-
公开(公告)号:US07828025B2
公开(公告)日:2010-11-09
申请号:US12185352
申请日:2008-08-04
申请人: Daniel R. McBride , Jamie Hunter
发明人: Daniel R. McBride , Jamie Hunter
IPC分类号: B02C7/00
CPC分类号: B27L11/02
摘要: Apparatus for limiting the amount of debris that is disbursed in and around a disc type wood chipper when the disc is being treated with high pressure air. The apparatus includes a casing that surrounds the chipper disc having a stationary section and a removable section that can be detached from the stationary section to provide access to about 90° of the disc. A shield is hinged to the stationary section of the disc that has a vertical wall and an arcuate cover that can be moved over the exposed section of the disc which contains and directs debris in the chippers exhaust system when removed by high pressure air that is directed at the front face of the disc.
摘要翻译: 用于限制在用高压空气处理盘片时在圆盘型木材切屑机内和周围散发的碎片的量的装置。 该装置包括围绕具有固定部分的切屑盘的壳体和可从静止部分拆卸以提供至少90°的盘的可移除部分。 屏蔽件铰接到盘的固定部分,其具有垂直壁和弓形盖,其可以在盘的暴露部分上移动,该盘的外露部分包含并引导碎屑排气系统中的碎屑,当被定向的高压空气 在光盘的正面。
-
2.发明授权System and method for protected operating system boot using state validation 有权使用状态验证的受保护操作系统引导的系统和方法公开(公告)号:US07694121B2
公开(公告)日:2010-04-06
申请号:US10882134
申请日:2004-06-30
申请人: Bryan Mark Willman , Paul England , Kenneth D. Ray , Jamie Hunter , Lonnie Dean McMichael , Derek Norman LaSalle , Pierre Jacomet , Mark Eliot Paley , Thekkthalackal Varugis Kurien , David B. Cross
发明人: Bryan Mark Willman , Paul England , Kenneth D. Ray , Jamie Hunter , Lonnie Dean McMichael , Derek Norman LaSalle , Pierre Jacomet , Mark Eliot Paley , Thekkthalackal Varugis Kurien , David B. Cross
IPC分类号: G06F9/00
CPC分类号: G06F21/575 , G06F9/4401
摘要: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
摘要翻译: 用于保护操作系统启动的机制,可防止恶意组件与操作系统一起加载,从而防止系统密钥在不适当情况下泄露。 在机器启动过程的一部分发生后,运行操作系统加载程序,验证加载程序,并验证是否存在和/或创建正确的机器状态。 一旦加载程序已被验证为合法的装载程序,并且其运行的机器状态被验证为正确的,则加载程序的未来行为是已知的,以防止可能导致系统密钥泄露的流氓组件的加载。 对于系统密钥,加载程序的行为被认为是安全的,验证器可以打开系统密钥并将其提供给加载程序。
-
3.发明授权Systems and methods for controlling access to data on a computer with a secure boot process 有权用于通过安全启动过程控制计算机上数据访问的系统和方法公开(公告)号:US07565553B2
公开(公告)日:2009-07-21
申请号:US11036415
申请日:2005-01-14
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
IPC分类号: G06F12/14
CPC分类号: G06F21/575 , G06F21/78
摘要: Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.
摘要翻译: 用于通过安全引导过程控制计算机上的数据访问的系统和方法可以提供用于防止将来访问加密数字资源的高效机制。 这在一系列场景中可能是有利的,例如在出售计算机的地方,并且希望确保硬盘上不存在杂散私有数据。 数据资源,例如与一个或多个特定硬盘分区相关联的所有数据可以被加密。 解密密钥可以通过安全引导过程来获得。 通过擦除,改变或以其他方式禁用诸如解密密钥或获得解密密钥的过程的秘密,使用这种秘密的以前可访问的数据变得不可访问。
-
公开(公告)号:US07216344B2
公开(公告)日:2007-05-08
申请号:US10791586
申请日:2004-03-02
CPC分类号: G06F8/61 , G06F9/4411 , G06F9/44536 , Y10S707/99931
摘要: A method and system for avoiding the overwriting of drivers by subsequent versions or other commonly named drivers includes generating a unique identity for every eligible driver package. Driver files from the driver package, or the entire driver package itself, are then installed in a subdirectory location in a common storage based on the unique identity. The driver files may be loaded to a memory from the subdirectory location. Thus, multiple driver packages and driver files having the same name may be installed and loaded side-by-side.
