公开(公告)号：US6061794A

公开(公告)日：2000-05-09

申请号：US940551

申请日：1997-09-30

申请人： Michael F. Angelo ,  Sompong P. Olarig ,  David R. Wooten ,  Dan J. Driscoll

发明人： Michael F. Angelo ,  Sompong P. Olarig ,  David R. Wooten ,  Dan J. Driscoll

IPC分类号： G06F1/00 ,  G06F21/00 ,  G06F12/14

CPC分类号： G06F21/6218 ,  G06F21/606 ,  G06F21/85 ,  G06F2211/007 ,  G06F2221/2141

摘要： A system and method for performing secure peer-to-peer device communications on an I/O bus, such as a PCI bus, a Fiber Channel bus, an IEEE, 1394 bus or a Universal Serial Bus. The system includes a plurality of intelligent I/O devices, such as intelligent storage devices and/or controllers, communications devices, video devices and audio devices. The I/O devices perform peer-to-peer message and data transfers, thereby bypassing the operating system running on the computer's CPU. The intelligent I/O devices encrypt messages and data before transmitting them on the I/O bus and conversely decrypt the messages and data upon reception. The encryption provides secrecy and/or authentication of the sender. The devices use keys or passwords to encrypt/decrypt the data. The keys are stored in non-volatile memory in the devices and are distributed to the devices by the system BIOS at initialization time. The devices perform access authorization validation using rule sets also distributed by the BIOS at initialization time. The rule sets specify which I/O operations are valid for a peer I/O device to request of a respective I/O device based, preferably, upon the device class/subclasses of the requesting device. In another embodiment, one of the intelligent I/O devices may be a communications device which serves as a firewall for the I/O bus. In this embodiment, the rule set further includes identification information of the remote machines/devices.

摘要翻译： 用于在诸如PCI总线，光纤通道总线，IEEE，1394总线或通用串行总线的I / O总线上执行安全的对等设备通信的系统和方法。 该系统包括多个智能I / O设备，诸如智能存储设备和/或控制器，通信设备，视频设备和音频设备。 I / O设备执行对等消息和数据传输，从而绕过计算机CPU上运行的操作系统。 智能I / O设备在I / O总线上传输消息和数据之前加密消息和数据，并在接收时反向解密消息和数据。 加密提供发送者的保密和/或认证。 设备使用密钥或密码来加密/解密数据。 密钥存储在设备的非易失性存储器中，并在初始化时由系统BIOS分发给设备。 这些设备使用在BIOS初始化时分配的规则集执行访问授权验证。 规则集指定哪个I / O操作对于对等I / O设备有效，以优选地基于请求设备的设备类/子类来请求相应的I / O设备。 在另一个实施例中，智能I / O设备中的一个可以是用作I / O总线的防火墙的通信设备。 在该实施例中，规则集还包括远程机器/设备的识别信息。

公开(公告)号：US06477799B1

公开(公告)日：2002-11-12

申请号：US09523858

申请日：2000-03-13

申请人： Carol Erickson ,  Kenneth Jansen ,  David R. Wooten ,  Guy McSwain ,  Michael F. Angelo ,  Keith Lutsch

发明人： Carol Erickson ,  Kenneth Jansen ,  David R. Wooten ,  Guy McSwain ,  Michael F. Angelo ,  Keith Lutsch

IPC分类号： G09F1900

CPC分类号： G09F19/02

摘要： A self-orienting logo assembly so that the logo is always in a horizontal orientation. In the preferred embodiments the logo is located on a disk. The disk is weighted or otherwise designed to have its weight distributed nonuniformly. The disk is located inside a housing. The housing is attached to the computer or other equipment bearing the logo. When the housing is located in a vertical plane the disk rotates to allow the logo to remain horizontal. The disk can be rotationally mounted to the housing or can be suspended in liquid. In an alternate embodiment the disk can have a magnet incorporated so that when the disk is in a horizontal orientation it can act as a compass. In another embodiment a portion of the disk is removed and the housing contains an additional logo or wording. The rotation of the disk can then cover or expose the additional logo or wording.

