-
1.发明授权公开(公告)号:US09166798B2
公开(公告)日:2015-10-20
申请号:US14074940
申请日:2013-11-08
申请人: Muhammed Jaber , Sudhir Shetty , Theodore Webb, III , John Wilson
发明人: Muhammed Jaber , Sudhir Shetty , Theodore Webb, III , John Wilson
IPC分类号: H04L9/32
CPC分类号: H04L9/3263 , H04L9/3215 , H04L2209/56
摘要: Systems and methods for reducing problems and disadvantages associated with provisioning of information handling systems, including without limitation those associated with bare metal provisioning of information handling systems, are disclosed. A system may include a processor, and a memory and an access controller each communicatively coupled to the processor. The access controller may store an enterprise public key associated with an enterprise private key and a platform private key associated with the system. The access controller may be configured to: (i) authenticate communications received from a provisioning server communicatively coupled to the access controller based at least on an enterprise public certificate associated with the provisioning server and (ii) establish an asymmetrically cryptographic communications channel between the access controller and the provisioning server based at least on a platform public key associated with the platform private key, the platform private key, the enterprise public key, and the enterprise private key.
摘要翻译: 公开了用于减少与提供信息处理系统相关联的问题和缺点的系统和方法,包括但不限于与信息处理系统的裸机配置相关联的系统和方法。 系统可以包括处理器,以及每个通信地耦合到处理器的存储器和访问控制器。 访问控制器可以存储与企业私钥相关联的企业公钥和与系统相关联的平台私钥。 访问控制器可以被配置为:(i)至少基于与所述供应服务器相关联的企业公开证书,以及(ii)在所述访问之间建立非对称加密通信信道来认证从提供服务器通信地耦合到所述访问控制器的通信 至少基于与所述平台私钥相关联的平台公钥,所述平台私钥,所述企业公钥和所述企业私钥的所述配置服务器。
-
2.发明申请SINGLE COMMAND FUNCTIONALITY FOR PROVIDING DATA SECURITY AND PREVENTING DATA ACCESS WITHIN A DECOMMISIONED INFORMATION HANDLING SYSTEM 有权提供数据安全性和防止数据访问在单独的信息处理系统中的单一命令功能公开(公告)号:US20140025947A1
公开(公告)日:2014-01-23
申请号:US13551033
申请日:2012-07-17
申请人: Muhammed Jaber , Jon Hass , Theodore Webb
发明人: Muhammed Jaber , Jon Hass , Theodore Webb
IPC分类号: G06F21/24
CPC分类号: G06F21/62 , G06F21/572 , G06F21/6218 , G06F2221/2143
摘要: A computer-implemented method comprises a service processor: establishing a kill switch encryption key (KSEK) to provide data security for data within storage devices of configurable components within a system; automatically encrypting, with the KSEK, data that is written to one of the storage devices; configuring the configurable components to prevent access to the stored data unless a valid copy of the KSEK is received from the service processor along with the request for the data; automatically decrypting, with the KSEK, the KSEK-encrypted data that is read from storage device; and in response to receiving a verified request to decommission the system, performing the decommissioning by deleting/erasing the KSEK from a secure storage at which the only instance of the KSEK is maintained. Deletion of the KSEK results in a permanent loss of access to the stored encrypted data within the system because the stored encrypted data cannot be decrypted without the KSEK.
