公开(公告)号：US08307098B1

公开(公告)日：2012-11-06

申请号：US09651548

申请日：2000-08-29

申请人： Barry Atkins ,  David Carroll Challener ,  Frank Novak ,  Joseph Gary Rusnak ,  Kenneth D. Timmons ,  William W. Vetter

发明人： Barry Atkins ,  David Carroll Challener ,  Frank Novak ,  Joseph Gary Rusnak ,  Kenneth D. Timmons ,  William W. Vetter

IPC分类号： G06F15/16

CPC分类号： H04L9/0822 ,  H04L9/0891 ,  H04L9/3268

摘要： A system, method, and program for managing a user key used to sign a message for a data processing system having an encryption chip are disclosed. A user is assigned a user key. In order to encrypt and send messages to a recipient(s), the messages are encrypted with the user key. The user key, in turn, is encrypted with an associated key. The associated key is further encrypted using an encryption chip key stored on the encryption chip. The encrypted messages are communicated to a recipient to validate an association of the user with the encrypted messages. The associated key is decrypted with the encryption chip key. The user key is decrypted with the associated key, and the messages are decrypted with the user key. Thereafter, validation of the association of messages with the user is removed by revoking the associated key. In a preferred embodiment, encryption resources are centralized in a server system having the encryption chip. The server system is coupled to and provides encryption services to a plurality of client systems. Messages to be encrypted are sent from a user's client system to the server system, which encrypts the messages using the encryption chip. The encrypted messages are sent from the server system to the client system, which then transmits the encrypted messages to their intended recipient(s). All data relating to the encrypted messages are erased from the server system after the encrypted messages are sent from the server system to the client system.

摘要翻译： 公开了一种用于管理用于签署具有加密芯片的数据处理系统的消息的用户密钥的系统，方法和程序。 给用户分配一个用户密钥。 为了加密和发送消息给收件人，消息用用户密钥加密。 用户密钥依次用相关密钥加密。 使用存储在加密芯片上的加密芯片密钥进一步加密相关密钥。 将加密的消息传送到接收者以验证用户与加密消息的关联。 相关密钥用加密芯片密钥解密。 用关键字解密用户密钥，用用户密钥对消息进行解密。 此后，通过撤消关联的密钥来消除与用户的消息关联的验证。 在优选实施例中，加密资源集中在具有加密芯片的服务器系统中。 服务器系统耦合到并向多个客户端系统提供加密服务。 要加密的消息从用户的客户端系统发送到服务器系统，服务器系统使用加密芯片加密消息。 加密的消息从服务器系统发送到客户端系统，然后客户端系统将加密的消息发送到其预期的接收者。 在将加密的消息从服务器系统发送到客户端系统之后，与加密消息相关的所有数据从服务器系统中被擦除。

公开(公告)号：US08285821B2

公开(公告)日：2012-10-09

申请号：US12368882

申请日：2009-02-10

申请人： David Carroll Challener ,  Richard Wayne Cheston ,  Howard Locker ,  Randall Scott Springrield ,  Rod D. Waltermann

发明人： David Carroll Challener ,  Richard Wayne Cheston ,  Howard Locker ,  Randall Scott Springrield ,  Rod D. Waltermann

IPC分类号： G06F15/177

CPC分类号： G06F12/0868 ,  G06F2212/263 ,  G06F2212/314 ,  H04L29/08846 ,  H04L67/1097 ,  H04L67/2842

摘要： A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.