摘要翻译： 一个自我定向的标志组合，使标识始终处于水平方向。 在优选实施例中，徽标位于盘上。 磁盘被称重或以其他方式设计为使其重量分布不均匀。 磁盘位于外壳内。 外壳连接到带有标志的计算机或其他设备上。 当壳体位于垂直平面中时，盘旋转以允许标志保持水平。 盘可以旋转地安装到壳体上或者可以悬浮在液体中。 在替代实施例中，盘可以具有并入的磁体，使得当盘处于水平取向时，其可以用作罗盘。 在另一个实施例中，盘的一部分被移除并且壳体包含附加标志或措词。 磁盘的旋转可以覆盖或暴露额外的标志或措词。

公开(公告)号：US6085299A

公开(公告)日：2000-07-04

申请号：US974734

申请日：1997-11-19

申请人： Michael F. Angelo ,  Craig A. Miller ,  David R. Wooten

发明人： Michael F. Angelo ,  Craig A. Miller ,  David R. Wooten

IPC分类号： G06F1/00 ,  G06F11/00 ,  G06F12/14 ,  G06F21/00 ,  G06F12/16

CPC分类号： G06F21/56 ,  G06F11/004 ,  G06F21/572 ,  G06F12/1433 ,  G06F2211/1097

摘要： A secure start-up system for a computer enables a flash memory to be reset in a secured way. Various operations are carried out to make sure that the reset is an authorized one, and to avoid unauthorized, e.g. virus, infiltration. These operations include multiple tests to avoid the probability of the reset being unauthorized. Any one or more than one of the following can be used. Flashing is only authorized when a special flash enable bit is set in the non-volatile memory. This flash enable bit is reset during every startup cycle. Flashing is only authorized from a cold boot as opposed from a warm boot. This minimizes the possibility of a computer routine authorizing flashing by a software reset. Flashing is only authorized from a floppy. This prevents a virus from writing the flashing routine to the boot sector of a non-removable disc. The user is warned prior to flashing, and asked to confirm. Finally, contents of the flashing routine can be checked using some kind of checking algorithm such as a secure hash algorithm.

摘要翻译： 用于计算机的安全启动系统使得可以以安全的方式重置闪存。 执行各种操作以确保复位是授权的，并且避免未经授权的复位。 病毒，渗透。 这些操作包括多个测试，以避免重置未经授权的可能性。 可以使用以下任何一个或多于一个。 只有在非易失性存储器中设置了特殊闪光使能位时，闪存才被授权。 每个启动周期中，该闪存使能位都被复位。 闪电只能从冷启动授权，而不是热启动。 这样可以最大程度地减少计算机程序授权通过软件重置闪烁的可能性。 闪烁只能从软盘授权。 这样可以防止病毒将闪存例程写入不可移动光盘的引导扇区。 在闪烁之前警告用户，并要求确认。 最后，可以使用诸如安全散列算法的某种检查算法检查闪烁例程的内容。

公开(公告)号：US5748940A

公开(公告)日：1998-05-05

申请号：US516276

申请日：1995-08-17

申请人： Michael F. Angelo ,  Craig A. Miller ,  David R. Wooten

发明人： Michael F. Angelo ,  Craig A. Miller ,  David R. Wooten

IPC分类号： G06F1/00 ,  G06F11/00 ,  G06F12/14 ,  G06F21/00 ,  G06F12/16

CPC分类号： G06F21/56 ,  G06F11/004 ,  G06F21/572 ,  G06F12/1433 ,  G06F2211/1097

摘要： A secure start-up system for a computer enables a flash memory to be reset in a secured way. Various operations are carried out to make sure that the reset is an authorized one, and to avoid unauthorized, e.g. virus, infiltration. These operations include multiple tests to avoid the probability of the reset being unauthorized. Any one or more than one of the following can be used. Flashing is only authorized when a special flash enable bit is set in the non-volatile memory. This flash enable bit is reset during every startup cycle. Flashing is only authorized from a cold boot as opposed from a warm boot. This minimizes the possibility of a computer routine authorizing flashing by a software reset. Flashing is only authorized from a floppy. This prevents a virus from writing the flashing routine to the boot sector of a non-removable disc. The user is warned prior to flashing, and asked to confirm. Finally, contents of the flashing routine can be checked using some kind of checking algorithm such as a secure hash algorithm.

