-
71.发明授权Method and system for tracking a secure boot in a trusted computing environment 有权用于在可信计算环境中跟踪安全引导的方法和系统公开(公告)号:US07191464B2
公开(公告)日:2007-03-13
申请号:US09978381
申请日:2001-10-16
申请人: Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , Eric Richard Kern , Randall Scott Springfield
发明人: Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , Eric Richard Kern , Randall Scott Springfield
IPC分类号: H04L9/32 , G06F15/177
CPC分类号: G06F21/575
摘要: A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.
摘要翻译: 公开了一种包含用于在具有多个设备的计算机系统中跟踪安全引导的编程指令的方法,系统和计算机可读介质。 所述方法,系统和计算机可读介质包括在所述计算机系统中提供嵌入式安全系统(ESS),其中所述ESS包括用于所述至少一个启动PCR中的每一个的至少一个引导平台配置寄存器(PCR)和阴影PCR, 启动平台重置以通过BIOS引导计算机系统,并且对于引导的设备,生成所述设备的测量值并将该值扩展到所述至少一个启动PCR中的一个及其相应的阴影PCR。 本发明的系统,方法和计算机可读介质还包括将引导PCR的测量值与其相应的阴影PCR进行比较,从而如果测量值匹配,则计算机系统被信任。
-
公开(公告)号:US07174465B2
公开(公告)日:2007-02-06
申请号:US10180160
申请日:2002-06-26
申请人: Joseph Wayne Freeman , Chad Lee Gettelfinger , Steven Dale Goodman , William Fred Keown, Jr. , Eric Richard Kern , Randall Scott Springfield
发明人: Joseph Wayne Freeman , Chad Lee Gettelfinger , Steven Dale Goodman , William Fred Keown, Jr. , Eric Richard Kern , Randall Scott Springfield
CPC分类号: G06F21/57
摘要: A method is disclosed for securely updating system attributes of a client computer with a BIOS and includes signing a public key of a secure server with a private key of the BIOS prior to completion of manufacturing of the client computer to create an encrypted public key and embedded private key stored at the server. The method includes receiving at the server a request packet transmitted from the client computer requesting system attribute modification, encrypting the request packet to create an encrypted packet, and transmitting a return packet to client computer comprising the encrypted packet, the server's public key, and server instructions. The client computer decrypts the request packet using the server's public key and compares it to the original request packet, and if identical, executes the server instructions to modify the client computer's boot block to update client computer's system attributes.
摘要翻译: 公开了一种用于使用BIOS安全地更新客户端计算机的系统属性的方法,并且包括在完成客户端计算机的制造之前用BIOS的私钥对安全服务器的公共密钥进行签名以创建加密的公共密钥并且嵌入 私钥存储在服务器端。 该方法包括在服务器处接收从客户端计算机发送的请求系统属性修改的请求分组,对请求分组进行加密以创建加密的分组,以及向包括加密分组,服务器的公钥和服务器的客户端计算机发送返回分组 说明。 客户端计算机使用服务器的公钥解密请求包,并将其与原始请求包进行比较,如果相同,则执行服务器指令修改客户端计算机的启动块以更新客户端计算机的系统属性。
-
公开(公告)号:US07107460B2
公开(公告)日:2006-09-12
申请号:US10077135
申请日:2002-02-15
申请人: Daryl Carvis Cromer , Scott Thomas Elliott , James Patrick Hoff , Howard Jeffrey Locker , David Rivera , Randall Scott Springfield , James Peter Ward
发明人: Daryl Carvis Cromer , Scott Thomas Elliott , James Patrick Hoff , Howard Jeffrey Locker , David Rivera , Randall Scott Springfield , James Peter Ward
摘要: An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.
-
74.发明授权Secure method and system to prevent external unauthorized remotely initiated power up events in computer 失效安全的方法和系统,以防止外部未经授权的远程启动电脑中的加电事件公开(公告)号:US07082129B2
公开(公告)日:2006-07-25
申请号:US10134936
申请日:2002-04-29
申请人: Daryl Carvis Cromer , Joseph Wayne Freeman , Chad Lee Gettelfinger , Steven Dale Goodman , Eric Richard Kern , Randall Scott Springfield
发明人: Daryl Carvis Cromer , Joseph Wayne Freeman , Chad Lee Gettelfinger , Steven Dale Goodman , Eric Richard Kern , Randall Scott Springfield
IPC分类号: H04L12/28
CPC分类号: G06F1/3209 , H04L12/12 , H04L45/20 , Y02D50/40
摘要: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method and system of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from one of the computers in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. Further, the sleeping computer compares a transit value in the incoming packet to a predetermined value stored at the sleeping computer. The transit value indicates how far the data packet has traveled through the network, indicating the approximate origin of the data packet. Knowing the approximate origin of the data packet allows the client system to identify if the data packet originated from an external network. The predetermined value represents an origin within the internal network. Accordingly, if the incoming packet matches the particular data sequence associated with the sleeping computer, and the transit value in the packet matches the predetermined value stored at the sleeping computer, then a signal is issued to wake the sleeping computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awaken.
