利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

170 条记录 (耗时 0.025 秒)

    Securing sensitive configuration data remotely
    1.
    发明授权
    Securing sensitive configuration data remotely 有权
    远程保护敏感的配置数据

    公开(公告)号:US07281125B2

    公开(公告)日:2007-10-09

    申请号:US09940155

    申请日:2001-08-24

    申请人: David Carroll Challener Steven Dale Goodman David Robert Safford Randall Scott Springfield

    发明人: David Carroll Challener Steven Dale Goodman David Robert Safford Randall Scott Springfield

    IPC分类号: H04L29/00

    CPC分类号: G06F21/572 G06F21/575 G06F21/62

    摘要: A method, computer program product and computer system for securing alterable data. A computer that is remotely managed may be equipped with a protected storage that is accessible only by BIOS code. The protected storage may have the capacity to store a symmetrical encryption key. An EEPROM, which normally contains the BIOS code, may be used to store accessible configuration data as well as remotely unaccessible sensitive access information (e.g., passwords). The remotely unaccessible sensitive data is encrypted with the symmetrical encryption key by the BIOS code. Remote access to the sensitive data is accomplished via change requests submitted to the BIOS code over a secure channel. The BIOS code then determines whether the request is valid. If so, then sensitive data is decrypted, altered, encrypted, and re-written into the EEPROM. Normal access to accessible data is unaffected and remote access is allowed without changing the computer system architecture.

    摘要翻译: 一种用于保护可变数据的方法,计算机程序产品和计算机系统。 远程管理的计算机可能配备有只能通过BIOS代码访问的受保护存储。 受保护的存储器可以具有存储对称加密密钥的能力。 通常包含BIOS代码的EEPROM可用于存储可访问的配置数据以及远程不可访问的敏感访问信息(例如,密码)。 远程不可访问的敏感数据通过BIOS代码用对称加密密钥加密。 通过安全通道提交给BIOS代码的更改请求,可以远程访问敏感数据。 然后,BIOS代码确定请求是否有效。 如果是这样,那么敏感数据将被解密,更改,加密并重新写入EEPROM。 对可访问数据的正常访问不受影响,并且允许远程访问,而无需更改计算机系统架构。

    Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system
    2.
    发明申请
    Apparatus, system, and method for securing I/O communications between a blade and a peripheral interface device of a blade-based computer system 审中-公开
    用于保护刀片和基于刀片的计算机系统的外围接口设备之间的I / O通信的装置,系统和方法

    公开(公告)号:US20060184785A1

    公开(公告)日:2006-08-17

    申请号:US11058987

    申请日:2005-02-16

    申请人: David Carroll Challener Daryl Carvis Cromer Steven Dale Goodman Howard Jeffery Locker Randall Scott Springfield

    发明人: David Carroll Challener Daryl Carvis Cromer Steven Dale Goodman Howard Jeffery Locker Randall Scott Springfield

    IPC分类号: H04L9/00

    CPC分类号: G06F21/606 G06F21/85

    摘要: An apparatus, system, and method are disclosed for securing I/O communications between a blade and peripheral interface device. The apparatus includes a determination module, a source security module, and a source communication module. The determination module identifies I/O data configured for transmission to a destination module configured to receive secure I/O data. The source security module encrypts the I/O data to generate secured I/O data such that subsequent decryption of the secured I/O data is restricted to a destination module. The source communication module transmits the secured I/O data over a vulnerable communication link to the destination module. The vulnerable communication link comprises a message intercept vulnerability. The destination module is configured to unencrypt the secure I/O data for a destination device such as a display device.

    摘要翻译: 公开了用于保护刀片和外围接口设备之间的I / O通信的装置,系统和方法。 该装置包括确定模块,源安全模块和源通信模块。 确定模块识别配置为传输到配置为接收安全I / O数据的目标模块的I / O数据。 源安全模块加密I / O数据以产生安全的I / O数据,使得安全I / O数据的后续解密被限制到目的地模块。 源通信模块通过易受攻击的通信链路将目标模块的安全I / O数据发送到目标模块。 脆弱的通信链路包括消息拦截漏洞。 目的地模块被配置为对诸如显示设备的目的地设备的安全I / O数据进行解密。

    Secure single sign-on to operating system via power-on password
    3.
    发明授权
    Secure single sign-on to operating system via power-on password 有权
    通过开机密码保护对操作系统的单一登录

    公开(公告)号:US07484241B2

    公开(公告)日:2009-01-27

    申请号:US10994620

    申请日:2004-11-22

    申请人: David Carroll Challener Steven Dale Goodman James Patrick Hoff David Rivera Randall Scott Springfield

    发明人: David Carroll Challener Steven Dale Goodman James Patrick Hoff David Rivera Randall Scott Springfield

    IPC分类号: G06F7/04 H04L9/32

    CPC分类号: G06F21/41

    摘要: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.

