公开(公告)号：US20080076355A1

公开(公告)日：2008-03-27

申请号：US11535542

申请日：2006-09-27

Applicant: Rod D. Waltermann ,  David C. Challener ,  Philip L. Childs ,  Norman A. Dion ,  James Hunt ,  Nathan J. Peterson ,  David Rivera ,  Randall S. Springfield ,  Arnold S. Weksler

Inventor： Rod D. Waltermann ,  David C. Challener ,  Philip L. Childs ,  Norman A. Dion ,  James Hunt ,  Nathan J. Peterson ,  David Rivera ,  Randall S. Springfield ,  Arnold S. Weksler

IPC: H04B1/00 ,  H04B7/00 ,  H03K7/06 ,  H04L27/10 ,  H04B1/26 ,  H04B1/06 ,  H03K9/06 ,  H04B15/00

CPC classification number: G06F21/575 ,  G06F21/6209 ,  G06F2221/2107 ,  H04L9/0897 ,  H04L2209/127

Abstract: A method for protecting Security Accounts Manager (SAM) files within a Windows® operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows® operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

Abstract translation: 公开了一种在Windows（R）操作系统中保护安全帐户管理器（SAM）文件的方法。 通过Windows（R）操作系统中提供的syskey实用程序加密SAM文件来生成SAM文件加密密钥。 然后，SAM文件加密密钥存储在虚拟软盘中，方法是选择将SAM文件加密密钥存储到syskey实用程序下的软盘中。 通过对SAM文件加密密钥执行可信平台模块（TPM）密封命令以及存储在性能控制寄存器和TPM存储根密钥中的值来生成blob。 斑点存储在计算机的非易失性存储区域中。

公开(公告)号：US09628517B2

公开(公告)日：2017-04-18

申请号：US12749942

申请日：2010-03-30

Applicant: Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

Inventor： Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

IPC: H04L29/06

CPC classification number: H04L65/1053

Abstract: An approach is provided that, upon receiving a keyboard event, reduces a volume of an audio input channel from a first volume level to a lower volume level. After the volume of the audio input channel is reduced, the approach waits until a system event occurs, with the system event based at least in part on the occurrence of a nondeterministic event. The volume of the audio input channel is then increased from the lower volume level to a higher volume level when the system event occurs

公开(公告)号：US09058229B2

公开(公告)日：2015-06-16

申请号：US12897549

申请日：2010-10-04

Applicant: Howard J. Locker ,  Richard Wayne Cheston ,  Rod D. Waltermann ,  Goran H. Wibran

Inventor： Howard J. Locker ,  Richard Wayne Cheston ,  Rod D. Waltermann ,  Goran H. Wibran

IPC: G06F15/173 ,  G06F9/445

CPC classification number: G06F8/60

Abstract: A method and apparatus for maintaining operability with a cloud computing environment. The apparatus includes a storage module and a local environment module. The storage module may store cloud computing data from a cloud computing environment onto a local storage device. The storage module may communicate with the cloud computing environment through a remote connection. The local environment module may operate a local cloud computing environment from the local storage device while the remote connection to the cloud computing environment is unavailable. The local cloud environment may replicate at least a portion of the cloud computing environment and may be operated from the stored cloud computing data.

Abstract translation: 一种用于通过云计算环境维护可操作性的方法和装置。 该装置包括存储模块和本地环境模块。 存储模块可以将来自云计算环境的云计算数据存储到本地存储设备上。 存储模块可以通过远程连接与云计算环境进行通信。 本地环境模块可以在与云计算环境的远程连接不可用的情况下从本地存储设备操作本地云计算环境。 本地云环境可以复制至少一部分云计算环境，并且可以从存储的云计算数据中进行操作。

公开(公告)号：US20130268743A1

公开(公告)日：2013-10-10

申请号：US13435452

申请日：2012-03-30

Applicant: Rod D. Waltermann ,  Nathan J. Peterson ,  Richard Paul Cornwell ,  Bruce Douglas Gress ,  Jun Li

