公开(公告)号：US07836442B2

公开(公告)日：2010-11-16

申请号：US11686832

申请日：2007-03-15

Applicant: Howard J. Locker ,  Richard Wayne Cheston ,  Daryl C. Cromer ,  Randall Scott Springfield ,  Hans Goran Ingemar Wibran

Inventor： Howard J. Locker ,  Richard Wayne Cheston ,  Daryl C. Cromer ,  Randall Scott Springfield ,  Hans Goran Ingemar Wibran

IPC: G06F9/44

CPC classification number: G06F8/60

Abstract: A computer system is disclosed that includes a primary processor and a service processor operable regardless of a power state of the computer system. A non-volatile memory device is communicatively coupled to the primary processor and the service processor. The non-volatile memory device stores firmware which includes a first list of patches required for installation on the computer system and a second list of patches previously installed on the computer system. A comparator module is provided to determine whether there are patches included in the first list that are not included in second list. A boot module is provided to boot a maintenance operating system in the event the first list includes patches not included in the second list. The maintenance operating system is configured to install, on the computer system, patches included in the first list but not the second list.

Abstract translation: 公开了一种包括主处理器和服务处理器的计算机系统，其可操作而不管计算机系统的功率状态如何。 非易失性存储器设备通信地耦合到主处理器和服务处理器。 非易失性存储器设备存储固件，其包括在计算机系统上安装所需的补丁的第一列表以及先前安装在计算机系统上的补丁的第二列表。 提供比较器模块以确定在第一列表中是否包括未包括在第二列表中的补丁。 提供引导模块以在第一列表包括不包括在第二列表中的补丁的情况下引导维护操作系统。 维护操作系统被配置为在计算机系统上安装包括在第一列表中而不是第二列表中的补丁。

公开(公告)号：US20090249434A1

公开(公告)日：2009-10-01

申请号：US12059805

申请日：2008-03-31

Applicant: David Carroll Challener ,  Jeffrey Mark Estroff ,  Mikio Hagiwara ,  Seiichi Kawano ,  Keiko Kokubun ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Jeffrey Mark Estroff ,  Mikio Hagiwara ,  Seiichi Kawano ,  Keiko Kokubun ,  Randall Scott Springfield

IPC: G06F21/00 ,  H04L9/08 ,  G06F17/00 ,  G06F15/177

CPC classification number: G06F9/4401 ,  G06F1/24

Abstract: An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy.

Abstract translation: 公开了用于预引导策略修改的装置，系统和方法。 密钥模块在安全环境中与服务器交换密钥。 通信模块接收用该密钥编码的策略。 解码模块使用密钥解码编码策略，并在引导计算机上的操作系统之前保存策略设置。 更新模块使用策略引导计算机。

公开(公告)号：US20090222635A1

公开(公告)日：2009-09-03

申请号：US12040981

申请日：2008-03-03

Applicant: David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F15/177 ,  G06F12/00

CPC classification number: G06F12/1433 ,  G06F21/575 ,  G06F2221/2143

Abstract: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.

Abstract translation: 提供了一种系统，方法和程序产品，其使用识别存储在存储器中并且在先前使用计算机系统期间不被擦除的秘密的初始化过程来初始化计算机系统。 在初始化过程中，检索一个或多个秘密指示符，其识别在先前使用计算机系统期间是否从计算机系统的存储器擦除了一个或多个秘密。 如果秘密指示器显示在计算机系统的先前使用期间没有从存储器擦除一个或多个秘密，则初始化过程擦除存储器。 另一方面，如果秘密指示器显示在计算机系统的先前使用期间从存储器擦除了每个秘密，则在初始化过程期间不擦除存储器。

公开(公告)号：US20090083534A1

公开(公告)日：2009-03-26

申请号：US11861577

申请日：2007-09-26

Applicant: David Carroll Challener ,  Daryl Cromer ,  Howard Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Cromer ,  Howard Locker ,  Randall Scott Springfield

IPC: G06F9/00 ,  G06F21/00

CPC classification number: G06F21/305

Abstract: A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords.

Abstract translation: 公开了一种方法计算机可用介质和计算机系统电路，用于使用诸如蜂窝电话的远程命令装置从远程位置启动或“启动”计算机。 该方法和系统包括用于远程存储和传输安全密码的安全装置。

公开(公告)号：US07484105B2

公开(公告)日：2009-01-27

申请号：US09931629

申请日：2001-08-16

Applicant: Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

Inventor： Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F11/30 ,  H04L9/32 ,  H04L9/00

CPC classification number: G06F21/572

Abstract: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.

