Patents by Inventor David Challener

David Challener has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8707327
    Abstract: Arrangements for permitting incoming mail to be transferred from a WAN Drive to a notebook computer hard drive under conditions that are not stressful to the hard drive. Preferably, a WAN card is configured to wake a notebook when mail capacity is full or close to full. Mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. In a variant embodiment, the WAN card may preferably be configured to wake a notebook when mail is received at all. Again, mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. Once mail is moved to the hard drive, the system preferably runs an embedded email program that allows the user to employ an existing VPN infrastructure.
    Type: Grant
    Filed: September 30, 2007
    Date of Patent: April 22, 2014
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Howard Locker, David Challener, Daryl Cromer, James S. Rutledge, Randall Scott Springfield, James J. Thrasher, Michael Vanover
  • Publication number: 20090089808
    Abstract: Arrangements for permitting incoming mail to be transferred from a WAN Drive to a notebook computer hard drive under conditions that are not stressful to the hard drive. Preferably, a WAN card is configured to wake a notebook when mail capacity is full or close to full. Mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. In a variant embodiment, the WAN card may preferably be configured to wake a notebook when mail is received at all. Again, mail is then preferably moved from the flash drive to the hard drive, subject to verification that this will not overly stress the hard drive. Once mail is moved to the hard drive, the system preferably runs an embedded email program that allows the user to employ an existing VPN infrastructure.
    Type: Application
    Filed: September 30, 2007
    Publication date: April 2, 2009
    Applicant: Lenovo (Singapore) Pte. Ltd.
    Inventors: Howard Locker, David Challener, Daryl Cromer, James S. Rutledge, Randall Scott Springfield, James J. Thrasher, Michael Vanover
  • Publication number: 20080069363
    Abstract: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
    Type: Application
    Filed: September 21, 2007
    Publication date: March 20, 2008
    Inventors: Ryan Catherman, David Challener, James Hoff
  • Publication number: 20080001778
    Abstract: In a central system for receiving reports of utility usage from a number of remote meters, a provision is made for assuring that a received report has actually been transmitted from a meter that has been registered with the central system. During the registration process, the meter transmits its public cryptographic code to the central system. With each report of utility usage, the meter sends a version of a message encrypted with its private cryptographic key. The central system decrypts this message with the meter's public key. If it matches an unencrypted version of the message it is known that the meter sent the report. The unencrypted message may be generated by the central system and transmitted to the meter in a request for a report, or it may be generated by the meter and sent along with the encrypted version.
    Type: Application
    Filed: July 29, 2007
    Publication date: January 3, 2008
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: David Challener, Kenneth Timmons
  • Publication number: 20070226711
    Abstract: A method for preventing malicious software from execution within a computer system is disclosed. Before any actual execution of an application program on a computer system, the application program needs to be cross-compiled to yield a set of cross-compiled code of the application program. The set of cross-compiled code of the application program can then be executed in an execution module that is capable of recognizing and translating the set of cross-compiled code of the application program to the actual machine code of the processor.
    Type: Application
    Filed: February 14, 2006
    Publication date: September 27, 2007
    Inventors: David Challener, Mark Davis, Peter Hortensius, Rod Waltermann
  • Publication number: 20070192620
    Abstract: A method for preventing malicious software from execution within a computer system is disclosed. A permutation is performed on a subset of instructions within an application program to yield a permuted sequence of instructions before any actual execution of the application program on the computer system. A permutation sequence number of the permuted sequence of instructions is stored in a permuted instruction pointer table. The permuted sequence of instructions is executed in an execution module that is capable of translating the permuted sequence of instructions to an actual machine code of a processor within the computer system according to the permutation sequence number of the permuted sequence of instructions stored in the permuted instruction pointer table.
    Type: Application
    Filed: February 14, 2006
    Publication date: August 16, 2007
    Inventors: David Challener, Mark Davis, Peter Hortensius, Rod Waltermann
  • Publication number: 20070192581
    Abstract: A computer determines whether it has been booted from a hard disk drive or from an alternate source (e.g., a floppy drive or portable memory) that entails a higher risk of importing a virus into the computer, and if it is determined that a non-HDD source was booted from, corrective action such as a virus scan can be preemptively taken.