Inventor： Rod D. Waltermann ,  Nathan J. Peterson ,  Richard Paul Cornwell ,  Bruce Douglas Gress ,  Jun Li

IPC: G06F9/00

CPC classification number: G06F9/44 ,  G06F8/60

Abstract: Systems, methods and products directed toward creating device preloads via employing base and additional operating system content. One aspect includes communicating an aspect of an information handling device, and assimilating additional operating system content at the information handling device responsive to communication of the aspect of the device, the additional operating system content deriving from a repository separate from the information handling device, wherein a base operating system and additional operating system content combine to form a unitary device operating system. Other embodiments are described herein.

Abstract translation: 系统，方法和产品旨在通过使用基础和其他操作系统内容来创建设备预加载。 一个方面包括传达信息处理设备的一个方面，以及响应于设备的方面的通信，从信息处理设备分离的存储库导出的附加操作系统内容，在信息处理设备中吸收附加的操作系统内容，其中 基本操作系统和附加操作系统内容相结合，形成一体的设备操作系统。 本文描述了其它实施例。

公开(公告)号：US08438564B2

公开(公告)日：2013-05-07

申请号：US12750287

申请日：2010-03-30

Applicant: Yi Zhou ,  Rod D. Waltermann ,  Fred W. F. Holt, Jr. ,  Bradley P. Strazisar ,  Liang Chen

Inventor： Yi Zhou ,  Rod D. Waltermann ,  Fred W. F. Holt, Jr. ,  Bradley P. Strazisar ,  Liang Chen

IPC: G06F9/455

CPC classification number: G06F9/445 ,  G06F9/44557

Abstract: Systems, methods, apparatuses and computer program products provide alternative desktop computing solutions and generally provide client devices configured to utilize one of a local common base image and a common base image stored remotely, with a user-specific overlay image remotely storing user specific data. The clients can be configured to store the common base image locally.

Abstract translation: 系统，方法，装置和计算机程序产品提供替代桌面计算解决方案，并且通常提供被配置为利用远程存储的本地公共基本图像和公共基本图像之一的客户端设备与用户特定覆盖图像远程存储用户特定数据。 客户端可以配置为在本地存储公共基本映像。

公开(公告)号：US08433924B2

公开(公告)日：2013-04-30

申请号：US11612367

申请日：2006-12-18

Applicant: David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F2221/2153

Abstract: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.

Abstract translation: 公开了用于认证信任度量链核心根的装置，系统和方法。 用于认证CRTM链的装置设置有多个模块，其被配置为执行从所选择的用于认证的设备上的预定位置检索解密密钥的步骤，使用解密密钥解密认证信号，以及传送解密密钥 认证信号给用户。 在所描述的实施例中，这些模块包括检索模块，解密模块和通信模块。 有利的是，这样的装置，系统和方法可以可靠地验证CRTM链中的链路没有被破坏，修改或感染计算机病毒。 具体来说，这样的装置，系统和方法将能够验证管理程序没有被计算机病毒破坏，修改或感染。

公开(公告)号：US08205197B2

公开(公告)日：2012-06-19

申请号：US12269668

申请日：2008-11-12

Applicant: David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F9/455 ,  G06F9/46

CPC classification number: G06F21/53 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer.

Abstract translation: 公开了用于授予管理程序特权的装置，系统和方法。 安装模块安装监视器管理程序，其中只有监视器管理程序被计算机授予管理程序的权限。 认证模块认证第二管理程序。 如果第二个管理程序被认证，驱逐模块将使监视器管理程序移走。 在监视器管理程序被驱逐之后，安装模块进一步安装第二管理程序，以便计算机只能向管理程序授予管理程序权限。

公开(公告)号：US08131986B2

公开(公告)日：2012-03-06

申请号：US11529900

申请日：2006-09-29

Applicant: Mark C. Davis ,  Scott E. Kelso ,  Ling Ma ,  Nathan J. Peterson ,  Rod D. Waltermann

Inventor： Mark C. Davis ,  Scott E. Kelso ,  Ling Ma ,  Nathan J. Peterson ,  Rod D. Waltermann

IPC: G06F9/00 ,  G06F9/24 ,  G06F15/177 ,  G06F9/455 ,  G06F21/00

CPC classification number: G06F9/4401 ,  G06F9/45533 ,  G06F2009/45583

Abstract: A system and method for loading programs during a system boot using stored configuration data in a predetermined file system from a prior session and providing the stored configuration data to a guest operating system capable of communication with a host operating system, during start-up, within a computing environment having a hypervisor, in a predetermined manner.