摘要翻译: 计算机实现的方法包括服务处理器:建立杀死开关加密密钥(KSEK)以为系统内可配置组件的存储设备内的数据提供数据安全性; 使用KSEK自动加密写入其中一个存储设备的数据; 配置可配置组件以防止对存储的数据的访问,除非从服务处理器接收到有效的KSEK副本以及数据的请求; 使用KSEK自动解密从存储设备读取的KSEK加密数据; 并且响应于接收到验证的请求以使系统停止,通过从保持KSEK的唯一实例的安全存储器中删除/擦除KSEK来执行退役。 由于存储的加密数据无法在没有KSEK的情况下被解密,所以删除KSEK导致对系统内存储的加密数据的永久丢失。
-
公开(公告)号:US20100146582A1
公开(公告)日:2010-06-10
申请号:US12328213
申请日:2008-12-04
申请人: Muhammed Jaber , David Konetski , Don C. McCall , Frank H. Molsberry , Kenneth Wade Stufflebeam, JR. , Michele A. Kopp
发明人: Muhammed Jaber , David Konetski , Don C. McCall , Frank H. Molsberry , Kenneth Wade Stufflebeam, JR. , Michele A. Kopp
CPC分类号: G06F21/6218 , H04L63/0428
摘要: A method of enforcing an encryption policy in an information handling system for receiving a request for access to data, automatically identifying from a plurality of encryption policies a particular encryption policy associated with the requested data, selecting an available encryption implementation module capable of enforcing the identified encryption policy, and initiating an encryption or decryption of the requested data using the selected encryption implementation module.
摘要翻译: 一种在信息处理系统中执行加密策略的方法,用于接收对数据的访问请求,从多个加密策略中自动识别与所请求数据相关联的特定加密策略,选择能够执行所识别的加密策略的可用加密实现模块 加密策略,以及使用所选择的加密实现模块发起所请求数据的加密或解密。
-
4.发明申请公开(公告)号:US20050198417A1
公开(公告)日:2005-09-08
申请号:US10759640
申请日:2004-01-16
申请人: Craig Chaiken , Muhammed Jaber , Adolfo Montero
发明人: Craig Chaiken , Muhammed Jaber , Adolfo Montero
IPC分类号: G06F13/00
CPC分类号: G06F1/3209
摘要: A method and system for allowing a processor to enter low power states in an information handling system (IHS) includes detecting an access request for a bus mastering device. The method and system also includes in response to failing to detect an access request for the bus mastering device within a period of time, suspending a bus mastering device controller associated with the bus mastering device, wherein the now suspended bus mastering controller no longer prevents the processor from entering low power states.
摘要翻译: 一种用于允许处理器在信息处理系统(IHS)中进入低功率状态的方法和系统包括检测对总线主控装置的访问请求。 该方法和系统还包括响应于在一段时间内未能检测到对总线主控装置的访问请求,暂停与总线主控装置相关联的总线主控装置控制器,其中现在暂停的总线控制器控制器不再阻止 处理器进入低功耗状态。
-
公开(公告)号:US20050071692A1
公开(公告)日:2005-03-31
申请号:US10672129
申请日:2003-09-26
申请人: Craig Chaiken , Muhammed Jaber , Kendall Witte
发明人: Craig Chaiken , Muhammed Jaber , Kendall Witte
CPC分类号: G06F9/4418
摘要: Information handling system functions performed with an information handling system operating system in a quiescent state, such as ROM flashing, diagnostics BIOS warning screens and hard disc drive backup, are supported through an operating system quiescent state initiated by a simulated power down state which leaves one or more processing components of the information handling system operational. For instance, an operating system utility sets a BIOS flag and pointer so that an ACPI S3 power down state places the operating system in a quiescent state but an S3 suspend call from the operating system is intercepted and a quiescent state function called by the BIOS. Recovery of the operating system from the quiescent state is initiated with the BIOS so that a reboot of the information handling system is avoided.
