专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08588422B2 Key management to protect encrypted data of an endpoint computing device 有权
标题翻译：密钥管理来保护端点计算设备的加密数据
公开(公告)号：US08588422B2
公开(公告)日：2013-11-19
申请号：US12473480
申请日：2009-05-28
申请人： Brent R. Beachem , Merrill K. Smith
发明人： Brent R. Beachem , Merrill K. Smith
IPC分类号： H04L29/06
CPC分类号： G06F21/57
摘要： Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc.
摘要翻译：方法和装置涉及通过管理解密密钥来保护端点计算资产的加密数据。端点具有用于应用的传统操作系统等，以及操作的预启动阶段期间的另一操作系统。在使用期间，预引导操作系统阻止端点的用户访问加密的数据和密钥。在确定加密数据已经被破坏之后，密钥与加密数据分离。取消关联可以以各种方式发生，包括删除或加密密钥和/或数据或用新密钥重新加密加密的数据。进一步考虑通过预引导的密钥托管和更新。预引导阶段还考虑了端点与指定的认证服务器和认可的网络端口，USB设备和生物识别设备之间的有限计算连接。安全政策和执法模块也被披露为计算机程序产品，计算安排等。

2. 发明授权

US08321676B2 Method for establishing a secure ad hoc wireless LAN 有权
标题翻译：建立安全自组织无线局域网的方法
公开(公告)号：US08321676B2
公开(公告)日：2012-11-27
申请号：US12642942
申请日：2009-12-21
申请人： Brant D. Thomsen , Brent R. Beachem , Thomas M. Wheeler
发明人： Brant D. Thomsen , Brent R. Beachem , Thomas M. Wheeler
IPC分类号： H04L29/06
CPC分类号： H04L63/068 , H04L63/0823 , H04L63/083 , H04L63/0853 , H04L63/0861 , H04L63/101 , H04L63/205 , H04W12/04 , H04W12/06 , H04W84/18
摘要： Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.
摘要翻译：安全通信网络。网络上未认证的客户端发送启动数据包以查找其他客户端。未经身份验证的客户端收到来自网络上其他客户端的起始数据包的响应。响应可以是通过来自可以是经认证的客户端的广告客户端或其他未经认证的客户端的认证模式的分组。未经身份验证的客户端对接收到的数据包进行优先级排序，以便可以用最理想的广告客户端执行身份验证。验证数据包在未经身份验证的客户端和广告客户端之间发送和接收，以尝试进行身份验证。

3. 发明申请

US20100303240A1 KEY MANAGEMENT TO PROTECT ENCRYPTED DATA OF AN ENDPOINT COMPUTING DEVICE 有权
标题翻译：关键管理来保护端点计算设备的加密数据
公开(公告)号：US20100303240A1
公开(公告)日：2010-12-02
申请号：US12473480
申请日：2009-05-28
申请人： Brent R. Beachem , Merrill K. Smith
发明人： Brent R. Beachem , Merrill K. Smith
IPC分类号： H04L9/00 , G06F21/00 , G06F17/00 , G06F12/14
CPC分类号： G06F21/57
摘要： Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc.
摘要翻译：方法和装置涉及通过管理解密密钥来保护端点计算资产的加密数据。端点具有用于应用的传统操作系统等，以及操作的预启动阶段期间的另一操作系统。在使用期间，预引导操作系统阻止端点的用户访问加密的数据和密钥。在确定加密数据已经被破坏之后，密钥与加密数据分离。取消关联可以以各种方式发生，包括删除或加密密钥和/或数据或用新密钥重新加密加密的数据。进一步考虑通过预引导的密钥托管和更新。预引导阶段还考虑了端点与指定的认证服务器和认可的网络端口，USB设备和生物识别设备之间的有限计算连接。安全政策和执法模块也被披露为计算机程序产品，计算安排等。

4. 发明申请

US20110078797A1 Endpoint security threat mitigation with virtual machine imaging 审中-公开
标题翻译：使用虚拟机成像实现端点安全威胁缓解
公开(公告)号：US20110078797A1
公开(公告)日：2011-03-31
申请号：US12220893
申请日：2008-07-29
申请人： Brent R. Beachem , Merrill K. Smith , Richard B. Rollins
发明人： Brent R. Beachem , Merrill K. Smith , Richard B. Rollins
IPC分类号： G06F21/00
CPC分类号： H04L63/1441 , G06F21/53
摘要： Methods and apparatus involve the mitigation of security threats at a computing endpoint, such as a server, including dynamic virtual machine imaging. During use, a threat assessment is undertaken to determine whether a server is compromised by a security threat. If so, a countermeasure to counteract the security threat is developed and installed on a virtual representation of the server. In this manner, the compromised server can be replaced with its virtual representation, but while always maintaining the availability of the endpoint in the computing environment. Other features contemplate configuration of the virtual representation from a cloned image of the compromised server at least as of a time just before the compromise and configuration on separate or same hardware platforms. Testing of the countermeasure to determine success is another feature as is monitoring data flows to identifying compromises, including types or severity. Computer program products and systems are also taught.
摘要翻译：方法和装置涉及减轻诸如服务器之类的计算端点处的安全威胁，包括动态虚拟机成像。在使用期间，进行威胁评估以确定服务器是否受到安全威胁的威胁。如果是这样，那么在服务器的虚拟表示中开发并安装了抵消安全威胁的对策。以这种方式，受损的服务器可以用其虚拟表示来代替，但是始终保持计算环境中端点的可用性。至少在单独或相同的硬件平台上妥协和配置之前的时间内，其他功能考虑了从被破坏的服务器的克隆映像中配置虚拟表示。确定成功的对策的测试是监视数据流以识别妥协（包括类型或严重性）的另一个特征。还教授计算机程序产品和系统。

