-
公开(公告)号:US08266449B2
公开(公告)日:2012-09-11
申请号:US12415495
申请日:2009-03-31
IPC分类号: G06F21/00
CPC分类号: H04L9/0897 , G06F11/1662 , G06F11/2094 , H04L9/3226
摘要: The invention broadly contemplates a security solution for storage devices that is inexpensive and robust. The invention allows a store of system specific data to be used to release the hard disk key of full-disk encryption (FDE) drives. This system specific data is passed to the FDE drives and used to calculate the actual encryption key. This allows for safe disposal of an FDE drive containing confidential data, as the lack of available system specific decryption data makes decryption virtually impossible.
摘要翻译: 本发明广泛地考虑了廉价且鲁棒的存储设备的安全解决方案。 本发明允许存储系统特定数据以释放全盘加密(FDE)驱动器的硬盘密钥。 该系统的特定数据被传递到FDE驱动器并用于计算实际的加密密钥。 这允许安全处理包含机密数据的FDE驱动器,因为缺少可用的系统特定解密数据使解密几乎不可能。
-
公开(公告)号:US08132019B2
公开(公告)日:2012-03-06
申请号:US12140784
申请日:2008-06-17
IPC分类号: G06F21/00
CPC分类号: G06F21/32 , G06F21/31 , G06F21/575 , G06Q20/206 , G06Q20/4012
摘要: Arrangements which permit the employment of dedicated user-access management architecture with more than text-based access. Particularly contemplated herein are arrangements for accepting user identifiers that are then communicated to an intermediate user-delineating architecture (i.e., architecture configured for permitting access to encrypted data or sections of a computer on a user-specific basis) in a manner to permit the user-delineating architecture to perform its own task of unlocking data or sections of a computer.
摘要翻译: 允许使用专用的用户访问管理架构的安排不仅仅是基于文本的访问。 在此特别考虑的是用于接受用户标识符的安排,该用户标识符然后传送到中间用户描述架构(即,被配置为允许以用户特定的基础访问计算机的加密数据或部分的架构),以允许用户 线性架构来执行自己的任务,解锁数据或计算机的部分。
-
63.发明授权Method and apparatus for providing a secure single sign-on to a computer system 有权用于向计算机系统提供安全单点登录的方法和装置公开(公告)号:US07941847B2
公开(公告)日:2011-05-10
申请号:US11535110
申请日:2006-09-26
申请人: David Rivera , David C. Challener , William F. Keown, Jr. , Joseph M. Pennisi , Randall S. Springfield
发明人: David Rivera , David C. Challener , William F. Keown, Jr. , Joseph M. Pennisi , Randall S. Springfield
IPC分类号: G06F7/04
CPC分类号: G06F21/34
摘要: A method for providing a secure single sign-on to a computer system is disclosed. Pre-boot passwords are initially stored in a secure storage area of a smart card. The operating system password, which has been encrypted to a blob, is stored in a non-secure area of the smart card. After the smart card has been inserted in a computer system, a user is prompted for a Personal Identification Number (PIN) of the smart card. In response to a correct smart card PIN entry, the blob stored in the non-secure storage area of the smart card is decrypted to provide the operating system password, and the operating system password along with the pre-boot passwords stored in the secure storage area of the smart card are then utilized to log on to the computer system.
摘要翻译: 公开了一种用于向计算机系统提供安全单点登录的方法。 预引导密码最初存储在智能卡的安全存储区域中。 已经加密到Blob的操作系统密码存储在智能卡的非安全区域。 在将智能卡插入计算机系统中之后,将提示用户输入智能卡的个人识别号码(PIN)。 响应于正确的智能卡PIN条目,存储在智能卡的非安全存储区域中的斑点被解密以提供操作系统密码,以及操作系统密码以及存储在安全存储器中的预引导密码 然后使用智能卡的区域登录到计算机系统。
-
公开(公告)号:US20090313478A1
公开(公告)日:2009-12-17
申请号:US12140784
申请日:2008-06-17
CPC分类号: G06F21/32 , G06F21/31 , G06F21/575 , G06Q20/206 , G06Q20/4012
摘要: Arrangements which permit the employment of dedicated user-access management architecture with more than text-based access. Particularly contemplated herein are arrangements for accepting user identifiers that are then communicated to an intermediate user-delineating architecture (i.e., architecture configured for permitting access to encrypted data or sections of a computer on a user-specific basis) in a manner to permit the user-delineating architecture to perform its own task of unlocking data or sections of a computer.
摘要翻译: 允许使用专用的用户访问管理架构的安排不仅仅是基于文本的访问。 在此特别考虑的是用于接受用户标识符的安排,该用户标识符然后传送到中间用户描述架构(即,被配置为允许以用户特定的基础访问计算机的加密数据或部分的架构),以允许用户 线性架构来执行自己的任务,解锁数据或计算机的部分。
-
公开(公告)号:US07096157B2
公开(公告)日:2006-08-22
申请号:US10902359
申请日:2004-07-29
IPC分类号: G06F19/00
CPC分类号: G06F11/2221 , G11B20/1816 , G11B27/36 , G11B2220/2516
摘要: There are many files in the current generation of computers, especially on the hardfile, that are not used or used only infrequently during operation. For instance, the system may contain many help text files which may never be accessed. The same applies to the DLL's. Also, some files are accessed only during a boot cycle. The present invention provides a method and program to track the locations of files in a computer which have been accessed so that, when an error occurs, only the files that need to be tested are diagnostically tested for errors, thus saving time and resources.
