-
公开(公告)号:US20100115256A1
公开(公告)日:2010-05-06
申请号:US12265909
申请日:2008-11-06
IPC分类号: G06F15/177
CPC分类号: G06F8/66
摘要: An apparatus, system, and method are disclosed for quiescing a boot environment. A reservation module reserves a portion of a first storage device. A store module stores an update boot image to the reserved portion. A detection module detects the update boot image stored on the first storage device when the computer boots and executes the update boot image in place of a standard boot image in response to detecting the update boot image. The update boot image places a computer in a known quiescent state.
摘要翻译: 公开了用于停止引导环境的装置,系统和方法。 预留模块保留第一存储设备的一部分。 存储模块将更新引导映像存储到保留部分。 当计算机启动时,检测模块检测存储在第一存储设备上的更新引导映像,并且响应于检测到更新引导映像而执行替换引导映像代替标准引导映像。 更新引导映像将计算机置于已知的静态状态。
-
22.发明申请公开(公告)号:US20090205044A1
公开(公告)日:2009-08-13
申请号:US12027761
申请日:2008-02-07
IPC分类号: G06F11/00
CPC分类号: G06F21/552
摘要: An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module.
摘要翻译: 公开了用于安全硬盘签名审核的装置,系统和方法。 该装置设置有多个模块,其被配置为在功能上执行监视与被审计系统的交互的必要步骤,检测与可审计交互相对应的中断事件,以及响应于中断事件记录可审计交互的审计记录, 其中审计记录被记录在部分可安全的硬盘的访问受限的部分中。 所述实施例中的这些模块包括门模块,检测模块和测井模块。
-
公开(公告)号:US07484241B2
公开(公告)日:2009-01-27
申请号:US10994620
申请日:2004-11-22
申请人: David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
发明人: David Carroll Challener , Steven Dale Goodman , James Patrick Hoff , David Rivera , Randall Scott Springfield
CPC分类号: G06F21/41
摘要: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.
摘要翻译: 公开了仅使用开机密码的安全单点登录到操作系统的方法和布置。 在许多实施例中,修改的BIOS代码提示,接收和验证开机密码。 开机密码被散列并存储在可信平台模块的平台配置寄存器中。 在设置模式下,可信平台模块使用散列开机密码对操作系统密码进行加密。 在登录模式下,可信平台模块使用散列开机密码解密操作系统密码。
-
24.发明申请公开(公告)号:US20080133905A1
公开(公告)日:2008-06-05
申请号:US11565452
申请日:2006-11-30
IPC分类号: H04L9/32
CPC分类号: H04L9/0822 , H04L9/3226
摘要: An apparatus, system, and method are disclosed for remotely accessing a shared password. A storage module stores identifiers, passwords, and keys within a secure key structure of a client. The passwords and keys include a shared password encrypted with a shared password key that is encrypted with a service structure key. The storage module also stores the service structure key encrypted with a key derived from a service password on a trusted server. An input/output module accesses the trusted server from the client with a prospective service password and receives the encrypted service structure key from the trusted server if a hash of the prospective service password is equivalent to the service password. An encryption module may decrypt the service structure key with the prospective service password, the shared password key with the service structure key, and the shared password with the shared password key.
摘要翻译: 公开了用于远程访问共享密码的装置,系统和方法。 存储模块在客户端的安全密钥结构内存储标识符,密码和密钥。 密码和密钥包括使用通过服务结构密钥加密的共享密码密钥加密的共享密码。 存储模块还将在服务密码上导出的密钥加密的服务结构密钥存储在可信服务器上。 输入/输出模块从客户端接收可信服务密码,如果预期服务密码的散列等于服务密码,则从可信服务器接收加密的服务结构密钥。 加密模块可以利用预期服务密码,具有服务结构密钥的共享密码密钥和具有共享密码密钥的共享密码对服务结构密钥进行解密。
-
公开(公告)号:US07281125B2
公开(公告)日:2007-10-09
申请号:US09940155
申请日:2001-08-24
申请人: David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
发明人: David Carroll Challener , Steven Dale Goodman , David Robert Safford , Randall Scott Springfield
IPC分类号: H04L29/00
CPC分类号: G06F21/572 , G06F21/575 , G06F21/62
摘要: A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.
