-
1.发明授权公开(公告)号:US07620997B2
公开(公告)日:2009-11-17
申请号:US10748919
申请日:2003-12-22
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Hernando Ovies , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Hernando Ovies , Randall Scott Springfield
摘要: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.
摘要翻译: 当经认证的无线计算机失去与网络的无线接入点的连接并漫游到另一接入点时,无线计算机(例如,计算机中的管理程序)确定新接入点是否被授权用于安全通信,如果是,则释放 通过新的接入点访问网络上的安全数据。
-
2.发明申请System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory 有权安全清除计算机系统内存中保密数据的系统和方法公开(公告)号:US20090222915A1
公开(公告)日:2009-09-03
申请号:US12040953
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/00
摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。
-
3.发明授权System and method for securely clearing secret data that remain in a computer system memory 有权用于安全地清除保留在计算机系统存储器中的秘密数据的系统和方法公开(公告)号:US08312534B2
公开(公告)日:2012-11-13
申请号:US12040953
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/00 , G06F17/00 , G06F17/30 , G06F15/177
摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。
-
4.发明申请System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory 审中-公开使用芯片组资源清除计算机系统内存中的敏感数据的系统和方法公开(公告)号:US20090222635A1
公开(公告)日:2009-09-03
申请号:US12040981
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F15/177 , G06F12/00
CPC分类号: G06F12/1433 , G06F21/575 , G06F2221/2143
摘要: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.
摘要翻译: 提供了一种系统,方法和程序产品,其使用识别存储在存储器中并且在先前使用计算机系统期间不被擦除的秘密的初始化过程来初始化计算机系统。 在初始化过程中,检索一个或多个秘密指示符,其识别在先前使用计算机系统期间是否从计算机系统的存储器擦除了一个或多个秘密。 如果秘密指示器显示在计算机系统的先前使用期间没有从存储器擦除一个或多个秘密,则初始化过程擦除存储器。 另一方面,如果秘密指示器显示在计算机系统的先前使用期间从存储器擦除了每个秘密,则在初始化过程期间不擦除存储器。
-
5.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
公开(公告)号:US07587765B2
公开(公告)日:2009-09-08
申请号:US10827165
申请日:2004-04-16
申请人: David Carroll Challener , Richard W. Cheston , Daryl Carvis Cromer , Mark Charles Davis , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Richard W. Cheston , Daryl Carvis Cromer , Mark Charles Davis , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F11/00
CPC分类号: G06F8/65 , G06F21/568
摘要: A client computer is connected via a network to an anti-virus server. A signal from the anti-virus server notifies the client computer that an anti-virus needs to be immediately downloaded from the anti-virus server. The client computer disengages from the network, and re-establishes a link with only the trusted anti-virus server. The anti-virus fix is installed, the client computer re-booted, and the client computer is then allowed to reconnect to the full network. If the client's primary operating system (OS) is infected, a secondary OS in the client computer performs the anti-virus download and execution. The disengagement from the network is performed by applying a filter in a network interface card (NIC) driver by the primary OS, the secondary OS, a service processor (SP), or by a virtual machine manager (VMM), depending on which is available at the client computer.
摘要翻译: 客户端计算机通过网络连接到防病毒服务器。 来自防病毒服务器的信号通知客户端计算机需要立即从防病毒服务器下载防病毒。 客户端计算机与网络脱离联系,并重新建立与唯一可信任的防病毒服务器的链接。 安装了防病毒修复程序,客户端计算机重新启动,然后允许客户端计算机重新连接到完整的网络。 如果客户端的主操作系统(OS)被感染,客户端计算机中的辅助操作系统将执行防病毒下载和执行。 通过由主OS,辅助OS,服务处理器(SP)或虚拟机管理器(VMM)在网络接口卡(NIC)驱动器中应用过滤器来执行从网络的脱离,这取决于哪个是 在客户端计算机上可用。
-
7.发明申请Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system 审中-公开用于保护刀片和基于刀片的计算机系统的外围接口设备之间的I / O通信的装置,系统和方法公开(公告)号:US20060184785A1
公开(公告)日:2006-08-17
申请号:US11058987
申请日:2005-02-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Steven Dale Goodman , Howard Jeffery Locker , Randall Scott Springfield
IPC分类号: H04L9/00
CPC分类号: G06F21/606 , G06F21/85
摘要: An apparatus, system, and method are disclosed for securing I/O communications between a blade and peripheral interface device. The apparatus includes a determination module, a source security module, and a source communication module. The determination module identifies I/O data configured for transmission to a destination module configured to receive secure I/O data. The source security module encrypts the I/O data to generate secured I/O data such that subsequent decryption of the secured I/O data is restricted to a destination module. The source communication module transmits the secured I/O data over a vulnerable communication link to the destination module. The vulnerable communication link comprises a message intercept vulnerability. The destination module is configured to unencrypt the secure I/O data for a destination device such as a display device.
