DATA RECOVERY AND OVERWRITE INDEPENDENT OF OPERATING SYSTEM
    1.
    发明申请
    DATA RECOVERY AND OVERWRITE INDEPENDENT OF OPERATING SYSTEM 有权
    操作系统的数据恢复和过载独立

    公开(公告)号:US20100332744A1

    公开(公告)日:2010-12-30

    申请号:US12492964

    申请日:2009-06-26

    IPC分类号: G06F12/00 G06F12/16

    CPC分类号: G06F21/6218

    摘要: Methods and systems to access data in a computer system independent of an operating environment of the computer system, including to recover data to a remote system, to overwrite data, and to copy data to a hidden partition. A management system may directly access a storage device of the computer system and communicate with the remote system over a data channel that is secure from an operating environment of the computer system. The management system may access the storage device on a block basis, using a device driver associated with a storage device controller, and may include a virtualization engine to access the storage device. The remote system may include logic to request meta-data, to identify disk blocks corresponding to files of interest from the meta-data, and to construct the files of interest from the disk blocks.

    摘要翻译: 访问独立于计算机系统的操作环境的计算机系统中的数据的方法和系统,包括将数据恢复到远程系统,以覆盖数据,以及将数据复制到隐藏分区。 管理系统可以直接访问计算机系统的存储设备,并通过数据通道与远程系统通信,该数据通道与计算机系统的操作环境是安全的。 管理系统可以使用与存储设备控制器相关联的设备驱动程序在块上访问存储设备,并且可以包括访问存储设备的虚拟化引擎。 远程系统可以包括请求元数据的逻辑,从元数据中识别与感兴趣的文件相对应的磁盘块,以及从磁盘块构造感兴趣的文件。

    Data recovery and overwrite independent of operating system
    2.
    发明授权
    Data recovery and overwrite independent of operating system 有权
    独立于操作系统的数据恢复和覆盖

    公开(公告)号:US08307175B2

    公开(公告)日:2012-11-06

    申请号:US12492964

    申请日:2009-06-26

    IPC分类号: G06F12/00 G06F13/00 G06F13/28

    CPC分类号: G06F21/6218

    摘要: Methods and systems to access data in a computer system independent of an operating environment of the computer system, including to recover data to a remote system, to overwrite data, and to copy data to a hidden partition. A management system may directly access a storage device of the computer system and communicate with the remote system over a data channel that is secure from an operating environment of the computer system. The management system may access the storage device on a block basis, using a device driver associated with a storage device controller, and may include a virtualization engine to access the storage device. The remote system may include logic to request meta-data, to identify disk blocks corresponding to files of interest from the meta-data, and to construct the files of interest from the disk blocks.

    摘要翻译: 访问独立于计算机系统的操作环境的计算机系统中的数据的方法和系统,包括将数据恢复到远程系统,以覆盖数据,以及将数据复制到隐藏分区。 管理系统可以直接访问计算机系统的存储设备,并通过数据通道与远程系统通信,该数据通道与计算机系统的操作环境是安全的。 管理系统可以使用与存储设备控制器相关联的设备驱动程序在块上访问存储设备,并且可以包括访问存储设备的虚拟化引擎。 远程系统可以包括请求元数据的逻辑,从元数据中识别与感兴趣的文件相对应的磁盘块,以及从磁盘块构造感兴趣的文件。

    AUTOMATED MODULAR AND SECURE BOOT FIRMWARE UPDATE
    3.
    发明申请
    AUTOMATED MODULAR AND SECURE BOOT FIRMWARE UPDATE 审中-公开
    自动模块化和安全引擎固件更新

    公开(公告)号:US20140047428A1

    公开(公告)日:2014-02-13

    申请号:US14055008

    申请日:2013-10-16

    IPC分类号: G06F9/445

    摘要: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

    摘要翻译: 一种用于自动化模块化和安全启动固件更新的方法,设备,系统和计算机程序产品。 在系统的安全分区中接收更新的引导固件代码模块,该更新的引导固件代码模块用于替换系统的一个原始引导固件代码模块。 只有一个原始引导固件代码模块将自动替换为更新的引导固件代码模块。 当系统下次启动时,更新的引导固件代码模块将自动执行与系统的多个引导固件代码模块,而无需用户干预。 可以将更新的引导固件代码模块写入固件卷的更新分区,其中当系统引导时,固件卷的更新分区与包含多个引导固件代码模块的固件卷的另一个分区一起读取。

