-
公开(公告)号:US6038667A
公开(公告)日:2000-03-14
申请号:US172438
申请日:1998-10-14
CPC分类号: G06F21/57 , G06F21/554 , G06F21/567 , G06F21/575 , G06F9/3879 , G06F2207/7219 , G06F2211/1097 , G06F2221/2101
摘要: A security enhanced computer system arrangement includes a coprocessor and a multiprocessor logic controller inserted into the architecture of a conventional computer system. The coprocessor and multiprocessor logic controller is interposed between the CPU of the conventional computer system to intercept and replace control signals that are passed over certain of the critical control signal lines associated with the CPU. The multiprocessor logic controller arrangement thereby isolates the CPU of the conventional computer system from the remainder of the conventional computer system, permitting separate control over the CPU and separate control over the remainder of the computer system. By controlling the control signals that are normally passed between the CPU and the remainder of the computer system, the multiprocessor logic controller permits the coprocessor to perform highly secure operations. These secure operations, selectable by a trusted operator or built in to a cooperating operating system, verify that the computer system is a trusted computing base which can be relied upon to perform its operations properly and without compromise.
摘要翻译: 安全性增强的计算机系统布置包括协处理器和插入常规计算机系统的架构中的多处理器逻辑控制器。 协处理器和多处理器逻辑控制器被插入在常规计算机系统的CPU之间,以拦截和替换在与CPU相关联的某些关键控制信号线上传递的控制信号。 因此,多处理器逻辑控制器装置将常规计算机系统的CPU与常规计算机系统的其余部分隔离,允许对CPU的单独控制和对计算机系统的其余部分的单独控制。 通过控制通常在CPU和计算机系统的其余部分之间通过的控制信号,多处理器逻辑控制器允许协处理器执行高度安全的操作。 这些由可信操作者选择或内置于协作操作系统中的安全操作验证了计算机系统是可信任的计算基础,可以依靠它来正确地执行其操作并且不受妥协。
-
公开(公告)号:US6032257A
公开(公告)日:2000-02-29
申请号:US927114
申请日:1997-08-29
CPC分类号: G08B13/1418 , G06F21/31 , G06F21/575 , G06F21/88 , G06F2207/7219 , G06F2211/1097 , G06F2221/2103 , G06F2221/2129
摘要: A method of theft protection for computers and computer related hardware. Warranty fraud, theft of proprietary technology, and hardware theft are minimized by encoding the hardware components such that a digitally authenticated handshake must be performed between the system and the component at power-up. If the handshake is successful, normal operation continues with all enhancements. If the handshake is unsuccessful, the device is disabled or shifted into a lower performance mode.
摘要翻译: 一种计算机和计算机相关硬件的防盗方法。 通过对硬件组件进行编码,可以最大限度地减少保修欺诈,盗用专有技术和硬件盗窃,从而必须在上电时在系统和组件之间进行数字认证的握手。 如果握手成功,正常操作将继续进行所有增强功能。 如果握手失败,则设备被禁用或转移到较低的性能模式。
-
公开(公告)号:US6012146A
公开(公告)日:2000-01-04
申请号:US925429
申请日:1997-09-08
申请人: Frank W. Liebenow
发明人: Frank W. Liebenow
CPC分类号: G06F21/80 , G11B19/02 , G11B20/00086 , G11B20/00152 , G11B20/00695 , G06F2211/007 , G06F2211/1097
摘要: A device and method for preventing access to data on a hard drive in which a first password is stored on the hard drive so that it is not accessible from a system in which the hard drive is installed, and in which a second password is provided from the system. A comparison of the two passwords is made in a processor in the hard drive to determine whether the two passwords are the same. If the result of the comparison of the first and second passwords is that the two passwords are not the same, access to the hard drive is denied.