摘要翻译: 公开了用于保护刀片和外围接口设备之间的I / O通信的装置,系统和方法。 该装置包括确定模块,源安全模块和源通信模块。 确定模块识别配置为传输到配置为接收安全I / O数据的目标模块的I / O数据。 源安全模块加密I / O数据以产生安全的I / O数据,使得安全I / O数据的后续解密被限制到目的地模块。 源通信模块通过易受攻击的通信链路将目标模块的安全I / O数据发送到目标模块。 脆弱的通信链路包括消息拦截漏洞。 目的地模块被配置为对诸如显示设备的目的地设备的安全I / O数据进行解密。
-
公开(公告)号:US07590834B2
公开(公告)日:2009-09-15
申请号:US11352499
申请日:2006-02-10
申请人: David Carroll Challener , Daryl Carvis Cromer , Mark Charles Davis , Jerry Clyde Dishman , Howard Jeffery Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Mark Charles Davis , Jerry Clyde Dishman , Howard Jeffery Locker , Randall Scott Springfield
IPC分类号: G06F9/00 , G06F12/14 , G06F15/177 , G08B23/00
CPC分类号: G06F21/57 , G06F9/4408 , G06F21/562
摘要: A computer determines whether it has been booted from a hard disk drive or from an alternate source (e.g., a floppy drive or portable memory) that entails a higher risk of importing a virus into the computer, and if it is determined that a non-HDD source was booted from, corrective action such as a virus scan can be preemptively taken.
摘要翻译: 计算机确定是从硬盘驱动器还是从备份源(例如,软盘驱动器或便携式存储器)引导,这导致将病毒导入计算机的风险更高,并且如果确定非易失性存储器 HDD源被启动,可以抢先采取诸如病毒扫描的纠正措施。
-
9.发明授权Systems, methods, and media for remote wake-up and management of systems in a network 失效用于远程唤醒和管理网络中系统的系统,方法和媒体公开(公告)号:US07483966B2
公开(公告)日:2009-01-27
申请号:US10749257
申请日:2003-12-31
IPC分类号: G06F15/173
CPC分类号: G06F1/3246 , G06F1/26 , G06F1/3203 , H04L12/12 , Y02D50/40 , Y02D50/42
摘要: Systems, methods, and media for providing remote wake-up and management of systems in a network are disclosed. More particularly, hardware and/or software for a server to receive feedback from a client as to the status of its wake-on-LAN functionality is disclosed. Embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, transmitting a first network packet comprising a wake-on-LAN packet, and receiving a return wake-on-LAN packet, which comprises an indication of the address of the client and an indication of the status of the wake-on-LAN functionality of the client. Embodiments may also include transmitting a command to start a management session on the client.
摘要翻译: 公开了用于在网络中提供远程唤醒和系统管理的系统,方法和媒体。 更具体地,公开了用于从客户端接收关于其唤醒LAN功能的状态的反馈的服务器的硬件和/或软件。 实施例包括用于确定要管理的客户端的硬件和/或软件,确定客户端是否在网络上是活动的,发送包括LAN唤醒分组的第一网络分组以及接收LAN上的返回唤醒分组, 其包括客户端的地址的指示和客户端的唤醒LAN功能的状态的指示。 实施例还可以包括发送命令以在客户端上启动管理会话。
-
公开(公告)号:US07424745B2
公开(公告)日:2008-09-09
申请号:US11057804
申请日:2005-02-14
申请人: Richard W. Cheston , Daryl Carvis Cromer , Mark Charles Davis , Howard Jeffrey Locker , Randall Scott Springfield
发明人: Richard W. Cheston , Daryl Carvis Cromer , Mark Charles Davis , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F11/30 , G06F12/14 , G06F7/04 , G06F17/30 , H04L9/32 , G06K9/00 , G06F15/177 , G06F15/16 , G06F15/18 , G08B23/00
CPC分类号: G06F21/575 , G06F21/56 , G06F2221/2115 , H04L63/1433 , H04L63/145
摘要: A method and system is described for a wireless client computer to be connected via an access point to a network only if the wireless client computer has executed all requisite anti-virus programs. Where necessary, a signal from the access point notifies an anti-viral program server that an anti-virus needs to be immediately downloaded to the wireless client computer. An anti-virus fix is installed on the wireless client computer, and a full session is then initiated between the wireless client computer and a wireless network via the access point.
摘要翻译: 如果无线客户端计算机已经执行了所有必要的防病毒程序,则描述了一种无线客户端计算机通过接入点连接到网络的方法和系统。 必要时,来自接入点的信号通知反病毒程序服务器需要立即将防病毒下载到无线客户端计算机。 在无线客户端计算机上安装了防病毒修复程序,然后通过接入点在无线客户端计算机和无线网络之间启动完整会话。
-
-
-
-
-
-
-
-
-
搜索结果
156 条记录 (耗时 0.029 秒)
