-
公开(公告)号:US20080022354A1
公开(公告)日:2008-01-24
申请号:US11475751
申请日:2006-06-27
IPC分类号: H04L9/00
CPC分类号: H04L9/3234 , H04L9/3271 , H04L63/162 , H04W12/06
摘要: Secure re-authentication of host devices roaming between different connection and/or access points within a network controlled by the same administrative domain is described. Platform overhead associated with exchanging information for authentication and/or validation on each new connection during mobility is reduced by enabling prior authenticated network access to influence subsequent network access.
摘要翻译: 描述在由相同管理域控制的网络内的不同连接和/或接入点之间漫游的主机设备的安全重新认证。 通过使先前的经过身份验证的网络访问来影响后续网络访问,减少了在移动性期间在每个新连接上交换用于认证和/或验证的信息的平台开销。
-
公开(公告)号:US20190044724A1
公开(公告)日:2019-02-07
申请号:US15941407
申请日:2018-03-30
申请人: Kapil Sood , Naveen Lakkakula , Hari K. Tadepalli , Lokpraveen Mosur , Rajesh Gadiyar , Patrick Fleming
发明人: Kapil Sood , Naveen Lakkakula , Hari K. Tadepalli , Lokpraveen Mosur , Rajesh Gadiyar , Patrick Fleming
摘要: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.
-
公开(公告)号:US20180114013A1
公开(公告)日:2018-04-26
申请号:US15298419
申请日:2016-10-20
申请人: Kapil Sood , Somnath Chakrabarti , Wei Shen , Carlos V. Rozas , Mona Vij , Vincent R. Scarlata
发明人: Kapil Sood , Somnath Chakrabarti , Wei Shen , Carlos V. Rozas , Mona Vij , Vincent R. Scarlata
CPC分类号: G06F21/53 , G06F8/61 , G06F9/45558 , G06F12/1408 , G06F21/44 , G06F21/572 , G06F21/606 , G06F2009/45587 , G06F2212/1052 , G06F2212/152 , G06F2212/402
摘要: Methods and apparatus for extending packet processing to trusted programmable and fixed-function accelerators. Secure enclaves are created in system memory of a compute platform, wherein software code external from a secure enclave cannot access code or data within a secure enclave, and software code in a secure enclave can access code and data both within the secure enclave and external to the secure enclave. Software code for implementing packet processing operations is installed in the secure enclaves. The compute platform further includes one or more hardware-based accelerators that are used by the software to offload packet processing operations. The accelerators are configured to read packet data from input queues, process the data, and output processed data to output queues, wherein the input and output queues are located in encrypted portions of memory that may be in a secure enclave or external to the secure enclaves. Tokens are used by accelerators to validate access to memory in secure enclaves, and used by both accelerators and secure enclaves to access encrypted memory external to secure enclaves.
-
公开(公告)号:US20170289068A1
公开(公告)日:2017-10-05
申请号:US15088910
申请日:2016-04-01
申请人: Stephen T. Palermo , Iosif Gasparakis , Scott P. Dubal , Kapil Sood , Trevor Cooper , Jr-Shian Tsai , Jesse C. Brandeburg , Andrew J. Herdrich , Edwin Verplanke
发明人: Stephen T. Palermo , Iosif Gasparakis , Scott P. Dubal , Kapil Sood , Trevor Cooper , Jr-Shian Tsai , Jesse C. Brandeburg , Andrew J. Herdrich , Edwin Verplanke
IPC分类号: H04L12/861 , H04L12/931 , G06F15/173 , H04L12/715
CPC分类号: H04L49/9047 , G06F9/45558 , G06F15/17331 , G06F2009/45595 , H04L45/64 , H04L49/70
摘要: Methods and apparatus for accelerating VM-to-VM Network Traffic using CPU cache. A virtual queue manager (VQM) manages data that is to be kept in VM-VM shared data buffers in CPU cache. The VQM stores a list of VM-VM allow entries identifying data transfers between VMs that may use VM-VM cache “fast-path” forwarding. Packets are sent from VMs to the VQM for forwarding to destination VMs. Indicia in the packets (e.g., in a tag or header) is inspected to determine whether a packet is to be forwarded via a VM-VM cache fast path or be forwarded via a virtual switch. The VQM determines the VM data already in the CPU cache domain while concurrently coordinating with the data to and from the external shared memory, and also ensures data coherency between data kept in cache and that which is kept in shared memory.
-
公开(公告)号:US09769050B2
公开(公告)日:2017-09-19
申请号:US14581595
申请日:2014-12-23
申请人: Andrew J. Herdrich , Patrick Connor , Dinesh Kumar , Alexander W. Min , Ravishankar Iyer , Daniel J. Dahle , Kapil Sood , Jeffrey B. Shaw
发明人: Andrew J. Herdrich , Patrick Connor , Dinesh Kumar , Alexander W. Min , Ravishankar Iyer , Daniel J. Dahle , Kapil Sood , Jeffrey B. Shaw
IPC分类号: G06F15/173 , H04L12/26 , H04L12/24 , G06F12/084 , G06F12/0811
CPC分类号: H04L43/50 , G06F12/0811 , G06F12/084 , G06F2212/152 , G06F2212/601 , H04L41/0896 , H04L41/5009 , H04L41/5025 , H04L41/5035 , H04L41/5096 , H04L43/16
摘要: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with end-to-end datacenter performance control. In various embodiments, an apparatus for computing may receive a datacenter performance target, determine an end-to-end datacenter performance level based at least in part on quality of service data collected from a plurality of nodes, and send a mitigation command based at least in part on a result of a comparison of the end-to-end datacenter performance level determined to the datacenter performance target. In various embodiments, the apparatus for computing may include one or more processors, a memory, a datacenter performance monitor to receive a datacenter performance target corresponding to a service level agreement, and a mitigation module to send a mitigation command based at least in part on a result of a comparison of an end-to-end datacenter performance level to a datacenter performance target.
