-
21.发明申请System and Method for Virtualized Hypervisor to Detect Insertion of Removable Media 有权虚拟化管理程序的系统和方法,用于检测可移动介质的插入公开(公告)号:US20080127309A1
公开(公告)日:2008-05-29
申请号:US11564832
申请日:2006-11-29
IPC分类号: G06F21/20
CPC分类号: H04L63/10 , G06F21/552 , G06F2221/2153
摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,并且安全网络会增加“安全网络侧跟踪器值”。 对于每个登录请求,客户端包括客户端插入值,安全网络与安全网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。
-
22.发明申请Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system 审中-公开用于保护刀片和基于刀片的计算机系统的外围接口设备之间的I / O通信的装置,系统和方法公开(公告)号:US20060184785A1
公开(公告)日:2006-08-17
申请号:US11058987
申请日:2005-02-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
IPC分类号: H04L9/00
CPC分类号: G06F21/606 , G06F21/85
摘要: An apparatus, system, and method are disclosed for securing I/O communications between a blade and peripheral interface device. The apparatus includes a determination module, a source security module, and a source communication module. The determination module identifies I/O data configured for transmission to a destination module configured to receive secure I/O data. The source security module encrypts the I/O data to generate secured I/O data such that subsequent decryption of the secured I/O data is restricted to a destination module. The source communication module transmits the secured I/O data over a vulnerable communication link to the destination module. The vulnerable communication link comprises a message intercept vulnerability. The destination module is configured to unencrypt the secure I/O data for a destination device such as a display device.
摘要翻译: 公开了用于保护刀片和外围接口设备之间的I / O通信的装置,系统和方法。 该装置包括确定模块,源安全模块和源通信模块。 确定模块识别配置为传输到配置为接收安全I / O数据的目标模块的I / O数据。 源安全模块加密I / O数据以产生安全的I / O数据,使得安全I / O数据的后续解密被限制到目的地模块。 源通信模块通过易受攻击的通信链路将目标模块的安全I / O数据发送到目标模块。 脆弱的通信链路包括消息拦截漏洞。 目的地模块被配置为对诸如显示设备的目的地设备的安全I / O数据进行解密。
-
23.发明授权Method and apparatus for sharing an integrity security module in a dual-environment computing device 有权在双环境计算设备中共享完整性安全模块的方法和装置公开(公告)号:US08943329B2
公开(公告)日:2015-01-27
申请号:US12748787
申请日:2010-03-29
CPC分类号: G06F9/52 , G06F21/575
摘要: A method and apparatus are disclosed for sharing an integrity security module in a dual-environment computing device. The apparatus include an integrity security module, one or more processors, a detection module and a regeneration module. The one or more processors may have access to the integrity security module and may operate in two distinct operating environments of a dual-environment computing device. The detection module may detect, during an initialization sequence, a power state transition of an operating environment of the dual-environment computing device. The regeneration module may regenerate one or more integrity values from a stored integrity metric log in response to detecting the power state transition of the operating environment of the dual-environment computing device.
摘要翻译: 公开了用于在双环境计算设备中共享完整性安全模块的方法和装置。 该装置包括完整性安全模块,一个或多个处理器,检测模块和再生模块。 一个或多个处理器可以访问完整性安全模块,并且可以在双环境计算设备的两个不同的操作环境中操作。 检测模块可以在初始化序列期间检测双环境计算设备的操作环境的功率状态转换。 响应于检测双环境计算设备的操作环境的功率状态转换,再生模块可以从存储的完整性度量日志重新生成一个或多个完整性值。
-
24.发明授权System and method for protecting disk drive password when BIOS causes computer to leave suspend state 有权当BIOS使计算机挂起状态时,保护磁盘驱动器密码的系统和方法公开(公告)号:US07814321B2
公开(公告)日:2010-10-12
申请号:US11788654
申请日:2007-04-19
IPC分类号: H04L9/32
CPC分类号: G06F21/80
摘要: To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state.
摘要翻译: 要在计算机处于挂起状态时解锁HDD,在BIOS和HDD两者中,将密码与密码相结合以呈现新的一次性密码。 BIOS将其新的一次性密码发送到HDD,只有在找到匹配时才会自动解锁。 然后将新的一次性密码保存为“旧”密码,以便随后从后续挂起状态中与秘密组合。 以这种方式,如果计算机被盗,小偷不能在BIOS和HDD之间嗅探总线,以获得一旦计算机重新进入暂停状态就可以使用的密码。
-
25.发明申请Apparatus, System, and Method for Power Management Utilizing Multiple Processor Types 有权使用多种处理器类型的电源管理的装置,系统和方法公开(公告)号:US20100146317A1
公开(公告)日:2010-06-10
申请号:US12330332
申请日:2008-12-08
CPC分类号: G06F1/263 , G06F1/3203 , G06F1/3293 , Y02D10/122 , Y02D50/20
摘要: An apparatus, system, and method are disclosed for computer system power management. A control module 602 is activated on a computer 200 in response to an event and enters 818 a standby state if the computer 200 is not already 814 in the standby state. A policy module 604 detects 904 a power source of a predetermined type connected to the computer 200 and dictates 908 one or more processors 302 of higher power consumption for a more abundant type of power source such as an AC adapter 314, or one or more processors 304 of lower power consumption for a less abundant type of power source such as a battery 318. A configuration module 606, activated by the control module 602, switches 1004 the computer 200 to one or more processors 302 and 304 of a predetermined power consumption as dictated and exits 1016 the standby state.