    Automated modular and secure boot firmware update
    4.
    发明申请
    Automated modular and secure boot firmware update 有权
    自动模块化和安全启动固件更新

    公开(公告)号:US20110131447A1

    公开(公告)日:2011-06-02

    申请号:US12592605

    申请日:2009-11-30

    IPC分类号: G06F9/24 G06F21/22 G06F11/07

    摘要: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

    摘要翻译: 一种用于自动化模块化和安全启动固件更新的方法,设备,系统和计算机程序产品。 在系统的安全分区中接收更新的引导固件代码模块,该更新的引导固件代码模块用于替换系统的一个原始引导固件代码模块。 只有一个原始引导固件代码模块将自动替换为更新的引导固件代码模块。 当系统下次启动时,更新的引导固件代码模块将自动执行与系统的多个引导固件代码模块,而无需用户干预。 可以将更新的引导固件代码模块写入固件卷的更新分区,其中当系统引导时,固件卷的更新分区与包含多个引导固件代码模块的固件卷的另一个分区一起读取。

    Automated modular and secure boot firmware update
    5.
    发明授权
    Automated modular and secure boot firmware update 有权
    自动模块化和安全启动固件更新

    公开(公告)号:US08589302B2

    公开(公告)日:2013-11-19

    申请号:US12592605

    申请日:2009-11-30

    IPC分类号: G06Q99/00

    摘要: A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

    摘要翻译: 一种用于自动化模块化和安全启动固件更新的方法,设备,系统和计算机程序产品。 在系统的安全分区中接收更新的引导固件代码模块,该更新的引导固件代码模块用于替换系统的一个原始引导固件代码模块。 只有一个原始引导固件代码模块将自动替换为更新的引导固件代码模块。 当系统下次启动时,更新的引导固件代码模块将自动执行与系统的多个引导固件代码模块,而无需用户干预。 可以将更新的引导固件代码模块写入固件卷的更新分区,其中当系统引导时,固件卷的更新分区与包含多个引导固件代码模块的固件卷的另一个分区一起读取。

    Secure software licensing and provisioning using hardware based security engine
    6.
    发明授权
    Secure software licensing and provisioning using hardware based security engine 有权
    使用基于硬件的安全引擎来安全的软件许可和配置

    公开(公告)号:US08332631B2

    公开(公告)日:2012-12-11

    申请号:US12951853

    申请日:2010-11-22

    IPC分类号: G06F15/16 G06F12/00

    摘要: Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.

    摘要翻译: 通过网络将许可证和应用程序从第一个服务器提供给计算平台。 主机应用至少部分地从用户密码中导出对称密钥,并将该许可证发送到由对称密钥签名的消息中的安全引擎的许可证管理固件组件。 许可证管理固件组件至少部分地从存储在安全引擎的安全存储器中的用户密码中导出对称密钥,使用对称密钥验证消息上的签名,验证许可证上的第一服务器的签名,解密许可证 使用与第一公钥相对应的许可证管理固件组件的第一私钥来获得第二密钥,并将第二密钥发送到使用第二密钥解密应用程序的主机应用。

    SECURE SOFTWARE LICENSING AND PROVISIONING USING HARDWARE BASED SECURITY ENGINE
    7.
    发明申请
    SECURE SOFTWARE LICENSING AND PROVISIONING USING HARDWARE BASED SECURITY ENGINE 有权
    使用基于硬件的安全发动机的安全软件许可和提供

    公开(公告)号:US20120131345A1

    公开(公告)日:2012-05-24

    申请号:US12951853

    申请日:2010-11-22

    IPC分类号: H04L9/32

    摘要: Provisioning a license and an application program from a first server to a computing platform over a network. The host application derives a symmetric key at least in part from a user password, and sends the license to a license management firmware component of a security engine, in a message signed by the symmetric key. The license management firmware component derives the symmetric key at least in part from the user password stored in a secure storage of the security engine, verifies the signature on the message using the symmetric key, verifies the first server's signature on the license, decrypts the license using a first private key of the license management firmware component corresponding to the first public key to obtain the second key, and sends the second key to the host application, which decrypts the application program using the second key.