    摘要翻译: 公开了仅使用开机密码的安全单点登录到操作系统的方法和布置。 在许多实施例中,修改的BIOS代码提示,接收和验证开机密码。 开机密码被散列并存储在可信平台模块的平台配置寄存器中。 在设置模式下,可信平台模块使用散列开机密码对操作系统密码进行加密。 在登录模式下,可信平台模块使用散列开机密码解密操作系统密码。

    Apparatus, system, and method for sealing a data repository to a trusted computing platform
    6.
    发明授权
    Apparatus, system, and method for sealing a data repository to a trusted computing platform 有权
    用于将数据存储库密封到可信计算平台的装置,系统和方法

    公开(公告)号:US07421588B2

    公开(公告)日:2008-09-02

    申请号:US10749057

    申请日:2003-12-30

    申请人: David Carroll Challener Joseph Wayne Freeman Steven Dale Goodman Randall Scott Springfield

    发明人: David Carroll Challener Joseph Wayne Freeman Steven Dale Goodman Randall Scott Springfield

    IPC分类号: G06F12/14

    CPC分类号: G06F21/575 G06F21/62 G06F2221/2107

    摘要: An apparatus, method, and system to seal a data repository to a trusted computing platform is described. The data repository may be sealed by encrypting the data on the repository and sealing a cryptographic key to a specific set of platform resources. With the data repository sealed to the platform, the system boot sequence will fail if the system configuration is compromised, for example by insertion of “snoopware” or a modified BIOS. Additionally, if the computer containing the data repository is lost or stolen, the encrypted data remains secure even if the repository is attached to a system modified to bypass normal safeguards.

    摘要翻译: 描述了将数据存储库密封到可信计算平台的装置,方法和系统。 可以通过加密存储库中的数据并将密码密封到特定的一组平台资源来密封数据存储库。 将数据存储库密封到平台,如果系统配置受到威胁,例如插入“snoopware”或修改的BIOS,则系统引导顺序将失败。 另外,如果包含数据存储库的计算机丢失或被盗,加密数据将保持安全,即使存储库附加到修改为绕过正常保护措施的系统。

    System and method for virtualized hypervisor to detect insertion of removable media
    9.
    发明授权
    System and method for virtualized hypervisor to detect insertion of removable media 有权
    用于虚拟化管理程序的系统和方法,用于检测可移动介质的插入

    公开(公告)号:US07779454B2

    公开(公告)日:2010-08-17

    申请号:US11564832

    申请日:2006-11-29

    申请人: David Carroll Challener Daryl Cromer Howard Jeffrey Locker Randall Scott Springfield

    发明人: David Carroll Challener Daryl Cromer Howard Jeffrey Locker Randall Scott Springfield

    IPC分类号: G06F21/20

    CPC分类号: H04L63/10 G06F21/552 G06F2221/2153

    摘要: A system and method for using a client-side hypervisor in conjunction with a secure network-side monitoring mechanism to detect removable media insertions since a client's last network session with the secure network is presented. The hypervisor uses a “client-side insertion value” to track the number of times that a user inserts removable media into a socket located on the client. When the client is connected to the secure network, the client's hypervisor notifies the secure network of each insertion and the secure network increments a “secure network-side tracker value.” For each login request, the client includes the client-side insertion value, which the secure network compares against its secure network-side tracker value. When the two values are different, the secure network sends an action request to the client, such as a request to perform a full system scan. Once the client performs the action, the client's hypervisor resets its client-side insertion value and attempts to logon to the secure network again.

    摘要翻译: 提出了客户端管理程序与安全网络侧监视机制结合使用以检测可移动介质插入的系统和方法,因为客户端与安全网络的最后一次网络会话。 管理程序使用“客户端插入值”来跟踪用户将可移动媒体插入位于客户端上的套接字的次数。 当客户端连接到安全网络时,客户端的管理程序会将安全网络通知每个插入,安全网络会增加“安全网络侧跟踪器值”。对于每个登录请求,客户端包括客户端插入值, 安全网络与其安全的网络侧跟踪器值进行比较。 当两个值不同时,安全网络向客户端发送动作请求,例如执行完整系统扫描的请求。 一旦客户端执行操作,客户端的管理程序将重置其客户端插入值,并尝试再次登录到安全网络。

    METHOD, APPARATUS, AND SYSTEM OF FORWARD CACHING FOR A MANAGED CLIENT
    10.
    发明申请
    METHOD, APPARATUS, AND SYSTEM OF FORWARD CACHING FOR A MANAGED CLIENT 有权
    用于管理客户端的方法,装置和前向缓存系统

    公开(公告)号:US20100205375A1

    公开(公告)日:2010-08-12

    申请号:US12368882

    申请日:2009-02-10

    申请人: David Carroll Challener Richard Wayne Cheston Howard Locker Randall Scott Springfield Rod D. Waltermann

    发明人: David Carroll Challener Richard Wayne Cheston Howard Locker Randall Scott Springfield Rod D. Waltermann

    IPC分类号: G06F12/08

    CPC分类号: G06F12/0868 G06F2212/263 G06F2212/314 H04L29/08846 H04L67/1097 H04L67/2842

    摘要: A method, apparatus, and system are disclosed of forward caching for a managed client. A storage module stores a software image on a storage device of a backend server. The backend server provides virtual disk storage on the storage device through a first intermediate network point for a plurality of diskless data processing devices. Each diskless data processing device communicates directly with the first intermediate network point. The storage module caches an image instance of the software image at the first intermediate network point. A tracking module detects an update to the software image on the storage device. The storage module copies the updated software image to the first intermediate network point as an updated image instance.

    摘要翻译: 公开了一种用于被管理客户端的前向缓存的方法,装置和系统。 存储模块将软件映像存储在后端服务器的存储设备上。 后端服务器通过用于多个无盘数据处理设备的第一中间网络点在存储设备上提供虚拟磁盘存储。 每个无盘数据处理装置与第一中间网络点直接通信。 存储模块在第一中间网络点高速缓存软件映像的图像实例。 跟踪模块检测对存储设备上的软件映像的更新。 存储模块将更新的软件映像作为更新的图像实例复制到第一中间网络点。