公开(公告)号：US20110154010A1

公开(公告)日：2011-06-23

申请号：US12641029

申请日：2009-12-17

Applicant: Randall S. Springfield ,  Howard J. Locker ,  David Rivera ,  Joseph M. Pennisi ,  Rod D. Waltermann

Inventor： Randall S. Springfield ,  Howard J. Locker ,  David Rivera ,  Joseph M. Pennisi ,  Rod D. Waltermann

IPC: H04L9/00 ,  G06F1/24

CPC classification number: H04L9/3234 ,  G06F21/57 ,  H04L9/3236 ,  H04L9/3263 ,  H04L2209/127

Abstract: An exemplary apparatus includes one or more processors; memory; circuitry configured to hash a value associated with core root of trust measurement code and system management code; store the hash in a secure register; load an operating system; validate a certificate associated with the core root of trust measurement code and validate a certificate associated with the system management code; based on the validated certificates, provide an expected hash associated with the core root of trust measurement code and the system management code; decide if the expected hash matches the hash stored in the register; and, if the expected hash matches the hash stored in the register, commence a dynamic root of trust measurement session. Various other apparatuses, systems, methods, etc., are also disclosed.

Abstract translation: 示例性装置包括一个或多个处理器; 记忆; 配置为对与信任测度代码的核心根和系统管理代码相关联的值进行散列的电路; 将哈希存储在安全寄存器中; 加载操作系统; 验证与信任测度代码的核心根相关联的证书，并验证与系统管理代码相关联的证书; 基于验证的证书，提供与信任测度代码的核心根和系统管理代码相关联的预期散列; 确定预期哈希是否与存储在寄存器中的哈希匹配; 并且如果期望的哈希与存储在寄存器中的哈希匹配，则启动信任测量会话的动态根。 还公开了各种其它装置，系统，方法等。

公开(公告)号：US07934214B2

公开(公告)日：2011-04-26

申请号：US11394792

申请日：2006-03-31

Applicant: Scott Edwards Kelso ,  Masahiko Nomura ,  David Andrew Sawin ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： Scott Edwards Kelso ,  Masahiko Nomura ,  David Andrew Sawin ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F9/445 ,  H04L29/06

CPC classification number: G06F8/61

Abstract: Computer implemented method, system and computer program product for controlling software entitlement. A computer implemented method for controlling software entitlement includes receiving a request to install a software item on a designated machine. A determination is made if the designated machine is of a machine type authorized for installation of the software item. If the designated machine is of a machine type authorized for installation of the software item, a determination is made, using stored configuration data, if at least one additional criterion specified for entitlement to install the software item on the designated machine is satisfied using stored configuration data. If the at least one additional criterion specified for entitlement to install the software item on the designated machine is satisfied, installation of the software item on the designated machine is enabled in accordance with the at least one additional criterion.

Abstract translation: 计算机实现方法，系统和计算机程序产品，用于控制软件授权。 用于控制软件授权的计算机实现的方法包括在指定的机器上接收安装软件项目的请求。 如果指定的机器是被授权安装软件项目的机器类型，则确定。 如果指定的机器是被授权安装软件项目的机器类型，则使用存储的配置数据确定如果使用存储的配置满足在指定机器上安装软件项目的权利所指定的至少一个附加标准 数据。 如果满足指定用于在指定机器上安装软件项目的权利的至少一个附加标准，则根据至少一个附加标准启用软件项目在指定机器上的安装。

公开(公告)号：US07818567B2

公开(公告)日：2010-10-19

申请号：US11535542

申请日：2006-09-27

Applicant: Rod D. Waltermann ,  David C. Challener ,  Philip L. Childs ,  Norman A. Dion, II ,  James Hunt ,  Nathan J. Peterson ,  David Rivera ,  Randall S. Springfield ,  Arnold S. Weksler

Inventor： Rod D. Waltermann ,  David C. Challener ,  Philip L. Childs ,  Norman A. Dion, II ,  James Hunt ,  Nathan J. Peterson ,  David Rivera ,  Randall S. Springfield ,  Arnold S. Weksler

IPC: H04L29/06

CPC classification number: G06F21/575 ,  G06F21/6209 ,  G06F2221/2107 ,  H04L9/0897 ,  H04L2209/127

Abstract: A method for protecting Security Accounts Manager (SAM) files within a Windows® operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows® operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

Abstract translation: 披露了一种在Windows®操作系统中保护安全帐户管理器（SAM）文件的方法。 通过在Windows®操作系统中提供的syskey实用程序加密SAM文件来生成SAM文件加密密钥。 然后，SAM文件加密密钥存储在虚拟软盘中，方法是选择将SAM文件加密密钥存储到syskey实用程序下的软盘中。 通过对SAM文件加密密钥执行可信平台模块（TPM）密封命令以及存储在性能控制寄存器和TPM存储根密钥中的值来生成blob。 斑点存储在计算机的非易失性存储区域中。

