公开(公告)号：US06823464B2

公开(公告)日：2004-11-23

申请号：US09793239

申请日：2001-02-26

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F124

CPC分类号： G06F21/305 ,  G06F21/57

摘要： Authentication of an entity remotely managing a data processing system is enabled to allow changes by the remote entity to hard-locked critical security information normally accessible only during the POST and only to trusted entities such as the system BIOS. The remote entity builds a change request and generates a hash from the change request with a current password appended. The change request and the hash are stored in a lockable non-volatile buffer which, once locked, requires a system reset to access. During the next POST, a trusted entity such as the system BIOS reads the change request, generates an authentication hash from the change request and the current password within the hard-locked security information, and compares the buffered hash with the generated hash. If a match is determined, the security information is updated; otherwise a tamper error is reported.

摘要翻译： 允许远程管理数据处理系统的实体的认证允许远程实体更改硬锁定通常只能在POST期间可访问的关键安全性信息，并且只允许受信任的实体（如系统BIOS）。 远程实体构建更改请求，并从附加当前密码的更改请求生成哈希值。 更改请求和哈希存储在可锁定的非易失性缓冲区中，该缓冲区一旦被锁定就需要系统重置才能访问。 在下一个POST期间，诸如系统BIOS的受信任的实体读取更改请求，从改变请求中生成认证散列，并在硬锁定的安全信息内生成当前密码，并将缓冲的散列与生成的散列进行比较。 如果确定匹配，则更新安全信息; 否则报告篡改错误。

公开(公告)号：US06421792B1

公开(公告)日：2002-07-16

申请号：US09204983

申请日：1998-12-03

申请人： Daryl Carvis Cromer ,  Isaac Karpel ,  Howard J. Locker ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Isaac Karpel ,  Howard J. Locker ,  James Peter Ward

IPC分类号： G06F9445

CPC分类号： G06F11/1417

摘要： A data processing system and method are disclosed for automatically recovering from an unsuccessful boot of the system. A boot of the system is initiated utilizing a first boot code stored in a first storage location. A determination is made regarding whether the boot was successful. If a determination is made that the boot was unsuccessful, a boot is reattempted utilizing a second boot code stored in a second storage device.

摘要翻译： 公开了一种用于从系统的不成功启动自动恢复的数据处理系统和方法。 使用存储在第一存储位置中的第一引导代码来启动系统的引导。 确定启动是否成功。 如果确定引导不成功，则使用存储在第二存储设备中的第二引导代码来重新启动引导。

公开(公告)号：US06189108B1

公开(公告)日：2001-02-13

申请号：US09025975

申请日：1998-02-19

申请人： Daryl Carvis Cromer ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Howard Locker ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F126

CPC分类号： G06F1/3209

摘要： A client on a network is provided with low power logic, at the network adaptor, that is always active and simulates network packet traffic (e.g. Ethernet packets) normally sent under control of the main client system processor(s). This logic collects client status information regarding power state and reports to the network manager such information which allows the network manager to exercise broader control and perform maintenance and upgrades which would usually require a dialog with the user and consequently limit off-hours reconfiguring of the client.

摘要翻译： 在网络上的客户端被提供在网络适配器处的低功率逻辑，其始终是活动的并且模拟通常在主客户端系统处理器的控制下发送的网络分组业务（例如以太网分组）。 该逻辑收集有关电力状态的客户状态信息，并向网络管理员报告这样的信息，这些信息允许网络管理员进行更广泛的控制并进行维护和升级，通常需要与用户进行对话，从而限制客户端的小时重新配置 。

公开(公告)号：US06003081A

公开(公告)日：1999-12-14

申请号：US169285

申请日：1998-10-08

申请人： Daryl Carvis Cromer ,  Gregory W. Kilmer ,  Gregory B. Pruett ,  Michael Steinmetz ,  James Peter Ward

发明人： Daryl Carvis Cromer ,  Gregory W. Kilmer ,  Gregory B. Pruett ,  Michael Steinmetz ,  James Peter Ward

IPC分类号： G06F13/38 ,  G06F15/17 ,  G06F15/173

CPC分类号： G06F11/0748

摘要： A data processing system and method are described for permitting a server computer system to generate a detailed repair request utilized to a remote client computer system. The server and client computer systems are coupled together utilizing a local area network. In response to an error in operation of the client caused by a malfunctioning part included within the client, the client identifies the malfunctioning part. The client automatically transmits a notification of the error and an identification of the part to the server without requiring a user's presence at the client. The server generates a detailed repair request which includes the identification of the part. The repair request is detailed including an identity of the malfunctioning part to be repaired and is generated remotely by the server without a user's presence at the client being required.

