David S Rivera

US Patent:

7107460, Sep 12, 2006

Filed:

Feb 15, 2002

Appl. No.:

10/077135

Inventors:

Daryl Carvis Cromer - Apex NC, US
Scott Thomas Elliott - Raleigh NC, US
James Patrick Hoff - Wake Forest NC, US
Howard Jeffrey Locker - Cary NC, US
David Rivera - Durham NC, US
Randall Scott Springfield - Chapel Hill NC, US
James Peter Ward - Raleigh NC, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 29/02
H04L 29/18
H04L 9/34

US Classification:

713193, 713167

Abstract:

An embedded security subsystem, and method for implementing the same, which provide secure controllability of a data security device within a data processing system. The embedded security subsystem of the present invention includes a persistent enable flag for providing control access to the data security device, wherein the persistent enable flag is accessible only in response to a power-on reset cycle of the data processing system. The persistent enable flag is read-only accessible to runtime program instructions. A pending state change flag that is write accessible by runtime program instructions is utilized for setting an intended next state of the persistent enable flag such that control access to the data security device is enabled only during a subsequent power-on reset of said data processing system.

US Patent:

7167982, Jan 23, 2007

Filed:

Sep 14, 2001

Appl. No.:

09/952103

Inventors:

Scott Thomas Elliott - Raleigh NC, US
James Patrick Hoff - Raleigh NC, US
Christopher Scott Long - Chapel Hill NC, US
David Rivera - Durham NC, US
James Peter Ward - Raleigh NC, US

Assignee:

Lenovo (Singapore) Pte Ltd. - Singapore

International Classification:

H04L 9/00

US Classification:

713164, 713165, 713189, 707204

Abstract:

A method, system and computer program product for securing decrypted files in a shared environment. A filter driver in a kernel space may be configured to control service requests to encrypted files stored in a shared area, e. g. , a shared directory on a disk unit, accessible by multiple users. The filter driver may receive a service request to open an encrypted document in the shared area issued from an authorized user. Upon receiving the encrypted data, the filter driver may decrypt the encrypted data. The filter driver may subsequently store the decrypted data in a file in a non-shared area, e. g. , a non-shared directory. The non-shared area may be accessible only by the authorized user that requested access to the encrypted file. By storing the decrypted data in a file in the non-shared area, a file once decrypted may be protected in a file sharing environment.

US Patent:

7484241, Jan 27, 2009

Filed:

Nov 22, 2004

Appl. No.:

10/994620

Inventors:

David Carroll Challener - Raleigh NC, US
Steven Dale Goodman - Raleigh NC, US
James Patrick Hoff - Raleigh NC, US
David Rivera - Durham NC, US
Randall Scott Springfield - Chapell Hill NC, US

Assignee:

Lenovo (Singapore) Pte. Ltd. - Singapore

International Classification:

G06F 7/04
H04L 9/32

US Classification:

726 5, 713193

Abstract:

Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.

US Patent:

7743240, Jun 22, 2010

Filed:

Apr 2, 2007

Appl. No.:

11/695095

Inventors:

Philip Lee Childs - Raleigh NC, US
Charles Burnham Oxrieder - Wake Forerst NC, US
David Rivera - Durham NC, US

Assignee:

Lenovo (Singapore) Pte. Ltd. - Singapore

International Classification:

G06F 15/177

US Classification:

713 1, 713100

Abstract:

Applications which function under a first operating system also function when it becomes necessary to call into action a second operating system due to provision having been made for configuration and other settings necessary to the execution of such applications (here generically called policy settings or policy source data) to be made available to the second operating system.