5. 发明申请

US20100153696A1 Pre-boot securing of operating system (OS) for endpoint evaluation 有权
标题翻译：用于端点评估的操作系统（OS）的预引导保护
公开(公告)号：US20100153696A1
公开(公告)日：2010-06-17
申请号：US12316466
申请日：2008-12-12
申请人： Brent R. Beachem , Merrill K. Smith
发明人： Brent R. Beachem , Merrill K. Smith
IPC分类号： G06F9/00 , G06F9/44
CPC分类号： H04L63/20 , G06F9/4406 , G06F21/552 , G06F21/575 , G06F2221/2111 , H04L43/0817 , H04L67/125
摘要： Methods and apparatus involve evaluating endpoint computing assets. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the traditional operating system identifies a last evaluation status of the computing device at a time just prior to shutting down. Upon a next booting, the pre-boot operating system loads and examines [reads] the last evaluation status. If the last evaluation status requires any completion action in order to comply with a predetermined computing policy, either or both the operating systems attend to its effectuation, including communication/handoff by way of one or more security agents. In a variety of ways, effectuation occurs by: determining a present location of the computing device, quarantining the computing device from certain network traffic; VPN enforcement; patching applications; firewall involvement; etc. Computer program products are also disclosed.
摘要翻译：方法和设备包括评估终端计算资产。端点具有用于应用的传统操作系统等，以及操作的预启动阶段期间的另一操作系统。在使用期间，传统的操作系统在关闭之前的时间识别计算设备的最后评估状态。在下次引导时，预引导操作系统加载并检查[读取]最后的评估状态。如果最后的评估状态需要任何完成操作以符合预定的计算策略，操作系统中的任一个或两者都参与其实现，包括通过一个或多个安全代理的通信/切换。以各种方式，通过以下方式实现效果：确定计算设备的当前位置，从某些网络流量隔离计算设备; VPN实施; 修补应用程序; 防火墙参与; 计算机程序产品也被公开。

6. 发明申请

US20120151200A1 REMOTE MANAGEMENT OF ENDPOINT COMPUTING DEVICE WITH FULL DISK ENCRYPTION 有权
标题翻译：具有全盘加密的端点计算设备的远程管理
公开(公告)号：US20120151200A1
公开(公告)日：2012-06-14
申请号：US12966421
申请日：2010-12-13
申请人： Brent R. Beachem , Merrill K. Smith
发明人： Brent R. Beachem , Merrill K. Smith
IPC分类号： H04L9/32 , G06F9/00
CPC分类号： H04L9/0894
摘要： Methods and apparatus involve protecting data encrypted by a first key on an endpoint computing asset including a drive with full disk encryption. The endpoint has both a main operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents a user of the endpoint from accessing the encrypted data and the key. In one embodiment, an information exchange partition on the endpoint is accessible from a remote location and includes data encrypted using a second key accessible to both the pre-boot operating system and the main operating system. Another embodiment allows for the provision of a network connection to the endpoint during the pre-boot phase of operation in accordance with a security policy.
摘要翻译：方法和装置涉及保护由包括具有全盘加密的驱动器的端点计算资产上的第一密钥加密的数据。端点具有用于应用的主操作系统等，以及在操作的预引导阶段的另一操作系统。在使用期间，预引导操作系统防止端点的用户访问加密的数据和密钥。在一个实施例中，可以从远程位置访问端点上的信息交换分区，并且包括使用预引导操作系统和主操作系统可访问的第二密钥加密的数据。另一个实施例允许根据安全策略在操作的预引导阶段期间向端点提供网络连接。

