公开(公告)号：US20110246985A1

公开(公告)日：2011-10-06

申请号：US12750287

申请日：2010-03-30

Applicant: Yi Zhou ,  Rod D. Waltermann ,  Fred W. F. Holt, JR. ,  Bradley P. Strazisar ,  Liang Chen

Inventor： Yi Zhou ,  Rod D. Waltermann ,  Fred W. F. Holt, JR. ,  Bradley P. Strazisar ,  Liang Chen

IPC: G06F9/24 ,  G06F9/455 ,  G06F15/16

CPC classification number: G06F9/445 ,  G06F9/44557

Abstract: Systems, methods, apparatuses and computer program products provide alternative desktop computing solutions and generally provide client devices configured to utilize one of a local common base image and a common base image stored remotely, with a user-specific overlay image remotely storing user specific data. The clients can be configured to store the common base image locally.

Abstract translation: 系统，方法，装置和计算机程序产品提供替代桌面计算解决方案，并且通常提供被配置为利用远程存储的本地公共基本图像和公共基本图像之一的客户端设备与用户特定覆盖图像远程存储用户特定数据。 客户端可以配置为在本地存储公共基本映像。

公开(公告)号：US08024579B2

公开(公告)日：2011-09-20

申请号：US11647932

申请日：2006-12-29

Applicant: David Carroll Challener ,  John H. Nicholson ,  Joseph Michael Pennisi ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  John H. Nicholson ,  Joseph Michael Pennisi ,  Rod D. Waltermann

IPC: G06F11/30

CPC classification number: G06F21/57 ,  G06F21/51 ,  H04L9/0897 ,  H04L9/3236

Abstract: A system and method for authenticating suspect code includes steps of: receiving the suspect code for a first instance of a trusted platform module; loading the suspect code into a trusted platform module device operatively associated with a processor, wherein the suspect code is loaded outside of a shielded location within the trusted platform module device; retrieving a validation public key from a table and storing it in a register in the trusted platform module device, the validation public key indexed by the suspect code; and retrieving a hash algorithm from the table, the hash algorithm indexed by the suspect code. The hash algorithm is run to derive a first hash value; then, using the validation public key, the second hash value is decrypted to derive a second decrypted hash value. The two hash values are compared; and upon determining a match, the suspect code is loaded into the shielded location of the processor for execution by the processor.

Abstract translation: 用于认证可疑代码的系统和方法包括以下步骤：接收可信平台模块的第一实例的可疑代码; 将可疑代码加载到与处理器可操作地相关联的可信任的平台模块设备中，其中可疑代码被加载到可信平台模块设备内的屏蔽位置之外; 从表中检索验证公钥并将其存储在可信平台模块设备中的寄存器中，由可疑代码索引的验证公钥; 并从表中检索散列算法，由可疑代码索引的哈希算法。 运行散列算法以导出第一散列值; 然后，使用验证公钥，解密第二哈希值以导出第二解密哈希值。 比较两个哈希值; 并且在确定匹配时，可疑代码被加载到处理器的屏蔽位置以供处理器执行。

公开(公告)号：US07917916B2

公开(公告)日：2011-03-29

申请号：US11472494

申请日：2006-06-20

Applicant: Arnold S. Weksler ,  Neal R. Caliendo, Jr. ,  Jeffrey M. Estroff ,  Scott E. Kelso ,  John C. Mese ,  Nathan J. Peterson ,  Jose R. Ruiz ,  Rod D. Waltermann

Inventor： Arnold S. Weksler ,  Neal R. Caliendo, Jr. ,  Jeffrey M. Estroff ,  Scott E. Kelso ,  John C. Mese ,  Nathan J. Peterson ,  Jose R. Ruiz ,  Rod D. Waltermann

IPC: G06F9/44 ,  G06F13/00

CPC classification number: G06F9/4411 ,  G06F8/63

Abstract: The present invention relates to a method for removing the driver map component from being stored on the service partition and placing it on a server for retrieval at a later time. Only the actual device drivers that are required for that system will be provided. A central repository will be provided for applications and device drivers that would leverage the AMT area. The AMT IDE-R would be used to store the hook to network install, for example an IT administrator initiated network install to an unpowered system. Two situations exist in which this method will be used. The first situation involves supplying ImageUltra content to a system that is connected to the Local Area Network while ImageUltra is running. The second situation involves supplying ImageUltra content to a system that is not connected to the Local Area Network while ImageUltra is running.