摘要翻译： 描述了一种数据处理系统和方法，用于允许服务器计算机系统生成用于远程客户端计算机系统的详细维修请求。 服务器和客户端计算机系统利用局域网耦合在一起。 响应于由客户端中包含的故障部分导致的客户端操作错误，客户端识别故障部分。 客户端自动向服务器发送错误的通知和部件的标识，而不需要用户在客户端的存在。 服务器生成一个详细的维修请求，其中包括部件的标识。 修理请求是详细的，包括要修复的故障部件的标识，并由服务器远程生成，而无需用户在客户机上的存在。

公开(公告)号：US06920561B1

公开(公告)日：2005-07-19

申请号：US09542048

申请日：2000-03-31

申请人： Christopher Britton Gould ,  Howard Jeffery Locker ,  Andy Lloyd Trotter ,  Michael T. Vanover ,  James Peter Ward

发明人： Christopher Britton Gould ,  Howard Jeffery Locker ,  Andy Lloyd Trotter ,  Michael T. Vanover ,  James Peter Ward

IPC分类号： G06F11/30 ,  G06F21/00 ,  H04L9/32

CPC分类号： G06F21/34 ,  G06F21/32

摘要： A method for providing an authentication of a user of a computer system in a network is disclosed. The method comprises capturing biometric data of a user; encrypting and signing the biometric data with a private key and sending the encrypted and signed data to a central server in the network. The method further comprises accepting and verifying credentials associated with the signed and encrypted data from the server utilizing the public key from the server. The method further comprises installing the credentials into the computer if the credentials are verified. In a method and system in accordance with the present invention, a user can walk up to any client within an enterprise and have their locally captured biometric input authenticated at a central server. The user can then have their individual credentials securely imported to the local client for subsequent use during that time period, without needing any additional identification or memory token such as a smartcard.

摘要翻译： 公开了一种用于在网络中提供计算机系统的用户的认证的方法。 该方法包括捕获用户的生物特征数据; 使用私钥对生物特征数据进行加密和签名，并将加密和签名的数据发送到网络中的中央服务器。 该方法还包括使用来自服务器的公开密钥从服务器接受和验证与签名和加密的数据相关联的凭证。 该方法还包括如果凭证被验证，则将证书安装到计算机中。 在根据本发明的方法和系统中，用户可以走到企业内的任何客户端并且使其本地捕获的生物特征输入在中央服务器上被认证。 然后，用户可以将其各自的凭证安全地导入到本地客户端，以便在该时间段内进行后续使用，而不需要任何附加标识或诸如智能卡的存储器令牌。

公开(公告)号：US06405259B1

公开(公告)日：2002-06-11

申请号：US09207888

申请日：1998-12-08

申请人： Richard W. Cheston ,  Daryl C. Cromer ,  Dhruv M. Desai ,  Brandon J. Ellison ,  Howard J. Locker ,  James Peter Ward

发明人： Richard W. Cheston ,  Daryl C. Cromer ,  Dhruv M. Desai ,  Brandon J. Ellison ,  Howard J. Locker ,  James Peter Ward

IPC分类号： G06F1516

CPC分类号： H04L29/12009 ,  H04L12/1886 ,  H04L61/00 ,  H04L69/22

摘要： A method and system are disclosed for transmitting a network packet which identifies only selected ones of a plurality of client computer systems. The client computer systems are coupled to a server computer system to form a network. A logical group is specified which includes only a first plurality of the plurality of client computer systems by specifying one of a plurality of group identifiers. A network packet is then transmitted utilizing the network to the logical group. The network packet includes the group identifier which identifies the logical group, wherein only the logical group are the intended recipients of the packet.

摘要翻译： 公开了用于发送仅识别多个客户端计算机系统中的选定的一个的网络分组的方法和系统。 客户端计算机系统耦合到服务器计算机系统以形成网络。 指定逻辑组，其通过指定多个组标识符中的一个来指定仅包括第一多个多个客户端计算机系统。 然后使用网络将网络分组发送到逻辑组。 网络分组包括标识逻辑组的组标识符，其中只有逻辑组是分组的预期接收者。

公开(公告)号：US06263441B1

公开(公告)日：2001-07-17

申请号：US09167202

申请日：1998-10-06

申请人： Daryl C. Cromer ,  Brandon J. Ellison ,  Robert Joseph Evans ,  Eric Richard Kern ,  James Peter Ward

发明人： Daryl C. Cromer ,  Brandon J. Ellison ,  Robert Joseph Evans ,  Eric Richard Kern ,  James Peter Ward

IPC分类号： G06F1130

CPC分类号： G06F11/327

摘要： A method of monitoring a networked computer system by detecting a change to a configuration of the computer system, using detection logic of the computer, and generating an alert associated with any change in the configuration in real time. The alert is transmitted to a remote server on the network. In an illustrative implementation, the detection logic can detect (i) a change in the number of storage devices present in the computer system, (ii) a change in the number of memory modules present in the computer system, and (iii) a change in the number of processors present in the computer system. The configuration information may be saved between boot operations of the computer using a battery-powered latch.

