利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

128 条记录 (耗时 0.027 秒)

    System and Method for Reporting the Trusted State of a Virtual Machine
    81.
    发明申请
    System and Method for Reporting the Trusted State of a Virtual Machine 有权
    用于报告虚拟机的可信状态的系统和方法

    公开(公告)号:US20080244569A1

    公开(公告)日:2008-10-02

    申请号:US11693927

    申请日:2007-03-30

    申请人: David Carroll Challener Mark Charles Davis

    发明人: David Carroll Challener Mark Charles Davis

    IPC分类号: G06F9/455

    CPC分类号: G06F21/57 G06F9/45558 G06F2009/4557 G06F2009/45587

    摘要: A system, method, and program product is provided that executes a start sequence of an information handling system that includes a hardware based TPM. Multiple PCRs are stored in the TPM and are initialized to a predetermined state when the start sequence commences. During execution of the start sequence, software modules, including a hypervisor, are loaded the system's memory. PCR values resulting from the loading of the software modules are calculated. The resulting PCR values are compared with expected PCR values. If the PCR values match the expected PCR values, then a virtual environment is created under the hypervisor. The virtual environment includes a VM and a virtual trust platform module (vTPM) that is used by the virtual machine to satisfy the virtual machines TPM requests.

    摘要翻译: 提供了一种执行包括基于硬件的TPM的信息处理系统的起始序列的系统,方法和程序产品。 多个PCR存储在TPM中,并且当开始序列开始时被初始化为预定状态。 在执行启动序列期间,软件模块(包括管理程序)将加载系统的内存。 计算由加载软件模块产生的PCR值。 将所得PCR值与预期的PCR值进行比较。 如果PCR值与预期PCR值匹配,则在管理程序下创建虚拟环境。 虚拟环境包括虚拟机和虚拟信托平台模块(vTPM),虚拟机用于满足虚拟机TPM请求。

    Apparatus, system, and method for sealing a data repository to a trusted computing platform
    82.
    发明授权
    Apparatus, system, and method for sealing a data repository to a trusted computing platform 有权
    用于将数据存储库密封到可信计算平台的装置,系统和方法

    公开(公告)号:US07421588B2

    公开(公告)日:2008-09-02

    申请号:US10749057

    申请日:2003-12-30

    申请人: David Carroll Challener Joseph Wayne Freeman Steven Dale Goodman Randall Scott Springfield

    发明人: David Carroll Challener Joseph Wayne Freeman Steven Dale Goodman Randall Scott Springfield

    IPC分类号: G06F12/14

    CPC分类号: G06F21/575 G06F21/62 G06F2221/2107

    摘要: An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.

    摘要翻译: 描述了将数据存储库密封到可信计算平台的装置,方法和系统。 可以通过加密存储库中的数据并将密码密封到特定的一组平台资源来密封数据存储库。 将数据存储库密封到平台,如果系统配置受到威胁,例如插入“snoopware”或修改的BIOS,则系统引导顺序将失败。 另外,如果包含数据存储库的计算机丢失或被盗,加密数据将保持安全,即使存储库附加到修改为绕过正常保护措施的系统。

    System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer
    83.
    发明授权
    System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer 有权
    用于通过便携式计算机限制访问安全数据到与连接到基本计算机的便携式计算机设定的时间的系统和装置

    公开(公告)号:US07389536B2

    公开(公告)日:2008-06-17

    申请号:US09993135

    申请日:2001-11-14

    申请人: David Carroll Challener Ernest Nelson Mandese Hernando Ovies James Peter Ward

    发明人: David Carroll Challener Ernest Nelson Mandese Hernando Ovies James Peter Ward

    IPC分类号: H04L9/00 G06F11/00

    CPC分类号: G06F21/88 G06F21/606 G06F21/62 G06F2221/2137

    摘要: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.

