-
1.发明授权System and method for virtualized hypervisor to detect insertion of removable media 有权用于虚拟化管理程序的系统和方法,用于检测可移动介质的插入公开(公告)号:US07779454B2
公开(公告)日:2010-08-17
申请号:US11564832
申请日:2006-11-29
IPC分类号: G06F21/20
CPC分类号: H04L63/10 , G06F21/552 , G06F2221/2153
摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求,客户端包括客户端插入值, 安全网络与其安全的网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。
-
2.发明申请System and Method for Secure Usage of Peripheral Devices Using Shared Secrets 有权使用共享密码安全使用外围设备的系统和方法公开(公告)号:US20090119785A1
公开(公告)日:2009-05-07
申请号:US11934829
申请日:2007-11-05
申请人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/04
CPC分类号: G06F21/31 , G06F21/78 , G06F21/82 , G06F2221/2129
摘要: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.
摘要翻译: 提供了一种系统,方法和程序产品,其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后,外围设备被锁定。 在外围设备被锁定之后,接收到解锁请求并将共享密钥发送到外围设备。 然后,外围设备尝试验证共享密钥。 如果共享密钥被成功验证,则外围设备被解锁,允许使用由验证的共享秘密提供的加密密钥来使用该设备。 另一方面,如果未验证共享密钥,则外围设备保持锁定,并且防止了设备的使用。
-
3.发明申请System and Method for Virtualized Hypervisor to Detect Insertion of Removable Media 有权虚拟化管理程序的系统和方法,用于检测可移动介质的插入公开(公告)号:US20080127309A1
公开(公告)日:2008-05-29
申请号:US11564832
申请日:2006-11-29
IPC分类号: G06F21/20
CPC分类号: H04L63/10 , G06F21/552 , G06F2221/2153
摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,并且安全网络会增加“安全网络侧跟踪器值”。 对于每个登录请求,客户端包括客户端插入值,安全网络与安全网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。
-
4.发明授权System and method for secure usage of peripheral devices using shared secrets 有权使用共享秘密安全使用外围设备的系统和方法公开(公告)号:US08539572B2
公开(公告)日:2013-09-17
申请号:US11934829
申请日:2007-11-05
申请人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Cromer , Philip John Jakes , Howard Jeffrey Locker , Randall Scott Springfield
CPC分类号: G06F21/31 , G06F21/78 , G06F21/82 , G06F2221/2129
摘要: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.
摘要翻译: 提供了一种系统,方法和程序产品,其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后,外围设备被锁定。 在外围设备被锁定之后,接收到解锁请求并将共享密钥发送到外围设备。 然后,外围设备尝试验证共享密钥。 如果共享密钥被成功验证,则外围设备被解锁,允许使用通过验证的共享密钥可用的加密密钥来使用该设备。 另一方面,如果未验证共享密钥,则外围设备保持锁定,并且防止了设备的使用。
-
5.发明授权公开(公告)号:US07620997B2
公开(公告)日:2009-11-17
申请号:US10748919
申请日:2003-12-22
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Hernando Ovies , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Hernando Ovies , Randall Scott Springfield
摘要: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.
摘要翻译: 当经认证的无线计算机失去与网络的无线接入点的连接并漫游到另一接入点时,无线计算机(例如,计算机中的管理程序)确定新接入点是否被授权用于安全通信,如果是,则释放 通过新的接入点访问网络上的安全数据。
-
6.发明申请System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory 有权安全清除计算机系统内存中保密数据的系统和方法公开(公告)号:US20090222915A1
公开(公告)日:2009-09-03
申请号:US12040953
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/00
摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。
-
7.发明授权System and method for protecting disk drive password when BIOS causes computer to leave suspend state 有权当BIOS使计算机挂起状态时,保护磁盘驱动器密码的系统和方法公开(公告)号:US07814321B2
公开(公告)日:2010-10-12
申请号:US11788654
申请日:2007-04-19
IPC分类号: H04L9/32
CPC分类号: G06F21/80
摘要: To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state.
摘要翻译: 要在计算机处于挂起状态时解锁HDD,在BIOS和HDD两者中,将密码与密码相结合以呈现新的一次性密码。 BIOS将其新的一次性密码发送到HDD,只有在找到匹配时才会自动解锁。 然后将新的一次性密码保存为“旧”密码,以便随后从后续挂起状态中与秘密组合。 以这种方式,如果计算机被盗,小偷不能在BIOS和HDD之间嗅探总线,以获得一旦计算机重新进入暂停状态就可以使用的密码。
-
8.发明授权System and method for securely clearing secret data that remain in a computer system memory 有权用于安全地清除保留在计算机系统存储器中的秘密数据的系统和方法公开(公告)号:US08312534B2
公开(公告)日:2012-11-13
申请号:US12040953
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F21/00 , G06F17/00 , G06F17/30 , G06F15/177
摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.
摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。
-
9.发明申请System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory 审中-公开使用芯片组资源清除计算机系统内存中的敏感数据的系统和方法公开(公告)号:US20090222635A1
公开(公告)日:2009-09-03
申请号:US12040981
申请日:2008-03-03
申请人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
发明人: David Carroll Challener , Daryl Carvis Cromer , Howard Jeffrey Locker , Randall Scott Springfield
IPC分类号: G06F15/177 , G06F12/00
CPC分类号: G06F12/1433 , G06F21/575 , G06F2221/2143
摘要: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.
摘要翻译: 提供了一种系统,方法和程序产品,其使用识别存储在存储器中并且在先前使用计算机系统期间不被擦除的秘密的初始化过程来初始化计算机系统。 在初始化过程中,检索一个或多个秘密指示符,其识别在先前使用计算机系统期间是否从计算机系统的存储器擦除了一个或多个秘密。 如果秘密指示器显示在计算机系统的先前使用期间没有从存储器擦除一个或多个秘密,则初始化过程擦除存储器。 另一方面,如果秘密指示器显示在计算机系统的先前使用期间从存储器擦除了每个秘密,则在初始化过程期间不擦除存储器。
-
10.发明授权Method for preventing system wake up from a sleep state if a boot log returned during the system wake up cannot be authenticated 有权如果在系统唤醒期间返回的引导日志无法验证,则防止系统从睡眠状态唤醒的方法公开(公告)号:US07412596B2
公开(公告)日:2008-08-12
申请号:US10967760
申请日:2004-10-16
申请人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
发明人: David Carroll Challener , Daryl Carvis Cromer , Joseph Wayne Freeman , Steven Dale Goodman , James Patrick Hoff , Howard Jeffrey Locker , Randall Scott Springfield , James Peter Ward
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/575
摘要: A method and system for enabling security attestation for a computing device during a return from an S4 sleep state. When the computing device enters into the S4 state following a successful boot up, the attestation log is appended to the TPM tick count and the log is signed (with a security signature). When the device is awaken from S4 state, the BIOS obtains and verifies the log created during the previous boot. The CRTM maintains a set of virtual PCRs and references these virtual PCRs against the log. If the values do not match, the return from S4 state fails and the device is rebooted.
摘要翻译: 一种用于在从S4睡眠状态返回期间为计算设备提供安全认证的方法和系统。 当计算设备在成功启动后进入S4状态时,认证日志会追加到TPM刻度计数,并且日志被签名(具有安全签名)。 当设备从S4状态唤醒时,BIOS将获取并验证在以前引导过程中创建的日志。 CRTM维护一组虚拟PCR,并将这些虚拟PCR引用到日志中。 如果值不匹配,则S4状态返回失败,设备重启。
-
-
-
-
-
-
-
-
-
搜索结果
114 条记录 (耗时 0.028 秒)