-
公开(公告)号:US20080282017A1
公开(公告)日:2008-11-13
申请号:US11746268
申请日:2007-05-09
申请人: Todd L. Carpenter , William J. Westerinen , Shon Schmidt , Stephen Richard Drake , Tse-Ching James Yu , Achim Schmidt , Stephan Schoenfeldt , Frank Preiss
发明人: Todd L. Carpenter , William J. Westerinen , Shon Schmidt , Stephen Richard Drake , Tse-Ching James Yu , Achim Schmidt , Stephan Schoenfeldt , Frank Preiss
IPC分类号: G06F13/38
CPC分类号: G06F13/4291 , G06F21/82
摘要: An SPI switch allows selection of a BIOS memory transparent to a Southbridge chipset component. The SPI switch provides address translation to a selected BIOS memory area under the control of a security module processor. The SPI switch also provides command filtering to prevent commands that represent a security risk such as bulk erase commands. Because the SPI switch allows transparent redirection between BIOS programs, booting in different operating modes may be supported without any changes to the basic computer architecture or major chipset components.
摘要翻译: SPI开关允许选择对南桥芯片组组件透明的BIOS内存。 SPI开关在安全模块处理器的控制下,向选定的BIOS存储器区域提供地址转换。 SPI开关还提供命令过滤功能,以防止代表诸如批量擦除命令等安全风险的命令。 因为SPI开关允许在BIOS程序之间进行透明重定向,所以可以支持不同操作模式的启动,而不会改变基本的计算机体系结构或主要的芯片组件。
-
公开(公告)号:US20100037325A1
公开(公告)日:2010-02-11
申请号:US11612436
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
IPC分类号: G06F21/02
CPC分类号: H05K1/0275 , G06F21/86 , H05K1/141 , H05K3/3436 , H05K2201/049 , H05K2201/10545 , H05K2201/10674
摘要: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.
摘要翻译: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击,可以在安全模块上安装第二电路,以帮助防止访问安全模块。 两个电路可以安装在插入器上,并且插入器安装到电路板,产生包括第一电路,插入器,安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时,将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时,攻击安全模块的风险/报酬大大增加,并且可能阻止除了最确定的黑客之外的所有电路。
-
公开(公告)号:US07979721B2
公开(公告)日:2011-07-12
申请号:US11612436
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
CPC分类号: H05K1/0275 , G06F21/86 , H05K1/141 , H05K3/3436 , H05K2201/049 , H05K2201/10545 , H05K2201/10674
摘要: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.
摘要翻译: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击,可以在安全模块上安装第二电路,以帮助防止访问安全模块。 两个电路可以安装在插入器上,并且插入器安装到电路板,产生包括第一电路,插入器,安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时,将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时,攻击安全模块的风险/报酬大大增加,并且可能阻止除了最确定的黑客之外的所有电路。
-
公开(公告)号:US07844808B2
公开(公告)日:2010-11-30
申请号:US11612435
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
CPC分类号: G06F21/70 , G06F21/30 , G06F21/575 , G06F21/81 , G06F2221/2105 , G06F2221/2135 , G06F2221/2149
摘要: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
摘要翻译: 用于付费电脑的计算机的安全模块为给定的操作模式提供适当的BIOS。 安全模块中的电源管理器只能运行必要的电路,直到BIOS运行,以防止替换未经授权的BIOS。 安全模块还包括监视和限制主计算机处理器和计算机系统存储器之间总线上的数据线的功能。 当计算机在受限使用模式下操作时,数据线可能被限制为仅允许对计算机系统存储器的最小访问。 可以监视总线事务,以确保只有有效的事务正在发生并且在指定的存储空间内。
-
公开(公告)号:US20080148036A1
公开(公告)日:2008-06-19
申请号:US11612435
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
CPC分类号: G06F21/70 , G06F21/30 , G06F21/575 , G06F21/81 , G06F2221/2105 , G06F2221/2135 , G06F2221/2149
摘要: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
摘要翻译: 用于付费电脑的计算机的安全模块为给定的操作模式提供适当的BIOS。 安全模块中的电源管理器只能运行必要的电路,直到BIOS运行,以防止替换未经授权的BIOS。 安全模块还包括监视和限制主计算机处理器和计算机系统存储器之间总线上的数据线的功能。 当计算机在受限使用模式下操作时,数据线可能被限制为仅允许对计算机系统存储器的最小访问。 可以监视总线事务,以确保只有有效的事务正在发生并且在指定的存储空间内。
-
公开(公告)号:US20080246774A1
公开(公告)日:2008-10-09
申请号:US11696848
申请日:2007-04-05
IPC分类号: G06T1/00
CPC分类号: G09G3/3611 , G06F21/10 , G06F21/84 , G06F21/88 , G06F2221/0731 , G06F2221/2105 , G06Q50/188 , H04N21/4405 , H04N21/4623
摘要: A display device for use with a computer adapted for operation in an unrestricted use mode and a limited function mode and a method for enforcing a limited function mode display is disclosed. The display device enters a limited function mode when a condition of non-compliance with an operating policy is discovered by the computer. Additionally, the display device may also enter a limited function mode upon powering up or when connections to the computer and/or selected components of the display are disabled or disconnected. When in the limited function mode, the display may support a limited function interface for use in correcting the condition of non-compliance.
