-
公开(公告)号:US07484105B2
公开(公告)日:2009-01-27
申请号:US09931629
申请日:2001-08-16
CPC分类号: G06F21/572
摘要: An update utility requests a signature verification of the utility's signature along with a request to unlock the flash memory stored in the utility. A trusted platform module (“TPM”) performs a signature verification of the utility using a previously stored public key. Upon verification of the signature, the TPM unlocks the flash memory to permit update of the utility. Upon completion of the update, the flash utility issues a lock request to the TPM to relock the flash memory.
摘要翻译: 更新实用程序请求实用程序的签名的签名验证以及解锁存储在该实用程序中的闪存的请求。 可信平台模块(“TPM”)使用先前存储的公钥执行实用程序的签名验证。 在验证签名后,TPM解锁闪存以允许更新实用程序。 完成更新后,闪存实用程序向TPM发出锁定请求以重新锁定闪存。
-
2.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US07269747B2
公开(公告)日:2007-09-11
申请号:US10411408
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
公开(公告)号:US07249249B2
公开(公告)日:2007-07-24
申请号:US10064087
申请日:2002-06-10
IPC分类号: G06F15/177
CPC分类号: G06F21/575 , G06F9/4406 , G06F2221/2105
摘要: A system and method for access control of a hardfile responsive to a computer system having an operating system is disclosed. The method includes detecting a special boot condition during a pre-boot test of the computer system; and altering, in response to the special boot condition, an operating system access configuration of the hardfile. The system includes a computer system that adjusts an operating system access to a hardfile based upon various boot conditions.
摘要翻译: 公开了一种响应具有操作系统的计算机系统对硬盘进行访问控制的系统和方法。 该方法包括在计算机系统的预引导测试期间检测特殊启动条件; 并且响应于特殊引导条件改变硬文件的操作系统访问配置。 该系统包括一个计算机系统,该计算机系统根据各种引导条件调整对硬盘的操作系统访问。
-
公开(公告)号:US07200761B1
公开(公告)日:2007-04-03
申请号:US09711028
申请日:2000-11-09
IPC分类号: G06F9/00 , G06F11/30 , G06F15/173 , G06F15/16 , H04L9/00
CPC分类号: G06F21/575 , G06F11/2284 , G06F21/79
摘要: During power up initialization, security data such as passwords and other sensitive data which are stored in a lockable memory device are read and copied to protected system management interrupt (SMI) memory space, subject to verification by code running in the SMI memory space that the call to write the security data originates with a trusted entity. Once copied to SMI memory space, the security data is erased from regular system memory and the lockable storage device is hard locked (requiring a reset to unlock) against direct access prior to starting the operating system. The copy of the security data within the SMI memory space is invisible to the operating system. However, the operating system may initiate a call to code running in the SMI memory space to check a password entered by the user, with the SMI code returning a “match” or “no match” indication. The security data may thus be employed after the lockable memory device is hard locked and the operating system is started.
摘要翻译: 在上电初始化期间,存储在可锁定存储器设备中的安全数据(例如密码和其他敏感数据)被读取并复制到受保护的系统管理中断(SMI)存储器空间,经由在SMI存储器空间中运行的代码进行验证, 调用写入安全数据来源于受信任的实体。 一旦复制到SMI内存空间,安全数据将从常规系统内存中擦除,锁定的存储设备在启动操作系统之前就被硬锁定(需要重新启动)以防止直接访问。 SMI内存空间中的安全数据的副本对于操作系统是不可见的。 然而,操作系统可以启动对在SMI存储器空间中运行的代码的调用,以检查由用户输入的密码,SMI代码返回“匹配”或“不匹配”指示。 因此,在可锁定存储器件被硬锁定并且操作系统启动之后可以采用安全数据。
-
公开(公告)号:US06990515B2
公开(公告)日:2006-01-24
申请号:US10135010
申请日:2002-04-29
申请人: Daryl Carvis Cromer , Joseph Wayne Freeman , Chad Lee Gettelfinger , Steven Dale Goodman , Eric Richard Kern , Randall Scott Springfield
发明人: Daryl Carvis Cromer , Joseph Wayne Freeman , Chad Lee Gettelfinger , Steven Dale Goodman , Eric Richard Kern , Randall Scott Springfield
IPC分类号: G06F1/26 , G06F15/173
CPC分类号: G06F21/575 , H04L63/12
摘要: In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from an administration system in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. If the incoming packet matches the particular data sequence associated with the sleeping computer, the sleeping computer transmits a reply message to the administration system. Upon receiving the reply, the administration system modifies the reply message in a predetermined manner and transmits the modified reply to the sleeping computer. If the sleeping computer determines the reply message was modified in the predetermined manner, then a signal is issued to wake the sleeping computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awakened.