    摘要翻译: 只有当系统中的计时器正在运行时才能通过便携式计算系统访问安全数据。 定时器被重置,便携式系统通过电缆直接连接到基本系统,或通过电话网络间接连接。 在初始化过程中,便携式和基本系统交换诸如公共密码密钥的数据,这些密钥稍后用于确认便携式系统连接到相同的基本系统。 在一个实施例中,初始化过程还包括将从便携式系统发送的密码存储在基本系统内,随后在复位过程中需要该密码。

    Super secure migratable keys in TCPA
    85.
    发明授权
    Super secure migratable keys in TCPA 有权
    TCPA中的超级安全可迁移密钥

    公开(公告)号:US07242768B2

    公开(公告)日:2007-07-10

    申请号:US10046437

    申请日:2002-01-14

    申请人: David Carroll Challener

    发明人: David Carroll Challener

    IPC分类号: H04L9/00

    CPC分类号: G06F21/57 G06F21/62

    摘要: A method for providing security with a secure chip, includes: creating a migratable keyblob using a first random number, where the migratable keyblob contains a key; wrapping the migratable keyblob with a public key of the key's parent key; encrypting the first random number with a pass phrase for a user of the key; storing the encrypted first random number; and migrating the migratable keyblob from the computer to itself. If the private key of the secure chip is stolen, the thief can only unwrap keys which are ancestors of the key in the migratable keyblob. To obtain the key in the migratable keyblob, the random number used to create it is required. However, the pass phrase of the user is required to decrypt it. This increases the security of the key stored in the migratable keyblob and its children keys.

    摘要翻译: 一种用于向安全芯片提供安全性的方法,包括:使用第一随机数创建可迁移密钥块,其中所述可迁移密钥块包含密钥; 使用密钥的父密钥的公钥来包装可迁移的keyblob; 用密钥的用户的密码加密第一随机数; 存储加密的第一随机数; 并将可迁移的键盘从计算机迁移到自身。 如果安全芯片的私钥被盗,小偷只能打开可移植键盘中的键的祖先的密钥。 要获取可迁移keyblob中的密钥,需要用于创建它的随机数。 然而,用户的密码短语需要解密。 这增加了存储在可迁移键区及其子键中的密钥的安全性。

    Method of creating password list for remote authentication to services
    86.
    发明授权
    Method of creating password list for remote authentication to services 失效
    创建用于远程认证服务的密码列表的方法

    公开(公告)号:US07194762B2

    公开(公告)日:2007-03-20

    申请号:US09998484

    申请日:2001-11-30

    申请人: David Carroll Challener Steven Dale Goodman

    发明人: David Carroll Challener Steven Dale Goodman

    IPC分类号: H04L9/14

    CPC分类号: G06F21/46

    摘要: A method for providing security in password-based access to computer networks, the network including a server and a remote user, includes: signing a phrase by a security chip of the server using an encryption key; associating the signed phrase with the remote user; signing the phrase with an encryption key obtained by the security chip when a request for access to the computer network is received from the remote user; comparing the phrase signed with the obtained encryption key with the signed phrase associated with the remote user; and granting access to the remote user if the phrase signed with the obtained encryption key is the same as the stored signed phrase associated with the remote user. The use of the encryption key protects against “dictionary attacks”. Use of the security chip protects against offline attacks. These provide greater security for the computer network.

    摘要翻译: 一种用于提供对计算机网络的基于密码的访问中的安全性的方法,所述网络包括服务器和远程用户,包括:使用加密密钥由所述服务器的安全芯片签名短语; 将有符号短语与远程用户相关联; 当从远程用户接收到访问计算机网络的请求时,利用由安全芯片获得的加密密钥来签名该短语; 将与获得的加密密钥签名的短语与与远程用户相关联的有符号短语进行比较; 以及如果使用获得的加密密钥签名的短语与与远程用户相关联的所存储的已签名短语相同,则允许对远程用户的访问。 使用加密密钥可防止“字典攻击”。 使用安全芯片可防止脱机攻击。 这些为计算机网络提供了更大的安全性。

    Method and system for improved computer security utilizing dynamically variable security profile
    87.
    发明授权
    Method and system for improved computer security utilizing dynamically variable security profile 失效
    使用动态可变安全性配置文件改进计算机安全的方法和系统