摘要翻译: 公开了一种与适用于无限制使用模式和有限功能模式操作的计算机一起使用的显示装置,以及用于实施有限功能模式显示的方法。 当计算机发现不符合操作策略的条件时,显示设备进入有限功能模式。 此外,显示设备在上电时或当连接到计算机和/或显示器的选定组件被禁用或断开时也可以进入有限功能模式。 当处于有限功能模式时,显示器可以支持用于校正不符合条件的有限功能接口。
-
公开(公告)号:US07750923B2
公开(公告)日:2010-07-06
申请号:US11696848
申请日:2007-04-05
IPC分类号: G09G5/00
CPC分类号: G09G3/3611 , G06F21/10 , G06F21/84 , G06F21/88 , G06F2221/0731 , G06F2221/2105 , G06Q50/188 , H04N21/4405 , H04N21/4623
摘要: A display device for use with a computer adapted for operation in an unrestricted use mode and a limited function mode and a method for enforcing a limited function mode display is disclosed. The display device enters a limited function mode when a condition of non-compliance with an operating policy is discovered by the computer. Additionally, the display device may also enter a limited function mode upon powering up or when connections to the computer and/or selected components of the display are disabled or disconnected. When in the limited function mode, the display may support a limited function interface for use in correcting the condition of non-compliance.
摘要翻译: 公开了一种与适用于无限制使用模式和有限功能模式操作的计算机一起使用的显示装置以及用于实施有限功能模式显示的方法。 当计算机发现不符合操作策略的条件时,显示设备进入有限功能模式。 此外,显示设备在上电时或当连接到计算机和/或显示器的选定组件被禁用或断开时也可以进入有限功能模式。 当处于有限功能模式时,显示器可以支持用于校正不符合条件的有限功能接口。
-
公开(公告)号:US08151118B2
公开(公告)日:2012-04-03
申请号:US11668446
申请日:2007-01-29
申请人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
发明人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
IPC分类号: H04L29/06
摘要: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.
摘要翻译: 需要其组件的物理完整性的计算机或其他电子设备,例如,每次使用付费的计算机可以使用与多个从属安全设备(称为安全性bean)通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件,并且可以具有禁用该关联组件的能力。 在一个实施例中,安全性bean具有模拟开关,其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动,并响应来自主安全设备的已验证信号以启用其相应的组件。
-
公开(公告)号:US20080319925A1
公开(公告)日:2008-12-25
申请号:US11766595
申请日:2007-06-21
申请人: Jeffrey Alan Herold , James S. Duffus , Curt Andrew Steeb , Thomas G. Phillips , William J. Westerinen , Martin H. Hall , Todd L. Carpenter , Daniel Makoski , Shon Schmidt
发明人: Jeffrey Alan Herold , James S. Duffus , Curt Andrew Steeb , Thomas G. Phillips , William J. Westerinen , Martin H. Hall , Todd L. Carpenter , Daniel Makoski , Shon Schmidt
CPC分类号: G06F21/123 , G06F2221/0797 , G06F2221/2135 , G06Q30/0283
摘要: A computer or other electronic device may be used in one of several selectable modes of operation. Computer resources, such as a processor, memory, or a graphics controller, are individually settable for operation at different levels of performance. A mode of operation or performance level is determined by the combination of individual settings for the various resources. Pay-per-use operation is charged at a rate determined by the mode of operation or performance level. Operation in a gaming mode may be charged at a higher rate than operation in web-browsing mode. A metering agent may be associated with each scalable use resource to securely set the performance level and to securely report on metered operation of the resource.
摘要翻译: 计算机或其他电子设备可以用于几种可选操作模式之一。 诸如处理器,存储器或图形控制器的计算机资源可以单独设置,以在不同的性能水平下进行操作。 操作模式或性能水平由各种资源的各个设置的组合决定。 每次使用费用操作按照操作模式或性能水平确定的费率收费。 可以以比网络浏览模式下的操作更高的速率对游戏模式进行操作。 测量代理可以与每个可伸缩的使用资源相关联,以安全地设置性能级别并安全地报告资源的计量操作。
-
公开(公告)号:US20080183305A1
公开(公告)日:2008-07-31
申请号:US11668446
申请日:2007-01-29
申请人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
发明人: David James Foster , Shon Schmidt , David Jaroslav Sebesta , Curt Andrew Steeb , William J. Westerinen , Zhangwei Xu , Todd L. Carpenter
IPC分类号: G05B19/02
摘要: A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.
摘要翻译: 需要其组件的物理完整性的计算机或其他电子设备,例如,每次使用付费的计算机可以使用与多个从属安全设备(称为安全性bean)通信的主安全设备。 每个安全bean可以被给予用于认证与主安全设备的通信的加密密钥或密钥。 每个安全bean可以耦合到相关联的组件,并且可以具有禁用该关联组件的能力。 在一个实施例中,安全性bean具有模拟开关,其可被配置为阻止或衰减由相关联的组件使用的关键信号。 安全bean可以在禁用模式下启动,并响应来自主安全设备的已验证信号以启用其相应的组件。
-
-
-
-
-
-
-
-
-
搜索结果
79 条记录 (耗时 0.036 秒)