7. 发明申请

US20100235514A1 Securing a network connection by way of an endpoint computing device 有权
标题翻译：通过端点计算设备保护网络连接
公开(公告)号：US20100235514A1
公开(公告)日：2010-09-16
申请号：US12381624
申请日：2009-03-12
申请人： Brent R. Beachem
发明人： Brent R. Beachem
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： H04L63/20 , G06F21/57 , G06F2221/2111 , G06F2221/2151
摘要： Methods and apparatus involve securing a network connection by way of mobile, endpoint computing assets. The endpoints have one or more pre-defined security policies governing the connection that are balanced against competing interests of actually maintaining connections between devices, especially in WiMAX, MANET, MESH, or other ad hoc computing environments where poor security, signal strength, fragile connections or mobility issues are of traditional concern. In this manner, connections will not be lost over security enforcement in an otherwise hostile environment. The security policies are enforced in a variety of ways, but may be altered to lesser policies or not-so-strictly enforced so as to maintain satisfactory connections between devices. Other embodiments contemplate analyzing connectivity components before connection and selecting only those components that enable full or best compliance with the policies. Still other embodiments contemplate altering connections in order to maintain full enforcement of policies. Computer program products are also disclosed.
摘要翻译：方法和装置涉及通过移动终端计算资产来保护网络连接。这些端点具有一个或多个预定义的安全策略，该策略控制连接，这些安全策略与实际维护设备之间的连接的竞争兴趣相平衡，特别是在WiMAX，MANET，MESH或其他安全性，信号强度，脆弱连接等特殊计算环境中或流动性问题是传统问题。以这种方式，连接不会在其他恶意环境中的安全强制执行中丢失。安全策略以各种方式实施，但可能会被更改为较小的策略，或者不被严格执行，以保持设备之间的令人满意的连接。其他实施例考虑在连接之前分析连接组件，并且仅选择能够完全或最佳地符合策略的组件。另外其他实施例考虑改变连接以便保持策略的完全执行。计算机程序产品也被披露。

8. 发明申请

US20100100738A1 METHOD FOR ESTABLISHING A SECURE AD HOC WIRELESS LAN 有权
标题翻译：建立安全无线局域网的方法
公开(公告)号：US20100100738A1
公开(公告)日：2010-04-22
申请号：US12642942
申请日：2009-12-21
申请人： Brant D. Thomsen , Brent R. Beachem , Thomas M. Wheeler
发明人： Brant D. Thomsen , Brent R. Beachem , Thomas M. Wheeler
IPC分类号： H04L9/32 , H04L9/08 , H04L9/00
CPC分类号： H04L63/068 , H04L63/0823 , H04L63/083 , H04L63/0853 , H04L63/0861 , H04L63/101 , H04L63/205 , H04W12/04 , H04W12/06 , H04W84/18
摘要： Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.
摘要翻译：安全通信网络。网络上未认证的客户端发送启动数据包以查找其他客户端。未经身份验证的客户端收到来自网络上其他客户端的起始数据包的响应。响应可以是通过来自可以是经认证的客户端的广告客户端或其他经认证的模式的未经认证的客户端的分组。未经身份验证的客户端对接收到的数据包进行优先级排序，以便可以用最理想的广告客户端执行身份验证。验证数据包在未经身份验证的客户端和广告客户端之间发送和接收，以尝试进行身份验证。

9. 发明授权

US07660990B1 Method for establishing a secure Ad Hoc wireless LAN 有权
标题翻译：建立安全Ad Hoc无线局域网的方法
公开(公告)号：US07660990B1
公开(公告)日：2010-02-09
申请号：US10832698
申请日：2004-04-27
申请人： Brant D. Thomsen , Brent R. Beachem , Thomas M. Wheeler
发明人： Brant D. Thomsen , Brent R. Beachem , Thomas M. Wheeler
IPC分类号： H04L29/06
CPC分类号： H04L63/068 , H04L63/0823 , H04L63/083 , H04L63/0853 , H04L63/0861 , H04L63/101 , H04L63/205 , H04W12/04 , H04W12/06 , H04W84/18
摘要： Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.
摘要翻译：安全通信网络。网络上未认证的客户端发送启动数据包以查找其他客户端。未经身份验证的客户端收到来自网络上其他客户端的起始数据包的响应。响应可以是通过来自可以是经认证的客户端的广告客户端或其他经认证的模式的未经认证的客户端的分组。未经身份验证的客户端对接收到的数据包进行优先级排序，以便可以用最理想的广告客户端执行身份验证。验证数据包在未经身份验证的客户端和广告客户端之间发送和接收，以尝试进行身份验证。

10. 发明授权

US09154299B2 Remote management of endpoint computing device with full disk encryption 有权
标题翻译：端点计算设备的远程管理与全盘加密
公开(公告)号：US09154299B2
公开(公告)日：2015-10-06
申请号：US12966421
申请日：2010-12-13
申请人： Brent R. Beachem , Merrill K. Smith
发明人： Brent R. Beachem , Merrill K. Smith
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L9/0894
摘要： Methods and apparatus involve protecting data encrypted by a first key on an endpoint computing asset including a drive with full disk encryption. The endpoint has both a main operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents a user of the endpoint from accessing the encrypted data and the key. In one embodiment, an information exchange partition on the endpoint is accessible from a remote location and includes data encrypted using a second key accessible to both the pre-boot operating system and the main operating system. Another embodiment allows for the provision of a network connection to the endpoint during the pre-boot phase of operation in accordance with a security policy.
摘要翻译：方法和装置涉及保护由包括具有全盘加密的驱动器的端点计算资产上的第一密钥加密的数据。端点具有用于应用的主操作系统等，以及在操作的预引导阶段的另一操作系统。在使用期间，预引导操作系统防止端点的用户访问加密的数据和密钥。在一个实施例中，可以从远程位置访问端点上的信息交换分区，并且包括使用预引导操作系统和主操作系统可访问的第二密钥加密的数据。另一个实施例允许根据安全策略在操作的预引导阶段期间向端点提供网络连接。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式