-
公开(公告)号:US07979721B2
公开(公告)日:2011-07-12
申请号:US11612436
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
CPC分类号: H05K1/0275 , G06F21/86 , H05K1/141 , H05K3/3436 , H05K2201/049 , H05K2201/10545 , H05K2201/10674
摘要: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.
摘要翻译: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击,可以在安全模块上安装第二电路,以帮助防止访问安全模块。 两个电路可以安装在插入器上,并且插入器安装到电路板,产生包括第一电路,插入器,安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时,将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时,攻击安全模块的风险/报酬大大增加,并且可能阻止除了最确定的黑客之外的所有电路。
-
公开(公告)号:US07844808B2
公开(公告)日:2010-11-30
申请号:US11612435
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
CPC分类号: G06F21/70 , G06F21/30 , G06F21/575 , G06F21/81 , G06F2221/2105 , G06F2221/2135 , G06F2221/2149
摘要: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
摘要翻译: 用于付费电脑的计算机的安全模块为给定的操作模式提供适当的BIOS。 安全模块中的电源管理器只能运行必要的电路,直到BIOS运行,以防止替换未经授权的BIOS。 安全模块还包括监视和限制主计算机处理器和计算机系统存储器之间总线上的数据线的功能。 当计算机在受限使用模式下操作时,数据线可能被限制为仅允许对计算机系统存储器的最小访问。 可以监视总线事务,以确保只有有效的事务正在发生并且在指定的存储空间内。
-
公开(公告)号:US20100037325A1
公开(公告)日:2010-02-11
申请号:US11612436
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake , David James Foster , Tse-Ching James Yu
IPC分类号: G06F21/02
CPC分类号: H05K1/0275 , G06F21/86 , H05K1/141 , H05K3/3436 , H05K2201/049 , H05K2201/10545 , H05K2201/10674
摘要: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.
摘要翻译: 使用计费器的计算机或使用本地安全的其他电子设备可以使用安全模块或其他电路来监视和执行使用策略。 为了防止对安全模块或安全模块附近的电路板的物理攻击,可以在安全模块上安装第二电路,以帮助防止访问安全模块。 两个电路可以安装在插入器上,并且插入器安装到电路板,产生包括第一电路,插入器,安全模块和主PC板的堆叠。 当PC板在安全模块下面包含密集的信号迹线时,将在安全模块周围创建三维信封。 当第一个电路是诸如北桥的高价值电路时,攻击安全模块的风险/报酬大大增加,并且可能阻止除了最确定的黑客之外的所有电路。
-
公开(公告)号:US20080148036A1
公开(公告)日:2008-06-19
申请号:US11612435
申请日:2006-12-18
申请人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
发明人: William J. Westerinen , Todd L. Carpenter , Alexander Frank , Shon Schmidt , Stephen Richard Drake
CPC分类号: G06F21/70 , G06F21/30 , G06F21/575 , G06F21/81 , G06F2221/2105 , G06F2221/2135 , G06F2221/2149
摘要: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.
摘要翻译: 用于付费电脑的计算机的安全模块为给定的操作模式提供适当的BIOS。 安全模块中的电源管理器只能运行必要的电路,直到BIOS运行,以防止替换未经授权的BIOS。 安全模块还包括监视和限制主计算机处理器和计算机系统存储器之间总线上的数据线的功能。 当计算机在受限使用模式下操作时,数据线可能被限制为仅允许对计算机系统存储器的最小访问。 可以监视总线事务,以确保只有有效的事务正在发生并且在指定的存储空间内。
-
公开(公告)号:US08839236B2
公开(公告)日:2014-09-16
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
公开(公告)号:US20080250406A1
公开(公告)日:2008-10-09
申请号:US11696271
申请日:2007-04-04
申请人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
发明人: Todd L. Carpenter , William J. Westerinen , Thomas G. Phillips , Curt Andrew Steeb , Zhangwei Xu , Alexander Frank
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/575 , G06F2009/45587
摘要: A virtual machine monitor provides a trusted operating environment for a software usage metering application when a qualified virtual machine monitor is loaded as part of trusted boot and when all other programs and operating systems run in containers managed by the virtual machine monitor. The virtual machine monitor may also host a locking application for limiting the functionality of the computer if contractual terms of use are not met. Both the metering and locking applications run at a higher privilege level than ring 0, at the same level as the virtual machine monitor.
摘要翻译: 当合格的虚拟机监视器作为可信引导的一部分加载时,以及所有其他程序和操作系统在虚拟机监视器管理的容器中运行时,虚拟机监视器为软件使用计量应用程序提供可信赖的操作环境。 如果不符合合同使用条款,虚拟机监视器还可以承载用于限制计算机的功能的锁定应用程序。 计量和锁定应用程序都以与环0相同的级别运行,处于与虚拟机监视器相同的级别。
-
7.发明授权System and method for securing a computer system connected to a network from attacks 有权用于保护连接到网络的计算机系统免受攻击的系统和方法公开(公告)号:US07814543B2
公开(公告)日:2010-10-12
申请号:US10880049
申请日:2004-06-29
申请人: Thomas G Phillips , Alexander Frank , Adrian M Chandley , Christopher A Schoppa , William J Westerinen
发明人: Thomas G Phillips , Alexander Frank , Adrian M Chandley , Christopher A Schoppa , William J Westerinen
IPC分类号: G06F11/00
CPC分类号: H04L63/20 , G06F21/567 , H04L63/02 , H04L63/1441 , H04L63/145
摘要: A network security system for protecting computing devices connected to a communication network from identified security threats is presented. A security service published security information intended for network security modules in the communication network. A network security module is interposed, either logically or physically, between a computer and the communication network. The security information comprises security measures which, when implemented by a network security module, protect the corresponding computer from an identified security threat to the computer.