摘要翻译： 公开了一种用于被管理客户端的前向缓存的方法，装置和系统。 存储模块将软件映像存储在后端服务器的存储设备上。 后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。 每个无盘数据处理装置与第一中间网络点直接通信。 存储模块在第一中间网络点高速缓存软件映像的图像实例。 跟踪模块检测对存储设备上的软件映像的更新。 存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。

公开(公告)号：US08151262B2

公开(公告)日：2012-04-03

申请号：US11693927

申请日：2007-03-30

申请人： David Carroll Challener ,  Mark Charles Davis

发明人： David Carroll Challener ,  Mark Charles Davis

IPC分类号： G06F9/455

CPC分类号： G06F21/57 ,  G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45587

摘要： A system, method, and program product is provided that executes a start sequence of an information handling system that includes a hardware based TPM. Multiple PCRs are stored in the TPM and are initialized to a predetermined state when the start sequence commences. During execution of the start sequence, software modules, including a hypervisor, are loaded the system's memory. PCR values resulting from the loading of the software modules are calculated. The resulting PCR values are compared with expected PCR values. If the PCR values match the expected PCR values, then a virtual environment is created under the hypervisor. The virtual environment includes a VM and a virtual trust platform module (vTPM) that is used by the virtual machine to satisfy the virtual machines TPM requests.

摘要翻译： 提供了一种执行包括基于硬件的TPM的信息处理系统的起始序列的系统，方法和程序产品。 多个PCR存储在TPM中，并且当开始序列开始时被初始化为预定状态。 在执行启动序列期间，软件模块（包括管理程序）将加载系统的内存。 计算由加载软件模块产生的PCR值。 将所得PCR值与预期的PCR值进行比较。 如果PCR值与预期PCR值匹配，则在管理程序下创建虚拟环境。 虚拟环境包括虚拟机和虚拟信托平台模块（vTPM），虚拟机用于满足虚拟机TPM请求。

公开(公告)号：US07814321B2

公开(公告)日：2010-10-12

申请号：US11788654

申请日：2007-04-19

申请人： David Carroll Challener ,  Howard Jeffrey Locker ,  Randall Scott Springfield

发明人： David Carroll Challener ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC分类号： H04L9/32

CPC分类号： G06F21/80

摘要： To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state.

摘要翻译： 要在计算机处于挂起状态时解锁HDD，在BIOS和HDD两者中，将密码与密码相结合以呈现新的一次性密码。 BIOS将其新的一次性密码发送到HDD，只有在找到匹配时才会自动解锁。 然后将新的一次性密码保存为“旧”密码，以便随后从后续挂起状态中与秘密组合。 以这种方式，如果计算机被盗，小偷不能在BIOS和HDD之间嗅探总线，以获得一旦计算机重新进入暂停状态就可以使用的密码。

公开(公告)号：US07751568B2

公开(公告)日：2010-07-06

申请号：US10749261

申请日：2003-12-31

申请人： Ryan Charles Catherman ,  David Carroll Challener ,  James Patrick Hoff

发明人： Ryan Charles Catherman ,  David Carroll Challener ,  James Patrick Hoff

IPC分类号： H04K1/00

CPC分类号： G06F21/602 ,  G06F21/57

摘要： A method and system for ensuring security-compliant creation and certificate generation for endorsement keys of manufactured TPMs. The endorsement keys are generated by the TPM manufacturer and stored within the TPM. The TPM manufacturer also creates a signing key pair and associated signing key certificate. The signing key pair is also stored within the TPM, while the certificate is provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates a signed endorsement key, which comprises the public endorsement key signed with the public signing key. The credential server matches the public signing key of the endorsement key with a public signing key within the received certificate. The EK certificate is generated and inserted into the TPM only when a match is confirmed.

摘要翻译： 一种用于确保制造TPM的认可密钥的安全兼容创建和证书生成的方法和系统。 认可密钥由TPM制造商生成并存储在TPM内。 TPM制造商还创建了一个签名密钥对和相关的签名密钥证书。 签名密钥对也存储在TPM中，同时将证书提供给OEM的凭据服务器。 在认可密钥（EK）凭证过程中，TPM生成签名的背书密钥，其包括用公共签名密钥签名的公开签名密钥。 凭证服务器将签名密钥的公共签名密钥与接收到的证书中的公共签名密钥相匹配。 仅当匹配确认时，EK证书才会生成并插入到TPM中。

公开(公告)号：US20100146317A1

公开(公告)日：2010-06-10

申请号：US12330332

申请日：2008-12-08

申请人： David Carroll Challener ,  Daryl Cromer ,  Howard Locker ,  Randall Scott Springfield

