公开(公告)号：US07779454B2

公开(公告)日：2010-08-17

申请号：US11564832

申请日：2006-11-29

Applicant: David Carroll Challener ,  Daryl Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F21/20

CPC classification number: H04L63/10 ,  G06F21/552 ,  G06F2221/2153

Abstract: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.

Abstract translation: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法，因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时，客户端的管理程序会将安全网络通知每个插入，安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求，客户端包括客户端插入值， 安全网络与其安全的网络侧跟踪器值进行比较。 当两个值不同时，安全网络向客户端发送动作请求，例如执行完整系统扫描的请求。 一旦客户端执行操作，客户端的管理程序将重置其客户端插入值，并尝试再次登录到安全网络。

公开(公告)号：US20100205375A1

公开(公告)日：2010-08-12

申请号：US12368882

申请日：2009-02-10

Applicant: David Carroll Challener ,  Richard Wayne Cheston ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Richard Wayne Cheston ,  Howard Locker ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F12/08

CPC classification number: G06F12/0868 ,  G06F2212/263 ,  G06F2212/314 ,  H04L29/08846 ,  H04L67/1097 ,  H04L67/2842

Abstract: A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.

Abstract translation: 公开了一种用于被管理客户端的前向缓存的方法，装置和系统。 存储模块将软件映像存储在后端服务器的存储设备上。 后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。 每个无盘数据处理装置与第一中间网络点直接通信。 存储模块在第一中间网络点高速缓存软件映像的图像实例。 跟踪模块检测对存储设备上的软件映像的更新。 存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。

公开(公告)号：US20100122250A1

公开(公告)日：2010-05-13

申请号：US12269668

申请日：2008-11-12

Applicant: David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

Inventor： David Carroll Challener ,  Mark Charles Davis ,  Randall Scott Springfield ,  Rod D. Waltermann

IPC: G06F9/445 ,  G06F9/455 ,  G06F9/46 ,  G06F15/177

CPC classification number: G06F21/53 ,  G06F8/61 ,  G06F9/4401 ,  G06F9/45558 ,  G06F9/468 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: An apparatus, system, and method are disclosed for granting hypervisor privileges. An installation module installs a monitor hypervisor wherein only the monitor hypervisor is granted the hypervisor privileges by the computer. An authentication module authenticates a second hypervisor. An eviction module evicts the monitor hypervisor if the second hypervisor is authenticated. The installation module further installs the second hypervisor after the monitor hypervisor is evicted so that only the second hypervisor is granted hypervisor privileges by the computer

Abstract translation: 公开了用于授予管理程序特权的装置，系统和方法。 安装模块安装监视器管理程序，其中只有监视器管理程序被计算机授予管理程序的权限。 认证模块认证第二管理程序。 如果第二个管理程序被认证，驱逐模块将使监视器管理程序移走。 在监视器管理程序被驱逐之后，安装模块进一步安装第二管理程序，使得只有第二管理程序被计算机授予管理程序特权

公开(公告)号：US07620997B2

公开(公告)日：2009-11-17

申请号：US10748919

申请日：2003-12-22

Applicant: David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Hernando Ovies ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Hernando Ovies ,  Randall Scott Springfield

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30

CPC classification number: H04L63/08 ,  H04W12/06 ,  H04W88/08

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract translation: 当经认证的无线计算机失去与网络的无线接入点的连接并漫游到另一接入点时，无线计算机（例如，计算机中的管理程序）确定新接入点是否被授权用于安全通信，如果是，则释放 通过新的接入点访问网络上的安全数据。

公开(公告)号：US20090222915A1

公开(公告)日：2009-09-03

申请号：US12040953

申请日：2008-03-03

Applicant: David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F21/79

Abstract: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

Abstract translation: 提供了一种系统，方法和程序产品，其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密，所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时，计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时，安全模块都会递减计数器。 当计算机系统重新启动时，如果计数器不在初始化值，系统内存将被擦除擦除留在内存中的任何秘密。

公开(公告)号：US07533274B2

公开(公告)日：2009-05-12

申请号：US10712237

申请日：2003-11-13

Applicant: Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

Inventor： Joseph Wayne Freeman ,  Steven Dale Goodman ,  Randall Scott Springfield

IPC: G06F9/24 ,  G06F9/22 ,  G06F9/30

CPC classification number: G06F21/572 ,  G06F21/575

Abstract: A method, computer program product and system for reducing the boot time of a TCPA based computing system. A flash memory in the TCPA based computing system may include a register comprising bits configured to indicate whether the segments of the flash memory have been updated. The flash memory may further include a table configured to store measurements of the segments of the flash memory. The flash memory may further include a boot block code that includes a Core Root of Trust for Measurement (CRTM). The CRTM may read the bits in the register to determine if any of the segments of the flash memory have been updated. The CRTM may further obtain the measurement values in the table for those segments that store the POST BIOS code that have not been updated thereby saving time from measuring the POST BIOS code and consequently reducing the boot time.