摘要翻译: 用于避免由后续版本或其他通用命名的驱动程序覆盖驱动程序的方法和系统包括为每个合格的驱动程序包生成唯一标识。 驱动程序包或整个驱动程序包本身的驱动程序文件将根据唯一身份安装在公用存储中的子目录位置。 驱动程序文件可能会从子目录位置加载到内存中。 因此,可以并排安装并加载具有相同名称的多个驱动程序包和驱动程序文件。
-
5.发明申请Systems and methods for updating a secure boot process on a computer with a hardware security module 有权使用硬件安全模块在计算机上更新安全引导过程的系统和方法公开(公告)号:US20060161784A1
公开(公告)日:2006-07-20
申请号:US11036018
申请日:2005-01-14
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Schwartz , Kenneth Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Schwartz , Kenneth Ray , Jonathan Schwartz
IPC分类号: H04L9/00
CPC分类号: G06F21/575
摘要: Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
摘要翻译: 提供了系统和方法,用于在具有可信平台模块(TPM)的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程,确定防止秘密解密的数据,并将数据返回到原始状态。 在这种类型的恢复不可行的情况下,可以使用用于验证用户的技术,允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器(PCR)值 。 最后,可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程,更新安全引导过程的一个或多个方面,以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。
-
-
公开(公告)号:US08046593B2
公开(公告)日:2011-10-25
申请号:US11449553
申请日:2006-06-07
申请人: Carl M. Ellison , Jamie Hunter , Kenneth D. Ray , Niels T. Ferguson , Philip J. Lafornara , Russell Humphries
发明人: Carl M. Ellison , Jamie Hunter , Kenneth D. Ray , Niels T. Ferguson , Philip J. Lafornara , Russell Humphries
IPC分类号: G06F12/14
CPC分类号: G06F21/85 , G06F21/78 , G06F2221/2113 , H04L9/0836
摘要: Access to a storage device, such as a disk, is controlled by performing a disk operation using a single cryptographic engine. Keys associated with each layer of a layered structure associated with controlling access to the storage device are combined. The resultant of this combination is used as the key to the cryptographic engine. Data to be retrieved from and written to the storage device are operated on by the cryptographic engine utilizing the combined key. Keys are combined by combining functions associated with layers of the layered structure. A combining function can include an exclusive or function, a cryptographic hash function, or a combination thereof.
摘要翻译: 通过使用单个密码引擎执行磁盘操作来控制对诸如磁盘的存储设备的访问。 与控制对存储设备的访问相关联的分层结构的每个层相关联的密钥被组合。 这种组合的结果被用作密码引擎的关键。 要从存储装置检索和写入存储装置的数据利用组合密钥由加密引擎进行操作。 通过组合与分层结构的层相关联的功能来组合密钥。 组合功能可以包括排他或功能,加密散列函数或其组合。
-
8.发明授权Systems and methods for securely booting a computer with a trusted processing module 有权使用可信处理模块安全地引导计算机的系统和方法公开(公告)号:US07725703B2
公开(公告)日:2010-05-25
申请号:US11031161
申请日:2005-01-07
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D Ray , Jonathan Schwartz
CPC分类号: G06F21/575
摘要: In a computer with a trusted platform module (TPM), an expected hash value of a boot component may be placed into a platform configuration register (PCR), which allows a TPM to unseal a secret. The secret may then be used to decrypt the boot component. The hash of the decrypted boot component may then be calculated and the result can be placed in a PCR. The PCRs may then be compared. If they do not, access to the an important secret for system operation can be revoked. Also, a first secret may be accessible only when a first plurality of PCR values are extant, while a second secret is accessible only after one or more of the first plurality of PCR values has been replaced with a new value, thereby necessarily revoking further access to the first secret in order to grant access to the second secret.