US Patent:

7818567, Oct 19, 2010

Filed:

Sep 27, 2006

Appl. No.:

11/535542

Inventors:

Rod D. Waltermann - Rougemont NC, US
David C. Challener - Raleigh NC, US
Philip L. Childs - Raleigh NC, US
James Hunt - Chapel Hill NC, US
Nathan J. Peterson - Raleigh NC, US
David Rivera - Durham NC, US
Randall S. Springfield - Chapel Hill NC, US
Arnold S. Weksler - Raleigh NC, US

Assignee:

Lenovo (Singapore) Pte. Ltd. - Singapore

International Classification:

H04L 29/06

US Classification:

713165

Abstract:

A method for protecting Security Accounts Manager (SAM) files within a Windows operating system is disclosed. A SAM file encryption key is generated by encrypting a SAM file via a syskey utility provided within the Windows operating system. The SAM file encryption key is then stored in a virtual floppy disk by selecting an option to store SAM file encryption key to a floppy disk under the syskey utility. A blob is generated by performing a Trusted Platform Module (TPM) Seal command against the SAM file encryption key along with a value stored in a Performance Control Register and a TPM Storage Root Key. The blob is stored in a non-volatile storage area of a computer.

US Patent:

7941847, May 10, 2011

Filed:

Sep 26, 2006

Appl. No.:

11/535110

Inventors:

David Rivera - Durham NC, US
David C. Challener - Raleigh NC, US
Joseph M. Pennisi - Apex NC, US
Randall S. Springfield - Chapel Hill NC, US

Assignee:

Lenovo (Singapore) Pte. Ltd. - Singapore

International Classification:

G06F 7/04

US Classification:

726 20, 726 8, 726 9

Abstract:

A method for providing a secure single sign-on to a computer system is disclosed. Pre-boot passwords are initially stored in a secure storage area of a smart card. The operating system password, which has been encrypted to a blob, is stored in a non-secure area of the smart card. After the smart card has been inserted in a computer system, a user is prompted for a Personal Identification Number (PIN) of the smart card. In response to a correct smart card PIN entry, the blob stored in the non-secure storage area of the smart card is decrypted to provide the operating system password, and the operating system password along with the pre-boot passwords stored in the secure storage area of the smart card are then utilized to log on to the computer system.

US Patent:

8290164, Oct 16, 2012

Filed:

Jul 31, 2006

Appl. No.:

11/461429

Inventors:

Matthew P. Lietzke - Cary NC, US
James P. Hoff - Wake Forest NC, US
David Rivera - Durham NC, US

Assignee:

Lenovo (Singapore) Pte. Ltd. - Singapore

International Classification:

H04L 9/00

US Classification:

380277, 380278, 380280, 380284, 380286, 380 44, 726 20, 726 5, 713184, 713165, 717121

Abstract:

A trusted platform module (TPM) is a silicon chip that constitutes a secure encryption key-pair generator and key management device. A TPM provides a hardware-based root-of-trust contingent on the generation of the first key-pair that the device creates: the SRK (storage root key). Each SRK is unique, making each TPM unique, and an SRK is never exported from a TPM. Broadly contemplated herein is an arrangement for determining automatically whether a TPM has been replaced or cleared via loading a TPM blob into the TPM prior to the first time it is to be used (e. g. when a security-related software application runs). If the TPM blob loads successfully, then it can be concluded that the TPM is the same TPM that was used previously. If the TPM blob cannot be loaded, then corrective action will preferably take place automatically to configure the new TPM.

US Patent:

8341393, Dec 25, 2012

Filed:

Dec 17, 2009

Appl. No.:

12/641029

Inventors:

Randall S. Springfield - Chapel Hill NC, US
Howard J. Locker - Cary NC, US
David Rivera - Durham NC, US
Joseph M. Pennisi - Apex NC, US
Rod D. Waltermann - Rougemont NC, US

Assignee:

Lenovo (Singapore) Pte. Ltd. - Singapore

International Classification:

H04L 29/06

US Classification:

713100, 713 2, 713175, 713187

Abstract:

An exemplary apparatus includes one or more processors; memory; circuitry configured to hash a value associated with core root of trust measurement code and system management code; store the hash in a secure register; load an operating system; validate a certificate associated with the core root of trust measurement code and validate a certificate associated with the system management code; based on the validated certificates, provide an expected hash associated with the core root of trust measurement code and the system management code; decide if the expected hash matches the hash stored in the register; and, if the expected hash matches the hash stored in the register, commence a dynamic root of trust measurement session. Various other apparatuses, systems, methods, etc. , are also disclosed.