公开(公告)号：US20100037323A1

公开(公告)日：2010-02-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。

公开(公告)号：US08332953B2

公开(公告)日：2012-12-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F7/04

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。

公开(公告)号：US20100037291A1

公开(公告)日：2010-02-11

申请号：US12538044

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/20

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

摘要翻译： 确保客户端的技术。 操作系统代理是在诸如便携式计算机的客户端的操作系统中执行的一个或多个软件模块。 操作系统代理的部分可以监视客户端的资源。 操作系统代理向BIOS代理发送一条描述操作系统代理的操作状态的消息。 BIOS代理是在客户端的BIOS中操作的一个或多个软件模块。 BIOS代理根据存储在客户端的BIOS内的策略数据描述的策略来执行动作。 响应于（a）消息描述的操作状态或（b）BIOS代理在预期的时间段之后未接收到消息的情况下，BIOS代理执行动作。

公开(公告)号：US08510825B2

公开(公告)日：2013-08-13

申请号：US12538033

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F7/04

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules that execute in the BIOS of the client. The policy data describes one or more policies which the client should follow. When an operating system agent detects that a condition, specified by a particular policy of the one or more policies, has been met, the operating system agent performs one or more actions specified by the particular policy, such as disabling the client, retrieving a file from the client, erasing a file from the client, or encrypting a file on the client. The operating system agent is one or more software modules that execute in the operating system of the client.

摘要翻译： 确保客户端的技术。 BIOS代理将策略数据存储在客户机的BIOS中。 BIOS代理是在客户端的BIOS中执行的一个或多个软件模块。 策略数据描述客户端应遵循的一个或多个策略。 当操作系统代理检测到由一个或多个策略的特定策略指定的条件已经被满足时，操作系统代理执行特定策略指定的一个或多个动作，诸如禁用客户端，检索文件 从客户端删除客户端的文件，或加密客户端上的文件。 操作系统代理是在客户端的操作系统中执行的一个或多个软件模块。

公开(公告)号：US08346234B2

公开(公告)日：2013-01-01

申请号：US12321504

申请日：2009-01-21

申请人： Gaurav Banga ,  Ravi Gupta ,  Anahit Tarkhanyan

发明人： Gaurav Banga ,  Ravi Gupta ,  Anahit Tarkhanyan

IPC分类号： H04M3/00

CPC分类号： H04M1/7253 ,  G06F1/3203 ,  G06F1/3231 ,  G06F21/35 ,  G06F21/81 ,  H04M2250/02 ,  H04W52/0245 ,  Y02D10/173 ,  Y02D70/144 ,  Y02D70/166

摘要： An electronic device, for example, a laptop computer includes a processor, a transceiver module, for example, a Bluetooth module and a memory. The memory includes a platform proximity agent, which may be implemented as a series of instructions, which when executed by the processor, causes the processor to receive a Bluetooth signal from a corresponding provisioned Bluetooth device, for example, a cellular telephone. Next, determine whether the received signal exceeds both a strength threshold level and a predetermined time threshold level, where the signal strength and time threshold levels are established when the laptop and a corresponding cell phone are paired during a provisioning process. When the received signal strength and duration both exceed the corresponding policy based thresholds, the laptop enters (or remains in) a full power state with full access to the monitor and the platform. On the other hand, when the received signal strength and duration both fall below (or are less than) the corresponding policy based threshold, the laptop enters (or remains in) a reduced power, or locked state.

摘要翻译： 电子设备，例如膝上型计算机，包括处理器，收发器模块，例如蓝牙模块和存储器。 存储器包括平台邻近代理，其可以被实现为一系列指令，当由处理器执行时，处理器从相应的所提供的蓝牙设备（例如，蜂窝电话）接收蓝牙信号。 接下来，确定接收到的信号是否超过强度阈值电平和预定时间阈值电平，其中当在供应处理期间膝上型电脑和相应的蜂窝电话配对时，建立信号强度和时间阈值电平。 当接收到的信号强度和持续时间都超过相应的基于策略的阈值时，笔记本电脑进入（或保持）全功率状态，完全访问监视器和平台。 另一方面，当接收到的信号强度和持续时间都低于（或小于）相应的基于策略的阈值时，笔记本电脑进入（或保持）降低功率或锁定状态。

公开(公告)号：US20100120406A1

公开(公告)日：2010-05-13

申请号：US12321504

申请日：2009-01-21

申请人： Gaurav Banga ,  Ravi Gupta ,  Anahit Tarkhanyan

发明人： Gaurav Banga ,  Ravi Gupta ,  Anahit Tarkhanyan

IPC分类号： H04M3/00 ,  G06F1/26 ,  H04B7/00

CPC分类号： H04M1/7253 ,  G06F1/3203 ,  G06F1/3231 ,  G06F21/35 ,  G06F21/81 ,  H04M2250/02 ,  H04W52/0245 ,  Y02D10/173 ,  Y02D70/144 ,  Y02D70/166

摘要： An electronic device, for example, a laptop computer includes a processor, a transceiver module, for example, a Bluetooth module and a memory. The memory includes a platform proximity agent, which may be implemented as a series of instructions, which when executed by the processor, causes the processor to receive a Bluetooth signal from a corresponding provisioned Bluetooth device, for example, a cellular telephone. Next, determine whether the received signal exceeds both a strength threshold level and a predetermined time threshold level, where the signal strength and time threshold levels are established when the laptop and a corresponding cell phone are paired during a provisioning process. When the received signal strength and duration both exceed the corresponding policy based thresholds, the laptop enters (or remains in) a full power state with full access to the monitor and the platform. On the other hand, when the received signal strength and duration both fall below (or are less than) the corresponding policy based threshold, the laptop enters (or remains in) a reduced power, or locked state.