    Type: Application
    Filed: February 10, 2006
    Publication date: August 16, 2007
    Inventors: David Challener, Daryl Cromer, Mark Charles Davis, Jerry Dishman, Howard Locker, Randall Springfield
  • Publication number: 20070192580
    Abstract: A method, system and computer-usable medium are presented for remotely controlling a TPM by loading a trusted operating system into a computer; and in response to the trusted Operating System (OS) being loaded into the computer, authorizing a Trusted Platform Module (TPM) in the computer to execute a command that would otherwise require, for execution of the command, an indication of a physical presence of an operator of the computer.
    Type: Application
    Filed: February 10, 2006
    Publication date: August 16, 2007
    Inventors: David Challener, Mark Davis, Steven Goodman, Isaac Karpel, Randall Springfield
  • Publication number: 20070113045
    Abstract: When data changes in LBAs of a disk storage, the IDs of changed LBAs are written to a cache, with the LBAs being hashed to render a hash result. The hash result and contents of the cache are written to a file on the disk, the cache flushed, and the hash result written back to the cache for hashing together with subsequent changed LBAs. The process repeats. In this way, the hash result in the most current file on the disk can be compared with the hash result in cache, and if the two match, it indicates that the files on the disk contain an accurate record of changed LBAs.
    Type: Application
    Filed: November 16, 2005
    Publication date: May 17, 2007
    Inventors: David Challener, Rod Waltermann
  • Publication number: 20070014416
    Abstract: A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.
    Type: Application
    Filed: July 15, 2005
    Publication date: January 18, 2007
    Inventors: David Rivera, David Challener, James Hoff
  • Publication number: 20070005951
    Abstract: If a user forgets the power-on password of his computer, he can depress the “enter” key or “access” key once to cause the BIOS to locate the power-on password in memory and attempt to unlock the HDD using the power-on password to boot a secure O.S. The HDD password either can be the same as the power-on password or the HDD can recognize the power-on password for the limited purpose of allowing access to the secure O.S. In any case, the secure O.S. is booted for password reset.
    Type: Application
    Filed: June 29, 2005
    Publication date: January 4, 2007
    Inventors: Mark Davis, Randall Springfield, David Challener, Rod Waltermann
  • Publication number: 20060230264
    Abstract: A method and system for remotely storing a user's admin key to gain access to an intranet is presented. The user's admin key and intranet user identification (ID) are encrypted using an enterprise's public key, and together they are concatenated into a single backup admin file, which is stored in the user's client computer. If the user needs his admin file and is unable to access it in a backup client computer, he sends the encrypted backup admin file to a backup server and his unencrypted intranet user ID to an intranet authentication server. The backup server decrypts the user's single backup admin file to obtain the user's admin key and intranet user ID. If the unencrypted intranet user ID in the authentication server matches the decrypted intranet user ID in the backup server, then the backup server sends the backup client computer the decrypted admin key.
    Type: Application
    Filed: April 7, 2005
    Publication date: October 12, 2006
    Applicant: International Business Machines Corporation
    Inventors: Ryan Catherman, David Challener, Scott Elliott, James Hoff
  • Publication number: 20060195654
    Abstract: The invention partitions the HDD into three areas, namely, no access, write-only, and the conventional read/write. Sensitive data (antivirus programs, back up data, etc.) is written into write-only areas, which thereafter become designated “no access” by appropriately changing their designation a data structure known as “logical block address” or “LBA”. Only users having approved passwords can change the status of a “no access” block back to “write-only” or “read/write”.
    Type: Application
    Filed: February 28, 2005
    Publication date: August 31, 2006
    Inventors: David Challener, Rod Waltermann
  • Publication number: 20060185017
    Abstract: The present invention adds a procedure to the operating system file subsystem of a processing system that significantly reduces the amount of time necessary to verify the validity of executable files. Each executable is extended with a file signature containing a header containing validation data. This header may be added to an existing ELF header, added as a new section, or placed in a file's extended attribute store. The header contains results of all previous validation checks that have been performed. The file signature is inserted, with a date stamp, into the file attributes. On execution, the system checks the previously-created file signature against a current file signature, instead of creating the file signature for every file during the execution process. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the execution program create a new file signature at the time of execution.
