公开(公告)号：US08473752B2

公开(公告)日：2013-06-25

申请号：US12725838

申请日：2010-03-17

Applicant: Howard J. Locker ,  David C. Challener ,  Mark C. Davis ,  Randall S. Springfield

Inventor： Howard J. Locker ,  David C. Challener ,  Mark C. Davis ,  Randall S. Springfield

IPC: H04L29/06

CPC classification number: G06F21/6209 ,  G06F2221/2101

Abstract: An apparatus, system, and method are disclosed for auditing access to secure data. A detection module detects an access to the secure data. A record module records an encrypted log entry describing the access to the secure data. A verification module verifies the secure data is securely stored.

Abstract translation: 公开了用于审计对安全数据的访问的装置，系统和方法。 检测模块检测对安全数据的访问。 记录模块记录描述对安全数据的访问的加密日志条目。 验证模块验证安全数据是否安全存储。

公开(公告)号：US20120239939A1

公开(公告)日：2012-09-20

申请号：US13049071

申请日：2011-03-16

Applicant: Kenneth S. Seethaler ,  Randall S. Springfield ,  Howard Locker ,  Joseph M. Pennisi

Inventor： Kenneth S. Seethaler ,  Randall S. Springfield ,  Howard Locker ,  Joseph M. Pennisi

IPC: H04L9/32 ,  G06F21/00

CPC classification number: G06F21/62 ,  G06F21/78 ,  G06F2221/2107 ,  H04L9/3226

Abstract: Systems, methods and products are described that provide secure resume for encrypted drives. One aspect provides a method including: receiving an indication to resume from a suspended state at a computing device; responsive to authenticating a user at one or more input devices, accessing a value in a BIOS derived from authenticating the user at the one or more input devices; responsive to accessing the value, releasing a credential for unlocking one or more encrypted drives; and thereafter proceeding to resume from the suspend state.

Abstract translation: 描述了为加密驱动器提供安全恢复的系统，方法和产品。 一个方面提供了一种方法，包括：在计算设备处接收从暂停状态恢复的指示; 响应于在一个或多个输入设备处验证用户，访问在所述一个或多个输入设备处认证所述用户而导出的BIOS中的值; 响应于访问该值，释放用于解锁一个或多个加密驱动器的凭证; 之后继续从暂停状态恢复。

公开(公告)号：US20120239917A1

公开(公告)日：2012-09-20

申请号：US13049050

申请日：2011-03-16

Applicant: Randall S. Springfield ,  Joseph M. Pennisi ,  Howard Locker ,  Kenneth S. Seethaler

Inventor： Randall S. Springfield ,  Joseph M. Pennisi ,  Howard Locker ,  Kenneth S. Seethaler

IPC: G06F9/00

CPC classification number: G06F21/575

Abstract: Systems, methods and products are described that provide secure boot with a minimum number of re-boots. One aspect provides a method including receiving an indication to boot from a power off state at a computing device; responsive to authenticating a user at one or more input devices, releasing a value derived from authenticating the user at the one or more input devices; responsive to releasing the value, unlocking one or more encrypted drives with a previously established alternate credential; and thereafter proceeding to boot from the power off state. By not having to call the non-BIOS software each boot, this minimizes the number of reboots for each boot cycle.

Abstract translation: 描述了系统，方法和产品，提供了最少数量的重新启动的安全启动。 一方面提供一种方法，包括从计算设备处的关闭电源状态接收指示以引导; 响应于在一个或多个输入设备上认证用户，释放在所述一个或多个输入设备处认证用户导出的值; 响应于释放该值，用先前建立的替代证书解锁一个或多个加密的驱动器; 然后从断电状态开始引导。 通过不必每次启动都调用非BIOS软件，这样可以最大限度地减少每个启动周期的重新启动次数。

公开(公告)号：US20100162373A1

公开(公告)日：2010-06-24

申请号：US12341512

申请日：2008-12-22

Applicant: Randall S. Springfield ,  Jeffrey M. Estroff ,  Seiichi Kawano ,  Mikio Hagiwara ,  David C. Challener ,  James P. Hoff ,  Binqiang Ma

Inventor： Randall S. Springfield ,  Jeffrey M. Estroff ,  Seiichi Kawano ,  Mikio Hagiwara ,  David C. Challener ,  James P. Hoff ,  Binqiang Ma

IPC: H04L9/32

CPC classification number: G06F21/34

Abstract: In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.