摘要翻译： 电子设备，例如膝上型计算机，包括处理器，收发器模块，例如蓝牙模块和存储器。 存储器包括平台邻近代理，其可以被实现为一系列指令，当由处理器执行时，处理器从相应的所提供的蓝牙设备（例如，蜂窝电话）接收蓝牙信号。 接下来，确定接收到的信号是否超过强度阈值电平和预定时间阈值电平，其中当在供应处理期间膝上型电脑和相应的蜂窝电话配对时，建立信号强度和时间阈值电平。 当接收到的信号强度和持续时间都超过相应的基于策略的阈值时，笔记本电脑进入（或保持）全功率状态，完全访问监视器和平台。 另一方面，当接收到的信号强度和持续时间都低于（或小于）相应的基于策略的阈值时，笔记本电脑进入（或保持）降低功率或锁定状态。

公开(公告)号：US20100037312A1

公开(公告)日：2010-02-11

申请号：US12538033

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： H04L9/32 ,  G06F9/24 ,  G06F21/24

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules that execute in the BIOS of the client. The policy data describes one or more policies which the client should follow. When an operating system agent detects that a condition, specified by a particular policy of the one or more policies, has been met, the operating system agent performs one or more actions specified by the particular policy, such as disabling the client, retrieving a file from the client, erasing a file from the client, or encrypting a file on the client. The operating system agent is one or more software modules that execute in the operating system of the client.

摘要翻译： 确保客户端的技术。 BIOS代理将策略数据存储在客户机的BIOS中。 BIOS代理是在客户端的BIOS中执行的一个或多个软件模块。 策略数据描述客户端应遵循的一个或多个策略。 当操作系统代理检测到由一个或多个策略的特定策略指定的条件已经被满足时，操作系统代理执行特定策略指定的一个或多个动作，诸如禁用客户端，检索文件 从客户端删除客户端的文件，或加密客户端上的文件。 操作系统代理是在客户端的操作系统中执行的一个或多个软件模块。

公开(公告)号：US08745383B2

公开(公告)日：2014-06-03

申请号：US12538044

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

摘要翻译： 确保客户端的技术。 操作系统代理是在诸如便携式计算机的客户端的操作系统中执行的一个或多个软件模块。 操作系统代理的部分可以监视客户端的资源。 操作系统代理向BIOS代理发送一条描述操作系统代理的操作状态的消息。 BIOS代理是在客户端的BIOS中操作的一个或多个软件模块。 BIOS代理根据存储在客户端的BIOS内的策略数据描述的策略来执行动作。 响应于（a）消息描述的操作状态或（b）BIOS代理在预期的时间段之后未接收到消息的情况下，BIOS代理执行动作。

公开(公告)号：US20100050244A1

公开(公告)日：2010-02-25

申请号：US12613440

申请日：2009-11-05

申请人： Anahit Tarkhanyan ,  Ravi Gupta

发明人： Anahit Tarkhanyan ,  Ravi Gupta

IPC分类号： H04L9/32 ,  G06F15/177

CPC分类号： G06F21/57 ,  G06F21/6218 ,  G06F21/88

摘要： Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.

摘要翻译： 保护客户资源免遭盗窃或未经授权访问的技术。 BIOS代理将策略数据存储在客户机的BIOS中。 BIOS代理是在客户端的BIOS中运行的一个或多个软件模块。 策略数据描述了客户端要遵循的一个或多个安全策略。 响应于客户机遵循一个或多个安全策略中的至少一个，通过指示持久存储介质的控制器来拒绝对任何实体访问存储在永久存储器上的数据的客户端的持久存储介质 除非实体向控制者提供认可的认证凭证。 以这种方式，即使永久存储介质从客户端移除，恶意用户无法访问认可的认证凭证，也不能访问存储在持久存储介质上的数据。

公开(公告)号：US08556991B2

公开(公告)日：2013-10-15

申请号：US12613440

申请日：2009-11-05

申请人： Anahit Tarkhanyan ,  Ravi Gupta

发明人： Anahit Tarkhanyan ,  Ravi Gupta

IPC分类号： G08B29/00

CPC分类号： G06F21/57 ,  G06F21/6218 ,  G06F21/88

摘要： Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.

摘要翻译： 保护客户资源免遭盗窃或未经授权访问的技术。 BIOS代理将策略数据存储在客户机的BIOS中。 BIOS代理是在客户端的BIOS中运行的一个或多个软件模块。 策略数据描述了客户端要遵循的一个或多个安全策略。 响应于客户机遵循一个或多个安全策略中的至少一个，通过指示持久存储介质的控制器来拒绝对任何实体访问存储在永久存储器上的数据的客户端的持久存储介质 除非实体向控制者提供认可的认证凭证。 以这种方式，即使永久存储介质从客户端移除，恶意用户无法访问认可的认证凭证，也不能访问存储在持久存储介质上的数据。