摘要翻译: 一种用于防止访问硬盘驱动器上的数据的装置和方法,其中第一密码存储在硬盘驱动器上,使得其不能从其中安装硬盘驱动器的系统访问,并且其中从第 系统。 在硬盘驱动器中的处理器中进行两个密码的比较,以确定两个密码是否相同。 如果第一个和第二个密码的比较结果是两个密码不一样,则访问硬盘将被拒绝。
-
公开(公告)号:US5969632A
公开(公告)日:1999-10-19
申请号:US754871
申请日:1996-11-22
申请人: Erez Diamant , Amir Prescher
发明人: Erez Diamant , Amir Prescher
CPC分类号: G06F21/606 , G06F21/55 , G06F21/554 , G06F21/80 , G06F21/83 , G06F21/84 , H04L29/06 , H04L63/04 , H04L63/1408 , G06F2207/7219 , G06F2211/1097
摘要: Communication apparatus including a public network, a secured network, a plurality of public nodes connected to the public network and a plurality of secured nodes connected to the secured network and to the public network. The nodes including interfaces for communicating therebetween over the networks, wherein each the secured node includes a communication controller a computer system and a secured storage area. A secured node divides a confidential message into at least two segments and transmits the segments via the networks wherein at least a selected one of the segments is transmitted via at least one of the secured networks. The communication controller is also operative to disconnect the secured storage area from the computer station and the public network when the communication between the computer station and the public network is in progress.
摘要翻译: 包括公共网络,安全网络,连接到公共网络的多个公共节点以及连接到安全网络和公共网络的多个安全节点的通信设备。 所述节点包括用于在网络之间进行通信的接口,其中每个所述安全节点包括通信控制器计算机系统和安全存储区域。 安全节点将机密消息划分成至少两个段,并且经由网络发送段,其中经由安全网络中的至少一个来传送段中的至少一个。 当计算机站和公共网络之间的通信正在进行时,通信控制器还可操作以将安全存储区域与计算机站和公共网络断开连接。
-
45.发明授权
公开(公告)号:US5894571A
公开(公告)日:1999-04-13
申请号:US514649
申请日:1995-08-14
申请人: Clint H. O'Connor
发明人: Clint H. O'Connor
CPC分类号: G06F21/00 , G06F8/63 , G06F2211/1097
摘要: A process for manufacturing a computer system, including a selected hardware configuration and a selected software configuration, utilizes a CD-ROM writer connected to a manufacturing system network to select and write a custom software configuration to a CD-ROM. The CD-ROM is used to install the selected software configuration onto a custom hardware configuration and to subsequently serve as a permanent backup copy of the software configuration. The CD-ROM is written with an identifier of the specific computer hardware assembled in the manufacturing process and the identification written to the CD-ROM is checked when the software is loaded from the CD-ROM onto the computer so that the software is only accessible to the specified computer hardware.
摘要翻译: 包括所选择的硬件配置和所选择的软件配置的计算机系统的制造过程利用连接到制造系统网络的CD-ROM写入器来选择和写入定制软件配置到CD-ROM。 CD-ROM用于将所选软件配置安装到自定义硬件配置上,随后作为软件配置的永久备份。 CD-ROM中写入了在制造过程中组装的特定计算机硬件的标识符,并且当软件从CD-ROM加载到计算机上时,检查写入CD-ROM的标识,使得软件仅可访问 到指定的计算机硬件。
-
46.发明授权Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password 失效用于通过利用包含用户密码的哈希值表示的外部设备来控制对计算机系统的访问的方法
公开(公告)号:US5887131A
公开(公告)日:1999-03-23
申请号:US777621
申请日:1996-12-31
申请人: Michael F. Angelo
发明人: Michael F. Angelo
CPC分类号: G06F21/34 , G06F2211/1097 , G06F2221/2149
摘要: A method for permitting access to secured computer resources based upon a two-piece user verification process. In the disclosed embodiment, the user verification process is carried out during a secure power-up procedure. At some point during the secure power-up procedure, the computer user is required to provide an external token or smart card to the computer system. The token or smart card is used to store an authentication value(s) required to enable secured resources. The computer user is then required to enter a plain text user password. Separate passwords can be used to enable various portions of the computer system. Once entered, a one-way hash function is performed on the user password. The resulting hash value is compared to an authentication value (token value) downloaded from the token. If the two values match, the power-on sequence is completed and access to the computer system and/or secured computer resources is permitted. If the two values do not match, power to the entire computer system and/or secured computer resources are disabled. The two-piece nature of the authorization process requires the presence of both the user password and the external token in order to access protected computer resources.
