公开(公告)号：US08433924B2

公开(公告)日：2013-04-30

申请号：US11612367

申请日：2006-12-18

Applicant: David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F2221/2153

Abstract: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.

Abstract translation: 公开了用于认证信任度量链核心根的装置，系统和方法。 用于认证CRTM链的装置设置有多个模块，其被配置为执行从所选择的用于认证的设备上的预定位置检索解密密钥的步骤，使用解密密钥解密认证信号，以及传送解密密钥 认证信号给用户。 在所描述的实施例中，这些模块包括检索模块，解密模块和通信模块。 有利的是，这样的装置，系统和方法可以可靠地验证CRTM链中的链路没有被破坏，修改或感染计算机病毒。 具体来说，这样的装置，系统和方法将能够验证管理程序没有被计算机病毒破坏，修改或感染。

公开(公告)号：US20130031619A1

公开(公告)日：2013-01-31

申请号：US13189869

申请日：2011-07-25

Applicant: Rod D. Waltermann ,  David Rivera

Inventor： Rod D. Waltermann ,  David Rivera

IPC: H04L9/32

CPC classification number: H04L9/3226 ,  G06F21/305 ,  G06F2221/2137 ,  H04L63/083 ,  H04L2209/80 ,  H04M1/673 ,  H04W12/06

Abstract: Devices, methods and products are described that provide for remote authentication of mobile information handling devices. One aspect provides a method comprising configuring an information handling device operating through a mobile operating system to allow communication with least one remote authentication architecture; denying access to a information handling device of the information handling device responsive to a device lock event; and granting access to the display device responsive to an unlock event comprising entry of logon credentials authenticated at the at least one remote authentication architecture. Other embodiments and aspects are also described herein.

Abstract translation: 描述了提供移动信息处理设备的远程认证的设备，方法和产品。 一方面提供了一种方法，包括配置通过移动操作系统操作的信息处理设备，以允许与至少一个远程认证体系结构通信; 响应于设备锁定事件拒绝对信息处理设备的信息处理设备的访问; 以及响应于解锁事件授予对所述显示设备的访问，所述解锁事件包括在所述至少一个远程认证架构上认证的登录凭证的输入。 本文还描述了其它实施例和方面。

公开(公告)号：US20130031484A1

公开(公告)日：2013-01-31

申请号：US13189788

申请日：2011-07-25

Applicant: Karen R. Kluttz ,  James A. Hunt ,  David Rivera ,  Rod D. Waltermann

Inventor： Karen R. Kluttz ,  James A. Hunt ,  David Rivera ,  Rod D. Waltermann

IPC: G06F3/048

CPC classification number: G06F3/0481 ,  G06F17/30126

Abstract: Devices, methods and products are described that provide file transfer applications. One aspect provides a method including opening a file transfer application on an information handling device having an internal storage device; providing a source display area indicating a source storage device; providing a destination display area indicating a destination storage device; responsive to movement of one or more file icons a predetermined threshold amount beyond a boundary separating said source display area and said destination display area, change one or more indications to indicate to a user a destination storage device to which one or more files is to be transferred, said changing further comprising modifying screen brightness of the source display area; and responsive to movement of said one or more file icons a predetermined threshold amount beyond said boundary, transferring said one or more files to said destination storage device. Other embodiments are described.

Abstract translation: 描述了提供文件传输应用的设备，方法和产品。 一方面提供一种方法，包括在具有内部存储装置的信息处理装置上打开文件传送应用程序; 提供指示源存储装置的源显示区域; 提供指示目的地存储装置的目的地显示区域; 响应于一个或多个文件图标的移动超过分隔所述源显示区域和所述目的地显示区域的边界的预定阈值量，改变一个或多个指示以向用户指示将要存在一个或多个文件的目的地存储设备 所述改变进一步包括改变所述源显示区域的屏幕亮度; 并且响应于所述一个或多个文件图标的移动超过所述边界的预定阈值量，将所述一个或多个文件传送到所述目的地存储设备。 描述其他实施例。

公开(公告)号：US08205197B2

公开(公告)日：2012-06-19

申请号：US12269668

申请日：2008-11-12

Applicant: David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F9/455 ,  G06F9/46

CPC classification number: G06F21/53 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer.