公开(公告)号：US08850562B2

公开(公告)日：2014-09-30

申请号：US12821197

申请日：2010-06-23

申请人： David R. Wooten

发明人： David R. Wooten

IPC分类号： G06F12/14 ,  G06F21/00

CPC分类号： G06F12/14 ,  G06F21/00 ,  G06F21/31 ,  G06F21/45 ,  G06F21/72

摘要： Architecture that utilizes logical combinations (e.g., of Boolean logic) of authorizations as a logical authorization expression that is computed through a proofing process to a single proof value which equates to authorizing access to an intended entity. The authorizations are accumulated and processed incrementally according to an evaluation order defined in the authorization expression. The logical combinations can include Boolean operations that evaluate to a proof value associated with a sum of products expression (e.g., combinations of AND, OR, etc.). The incremental evaluations output corresponding hash values as statistically unique identifiers used in a secure hash algorithm that when evaluated in order allow execution of a specific command to access the entity. The architecture, employed in a trust module, uses minimal internal trust module state, and can be employed as part of a device system that handles trust processing to obtain authorization to access the intended entity.

摘要翻译： 使用授权的逻辑组合（例如，布尔逻辑）作为逻辑授权表达式的架构，其通过校验过程被计算为单个证明值，这相当于授权对预期实体的访问。 根据授权表达式中定义的评估顺序对授权进行累加和处理。 逻辑组合可以包括评估与产品表达式（例如AND，OR等的组合）相关联的证明值的布尔运算。 增量评估输出相应的散列值作为在安全散列算法中使用的统计唯一标识符，当按照特定命令进行评估时，可以执行访问实体。 在信任模块中使用的架构使用最小的内部信任模块状态，并且可以用作处理信任处理以获得访问预期实体的授权的设备系统的一部分。

公开(公告)号：US08200952B2

公开(公告)日：2012-06-12

申请号：US11586283

申请日：2006-10-25

申请人： David R. Wooten ,  Eric Holt ,  Stefan Thom ,  Tony Ureche ,  Dan Sledz ,  Douglas M. Maclver

发明人： David R. Wooten ,  Eric Holt ,  Stefan Thom ,  Tony Ureche ,  Dan Sledz ,  Douglas M. Maclver

IPC分类号： G06F21/00

CPC分类号： G07F7/1008 ,  G06F21/34 ,  G06F21/575 ,  G06Q20/3415 ,  G06Q20/3563 ,  G06Q20/388 ,  G06Q20/40 ,  G06Q20/409

摘要： Firmware of a system is configured to allow secondary devices, such as a smart card, to be used for authentication. In an example embodiment, the secondary device is a CCID smart card in compliance with the ISO 7816 specification. The smart card is inserted into a card reader coupled to the system prior to booting the system. The firmware comprises an emulator and driver configured to allow authentication information from the smart card to be utilized to allow execution of the boot process. In an example embodiment, the smart card comprises external keys for use with BITLOCKER™. The secondary device is compatible with systems implementing a BIOS and with systems implementing EFI. Authentication also can be accomplished via devices that do not provide data storage, such as a biometric device or the like.

摘要翻译： 系统的固件被配置为允许诸如智能卡的辅助设备用于认证。 在示例实施例中，辅助设备是符合ISO 7816规范的CCID智能卡。 在引导系统之前，将智能卡插入耦合到系统的读卡器。 固件包括仿真器和驱动器，其被配置为允许来自智能卡的认证信息被用于允许执行引导过程。 在示例实施例中，智能卡包括用于与BITLOCKER TM一起使用的外部键。 辅助设备与实施BIOS的系统以及实施EFI的系统兼容。 认证也可以通过不提供数据存储的设备来实现，例如生物测定设备等。

公开(公告)号：US20090100516A1

公开(公告)日：2009-04-16

申请号：US11872220

申请日：2007-10-15

申请人： Kenneth D. Ray ,  Kevin M. Litwack ,  David R. Wooten

发明人： Kenneth D. Ray ,  Kevin M. Litwack ,  David R. Wooten

IPC分类号： H04L9/32 ,  G06F15/177

CPC分类号： G06F15/177 ,  G06F9/4418 ,  G06F21/31 ,  G06F21/81

摘要： Procedures for resumption from a low activity condition are discussed. In implementations, a persistent state file, or a portion thereof, is secured via an encryption algorithm, with the decryption key secured via the operating system (OS) login user credentials. Once a user is authenticated via the OS login, the persistent state file may be decrypted and inserted in the OS boot path with resumption occurring through the persistent state file.