公开(公告)号：US07818553B2

公开(公告)日：2010-10-19

申请号：US11535538

申请日：2006-09-27

Applicant: Rod D. Waltermann ,  Daryl Cromer ,  Howard J. Locker ,  Randall S. Springfield

Inventor： Rod D. Waltermann ,  Daryl Cromer ,  Howard J. Locker ,  Randall S. Springfield

IPC: G06F15/177 ,  G06F9/00

CPC classification number: G06F21/10 ,  G06F21/55 ,  G06F2221/0737 ,  G06F2221/0775 ,  G06F2221/2135

Abstract: A method for preventing unauthorized modifications to a rental computer system is disclosed. During boot up of the rental computer system, a determination is made whether or not a time-day card is bound to the rental computer system. If the time-day card is bound to the rental computer system, another determination is made whether or not a time/date value on the time-day card is less than a secure time/date value stored in a secure storage location during the most recent power down. If the time/date value on the time-day card is not less than the secure time/date value, yet another determination is made whether or not the secure time/date value is less than an end time/date rental value. If the secure time/date value is less than the end time/date rental value, the rental computer system continues to boot.

Abstract translation: 公开了一种防止对租赁计算机系统的未经授权的修改的方法。 在租赁计算机系统的引导期间，确定时间日卡是否绑定到租赁计算机系统。 如果时间日卡被绑定到租赁计算机系统，则另外确定时间日卡上的时间/日期值是否小于最多存储在安全存储位置中的安全时间/日期值 最近掉电。 如果时间日卡上的时间/日期值不小于安全时间/日期值，则另外确定安全时间/日期值是否小于结束时间/日期租赁值。 如果安全时间/日期值小于结束时间/日期租金值，则租用计算机系统将继续启动。

公开(公告)号：US07702777B2

公开(公告)日：2010-04-20

申请号：US11024122

申请日：2004-12-28

Applicant: Daryl C. Cromer ,  Howard J. Locker ,  Randall S. Springfield ,  Rod D. Waltermann

Inventor： Daryl C. Cromer ,  Howard J. Locker ,  Randall S. Springfield ,  Rod D. Waltermann

IPC: G06F15/173 ,  G06F15/16

CPC classification number: G06F8/60

Abstract: A method and system are disclosed in which a management module (MM) designates an idle blade in a client blade farm to be an “administrative blade” that has administrator access to the virtual images of all users. The MM identifies when a particular user image is, or is not, in use and conveys this information to the administrative blade. The administrative blade performs virus scans, backups, defrags, patch installs, software upgrades, and other such maintenance functions on user images when they are inactive, thereby eliminating the performance impact to active users.

Abstract translation: 公开了一种方法和系统，其中管理模块（MM）将客户机刀片服务器场中的空闲刀片指定为具有对所有用户的虚拟映像的管理员访问权限的“管理刀片”。 MM识别特定用户图像何时或未使用，并将该信息传送给管理刀片。 管理刀片在不活动时对用户图像执行病毒扫描，备份，defrags，修补程序安装，软件升级和其他此类维护功能，从而消除对活动用户的性能影响。

公开(公告)号：US20100070715A1

公开(公告)日：2010-03-18

申请号：US12233264

申请日：2008-09-18

Applicant: Rod D. Waltermann ,  Mark Charles Davis

Inventor： Rod D. Waltermann ,  Mark Charles Davis

IPC: G06F12/08 ,  G06F12/12 ,  G06F15/177

CPC classification number: G06F12/0873 ,  G06F12/0868 ,  G06F2212/263

Abstract: An apparatus, system, and method are disclosed for deduplicating storage cache data. A storage cache partition table has at least one entry associating a specified storage address range with one or more specified storage partitions. A deduplication module creates an entry in the storage cache partition table wherein the specified storage partitions contain identical data to one another within the specified storage address range thus requiring only one copy of the identical data to be cached in a storage cache. A read module accepts a storage address within a storage partition of a storage subsystem, to locate an entry wherein the specified storage address range contains the storage address, and to determine whether the storage partition is among the one or more specified storage partitions if such an entry is found.