发明人： David Carroll Challener ,  Daryl Cromer ,  Howard Locker ,  Randall Scott Springfield

IPC分类号： G06F1/32 ,  G06F1/28

CPC分类号： G06F1/263 ,  G06F1/3203 ,  G06F1/3293 ,  Y02D10/122 ,  Y02D50/20

摘要： An apparatus, system, and method are disclosed for computer system power management. A control module 602 is activated on a computer 200 in response to an event and enters 818 a standby state if the computer 200 is not already 814 in the standby state. A policy module 604 detects 904 a power source of a predetermined type connected to the computer 200 and dictates 908 one or more processors 302 of higher power consumption for a more abundant type of power source such as an AC adapter 314, or one or more processors 304 of lower power consumption for a less abundant type of power source such as a battery 318. A configuration module 606, activated by the control module 602, switches 1004 the computer 200 to one or more processors 302 and 304 of a predetermined power consumption as dictated and exits 1016 the standby state.

摘要翻译： 公开了一种用于计算机系统电源管理的装置，系统和方法。 控制模块602响应于事件而在计算机200上被激活，并且如果计算机200尚未处于待机状态则进入818待机状态。 策略模块604检测904连接到计算机200的预定类型的电源，并指示908个用于更丰富类型的电源（例如AC适配器314）或一个或多个处理器的更高功耗的一个或多个处理器302 304为较不丰富的电源（例如电池318）的较低功耗。由控制模块602激活的配置模块606将计算机200切换到具有预定功率消耗的一个或多个处理器302和304，如 指定并退出1016备用状态。

公开(公告)号：US20100115256A1

公开(公告)日：2010-05-06

申请号：US12265909

申请日：2008-11-06

申请人： David Carroll Challener ,  Howard Locker ,  Joseph Michael Pennist ,  Randall Scott Springfield

发明人： David Carroll Challener ,  Howard Locker ,  Joseph Michael Pennist ,  Randall Scott Springfield

IPC分类号： G06F15/177

CPC分类号： G06F8/66

摘要： An apparatus, system, and method are disclosed for quiescing a boot environment. A reservation module reserves a portion of a first storage device. A store module stores an update boot image to the reserved portion. A detection module detects the update boot image stored on the first storage device when the computer boots and executes the update boot image in place of a standard boot image in response to detecting the update boot image. The update boot image places a computer in a known quiescent state.

摘要翻译： 公开了用于停止引导环境的装置，系统和方法。 预留模块保留第一存储设备的一部分。 存储模块将更新引导映像存储到保留部分。 当计算机启动时，检测模块检测存储在第一存储设备上的更新引导映像，并且响应于检测到更新引导映像而执行替换引导映像代替标准引导映像。 更新引导映像将计算机置于已知的静态状态。

公开(公告)号：US07676430B2

公开(公告)日：2010-03-09

申请号：US09851956

申请日：2001-05-09

申请人： David Carroll Challener

发明人： David Carroll Challener

IPC分类号： G06Q30/00

CPC分类号： G07F7/1008 ,  G06Q20/10 ,  G06Q20/102 ,  G06Q20/105 ,  G06Q20/12 ,  G06Q20/24 ,  G06Q20/342 ,  G06Q20/3552 ,  G06Q20/3558 ,  G06Q20/3821 ,  G06Q20/38215 ,  G06Q30/0609 ,  G06Q40/025 ,  G06Q40/04 ,  G07F7/025 ,  G07F7/1016

摘要： The Trusted Computing Platform Alliance (TCPA) Specification is implemented to allow a credit card company to remotely install a credit card private key into a TCPA module to create a Trusted Platform Module (TPM). More specifically, when a credit worthy user applies for a credit card, the user will send the credit card company a public portion of a “non-migratable storage key,” which is accredited a TPM endorsed by a Certification Authority. The credit card company will create its own public/private key pair according to the TCPA Specification, to create a TCPA header, and wrap the full structure by encrypting it with the public portion of the TCPA non-migratable storage key. The credit card company then sends by email the encrypted bundle with a certificate for it, and sends a corresponding pass phrase by regular mail.

