公开(公告)号：US20070006307A1

公开(公告)日：2007-01-04

申请号：US11174315

申请日：2005-06-30

申请人： Scott Hahn ,  Travis Schluessler ,  Carey Smith ,  Ravi Sahita ,  Howard Herbert

发明人： Scott Hahn ,  Travis Schluessler ,  Carey Smith ,  Ravi Sahita ,  Howard Herbert

IPC分类号： G06F12/14

CPC分类号： G06F21/556 ,  G06F2221/2149

摘要： Embodiments of the invention are generally directed to systems, apparatuses, and methods for a host software presence check from an isolated partition. In an embodiment, a presence verification component is located within an isolated partition. The isolated partition may be, for example, a service processor or a virtual partition implemented on a host platform. The presence verification component determines whether a host software agent is executing on the host platform. In one embodiment, the presence verification component initiates a remedial action, if the host software agent is not executing on the host platform. Other embodiments are described and claimed.

摘要翻译： 本发明的实施例一般涉及用于从孤立分区进行主机软件存在检查的系统，装置和方法。 在一个实施例中，存在验证组件位于隔离分区内。 隔离分区可以是例如在主机平台上实现的服务处理器或虚拟分区。 存在验证组件确定主机软件代理是否在主机平台上执行。 在一个实施例中，如果主机软件代理未在主机平台上执行，则存在验证组件发起补救动作。 描述和要求保护其他实施例。

公开(公告)号：US20070143555A1

公开(公告)日：2007-06-21

申请号：US11316068

申请日：2005-12-19

申请人： Daniel Nemiroff ,  Howard Herbert ,  Nimrod Diamant ,  Moshe Maor ,  Carey Smith ,  Amber Huffman ,  Fran Corrado ,  Michael Rothman ,  Vincent Zimmer

发明人： Daniel Nemiroff ,  Howard Herbert ,  Nimrod Diamant ,  Moshe Maor ,  Carey Smith ,  Amber Huffman ,  Fran Corrado ,  Michael Rothman ,  Vincent Zimmer

IPC分类号： G06F12/14

CPC分类号： G06F21/805

摘要： A computer system is disclosed. The computer system includes a storage device, a device controller and a chipset. The device controller includes lock registers having values that correspond to the ranges of locked sectors of the storage device. The lock registers verify if a storage device access request is targeted for ranges of sectors of the storage device that are locked. The chipset includes an embedded controller to authenticate the storage device access request and to manage configuration of the storage device.

摘要翻译： 公开了一种计算机系统。 计算机系统包括存储设备，设备控制器和芯片组。 设备控制器包括具有对应于存储设备的锁定扇区的范围的值的锁定寄存器。 锁定寄存器验证存储设备访问请求是否针对被锁定的存储设备的扇区范围。 该芯片组包括用于认证存储设备访问请求并管理存储设备的配置的嵌入式控制器。

公开(公告)号：US20060080672A1

公开(公告)日：2006-04-13

申请号：US10937755

申请日：2004-09-08

申请人： Carey Smith ,  Howard Herbert

发明人： Carey Smith ,  Howard Herbert

IPC分类号： G06F9/44

CPC分类号： G06F21/57 ,  G06F1/3209 ,  G06F9/5011 ,  G06F9/5016 ,  G06F11/1441

摘要： Described is a computing platform comprising a host processing system to host an operating system, a communication adapter to transmit data to or and receive data from a data transmission medium, and a non-volatile storage. The computing platform may also comprise an agent executable independently of the operating system to enable read-only or read/write access to at least a portion of the non-volatile storage.

