-
1.发明授权Method and system for updating a root of trust measurement function in a personal computer 有权在个人计算机中更新信任测度功能根的方法和系统公开(公告)号:US06782349B2
公开(公告)日:2004-08-24
申请号:US10063608
申请日:2002-05-03
申请人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Chad Lee Gettelfinger , Steven Dale Goodman , Hernando Ovies , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F1900
CPC分类号: G06F21/6218 , G06F21/575
摘要: A method and system for updating a root of trust measurement (RTM) function in a personal computer is disclosed. The RTM function is located in a boot block of the personal computer. The method and system comprise initializing a request to update the RTM function and unlocking the boot block based on an authentication process. The method and system further includes updating the RTM function. Through the use of the method and system in accordance with the present invention, the RTM function in a personal computer is updated in a manner that ensures that the update is authentic.
摘要翻译: 公开了一种用于更新个人计算机中的信任测度(RTM)功能根的方法和系统。 RTM功能位于个人计算机的引导块中。 该方法和系统包括:初始化更新RTM功能的请求,并基于认证过程来解锁引导块。 该方法和系统还包括更新RTM功能。 通过使用根据本发明的方法和系统,个人计算机中的RTM功能以确保更新是真实的方式被更新。
-
2.发明授权公开(公告)号:US07620997B2
公开(公告)日:2009-11-17
申请号:US10748919
申请日:2003-12-22
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Hernando Ovies , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Hernando Ovies , Randall Scott Springfield
摘要: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.
摘要翻译: 当经认证的无线计算机失去与网络的无线接入点的连接并漫游到另一接入点时,无线计算机(例如,计算机中的管理程序)确定新接入点是否被授权用于安全通信,如果是,则释放 通过新的接入点访问网络上的安全数据。
-
3.发明授权Data processing system and method for protecting data in a hard drive utilizing a signature device 有权使用签名装置保护硬盘中的数据的数据处理系统和方法公开(公告)号:US06687825B1
公开(公告)日:2004-02-03
申请号:US09527367
申请日:2000-03-17
申请人: David Carroll Challener , Daryl Carvis Cromer , Mark Charles Davis , Dhruv Manmohandas Desai , Charles William Kaufman , Hernando Ovies , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Mark Charles Davis , Dhruv Manmohandas Desai , Charles William Kaufman , Hernando Ovies , James Peter Ward
IPC分类号: G06F1130
CPC分类号: G06F21/80 , G06F21/6209
摘要: A data processing system and method are disclosed for protecting data within a hard disk drive included within a data processing system. Data is generated. A signature value is provided which is stored in a signature device. The signature device is capable of being inserted into and removed from a computer system. A textual description of the data is created. The data is encrypted utilizing both the signature value stored on the device and the textual description. The encrypted data is then stored on the hard disk drive. The data processing system does not permanently store encryption keys.
摘要翻译: 公开了一种用于保护包含在数据处理系统内的硬盘驱动器内的数据的数据处理系统和方法。 生成数据。 提供签名值,其被存储在签名设备中。 签名装置能够插入计算机系统和从计算机系统中移除。 创建数据的文本描述。 使用存储在设备上的签名值和文本描述来加密数据。 然后将加密的数据存储在硬盘驱动器上。 数据处理系统不会永久存储加密密钥。
-
4.发明授权Systems and method for hiding from a computer system entry of a personal identification number (pin) to a smart card 有权将个人识别号码(PIN)的计算机系统入口隐藏到智能卡的系统和方法公开(公告)号:US06598032B1
公开(公告)日:2003-07-22
申请号:US09523490
申请日:2000-03-10
IPC分类号: G06F1760
CPC分类号: G07F7/1008 , G06Q20/382 , G06Q20/401 , G06Q20/4012 , G07F7/1025
摘要: A system and method for isolating a computer system from entry of a personal identification number (PIN) to a smart card. The system and method includes a computer system that is in communication with an unsecure network to allow a user to engage in a purchase transaction. The system and method also includes a smart card reader in which a smart card is inserted and read. A secure personal-identification-number (PIN) entry device is coupled between the computer system and the smart card reader. The secure PIN entry device is used for entering a correct code for the PIN. Communication between computer system and secure PIN entry device is disconnected until the correct code for the PIN is entered at secure PIN entry device and sent to the smart card in order to authorize use of the smart card for the purchase transaction. In response to the correct code for the PIN being entered and sent to the smart card, communication between computer system and secure PIN entry device is established. The secure PIN entry device has a processor for controlling the disconnection and connection of communication between the computer system and the secure PIN entry device. The secure PIN entry device also has a display for displaying a message request relating to the purchase transaction. The message request prompts a user to provide the PIN to authorize use of the smart card for a purchase transaction.