Abstract translation: 本发明涉及一种用于将驱动程序映射组件移除存储在服务分区上并将其放置在服务器上以便稍后进行检索的方法。 仅提供该系统所需的实际设备驱动程序。 将为使用AMT区域的应用程序和设备驱动程序提供中央存储库。 AMT IDE-R将用于存储钩子到网络安装，例如IT管理员启动网络安装到无动力系统。 存在使用这种方法的两种情况。 第一种情况是在ImageUltra运行时将ImageUltra内容提供给连接到局域网的系统。 第二种情况是在ImageUltra正在运行时，将ImageUltra内容提供给未连接到局域网的系统。

公开(公告)号：US20100205375A1

公开(公告)日：2010-08-12

申请号：US12368882

申请日：2009-02-10

Applicant: David Carroll Challener ,  Richard Wayne Cheston ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Richard Wayne Cheston ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F12/08

CPC classification number: G06F12/0868 ,  G06F2212/263 ,  G06F2212/314 ,  H04L29/08846 ,  H04L67/1097 ,  H04L67/2842

Abstract: A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.

Abstract translation: 公开了一种用于被管理客户端的前向缓存的方法，装置和系统。 存储模块将软件映像存储在后端服务器的存储设备上。 后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。 每个无盘数据处理装置与第一中间网络点直接通信。 存储模块在第一中间网络点高速缓存软件映像的图像实例。 跟踪模块检测对存储设备上的软件映像的更新。 存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。

公开(公告)号：US20100122250A1

公开(公告)日：2010-05-13

申请号：US12269668

申请日：2008-11-12

Applicant: David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F9/445 ,  G06F9/455 ,  G06F9/46 ,  G06F15/177

CPC classification number: G06F21/53 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer

Abstract translation: 公开了用于授予管理程序特权的装置，系统和方法。 安装模块安装监视器管理程序，其中只有监视器管理程序被计算机授予管理程序的权限。 认证模块认证第二管理程序。 如果第二个管理程序被认证，驱逐模块将使监视器管理程序移走。 在监视器管理程序被驱逐之后，安装模块进一步安装第二管理程序，使得只有第二管理程序被计算机授予管理程序特权

公开(公告)号：US07653835B2

公开(公告)日：2010-01-26

申请号：US11475361

申请日：2006-06-27

Applicant: Howard J. Locker ,  Daryl C. Cromer ,  Randall S. Springfield ,  Rod D. Waltermann ,  John C. Mese ,  Scott E. Kelso ,  Nathan J. Peterson ,  Arnold S. Weksler

Inventor： Howard J. Locker ,  Daryl C. Cromer ,  Randall S. Springfield ,  Rod D. Waltermann ,  John C. Mese ,  Scott E. Kelso ,  Nathan J. Peterson ,  Arnold S. Weksler

IPC: G06F11/00

CPC classification number: G06F11/0766 ,  G06F11/0712

Abstract: A client computer system is provided with two operating systems, one of which is a user operating system (UOS) and the other of which is a service operating system (SOS), and a hypervisor. In the event of a hang in the first operating system, the second operating system remains active, out of the awareness of the user of the system, and has reporting and command response capabilities beyond those of prior technology.

Abstract translation: 客户端计算机系统具有两个操作系统，其中一个是用户操作系统（UOS），另一个是服务操作系统（SOS），以及管理程序。 在第一个操作系统出现故障的情况下，第二个操作系统保持活动状态，不在系统用户的意识之内，并具有超越现有技术的报告和命令响应功能。

公开(公告)号：US20090248845A1

公开(公告)日：2009-10-01

申请号：US12059968

申请日：2008-03-31

Applicant: Rod D. Waltermann ,  Howard Locker ,  Joseph Michael Pennisi ,  Mark Charles Davis

Inventor： Rod D. Waltermann ,  Howard Locker ,  Joseph Michael Pennisi ,  Mark Charles Davis

IPC: G06F15/173

CPC classification number: H04L47/10 ,  H04L47/765 ,  H04L47/803 ,  H04L49/356 ,  H04L67/1097

Abstract: Network bandwidth is allocated to storage access requests as a function of a client system activities. Client system activities that produce network access requests and remote storage access requests are monitored. The network bandwidth allocation between network access requests and storage access requests is modified as a function of the monitored client system activities.

Abstract translation: 作为客户端系统活动的功能，网络带宽被分配给存储访问请求。 监视产生网络访问请求和远程存储访问请求的客户端系统活动。 网络访问请求和存储访问请求之间的网络带宽分配被修改为受监视的客户端系统活动的功能。

公开(公告)号：US20080162932A1

公开(公告)日：2008-07-03

申请号：US11647932

申请日：2006-12-29

Applicant: David Carroll Challener ,  John H. Nicholson ,  Joseph Michael Pennisi ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  John H. Nicholson ,  Joseph Michael Pennisi ,  Rod D. Waltermann

IPC: H04L9/14

CPC classification number: G06F21/57 ,  G06F21/51 ,  H04L9/0897 ,  H04L9/3236

Abstract: A system and method for authenticating suspect code includes steps of: receiving the suspect code for a first instance of a trusted platform module; loading the suspect code into a trusted platform module device operatively associated with a processor, wherein the suspect code is loaded outside of a shielded location within the trusted platform module device; retrieving a validation public key from a table and storing it in a register in the trusted platform module device, the validation public key indexed by the suspect code; and retrieving a hash algorithm from the table, the hash algorithm indexed by the suspect code. The hash algorithm is run to derive a first hash value; then, using the validation public key, the second hash value is decrypted to derive a second decrypted hash value. The two hash values are compared; and upon determining a match, the suspect code is loaded into the shielded location of the processor for execution by the processor.