Abstract translation: 更新实用程序请求实用程序的签名的签名验证以及解锁存储在该实用程序中的闪存的请求。 可信平台模块（“TPM”）使用先前存储的公钥执行实用程序的签名验证。 在验证签名后，TPM解锁闪存以允许更新实用程序。 完成更新后，闪存实用程序向TPM发出锁定请求以重新锁定闪存。

公开(公告)号：US20080239545A1

公开(公告)日：2008-10-02

申请号：US11692307

申请日：2007-03-28

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Jeffrey R. Hobbet ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Jeffrey R. Hobbet ,  Randall Scott Springfield

IPC: G11B15/18

CPC classification number: G11B15/03 ,  G11B5/725 ,  G11B15/18 ,  G11B33/148 ,  G11B2220/2516

Abstract: A system and method to avoid disk lube pooling is presented. A track access monitor tracks the number of times that a program accesses a particular track located on a hard drive. When the track access monitor determines that the number of track accesses to a particular track exceed a track access threshold, the track access monitor invokes a sequence of events to scan adjacent tracks in order to uniformly redistribute lubrication over the hard drive. In one embodiment, the track access monitor incrementally performs the adjacent track scanning during hard drive idle periods, such as when the system waits for a password from a user or when the operating system conserves power and idles the hard drive due to lack of activity.

Abstract translation: 提出了一种避免磁盘润滑池的系统和方法。 轨道访问监视器跟踪程序访问位于硬盘驱动器上的特定轨道的次数。 当轨道访问监视器确定对特定轨道的轨道访问数量超过轨道访问阈值时，轨道访问监视器调用一系列事件来扫描相邻轨道，以便均匀地重新分配硬盘驱动器上的润滑。 在一个实施例中，轨道访问监视器在硬盘驱动器空闲时段期间，例如当系统等待来自用户的密码或当操作系统由于缺乏活动而节省电力和空闲硬盘驱动器时，逐渐执行相邻轨道扫描。

公开(公告)号：US07412596B2

公开(公告)日：2008-08-12

申请号：US10967760

申请日：2004-10-16

Applicant: David Carroll Challener ,  Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Howard Jeffrey Locker ,  Randall Scott Springfield ,  James Peter Ward

Inventor： David Carroll Challener ,  Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Howard Jeffrey Locker ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F9/00 ,  G06F15/177

CPC classification number: G06F21/575

Abstract: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.

Abstract translation: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时，认证日志会追加到TPM刻度计数，并且日志被签名（具有安全签名）。 当设备从S4状态唤醒时，BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR，并将这些虚拟PCR引用到日志中。 如果值不匹配，则S4状态返回失败，设备重启。

公开(公告)号：US20080148064A1

公开(公告)日：2008-06-19

申请号：US11612367

申请日：2006-12-18

Applicant: David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F12/14

CPC classification number: G06F21/57 ,  G06F2221/2153

Abstract: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.

Abstract translation: 公开了用于认证信任度量链核心根的装置，系统和方法。 用于认证CRTM链的装置设置有多个模块，其被配置为执行从所选择的用于认证的设备上的预定位置检索解密密钥的步骤，使用解密密钥解密认证信号，以及传送解密密钥 认证信号给用户。 在所描述的实施例中，这些模块包括检索模块，解密模块和通信模块。 有利的是，这样的装置，系统和方法可以可靠地验证CRTM链中的链路没有被破坏，修改或感染计算机病毒。 具体来说，这样的装置，系统和方法将能够验证管理程序没有被计算机病毒破坏，修改或感染。

公开(公告)号：US20080147555A1

公开(公告)日：2008-06-19

申请号：US11692310

申请日：2007-03-28

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06Q99/00

CPC classification number: G06F21/57 ,  G06F9/45558 ,  G06F21/10 ,  G06F21/575 ,  G06F2009/45575 ,  G06Q30/06

Abstract: A system, method, and program product is provided that executes a hypervisor in order to control access to a rental computer system. The hypervisor performs steps that include: reading a rental metric from a nonvolatile storage area, comparing the rental metric with a rental limit, allowing use of one or more guest operating systems by a user of the computer system in response to the rental metric being within the rental limit, and inhibiting use of the guest operating systems by the user of the computer system in response to the rental metric exceeding the rental limit.

Abstract translation: 提供了一种执行管理程序以便控制对租用计算机系统的访问的系统，方法和程序产品。 管理程序执行步骤，其包括：从非易失性存储区域读取租赁指标，将租赁度量与租赁限制进行比较，允许计算机系统的用户使用一个或多个客户操作系统来响应租赁度量 租金限制，以及响应于超出租金限额的租金标准，由计算机系统的用户禁止使用客人操作系统。

公开(公告)号：US07269747B2

公开(公告)日：2007-09-11

申请号：US10411408

申请日：2003-04-10

Applicant: Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

Inventor： Ryan Charles Catherman ,  Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC: G06F1/28

CPC classification number: G06F21/57 ,  G06F21/575

Abstract: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.

Abstract translation: 提出了一种计算机系统，其提供可信赖的平台，通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立，并为平台建立信任度量的根。 构建加密协处理器，使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。