-
11.发明授权公开(公告)号:US06892305B1
公开(公告)日:2005-05-10
申请号:US09689460
申请日:2000-10-12
申请人: Richard Alan Dayan , Steven Dale Goodman , Joseph Michael Pennisi , Randall Scott Springfield , James Peter Ward , Joseph Wayne Freeman
发明人: Richard Alan Dayan , Steven Dale Goodman , Joseph Michael Pennisi , Randall Scott Springfield , James Peter Ward , Joseph Wayne Freeman
CPC分类号: G06F21/575
摘要: A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised. It is also an object of the present invention to preclude the system from compromising any keys and associated secrets if a security feature element in the system was not previously present in the system.
摘要翻译: 公开了一种以安全方式引导计算机系统的方法和系统。 该方法和系统包括在计算机系统的初始化期间确定安全特征元素的存在,其中安全特征元素包括公共密钥和相应的私钥,将公钥的一部分存储在计算机系统内的非易失性存储器中 如果存在安全特征元素并且利用算法来确定在计算机系统的后续引导之前的安全特征元素的存在。 通过使用本发明,计算机系统能够被启动,由此计算机系统确定安全特征元素是否先前存在于系统中。 如果安全特征元素以前存在于计算机系统中,则防止任何存储的密钥以及它们保护的秘密被泄露。 如果系统中的安全特征元素先前不存在于系统中,则本发明的另一个目的是排除系统损害任何密钥和相关联的秘密。
-
12.发明授权Method of providing enhanced security in a remotely managed computer system 有权在远程管理的计算机系统中提供增强的安全性的方法公开(公告)号:US06823464B2
公开(公告)日:2004-11-23
申请号:US09793239
申请日:2001-02-26
申请人: Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield , James Peter Ward
发明人: Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F124
CPC分类号: G06F21/305 , G06F21/57
摘要: Authentication of an entity remotely managing a data processing system is enabled to allow changes by the remote entity to hard-locked critical security information normally accessible only during the POST and only to trusted entities such as the system BIOS. The remote entity builds a change request and generates a hash from the change request with a current password appended. The change request and the hash are stored in a lockable non-volatile buffer which, once locked, requires a system reset to access. During the next POST, a trusted entity such as the system BIOS reads the change request, generates an authentication hash from the change request and the current password within the hard-locked security information, and compares the buffered hash with the generated hash. If a match is determined, the security information is updated; otherwise a tamper error is reported.
摘要翻译: 允许远程管理数据处理系统的实体的认证允许远程实体更改硬锁定通常只能在POST期间可访问的关键安全性信息,并且只允许受信任的实体(如系统BIOS)。 远程实体构建更改请求,并从附加当前密码的更改请求生成哈希值。 更改请求和哈希存储在可锁定的非易失性缓冲区中,该缓冲区一旦被锁定就需要系统重置才能访问。 在下一个POST期间,诸如系统BIOS的受信任的实体读取更改请求,从改变请求中生成认证散列,并在硬锁定的安全信息内生成当前密码,并将缓冲的散列与生成的散列进行比较。 如果确定匹配,则更新安全信息; 否则报告篡改错误。
-
13.发明授权Method and system for updating a root of trust measurement function in a personal computer 有权在个人计算机中更新信任测度功能根的方法和系统公开(公告)号:US06782349B2
公开(公告)日:2004-08-24
申请号:US10063608
申请日:2002-05-03
申请人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1900
CPC分类号: G06F21/6218 , G06F21/575
摘要: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.
摘要翻译: 公开了一种用于更新个人计算机中的信任测度(RTM)功能根的方法和系统。 RTM功能位于个人计算机的引导块中。 该方法和系统包括:初始化更新RTM功能的请求,并基于认证过程来解锁引导块。 该方法和系统还包括更新RTM功能。 通过使用根据本发明的方法和系统,个人计算机中的RTM功能以确保更新是真实的方式被更新。
-
公开(公告)号:US07263608B2
公开(公告)日:2007-08-28
申请号:US10735388
申请日:2003-12-12
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
公开(公告)号:US06889298B2
公开(公告)日:2005-05-03
申请号:US10015814
申请日:2001-11-02
CPC分类号: G06F21/81 , G06F21/6218
摘要: An apparatus and method for exclusively binding data to a data processing system. The logical binding apparatus of the present invention includes a detachable circuit device mounted within a system planar. Data to be bound within the system planar is stored in a memory device within the detachable circuit device. A battery signal is applied from the system planar to a binding pin on the detachable circuit device, wherein the binding pin is applied to the input of a binding latch. The binding latch remains in a reset state while the battery signal is applied. Upon removal of said binding signal from the binding pin, the binding latch is set thus signaling a processing unit within the detachable circuit device to remove the data from the memory device.
