摘要:
An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.
摘要:
A “setmax” command is issued in BIOS to hide the service area (HPA) of a HDD during normal operation, so that the HPA cannot be accessed or erased inadvertently by the user or by a virus. Pressing a special key (e.g., F11) during booting permits access to the HPA.
摘要:
A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要:
Methods, systems, and media are disclosed for managing a remote client of a computer system. One example embodiment includes transmitting a modified wake-on LAN (“WOL”) packet to a network receive buffer on the remote client, wherein the modified WOL packet comprises additional data, such as executable code or functions. Further, the example embodiment includes retrieving, by BIOS associated with the remote client, of the modified WOL packet from the network receive buffer, storing, by the BIOS, storing of the additional data in memory associated with the network receive buffer, and retrieving, by BIOS associated with the remote client, of the additional data from the memory. Further still, the example embodiment includes processing of the additional data, which may occur by an application stored on the PARTIES partition, wherein the parsed, additional data is interpreted and executed by the application.
摘要:
Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.
摘要:
Systems and methods to access password-protected stored data when a corresponding data password has been lost, forgotten, or is otherwise unavailable, and to recover the data password to facilitate access to the password-protected data from a digital memory device such as a hard disk drive associated with a user computer. In some embodiments the computer is communicatively coupled with a network and receives at least one encryption key from a secure computer via the network. In other embodiments the computer is a stand alone computer and receives at least one encryption key from a removable, non-volatile memory such as a CD ROM. The encryption key is used to encrypt the data password and both are stored on the hard disk drive. If the data password becomes lost, forgotten, or otherwise unavailable, the encrypted password is recovered from the hard disk drive and decrypted to recover the data password.
摘要:
There are many files in the current generation of computers, especially on the hardfile, that are not used or used only infrequently during operation. For instance, the system may contain many help text files which may never be accessed. The same applies to the DLL's. Also, some files are accessed only during a boot cycle. The present invention provides a method and program to track the locations of files in a computer which have been accessed so that, when an error occurs, only the files that need to be tested are diagnostically tested for errors, thus saving time and resources.
摘要:
A method and system for preventing a denial of service attack on a computer system is disclosed. The method of the present invention includes setting a size of a hard disk within the computer system to a full capacity if the hard disk does not contain a host protected area, and locking the size such that the hard disk is protected from an attempt to reset the size of the hard disk resulting in a denial of service.
摘要:
A method for booting into computer memory a non-operating system (O.S.) program from a hard disk drive (HDD) prior to booting into memory an O.S. from the HDD. The method includes establishing a table of contents (TOC) on the HDD that contains entries for special O.S. programs. A pointer to the TOC is placed in non-volatile memory of the computer that is associated with the HDD, and when BIOS of the computer is prompted to load into memory one of the special O.S. programs, the pointer is accessed and used to locate the TOC, which in turn is accessed to load the special O.S. program.
摘要:
In the event of a virally infected MBR on a hard disk drive that might prevent booting, a service MBR in a hidden protected area (HPA) can be used to boot a service O.S., and then the service MBR can be replaced with a previously backed-up MBR, also in the HPA, to mount any missing partitions.