公开(公告)号：US09628517B2

公开(公告)日：2017-04-18

申请号：US12749942

申请日：2010-03-30

Applicant: Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

Inventor： Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

IPC: H04L29/06

CPC classification number: H04L65/1053

Abstract: An approach is provided that, upon receiving a keyboard event, reduces a volume of an audio input channel from a first volume level to a lower volume level. After the volume of the audio input channel is reduced, the approach waits until a system event occurs, with the system event based at least in part on the occurrence of a nondeterministic event. The volume of the audio input channel is then increased from the lower volume level to a higher volume level when the system event occurs

公开(公告)号：US08620291B2

公开(公告)日：2013-12-31

申请号：US12751616

申请日：2010-03-31

Applicant: Howard J. Locker ,  David Carroll Challener ,  Daryl C. Cromer ,  Randall Scott Springfield

Inventor： Howard J. Locker ,  David Carroll Challener ,  Daryl C. Cromer ,  Randall Scott Springfield

IPC: H04M3/42

CPC classification number: H04M3/42263 ,  H04M2203/2094 ,  H04M2242/30

Abstract: Apparatus, systems, and methods provide digital voice call redirection. A configuration module associates a phone number with a first identifier of a first voice terminal device and a second identifier of a second voice terminal device provided by an address module. A location module determines whether the first device is within a predefined proximity to the second device, such as by detecting connectivity between the devices, over a personal area network (“PAN”). A routing module redirects a digital voice call to a call module of the first device using the first identifier when the first device is not within the predefined proximity to the second device. Otherwise the routing module directs the call to a call module of the second device using the second identifier.

Abstract translation: 装置，系统和方法提供数字语音呼叫重定向。 配置模块将电话号码与第一语音终端设备的第一标识符和由地址模块提供的第二语音终端设备的第二标识符相关联。 位置模块例如通过检测个人区域网络（“PAN”）之间的设备之间的连接性来确定第一设备是否处于与第二设备的预定接近度内。 当第一设备不在与第二设备的预定义接近度内时，路由模块使用第一标识符将数字语音呼叫重定向到第一设备的呼叫模块。 否则，路由模块使用第二标识符将呼叫引导到第二设备的呼叫模块。

公开(公告)号：US08539572B2

公开(公告)日：2013-09-17

申请号：US11934829

申请日：2007-11-05

Applicant: David Carroll Challener ,  Daryl Cromer ,  Philip John Jakes ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Cromer ,  Philip John Jakes ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F7/04 ,  G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F17/30 ,  G11C7/00 ,  H04N7/16 ,  G06F15/16

CPC classification number: G06F21/31 ,  G06F21/78 ,  G06F21/82 ,  G06F2221/2129

Abstract: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.

Abstract translation: 提供了一种系统，方法和程序产品，其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后，外围设备被锁定。 在外围设备被锁定之后，接收到解锁请求并将共享密钥发送到外围设备。 然后，外围设备尝试验证共享密钥。 如果共享密钥被成功验证，则外围设备被解锁，允许使用通过验证的共享密钥可用的加密密钥来使用该设备。 另一方面，如果未验证共享密钥，则外围设备保持锁定，并且防止了设备的使用。

公开(公告)号：US08433924B2

公开(公告)日：2013-04-30

申请号：US11612367

申请日：2006-12-18

Applicant: David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F2221/2153

Abstract: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.

Abstract translation: 公开了用于认证信任度量链核心根的装置，系统和方法。 用于认证CRTM链的装置设置有多个模块，其被配置为执行从所选择的用于认证的设备上的预定位置检索解密密钥的步骤，使用解密密钥解密认证信号，以及传送解密密钥 认证信号给用户。 在所描述的实施例中，这些模块包括检索模块，解密模块和通信模块。 有利的是，这样的装置，系统和方法可以可靠地验证CRTM链中的链路没有被破坏，修改或感染计算机病毒。 具体来说，这样的装置，系统和方法将能够验证管理程序没有被计算机病毒破坏，修改或感染。

公开(公告)号：US08347348B2

公开(公告)日：2013-01-01

申请号：US12059805

申请日：2008-03-31

Applicant: David Carroll Challener ,  Jeffrey Mark Estroff ,  Mikio Hagiwara ,  Seiichi Kawano ,  Keiko Kokubun ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Jeffrey Mark Estroff ,  Mikio Hagiwara ,  Seiichi Kawano ,  Keiko Kokubun ,  Randall Scott Springfield

IPC: H04L29/06

CPC classification number: G06F9/4401 ,  G06F1/24

Abstract: An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy.

