System and method for virtualized hypervisor to detect insertion of removable media
    1.
    发明授权
    System and method for virtualized hypervisor to detect insertion of removable media 有权
    用于虚拟化管理程序的系统和方法,用于检测可移动介质的插入

    公开(公告)号:US07779454B2

    公开(公告)日:2010-08-17

    申请号:US11564832

    申请日:2006-11-29

    IPC分类号: G06F21/20

    摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.

    摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求,客户端包括客户端插入值, 安全网络与其安全的网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。

    System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory
    3.
    发明申请
    System and Method for Securely Clearing Secret Data that Remain in a Computer System Memory 有权
    安全清除计算机系统内存中保密数据的系统和方法

    公开(公告)号:US20090222915A1

    公开(公告)日:2009-09-03

    申请号:US12040953

    申请日:2008-03-03

    IPC分类号: G06F21/00

    CPC分类号: G06F21/57 G06F21/79

    摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

    摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。

    System and Method for Secure Usage of Peripheral Devices Using Shared Secrets
    4.
    发明申请
    System and Method for Secure Usage of Peripheral Devices Using Shared Secrets 有权
    使用共享密码安全使用外围设备的系统和方法

    公开(公告)号:US20090119785A1

    公开(公告)日:2009-05-07

    申请号:US11934829

    申请日:2007-11-05

    IPC分类号: G06F21/04

    摘要: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.

    摘要翻译: 提供了一种系统,方法和程序产品,其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后,外围设备被锁定。 在外围设备被锁定之后,接收到解锁请求并将共享密钥发送到外围设备。 然后,外围设备尝试验证共享密钥。 如果共享密钥被成功验证,则外围设备被解锁,允许使用由验证的共享秘密提供的加密密钥来使用该设备。 另一方面,如果未验证共享密钥,则外围设备保持锁定,并且防止了设备的使用。

    System and Method for Virtualized Hypervisor to Detect Insertion of Removable Media
    5.
    发明申请
    System and Method for Virtualized Hypervisor to Detect Insertion of Removable Media 有权
    虚拟化管理程序的系统和方法,用于检测可移动介质的插入

    公开(公告)号:US20080127309A1

    公开(公告)日:2008-05-29

    申请号:US11564832

    申请日:2006-11-29

    IPC分类号: G06F21/20

    摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.

    摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,并且安全网络会增加“安全网络侧跟踪器值”。 对于每个登录请求,客户端包括客户端插入值,安全网络与安全网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。

    System and method for protecting disk drive password when BIOS causes computer to leave suspend state
    6.
    发明授权
    System and method for protecting disk drive password when BIOS causes computer to leave suspend state 有权
    当BIOS使计算机挂起状态时,保护磁盘驱动器密码的系统和方法

    公开(公告)号:US07814321B2

    公开(公告)日:2010-10-12

    申请号:US11788654

    申请日:2007-04-19

    IPC分类号: H04L9/32

    CPC分类号: G06F21/80

    摘要: To unlock a HDD when a computer is in the suspend state, at both BIOS and the HDD a secret is combined with a password to render a new one-time password. BIOS sends its new one-time password to the HDD which unlocks itself only if a match is found. The new one-time password is then saved as an “old” password for subsequent combination with the secret when coming out of subsequent suspend states. In this way, if a computer is stolen the thief cannot sniff the bus between BIOS and the HDD to obtain a password that is of any use once the computer ever re-enters the suspend state.

    摘要翻译: 要在计算机处于挂起状态时解锁HDD,在BIOS和HDD两者中,将密码与密码相结合以呈现新的一次性密码。 BIOS将其新的一次性密码发送到HDD,只有在找到匹配时才会自动解锁。 然后将新的一次性密码保存为“旧”密码,以便随后从后续挂起状态中与秘密组合。 以这种方式,如果计算机被盗,小偷不能在BIOS和HDD之间嗅探总线,以获得一旦计算机重新进入暂停状态就可以使用的密码。

    System and method for secure usage of peripheral devices using shared secrets
    7.
    发明授权
    System and method for secure usage of peripheral devices using shared secrets 有权
    使用共享秘密安全使用外围设备的系统和方法

    公开(公告)号:US08539572B2

    公开(公告)日:2013-09-17

    申请号:US11934829

    申请日:2007-11-05

    摘要: A system, method, and program product is provided that establishes a shared secret between a computer system and a peripheral device such as a removable nonvolatile storage device or a printer. After establishing the shared secret, the peripheral device is locked. After the peripheral device is locked, an unlock request is received and the shared secret is sent to the peripheral device. The peripheral device then attempts to verify the shared secret. If the shared secret is successfully verified, then the peripheral device is unlocked allowing use of the device by using an encryption key that is made available by the verified shared secret. On the other hand, if the shared secret is not verified, then the peripheral device remains locked and use of the device is prevented.