Abstract translation: 公开了用于授予管理程序特权的装置，系统和方法。 安装模块安装监视器管理程序，其中只有监视器管理程序被计算机授予管理程序的权限。 认证模块认证第二管理程序。 如果第二个管理程序被认证，驱逐模块将使监视器管理程序移走。 在监视器管理程序被驱逐之后，安装模块进一步安装第二管理程序，以便计算机只能向管理程序授予管理程序权限。

公开(公告)号：US08131986B2

公开(公告)日：2012-03-06

申请号：US11529900

申请日：2006-09-29

Applicant: Mark C. Davis ,  Scott E. Kelso ,  Ling Ma ,  Nathan J. Peterson ,  Rod D. Waltermann

Inventor： Mark C. Davis ,  Scott E. Kelso ,  Ling Ma ,  Nathan J. Peterson ,  Rod D. Waltermann

IPC: G06F9/00 ,  G06F9/24 ,  G06F15/177 ,  G06F9/455 ,  G06F21/00

CPC classification number: G06F9/4401 ,  G06F9/45533 ,  G06F2009/45583

Abstract: A system and method for loading programs during a system boot using stored configuration data in a predetermined file system from a prior session and providing the stored configuration data to a guest operating system capable of communication with a host operating system, during start-up, within a computing environment having a hypervisor, in a predetermined manner.

Abstract translation: 一种用于在系统引导期间使用来自先前会话的预定文件系统中的存储配置数据加载程序的系统和方法，并且将所存储的配置数据提供给能够在启动期间在主机操作系统内与客户操作系统通信的客户操作系统 具有管理程序的计算环境，以预定的方式。

公开(公告)号：US08099789B2

公开(公告)日：2012-01-17

申请号：US11529795

申请日：2006-09-29

Applicant: David C. Challener ,  John H. Nicholson, III ,  Joseph Pennisi ,  Rod D. Waltermann

Inventor： David C. Challener ,  John H. Nicholson, III ,  Joseph Pennisi ,  Rod D. Waltermann

IPC: G06F21/00

CPC classification number: H04L9/0894 ,  G06F21/51 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/127

Abstract: Method and apparatus for enabling applications on security processors of computer systems. In one aspect, a security processor apparatus includes a processor and a memory coupled to the processor and operative to store a secure table. The secure table stores different certified endorsement keys and different values, each value associated with one of the endorsement keys. Each stored value is derived from a different application that is certified by the associated endorsement key to be executed on the processor.

Abstract translation: 用于在计算机系统的安全处理器上实现应用的方法和装置。 在一个方面，一种安全处理器装置包括处理器和耦合到处理器并可操作以存储安全表的存储器。 安全表存储不同的认证密钥和不同的值，每个值与一个认可密钥相关联。 每个存储的值都是从由处理器执行的相关认可密钥认证的不同应用程序导出的。

公开(公告)号：US08086840B2

公开(公告)日：2011-12-27

申请号：US12361529

申请日：2009-01-28

Applicant: Richard Wayne Cheston ,  Mark Charles Davis ,  Howard Locker ,  Rod D. Waltermann

Inventor： Richard Wayne Cheston ,  Mark Charles Davis ,  Howard Locker ,  Rod D. Waltermann

IPC: G06F9/00 ,  G06F9/24 ,  G06F13/00 ,  G06F15/177

CPC classification number: H04L67/1097 ,  G06F3/06 ,  G06F9/4416 ,  G06F9/445 ,  G06F17/30

Abstract: An apparatus, system, and method are disclosed for remotely booting a client from a storage area network (“SAN”). A connection module enables a client, such as a diskless client, to connect to two or more storage area networks (“SANs”), the SANs belonging to a group of redundant SANs, each SAN in the group redundantly storing at least a portion of substantially identical operating system data for the client. The boot module enables the client to remotely boot an operating system from the two or more redundant SANs. The boot module makes at least one read request to each of the two or more connected SANs, each read request configured to retrieve a disparate portion of the operating system data for loading the operating system onto the client. The boot module loads the operating system onto the client using a combination of data retrieved from the two or more connected SANs.