摘要翻译: 通过由模拟掉电状态启动的操作系统静止状态支持处于静止状态的信息处理系统操作系统(例如ROM闪烁,诊断BIOS警告屏幕和硬盘驱动器备份)的信息处理系统功能, 或更多处理组件的信息处理系统运行。 例如,操作系统实用程序设置BIOS标志和指针,使得ACPI S3掉电状态使操作系统处于静止状态,但是来自操作系统的S3挂起呼叫被截取,并且由BIOS调用静态状态功能。 使用BIOS启动从静态状态恢复操作系统,从而避免重新启动信息处理系统。
-
6.发明授权Single command functionality for providing data security and preventing data access within a decommissioned information handling system 有权单一命令功能,用于提供数据安全性并防止已停用的信息处理系统中的数据访问公开(公告)号:US08938626B2
公开(公告)日:2015-01-20
申请号:US13551033
申请日:2012-07-17
申请人: Muhammed Jaber , Jon Hass , Theodore Webb
发明人: Muhammed Jaber , Jon Hass , Theodore Webb
CPC分类号: G06F21/62 , G06F21/572 , G06F21/6218 , G06F2221/2143
摘要: A computer-implemented method comprises a service processor: establishing a kill switch encryption key (KSEK) to provide data security for data within storage devices of configurable components within a system; automatically encrypting, with the KSEK, data that is written to one of the storage devices; configuring the configurable components to prevent access to the stored data unless a valid copy of the KSEK is received from the service processor along with the request for the data; automatically decrypting, with the KSEK, the KSEK-encrypted data that is read from storage device; and in response to receiving a verified request to decommission the system, performing the decommissioning by deleting/erasing the KSEK from a secure storage at which the only instance of the KSEK is maintained. Deletion of the KSEK results in a permanent loss of access to the stored encrypted data within the system because the stored encrypted data cannot be decrypted without the KSEK.
摘要翻译: 计算机实现的方法包括服务处理器:建立杀死开关加密密钥(KSEK)以为系统内可配置组件的存储设备内的数据提供数据安全性; 使用KSEK自动加密写入其中一个存储设备的数据; 配置可配置组件以防止对存储的数据的访问,除非从服务处理器接收到有效的KSEK副本以及数据的请求; 使用KSEK自动解密从存储设备读取的KSEK加密数据; 并且响应于接收到验证的请求以使系统停止,通过从保持KSEK的唯一实例的安全存储器中删除/擦除KSEK来执行退役。 由于存储的加密数据无法在没有KSEK的情况下被解密,所以删除KSEK导致对系统内存储的加密数据的永久丢失。
-
7.发明申请System and method for information handling system multimedia mode boot optimization 有权信息处理系统和方法多媒体模式启动优化公开(公告)号:US20050204181A1
公开(公告)日:2005-09-15
申请号:US10782160
申请日:2004-02-19
申请人: Adolfo Montero , Muhammed Jaber
发明人: Adolfo Montero , Muhammed Jaber
IPC分类号: G06F11/00
CPC分类号: G06F9/4406
摘要: An information handling system selectively boots to a normal operation mode having devices and applications configured to operate normally or a multimedia operation mode having devices and applications that support presentation of multimedia information enabled and other devices and applications disabled. In one embodiment, the multimedia mode improves portable information handling system multimedia performance by reducing power consumption to improve battery charge life and by reducing boot time to improve the timeliness of the user experience. For instance, a multimedia module interfaces with the operating system to disable power up of non-multimedia devices, such as networking devices, and non-multimedia applications, such as antivirus applications, while enabling multimedia devices, such as a DVD disc drive, to display multimedia information, such as a DVD movie.
摘要翻译: 信息处理系统有选择地启动到具有被配置为正常运行的设备和应用的正常操作模式,或具有支持启用多媒体信息并且其它设备和应用被禁用的显示的设备和应用的多媒体操作模式。 在一个实施例中,多媒体模式通过降低功耗来改善便携式信息处理系统多媒体性能,从而提高电池充电寿命,并通过减少启动时间来提高用户体验的及时性。 例如,多媒体模块与操作系统接口,以禁止非多媒体设备(例如网络设备)和非多媒体应用(例如防病毒应用)的上电,同时使多媒体设备(例如DVD盘驱动器)能够 显示多媒体信息,如DVD影片。
-
公开(公告)号:US06665800B1
公开(公告)日:2003-12-16
申请号:US09237735
申请日:1999-01-26
申请人: Muhammed Jaber
发明人: Muhammed Jaber
IPC分类号: H04L932
CPC分类号: G06F21/34 , G06F2221/2131
摘要: A computer system includes circuitry for selecting among first and second parameters in response to a command. The parameters are for use in computing a password. The circuitry is for reading content of the selected parameter from a computer-readable medium and computing the password in response thereto. The password computed in response to content of the first parameter is different from the password computed in response to content of the second parameter. Also, the circuitry is for concealing the password from a user of the computer system.