摘要翻译: 一种用于将计算机系统与个人识别号码(PIN)输入到智能卡的系统和方法。 该系统和方法包括与不安全网络通信以允许用户参与购买交易的计算机系统。 该系统和方法还包括其中插入和读取智能卡的智能卡读卡器。 安全的个人识别号码(PIN)输入设备耦合在计算机系统和智能卡读卡器之间。 安全PIN输入设备用于输入PIN的正确代码。 计算机系统和安全PIN输入设备之间的通信被断开,直到PIN的正确代码被输入到安全的PIN输入设备并被发送到智能卡以授权使用智能卡进行购买交易。 为了响应正在输入的PIN并将其发送到智能卡的正确代码,建立计算机系统和安全PIN输入设备之间的通信。 安全PIN输入设备具有用于控制计算机系统和安全PIN输入设备之间的通信的断开和连接的处理器。 安全PIN输入设备还具有用于显示与购买交易相关的消息请求的显示。 消息请求提示用户提供PIN以授权使用智能卡进行购买交易。
-
5.发明授权System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer 有权用于通过便携式计算机限制访问安全数据到与连接到基本计算机的便携式计算机设定的时间的系统和装置公开(公告)号:US07389536B2
公开(公告)日:2008-06-17
申请号:US09993135
申请日:2001-11-14
CPC分类号: G06F21/88 , G06F21/606 , G06F21/62 , G06F2221/2137
摘要: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.
摘要翻译: 只有当系统中的计时器正在运行时才能通过便携式计算系统访问安全数据。 定时器被重置,便携式系统通过电缆直接连接到基本系统,或通过电话网络间接连接。 在初始化过程中,便携式和基本系统交换诸如公共密码密钥的数据,这些密钥稍后用于确认便携式系统连接到相同的基本系统。 在一个实施例中,初始化过程还包括将从便携式系统发送的密码存储在基本系统内,随后在复位过程中需要该密码。
-
6.发明授权Data processing system and method for providing a networked printer's physical location 失效数据处理系统和方法,用于提供网络打印机的物理位置公开(公告)号:US06591297B1
公开(公告)日:2003-07-08
申请号:US09514797
申请日:2000-02-28
IPC分类号: G06F1300
CPC分类号: G06F3/1204 , G06F3/1229 , G06F3/1232 , G06F3/1285
摘要: A data processing system and method are described for providing a networked printer's physical location. The printer, a server computer system, and client computer systems are coupled together utilizing a network. The server computer system first transmits a command to the printer to disable the print function of the printer. Entry of a physical location of the printer is then permitted. The print function of the printer is reenabled by the server computer system only in response to an entry of the physical location of the printer into the printer.
摘要翻译: 描述了一种用于提供联网打印机的物理位置的数据处理系统和方法。 打印机,服务器计算机系统和客户端计算机系统利用网络耦合在一起。 服务器计算机系统首先向打印机发送命令以禁用打印机的打印功能。 然后允许输入打印机的物理位置。 打印机的打印功能仅由服务器计算机系统重新启用,以响应打印机的物理位置进入打印机。
-
7.发明授权Method for migrating a base chip key from one computer system to another 有权将基本芯片密钥从一台计算机系统迁移到另一台计算机系统的方法公开(公告)号:US06944300B2
公开(公告)日:2005-09-13
申请号:US09888176
申请日:2001-06-22
CPC分类号: G06F21/606 , G06F2221/2107 , H04L9/0825 , H04L9/0897 , H04L9/3263
摘要: A method for migrating a base chip key from a first computer system to a second computer system is disclosed. A first computer system includes a base chip key 1, and a second computer system includes a base chip key 2. Using a first certificate for the base chip key 1, a manufacturer of the second computer system generates a second certificate for the base chip key 1. Similarly, using a first certificate for the base chip key 2, a manufacturer of the first computer system generates a second certificate for the base chip key 2. A first data packet is then sent from the first computer system to the second computer system. The first data packet includes a first random number and all the data required to reproduce the base chip key 1 in the first computer system. The first data packet is also encrypted with the base chip key 1's public key. In return, a second data packet is sent from the second computer system to the first computer system, and the second data packet includes the first random number and a second random number, signed by the base chip key 2. The base chip key 1 is then erased from the first computer system. Finally, the base chip key 2 in the second computer system is replaced by the base chip key 1.