    公开(公告)号:US07096496B1

    公开(公告)日:2006-08-22

    申请号:US09454646

    申请日:1999-12-06

    申请人: David Carroll Challener Richard Alan Dayan Palmer Eugene Newman

    发明人: David Carroll Challener Richard Alan Dayan Palmer Eugene Newman

    IPC分类号: G06F21/20 G06F15/177

    CPC分类号: G06F21/575 G06F21/31 G06F2221/2101 G06F2221/2113

    摘要: A system and method of providing increased security of a personal computer through the use of its operating system and initialization. The invention provides a security profile which indicates the level of authorization which the user has and the security exposure which a user will be permitted, which combines with a stored log of attempts to access the personal computer through the use of the password and the results of each attempt to provide a system where unsuccessful attempts will turn off the system. The system also includes a plurality of access levels so that some functions in the computer may be denied to a user but permitted to a system administrator. The access log also may include a record of physical security attacks or attempt, such as removing the covers of a personal computer. The system and method of the present invention have the advantage that, as a result of maintaining information on access attempt and other security information, a security profile may be established and criteria imposed on the user which will improve the security of the personal computer.

    摘要翻译: 一种通过使用其操作系统和初始化来提供个人计算机的增强的安全性的系统和方法。 本发明提供了一种安全简档,其指示用户具有的授权级别和用户将被允许的安全暴露,其结合存储的通过使用密码访问个人计算机的登录日志和结果 每个尝试提供一个系统,其中不成功的尝试将关闭系统。 该系统还包括多个访问级别,使得计算机中的一些功能可能被拒绝给用户但允许系统管理员。 访问日志还可以包括物理安全攻击或尝试的记录,诸如去除个人计算机的盖子。 本发明的系统和方法的优点在于,作为维护关于访问尝试和其他安全信息的信息的结果,可以建立安全简档和施加在用户上的标准,这将提高个人计算机的安全性。

    Enabling a docking station for ISA adapters
    90.
    发明授权
    Enabling a docking station for ISA adapters 有权
    启用ISA适配器的扩展坞

    公开(公告)号:US06772264B1

    公开(公告)日:2004-08-03

    申请号:US09575592

    申请日:2000-05-22

    申请人: Richard Alan Dayan David Carroll Challener John Mason Elmore Richard Allen Kelley

    发明人: Richard Alan Dayan David Carroll Challener John Mason Elmore Richard Allen Kelley

    IPC分类号: G06F1300

    CPC分类号: G06F1/1632

    摘要: A docking station system for use with a computer system which includes an externally accessible PC Card interface for transferring signals conforming to the PC Card standard to a docking station enclosure. The docking station enclosure includes a PC Card connector that connects to and passes interface signals between the PC Card interface of the computer system and the docking station enclosure. The docking station enclosure further includes an ISA bus structure conforming to the ISA bus standard. Additionally, the docking station enclosure incorporates conversion logic which is connected to receive signals from the computer system via the PC Card connector, and converts these received signals to signals for operating the ISA bus structure. The computer system includes conversion logic which is connected to receive signals from the docking station enclosure via the PC Card connector, and to convert these signals to system interrupt requests. In this manner, one or more ISA adapters can be utilized in the docking station enclosure to emulate one or more PC Card functions at the PC Card interface.

    摘要翻译: 用于计算机系统的对接站系统,其包括可外部访问的PC卡接口,用于将符合PC卡标准的信号传送到坞站机箱。 对接站机箱包括一个PC卡连接器,它连接到计算机系统的PC卡接口和扩展坞机箱之间的接口信号。 坞站外壳还包括符合ISA总线标准的ISA总线结构。 此外,对接站机箱包含转换逻辑,其连接以经由PC卡连接器从计算机系统接收信号,并将这些接收的信号转换为用于操作ISA总线结构的信号。 计算机系统包括转换逻辑,其连接以经由PC卡连接器从对接站机箱接收信号,并将这些信号转换为系统中断请求。 以这种方式,可以在坞站机箱中使用一个或多个ISA适配器来模拟PC卡接口处的一个或多个PC卡功能。