Abstract translation: 一种用于在系统引导期间使用来自先前会话的预定文件系统中的存储配置数据加载程序的系统和方法，并且将所存储的配置数据提供给能够在启动期间在主机操作系统内与客户操作系统通信的客户操作系统 具有管理程序的计算环境，以预定的方式。

公开(公告)号：US08099789B2

公开(公告)日：2012-01-17

申请号：US11529795

申请日：2006-09-29

Applicant: David C. Challener ,  John H. Nicholson, III ,  Joseph Pennisi ,  Rod D. Waltermann

Inventor： David C. Challener ,  John H. Nicholson, III ,  Joseph Pennisi ,  Rod D. Waltermann

IPC: G06F21/00

CPC classification number: H04L9/0894 ,  G06F21/51 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/127

Abstract: Method and apparatus for enabling applications on security processors of computer systems. In one aspect, a security processor apparatus includes a processor and a memory coupled to the processor and operative to store a secure table. The secure table stores different certified endorsement keys and different values, each value associated with one of the endorsement keys. Each stored value is derived from a different application that is certified by the associated endorsement key to be executed on the processor.

Abstract translation: 用于在计算机系统的安全处理器上实现应用的方法和装置。 在一个方面，一种安全处理器装置包括处理器和耦合到处理器并可操作以存储安全表的存储器。 安全表存储不同的认证密钥和不同的值，每个值与一个认可密钥相关联。 每个存储的值都是从由处理器执行的相关认可密钥认证的不同应用程序导出的。

公开(公告)号：US08086840B2

公开(公告)日：2011-12-27

申请号：US12361529

申请日：2009-01-28

Applicant: Richard Wayne Cheston ,  Mark Charles Davis ,  Howard Locker ,  Rod D. Waltermann

Inventor： Richard Wayne Cheston ,  Mark Charles Davis ,  Howard Locker ,  Rod D. Waltermann

IPC: G06F9/00 ,  G06F9/24 ,  G06F13/00 ,  G06F15/177

CPC classification number: H04L67/1097 ,  G06F3/06 ,  G06F9/4416 ,  G06F9/445 ,  G06F17/30

Abstract: An apparatus, system, and method are disclosed for remotely booting a client from a storage area network (“SAN”). A connection module enables a client, such as a diskless client, to connect to two or more storage area networks (“SANs”), the SANs belonging to a group of redundant SANs, each SAN in the group redundantly storing at least a portion of substantially identical operating system data for the client. The boot module enables the client to remotely boot an operating system from the two or more redundant SANs. The boot module makes at least one read request to each of the two or more connected SANs, each read request configured to retrieve a disparate portion of the operating system data for loading the operating system onto the client. The boot module loads the operating system onto the client using a combination of data retrieved from the two or more connected SANs.

Abstract translation: 公开了用于从存储区域网络（“SAN”）远程引导客户端的装置，系统和方法。 连接模块使诸如无盘客户端之类的客户端能够连接到两个或多个存储区域网络（“SAN”），属于一组冗余SAN的SAN，该组中的每个SAN冗余地存储至少一部分 基本上相同的操作系统数据为客户端。 引导模块使客户端能够从两个或多个冗余SAN远程引导操作系统。 引导模块对两个或多个连接的SAN中的每一个进行至少一个读取请求，每个读取请求被配置为检索用于将操作系统加载到客户端上的操作系统数据的不同部分。 引导模块使用从两个或多个连接的SAN检索的数据的组合将操作系统加载到客户端上。