Abstract translation: 在计算机系统的上下文中，在服务器而不是在客户端生成预引导密码。 优选地，在服务器处生成的预引导密码被分发给客户端，并且提供一个过程，由此用户可以建立他/她自己的代理（服务器不知道），可以用于将存储的密码释放到客户端硬件。 由于密码是在服务器上生成的，因此密码的管理因其在存储位置生成而大大方便。 这也使得容易实现诸如组策略的管理功能，因为密码生成软件将能够在用户和硬件之间进行逻辑连接。

公开(公告)号：US20100057440A1

公开(公告)日：2010-03-04

申请号：US12202311

申请日：2008-08-31

Applicant: Randall S. Springfield ,  Jeffrey M. Estroff ,  Mikio Hagiwara ,  James P. Hoff ,  Seiichi Kawano ,  Noritoshi Yoshiyama

Inventor： Randall S. Springfield ,  Jeffrey M. Estroff ,  Mikio Hagiwara ,  James P. Hoff ,  Seiichi Kawano ,  Noritoshi Yoshiyama

IPC: G06F17/20 ,  G06F15/177

CPC classification number: G06F9/454

Abstract: Systems and methods for providing multi-language support in a pre-boot environment are supplied. User interface type information, such as keyboard type information and translation tables, are ascertained and provided to the pre-boot environment of the apparatus, allowing the apparatus to properly receive and/or translate multi-language inputs in an appropriate fashion.

Abstract translation: 提供了在预引导环境中提供多语言支持的系统和方法。 确定用户界面类型信息，例如键盘类型信息和翻译表，并将其提供给设备的预引导环境，从而允许设备以合适的方式适当地接收和/或翻译多语言输入。

公开(公告)号：US07653835B2

公开(公告)日：2010-01-26

申请号：US11475361

申请日：2006-06-27

Applicant: Howard J. Locker ,  Daryl C. Cromer ,  Randall S. Springfield ,  Rod D. Waltermann ,  John C. Mese ,  Scott E. Kelso ,  Nathan J. Peterson ,  Arnold S. Weksler

Inventor： Howard J. Locker ,  Daryl C. Cromer ,  Randall S. Springfield ,  Rod D. Waltermann ,  John C. Mese ,  Scott E. Kelso ,  Nathan J. Peterson ,  Arnold S. Weksler

IPC: G06F11/00

CPC classification number: G06F11/0766 ,  G06F11/0712

Abstract: A client computer system is provided with two operating systems, one of which is a user operating system (UOS) and the other of which is a service operating system (SOS), and a hypervisor. In the event of a hang in the first operating system, the second operating system remains active, out of the awareness of the user of the system, and has reporting and command response capabilities beyond those of prior technology.

Abstract translation: 客户端计算机系统具有两个操作系统，其中一个是用户操作系统（UOS），另一个是服务操作系统（SOS），以及管理程序。 在第一个操作系统出现故障的情况下，第二个操作系统保持活动状态，不在系统用户的意识之内，并具有超越现有技术的报告和命令响应功能。

公开(公告)号：US20090327687A1

公开(公告)日：2009-12-31

申请号：US12147681

申请日：2008-06-27

Applicant: Randall S. Springfield ,  Howard Locker ,  David C. Challener ,  Joseph M. Pennisi

Inventor： Randall S. Springfield ,  Howard Locker ,  David C. Challener ,  Joseph M. Pennisi

IPC: G06F15/177 ,  G06F12/02 ,  G06F12/00

CPC classification number: G06F9/4401

Abstract: The employment of a process of applying user-defined defaults to a management engine or analogous arrangement, wherein a system BIOS calls or recalls such defaults, as needed, from NVRAM responsive to the need for a reset of defaults.