摘要翻译: 一种允许基于两件式用户验证过程访问安全计算机资源的方法。 在所公开的实施例中,在安全加电过程期间执行用户验证过程。 在安全上电过程中的某个时刻,计算机用户需要向计算机系统提供外部令牌或智能卡。 令牌或智能卡用于存储启用安全资源所需的认证值。 然后,计算机用户需要输入明文用户密码。 可以使用单独的密码来启用计算机系统的各个部分。 一旦输入,就对用户密码执行单向散列函数。 将所得到的散列值与从令牌下载的认证值(令牌值)进行比较。 如果两个值相匹配,则开机顺序完成,并允许访问计算机系统和/或安全的计算机资源。 如果两个值不匹配,则禁用对整个计算机系统和/或安全计算机资源的电源。 授权过程的两件事情要求存在用户密码和外部令牌,以便访问受保护的计算机资源。
-
公开(公告)号:US5787367A
公开(公告)日:1998-07-28
申请号:US675754
申请日:1996-07-03
申请人: Charles J. Berra
发明人: Charles J. Berra
CPC分类号: G06F21/572 , B60R25/04 , B60R25/24 , G06F2211/007 , G06F2211/1097
摘要: A system and method for providing secured programming for reprogramming on-board vehicle computer systems. The system includes an interface tool which communicates with a selected on-board computer system. The communication tool also communicates with an authorized database via a modem. The vehicle computer has a serial identification number and designated passwords stored in memory and external access to the designated passwords is denied. Upon request, the vehicle computer transmits the serial identification number to the database which looks up a designated password A that corresponds to the vehicle computer and transmits password A to the computer. If the password A received by the computer matches the password in memory, the authorized database provides encrypted data in accordance with an encryption function, password B and data values. The computer deciphers the encrypted data in accordance with a stored password B to generate data values. Reprogramming of the control software is allowed only when the encrypted data value match the data values stored in the vehicle computer.
摘要翻译: 一种用于为车载计算机系统重新编程提供安全编程的系统和方法。 该系统包括与所选择的车载计算机系统通信的接口工具。 通信工具还通过调制解调器与授权的数据库进行通信。 车辆计算机具有串行识别号码和存储在存储器中的指定密码,并且对指定密码的外部访问被拒绝。 根据要求,车辆计算机将串行识别号码发送到查找与车辆计算机相对应的指定密码A的数据库,并将密码A发送到计算机。 如果计算机接收的密码A与内存中的密码匹配,则授权数据库将根据加密功能,密码B和数据值提供加密数据。 计算机根据存储的密码B解密加密数据以产生数据值。 仅当加密数据值与存储在车载计算机中的数据值相匹配时才允许重新编程控制软件。
-
公开(公告)号:US5594870A
公开(公告)日:1997-01-14
申请号:US637465
申请日:1996-04-25
CPC分类号: G06F21/82 , G06F13/387 , G06F12/1408 , G06F2211/005 , G06F2211/1097
摘要: An adapter arrangement for internetworking a non-CTOS computer means with a network of CTOS terminals, including a system-bus, this arrangement being adapted for introduction into, and cooperation with, the non-CTOS computer and comprising CTOS-net bus means for transferring signals from the system-bus plus a communication control stage for controlling and transferring signals to/from the CTOS network and a net-interface stage.
