-
41.发明申请METHOD AND APPARATUS FOR SHARING AN INTEGRITY SECURITY MODULE IN A DUAL-ENVIRONMENT COMPUTING DEVICE 有权在双环境计算设备中共享安全性模块的方法和装置公开(公告)号:US20110238967A1
公开(公告)日:2011-09-29
申请号:US12748787
申请日:2010-03-29
CPC分类号: G06F9/52 , G06F21/575
摘要: A method and apparatus are disclosed for sharing an integrity security module in a dual-environment computing device. The apparatus include an integrity security module, one or more processors, a detection module and a regeneration module. The one or more processors may have access to the integrity security module and may operate in two distinct operating environments of a dual-environment computing device. The detection module may detect, during an initialization sequence, a power state transition of an operating environment of the dual-environment computing device. The regeneration module may regenerate one or more integrity values from a stored integrity metric log in response to detecting the power state transition of the operating environment of the dual-environment computing device.
摘要翻译: 公开了用于在双环境计算设备中共享完整性安全模块的方法和装置。 该装置包括完整性安全模块,一个或多个处理器,检测模块和再生模块。 一个或多个处理器可以访问完整性安全模块,并且可以在双环境计算设备的两个不同的操作环境中操作。 检测模块可以在初始化序列期间检测双环境计算设备的操作环境的功率状态转换。 响应于检测双环境计算设备的操作环境的功率状态转换,再生模块可以从存储的完整性度量日志重新生成一个或多个完整性值。
-
公开(公告)号:US20090249434A1
公开(公告)日:2009-10-01
申请号:US12059805
申请日:2008-03-31
申请人: David Carroll Challener , Jeffrey Mark Estroff , Mikio Hagiwara , Seiichi Kawano , Keiko Kokubun , Randall Scott Springfield
发明人: David Carroll Challener , Jeffrey Mark Estroff , Mikio Hagiwara , Seiichi Kawano , Keiko Kokubun , Randall Scott Springfield
IPC分类号: G06F21/00 , H04L9/08 , G06F17/00 , G06F15/177
CPC分类号: G06F9/4401 , G06F1/24
摘要: An apparatus, system, and method are disclosed for pre-boot policy modification. A key module exchanges a key with a server in a secure environment. A communication module receives a policy encoded with the key. A decode module decodes the encoded policy using the key and saves the policy setting prior to booting an operating system on the computer. An update module boots the computer using the policy.
摘要翻译: 公开了用于预引导策略修改的装置,系统和方法。 密钥模块在安全环境中与服务器交换密钥。 通信模块接收用该密钥编码的策略。 解码模块使用密钥解码编码策略,并在引导计算机上的操作系统之前保存策略设置。 更新模块使用策略引导计算机。
-
43.发明申请System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory 审中-公开使用芯片组资源清除计算机系统内存中的敏感数据的系统和方法公开(公告)号:US20090222635A1
公开(公告)日:2009-09-03
申请号:US12040981
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F15/177 , G06F12/00
CPC分类号: G06F12/1433 , G06F21/575 , G06F2221/2143
摘要: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.
摘要翻译: 提供了一种系统,方法和程序产品,其使用识别存储在存储器中并且在先前使用计算机系统期间不被擦除的秘密的初始化过程来初始化计算机系统。 在初始化过程中,检索一个或多个秘密指示符,其识别在先前使用计算机系统期间是否从计算机系统的存储器擦除了一个或多个秘密。 如果秘密指示器显示在计算机系统的先前使用期间没有从存储器擦除一个或多个秘密,则初始化过程擦除存储器。 另一方面,如果秘密指示器显示在计算机系统的先前使用期间从存储器擦除了每个秘密,则在初始化过程期间不擦除存储器。
-
公开(公告)号:US20090083534A1
公开(公告)日:2009-03-26
申请号:US11861577
申请日:2007-09-26
CPC分类号: G06F21/305
摘要: A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords.
