-
公开(公告)号:US08140795B2
公开(公告)日:2012-03-20
申请号:US11068322
申请日:2005-02-28
CPC分类号: G06F3/0644 , G06F3/0622 , G06F3/0637 , G06F3/0676 , G06F21/805
摘要: The invention partitions the HDD into three areas, namely, no access, write-only, and the conventional read/write. Sensitive data (antivirus programs, back up data, etc.) is written into write-only areas, which thereafter become designated “no access” by appropriately changing their designation a data structure known as “logical block address” or “LBA”. Only users having approved passwords can change the status of a “no access” block back to “write-only” or “read/write”.
摘要翻译: 本发明将HDD分为三个区域,即无访问,只写和常规读/写。 将敏感数据(防病毒程序,备份数据等)写入只写区域,其后通过适当地改变它们的指定被称为“逻辑块地址”或“LBA”的数据结构,被指定为“无访问”。 只有具有认证密码的用户才能将“无访问”块的状态更改回“只读”或“读/写”。
-
2.发明授权System and method to update device driver or firmware using a hypervisor environment without system shutdown 有权使用虚拟机管理程序环境更新设备驱动程序或固件而无需系统关闭的系统和方法公开(公告)号:US08201161B2
公开(公告)日:2012-06-12
申请号:US11970038
申请日:2008-01-07
申请人: David Carroll Challener , Mark Charles Davis , Randall Scott Springfield , Rod David Waltermann
发明人: David Carroll Challener , Mark Charles Davis , Randall Scott Springfield , Rod David Waltermann
IPC分类号: G06F9/445
CPC分类号: G06F9/45537 , G06F9/4411
摘要: A system, method, and program product is provided that has a virtualized environment provided by a hypervisor. In the virtualized environment, one or more guest operating systems operate simultaneously with a privileged operating system. One of the guest operating systems identifies a device software update, such as a device driver or firmware update, corresponding to a hardware device that is attached to the computer system. The hypervisor is used to notify the privileged operating system of the device software update. When the privileged operating system is notified of the update, the privileged operating system uses one or more techniques to deny the guest operating systems access to the device. The privileged operating system then updates the device software update. After the device software update has been applied, the privileged operating system resumes access between the guest operating systems and the hardware device.
摘要翻译: 提供了具有由管理程序提供的虚拟化环境的系统,方法和程序产品。 在虚拟化环境中,一个或多个客户机操作系统与特权操作系统同时操作。 其中一个客户操作系统识别对应于连接到计算机系统的硬件设备的设备软件更新,例如设备驱动程序或固件更新。 管理程序用于通知特权操作系统的设备软件更新。 当特权操作系统被通知更新时,特权操作系统使用一种或多种技术来拒绝来宾操作系统对设备的访问。 特权操作系统然后更新设备软件更新。 在应用设备软件更新之后,特权操作系统在客户操作系统和硬件设备之间恢复访问。
-
3.发明申请System and Method to Update Device Driver or Firmware Using a Hypervisor Environment Without System Shutdown 有权使用虚拟机管理程序环境更新设备驱动程序或固件的系统和方法,无需系统关闭公开(公告)号:US20090178033A1
公开(公告)日:2009-07-09
申请号:US11970038
申请日:2008-01-07
申请人: David Carroll Challener , Mark Charles Davis , Randall Scott Springfield , Rod David Waltermann
发明人: David Carroll Challener , Mark Charles Davis , Randall Scott Springfield , Rod David Waltermann
CPC分类号: G06F9/45537 , G06F9/4411
摘要: A system, method, and program product is provided that has a virtualized environment provided by a hypervisor. In the virtualized environment, one or more guest operating systems operate simultaneously with a privileged operating system. One of the guest operating systems identifies a device software update, such as a device driver or firmware update, corresponding to a hardware device that is attached to the computer system. The hypervisor is used to notify the privileged operating system of the device software update. When the privileged operating system is notified of the update, the privileged operating system uses one or more techniques to deny the guest operating systems access to the device. The privileged operating system then updates the device software update. After the device software update has been applied, the privileged operating system resumes access between the guest operating systems and the hardware device.
