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Howard Jeffrey Locker ,  Randall Scott Springfield ,  James Peter Ward

Inventor： David Carroll Challener ,  Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Howard Jeffrey Locker ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F9/00 ,  G06F15/177

CPC classification number: G06F21/575

Abstract: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.

Abstract translation: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时，认证日志会追加到TPM刻度计数，并且日志被签名（具有安全签名）。 当设备从S4状态唤醒时，BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR，并将这些虚拟PCR引用到日志中。 如果值不匹配，则S4状态返回失败，设备重启。

公开(公告)号：US07249249B2

公开(公告)日：2007-07-24

申请号：US10064087

申请日：2002-06-10

Applicant: Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F2221/2105

Abstract: A system and method for access control of a hardfile responsive to a computer system having an operating system is disclosed. The method includes detecting a special boot condition during a pre-boot test of the computer system; and altering, in response to the special boot condition, an operating system access configuration of the hardfile. The system includes a computer system that adjusts an operating system access to a hardfile based upon various boot conditions.

Abstract translation: 公开了一种响应具有操作系统的计算机系统对硬盘进行访问控制的系统和方法。 该方法包括在计算机系统的预引导测试期间检测特殊启动条件; 并且响应于特殊引导条件改变硬文件的操作系统访问配置。 该系统包括一个计算机系统，该计算机系统根据各种引导条件调整对硬盘的操作系统访问。

公开(公告)号：US07200761B1

公开(公告)日：2007-04-03

申请号：US09711028

申请日：2000-11-09

Applicant: Joseph Wayne Freeman ,  Randall Scott Springfield ,  Steven Dale Goodman ,  Isaac Karpel

Inventor： Joseph Wayne Freeman ,  Randall Scott Springfield ,  Steven Dale Goodman ,  Isaac Karpel

IPC: G06F9/00 ,  G06F11/30 ,  G06F15/173 ,  G06F15/16 ,  H04L9/00

CPC classification number: G06F21/575 ,  G06F11/2284 ,  G06F21/79

Abstract: During power up initialization, security data such as passwords and other sensitive data which are stored in a lockable memory device are read and copied to protected system management interrupt (SMI) memory space, subject to verification by code running in the SMI memory space that the call to write the security data originates with a trusted entity. Once copied to SMI memory space, the security data is erased from regular system memory and the lockable storage device is hard locked (requiring a reset to unlock) against direct access prior to starting the operating system. The copy of the security data within the SMI memory space is invisible to the operating system. However, the operating system may initiate a call to code running in the SMI memory space to check a password entered by the user, with the SMI code returning a “match” or “no match” indication. The security data may thus be employed after the lockable memory device is hard locked and the operating system is started.

Abstract translation: 在上电初始化期间，存储在可锁定存储器设备中的安全数据（例如密码和其他敏感数据）被读取并复制到受保护的系统管理中断（SMI）存储器空间，经由在SMI存储器空间中运行的代码进行验证， 调用写入安全数据来源于受信任的实体。 一旦复制到SMI内存空间，安全数据将从常规系统内存中擦除，锁定的存储设备在启动操作系统之前就被硬锁定（需要重新启动）以防止直接访问。 SMI内存空间中的安全数据的副本对于操作系统是不可见的。 然而，操作系统可以启动对在SMI存储器空间中运行的代码的调用，以检查由用户输入的密码，SMI代码返回“匹配”或“不匹配”指示。 因此，在可锁定存储器件被硬锁定并且操作系统启动之后可以采用安全数据。

公开(公告)号：US06990515B2

公开(公告)日：2006-01-24

申请号：US10135010

申请日：2002-04-29

Applicant: Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC: G06F1/26 ,  G06F15/173

CPC classification number: G06F21/575 ,  H04L63/12

Abstract: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from an administration system in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. If the incoming packet matches the particular data sequence associated with the sleeping computer, the sleeping computer transmits a reply message to the administration system. Upon receiving the reply, the administration system modifies the reply message in a predetermined manner and transmits the modified reply to the sleeping computer. If the sleeping computer determines the reply message was modified in the predetermined manner, then a signal is issued to wake the sleeping computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awakened.

公开(公告)号：US06925570B2

公开(公告)日：2005-08-02

申请号：US09858058

申请日：2001-05-15

Applicant: Joseph Wayne Freeman ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Randall Scott Springfield

IPC: G06F12/14 ,  G06F9/445 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  G06F17/00

CPC classification number: G06F21/71 ,  G06F21/79

Abstract: A computer system processor incorporates a special S-latch which may only be set by secure signals. One state of the S-latch sets the processor into a secure mode where it only executes instructions and not commands from an In Circuit Emulator (ICE) unit. A second state of the S-latch sets the processor into a non-secure mode. A non-volatile random access memory (NVRAM) is written with secure data which can only be read by boot block code stored in a BIOS storage device. The boot block code is operable to read the secure data in the NVRAM and set the S-latch to an appropriate security state. If the boot block code cannot set the S-latch, then remaining boot up with BIOS data is stopped. On boot up the boot block code reads the NVRAM and sets the S-latch into the appropriate security state.

