公开(公告)号：US07174465B2

公开(公告)日：2007-02-06

申请号：US10180160

申请日：2002-06-26

申请人： Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  William Fred Keown, Jr. ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  William Fred Keown, Jr. ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： G06F21/57

摘要： A method is disclosed for securely updating system attributes of a client computer with a BIOS and includes signing a public key of a secure server with a private key of the BIOS prior to completion of manufacturing of the client computer to create an encrypted public key and embedded private key stored at the server. The method includes receiving at the server a request packet transmitted from the client computer requesting system attribute modification, encrypting the request packet to create an encrypted packet, and transmitting a return packet to client computer comprising the encrypted packet, the server's public key, and server instructions. The client computer decrypts the request packet using the server's public key and compares it to the original request packet, and if identical, executes the server instructions to modify the client computer's boot block to update client computer's system attributes.

摘要翻译： 公开了一种用于使用BIOS安全地更新客户端计算机的系统属性的方法，并且包括在完成客户端计算机的制造之前用BIOS的私钥对安全服务器的公共密钥进行签名以创建加密的公共密钥并且嵌入 私钥存储在服务器端。 该方法包括在服务器处接收从客户端计算机发送的请求系统属性修改的请求分组，对请求分组进行加密以创建加密的分组，以及向包括加密分组，服务器的公钥和服务器的客户端计算机发送返回分组 说明。 客户端计算机使用服务器的公钥解密请求包，并将其与原始请求包进行比较，如果相同，则执行服务器指令修改客户端计算机的启动块以更新客户端计算机的系统属性。

公开(公告)号：US06990515B2

公开(公告)日：2006-01-24

申请号：US10135010

申请日：2002-04-29

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： G06F1/26 ,  G06F15/173

CPC分类号： G06F21/575 ,  H04L63/12

摘要： In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from an administration system in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. If the incoming packet matches the particular data sequence associated with the sleeping computer, the sleeping computer transmits a reply message to the administration system. Upon receiving the reply, the administration system modifies the reply message in a predetermined manner and transmits the modified reply to the sleeping computer. If the sleeping computer determines the reply message was modified in the predetermined manner, then a signal is issued to wake the sleeping computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awakened.

公开(公告)号：US07082129B2

公开(公告)日：2006-07-25

申请号：US10134936

申请日：2002-04-29

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Chad Lee Gettelfinger ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： H04L12/28

CPC分类号： G06F1/3209 ,  H04L12/12 ,  H04L45/20 ,  Y02D50/40

摘要： In a computer network including a plurality of interconnected computers, one of the computers being a sleeping computer in a power down state, the sleeping computer listening for a packet associated with the sleeping computer, a method and system of waking the sleeping computer from the computer network. An incoming packet of data is transmitted from one of the computers in the network to the sleeping computer. When the sleeping computer detects the incoming packet, it determines if the incoming packet contains a data sequence associated with the sleeping computer. Further, the sleeping computer compares a transit value in the incoming packet to a predetermined value stored at the sleeping computer. The transit value indicates how far the data packet has traveled through the network, indicating the approximate origin of the data packet. Knowing the approximate origin of the data packet allows the client system to identify if the data packet originated from an external network. The predetermined value represents an origin within the internal network. Accordingly, if the incoming packet matches the particular data sequence associated with the sleeping computer, and the transit value in the packet matches the predetermined value stored at the sleeping computer, then a signal is issued to wake the sleeping computer. Otherwise, the incoming packet is discarded and the sleeping computer is not awaken.

摘要翻译： 在包括多个相互连接的计算机的计算机网络中，计算机中的一个是处于断电状态的休眠计算机，睡眠计算机监听与休眠计算机相关联的分组，从计算机唤醒睡眠计算机的方法和系统 网络。 传入的数据包从网络中的一台计算机发送到睡眠计算机。 当睡眠计算机检测到传入分组时，它确定传入分组是否包含与睡眠计算机相关联的数据序列。 此外，睡眠计算机将输入分组中的传输值与存储在睡眠计算机上的预定值进行比较。 传输值表示数据分组通过网络传播的距离，指示数据分组的近似来源。 知道数据包的近似来源允许客户端系统识别数据包是否源自外部网络。 预定值表示内部网络内的原点。 因此，如果输入分组与休眠计算机相关联的特定数据序列匹配，并且分组中的传输值与存储在睡眠计算机上的预定值匹配，则发出信号以唤醒睡眠计算机。 否则，传入的数据包被丢弃，并且睡眠的计算机没有被唤醒。

公开(公告)号：US08862709B2

公开(公告)日：2014-10-14

申请号：US11955886

申请日：2007-12-13

申请人： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC分类号： G06F9/44 ,  H04L29/08 ,  H04L29/12 ,  G06F15/177 ,  H04N21/443

CPC分类号： G06F9/4416 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4408 ,  G06F15/177 ,  H04L29/12235 ,  H04L67/34 ,  H04N21/443

摘要： Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.