摘要翻译: 公开了一种方法计算机可用介质和计算机系统电路,用于使用诸如蜂窝电话的远程命令装置从远程位置启动或“启动”计算机。 该方法和系统包括用于远程存储和传输安全密码的安全装置。
-
45.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US08499345B2
公开(公告)日:2013-07-30
申请号:US12243762
申请日:2008-10-01
申请人: David Carroll Challener , Howard Jeffrey Locker , Joseph Michael Pennisi , Randall Scott Springfield
发明人: David Carroll Challener , Howard Jeffrey Locker , Joseph Michael Pennisi , Randall Scott Springfield
IPC分类号: G06F21/00
CPC分类号: G06F21/6218
摘要: An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted.
摘要翻译: 提供一种从信息处理系统的用户接收用户标识符的方法。 用户标识符可以包括用户名以及诸如密码的用户认证码。 从非易失性存储器检索对应于用户标识符的硬件设置。 使用检索的硬件设置来配置诸如端口(例如,USB控制器),网络接口,存储设备和引导顺序的硬件设备。 在将硬件设备配置为对应于所识别的用户之后,引导操作系统。
-
公开(公告)号:US08151101B2
公开(公告)日:2012-04-03
申请号:US12265909
申请日:2008-11-06
CPC分类号: G06F8/66
摘要: An apparatus, system, and method are disclosed for quiescing a boot environment. A reservation module reserves a portion of a first storage device. A store module stores an update boot image to the reserved portion. A detection module detects the update boot image stored on the first storage device when the computer boots and executes the update boot image in place of a standard boot image in response to detecting the update boot image. The update boot image places a computer in a known quiescent state.
摘要翻译: 公开了用于停止引导环境的装置,系统和方法。 预留模块保留第一存储设备的一部分。 存储模块将更新引导映像存储到保留部分。 当计算机启动时,检测模块检测存储在第一存储设备上的更新引导映像,并且响应于检测到更新引导映像而执行替换引导映像代替标准引导映像。 更新引导映像将计算机置于已知的静态状态。
-
公开(公告)号:US20100083366A1
公开(公告)日:2010-04-01
申请号:US12243762
申请日:2008-10-01
申请人: David Carroll Challener , Howard Jeffrey Locker , Joseph Michael Pennisi , Randall Scott Springfield
发明人: David Carroll Challener , Howard Jeffrey Locker , Joseph Michael Pennisi , Randall Scott Springfield
CPC分类号: G06F21/6218
摘要: An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted.
摘要翻译: 提供一种从信息处理系统的用户接收用户标识符的方法。 用户标识符可以包括用户名以及诸如密码的用户认证码。 从非易失性存储器检索对应于用户标识符的硬件设置。 使用检索的硬件设置来配置诸如端口(例如,USB控制器),网络接口,存储设备和引导顺序的硬件设备。 在将硬件设备配置为对应于所识别的用户之后,引导操作系统。
-
公开(公告)号:US07263608B2
公开(公告)日:2007-08-28
申请号:US10735388
申请日:2003-12-12
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F2221/2117
摘要: A Trusted Computing Platform Alliance (TCPA) endorsement certificate is provided by comparing a trusted platform module (TPM) public key transmitted by an owner of the computing device to which the TPM belongs to a copy of the key as originally stored in a remote database prior to vending the device. If a match is found the certificate is created using the public key, and then sent to the owner of the computing device.
摘要翻译: 通过将由TPM所属的计算设备的所有者发送的可信平台模块(TPM)公钥与原始存储在远程数据库中的密钥的副本进行比较来提供可信计算平台联盟(TCPA)认可证书 自动售货机。 如果发现匹配,则使用公钥创建证书,然后发送给计算设备的所有者。
-
公开(公告)号:US07013384B2
公开(公告)日:2006-03-14
申请号:US10047219
申请日:2002-01-15
申请人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Steven Dale Goodman , Kevin Michael Reinberg , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/24
CPC分类号: G06F21/57 , G06F9/4406 , G06F15/177
摘要: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
-
-
-
-
-
-
-
-
-
搜索结果
170 条记录 (耗时 0.061 秒)
