公开(公告)号：US07827376B2

公开(公告)日：2010-11-02

申请号：US11168088

申请日：2005-06-27

Applicant: Nathan J. Peterson ,  Joseph Wayne Freeman ,  Rod David Waltermann ,  Randall Scott Springfield ,  Mark Charles Davis ,  Steven Dale Goodman ,  Howard Jeffrey Locker ,  Daryl Carvis Cromer

Inventor： Nathan J. Peterson ,  Joseph Wayne Freeman ,  Rod David Waltermann ,  Randall Scott Springfield ,  Mark Charles Davis ,  Steven Dale Goodman ,  Howard Jeffrey Locker ,  Daryl Carvis Cromer

IPC: G06F12/00 ,  G06F13/00

CPC classification number: G06F21/80

Abstract: A “setmax” command is issued in BIOS to hide the service area (HPA) of a HDD during normal operation, so that the HPA cannot be accessed or erased inadvertently by the user or by a virus. Pressing a special key (e.g., F11) during booting permits access to the HPA.

Abstract translation: 在BIOS中发出“setmax”命令，以在正常操作期间隐藏HDD的服务区（HPA），使得HPA无法被用户或病毒无意中访问或擦除。 在启动过程中按特殊键（例如F11），可以访问HPA。

公开(公告)号：US07673161B2

公开(公告)日：2010-03-02

申请号：US11277730

申请日：2006-03-28

Applicant: Joseph Wayne Freeman ,  Randall Scott Springfield ,  Rod David Waltermann

Inventor： Joseph Wayne Freeman ,  Randall Scott Springfield ,  Rod David Waltermann

IPC: G06F1/00 ,  G06F9/00 ,  G06F15/177 ,  G06F9/24 ,  G06F1/24 ,  G06F1/26 ,  G06F1/32 ,  G06F15/16

CPC classification number: G06F9/4418

Abstract: An apparatus, system, and method are disclosed for selecting a waking process. An input module receives a specified input during the off state of a data processing device. In addition, the input module stores the input in the storage module. The storage module may be integrated within the input module. The input module activates the data processing device in response to the input. A wake module retrieves the input from the storage module. In addition, the wake module determines a process that corresponds to the input. The wake module wakes the data processing device using the process.

Abstract translation: 公开了一种用于选择一个清醒过程的装置，系统和方法。 输入模块在数据处理装置的关闭状态期间接收指定的输入。 此外，输入模块将输入存储在存储模块中。 存储模块可以集成在输入模块内。 输入模块响应输入激活数据处理设备。 唤醒模块从存储模块检索输入。 此外，唤醒模块确定与输入对应的进程。 唤醒模块使用该过程唤醒数据处理设备。

公开(公告)号：US20090204822A1

公开(公告)日：2009-08-13

申请号：US12426519

申请日：2009-04-20

Applicant: Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F9/24 ,  G06F9/30 ,  G06F9/22

CPC classification number: G06F21/572 ,  G06F21/575

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract translation: 一种用于减少基于TCPA的计算系统的启动时间的方法，计算机程序产品和系统。 基于TCPA的计算系统中的闪速存储器可以包括寄存器，其包括被配置为指示闪速存储器的段是否已被更新的位。 闪存可以进一步包括被配置为存储闪存的片段的测量的表。 闪速存储器还可以包括引导块代码，其包括用于测量的信任核心根（CRTM）。 CRTM可以读取寄存器中的位，以确定闪存中的任何段是否已更新。 CRTM可以进一步获得存储POST BIOS代码的那些片段的表中的测量值，从而节省了测量POST BIOS代码的时间，从而减少了引导时间。

公开(公告)号：US07421588B2

公开(公告)日：2008-09-02

申请号：US10749057

申请日：2003-12-30

Applicant: David Carroll Challener ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F12/14

CPC classification number: G06F21/575 ,  G06F21/62 ,  G06F2221/2107

Abstract: An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.