摘要翻译： 可以考虑通过用于具有LAN唤醒（WOL）功能的计算机的WOL分组来远程选择可启动图像的系统和布置。 服务器端实施例包括用于确定要管理的客户机的硬件和/或软件，确定客户端是否在网络上是活动的，以及发送具有向量的WOL分组或操作系统分区标识（OSPID）来描述可引导的 WOL功能的计算机可访问的图像。 一些实施例可以包括指向安全可启动图像的OSPID，例如硬盘驱动器上的可引导映像，连接到计算机的光盘（CD）或其他本地资源。 客户端实施例可以在例如网络接口卡（NIC）处接收WOL分组，识别WOL分组包括描述可启动图像引导的OSPID，并且实现替代的引导顺序以从该可启动图像引导 。

公开(公告)号：US08677117B2

公开(公告)日：2014-03-18

申请号：US10749583

申请日：2003-12-31

申请人： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC分类号： H04L29/06

CPC分类号： G06F9/4416 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4408 ,  G06F15/177 ,  H04L29/12235 ,  H04L67/34 ,  H04N21/443

摘要： Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.

公开(公告)号：US20080155075A1

公开(公告)日：2008-06-26

申请号：US11955886

申请日：2007-12-13

申请人： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Richard Alan Dayan ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Howard Jeffrey Locker ,  Randall Scott Springfield

IPC分类号： G06F15/177

CPC分类号： G06F9/4416 ,  G06F9/4401 ,  G06F9/4406 ,  G06F9/4408 ,  G06F15/177 ,  H04L29/12235 ,  H04L67/34 ,  H04N21/443

摘要： Systems and arrangements for remotely selecting a bootable image via a WOL packet for a wake-on-LAN (WOL) capable computer are contemplated. Server-side embodiments include hardware and/or software for determining a client to be managed, determining whether the client is active on the network, and transmitting a WOL packet having a vector, or operating system partition identification (OSPID), to describe a bootable image accessible by the WOL capable computer. Some embodiments may include an OSPID that points to a secure bootable image such as a bootable image on a hard drive, a compact disk (CD) connected to the computer, or other local resource. Client-side embodiments may receive the WOL packet at, for instance, a network interface card (NIC), recognize that the WOL packet includes an OSPID that describes the bootable image to boot, and implement an alternative boot sequence to boot from that bootable image.

摘要翻译： 可以考虑通过用于具有LAN唤醒（WOL）功能的计算机的WOL分组来远程选择可启动图像的系统和布置。 服务器端实施例包括用于确定要管理的客户机的硬件和/或软件，确定客户端是否在网络上是活动的，以及发送具有向量的WOL分组或操作系统分区标识（OSPID）来描述可引导的 WOL功能的计算机可访问的图像。 一些实施例可以包括指向安全可启动图像的OSPID，例如硬盘驱动器上的可引导映像，连接到计算机的光盘（CD）或其他本地资源。 客户端实施例可以在例如网络接口卡（NIC）处接收WOL分组，识别WOL分组包括描述可启动图像引导的OSPID，并且实现替代引导顺序以从该可启动图像引导 。

公开(公告)号：US06925557B2

公开(公告)日：2005-08-02

申请号：US10055452

申请日：2001-10-26

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： G06F9/445 ,  G06F15/177 ,  G06F21/57 ,  G06F13/00

CPC分类号： G06F21/575 ,  G06F9/4406 ,  G06F15/177

摘要： A method, system and computer readable medium containing programming instructions for booting a computer system having a plurality of devices is disclosed. They include provisions for initiating a boot sequence in the computer system and determining whether a device of the plurality of devices is either a bootable device or a nonbootable device. If the device is a nonbootable device, a clean restart of the boot sequence is performed, wherein the nonbootable device is bypassed during the clean restart.