摘要翻译: 一种用于将数据独占于数据处理系统的装置和方法。 本发明的逻辑装订装置包括安装在系统平面内的可拆卸电路装置。 在系统平面内绑定的数据被存储在可拆卸电路装置内的存储装置中。 电池信号从系统平面施加到可拆卸电路装置上的装订销上,其中装订销被施加到装订闩锁的输入。 当施加电池信号时,装订锁定器保持复位状态。 在从绑定销移除所述绑定信号之后,设置绑定锁存器,从而向可拆卸电路装置内的处理单元发出信号,以从存储器装置移除数据。
-
公开(公告)号:US07107460B2
公开(公告)日:2006-09-12
申请号:US10077135
申请日:2002-02-15
申请人: Daryl Carvis Cromer , Scott Thomas Elliott , James Patrick Hoff , Howard Jeffrey Locker , David Rivera , Randall Scott Springfield , James Peter Ward
发明人: Daryl Carvis Cromer , Scott Thomas Elliott , James Patrick Hoff , Howard Jeffrey Locker , David Rivera , Randall Scott Springfield , James Peter Ward
摘要: An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.
-
17.发明授权Method for providing a single preloaded software image with an ability to support multiple hardware configurations and multiple types of computer systems 失效用于提供具有支持多种硬件配置和多种类型的计算机系统的能力的单个预加载软件映像的方法公开(公告)号:US06944867B2
公开(公告)日:2005-09-13
申请号:US09971942
申请日:2001-10-04
申请人: Richard Wayne Cheston , Daryl Carvis Cromer , Jeffrey Mark Estroff , James Anthony Hunt , Howard Jeffrey Locker , Joshua Neil Novak , Randall Scott Springfield , James Peter Ward , Arnold Stephen Weksler
发明人: Richard Wayne Cheston , Daryl Carvis Cromer , Jeffrey Mark Estroff , James Anthony Hunt , Howard Jeffrey Locker , Joshua Neil Novak , Randall Scott Springfield , James Peter Ward , Arnold Stephen Weksler
CPC分类号: G06F9/4406 , G06F9/4411
摘要: The hard disk drive of a computer system is loaded with a preloaded image including an operating system, a number of application programs, and a device driver installation routine, all of which are not dependent on the hardware configuration of the computer system. A hidden partition of the hard disk drive is also loaded with a number of device drivers, which are dependent upon the hardware configuration. During the first boot only of the preloaded image, the device drivers are installed by the device driver installation routine.
摘要翻译: 计算机系统的硬盘驱动器装载有包括操作系统,许多应用程序和设备驱动程序安装程序的预加载映像,所有这些都不依赖于计算机系统的硬件配置。 硬盘驱动器的隐藏分区还加载了许多设备驱动程序,这些驱动程序取决于硬件配置。 在首次引导仅预载图像的情况下,设备驱动程序由设备驱动程序安装程序安装。
-
18.发明授权Data processing system and method for permitting a server to remotely perform diagnostics on a malfunctioning client computer system 有权数据处理系统和方法,用于允许服务器远程执行故障客户端计算机系统上的诊断公开(公告)号:US06480972B1
公开(公告)日:2002-11-12
申请号:US09257547
申请日:1999-02-24
申请人: Daryl Carvis Cromer , Brandon Jon Ellison , Eric Richard Kern , Howard Locker , Randall Scott Springfield , James Peter Ward
发明人: Daryl Carvis Cromer , Brandon Jon Ellison , Eric Richard Kern , Howard Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06K1100
CPC分类号: G06F11/079 , G06F11/0748 , G06F11/2294
摘要: A data processing system and method are described for permitting a server computer system to perform remote diagnostics on a malfunctioning client computer system coupled to the server computer system utilizing a network. The server computer system transmits a diagnostic command to the malfunctioning client computer system utilizing the network. A network adapter operating as a bus controller for an internal bus within the malfunctioning client computer system executes the diagnostic command. The network adapter transmits a result of the execution of the diagnostic command to the server computer system. In this manner, the diagnostic command is executed within a malfunctioning client computer system by a remote, server computer system.