    摘要翻译: 提供了一种系统,方法和程序产品,其在计算机系统和诸如可移动的非易失性存储设备或打印机的外围设备之间建立共享秘密。 建立共享密钥后,外围设备被锁定。 在外围设备被锁定之后,接收到解锁请求并将共享密钥发送到外围设备。 然后,外围设备尝试验证共享密钥。 如果共享密钥被成功验证,则外围设备被解锁,允许使用通过验证的共享密钥可用的加密密钥来使用该设备。 另一方面,如果未验证共享密钥,则外围设备保持锁定,并且防止了设备的使用。

    System and method for securely clearing secret data that remain in a computer system memory
    8.
    发明授权
    System and method for securely clearing secret data that remain in a computer system memory 有权
    用于安全地清除保留在计算机系统存储器中的秘密数据的系统和方法

    公开(公告)号:US08312534B2

    公开(公告)日:2012-11-13

    申请号:US12040953

    申请日:2008-03-03

    CPC分类号: G06F21/57 G06F21/79

    摘要: A system, method, and program product is provided that initializes a counter maintained in a nonvolatile memory of a security module to an initialization value. The security module receives requests for a secret from requesters. The security module releases the secret to the requesters and the released secrets are stored in memory areas allocated to the requesters. A counter is incremented when the secret is released. Requestors send notifications to the security module indicating that the requestor has removed the secret from the requestor's memory area. The security module decrements the counter each time a notification is received. When the computer system is rebooted, if the counter is not at the initialization value, the system memory is scrubbed erasing any secrets that remain in memory.

    摘要翻译: 提供了一种系统,方法和程序产品,其将维护在安全模块的非易失性存储器中的计数器初始化为初始化值。 安全模块从请求者接收到秘密的请求。 安全模块向请求者释放秘密,所发布的秘密存储在分配给请求者的内存区域中。 当秘密被释放时,计数器递增。 请求者向安全模块发送指示请求者已经从请求者的存储区域移除了秘密的通知。 每次接收到通知时,安全模块都会递减计数器。 当计算机系统重新启动时,如果计数器不在初始化值,系统内存将被擦除擦除留在内存中的任何秘密。

    System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory
    9.
    发明申请
    System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory 审中-公开
    使用芯片组资源清除计算机系统内存中的敏感数据的系统和方法

    公开(公告)号:US20090222635A1

    公开(公告)日:2009-09-03

    申请号:US12040981

    申请日:2008-03-03

    IPC分类号: G06F15/177 G06F12/00

    摘要: A system, method, and program product is provided that initializes a computer system using an initialization process that identifies secrets that were stored in memory and not scrubbed during a prior use of the computer system. During the initialization process, one or more secret indicators are retrieved that identify whether one or more secrets were scrubbed from the computer system's memory during a previous use of the computer system. If the secret indicators show that one or more secrets were not scrubbed from the memory during the prior use of the computer system, then the initialization process scrubs the memory. On the other hand, if the secret indicators show that each of the secrets was scrubbed from the memory during the prior use of the computer system, then the memory is not scrubbed during the initialization process.

    摘要翻译: 提供了一种系统,方法和程序产品,其使用识别存储在存储器中并且在先前使用计算机系统期间不被擦除的秘密的初始化过程来初始化计算机系统。 在初始化过程中,检索一个或多个秘密指示符,其识别在先前使用计算机系统期间是否从计算机系统的存储器擦除了一个或多个秘密。 如果秘密指示器显示在计算机系统的先前使用期间没有从存储器擦除一个或多个秘密,则初始化过程擦除存储器。 另一方面,如果秘密指示器显示在计算机系统的先前使用期间从存储器擦除了每个秘密,则在初始化过程期间不擦除存储器。