摘要翻译： 公开了一种包含用于启动具有多个设备的计算机系统的编程指令的方法，系统和计算机可读介质。 它们包括在计算机系统中启动引导顺序并确定多个设备中的设备是可引导设备还是不可引导设备的规定。 如果设备是不可引导设备，则执行启动顺序的干净重新启动，其中在干净重新启动期间将绕过不可引导设备。

公开(公告)号：US07814532B2

公开(公告)日：2010-10-12

申请号：US09847085

申请日：2001-05-02

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： G06F7/04 ,  G08B29/00 ,  G06F9/00 ,  G06F15/177

CPC分类号： G06F21/575

摘要： A data processing system and method of password protecting the boot of a data processing system are disclosed. According to the method, in response to an attempt to boot the data processing system utilizing a boot device, the boot device is interrogated for a password. If the boot device supplies password information corresponding to that of a trusted boot device, the data processing system boots utilizing the boot device. If, however, the boot device does not supply password information corresponding to that of a trusted boot device, booting from the boot device is inhibited. In a preferred embodiment, the password information comprises a unique combination of the boot device's manufacturer-supplied model and serial numbers.

摘要翻译： 公开了一种密码保护数据处理系统引导的数据处理系统和方法。 根据该方法，响应于利用引导设备引导数据处理系统的尝试，引导设备被询问密码。 如果引导设备提供与可信引导设备的密码信息相对应的密码信息，则数据处理系统使用引导设备引导。 但是，如果引导设备不提供与受信任引导设备相对应的密码信息，则禁止从引导设备引导。 在优选实施例中，密码信息包括引导设备的制造商提供的模型和序列号的唯一组合。

公开(公告)号：US07191464B2

公开(公告)日：2007-03-13

申请号：US09978381

申请日：2001-10-16

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： H04L9/32 ,  G06F15/177

CPC分类号： G06F21/575

摘要： A method, system and computer readable medium containing programming instructions for tracking a secure boot in a computer system having a plurality of devices is disclosed. The method, system and computer readable medium include providing an embedded security system (ESS) in the computer system, wherein the ESS includes at least one boot platform configuration register (PCR) and a shadow PCR for each of the at least one boot PCRs, initiating a platform reset to boot the computer system via BIOS, and, for a device booted, generating a measurement value for the device and extending that value to one of the at least one boot PCRs and its corresponding shadow PCR. The system, method and computer readable medium of the present invention also includes comparing the measurement values of the boot PCRs to their corresponding shadow PCRs, whereby the computer system is trusted if the measurement values match.

摘要翻译： 公开了一种包含用于在具有多个设备的计算机系统中跟踪安全引导的编程指令的方法，系统和计算机可读介质。 所述方法，系统和计算机可读介质包括在所述计算机系统中提供嵌入式安全系统（ESS），其中所述ESS包括用于所述至少一个启动PCR中的每一个的至少一个引导平台配置寄存器（PCR）和阴影PCR， 启动平台重置以通过BIOS引导计算机系统，并且对于引导的设备，生成所述设备的测量值并将该值扩展到所述至少一个启动PCR中的一个及其相应的阴影PCR。 本发明的系统，方法和计算机可读介质还包括将引导PCR的测量值与其相应的阴影PCR进行比较，从而如果测量值匹配，则计算机系统被信任。

公开(公告)号：US07490250B2

公开(公告)日：2009-02-10

申请号：US10012170

申请日：2001-10-26

申请人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

发明人： Daryl Carvis Cromer ,  Joseph Wayne Freeman ,  Steven Dale Goodman ,  Eric Richard Kern ,  Randall Scott Springfield

IPC分类号： H04L9/32

CPC分类号： G06F21/554 ,  G06F21/575

摘要： A method, system and computer readable medium containing programming instructions for detecting a tamper event in a computer system having an embedded security system (ESS), a trusted operating system, and a plurality of devices is disclosed. The method, system and computer readable medium of the present invention provide for receiving a tamper signal in the ESS, and locking the tamper signal in the ESS. According to the method, system and computer readable medium of the present invention, the trusted operating system is capable of detecting the tamper signal in the ESS.

摘要翻译： 公开了一种包含用于检测具有嵌入式安全系统（ESS），可信操作系统和多个设备的计算机系统中的篡改事件的编程指令的方法，系统和计算机可读介质。 本发明的方法，系统和计算机可读介质提供在ESS中接收篡改信号，并将篡改信号锁定在ESS中。 根据本发明的方法，系统和计算机可读介质，可信操作系统能够检测ESS中的篡改信号。