摘要翻译： 一种通过使用计算机的检测逻辑检测计算机系统的配置的改变来监视联网的计算机系统的方法，并且实时地生成与配置的任何改变相关联的警报。 警报被传输到网络上的远程服务器。 在说明性实现中，检测逻辑可以检测（i）计算机系统中存在的存储设备的数量的变化，（ii）存在于计算机系统中的存储器模块的数量的变化，以及（iii）改变 在计算机系统中存在的处理器数量。 可以使用电池供电的锁存器在计算机的引导操作之间保存配置信息。

公开(公告)号：US06175927B1

公开(公告)日：2001-01-16

申请号：US09167211

申请日：1998-10-06

申请人： Daryl C. Cromer ,  Brandon J. Ellison ,  Eric Richard Kern ,  James Peter Ward

发明人： Daryl C. Cromer ,  Brandon J. Ellison ,  Eric Richard Kern ,  James Peter Ward

IPC分类号： G06F126

CPC分类号： G06F1/30 ,  G06F1/28 ,  Y10S707/99931 ,  Y10S707/99944 ,  Y10S707/99953

摘要： A method of monitoring a computer system, by detecting a power interruption to the computer system, using power down sense logic, and generating an alert associated with the power interruption. When the computer system is networked, the alert is transmitted to a remote server. The power down sense logic sends a message to an auxiliary processor (which may be an application-specific integrated circuit, or ASIC), and the auxiliary processor creates a network transmission packet indicating that the computer system is losing power. The auxiliary processor may allow selection of a transmission mode such as uni-cast transmission, multi-cast transmission, or broadcast transmission. A common power supply provides a first power signal to the computer system, and a second power signal to the power down sense logic and auxiliary processor, and maintains the second power signal for a longer duration than the first power signal upon removal of a power source for the power supply, sufficient to carry out the sending of the message from the power down sense logic and the creating of the network alert.

摘要翻译： 一种监视计算机系统的方法，通过使用掉电检测逻辑检测计算机系统的电力中断，并产生与电力中断相关联的警报。 当计算机系统联网时，该警报被传送到远程服务器。 断电检测逻辑向辅助处理器（其可以是专用集成电路或ASIC）发送消息，并且辅助处理器创建指示计算机系统正在失去电力的网络传输分组。 辅助处理器可以允许选择诸如单播传输，多播传输或广播传输之类的传输模式。 公共电源向计算机系统提供第一功率信号，以及向掉电检测逻辑和辅助处理器提供第二功率信号，并且在去除电源时将第二功率信号保持比第一功率信号更长的持续时间 用于电源，足以执行从断电检测逻辑发送消息并创建网络警报。

公开(公告)号：US07653819B2

公开(公告)日：2010-01-26

申请号：US10957545

申请日：2004-10-01

申请人： Steven A. Bade ,  Charles Douglas Ball ,  Ryan Charles Catherman ,  James Patrick Hoff ,  James Peter Ward

发明人： Steven A. Bade ,  Charles Douglas Ball ,  Ryan Charles Catherman ,  James Patrick Hoff ,  James Peter Ward

IPC分类号： G06F21/00

CPC分类号： G06F21/57

摘要： A method, computer program, and system for paging platform configuration registers in and out of a trusted platform module. In a trusted computing platform, an unlimited number of platform configuration registers can be obtained through paging. The trust platform module encrypts and decrypts platform configuration registers for storage outside the trusted platform module.

摘要翻译： 用于寻呼平台配置的方法，计算机程序和系统在可信平台模块内进出。 在可信赖的计算平台中，可以通过寻呼获得无限数量的平台配置寄存器。 信任平台模块对平台配置寄存器进行加密和解密，以便在可信平台模块之外进行存储。

公开(公告)号：US06993648B2

公开(公告)日：2006-01-31

申请号：US09931538

申请日：2001-08-16

申请人： Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

发明人： Steven Dale Goodman ,  James Patrick Hoff ,  Randall Scott Springfield ,  James Peter Ward

IPC分类号： G06F9/24

CPC分类号： G06F9/4401 ,  G06F8/65

摘要： When a flash unlock routine unlocks the flash memory to permit updating of a BIOS image, a message is left in secure non-volatile memory, such as a EEPROM. Upon the next re-boot, the boot block code will detect the special message in the non-volatile memory and perform a signature verification of the next block of code that is to be executed during the POST process. This code block will check the remainder of the BIOS image before POST proceeds.