摘要翻译: 在包括多个相互连接的计算机的计算机网络中,计算机中的一个是处于断电状态的休眠计算机,睡眠计算机监听与休眠计算机相关联的分组,从计算机唤醒睡眠计算机的方法和系统 网络。 传入的数据包从网络中的一台计算机发送到睡眠计算机。 当睡眠计算机检测到传入分组时,它确定传入分组是否包含与睡眠计算机相关联的数据序列。 此外,睡眠计算机将输入分组中的传输值与存储在睡眠计算机上的预定值进行比较。 传输值表示数据分组通过网络传播的距离,指示数据分组的近似来源。 知道数据包的近似来源允许客户端系统识别数据包是否源自外部网络。 预定值表示内部网络内的原点。 因此,如果输入分组与休眠计算机相关联的特定数据序列匹配,并且分组中的传输值与存储在睡眠计算机上的预定值匹配,则发出信号以唤醒睡眠计算机。 否则,传入的数据包被丢弃,并且睡眠的计算机没有被唤醒。
-
75.发明授权Method, system, and program for customizing a basic input/output system (“BIOS”) configuration according to the type of user 失效用于根据用户类型定制基本输入/输出系统(“BIOS”)配置的方法,系统和程序公开(公告)号:US06658562B1
公开(公告)日:2003-12-02
申请号:US09649440
申请日:2000-08-25
申请人: Ralph Bonomo , Richard Alan Dayan , Joseph Wayne Freeman , Robert Duane Johnson , Diane Nolterieke , Randall Scott Springfield
发明人: Ralph Bonomo , Richard Alan Dayan , Joseph Wayne Freeman , Robert Duane Johnson , Diane Nolterieke , Randall Scott Springfield
IPC分类号: G06F924
CPC分类号: G06F9/44505 , G06F9/4401 , G06F21/572
摘要: A method, system, and program for selecting and implementing a basic input/output system (“BIOS”) configuration among various BIOS configurations for a data processing system are disclosed. Different BIOS configurations are defined for various types of users, such as a home user, a commercial user, and a network user. Each of the BIOS configurations includes a different set of BIOS characteristics, such as program setup features security features, and network server features, under which the data processing system is able to run. The different BIOS configurations are stored into a memory device for the data processing system. A designation is set within the memory device that directs a processor of the data processing system to select and execute a desired one of the BIOS configurations for a particular type of user.
摘要翻译: 公开了一种用于在数据处理系统的各种BIOS配置之间选择和实现基本输入/输出系统(“BIOS”)配置的方法,系统和程序。 为各种类型的用户(例如家庭用户,商业用户和网络用户)定义不同的BIOS配置。 每个BIOS配置包括一组不同的BIOS特性,例如程序设置功能,安全功能和网络服务器功能,数据处理系统可以在这些功能下运行。 不同的BIOS配置被存储到用于数据处理系统的存储器设备中。 在存储器设备内设置指示数据处理系统的处理器为特定类型的用户选择并执行所需的一个BIOS配置的指定。
-
76.发明授权Data processing system and method for permitting a server to remotely provide a client computer system's settings password to the client 有权用于允许服务器向客户端远程提供客户计算机系统的设置密码的数据处理系统和方法公开(公告)号:US06601174B1
公开(公告)日:2003-07-29
申请号:US09255552
申请日:1999-02-22
申请人: Daryl Carvis Cromer , Richard Alan Dayan , Brandon Jon Ellison , Eric Richard Kern , Randall Scott Springfield
发明人: Daryl Carvis Cromer , Richard Alan Dayan , Brandon Jon Ellison , Eric Richard Kern , Randall Scott Springfield
IPC分类号: G06F1130
CPC分类号: H04L63/083 , G06F21/57
摘要: A data processing system and method are described for permitting a server computer system to remotely provide a client computer system's settings password to the client computer system. The client and server computer systems are coupled together utilizing a network. A network settings password is established within the client. The network settings password is required prior to permitting access to system settings included within the client. The client receives the network settings password from the server computer system utilizing the network. Access to the system settings is permitted in response to the receipt of the network settings password. In this manner, the server computer system remotely provides a network settings password to the client computer system.