    摘要翻译: 通过网络将许可证和应用程序从第一个服务器提供给计算平台。 主机应用至少部分地从用户密码中导出对称密钥,并将该许可证发送到由对称密钥签名的消息中的安全引擎的许可证管理固件组件。 许可证管理固件组件至少部分地从存储在安全引擎的安全存储器中的用户密码中导出对称密钥,使用对称密钥验证消息上的签名,验证许可证上的第一服务器的签名,解密许可证 使用与第一公钥相对应的许可证管理固件组件的第一私钥来获得第二密钥,并将第二密钥发送到使用第二密钥解密应用程序的主机应用。

    Using chipset-based protected firmware for host software tamper detection and protection
    8.
    发明申请
    Using chipset-based protected firmware for host software tamper detection and protection 有权
    使用基于芯片组的保护固件进行主机软件篡改检测和保护

    公开(公告)号:US20110078791A1

    公开(公告)日:2011-03-31

    申请号:US12586705

    申请日:2009-09-25

    IPC分类号: G06F21/00 G06F17/30

    摘要: A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system.

    摘要翻译: 用于主机软件篡改检测和保护服务的方法,系统和计算机程序产品。 与主机系统的芯片组的固件实现的与主机系统的主机操作系统隔离的安全分区从主机系统获取文件元数据,并使用该文件元数据来识别第一文件以便检查 篡改。 安全分区获取第一文件的数据块,经由带外通信信道与服务通信,并使用从服务和数据块获得的信息来确定第一文件是否已被破坏。 安全分区在不调用主机系统的操作系统或文件系统的情况下获得文件元数据和第一文件的数据块。

    Using chipset-based protected firmware for host software tamper detection and protection
    9.
    发明授权
    Using chipset-based protected firmware for host software tamper detection and protection 有权
    使用基于芯片组的保护固件进行主机软件篡改检测和保护

    公开(公告)号:US08490189B2

    公开(公告)日:2013-07-16

    申请号:US12586705

    申请日:2009-09-25

    IPC分类号: H04L29/00

    摘要: A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system.

    摘要翻译: 用于主机软件篡改检测和保护服务的方法,系统和计算机程序产品。 与主机系统的芯片组的固件实现的与主机系统的主机操作系统隔离的安全分区从主机系统获取文件元数据,并使用该文件元数据来识别第一文件以便检查 篡改。 安全分区获取第一文件的数据块,经由带外通信信道与服务通信,并使用从服务和数据块获得的信息来确定第一文件是否已被破坏。 安全分区在不调用主机系统的操作系统或文件系统的情况下获得文件元数据和第一文件的数据块。

    TECHNOLOGIES FOR LOGIN PATTERN BASED MULTI-FACTOR AUTHENTICATION
    10.
    发明申请
    TECHNOLOGIES FOR LOGIN PATTERN BASED MULTI-FACTOR AUTHENTICATION 审中-公开
    基于登录图案的多因素认证技术

    公开(公告)号:US20160180068A1

    公开(公告)日:2016-06-23

    申请号:US14580817

    申请日:2014-12-23

    IPC分类号: G06F21/32 H04L29/06

    摘要: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.

    摘要翻译: 用于用户的多因素认证的技术包括具有一个或多个传感器的计算设备。 计算设备可以通过分析生物特征和/或环境传感器数据来认证用户,以确定是否允许用户访问计算设备。 为了这样做,计算设备可以基于用于认证用户的每个生物认证因子的认证期间的环境来确定可靠性评分。 此外,计算设备可以基于用户在一段时间内的历史认证尝试期间收集的传感器数据来确定登录模式。 计算设备可以应用机器学习分类算法,以基于由计算设备应用的登录模式来确定是否允许用户访问计算设备的分类规则。 其他实施例在本文中被描述并被要求保护。