Abstract translation: 公开了用于重复数据删除存储高速缓存数据的装置，系统和方法。 存储高速缓存分区表具有至少一个将指定的存储地址范围与一个或多个指定的存储分区相关联的条目。 重复数据消除模块在存储高速缓存分区表中创建条目，其中指定的存储分区在指定的存储地址范围内彼此包含相同的数据，因此仅需要将相同数据的一个副本缓存在存储高速缓存中。 读取模块接受存储子系统的存储分区内的存储地址，以定位其中指定的存储地址范围包含存储地址的条目，并且如果这样的一个或多个存储分区 找到条目。

公开(公告)号：US20090249485A1

公开(公告)日：2009-10-01

申请号：US12054531

申请日：2008-03-25

Applicant: David Rivera ,  David C. Challener ,  Rod D. Waltermann

Inventor： David Rivera ,  David C. Challener ,  Rod D. Waltermann

IPC: G06F21/00

CPC classification number: G06F21/88

Abstract: A technique for identifying a user of a device includes receiving a tracking mechanism trigger and capturing (e.g., periodically) identifying information on the user of the device in response to the trigger.

Abstract translation: 用于识别设备的用户的技术包括响应于触发而接收跟踪机制触发和捕获（例如，周期性地）标识关于设备的用户的信息。

公开(公告)号：US20090201164A1

公开(公告)日：2009-08-13

申请号：US12028556

申请日：2008-02-08

Applicant: Arnold S. Weksler ,  Scott E. Kelso ,  Nathan J. Peterson ,  Rod D. Waltermann

Inventor： Arnold S. Weksler ,  Scott E. Kelso ,  Nathan J. Peterson ,  Rod D. Waltermann

IPC: G08B21/00

CPC classification number: H04M1/72527 ,  H04M2250/12

Abstract: A technique for preventing damage to a portable device includes detecting movement of a portable device and determining whether a port of the portable device is attached to an external device. When the external device is attached to the port, a notification is provided to a user of the portable device that the external device requires detachment from the portable device (e.g., assuming that the notification is not masked).

Abstract translation: 用于防止对便携式设备的损坏的技术包括检测便携式设备的移动并确定便携式设备的端口是否附接到外部设备。 当外部设备附接到端口时，向便携式设备的用户提供通知，外部设备需要从便携式设备拆卸（例如，假设通知未被屏蔽）。

公开(公告)号：US20080133905A1

公开(公告)日：2008-06-05

申请号：US11565452

申请日：2006-11-30

Applicant: David Carroll Challener ,  Seiichi Kawano ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Seiichi Kawano ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: H04L9/32

CPC classification number: H04L9/0822 ,  H04L9/3226

Abstract: An apparatus, system, and method are disclosed for remotely accessing a shared password. A storage module stores identifiers, passwords, and keys within a secure key structure of a client. The passwords and keys include a shared password encrypted with a shared password key that is encrypted with a service structure key. The storage module also stores the service structure key encrypted with a key derived from a service password on a trusted server. An input/output module accesses the trusted server from the client with a prospective service password and receives the encrypted service structure key from the trusted server if a hash of the prospective service password is equivalent to the service password. An encryption module may decrypt the service structure key with the prospective service password, the shared password key with the service structure key, and the shared password with the shared password key.

Abstract translation: 公开了用于远程访问共享密码的装置，系统和方法。 存储模块在客户端的安全密钥结构内存储标识符，密码和密钥。 密码和密钥包括使用通过服务结构密钥加密的共享密码密钥加密的共享密码。 存储模块还将在服务密码上导出的密钥加密的服务结构密钥存储在可信服务器上。 输入/输出模块从客户端接收可信服务密码，如果预期服务密码的散列等于服务密码，则从可信服务器接收加密的服务结构密钥。 加密模块可以利用预期服务密码，具有服务结构密钥的共享密码密钥和具有共享密码密钥的共享密码对服务结构密钥进行解密。

公开(公告)号：US20080104416A1

公开(公告)日：2008-05-01

申请号：US11529795

申请日：2006-09-29

Applicant: David C. Challener ,  John H. Nicholson ,  Joseph Pennisi ,  Rod D. Waltermann

Inventor： David C. Challener ,  John H. Nicholson ,  Joseph Pennisi ,  Rod D. Waltermann

IPC: H04L9/00 ,  G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC classification number: H04L9/0894 ,  G06F21/51 ,  H04L9/3234 ,  H04L9/3236 ,  H04L2209/127

Abstract: Method and apparatus for enabling applications on security processors of computer systems. In one aspect, a security processor apparatus includes a processor and a memory coupled to the processor and operative to store a secure table. The secure table stores different certified endorsement keys and different values, each value associated with one of the endorsement keys. Each stored value is derived from a different application that is certified by the associated endorsement key to be executed on the processor.

Abstract translation: 用于在计算机系统的安全处理器上实现应用的方法和装置。 在一个方面，一种安全处理器装置包括处理器和耦合到处理器并可操作以存储安全表的存储器。 安全表存储不同的认证密钥和不同的值，每个值与一个认可密钥相关联。 每个存储的值都是从由处理器执行的相关认可密钥认证的不同应用程序导出的。