摘要翻译： 描述了一种计算平台，包括主机操作系统的主机处理系统，用于向数据传输介质发送数据或从数据传输介质接收数据的通信适配器以及非易失性存储器。 计算平台还可以包括可独立于操作系统执行的代理，以实现对非易失性存储器的至少一部分的只读或读/写访问。

公开(公告)号：US08799428B2

公开(公告)日：2014-08-05

申请号：US11026712

申请日：2004-12-30

申请人： Howard Herbert ,  Moshe Maor

发明人： Howard Herbert ,  Moshe Maor

IPC分类号： G06F15/177

CPC分类号： G06F9/4416 ,  G06F8/61

摘要： In one embodiment, a networked device includes a main platform having a processor, a memory and a basic input/output system (BIOS), and a management subsystem coupled to the main platform to provision the main platform irrespective of the presence of an operating system on the main platform.

摘要翻译： 在一个实施例中，联网设备包括具有处理器，存储器和基本输入/输出系统（BIOS）的主平台以及耦合到主平台的管理子系统以提供主平台，而不管存在操作系统 在主平台上。

公开(公告)号：US20060168196A1

公开(公告)日：2006-07-27

申请号：US11026712

申请日：2004-12-30

申请人： Howard Herbert ,  Moshe Maor

发明人： Howard Herbert ,  Moshe Maor

IPC分类号： G06F15/16 ,  G06F15/177 ,  G06F15/173

CPC分类号： G06F9/4416 ,  G06F8/61

摘要： In one embodiment, a networked device includes a main platform having a processor, a memory and a basic input/output system (BIOS), and a management subsystem coupled to the main platform to provision the main platform irrespective of the presence of an operating system on the main platform.

摘要翻译： 在一个实施例中，联网设备包括具有处理器，存储器和基本输入/输出系统（BIOS）的主平台以及耦合到主平台的管理子系统以提供主平台，而不管存在操作系统 在主平台上。

公开(公告)号：US20170185814A1

公开(公告)日：2017-06-29

申请号：US14757398

申请日：2015-12-23

申请人： Ned Smith ,  Sven Schrecker ,  Willard Wiseman ,  David Clark ,  Jennifer Gilburg De Magnin ,  Howard Herbert

发明人： Ned Smith ,  Sven Schrecker ,  Willard Wiseman ,  David Clark ,  Jennifer Gilburg De Magnin ,  Howard Herbert

IPC分类号： G06K7/10

CPC分类号： G06F21/00 ,  G06K7/10257 ,  G06Q10/10 ,  G06Q50/10 ,  G06Q2220/00 ,  H04L9/0819

摘要： Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.

公开(公告)号：US07979702B2

公开(公告)日：2011-07-12

申请号：US11027452

申请日：2004-12-29

申请人： Howard Herbert ,  Moshe Maor

发明人： Howard Herbert ,  Moshe Maor

IPC分类号： G06F17/60

CPC分类号： G06F21/6245 ,  G06Q20/3674

摘要： In one embodiment, a method includes receiving a decommission command from a management console, determining that the decommission command is authentic, and disabling the manageability functions of a management subsystem on a managed device.

摘要翻译： 在一个实施例中，一种方法包括从管理控制台接收停用命令，确定停用命令是真实的，以及禁用被管理设备上的管理子系统的可管理性功能。

公开(公告)号：US20060143475A1

公开(公告)日：2006-06-29

申请号：US11024583

申请日：2004-12-29

申请人： Howard Herbert ,  Moshe Maor

发明人： Howard Herbert ,  Moshe Maor

IPC分类号： G06F12/14

CPC分类号： H04L63/0428 ,  H04L63/0478

摘要： A method according to one embodiment may include: receiving a first encrypted signal at a server of a computing network, the first encrypted signal comprising firmware encrypted by a first encryption algorithm having a first complexity level; sending a second encrypted signal over the computing network to at least one managed client in response to the first encrypted signal, the second encrypted signal comprising the firmware encrypted by a second encryption algorithm having a second complexity level, wherein said first complexity level is greater than said second complexity level; and updating existing firmware of the at least one managed client in response to receipt of the second signal at the at least one managed client. Of course, many alternatives, variations, and modifications are possible without departing from this embodiment.