摘要翻译: 公开了一种用于将基本芯片密钥从第一计算机系统迁移到第二计算机系统的方法。 第一计算机系统包括基本芯片密钥1,第二计算机系统包括基本密钥密钥2。 使用基本芯片密钥1的第一证书,第二计算机系统的制造商生成用于基本密钥密钥1的第二证书。 类似地,对于基本芯片键2使用第一证书,第一计算机系统的制造商生成用于基本芯片键2的第二证书。 然后,第一数据分组从第一计算机系统发送到第二计算机系统。 第一数据分组包括第一随机数和在第一计算机系统中再现基本芯片密钥1所需的所有数据。 第一数据包也用基本密钥1的公开密钥加密。 作为回报,第二数据分组从第二计算机系统被发送到第一计算机系统,并且第二数据分组包括由基本芯片键2签名的第一随机数和第二随机数。 然后从第一计算机系统擦除基本密钥1。 最后,第二计算机系统中的基本芯片键2由基本芯片键1代替。
-
8.发明授权
公开(公告)号:US4825357A
公开(公告)日:1989-04-25
申请号:US110080
申请日:1987-10-14
CPC分类号: G06F12/0866
摘要: An I/O controller for a computer system having a plurality of memory devices of different types such as floppy and hard disks, whereinn a single cache memory is employed for all of the memory devices. Each of the memory devices is provided with its own interface device which directs data outputted from the associated memory device onto a common device bus. From the device bus data is transferred to a cache memory via a separate cache bus, and then to a system processor via the same cache bus. Memory space within the cache memory may be allocated among the various memory devices.
摘要翻译: 一种用于具有不同类型的多个存储器件(诸如软盘和硬盘)的计算机系统的I / O控制器,其中在所有存储器件中采用单个高速缓冲存储器。 每个存储器件都具有其自身的接口装置,其将从相关联的存储器件输出的数据引导到公共设备总线上。 从设备总线数据通过单独的高速缓存总线传输到高速缓冲存储器,然后通过相同的高速缓存总线传送到系统处理器。 高速缓冲存储器内的存储器空间可以在各种存储器件之间分配。
-
9.发明申请公开(公告)号:US20050138424A1
公开(公告)日:2005-06-23
申请号:US10748919
申请日:2003-12-22
摘要: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.
摘要翻译: 当经认证的无线计算机失去与网络的无线接入点的连接并漫游到另一接入点时,无线计算机(例如,计算机中的管理程序)确定新接入点是否被授权用于安全通信,如果是,则释放 通过新的接入点访问网络上的安全数据。
-
10.发明申请System and method for mitigating denial of service attacks on trusted platform 审中-公开减轻受信任平台拒绝服务攻击的系统和方法公开(公告)号:US20050129244A1
公开(公告)日:2005-06-16
申请号:US10736973
申请日:2003-12-16
申请人: Ryan Catherman , David Challener , James Hoff , Hernando Ovies
发明人: Ryan Catherman , David Challener , James Hoff , Hernando Ovies
CPC分类号: G06F21/50
摘要: Trusted platform module (TPM) keys are copied to a floppy diskette or fob that is external to the customer device in which the TPM resides, so that if the keys in TPM are zeroed as a result of, e.g., a malicious denial of service attack, they can be copied back from the diskette or fob.
摘要翻译: 可信平台模块(TPM)密钥被复制到TPM所在的客户设备外部的软盘或小插件,以便如果TPM中的密钥由于例如恶意拒绝服务攻击而被归零 ,它们可以从软盘或Fob复制回来。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.036 秒)