Abstract translation: 公开了用于从存储区域网络（“SAN”）远程引导客户端的装置，系统和方法。 连接模块使诸如无盘客户端之类的客户端能够连接到两个或多个存储区域网络（“SAN”），属于一组冗余SAN的SAN，该组中的每个SAN冗余地存储至少一部分 基本上相同的操作系统数据为客户端。 引导模块使客户端能够从两个或多个冗余SAN远程引导操作系统。 引导模块对两个或多个连接的SAN中的每一个进行至少一个读取请求，每个读取请求被配置为检索用于将操作系统加载到客户端上的操作系统数据的不同部分。 引导模块使用从两个或多个连接的SAN检索的数据的组合将操作系统加载到客户端上。

公开(公告)号：US20110246613A1

公开(公告)日：2011-10-06

申请号：US12750322

申请日：2010-03-30

Applicant: Liang Chen ,  Jonathan G. Knox ,  Yi Zhou ,  Rod D. Waltermann ,  Nathan J. Peterson

Inventor： Liang Chen ,  Jonathan G. Knox ,  Yi Zhou ,  Rod D. Waltermann ,  Nathan J. Peterson

IPC: G06F15/16

CPC classification number: G06F8/63 ,  H04L67/1097

Abstract: Embodiments provide systems, methods, apparatuses and computer program products configured to provide alternative desktop computing solutions. Embodiments generally provide client devices configured to utilize one of a local base image and a base image stored remotely, with a user-specific overlay image remotely storing user specific data. The clients are configured to download and store the base image locally.

Abstract translation: 实施例提供被配置为提供备选桌面计算解决方案的系统，方法，装置和计算机程序产品。 实施例通常提供被配置为利用远程存储的本地基础图像和基本图像中的一个的客户端设备与用户特定覆盖图像远程存储用户特定数据。 客户端被配置为在本地下载和存储基本映像。

公开(公告)号：US20110243123A1

公开(公告)日：2011-10-06

申请号：US12749942

申请日：2010-03-30

Applicant: Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

Inventor： Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

IPC: H04L12/66

CPC classification number: H04L65/1053

Abstract: An approach is provided that, upon receiving a keyboard event, reduces a volume of an audio input channel from a first volume level to a lower volume level. After the volume of the audio input channel is reduced, the approach waits until a system event occurs, with the system event based at least in part on the occurrence of a nondeterministic event. The volume of the audio input channel is then increased from the lower volume level to a higher volume level when the system event occurs

Abstract translation: 提供了一种方法，其在接收到键盘事件时将音频输入通道的音量从第一音量级降低到较低的音量。 在音频输入通道的音量减小之后，该方法等待直到系统事件发生，系统事件至少部分地基于非确定性事件的发生。 然后，当系统事件发生时，音频输入通道的音量从较低音量级别增加到较高音量

公开(公告)号：US07702789B2

公开(公告)日：2010-04-20

申请号：US11266147

申请日：2005-11-03

Applicant: Daryl C. Cromer ,  Howard J. Locker ,  Randall S. Springfield ,  Rod D. Waltermann

Inventor： Daryl C. Cromer ,  Howard J. Locker ,  Randall S. Springfield ,  Rod D. Waltermann

IPC: G06F15/173

CPC classification number: G06F9/5088 ,  G06F9/4856

Abstract: An apparatus, system, and method are disclosed for reassigning a client. A selection module selects a second computation module that is hardware compatible with a first computation module. A suspension module suspends a software process for a client executing on the first computation module. An execution state module copies a computation module execution state of the first computation module to the second computation module. A memory map module copies a memory map of a software process image associated with the software process and stored in a first storage system from the first computation module to the second computation module. In one embodiment, a resumption module resumes the software process executing on the second computation module.

Abstract translation: 公开了用于重新分配客户端的装置，系统和方法。 选择模块选择与第一计算模块硬件兼容的第二计算模块。 暂停模块暂停在第一计算模块上执行的客户端的软件处理。 执行状态模块将第一计算模块的计算模块执行状态复制到第二计算模块。 存储器映射模块将与软件过程相关联的软件过程映像的存储器映射复制并存储在第一存储系统中，从第一计算模块到第二计算模块。 在一个实施例中，恢复模块恢复在第二计算模块上执行的软件过程。