摘要翻译: 一种用于保护可变数据的方法,计算机程序产品和计算机系统。 远程管理的计算机可能配备有只能通过BIOS代码访问的受保护存储。 受保护的存储器可以具有存储对称加密密钥的能力。 通常包含BIOS代码的EEPROM可用于存储可访问的配置数据以及远程不可访问的敏感访问信息(例如,密码)。 远程不可访问的敏感数据通过BIOS代码用对称加密密钥加密。 通过安全通道提交给BIOS代码的更改请求,可以远程访问敏感数据。 然后,BIOS代码确定请求是否有效。 如果是这样,那么敏感数据将被解密,更改,加密并重新写入EEPROM。 对可访问数据的正常访问不受影响,并且允许远程访问,而无需更改计算机系统架构。
-
公开(公告)号:US09792453B2
公开(公告)日:2017-10-17
申请号:US11861597
申请日:2007-09-26
CPC分类号: G06F21/6209 , G06F21/74 , G06F2221/2103 , G06F2221/2105 , H04L63/1441
摘要: A method and system are disclosed for placing a computer in a safe and secure lock down state from a remote location using a remote command device such as a cellular telephone. The method and system includes optional security provisions before restarting the computer.
-
27.发明授权System and method for secure usage of peripheral devices using shared secrets 有权使用共享秘密安全使用外围设备的系统和方法公开(公告)号:US08539572B2
公开(公告)日:2013-09-17
申请号:US11934829
申请日:2007-11-05
申请人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
CPC分类号: G06F21/31 , G06F21/78 , G06F21/82 , G06F2221/2129
摘要: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.
摘要翻译: 提供了一种系统,方法和程序产品,其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后,外围设备被锁定。 在外围设备被锁定之后,接收到解锁请求并将共享密钥发送到外围设备。 然后,外围设备尝试验证共享密钥。 如果共享密钥被成功验证,则外围设备被解锁,允许使用通过验证的共享密钥可用的加密密钥来使用该设备。 另一方面,如果未验证共享密钥,则外围设备保持锁定,并且防止了设备的使用。
-
28.发明授权Apparatus, system, and method for authentication of a core root of trust measurement chain 有权用于认证信任测度链核心根的装置,系统和方法公开(公告)号:US08433924B2
公开(公告)日:2013-04-30
申请号:US11612367
申请日:2006-12-18
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F2221/2153
摘要: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.
摘要翻译: 公开了用于认证信任度量链核心根的装置,系统和方法。 用于认证CRTM链的装置设置有多个模块,其被配置为执行从所选择的用于认证的设备上的预定位置检索解密密钥的步骤,使用解密密钥解密认证信号,以及传送解密密钥 认证信号给用户。 在所描述的实施例中,这些模块包括检索模块,解密模块和通信模块。 有利的是,这样的装置,系统和方法可以可靠地验证CRTM链中的链路没有被破坏,修改或感染计算机病毒。 具体来说,这样的装置,系统和方法将能够验证管理程序没有被计算机病毒破坏,修改或感染。
-
公开(公告)号:US08347348B2
公开(公告)日:2013-01-01
申请号:US12059805
申请日:2008-03-31
申请人: David Carroll Challener , Jeffrey Mark Estroff , Mikio Hagiwara , Seiichi Kawano , Keiko Kokubun , Randall Scott Springfield
发明人: David Carroll Challener , Jeffrey Mark Estroff , Mikio Hagiwara , Seiichi Kawano , Keiko Kokubun , Randall Scott Springfield
IPC分类号: H04L29/06
CPC分类号: G06F9/4401 , G06F1/24
摘要: An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy.
摘要翻译: 公开了用于预引导策略修改的装置,系统和方法。 密钥模块在安全环境中与服务器交换密钥。 通信模块接收用该密钥编码的策略。 解码模块使用密钥解码编码策略,并在引导计算机上的操作系统之前保存策略设置。 更新模块使用策略引导计算机。
-
30.发明授权System and method for securely clearing secret data that remain in a computer system memory 有权用于安全地清除保留在计算机系统存储器中的秘密数据的系统和方法公开(公告)号:US08312534B2
公开(公告)日:2012-11-13
申请号:US12040953
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/00 , G06F17/00 , G06F17/30 , G06F15/177
摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。
-
-
-
-
-
-
-
-
-
搜索结果
170 条记录 (耗时 0.032 秒)