摘要翻译: 在具有可信平台模块(TPM)的计算机中,引导组件的预期散列值可以被放置到平台配置寄存器(PCR)中,这允许TPM解密秘密。 然后可以使用秘密来解密引导组件。 然后可以计算解密的引导组件的散列,并将结果置于PCR中。 然后可以比较PCR。 如果不这样做,可以取消对系统运行的重要秘密的访问。 此外,只有当第一多个PCR值存在时,第一个秘密才可以访问,而第二个秘密只有在第一个多个PCR值中的一个或多个被新的值替换之后才可访问,从而必然取消进一步的访问 到第一个秘密,以授予访问第二个秘密。
-
公开(公告)号:US20100024922A1
公开(公告)日:2010-02-04
申请号:US12185352
申请日:2008-08-04
申请人: Daniel R. McBride , Jamie Hunter
发明人: Daniel R. McBride , Jamie Hunter
IPC分类号: B27M1/08
CPC分类号: B27L11/02
摘要: Apparatus for limiting the amount of debris that is disbursed in and around a disc type wood chipper when the disc is being treated with high pressure air. The apparatus includes a casing that surrounds the chipper disc having a stationary section and a removable section that can be detached from the stationary section to provide access to about 90° of the disc. A shield is hinged to the stationary section of the disc that has a vertical wall and an arcuate cover that can be moved over the exposed section of the disc which contains and directs debris in the chippers exhaust system when removed by high pressure air that is directed at the front face of the disc.
摘要翻译: 用于限制在用高压空气处理盘片时在圆盘型木材切屑机内和周围散发的碎屑的量的装置。 该装置包括围绕具有固定部分的切屑盘的壳体和可从静止部分拆卸以提供至少90°的盘的可移除部分。 屏蔽件铰接到盘的固定部分,其具有垂直壁和弓形盖,其可以在盘的暴露部分上移动,该盘的外露部分包含并引导碎屑排气系统中的碎屑,当被定向的高压空气 在光盘的正面。
-
10.发明授权Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module 有权在具有硬件安全模块的计算机上的安全引导过程中启动恢复的系统和方法公开(公告)号:US07506380B2
公开(公告)日:2009-03-17
申请号:US11035715
申请日:2005-01-14
申请人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
发明人: Jamie Hunter , Paul England , Russell Humphries , Stefan Thom , James Anthony Schwartz, Jr. , Kenneth D. Ray , Jonathan Schwartz
CPC分类号: G06F21/575 , G06F2221/2101
摘要: Systems and methods are provided for maintaining and updating a secure boot process on a computer with a trusted platform module (TPM). A boot process may be maintained by inspecting a log of TPM activity, determining data that prevented a secret to unseal, and returning the data to an original state. In situations where this type of recovery is not workable, techniques for authenticating a user may be used, allowing the authenticated user to bypass the security features of the boot process and reseal the boot secrets to platform configuration register (PCR) values that may have changed. Finally, a secure boot process may be upgraded by migrating TPM sealed secrets to a temporary storage location, updating one or more aspects of a secure boot process, and resealing the secrets to the resulting new platform configuration. Other advantages and features of the invention are described below.
摘要翻译: 提供了系统和方法,用于在具有可信平台模块(TPM)的计算机上维护和更新安全引导过程。 可以通过检查TPM活动的日志来确定启动过程,确定防止秘密解密的数据,并将数据返回到原始状态。 在这种类型的恢复不可行的情况下,可以使用用于验证用户的技术,允许经过身份验证的用户绕过引导过程的安全特征并将启动秘密重新密封到可能已经改变的平台配置寄存器(PCR)值 。 最后,可以通过将TPM密封的秘密迁移到临时存储位置来升级安全引导过程,更新安全引导过程的一个或多个方面,以及将密码重新密封到所得到的新平台配置。 下面描述本发明的其它优点和特征。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.016 秒)