摘要翻译: 当前一代的计算机中有很多文件,特别是在硬盘上,这些文件在操作过程中不常用或不常用。 例如,系统可能包含许多可能永远不会访问的帮助文本文件。 这同样适用于DLL。 而且,一些文件只能在引导周期中访问。 本发明提供了一种方法和程序,用于跟踪已经被访问的计算机中的文件的位置,使得当发生错误时,只有需要测试的文件被诊断性地测试错误,从而节省时间和资源。
-
公开(公告)号:US08566600B2
公开(公告)日:2013-10-22
申请号:US12040535
申请日:2008-02-29
IPC分类号: G06F21/00
CPC分类号: G06F21/31 , G06F21/575
摘要: In accordance with at least one presently preferred embodiment of the present invention, there is broadly contemplated herein the managing of a POP not solely in the BIOS but at least partly in a more secure location. In accordance with a particularly preferred embodiment of the present invention, this location could be in a NVRAM (non-volatile random access memory) inside a TPM (trusted platform module). Most preferably, this location will contain code that the BIOS preferably will need to access and employ in order to complete the booting of the system.
摘要翻译: 根据本发明的至少一个目前优选的实施例,这里广泛考虑到不仅在BIOS中管理POP,而且至少部分地在更安全的位置。 根据本发明的特别优选的实施例,该位置可以在TPM(可信平台模块)内的NVRAM(非易失性随机存取存储器)中。 最优选地,该位置将包含BIOS优选地需要访问和应用以便完成系统引导的代码。
-
公开(公告)号:US20120239939A1
公开(公告)日:2012-09-20
申请号:US13049071
申请日:2011-03-16
CPC分类号: G06F21/62 , G06F21/78 , G06F2221/2107 , H04L9/3226
摘要: Systems, methods and products are described that provide secure resume for encrypted drives. One aspect provides a method including: receiving an indication to resume from a suspended state at a computing device; responsive to authenticating a user at one or more input devices, accessing a value in a BIOS derived from authenticating the user at the one or more input devices; responsive to accessing the value, releasing a credential for unlocking one or more encrypted drives; and thereafter proceeding to resume from the suspend state.
摘要翻译: 描述了为加密驱动器提供安全恢复的系统,方法和产品。 一个方面提供了一种方法,包括:在计算设备处接收从暂停状态恢复的指示; 响应于在一个或多个输入设备处验证用户,访问在所述一个或多个输入设备处认证所述用户而导出的BIOS中的值; 响应于访问该值,释放用于解锁一个或多个加密驱动器的凭证; 之后继续从暂停状态恢复。
-
公开(公告)号:US20120239917A1
公开(公告)日:2012-09-20
申请号:US13049050
申请日:2011-03-16
IPC分类号: G06F9/00
CPC分类号: G06F21/575
摘要: Systems, methods and products are described that provide secure boot with a minimum number of re-boots. One aspect provides a method including receiving an indication to boot from a power off state at a computing device; responsive to authenticating a user at one or more input devices, releasing a value derived from authenticating the user at the one or more input devices; responsive to releasing the value, unlocking one or more encrypted drives with a previously established alternate credential; and thereafter proceeding to boot from the power off state. By not having to call the non-BIOS software each boot, this minimizes the number of reboots for each boot cycle.
摘要翻译: 描述了系统,方法和产品,提供了最少数量的重新启动的安全启动。 一方面提供一种方法,包括从计算设备处的关闭电源状态接收指示以引导; 响应于在一个或多个输入设备上认证用户,释放在所述一个或多个输入设备处认证用户导出的值; 响应于释放该值,用先前建立的替代证书解锁一个或多个加密的驱动器; 然后从断电状态开始引导。 通过不必每次启动都调用非BIOS软件,这样可以最大限度地减少每个启动周期的重新启动次数。
-
公开(公告)号:US20100162373A1
公开(公告)日:2010-06-24
申请号:US12341512
申请日:2008-12-22
申请人: Randall S. Springfield , Jeffrey M. Estroff , Seiichi Kawano , Mikio Hagiwara , David C. Challener , James P. Hoff , Binqiang Ma
发明人: Randall S. Springfield , Jeffrey M. Estroff , Seiichi Kawano , Mikio Hagiwara , David C. Challener , James P. Hoff , Binqiang Ma
IPC分类号: H04L9/32
CPC分类号: G06F21/34
摘要: In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.
摘要翻译: 在计算机系统的上下文中,在服务器而不是在客户端生成预引导密码。 优选地,在服务器处生成的预引导密码被分发给客户端,并且提供一个过程,由此用户可以建立他/她自己的代理(服务器不知道),可以用于将存储的密码释放到客户端硬件。 由于密码是在服务器上生成的,因此密码的管理因其在存储位置生成而大大方便。 这也使得容易实现诸如组策略的管理功能,因为密码生成软件将能够在用户和硬件之间进行逻辑连接。
-
公开(公告)号:US20100057440A1
公开(公告)日:2010-03-04
申请号:US12202311
申请日:2008-08-31
申请人: Randall S. Springfield , Jeffrey M. Estroff , Mikio Hagiwara , James P. Hoff , Seiichi Kawano , Noritoshi Yoshiyama
发明人: Randall S. Springfield , Jeffrey M. Estroff , Mikio Hagiwara , James P. Hoff , Seiichi Kawano , Noritoshi Yoshiyama
IPC分类号: G06F17/20 , G06F15/177
CPC分类号: G06F9/454
摘要: Systems and methods for providing multi-language support in a pre-boot environment are supplied. User interface type information, such as keyboard type information and translation tables, are ascertained and provided to the pre-boot environment of the apparatus, allowing the apparatus to properly receive and/or translate multi-language inputs in an appropriate fashion.
摘要翻译: 提供了在预引导环境中提供多语言支持的系统和方法。 确定用户界面类型信息,例如键盘类型信息和翻译表,并将其提供给设备的预引导环境,从而允许设备以合适的方式适当地接收和/或翻译多语言输入。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.031 秒)