摘要翻译: 公开了一种用于计算机系统电源管理的装置,系统和方法。 控制模块602响应于事件而在计算机200上被激活,并且如果计算机200尚未处于待机状态则进入818待机状态。 策略模块604检测904连接到计算机200的预定类型的电源,并指示908个用于更丰富类型的电源(例如AC适配器314)或一个或多个处理器的更高功耗的一个或多个处理器302 304为较不丰富的电源(例如电池318)的较低功耗。由控制模块602激活的配置模块606将计算机200切换到具有预定功率消耗的一个或多个处理器302和304,如 指定并退出1016备用状态。
-
公开(公告)号:US20100115256A1
公开(公告)日:2010-05-06
申请号:US12265909
申请日:2008-11-06
IPC分类号: G06F15/177
CPC分类号: G06F8/66
摘要: An apparatus, system, and method are disclosed for quiescing a boot environment. A reservation module reserves a portion of a first storage device. A store module stores an update boot image to the reserved portion. A detection module detects the update boot image stored on the first storage device when the computer boots and executes the update boot image in place of a standard boot image in response to detecting the update boot image. The update boot image places a computer in a known quiescent state.
摘要翻译: 公开了用于停止引导环境的装置,系统和方法。 预留模块保留第一存储设备的一部分。 存储模块将更新引导映像存储到保留部分。 当计算机启动时,检测模块检测存储在第一存储设备上的更新引导映像,并且响应于检测到更新引导映像而执行替换引导映像代替标准引导映像。 更新引导映像将计算机置于已知的静态状态。
-
27.发明申请公开(公告)号:US20090205044A1
公开(公告)日:2009-08-13
申请号:US12027761
申请日:2008-02-07
IPC分类号: G06F11/00
CPC分类号: G06F21/552
摘要: An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module.
摘要翻译: 公开了用于安全硬盘签名审核的装置,系统和方法。 该装置设置有多个模块,其被配置为在功能上执行监视与被审计系统的交互的必要步骤,检测与可审计交互相对应的中断事件,以及响应于中断事件记录可审计交互的审计记录, 其中审计记录被记录在部分可安全的硬盘的访问受限的部分中。 所述实施例中的这些模块包括门模块,检测模块和测井模块。
-
28.发明申请公开(公告)号:US20080133905A1
公开(公告)日:2008-06-05
申请号:US11565452
申请日:2006-11-30
IPC分类号: H04L9/32
CPC分类号: H04L9/0822 , H04L9/3226
摘要: An apparatus, system, and method are disclosed for remotely accessing a shared password. A storage module stores identifiers, passwords, and keys within a secure key structure of a client. The passwords and keys include a shared password encrypted with a shared password key that is encrypted with a service structure key. The storage module also stores the service structure key encrypted with a key derived from a service password on a trusted server. An input/output module accesses the trusted server from the client with a prospective service password and receives the encrypted service structure key from the trusted server if a hash of the prospective service password is equivalent to the service password. An encryption module may decrypt the service structure key with the prospective service password, the shared password key with the service structure key, and the shared password with the shared password key.
摘要翻译: 公开了用于远程访问共享密码的装置,系统和方法。 存储模块在客户端的安全密钥结构内存储标识符,密码和密钥。 密码和密钥包括使用通过服务结构密钥加密的共享密码密钥加密的共享密码。 存储模块还将在服务密码上导出的密钥加密的服务结构密钥存储在可信服务器上。 输入/输出模块从客户端接收可信服务密码,如果预期服务密码的散列等于服务密码,则从可信服务器接收加密的服务结构密钥。 加密模块可以利用预期服务密码,具有服务结构密钥的共享密码密钥和具有共享密码密钥的共享密码对服务结构密钥进行解密。
-
公开(公告)号:US07281125B2
公开(公告)日:2007-10-09
申请号:US09940155
申请日:2001-08-24
申请人: David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
发明人: David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
IPC分类号: H04L29/00
CPC分类号: G06F21/572 , G06F21/575 , G06F21/62
摘要: A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.
摘要翻译: 一种用于保护可变数据的方法,计算机程序产品和计算机系统。 远程管理的计算机可能配备有只能通过BIOS代码访问的受保护存储。 受保护的存储器可以具有存储对称加密密钥的能力。 通常包含BIOS代码的EEPROM可用于存储可访问的配置数据以及远程不可访问的敏感访问信息(例如,密码)。 远程不可访问的敏感数据通过BIOS代码用对称加密密钥加密。 通过安全通道提交给BIOS代码的更改请求,可以远程访问敏感数据。 然后,BIOS代码确定请求是否有效。 如果是这样,那么敏感数据将被解密,更改,加密并重新写入EEPROM。 对可访问数据的正常访问不受影响,并且允许远程访问,而无需更改计算机系统架构。
-
公开(公告)号:US09792453B2
公开(公告)日:2017-10-17
申请号:US11861597
申请日:2007-09-26
CPC分类号: G06F21/6209 , G06F21/74 , G06F2221/2103 , G06F2221/2105 , H04L63/1441
摘要: A method and system are disclosed for placing a computer in a safe and secure lock down state from a remote location using a remote command device such as a cellular telephone. The method and system includes optional security provisions before restarting the computer.
-
-
-
-
-
-
-
-
-
搜索结果
170 条记录 (耗时 0.08 秒)
