利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

170 条记录 (耗时 0.041 秒)

    System and method for securely clearing secret data that remain in a computer system memory
    52.
    发明授权
    System and method for securely clearing secret data that remain in a computer system memory 有权
    用于安全地清除保留在计算机系统存储器中的秘密数据的系统和方法

    公开(公告)号:US08312534B2

    公开(公告)日:2012-11-13

    申请号:US12040953

    申请日:2008-03-03

    申请人: David Carroll Challener Daryl Carvis Cromer Howard Jeffrey Locker Randall Scott Springfield

    发明人: David Carroll Challener Daryl Carvis Cromer Howard Jeffrey Locker Randall Scott Springfield

    IPC分类号: G06F21/00 G06F17/00 G06F17/30 G06F15/177

    CPC分类号: G06F21/57 G06F21/79

    摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

    摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。

    METHOD AND APPARATUS FOR SHARING AN INTEGRITY SECURITY MODULE IN A DUAL-ENVIRONMENT COMPUTING DEVICE
    54.
    发明申请
    METHOD AND APPARATUS FOR SHARING AN INTEGRITY SECURITY MODULE IN A DUAL-ENVIRONMENT COMPUTING DEVICE 有权
    在双环境计算设备中共享安全性模块的方法和装置

    公开(公告)号:US20110238967A1

    公开(公告)日:2011-09-29

    申请号:US12748787

    申请日:2010-03-29

    申请人: David Carroll Challener Daryl C. Cromer Howard J. Locker Randall Scott Springfield

    发明人: David Carroll Challener Daryl C. Cromer Howard J. Locker Randall Scott Springfield

    IPC分类号: G06F9/00 G06F9/48

    CPC分类号: G06F9/52 G06F21/575

    摘要: A method and apparatus are disclosed for sharing an integrity security module in a dual-environment computing device. The apparatus include an integrity security module, one or more processors, a detection module and a regeneration module. The one or more processors may have access to the integrity security module and may operate in two distinct operating environments of a dual-environment computing device. The detection module may detect, during an initialization sequence, a power state transition of an operating environment of the dual-environment computing device. The regeneration module may regenerate one or more integrity values from a stored integrity metric log in response to detecting the power state transition of the operating environment of the dual-environment computing device.

    摘要翻译: 公开了用于在双环境计算设备中共享完整性安全模块的方法和装置。 该装置包括完整性安全模块,一个或多个处理器,检测模块和再生模块。 一个或多个处理器可以访问完整性安全模块,并且可以在双环境计算设备的两个不同的操作环境中操作。 检测模块可以在初始化序列期间检测双环境计算设备的操作环境的功率状态转换。 响应于检测双环境计算设备的操作环境的功率状态转换,再生模块可以从存储的完整性度量日志重新生成一个或多个完整性值。

    System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory
    56.
    发明申请
    System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory 审中-公开
    使用芯片组资源清除计算机系统内存中的敏感数据的系统和方法

    公开(公告)号:US20090222635A1

    公开(公告)日:2009-09-03

    申请号:US12040981

    申请日:2008-03-03

    申请人: David Carroll Challener Daryl Carvis Cromer Howard Jeffrey Locker Randall Scott Springfield

    发明人: David Carroll Challener Daryl Carvis Cromer Howard Jeffrey Locker Randall Scott Springfield

    IPC分类号: G06F15/177 G06F12/00

    CPC分类号: G06F12/1433 G06F21/575 G06F2221/2143

    摘要: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.