Abstract translation: 一种用于减少基于TCPA的计算系统的启动时间的方法，计算机程序产品和系统。 基于TCPA的计算系统中的闪速存储器可以包括寄存器，其包括被配置为指示闪速存储器的段是否已被更新的位。 闪存可以进一步包括被配置为存储闪存的片段的测量的表。 闪速存储器还可以包括引导块代码，其包括用于测量的信任核心根（CRTM）。 CRTM可以读取寄存器中的位，以确定闪存中的任何段是否已更新。 CRTM可以进一步获得存储POST BIOS代码的那些片段的表中的测量值，从而节省了测量POST BIOS代码的时间，从而减少了引导时间。

公开(公告)号：US20090119785A1

公开(公告)日：2009-05-07

申请号：US11934829

申请日：2007-11-05

Applicant: David Carroll Challener ,  Daryl Cromer ,  Philip John Jakes ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Cromer ,  Philip John Jakes ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F21/04

CPC classification number: G06F21/31 ,  G06F21/78 ,  G06F21/82 ,  G06F2221/2129

Abstract: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.

Abstract translation: 提供了一种系统，方法和程序产品，其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后，外围设备被锁定。 在外围设备被锁定之后，接收到解锁请求并将共享密钥发送到外围设备。 然后，外围设备尝试验证共享密钥。 如果共享密钥被成功验证，则外围设备被解锁，允许使用由验证的共享秘密提供的加密密钥来使用该设备。 另一方面，如果未验证共享密钥，则外围设备保持锁定，并且防止了设备的使用。

公开(公告)号：US20090089808A1

公开(公告)日：2009-04-02

申请号：US11865051

申请日：2007-09-30

Applicant: Howard Locker ,  David Challener ,  Daryl Cromer ,  James S. Rutledge ,  Randall Scott Springfield ,  James J. Thrasher ,  Michael Vanover

Inventor： Howard Locker ,  David Challener ,  Daryl Cromer ,  James S. Rutledge ,  Randall Scott Springfield ,  James J. Thrasher ,  Michael Vanover

IPC: G06F9/44

CPC classification number: G06F1/3225 ,  G06Q10/107

Abstract: Arrangements for permitting incoming mail to be transferred from a WAN Drive to a notebook computer hard drive under conditions that are not stressful to the hard drive. Preferably, a WAN card is configured to wake a notebook when mail capacity is full or close to full. Mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. In a variant embodiment, the WAN card may preferably be configured to wake a notebook when mail is received at all. Again, mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. Once mail is moved to the hard drive, the system preferably runs an embedded email program that allows the user to employ an existing VPN infrastructure.

Abstract translation: 允许接收邮件在不受硬盘驱动器压力的条件下从WAN驱动器传输到笔记本电脑硬盘驱动器的安排。 优选地，WAN卡被配置为当邮件容量已满或接近满时唤醒笔记本电脑。 然后，邮件最好从闪存驱动器移动到硬盘驱动器，经验证，这不会过度强调硬盘驱动器。 在一个变型实施例中，WAN卡优选地被配置成完全在接收到邮件时唤醒笔记本电脑。 再次，邮件优选地从闪存驱动器移动到硬盘驱动器，经过验证，这不会过度强调硬盘驱动器。 一旦邮件移动到硬盘驱动器，系统最好运行嵌入式电子邮件程序，允许用户使用现有的VPN基础设施。

公开(公告)号：US20090083555A1

公开(公告)日：2009-03-26

申请号：US11861597

申请日：2007-09-26

Applicant: David Carroll Challener ,  Daryl Cromer ,  Howard Locker ,  Randall Scott Springfield

Inventor： David Carroll Challener ,  Daryl Cromer ,  Howard Locker ,  Randall Scott Springfield

IPC: G06F1/32 ,  G06F15/16 ,  G06F21/00

CPC classification number: G06F21/6209 ,  G06F21/74 ,  G06F2221/2103 ,  G06F2221/2105 ,  H04L63/1441

Abstract: A method and system are disclosed for placing a computer in a safe and secure lock down state from a remote location using a remote command device such as a cellular telephone. The method and system includes optional security provisions before restarting the computer.

Abstract translation: 公开了一种用于使用诸如蜂窝电话的远程命令装置将计算机从远程位置放置在安全和安全的锁定状态的方法和系统。 在重新启动计算机之前，该方法和系统包括可选的安全规定。

公开(公告)号：US07483966B2

公开(公告)日：2009-01-27

申请号：US10749257

申请日：2003-12-31

Applicant: Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

Inventor： Daryl Carvis Cromer ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC: G06F15/173

CPC classification number: G06F1/3246 ,  G06F1/26 ,  G06F1/3203 ,  H04L12/12 ,  Y02D50/40 ,  Y02D50/42

Abstract: Systems, methods, and media for providing remote wake-up and management of systems in a network are disclosed. More particularly, hardware and/or software for a server to receive feedback from a client as to the status of its wake-on-LAN functionality is disclosed. Embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, transmitting a first network packet comprising a wake-on-LAN packet, and receiving a return wake-on-LAN packet, which comprises an indication of the address of the client and an indication of the status of the wake-on-LAN functionality of the client. Embodiments may also include transmitting a command to start a management session on the client.

Abstract translation: 公开了用于在网络中提供远程唤醒和系统管理的系统，方法和媒体。 更具体地，公开了用于从客户端接收关于其唤醒LAN功能的状态的反馈的服务器的硬件和/或软件。 实施例包括用于确定要管理的客户端的硬件和/或软件，确定客户端是否在网络上是活动的，发送包括LAN唤醒分组的第一网络分组以及接收LAN上的返回唤醒分组， 其包括客户端的地址的指示和客户端的唤醒LAN功能的状态的指示。 实施例还可以包括发送命令以在客户端上启动管理会话。