摘要翻译: 提出了一种用于保护连接到通信网络的计算设备免受所识别的安全威胁的网络安全系统。 安全服务发布旨在用于通信网络中的网络安全模块的安全信息。 网络安全模块在逻辑上或物理上插入计算机和通信网络之间。 安全信息包括当由网络安全模块实现时保护对应的计算机免受对计算机的所识别的安全威胁的安全措施。
-
公开(公告)号:US07669048B2
公开(公告)日:2010-02-23
申请号:US11515410
申请日:2006-08-31
IPC分类号: G06F9/00
CPC分类号: G06F21/575 , G06F21/572 , G06F2221/2105 , G06Q20/085 , G06Q30/0283 , G06Q30/0284
摘要: Described is a technology by which a computing device is booted into a normal mode of operation or a limited mode of operation, depending on whether the computing device was operating correctly (e.g., with respect to policy) prior to a reboot. The reboot may be forced. Examples of incorrect state include an overdue payment on a leased computer, or improper execution of certain important software. A metering mechanism evaluates the state of the computing device, and when an incorrect state is detected, configures the computing device for operation in the limited mode, by setting the computing device to boot via one boot path (e.g., a limited-mode BIOS) instead of another boot path (e.g., a normal-mode BIOS). A BIOS selector switches to the limited BIOS on the next reboot, wherein the computing device is restricted to the limited mode of operation (regardless of subsequent reboots) until the correct state is restored.
摘要翻译: 描述了根据计算设备在重新启动之前是否正确地操作(例如,关于策略)是否将计算设备引导到正常操作模式或有限操作模式的技术。 重启可能会被强制。 错误状态的示例包括租用计算机上的逾期付款或某些重要软件的不当执行。 计量机构评估计算装置的状态,并且当检测到不正确的状态时,通过将计算装置通过一个引导路径(例如,限制模式BIOS)来设置计算装置来配置在限制模式中操作的计算装置, 而不是另一个引导路径(例如,普通模式BIOS)。 BIOS选择器在下一次重新启动时切换到有限的BIOS,其中计算设备被限制到有限的操作模式(不管后续重新启动),直到恢复正确的状态。
-
公开(公告)号:US07392429B2
公开(公告)日:2008-06-24
申请号:US11020329
申请日:2004-12-22
IPC分类号: G06F11/00
CPC分类号: G06F1/30 , G06F11/1441
摘要: A system and method for maintaining persistent data during an unexpected power loss uses a memory controller and a supplemental power source. An entity running on the computer, for example, an application program, a utility, the operating system or other entity, may identify data for preservation using an application program interface. The application program interface may be provided by the memory controller. A sensor determines when an unexpected power loss has occurred and signals the memory controller. Using power from the supplemental power source, i.e. a battery or capacitor, the memory controller copies the identified data to a non-volatile memory. The memory controller may set a flag to indicate that preserved data is available for later recovery.
摘要翻译: 在意外的功率损耗期间维护持久数据的系统和方法使用存储器控制器和补充电源。 在计算机上运行的实体,例如应用程序,实用程序,操作系统或其他实体,可以使用应用程序接口识别用于保存的数据。 应用程序接口可以由存储器控制器提供。 传感器确定何时发生意外的功率损耗并向存储器控制器发出信号。 使用来自补充电源(即,电池或电容器)的电力,存储器控制器将识别的数据复制到非易失性存储器。 存储器控制器可以设置标志以指示保留的数据可用于稍后的恢复。
-
10.发明申请Independent Computation Environment and Provisioning of Computing Device Functionality 审中-公开独立计算环境和计算设备功能的提供公开(公告)号:US20080005560A1
公开(公告)日:2008-01-03
申请号:US11427666
申请日:2006-06-29
CPC分类号: G06F21/629 , G06F2221/2141 , G06F2221/2149 , H04L63/101
摘要: Techniques are described which provide an independent computation environment. The independent computation environment is contained at least in part in a set of one or more hardware components and configured to host a provisioning module that is executable to provision functionality of the computing device according to a wide variety of factors. In an implementation, when the provisioning module determines that particular functionality is referenced in an inclusion list, the computing device is permitted to access the particular functionality. When the provisioning module determines that the particular functionality is referenced in an exclusion list, the computing device is prevented from accessing the particular functionality.
摘要翻译: 描述了提供独立计算环境的技术。 独立计算环境至少部分地包含在一个或多个硬件组件的集合中,并且被配置为托管可执行以根据各种因素来提供计算设备的功能的供应模块。 在实现中,当配置模块确定在包含列表中引用特定功能时,允许计算设备访问特定功能。 当配置模块确定特定功能在排除列表中被引用时,防止计算设备访问特定功能。
-
-
-
-
-
-
-
-
-
搜索结果
105 条记录 (耗时 0.028 秒)