Abstract translation: 用于认证可疑代码的系统和方法包括以下步骤：接收可信平台模块的第一实例的可疑代码; 将可疑代码加载到与处理器可操作地相关联的可信任的平台模块设备中，其中可疑代码被加载到可信平台模块设备内的屏蔽位置之外; 从表中检索验证公钥并将其存储在可信平台模块设备中的寄存器中，由可疑代码索引的验证公钥; 并从表中检索散列算法，由可疑代码索引的哈希算法。 运行散列算法以导出第一散列值; 然后，使用验证公钥，解密第二哈希值以导出第二解密哈希值。 比较两个哈希值; 并且在确定匹配时，可疑代码被加载到处理器的屏蔽位置以供处理器执行。

公开(公告)号：US20080148389A1

公开(公告)日：2008-06-19

申请号：US11612092

申请日：2006-12-18

Applicant: Howard Locker ,  Daryl Cromer ,  Randall S. Springfield ,  Rod D. Waltermann

Inventor： Howard Locker ,  Daryl Cromer ,  Randall S. Springfield ,  Rod D. Waltermann

IPC: G06F7/04

CPC classification number: G06F21/575

Abstract: A method for providing centralized user authorization to allow secure sign-on to a computer system is disclosed. In response to a user attempting to boot up a computer system, a message is sent to a trusted server by a hypervisor within the computer to request a new hard drive password for the computer system. If the user is not authorized to access the computer system, a packet is sent by the trusted server to instruct the hypervisor to stop any boot process on the computer system. If the user is authorized to access the computer system, a packet containing a partial hard drive password is sent by the trusted server to the computer system. The packet is then encrypted with a system public key by the computer system to yield the partial hard drive password. The computer system subsequently combines the partial hard drive password with a user password to generate a new complete hard drive password to continue with the boot process.

Abstract translation: 公开了一种用于提供集中式用户授权以允许对计算机系统进行安全登录的方法。 响应于尝试启动计算机系统的用户，由计算机内的虚拟机管理程序向可信服务器发送消息，以请求计算机系统的新的硬盘驱动器密码。 如果用户没有权限访问计算机系统，则可信服务器发送一个数据包，以指示管理程序停止计算机系统上的任何引导过程。 如果用户被授权访问计算机系统，则包含部分硬盘驱动器密码的分组由可信服务器发送到计算机系统。 然后，计算机系统使用系统公钥对数据包进行加密，以产生部分硬盘驱动器密码。 计算机系统随后将部分硬盘驱动器密码与用户密码相结合，以生成新的完整硬盘驱动器密码，以继续引导过程。

公开(公告)号：US20080077785A1

公开(公告)日：2008-03-27

申请号：US11535538

申请日：2006-09-27

Applicant: Rod D. Waltermann ,  Daryl Cromer ,  Howard J. Locker ,  Randall S. Springfield

Inventor： Rod D. Waltermann ,  Daryl Cromer ,  Howard J. Locker ,  Randall S. Springfield

IPC: G06F15/177 ,  G06F9/00

CPC classification number: G06F21/10 ,  G06F21/55 ,  G06F2221/0737 ,  G06F2221/0775 ,  G06F2221/2135

Abstract: A method for preventing unauthorized modifications to a rental computer system is disclosed. During boot up of the rental computer system, a determination is made whether or not a time-day card is bound to the rental computer system. If the time-day card is bound to the rental computer system, another determination is made whether or not a time/date value on the time-day card is less than a secure time/date value stored in a secure storage location during the most recent power down. If the time/date value on the time-day card is not less than the secure time/date value, yet another determination is made whether or not the time/date value is less than an end time/date rental value. If the time/date value is less than the end time/date rental value, the rental computer system continues to boot.

Abstract translation: 公开了一种防止对租赁计算机系统的未经授权的修改的方法。 在租赁计算机系统的引导期间，确定时间日卡是否绑定到租赁计算机系统。 如果时间日卡被绑定到租赁计算机系统，则另外确定时间日卡上的时间/日期值是否小于最多存储在安全存储位置中的安全时间/日期值 最近掉电。 如果时间日卡上的时间/日期值不小于安全时间/日期值，则另外确定时间/日期值是否小于结束时间/日期租赁值。 如果时间/日期值小于结束时间/日期租金值，则租用计算机系统将继续启动。