摘要翻译: 提供了具有由管理程序提供的虚拟化环境的系统,方法和程序产品。 在虚拟化环境中,一个或多个客户机操作系统与特权操作系统同时操作。 其中一个客户操作系统识别对应于连接到计算机系统的硬件设备的设备软件更新,例如设备驱动程序或固件更新。 管理程序用于通知特权操作系统的设备软件更新。 当特权操作系统被通知更新时,特权操作系统使用一种或多种技术来拒绝来宾操作系统对设备的访问。 特权操作系统然后更新设备软件更新。 在应用设备软件更新之后,特权操作系统在客户操作系统和硬件设备之间恢复访问。
-
公开(公告)号:US07523319B2
公开(公告)日:2009-04-21
申请号:US11282055
申请日:2005-11-16
IPC分类号: G06F12/00
CPC分类号: G06F3/064 , G06F3/0623 , G06F3/0676 , G06F3/0677 , G06F12/0866 , G06F21/64 , G06F21/80
摘要: When data changes in LBAs of a disk storage, the IDs of changed LBAs are written to a cache, with the LBAs being hashed to render a hash result. The hash result and contents of the cache are written to a file on the disk, the cache flushed, and the hash result written back to the cache for hashing together with subsequent changed LBAs. The process repeats. In this way, the hash result in the most current file on the disk can be compared with the hash result in cache, and if the two match, it indicates that the files on the disk contain an accurate record of changed LBAs.
摘要翻译: 当磁盘存储器的LBA中的数据更改时,更改的LBA的ID被写入高速缓存,其中LBA被散列以呈现散列结果。 哈希结果和缓存的内容被写入磁盘上的一个文件,缓冲区被刷新,哈希结果被写回高速缓存,以及随后改变的LBA的散列。 该过程重复。 以这种方式,可以将磁盘上最新文件的哈希结果与缓存中的哈希结果进行比较,如果两者匹配,则表示磁盘上的文件包含已更改的LBA的准确记录。
-
5.发明申请System and method for permitting end user to decide what algorithm should be used to archive secure applications 审中-公开允许最终用户决定使用什么算法来归档安全应用程序的系统和方法公开(公告)号:US20080120510A1
公开(公告)日:2008-05-22
申请号:US11601974
申请日:2006-11-20
申请人: David Carroll Challener , John Hancock Nicholson , Joseph Michael Pennisi , Rod David Waltermann
发明人: David Carroll Challener , John Hancock Nicholson , Joseph Michael Pennisi , Rod David Waltermann
IPC分类号: H04L9/32
摘要: An end user or IT owner via the use of an application specifies which TPM is to be loaded or which TPM operation is to be invoked given the authenticated presentation of a biometric such as a fingerprint or a token such as a smart card. A secure table stored in the microcontroller made up of TPM hashes and their corresponding endorsement keys is indexed to these authentication records. The microcontroller compares a received biometric or smart card value to the stored values to determine which TPM emulator to load. This architecture uniquely stores individually secured algorithms, and applications that can be bound to the user and the system on which they are running.
摘要翻译: 通过使用应用程序的最终用户或IT所有者指定要在何种身份验证的生物特征表示(如指纹或诸如智能卡的令牌)之前,哪个TPM操作要被加载或要调用哪个TPM操作。 存储在由TPM哈希构成的微控制器中的安全表,并将它们相应的认可密钥索引到这些认证记录。 微控制器将接收到的生物特征值或智能卡值与存储的值进行比较,以确定要加载的TPM仿真器。 该架构独特地存储单独的安全算法,以及可以绑定到用户和运行它们的系统的应用程序。
-
公开(公告)号:US08504810B2
公开(公告)日:2013-08-06
申请号:US11861577
申请日:2007-09-26
IPC分类号: G06F9/00 , G06F15/177
CPC分类号: G06F21/305
摘要: A method computer usable medium and computer system circuitry are disclosed for starting or “booting up” a computer from a remote location using a remote command device such as a cellular telephone. The method and system includes a secure means for remotely storing and transmitting security passwords.
摘要翻译: 公开了一种方法计算机可用介质和计算机系统电路,用于使用诸如蜂窝电话的远程命令装置从远程位置启动或“启动”计算机。 该方法和系统包括用于远程存储和传输安全密码的安全装置。
-
7.发明授权Slate wireless keyboard connection and proximity display enhancement for visible display area 有权Slate无线键盘连接和可见显示区域的接近显示增强公开(公告)号:US08089468B2
公开(公告)日:2012-01-03
申请号:US12192244
申请日:2008-08-15
IPC分类号: G06F3/02
CPC分类号: G06F3/0231 , G06F1/1626 , G06F1/1669 , G06F3/14 , G09G2340/0407 , G09G2340/0442 , G09G2340/14
摘要: An approach is provided that identifies when a wireless keyboard unit is connected to an information handling system that includes a display screen that is partially blocked when the keyboard is attached. A determination is made as to the size of the visible portion of the display screen. Items are displayed on the visible portion of the display screen. The approach refrains from displaying items on the blocked portion of the display screen. The user is able to move the wireless keyboard, the movement of the keyboard resulting in a changed size of the visible portion of the display screen. After the keyboard is repositioned, the visual items are re-displayed on the visible portion of the display screen so that the items fit in the changed size of the visible portion of the display screen.