摘要翻译： 根据一个实施例的方法可以包括：在计算网络的服务器处接收第一加密信号，所述第一加密信号包括由具有第一复杂度级别的第一加密算法加密的固件; 响应于所述第一加密信号，通过所述计算网络向所述至少一个被管理客户端发送第二加密信号，所述第二加密信号包括由具有第二复杂度级别的第二加密算法加密的固件，其中所述第一复杂度级别大于 说第二复杂度水平; 以及响应于所述至少一个被管理的客户端上的所述第二信号的接收，更新所述至少一个受管客户端的现有固件。 当然，在不偏离本实施例的情况下，可以进行许多替代，变化和修改。

公开(公告)号：US20050188198A1

公开(公告)日：2005-08-25

申请号：US11115829

申请日：2005-04-26

申请人： Carl Ellison ,  Roger Golliver ,  Howard Herbert ,  Derrick Lin ,  Francis McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James Sutton ,  Shreekant Thakkar ,  Millind Mittal

发明人： Carl Ellison ,  Roger Golliver ,  Howard Herbert ,  Derrick Lin ,  Francis McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James Sutton ,  Shreekant Thakkar ,  Millind Mittal

IPC分类号： G06F12/14 ,  G06F15/00 ,  G06F21/00 ,  H04L9/00

CPC分类号： G06F12/1491 ,  G06F21/57 ,  G06F21/74

摘要： An example processing system comprises a processor to execute in an isolated execution mode in a ring 0 operating mode. The processor also supports one or more higher ring operating modes, as well as a normal execution mode. The processing system also comprises memory, as well as a machine-accessible medium having instructions. When the processing system executes the instructions, the processing system configures the processor to run in the isolated execution mode, configures the processing system to establish an isolated memory area in the memory, and loads initialization software into the isolated memory area. The processing system may provide a manifest that represents the initialization software. The initialization software may be verified, based at least in part on the manifest.

摘要翻译： 示例处理系统包括处理器，其以环0操作模式以孤立执行模式执行。 处理器还支持一个或多个较高环操作模式以及正常执行模式。 处理系统还包括存储器以及具有指令的机器可访问介质。 当处理系统执行指令时，处理系统将处理器配置为以隔离执行模式运行，配置处理系统以在存储器中建立隔离的存储器区域，并将初始化软件加载到隔离存储器区域中。 处理系统可以提供表示初始化软件的清单。 至少部分地基于清单来验证初始化软件。

公开(公告)号：US20060206943A1

公开(公告)日：2006-09-14

申请号：US11386269

申请日：2006-03-21

申请人： Carl Ellison ,  Roger Golliver ,  Howard Herbert ,  Derrick Lin ,  Francis McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James Sutton ,  Shreekant Thakkar ,  Millind Mittal

发明人： Carl Ellison ,  Roger Golliver ,  Howard Herbert ,  Derrick Lin ,  Francis McKeen ,  Gilbert Neiger ,  Ken Reneris ,  James Sutton ,  Shreekant Thakkar ,  Millind Mittal

IPC分类号： H04N7/16

CPC分类号： G06F21/53 ,  G06F9/468 ,  G06F21/562 ,  G06F21/57 ,  G06F21/74 ,  G06F2221/2105

摘要： A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.

摘要翻译： 处理系统具有处理器，该处理器可以在正常环0操作模式和高于正常环0操作模式的一个或多个较高环操作模式下操作。 此外，处理器可以在隔离的执行模式下操作。 处理系统中的存储器可以包括可以从正常环0操作模式访问的普通存储器区域以及可以从隔离执行模式而不是从正常环0操作模式访问的隔离存储器区域。 处理系统还可以包括操作系统（OS）nub以及密钥生成器。 密钥生成器可以至少部分地基于OS nub的标识和平台的主绑定密钥（BK 0）来生成OS nub密钥（OSNK）。 描述和要求保护其他实施例。