Abstract translation: 使用将用户定义的默认值应用于管理引擎或类似安排的过程，其中系统BIOS响应于需要重置默认值，根据需要从NVRAM中调用或调用这样的默认值。

公开(公告)号：US20080244079A1

公开(公告)日：2008-10-02

申请号：US11694485

申请日：2007-03-30

Applicant: Daryl Cromer ,  Richard W. Cheston ,  Howard Locker ,  Randall S. Springfield

Inventor： Daryl Cromer ,  Richard W. Cheston ,  Howard Locker ,  Randall S. Springfield

IPC: G06F15/16

CPC classification number: H04L67/34 ,  G06F9/4843 ,  G06F2209/482 ,  H04L67/325

Abstract: Methods and arrangements for facilitating and streamlining patch management in “road warrior” and analogous contexts. Particularly, there are broadly contemplated herein, in accordance with at least one presently preferred embodiment of the present invention, methods and arrangements for facilitating determinations of suitable times for enabling system updates and/or downloads.

Abstract translation: 促进和简化“道路战士”和类似情境中补丁管理的方法和安排。 特别地，根据本发明的至少一个目前优选的实施例，本文中广泛考虑了用于促进确定适用于启用系统更新和/或下载的时间的方法和装置。

公开(公告)号：US20080148389A1

公开(公告)日：2008-06-19

申请号：US11612092

申请日：2006-12-18

Applicant: Howard Locker ,  Daryl Cromer ,  Randall S. Springfield ,  Rod D. Waltermann

Inventor： Howard Locker ,  Daryl Cromer ,  Randall S. Springfield ,  Rod D. Waltermann

IPC: G06F7/04

CPC classification number: G06F21/575

Abstract: A method for providing centralized user authorization to allow secure sign-on to a computer system is disclosed. In response to a user attempting to boot up a computer system, a message is sent to a trusted server by a hypervisor within the computer to request a new hard drive password for the computer system. If the user is not authorized to access the computer system, a packet is sent by the trusted server to instruct the hypervisor to stop any boot process on the computer system. If the user is authorized to access the computer system, a packet containing a partial hard drive password is sent by the trusted server to the computer system. The packet is then encrypted with a system public key by the computer system to yield the partial hard drive password. The computer system subsequently combines the partial hard drive password with a user password to generate a new complete hard drive password to continue with the boot process.

Abstract translation: 公开了一种用于提供集中式用户授权以允许对计算机系统进行安全登录的方法。 响应于尝试启动计算机系统的用户，由计算机内的虚拟机管理程序向可信服务器发送消息，以请求计算机系统的新的硬盘驱动器密码。 如果用户没有权限访问计算机系统，则可信服务器发送一个数据包，以指示管理程序停止计算机系统上的任何引导过程。 如果用户被授权访问计算机系统，则包含部分硬盘驱动器密码的分组由可信服务器发送到计算机系统。 然后，计算机系统使用系统公钥对数据包进行加密，以产生部分硬盘驱动器密码。 计算机系统随后将部分硬盘驱动器密码与用户密码相结合，以生成新的完整硬盘驱动器密码，以继续引导过程。

公开(公告)号：US20080077986A1

公开(公告)日：2008-03-27

申请号：US11535110

申请日：2006-09-26

Applicant: David Rivera ,  David C. Challener ,  William F. Keown ,  Joseph M. Pennisi ,  Randall S. Springfield

Inventor： David Rivera ,  David C. Challener ,  William F. Keown ,  Joseph M. Pennisi ,  Randall S. Springfield

IPC: H04L9/32

CPC classification number: G06F21/34

Abstract: A method for providing a secure single sign-on to a computer system is disclosed. Pre-boot passwords are initially stored in a secure storage area of a smart card. The operating system password, which has been encrypted to a blob, is stored in a non-secure area of the smart card. After the smart card has been inserted in a computer system, a user is prompted for a Personal Identification Number (PIN) of the smart card. In response to a correct smart card PIN entry, the blob stored in the non-secure storage area of the smart card is decrypted to provide the operating system password, and the operating system password along with the pre-boot passwords stored in the secure storage area of the smart card are then utilized to log on to the computer system.

Abstract translation: 公开了一种用于向计算机系统提供安全单点登录的方法。 预引导密码最初存储在智能卡的安全存储区域中。 已经加密到Blob的操作系统密码存储在智能卡的非安全区域。 在将智能卡插入计算机系统中之后，将提示用户输入智能卡的个人识别号码（PIN）。 响应于正确的智能卡PIN条目，存储在智能卡的非安全存储区域中的斑点被解密以提供操作系统密码，以及操作系统密码以及存储在安全存储器中的预引导密码 然后使用智能卡的区域登录到计算机系统。