Abstract translation: 计算机系统处理器包括只能由安全信号设置的特殊S-锁存器。 S锁存器的一个状态将处理器设置为安全模式，其中它只执行指令而不是来自In Circuit Emulator（ICE）单元的命令。 S锁存器的第二状态将处理器设置为非安全模式。 用非易失性随机存取存储器（NVRAM）写入只能由存储在BIOS存储设备中的引导块代码读取的安全数据。 引导块代码可操作以读取NVRAM中的安全数据并将S锁存器设置为适当的安全状态。 如果引导块代码无法设置S锁存器，则停止使用BIOS数据进行剩余引导。 启动引导块代码读取NVRAM并将S锁存器设置为适当的安全状态。

公开(公告)号：US06687348B2

公开(公告)日：2004-02-03

申请号：US09991007

申请日：2001-11-16

Applicant: Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

IPC: H04M1100

CPC classification number: G06F1/3209 ,  H04L12/12 ,  H04M11/007 ,  H04M15/06 ,  Y02D50/40

Abstract: A method for remotely powering up a computer, includes: receiving a telephone call by a device coupled to a powered down computer; determining an originator's telephone number for the telephone call; determining if the originator's telephone number matches one of a plurality of authorized telephone numbers; and powering up the computer if the originator's telephone number matches one of the plurality of authorized telephone numbers. The method and system utilizes the well known “Caller-ID” technology to determine the originator's telephone number for a telephone call received by a modem coupled to the computer. If there is no match, the computer remains in a powered down state. In this manner, the system discriminates between the received telephone calls, and avoids powering up the computer when the received call is not for this purpose. This avoids wasting power.

Abstract translation: 用于远程为计算机供电的方法包括：通过耦合到掉电计算机的设备接收电话呼叫; 确定电话的发起人的电话号码; 确定发起者的电话号码是否匹配多个授权电话号码中的一个; 以及如果所述发起者的电话号码与所述多个授权电话号码中的一个匹配，则对所述计算机加电。 该方法和系统利用公知的“来电显示”技术来确定由耦合到该计算机的调制解调器接收的电话呼叫的发起者的电话号码。 如果没有匹配，计算机将保持关机状态。 以这种方式，系统识别接收的电话呼叫，并且当接收的呼叫不是为此目的而避免计算机上电。 这样可以避免浪费电力。

公开(公告)号：US06510528B1

公开(公告)日：2003-01-21

申请号：US09464462

申请日：1999-12-14

Applicant: Joseph Wayne Freeman ,  Isaac Karpel ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Isaac Karpel ,  Randall Scott Springfield

IPC: G06F1108

CPC classification number: G06F11/106

Abstract: A periodic system “wake-up” is implemented during S1, S2 or S3 states utilizing a hardware timer. A memory scrubbing routine is initiated that reads out all memory locations and writes back any memory locations that have single bit (correctable) Error Correction Code errors. This procedure minimizes the chances of a multiple bit error build up over time that may cause an unrecoverable error. The scrubbing routine is invoked whenever the system is brought out of S1, S2, or S3 state to insure that there are no single bit errors present when full system operation is resumed.

Abstract translation: 在使用硬件定时器的S1，S2或S3状态期间实现周期性系统“唤醒”。 启动内存清理例程，读取所有存储器位置并写入具有单个位（可校正）错误更正代码错误的任何存储器位置。 此过程可以最大程度地减少可能导致不可恢复错误的多个位错误累积的可能性。 每当系统从S1，S2或S3状态退出时，将调用擦除程序，以确保在完全系统操作恢复时不存在单个位错误。

公开(公告)号：US07962759B2

公开(公告)日：2011-06-14

申请号：US12426519

申请日：2009-04-20

Applicant: Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F11/30 ,  G06F9/24

CPC classification number: G06F21/572 ,  G06F21/575

Abstract: A computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract translation: 一种用于减少基于TCPA的计算系统的引导时间的计算机程序产品和系统。 基于TCPA的计算系统中的闪速存储器可以包括寄存器，其包括被配置为指示闪速存储器的段是否已被更新的位。 闪存可以进一步包括被配置为存储闪存的片段的测量的表。 闪速存储器还可以包括引导块代码，其包括用于测量的信任核心根（CRTM）。 CRTM可以读取寄存器中的位，以确定闪存中的任何段是否已更新。 CRTM可以进一步获得存储POST BIOS代码的那些片段的表中的测量值，从而节省了测量POST BIOS代码的时间，从而减少了引导时间。

公开(公告)号：US07757112B2

公开(公告)日：2010-07-13

申请号：US11394278

申请日：2006-03-29

Applicant: Philip Lee Childs ,  Mark Charles Davis ,  Steven Dale Goodman ,  Joseph Wayne Freeman ,  Randall Scott Springfield ,  Rod David Waltermann

Inventor： Philip Lee Childs ,  Mark Charles Davis ,  Steven Dale Goodman ,  Joseph Wayne Freeman ,  Randall Scott Springfield ,  Rod David Waltermann

IPC: G06F12/14

CPC classification number: G06F11/1417 ,  G06F11/1666 ,  G06F21/56 ,  G06F21/575

Abstract: In the event of a virally infected MBR on a hard disk drive that might prevent booting, a service MBR in a hidden protected area (HPA) can be used to boot a service O.S., and then the service MBR can be replaced with a previously backed-up MBR, also in the HPA, to mount any missing partitions.

Abstract translation: 如果硬盘驱动器上有病毒感染的MBR可能会阻止启动，则可以使用隐藏保护区域（HPA）中的服务MBR来引导服务操作系统，然后将服务MBR替换为先前支持的 -up MBR（也在HPA中）安装任何丢失的分区。