Abstract translation: 描述了将数据存储库密封到可信计算平台的装置，方法和系统。 可以通过加密存储库中的数据并将密码密封到特定的一组平台资源来密封数据存储库。 将数据存储库密封到平台，如果系统配置受到威胁，例如插入“snoopware”或修改的BIOS，则系统引导顺序将失败。 另外，如果包含数据存储库的计算机丢失或被盗，加密数据将保持安全，即使存储库附加到修改为绕过正常保护措施的系统。

公开(公告)号：US20080155075A1

公开(公告)日：2008-06-26

申请号：US11955886

申请日：2007-12-13

Applicant: Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F15/177

CPC classification number: G06F9/4416 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4408 ,  G06F15/177 ,  H04L29/12235 ,  H04L67/34 ,  H04N21/443

Abstract: Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.

Abstract translation: 可以考虑通过用于具有LAN唤醒（WOL）功能的计算机的WOL分组来远程选择可启动图像的系统和布置。 服务器端实施例包括用于确定要管理的客户机的硬件和/或软件，确定客户端是否在网络上是活动的，以及发送具有向量的WOL分组或操作系统分区标识（OSPID）来描述可引导的 WOL功能的计算机可访问的图像。 一些实施例可以包括指向安全可启动图像的OSPID，例如硬盘驱动器上的可引导映像，连接到计算机的光盘（CD）或其他本地资源。 客户端实施例可以在例如网络接口卡（NIC）处接收WOL分组，识别WOL分组包括描述可启动图像引导的OSPID，并且实现替代引导顺序以从该可启动图像引导 。

公开(公告)号：US20080140946A1

公开(公告)日：2008-06-12

申请号：US11609221

申请日：2006-12-11

Applicant: Mark Charles Davis ,  Joseph Wayne Freeman ,  Steven D. Goodman ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： Mark Charles Davis ,  Joseph Wayne Freeman ,  Steven D. Goodman ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F12/00

CPC classification number: G06F12/145

Abstract: An apparatus, system, and method are disclosed for protecting hard disk data in multiple operating system environments. The present invention restricts access of a hard file to a range of logical addresses using a controller module configured to access a hard file in response to a request for a logical address, a set zero module configured to add an offset value to each request for a logical address on a hard file, and a set max module configured to set a maximum logical address accessible on a hard file. The invention limits access to a lower protected area with logical addresses below the range of logical address and a host protected area with logical address above the range of logical addresses.

Abstract translation: 公开了用于在多个操作系统环境中保护硬盘数据的装置，系统和方法。 本发明使用配置成响应于对逻辑地址的请求来访问硬文件的控制器模块来限制硬文件到一系列逻辑地址的访问，设置零模块被配置为向每个请求添加偏移值 硬文件上的逻辑地址，以及配置为设置硬文件可访问的最大逻辑地址的set max模块。 本发明限制对逻辑地址低于逻辑地址范围的较低保护区的访问以及逻辑地址高于逻辑地址范围的主机保护区。

公开(公告)号：US07366887B2

公开(公告)日：2008-04-29

申请号：US11179127

申请日：2005-07-11

Applicant: Rod David Waltermann ,  Nathan J. Peterson ,  Joseph Wayne Freeman ,  Randall Scott Springfield ,  Mark Charles Davis ,  Steven Dale Goodman ,  Isaac Karpel ,  Scott Edwards Kelso

Inventor： Rod David Waltermann ,  Nathan J. Peterson ,  Joseph Wayne Freeman ,  Randall Scott Springfield ,  Mark Charles Davis ,  Steven Dale Goodman ,  Isaac Karpel ,  Scott Edwards Kelso

IPC: G06F7/00

CPC classification number: G06F9/4406

Abstract: A method for booting into computer memory a non-operating system (O.S.) program from a hard disk drive (HDD) prior to booting into memory an O.S. from the HDD. The method includes establishing a table of contents (TOC) on the HDD that contains entries for special O.S. programs. A pointer to the TOC is placed in non-volatile memory of the computer that is associated with the HDD, and when BIOS of the computer is prompted to load into memory one of the special O.S. programs, the pointer is accessed and used to locate the TOC, which in turn is accessed to load the special O.S. program.