    Type: Application
    Filed: December 28, 2005
    Publication date: August 17, 2006
    Inventors: David Challener, Daryl Cromer, Howard Locker, David Safford, Randall Springfield
  • Publication number: 20060179476
    Abstract: A method and system is presented for making a client computer compliant with a data security regulatory rule. A client computer is connected to a network that includes a compliance fix server. The compliance fix server determines if the client computer is in compliance with a data security regulatory rule, based on a level of compliance at which that the client computer is authorized. If the client computer has not executed the appropriate compliance software required to put the client computer in compliance with the data security regulatory rule, then the compliance fix server sends appropriate compliance software to the client computer for installation and execution.
    Type: Application
    Filed: February 9, 2005
    Publication date: August 10, 2006
    Applicant: International Business Machines Corporation
    Inventors: David Challener, Richard Cheston, Daryl Cromer, Howard Locker
  • Publication number: 20060143713
    Abstract: A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the file attributes. The virus scan program checks the previously-created file signature against the virus signature file instead of creating the file signature for every file during the virus scan. Checks to ensure that the file signature is secure, and is valid and up to date, are also implemented. Only if the file signature is not valid and up-to-date does the virus scan program create a new file signature at the time of the running of the virus scan.
    Type: Application
    Filed: December 28, 2004
    Publication date: June 29, 2006
    Applicant: International Business Machines Corporation
    Inventors: David Challener, Daryl Cromer, Howard Locker, David Safford, Randall Springfield
  • Publication number: 20060112420
    Abstract: Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decrypts the operating system password using the hashed power-on password.
    Type: Application
    Filed: November 22, 2004
    Publication date: May 25, 2006
    Applicant: International Business Machines Corporation
    Inventors: David Challener, Steven Goodman, James Hoff, David Rivera, Randall Springfield
  • Publication number: 20060106838
    Abstract: An apparatus, system, and method are disclosed for validating files. In one embodiment, a target module determines if an operation is to be performed on a file. If the operation is to be performed on the file, an identification module identifies the file extension of the file and a characterization module characterizes the file format of the file. A comparison module compares the file format of the file to the expected file format corresponding to the file extension of the file. A validation module validates the file if the file format matches the expected file format. The validation module may block the operation if the file is invalid.
    Type: Application
    Filed: October 26, 2004
    Publication date: May 18, 2006
    Inventors: Abiola Ayediran, David Challener, Justin Tyler Dubs, John Nicholson, Jennifer Zawacki
  • Publication number: 20060107034
    Abstract: A computer system contains selectively available boot block codes. A first boot block is of the conventional type and is stored in storage media such as flash ROM on a system planar with the processor of the computer system. A second boot block is located on a feature card and contains an immutable security code in compliance with the Trusted Computing Platform Alliance (TCPA) specification. The boot block on the feature card is enabled if the first boot block detects the presence of the feature card. The computer system can be readily modified as the computer system is reconfigured, while maintaining compliance with the TCPA specification. A switching mechanism controls which of the boot blocks is to be activated. The feature card is disabled in the event of a computer system reset to prevent access to the TCPA compliant code and function.
    Type: Application
    Filed: December 29, 2005
    Publication date: May 18, 2006
    Inventors: David Challener, Steven Goodman, Kevin Reinberg, Randall Springfield, James Ward
  • Publication number: 20060101286
    Abstract: A method for theft deterrence of a computer system is disclosed. The computer system includes a trusted platform module (TPM) and storage medium. The method comprises providing a binding key in the TPM; and providing an encrypted symmetric key in the storage medium. The method further includes providing an unbind command to the TPM based upon an authorization to provide a decrypted symmetric key; and providing the decrypted symmetric key to the secure storage device to allow for use of the computer system. Accordingly, by utilizing a secure hard disk drive (HDD) that requires a decrypted key to function in conjunction with a TPM, a computer if stolen is virtually unusable by the thief. In so doing, the risk of theft of the computer is significantly reduced.
    Type: Application
    Filed: November 8, 2004
    Publication date: May 11, 2006
    Inventors: Ryan Catherman, David Challener, James Hoff, Joseph Pennisi, Randall Springfield