摘要翻译: 一种用于将非CTOS计算机装置与包括系统总线的CTOS终端网络互连的适配器装置,该装置适于引入和与非CTOS计算机配合,并且包括用于传送的CTOS网络总线装置 来自系统总线的信号加上用于控制和传送信号到/从CTOS网络和网络接口级的通信控制级。
-
49.发明授权Method and apparatus for controlling network and workstation access prior to workstation boot 失效在工作站引导之前控制网络和工作站访问的方法和装置
公开(公告)号:US5444850A
公开(公告)日:1995-08-22
申请号:US101837
申请日:1993-08-04
申请人: Steve M. Chang
发明人: Steve M. Chang
CPC分类号: G06F21/805 , G06F21/572 , G06F21/575 , G06F21/64 , G06F9/4416 , H04L29/06 , H04L67/42 , G06F2211/007 , G06F2211/1097
摘要: A method and apparatus for preboot file and information transfer between workstations and other workstations or workstations and servers on local area networks. During a workstation boot sequence, the various components of the workstation and network operating system are loaded and executed. Since all control of the workstation after the boot sequence is passed to the workstation operating system, any management tasks performed after boot must be performed by application programs running on the workstation. The present invention overcomes problems created by using such application programs to perform management tasks by providing a hardware component, for example a ROM or PROM containing appropriate programming placed in the usually unused boot ROM socket of a LAN card installed in the individual workstations, or a chip including a PROM or ROM built onto the motherboard or system board of the individual workstations. The program in the PROM is set up so that, at system startup, prior to loading of the workstation operating system software during the boot sequence, it performs certain operating system functions by using the basic input/output system (BIOS) of the workstation to enable the workstation to communicate with a server on the network and make the necessary resources of the workstation available to a server management application running on the server via the network. This process, controlled by a system administrator, allows a variety of preboot functions to take place in the workstation.
摘要翻译: 一种用于在工作站和其他工作站或工作站和局域网上的服务器之间预引导文件和信息传输的方法和装置。 在工作站引导顺序期间,加载和执行工作站和网络操作系统的各种组件。 由于将引导顺序后的工作站的所有控制传递到工作站操作系统,所以在引导之后执行的任何管理任务必须由在工作站上运行的应用程序执行。 本发明克服了使用这样的应用程序通过提供硬件组件(例如包含放置在安装在各个工作站中的LAN卡的通常未使用的引导ROM插槽中的适当编程的ROM或PROM)来执行管理任务而产生的问题,或者 芯片包括建立在单个工作站的主板或系统板上的PROM或ROM。 PROM中的程序被设置为使得在系统启动时,在引导序列期间加载工作站操作系统软件之前,它通过使用工作站的基本输入/输出系统(BIOS)来执行某些操作系统功能 使工作站能够与网络上的服务器进行通信,并使工作站所需的资源可用于通过网络在服务器上运行的服务器管理应用程序。 此过程由系统管理员控制,允许在工作站中进行各种预引导功能。
-
公开(公告)号:US5375243A
公开(公告)日:1994-12-20
申请号:US208052
申请日:1994-03-07
申请人: James D. Parzych , Richard Tomaszewski , Norman P. Brown , Roger P. Anderson , David M. Douglas , Kenneth W. Stufflebeam
发明人: James D. Parzych , Richard Tomaszewski , Norman P. Brown , Roger P. Anderson , David M. Douglas , Kenneth W. Stufflebeam
CPC分类号: G06F21/80 , G06F21/34 , G06F2211/007 , G06F2211/1097
摘要: A hard drive which prevents data access operations on the hard drive upon power up until the user enters a password. When the computer system is powered up, the hard drive spins up and is tested, responding only to a limited set of commands that do not permit data storage or retrieval operations. The password is located on the hard disk itself to prevent bypassing the hard drive's security using a new computer environment. When the user enters the correct password, the hard drive unlocks and operates as a conventional hard drive. If the user chooses, the hard drive may be unlocked by either of two passwords, one defined by the user and the other by the manufacturer. To obtain access to data areas during a locked state, a wipe data command is provided which overwrites all user data on the drive and unlocks the drive.
摘要翻译: 一个硬盘驱动器,用于在用户输入密码之前,防止硬盘上的数据访问操作。 当计算机系统通电时,硬盘驱动器将自动启动并进行测试,仅响应一组不允许数据存储或检索操作的有限命令。 密码位于硬盘本身,以防止使用新的计算机环境绕过硬盘驱动器的安全。 当用户输入正确的密码时,硬盘驱动器解锁并作为传统硬盘驱动器运行。 如果用户选择,硬盘驱动器可能被两个密码中的任一个解锁,一个由用户定义,另一个由制造商定义。 为了在锁定状态下获取对数据区的访问,提供擦除数据命令,覆盖驱动器上的所有用户数据并解锁驱动器。
-
-
-
-
-
-
-
-
-
搜索结果
142 条记录 (耗时 0.032 秒)