摘要翻译: 描述了一种数据处理系统和方法,用于允许服务器计算机系统向客户端计算机系统远程提供客户端计算机系统的设置密码。 客户端和服务器计算机系统利用网络耦合在一起。 在客户端内建立网络设置密码。 在允许访问客户端中包含的系统设置之前,需要网络设置密码。 客户端使用网络从服务器计算机系统接收网络设置密码。 响应收到网络设置密码,可以访问系统设置。 以这种方式,服务器计算机系统向客户端计算机系统远程提供网络设置密码。
-
公开(公告)号:US6158020A
公开(公告)日:2000-12-05
申请号:US60279
申请日:1998-04-14
申请人: Howard Locker , Randall Scott Springfield , Daryl Carvis Cromer , David Benson Rhoades , James Peter Ward
发明人: Howard Locker , Randall Scott Springfield , Daryl Carvis Cromer , David Benson Rhoades , James Peter Ward
摘要: A client on a network is provided with auxiliary low power logic, at the network adapter, that is always active and simulates network traffic (e.g. Ethernet format) normally sent under control of the main client system processor(s). This logic receives commands from the network manager, even when the system CPU is powered down or the system is not operational; information which allows the network manager to exercise broader control and perform maintenance and upgrades which would otherwise require service call for maintenance and reconfiguration of the client system. The auxiliary logic also can receive and interpret commands from the network that conform to a predefined format.
摘要翻译: 在网络上的客户机提供辅助低功率逻辑,在网络适配器处,其始终是活动的并且模拟通常在主客户端系统处理器的控制下发送的网络流量(例如以太网格式)。 该逻辑从网络管理器接收命令,即使系统CPU断电或系统不可操作; 允许网络管理员进行更广泛的控制并进行维护和升级的信息,否则将要求维护和重新配置客户端系统的服务。 辅助逻辑还可以接收和解释来自网络的符合预定格式的命令。
-
公开(公告)号:US10678905B2
公开(公告)日:2020-06-09
申请号:US13051009
申请日:2011-03-18
摘要: Improved handling of couplable device recognition tasks in an electronic device such as a cell phone, smart phone, computer system, recording device or others is facilitated. Recognition of a couplable device such as a battery so as to enable exchange of power between the device and the battery or other couplable device functionality is determined by a match between one of a plurality of digital strings stored in the device and the decrypted response to an encrypted challenge derived from the one of stored strings. Control is exercised over the distribution of the encryption elements which enable the improved handling of the tasks.
-
公开(公告)号:US09148105B2
公开(公告)日:2015-09-29
申请号:US13004080
申请日:2011-01-11
CPC分类号: H03G3/34
摘要: An approach is provided that receives an audio request from a request source while an information handling machine, such as a computer system, is in a muted state. The request source is compared with a list of one more un-mute sources stored in a memory. If the comparison reveals that the request source is included in the list of un-mute sources, then the audio request is audibly played.
摘要翻译: 提供了一种在信息处理机器(诸如计算机系统)处于静音状态时从请求源接收音频请求的方法。 将请求源与存储在存储器中的另外一个非静音源的列表进行比较。 如果比较显示请求源被包括在非静音源的列表中,则音频请求被可听地播放。
-
公开(公告)号:US20120223671A1
公开(公告)日:2012-09-06
申请号:US13039371
申请日:2011-03-03
IPC分类号: H02J7/00
CPC分类号: H02J7/0029 , G06F1/3203 , G06F21/44 , G06F21/81 , H02J7/00 , H02J2007/0001 , H04L9/3263 , H04L9/3271
摘要: Improved handling of battery recognition tasks in an electronic device such as a cell phone, smart phone, computer system, recording device or others is facilitated. Recognition of a battery so as to enable exchange of power between the device and the battery is determined by a match between one of a plurality of number strings stored in the device and the decrypted response to an encrypted challenge derived from the one of stored number string.
摘要翻译: 改进了诸如手机,智能电话,计算机系统,记录装置等的电子设备中的电池识别任务的改进。 识别电池以使设备和电池之间的电力交换由存储在设备中的多个数字串中的一个之间的匹配和对从存储的数字串中的一个导出的加密质询的解密响应来确定 。
-
-
-
-
-
-
-
-
-
搜索结果
170 条记录 (耗时 0.027 秒)