    摘要翻译: 提供了一种系统,方法和程序产品,其使用识别存储在存储器中并且在先前使用计算机系统期间不被擦除的秘密的初始化过程来初始化计算机系统。 在初始化过程中,检索一个或多个秘密指示符,其识别在先前使用计算机系统期间是否从计算机系统的存储器擦除了一个或多个秘密。 如果秘密指示器显示在计算机系统的先前使用期间没有从存储器擦除一个或多个秘密,则初始化过程擦除存储器。 另一方面,如果秘密指示器显示在计算机系统的先前使用期间从存储器擦除了每个秘密,则在初始化过程期间不擦除存储器。

    APPARATUS, SYSTEM, AND METHOD FOR AUTHENTICATION OF A CORE ROOT OF TRUST MEASUREMENT CHAIN
    58.
    发明申请
    APPARATUS, SYSTEM, AND METHOD FOR AUTHENTICATION OF A CORE ROOT OF TRUST MEASUREMENT CHAIN 有权
    用于认证信任测量链的核心的装置,系统和方法

    公开(公告)号:US20080148064A1

    公开(公告)日:2008-06-19

    申请号:US11612367

    申请日:2006-12-18

    申请人: David Carroll Challener Howard Locker Randall Scott Springfield Rod D. Waltermann

    发明人: David Carroll Challener Howard Locker Randall Scott Springfield Rod D. Waltermann

    IPC分类号: G06F12/14

    CPC分类号: G06F21/57 G06F2221/2153

    摘要: An apparatus, system, and method are disclosed for authentication of a core root of trust measurement chain. The apparatus for authentication of a CRTM chain is provided with a plurality of modules configured to carry out the steps of retrieving a decryption key from a predetermined location on the device selected for authentication, decrypting an authentication signal using the decryption key, and communicating the decrypted authentication signal to a user. In the described embodiments, these modules include a retrieval module, a decryption module, and a communication module. Beneficially, such an apparatus, system, and method would reliably verify that a link in the CRTM chain has not been corrupted, modified, or infected with a computer virus. Specifically, such an apparatus, system, and method would enable verification that the hypervisor has not been corrupted, modified, or infected with a computer virus.

    摘要翻译: 公开了用于认证信任度量链核心根的装置,系统和方法。 用于认证CRTM链的装置设置有多个模块,其被配置为执行从所选择的用于认证的设备上的预定位置检索解密密钥的步骤,使用解密密钥解密认证信号,以及传送解密密钥 认证信号给用户。 在所描述的实施例中,这些模块包括检索模块,解密模块和通信模块。 有利的是,这样的装置,系统和方法可以可靠地验证CRTM链中的链路没有被破坏,修改或感染计算机病毒。 具体来说,这样的装置,系统和方法将能够验证管理程序没有被计算机病毒破坏,修改或感染。

    Blocking computer system ports on per user basis
    60.
    发明授权
    Blocking computer system ports on per user basis 有权
    按用户身份阻止计算机系统端口

    公开(公告)号:US08499345B2

    公开(公告)日:2013-07-30

    申请号:US12243762

    申请日:2008-10-01

    申请人: David Carroll Challener Howard Jeffrey Locker Joseph Michael Pennisi Randall Scott Springfield

    发明人: David Carroll Challener Howard Jeffrey Locker Joseph Michael Pennisi Randall Scott Springfield

    IPC分类号: G06F21/00

    CPC分类号: G06F21/6218

    摘要: An approach is provided that receives a user identifier from a user of the information handling system. The user identifier can include a username as well as a user authentication code, such as a password. Hardware settings that correspond to the user identifier are retrieved from a nonvolatile memory. Hardware devices, such as ports (e.g., USB controller), network interfaces, storage devices, and boot sequences, are configured using the retrieved hardware settings. After the hardware devices have been configured to correspond to the identified user, an operating system is booted.

    摘要翻译: 提供一种从信息处理系统的用户接收用户标识符的方法。 用户标识符可以包括用户名以及诸如密码的用户认证码。 从非易失性存储器检索对应于用户标识符的硬件设置。 使用检索的硬件设置来配置诸如端口(例如,USB控制器),网络接口,存储设备和引导顺序的硬件设备。 在将硬件设备配置为对应于所识别的用户之后,引导操作系统。