摘要翻译： 讨论从低活动条件恢复的程序。 在实现中，经由加密算法来保护持久状态文件或其一部分，其中解密密钥通过操作系统（OS）登录用户凭证得到保护。 一旦用户通过OS登录认证，持久状态文件可以被解密并插入到OS引导路径中，并通过持久状态文件进行恢复。

公开(公告)号：US06529984B1

公开(公告)日：2003-03-04

申请号：US09537347

申请日：2000-03-29

申请人： Michael D. Johas Teener ,  David R. Wooten

发明人： Michael D. Johas Teener ,  David R. Wooten

IPC分类号： G06F1314

CPC分类号： G06F13/14 ,  G06F13/368

摘要： A multiphase IEEE 1394 network of nodes requires all nodes to broadcast their current understanding of the phase of the bus (e.g., odd or even). Even if a node is not requesting ownership of the bus, it must send a message that indicates which phase that node believes to be the current phase of the network. If a node that does not need ownership of the bus believes the bus currently is in the odd phase, then that node will transmit a “None_odd” message indicating the node's understanding that the bus is in the odd phase. Similarly, if a node that does not need the bus believes the bus currently is in the even phase, then that node will transmit a “None_even” message indicating the node's understanding that the bus is in the even phase. Preferably, the current bus owner will not switch the phase of the bus until all nodes have a correct understanding of the current phase of the bus.

摘要翻译： 多节点IEEE 1394节点网络要求所有节点广播他们目前对总线相位的理解（例如奇数或偶数）。 即使节点没有请求总线的所有权，它也必须发送一条消息，指示该节点认为是网络当前阶段的哪个阶段。 如果不需要总线所有权的节点相信总线当前处于奇数阶段，那么该节点将发送一个“None_odd”消息，指示节点了解总线处于奇数阶段。 类似地，如果不需要总线的节点相信总线当前处于偶数阶段，则该节点将发送一个“无限制”消息，指示节点了解总线处于偶数阶段。 优选地，当前总线所有者将不会切换总线的相位，直到所有节点正确理解总线的当前阶段为止。

公开(公告)号：US06327308B1

公开(公告)日：2001-12-04

申请号：US08858774

申请日：1997-05-19

申请人： David R. Wooten

发明人： David R. Wooten

IPC分类号： H04B300

CPC分类号： H04L25/49

摘要： Information is sent on a pair of conductors by sending some of the information by driving the pair of conductors in accordance with a primary signaling character set having two distinct information-carrying characters, and sending other information by driving the pair of conductors in accordance with a third distinct information-carrying character represented by a predefined state of the pair of conductors.

摘要翻译： 通过根据具有两个不同的信息携带字符的主信令字符集驱动一对导体，通过发送一些信息来发送信息，并通过根据一个导体来驱动该对导体来发送其他信息 由该对导体的预定状态表示的第三不同的信息载体。

公开(公告)号：US5911152A

公开(公告)日：1999-06-08

申请号：US711357

申请日：1996-09-05

申请人： David R. Wooten

发明人： David R. Wooten

IPC分类号： G06F5/10 ,  G06F13/38 ,  G06F12/00

CPC分类号： G06F5/10 ,  G06F13/387

摘要： A computer system and method for storing data in pages of memory according to a data structure which is stored within the memory and identifies the pages of data. The data structure includes a beginning buffer pointer and an ending buffer pointer. The beginning and ending buffer pointers have page address portions and base address portions. The base address portion of the beginning buffer pointer is changed each time a data location is accessed. The page address portion of the beginning buffer pointer is replaced with the page address portion of the ending buffer pointer when the base address portion of the beginning buffer pointer reaches a page boundary.

摘要翻译： 一种计算机系统和方法，用于根据存储在存储器内并识别数据页面的数据结构存储存储器页面中的数据。 数据结构包括一个起始缓冲区指针和一个结束缓冲区指针。 开始和结束缓冲区指针具有页面地址部分和基址部分。 每次访问数据位置时，开始缓冲区指针的基址部分都会更改。 当开始缓冲区指针的基址部分到达页面边界时，开始缓冲区指针的页面地址部分被替换为结束缓冲区指针的页面地址部分。