摘要翻译: 计算机系统包括用于响应于命令在第一和第二参数之间进行选择的电路。 这些参数用于计算密码。 电路用于从计算机可读介质读取所选参数的内容,并响应于此计算密码。 响应于第一参数的内容计算的密码不同于响应于第二参数的内容计算的密码。 此外,电路用于从计算机系统的用户隐藏密码。
-
9.发明申请SYSTEMS AND METHODS FOR MULTI-LAYERED AUTHENTICATION/VERIFICATION OF TRUSTED PLATFORM UPDATES 有权用于多层认证/验证受信任平台更新的系统和方法公开(公告)号:US20130185564A1
公开(公告)日:2013-07-18
申请号:US13351872
申请日:2012-01-17
申请人: Muhammed Jaber , Mukund Khatri
发明人: Muhammed Jaber , Mukund Khatri
IPC分类号: H04L9/32
CPC分类号: G06F21/572 , G06F21/57
摘要: In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system. The method may further include determining if the first cryptographic data matches the second cryptographic data and updating firmware in the information handling system with the unverified firmware component if the first cryptographic data matches the second cryptographic data, and the unverified firmware component includes a digital signature of a manufacturer.
摘要翻译: 根据本公开,描述了用于信任平台更新的多层认证的系统和方法。 该方法可以包括将第一密码数据存储在信息处理系统的个性模块中,其中第一密码数据对应于已验证的固件组件。 还可以确定第二密码数据,其中第二密码数据对应于未验证的固件组件。 未验证的固件组件可以存储在信息处理系统的存储器元件中,并且可以使用信息处理系统的处理器来确定第二密码数据。 所述方法还可以包括:如果所述第一密码数据与所述第二密码数据匹配,则确定所述第一加密数据是否与所述第二加密数据匹配,以及在所述信息处理系统中更新所述固件,并且所述未验证的固件组件包括: 一个制造商。
-
10.发明授权Systems and methods for multi-layered authentication/verification of trusted platform updates 有权用于多层认证/可信平台更新验证的系统和方法公开(公告)号:US08874922B2
公开(公告)日:2014-10-28
申请号:US13351872
申请日:2012-01-17
申请人: Muhammed Jaber , Mukund Khatri
发明人: Muhammed Jaber , Mukund Khatri
CPC分类号: G06F21/572 , G06F21/57
摘要: In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system. The method may further include determining if the first cryptographic data matches the second cryptographic data and updating firmware in the information handling system with the unverified firmware component if the first cryptographic data matches the second cryptographic data, and the unverified firmware component includes a digital signature of a manufacturer.
摘要翻译: 根据本公开,描述了用于信任平台更新的多层认证的系统和方法。 该方法可以包括将第一密码数据存储在信息处理系统的个性模块中,其中第一密码数据对应于已验证的固件组件。 还可以确定第二密码数据,其中第二密码数据对应于未验证的固件组件。 未验证的固件组件可以存储在信息处理系统的存储器元件中,并且可以使用信息处理系统的处理器来确定第二密码数据。 所述方法还可以包括:如果所述第一密码数据与所述第二密码数据匹配,则确定所述第一加密数据是否与所述第二加密数据匹配,以及在所述信息处理系统中更新所述固件,并且所述未验证的固件组件包括: 一个制造商。
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.024 秒)
