中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

26 records (took 0.021 seconds)

    Extending measured boot for secure link establishment
    1.
    发明授权
    Extending measured boot for secure link establishment 有权

    公开(公告)号:US12235967B1

    公开(公告)日:2025-02-25

    申请号:US18323868

    申请日:2023-05-25

    Applicant: Amazon Technologies, Inc.

    Inventor: Ori Cohen Barak Wasserstrom Andrew Robert Sinton

    IPC: H04L29/06 G06F21/57 H04L9/30 H04L9/32

    Abstract: A modified measured boot approach is utilized for establishing a secure communication link between two devices. Each device may execute a respective boot process until the device reaches the stage responsible for establishing the communication link with the other device. Each device may exchange its respective self-signed certificate and extend its certificate chain with the self-signed certificate received from the other device. A secure link can be established using the public key of the other device as a based key for a key exchange protocol.

    SECURE BOOTING OF VIRTUALIZATION MANAGERS
    3.
    发明申请
    SECURE BOOTING OF VIRTUALIZATION MANAGERS 审中-公开

    公开(公告)号:US20190311128A1

    公开(公告)日:2019-10-10

    申请号:US16435391

    申请日:2019-06-07

    Applicant: Amazon Technologies, Inc.

    Inventor: Anthony Nicholas Liguori Barak Wasserstrom

    IPC: G06F21/57 G06F9/455 H04L9/32 G06F9/4401 H04L9/06 H04L9/00 H04L29/06 H04L9/08 H04L9/14 H04L9/30

    Abstract: A multi-phase boot operation of a virtualization manager at a virtualization host is initiated at an offload card. In a first phase of the boot, a security key stored in a tamper-resistant location of the offload card is used. In a second phase, firmware programs are measured using a security module, and a first version of a virtualization coordinator is instantiated at the offload card. The first version of the virtualization coordinator obtains a different version of the virtualization coordinator and launches the different version at the offload card. Other components of the virtualization manager (such as various hypervisor components that do not run at the offload card) are launched by the different version of the virtualization controller.

    Non-coherent and coherent connections in a multi-chip system
    4.
    发明授权
    Non-coherent and coherent connections in a multi-chip system 有权

    公开(公告)号:US11880327B1

    公开(公告)日:2024-01-23

    申请号:US17643132

    申请日:2021-12-07

    Applicant: Amazon Technologies, Inc.

    Inventor: Guy Nakibly Barak Wasserstrom Yaniv Shapira Erez Izenberg Adi Habusha

    IPC: G06F13/40

    CPC classification number: G06F13/4027

    Abstract: A coherent connection and a non-coherent connection are provided between system-on-chips (SoCs). The coherent connection can be coupled to coherent interconnects on the SoCs, and the non-coherent connection can be coupled to non-coherent interconnects on the SoCs. An input/output (I/O) transaction from an I/O device on a first SoC that is targeted to a second SoC can be transmitted via the non-coherent connection, and a processor transaction from the first SoC that is targeted to the second SoC can be transmitted via the coherent connection.

    MULTIPLE PORT EMULATION
    5.
    发明公开
    MULTIPLE PORT EMULATION 审中-公开

    公开(公告)号:US20230221971A1

    公开(公告)日:2023-07-13

    申请号:US18186748

    申请日:2023-03-20

    Applicant: Amazon Technologies, Inc.

    Inventor: Barak Wasserstrom Said Bshara Akram Baransi Omri Itach Tal Zilcer

    IPC: G06F13/42 G06F13/10 G06F13/24

    CPC classification number: G06F13/4221 G06F13/24 G06F13/105

    Abstract: Multiple independent endpoint devices can be emulated using a single system on chip (SoC) device. Such a SoC can have multiple cores that can emulate ports according to a specified protocol, such as the peripheral component interconnect express (PCIe) protocol useful for data communications. An emulation agent can manage various aspects of these emulated endpoint devices in software, including serving interrupts for relevant emulated devices according to a determined priority scheme. Interrupts can be registered for each device, and data structures allocated dynamically for a determined number and type(s) of PCIe endpoint devices to be emulated. Each PCIe core on the SoC can function as a separate PCIe endpoint device endpoint for communicating with one or more hosts or other such devices.

    Combination boot for an integrated circuit
    7.
    发明授权
    Combination boot for an integrated circuit 有权

    公开(公告)号:US12223052B1

    公开(公告)日:2025-02-11

    申请号:US17695630

    申请日:2022-03-15

    Applicant: Amazon Technologies, Inc.

    Inventor: Barak Wasserstrom Ori Cohen Andrew Robert Sinton

    IPC: H04L9/08 G06F21/54 G06F21/57 G06F21/60 G06F21/76

    Abstract: A boot process for a computing device, such as integrated circuit, includes security features that are inaccessible during certain operation modes. An image including permission to access those security features is received during the boot process and may be verified using one or more keys. In operation, access to the security features is permitted during the operation modes after the image is verified. Such an approach enables a boot process to permit access to certain features after receipt and verification of different images.

    Secure monitors for memory page protection
    8.
    发明授权
    Secure monitors for memory page protection 有权

    公开(公告)号:US12216921B1

    公开(公告)日:2025-02-04

    申请号:US17710489

    申请日:2022-03-31

    Applicant: Amazon Technologies, Inc.

    Inventor: Erez Tsidon Ori Cohen Barak Wasserstrom Andrew Robert Sinton Asaf Modelevsky Moshe Raz

    IPC: G06F3/06

    Abstract: Technologies are disclosed for using hardware-embedded monitors to monitor pages of local memory and detect attribute violations or other unauthorized operations relating to the memory. The attribute violations may include mismatches of attributes (e.g., designating a page as writeable versus executable or vice versa) in entries in a translation buffer that point to a same physical address or other mismatches between designations of attributes for a page in physical and virtual space. Responsive to detecting a violation, an alert or other mitigation protocol, which may include an audit of activities surrounding the violation, may be performed.

Patent Agency Ranking