Abstract translation: 公开了用于预引导策略修改的装置，系统和方法。 密钥模块在安全环境中与服务器交换密钥。 通信模块接收用该密钥编码的策略。 解码模块使用密钥解码编码策略，并在引导计算机上的操作系统之前保存策略设置。 更新模块使用策略引导计算机。

公开(公告)号：US08312534B2

公开(公告)日：2012-11-13

申请号：US12040953

申请日：2008-03-03

Applicant: David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F21/00 ,  G06F17/00 ,  G06F17/30 ,  G06F15/177

CPC classification number: G06F21/57 ,  G06F21/79

Abstract: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

Abstract translation: 提供了一种系统，方法和程序产品，其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密，所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时，计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时，安全模块都会递减计数器。 当计算机系统重新启动时，如果计数器不在初始化值，系统内存将被擦除擦除留在内存中的任何秘密。

公开(公告)号：US08205197B2

公开(公告)日：2012-06-19

申请号：US12269668

申请日：2008-11-12

Applicant: David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F9/455 ,  G06F9/46

CPC classification number: G06F21/53 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer.

Abstract translation: 公开了用于授予管理程序特权的装置，系统和方法。 安装模块安装监视器管理程序，其中只有监视器管理程序被计算机授予管理程序的权限。 认证模块认证第二管理程序。 如果第二个管理程序被认证，驱逐模块将使监视器管理程序移走。 在监视器管理程序被驱逐之后，安装模块进一步安装第二管理程序，以便计算机只能向管理程序授予管理程序权限。

公开(公告)号：US20110243123A1

公开(公告)日：2011-10-06

申请号：US12749942

申请日：2010-03-30

Applicant: Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

Inventor： Carlos Munoz-Bustamante ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  Ephraim D. Starr ,  Yasushi Tsukamoto ,  Rod D. Waltermann

IPC: H04L12/66

CPC classification number: H04L65/1053

Abstract: An approach is provided that, upon receiving a keyboard event, reduces a volume of an audio input channel from a first volume level to a lower volume level. After the volume of the audio input channel is reduced, the approach waits until a system event occurs, with the system event based at least in part on the occurrence of a nondeterministic event. The volume of the audio input channel is then increased from the lower volume level to a higher volume level when the system event occurs

Abstract translation: 提供了一种方法，其在接收到键盘事件时将音频输入通道的音量从第一音量级降低到较低的音量。 在音频输入通道的音量减小之后，该方法等待直到系统事件发生，系统事件至少部分地基于非确定性事件的发生。 然后，当系统事件发生时，音频输入通道的音量从较低音量级别增加到较高音量

公开(公告)号：US20110238967A1

公开(公告)日：2011-09-29

申请号：US12748787

申请日：2010-03-29

Applicant: David Carroll Challener ,  Daryl C. Cromer ,  Howard J. Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl C. Cromer ,  Howard J. Locker ,  Randall Scott Springfield

IPC: G06F9/00 ,  G06F9/48

CPC classification number: G06F9/52 ,  G06F21/575

Abstract: A method and apparatus are disclosed for sharing an integrity security module in a dual-environment computing device. The apparatus include an integrity security module, one or more processors, a detection module and a regeneration module. The one or more processors may have access to the integrity security module and may operate in two distinct operating environments of a dual-environment computing device. The detection module may detect, during an initialization sequence, a power state transition of an operating environment of the dual-environment computing device. The regeneration module may regenerate one or more integrity values from a stored integrity metric log in response to detecting the power state transition of the operating environment of the dual-environment computing device.

Abstract translation: 公开了用于在双环境计算设备中共享完整性安全模块的方法和装置。 该装置包括完整性安全模块，一个或多个处理器，检测模块和再生模块。 一个或多个处理器可以访问完整性安全模块，并且可以在双环境计算设备的两个不同的操作环境中操作。 检测模块可以在初始化序列期间检测双环境计算设备的操作环境的功率状态转换。 响应于检测双环境计算设备的操作环境的功率状态转换，再生模块可以从存储的完整性度量日志重新生成一个或多个完整性值。

公开(公告)号：US07840796B2

公开(公告)日：2010-11-23

申请号：US12058696

申请日：2008-03-29

Applicant: Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

Inventor： Richard Alan Dayan ,  Joseph Wayne Freeman ,  William Fred Keown, Jr. ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F9/4406 ,  G06F11/1417 ,  G06F11/1441

Abstract: A system, computer program product and method for booting to a partition in a non-volatile storage unit without a local operator. In one embodiment, one or more bits in a BOOT register may be set by an operating system indicating if the BIOS should boot to the partition. The BIOS may then read the BOOT register to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition. In another embodiment, a network interface card may insert directive information received from a packet in a register within the network interface card. The BIOS may then read the register within the network interface card to determine if the BIOS is to boot to the partition as well as any activities to perform if the BIOS is to boot to the partition.

Abstract translation: 用于在没有本地操作者的情况下引导到非易失性存储单元中的分区的系统，计算机程序产品和方法。 在一个实施例中，BOOT寄存器中的一个或多个位可以由操作系统设置，指示是否BIOS应该引导到分区。 然后，BIOS可以读取BOOT寄存器，以确定BIOS是否要引导到分区，以及BIOS是否要引导到分区时执行的任何活动。 在另一个实施例中，网络接口卡可以将从分组接收的指令信息插入网络接口卡内的寄存器中。 然后，BIOS可以读取网络接口卡内的寄存器，以确定BIOS是否要引导到分区，以及BIOS要启动到分区的任何活动。