-
公开(公告)号:US08862709B2
公开(公告)日:2014-10-14
申请号:US11955886
申请日:2007-12-13
申请人: Daryl Carvis Cromer , Richard Alan Dayan , Joseph Wayne Freeman , Steven Dale Goodman , Eric Richard Kern , Howard Jeffrey Locker , Randall Scott Springfield
发明人: Daryl Carvis Cromer , Richard Alan Dayan , Joseph Wayne Freeman , Steven Dale Goodman , Eric Richard Kern , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F9/44 , H04L29/08 , H04L29/12 , G06F15/177 , H04N21/443
CPC分类号: G06F9/4416 , G06F9/4401 , G06F9/4406 , G06F9/4408 , G06F15/177 , H04L29/12235 , H04L67/34 , H04N21/443
摘要: Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.
摘要翻译: 可以考虑通过用于具有LAN唤醒(WOL)功能的计算机的WOL分组来远程选择可启动图像的系统和布置。 服务器端实施例包括用于确定要管理的客户机的硬件和/或软件,确定客户端是否在网络上是活动的,以及发送具有向量的WOL分组或操作系统分区标识(OSPID)来描述可引导的 WOL功能的计算机可访问的图像。 一些实施例可以包括指向安全可启动图像的OSPID,例如硬盘驱动器上的可引导映像,连接到计算机的光盘(CD)或其他本地资源。 客户端实施例可以在例如网络接口卡(NIC)处接收WOL分组,识别WOL分组包括描述可启动图像引导的OSPID,并且实现替代的引导顺序以从该可启动图像引导 。
-
公开(公告)号:US08677117B2
公开(公告)日:2014-03-18
申请号:US10749583
申请日:2003-12-31
申请人: Daryl Carvis Cromer , Richard Alan Dayan , Joseph Wayne Freeman , Steven Dale Goodman , Eric Richard Kern , Howard Jeffrey Locker , Randall Scott Springfield
发明人: Daryl Carvis Cromer , Richard Alan Dayan , Joseph Wayne Freeman , Steven Dale Goodman , Eric Richard Kern , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: H04L29/06
CPC分类号: G06F9/4416 , G06F9/4401 , G06F9/4406 , G06F9/4408 , G06F15/177 , H04L29/12235 , H04L67/34 , H04N21/443
摘要: Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.
-
9.发明授权System and method for protecting hidden protected area of HDD during operation 有权操作期间保护HDD隐藏保护区的系统和方法公开(公告)号:US07827376B2
公开(公告)日:2010-11-02
申请号:US11168088
申请日:2005-06-27
申请人: Nathan J. Peterson , Joseph Wayne Freeman , Rod David Waltermann , Randall Scott Springfield , Mark Charles Davis , Steven Dale Goodman , Howard Jeffrey Locker , Daryl Carvis Cromer
发明人: Nathan J. Peterson , Joseph Wayne Freeman , Rod David Waltermann , Randall Scott Springfield , Mark Charles Davis , Steven Dale Goodman , Howard Jeffrey Locker , Daryl Carvis Cromer
CPC分类号: G06F21/80
摘要: A “setmax” command is issued in BIOS to hide the service area (HPA) of a HDD during normal operation, so that the HPA cannot be accessed or erased inadvertently by the user or by a virus. Pressing a special key (e.g., F11) during booting permits access to the HPA.
摘要翻译: 在BIOS中发出“setmax”命令,以在正常操作期间隐藏HDD的服务区(HPA),使得HPA无法被用户或病毒无意中访问或擦除。 在启动过程中按特殊键(例如F11),可以访问HPA。
-
公开(公告)号:US07590870B2
公开(公告)日:2009-09-15
申请号:US10411454
申请日:2003-04-10
申请人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
发明人: Ryan Charles Catherman , Steven Dale Goodman , James Patrick Hoff , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1/28
CPC分类号: G06F21/57 , G06F21/575
摘要: A computer system is presented which provides a trusted platform by which operations can be performed with an increased level trust and confidence. The basis of trust for the computer system is established by an encryption coprocessor and by code which interfaces with the encryption coprocessor and establishes root of trust metrics for the platform. The encryption coprocessor is built such that certain critical operations are allowed only if physical presence of an operator has been detected. Physical presence is determined by inference based upon the status of registers in the core chipset.
摘要翻译: 提出了一种计算机系统,其提供可信赖的平台,通过该平台可以以更高级别的信任和置信度执行操作。 计算机系统的信任基础由加密协处理器和与加密协处理器接口的代码建立,并为平台建立信任度量的根。 构建加密协处理器,使得仅当检测到操作者的物理存在时才允许某些关键操作。 基于核心芯片组中寄存器的状态的推理确定物理存在。
-
-
-
-
-
-
-
-
-
搜索结果
39 条记录 (耗时 0.017 秒)