Abstract translation: 一种在引导到存储器之前从硬盘驱动器（HDD）引导到计算机存储器的非操作系统（O.S.）程序的方法。 从硬盘。 该方法包括在HDD上建立内容表（TOC），其中包含特殊O.S.的条目。 程式。 指向TOC的指针被放置在与HDD相关联的计算机的非易失性存储器中，并且当计算机的BIOS被提示加载到存储器中时，特别的O.S. 程序中，指针被访问并用于定位TOC，而后者又被访问以加载特殊的O.S. 程序。

公开(公告)号：US07076538B2

公开(公告)日：2006-07-11

申请号：US09759953

申请日：2001-01-12

Applicant: Daryl Carvis Cromer ,  Richard Alan Dayan ,  Eric Richard Kern ,  Randall Scott Springfield ,  Joseph Wayne Freeman ,  Robert Duane Johnson ,  Brandon Jon Ellison

Inventor： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Eric Richard Kern ,  Randall Scott Springfield ,  Joseph Wayne Freeman ,  Robert Duane Johnson ,  Brandon Jon Ellison

IPC: G06F15/16

CPC classification number: H04L63/0407 ,  G06F21/6245 ,  H04L29/12009 ,  H04L29/12594 ,  H04L61/301 ,  H04L61/309 ,  H04L63/0876

Abstract: A method and system are disclosed for substituting an anonymous Universal Unique Identifier (UUID) for a computer system's real UUID in order to disguise an identity of the computer system to an application which is requesting a UUID for the client computer system. A storage device is established in the computer system. The storage device includes a primary and a second location. A UUID stored in the primary location is used as a UUID for the computer system. An anonymous UUID is generated. The anonymous UUID does not identify any particular computer system. The anonymous UUID is stored in the primary location within the storage device, and the real UUID is backed up by moving it into the secondary location. Thereafter, the anonymous UUID is provided in response to requests for the computer system's UUID.

公开(公告)号：US06925557B2

公开(公告)日：2005-08-02

申请号：US10055452

申请日：2001-10-26

Applicant: Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC: G06F9/445 ,  G06F15/177 ,  G06F21/57 ,  G06F13/00

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F15/177

Abstract: A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

Abstract translation: 公开了一种包含用于启动具有多个设备的计算机系统的编程指令的方法，系统和计算机可读介质。 它们包括在计算机系统中启动引导顺序并确定多个设备中的设备是可引导设备还是不可引导设备的规定。 如果设备是不可引导设备，则执行启动顺序的干净重新启动，其中在干净重新启动期间将绕过不可引导设备。

公开(公告)号：US06892305B1

公开(公告)日：2005-05-10

申请号：US09689460

申请日：2000-10-12

Applicant: Richard Alan Dayan ,  Steven Dale Goodman ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  James Peter Ward ,  Joseph Wayne Freeman

Inventor： Richard Alan Dayan ,  Steven Dale Goodman ,  Joseph Michael Pennisi ,  Randall Scott Springfield ,  James Peter Ward ,  Joseph Wayne Freeman

IPC: G06F9/00 ,  G06F12/14 ,  G06F21/00 ,  H04L9/32

CPC classification number: G06F21/575

Abstract: A method and system for booting up a computer system in a secure fashion is disclosed. The method and system comprise determining the presence of a security feature element during an initialization of the computer system wherein the security feature element includes a public key and a corresponding private key, storing a portion of the public key in a nonvolatile memory within the computer system if the security feature element is present and utilizing an algorithm to determine the presence of the security feature element prior to a subsequent boot-up of the computer system. Through the use of the present invention, a computer system is capable of being booted up whereby the computer system determines if a security feature element was previously present in the system. If a security feature element was previously present in the computer system, any stored keys, along with the secrets that they protect, are prevented from being compromised. It is also an object of the present invention to preclude the system from compromising any keys and associated secrets if a security feature element in the system was not previously present in the system.

Abstract translation: 公开了一种以安全方式引导计算机系统的方法和系统。 该方法和系统包括在计算机系统的初始化期间确定安全特征元素的存在，其中安全特征元素包括公共密钥和相应的私钥，将公钥的一部分存储在计算机系统内的非易失性存储器中 如果存在安全特征元素并且利用算法来确定在计算机系统的后续引导之前的安全特征元素的存在。 通过使用本发明，计算机系统能够被启动，由此计算机系统确定安全特征元素是否先前存在于系统中。 如果安全特征元素以前存在于计算机系统中，则防止任何存储的密钥以及它们保护的秘密被泄露。 如果系统中的安全特征元素先前不存在于系统中，则本发明的另一个目的是排除系统损害任何密钥和相关联的秘密。