摘要翻译: 描述了一种数据处理系统和方法,用于允许服务器计算机系统对利用网络耦合到服务器计算机系统的故障客户端计算机系统执行远程诊断。 服务器计算机系统利用网络向故障的客户端计算机系统发送诊断命令。 作为故障客户端计算机系统内部总线的总线控制器的网络适配器执行诊断命令。 网络适配器将诊断命令的执行结果发送到服务器计算机系统。 以这种方式,通过远程服务器计算机系统在故障的客户端计算机系统内执行诊断命令。
-
19.发明授权公开(公告)号:US07257701B2
公开(公告)日:2007-08-14
申请号:US09990003
申请日:2001-11-21
申请人: Richard Wayne Cheston , Daryl Carvis Cromer , Howard Jeffrey Locker , David Benson Rhoades , Randall Scott Springfield , James Peter Ward
发明人: Richard Wayne Cheston , Daryl Carvis Cromer , Howard Jeffrey Locker , David Benson Rhoades , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F15/00
摘要: A method and system for configuring an operating system in a computer system including language selection during bootup rather than at manufacture. A first aspect of the method and system comprises providing a plurality of operating system images in the computer system, each of the plurality of operating system images being based upon a particular language, selecting one of the plurality of operating system images based on the language supported by the computer system and loading the selected operating system image into the computer system. A second aspect of the method and system comprises providing a language-independent operating system image in the computer system, determining a language supported by the computer system, loading the language-independent operating system image into the computer system, and associating the language supported by the computer system with the language-independent operating system image.
摘要翻译: 一种用于在计算机系统中配置操作系统的方法和系统,包括在启动期间而不是制造期间的语言选择。 所述方法和系统的第一方面包括在所述计算机系统中提供多个操作系统图像,所述多个操作系统图像中的每一个基于特定语言,基于所支持的语言来选择所述多个操作系统图像中的一个 通过计算机系统将所选择的操作系统映像加载到计算机系统中。 该方法和系统的第二方面包括在计算机系统中提供与语言无关的操作系统图像,确定由计算机系统支持的语言,将与语言无关的操作系统映像加载到计算机系统中,以及将由 计算机系统具有与语言无关的操作系统映像。
-
20.发明授权Data processing system and method for securing a docking station and its portable PC 有权用于固定坞站及其便携式PC的数据处理系统和方法公开(公告)号:US06609207B1
公开(公告)日:2003-08-19
申请号:US09260921
申请日:1999-03-02
申请人: Daryl Carvis Cromer , Brandon Jon Ellison , Eric Richard Kern , Howard Locker , Randall Scott Springfield , James Peter Ward
发明人: Daryl Carvis Cromer , Brandon Jon Ellison , Eric Richard Kern , Howard Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1214
摘要: A data processing system and method including a docking station and a portable computer capable of being coupled to the docking station are disclosed for securing the docking station, the portable computer, and for securing the attachment of the docking station to the portable computer. The portable computer is coupled to the docking station. A disconnection password is established. When the portable computer is disconnected from the docking station, a user is prompted for the disconnection password. The portable computer is disabled in response to a failure to correctly enter the disconnection password, wherein the portable computer is inoperable without a correct entry of the disconnection password. When a portable computer is connected to the docking station, a correct entry of a connection password is required. In response to a failure to correctly enter the connection password, access to the docking station is prohibited. When the docking station is physically removed from its stationary support, correct entry of a relocation password is required. In response to a failure to correctly enter the password, access to the docking station is prohibited.
摘要翻译: 公开了一种数据处理系统和方法,其包括对接站和能够连接到对接站的便携式计算机,用于固定对接站,便携式计算机,以及用于将对接站的连接固定到便携式计算机。 便携式计算机耦合到对接站。 断开密码建立。 当便携式计算机与对接站断开连接时,提示用户断开连接密码。 响应于无法正确输入断开密码,便携式计算机被禁用,其中便携式计算机在不正确输入断开密码的情况下是不可操作的。 当便携式计算机连接到扩展坞时,需要正确输入连接密码。 响应于无法正确输入连接密码,禁止访问扩展坞。 当对接站从其固定支架物理上移除时,需要正确输入重新定位密码。 为了不正确输入密码,禁止访问扩展坞。
-
-
-
-
-
-
-
-
-
搜索结果
85 条记录 (耗时 0.027 秒)