摘要翻译： 可信计算平台联盟（TCPA）规范被实现为允许信用卡公司将信用卡私钥远程安装到TCPA模块中以创建可信平台模块（TPM）。 更具体地说，当信用卡用户申请信用卡时，用户将向信用卡公司发送被认证为由认证机构认可的TPM的“不可迁移存储密钥”的公开部分。 信用卡公司将根据TCPA规范创建自己的公钥/私钥对，以创建TCPA头，并通过使用TCPA不可迁移存储密钥的公共部分对其进行加密来包装整个结构。 信用卡公司然后通过电子邮件发送带有证书的加密捆绑包，并通过普通邮件发送相应的密码。

公开(公告)号：US20100039387A1

公开(公告)日：2010-02-18

申请号：US12192244

申请日：2008-08-15

申请人： Howard Locker ,  David Carroll Challener ,  Daryl Carvis Cromer ,  Qian Ying Wang

发明人： Howard Locker ,  David Carroll Challener ,  Daryl Carvis Cromer ,  Qian Ying Wang

IPC分类号： G09G5/00

CPC分类号： G06F3/0231 ,  G06F1/1626 ,  G06F1/1669 ,  G06F3/14 ,  G09G2340/0407 ,  G09G2340/0442 ,  G09G2340/14

摘要： An approach is provided that identifies when a wireless keyboard unit is connected to an information handling system that includes a display screen that is partially blocked when the keyboard is attached. A determination is made as to the size of the visible portion of the display screen. Items are displayed on the visible portion of the display screen. The approach refrains from displaying items on the blocked portion of the display screen. The user is able to move the wireless keyboard, the movement of the keyboard resulting in a changed size of the visible portion of the display screen. After the keyboard is repositioned, the visual items are re-displayed on the visible portion of the display screen so that the items fit in the changed size of the visible portion of the display screen.

摘要翻译： 提供了一种方法，其识别无线键盘单元何时连接到信息处理系统，该信息处理系统包括当附接键盘时部分阻止的显示屏幕。 确定显示屏的可见部分的尺寸。 项目显示在显示屏的可见部分。 该方法禁止在显示屏幕的屏蔽部分上显示项目。 用户能够移动无线键盘，键盘的移动导致显示屏幕的可见部分的尺寸改变。 在重新定位键盘之后，可视物品被重新显示在显示屏幕的可见部分上，使得这些物品符合显示屏幕的可见部分的改变的尺寸。

公开(公告)号：US20090205044A1

公开(公告)日：2009-08-13

申请号：US12027761

申请日：2008-02-07

申请人： David Carroll Challener ,  Howard Locker ,  Philip John Jakes ,  Randall Scott Springfield

发明人： David Carroll Challener ,  Howard Locker ,  Philip John Jakes ,  Randall Scott Springfield

IPC分类号： G06F11/00

CPC分类号： G06F21/552

摘要： An apparatus, system, and method are disclosed for secure hard disk signed audit. The apparatus is provided with a plurality of modules configured to functionally execute the necessary steps of monitoring interactions with an audited system, detecting an interrupt event corresponding to an auditable interaction, and logging an audit record for the auditable interaction in response to the interrupt event, wherein the audit record is logged in an access-restricted portion of a portion-securable hard disk. These modules in the described embodiments include a gate module, a detection module, and a logging module.

摘要翻译： 公开了用于安全硬盘签名审核的装置，系统和方法。 该装置设置有多个模块，其被配置为在功能上执行监视与被审计系统的交互的必要步骤，检测与可审计交互相对应的中断事件，以及响应于中断事件记录可审计交互的审计记录， 其中审计记录被记录在部分可安全的硬盘的访问受限的部分中。 所述实施例中的这些模块包括门模块，检测模块和测井模块。