摘要翻译: 提供了一种方法,其识别无线键盘单元何时连接到信息处理系统,该信息处理系统包括当附接键盘时部分阻止的显示屏幕。 确定显示屏的可见部分的尺寸。 项目显示在显示屏的可见部分。 该方法禁止在显示屏幕的屏蔽部分上显示项目。 用户能够移动无线键盘,键盘的移动导致显示屏幕的可见部分的尺寸改变。 在重新定位键盘之后,可视物品被重新显示在显示屏幕的可见部分上,使得这些物品符合显示屏幕的可见部分的改变的尺寸。
-
公开(公告)号:US08024579B2
公开(公告)日:2011-09-20
申请号:US11647932
申请日:2006-12-29
IPC分类号: G06F11/30
CPC分类号: G06F21/57 , G06F21/51 , H04L9/0897 , H04L9/3236
摘要: A system and method for authenticating suspect code includes steps of: receiving the suspect code for a first instance of a trusted platform module; loading the suspect code into a trusted platform module device operatively associated with a processor, wherein the suspect code is loaded outside of a shielded location within the trusted platform module device; retrieving a validation public key from a table and storing it in a register in the trusted platform module device, the validation public key indexed by the suspect code; and retrieving a hash algorithm from the table, the hash algorithm indexed by the suspect code. The hash algorithm is run to derive a first hash value; then, using the validation public key, the second hash value is decrypted to derive a second decrypted hash value. The two hash values are compared; and upon determining a match, the suspect code is loaded into the shielded location of the processor for execution by the processor.
摘要翻译: 用于认证可疑代码的系统和方法包括以下步骤:接收可信平台模块的第一实例的可疑代码; 将可疑代码加载到与处理器可操作地相关联的可信任的平台模块设备中,其中可疑代码被加载到可信平台模块设备内的屏蔽位置之外; 从表中检索验证公钥并将其存储在可信平台模块设备中的寄存器中,由可疑代码索引的验证公钥; 并从表中检索散列算法,由可疑代码索引的哈希算法。 运行散列算法以导出第一散列值; 然后,使用验证公钥,解密第二哈希值以导出第二解密哈希值。 比较两个哈希值; 并且在确定匹配时,可疑代码被加载到处理器的屏蔽位置以供处理器执行。
-
9.发明授权Authentication password storage method and generation method, user authentication method, and computer 有权认证密码存储方法和生成方法,用户认证方法和计算机公开(公告)号:US07841000B2
公开(公告)日:2010-11-23
申请号:US11581319
申请日:2006-10-16
申请人: Seiichi Kawano , Yuji Sugiyama , David Carroll Challener , Philip Lee Childs , Norman Arthur Dion, II
发明人: Seiichi Kawano , Yuji Sugiyama , David Carroll Challener , Philip Lee Childs , Norman Arthur Dion, II
IPC分类号: G06F17/30
CPC分类号: H04L9/3236 , G06F21/46 , H04L9/0894 , H04L9/3226 , H04L2209/127
摘要: Protection of an authentication password stored in a database held by a SAM of Windows® is strengthened. A GINA, a part of the OS, receives an authentication password in ASCII codes. The authentication password is converted to first UNICODES, and the first UNICODES are salted with a random number and converted to second UNICODES. The random number used for salting is associated with a user account and a password and stored in a read/write protected non-volatile memory or a non-volatile memory which can be accessed only by a BIOS. An LSA of the OS can process UNICODES without being changed.
摘要翻译: 保护存储在由Windows®的SAM持有的数据库中的认证密码得到加强。 操作系统的一部分GINA以ASCII码接收认证密码。 认证密码被转换成第一个UNICODES,第一个UNICODES用一个随机数进行盐化并转换成第二个UNICODES。 用于盐化的随机数与用户帐户和密码相关联,并存储在只能由BIOS访问的读/写保护的非易失性存储器或非易失性存储器中。 操作系统的LSA可以处理UNICODES而不改变。
-
10.发明授权System and method for virtualized hypervisor to detect insertion of removable media 有权用于虚拟化管理程序的系统和方法,用于检测可移动介质的插入公开(公告)号:US07779454B2
公开(公告)日:2010-08-17
申请号:US11564832
申请日:2006-11-29
IPC分类号: G06F21/20
CPC分类号: H04L63/10 , G06F21/552 , G06F2221/2153
摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.
摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求,客户端包括客户端插入值, 安全网络与其安全的网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.025 秒)