-
公开(公告)号:US20160182238A1
公开(公告)日:2016-06-23
申请号:US14574969
申请日:2014-12-18
申请人: Prashant Dewan , Kapil Sood , Kumar N. Dwarakanath , Ioannis T. Schoinas , William A. Stevens, JR. , Ned M. Smith
发明人: Prashant Dewan , Kapil Sood , Kumar N. Dwarakanath , Ioannis T. Schoinas , William A. Stevens, JR. , Ned M. Smith
CPC分类号: H04L9/3263 , G06F21/572 , G06F21/74 , G09C1/00 , H04L9/321 , H04L9/3234 , H04L9/3242 , H04L2209/12 , H04L2209/68
摘要: In one embodiment, a processor has at least one core to execute instructions, a security engine coupled to the at least one core, a first storage to store a first immutable key associated with a vendor of the processor, and a second storage to store a second immutable key associated with an original equipment manufacturer (OEM) of the system. A first portion of firmware is to be verified based at least in part on the first immutable key and a second portion of firmware is to be verified based at least in part on the second immutable key, the first portion of firmware associated with the vendor and the second portion of firmware associated with the OEM. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器具有执行指令的至少一个核心,耦合到所述至少一个核心的安全引擎,用于存储与所述处理器的供应商相关联的第一不可变密钥的第一存储器,以及存储 与系统的原始设备制造商(OEM)相关联的第二个不可变键。 至少部分地基于第一不可变密钥验证固件的第一部分,并且至少部分地基于第二不可变密钥,与供应商相关联的固件的第一部分和 与OEM相关联的固件的第二部分。 描述和要求保护其他实施例。
-
97.发明授权Method and apparatus for autonomous peer discovery and enhancing link reliability for wireless peer direct links 有权用于无线对等直接链路的自主对等体发现和增强链路可靠性的方法和装置公开(公告)号:US08762543B2
公开(公告)日:2014-06-24
申请号:US12637987
申请日:2009-12-15
申请人: Zongming Yao , Kapil Sood
发明人: Zongming Yao , Kapil Sood
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04W76/14
摘要: A system, method and device may include triggering a direct connection setup based on one or more communication parameters communicated with a mobile device via a fixed device. It may be determined whether the mobile device is a peer. The quality of service with the mobile device via the fixed device may be compared with quality of service of a mobile device via a direct link. A channel for the direct link may be selected and information may be sent to the mobile device over the direct link via the channel.
摘要翻译: 系统,方法和设备可以包括基于通过固定设备与移动设备通信的一个或多个通信参数触发直接连接建立。 可以确定移动设备是否是对等体。 通过固定设备与移动设备的服务质量可以通过直接链路与移动设备的服务质量进行比较。 可以选择用于直接链路的信道,并且可以经由信道通过直接链路将信息发送到移动设备。
-
公开(公告)号:US08717958B2
公开(公告)日:2014-05-06
申请号:US13334648
申请日:2011-12-22
申请人: Kapil Sood , Tsai James
发明人: Kapil Sood , Tsai James
IPC分类号: G08C17/00
CPC分类号: H04W52/0251 , H04W24/00 , H04W28/18 , H04W52/0293 , H04W88/02 , Y02D70/00 , Y02D70/142 , Y02D70/146 , Y02D70/23
摘要: Methods and apparatuses enable maintaining wireless connectivity while the wireless client device is in a power save mode. The system includes a host operating system (OS) that handles wireless connections while the device is executing in normal operation, and an embedded agent that handles the wireless connections when the device switches to power saving operation and the host OS switches to a sleep or standby state. The system detects a change in the power save mode and triggers an exchange of session context information between the host OS and the embedded agent (from the host OS to the embedded agent when the system enters the power save mode, and from the embedded agent to the host OS when the system returns to normal operation from the power save mode). The system also triggers the switching of management consistent with the passing of session context information.
摘要翻译: 当无线客户端设备处于省电模式时,方法和装置能够维持无线连接。 该系统包括在设备正常运行时处理无线连接的主机操作系统(OS)以及当设备切换到省电操作并且主机OS切换到睡眠或待机时处理无线连接的嵌入式代理 州。 系统检测节电模式的变化,触发主机OS与嵌入式代理之间的会话上下文信息交换(当系统进入省电模式时,从主机OS到嵌入式代理,从嵌入式代理到嵌入式代理 系统从节电模式恢复正常运行时的主机操作系统)。 系统还触发与会话上下文信息的通过一致的管理切换。
-
公开(公告)号:US08498229B2
公开(公告)日:2013-07-30
申请号:US12346125
申请日:2008-12-30
申请人: Kapil Sood
发明人: Kapil Sood
CPC分类号: G06F1/3293 , G06F1/3209 , G06F1/3287 , H04L12/10 , H04L49/90 , Y02D10/171 , Y02D50/20
摘要: A network interface controller of a computing device is disclosed that processes network packets without waking the computing device. The network interface controller may detect that a secured connection with an access point has been disconnected and may reconnect to the access point without waking the computing device. The network interface controller may support roaming between access points without waking the computing device. The network interface controller may also support establishing, re-establishing and maintaining a secured session with another computing device while a computing device is in a sleep state.
摘要翻译: 公开了一种处理网络分组而不唤醒计算设备的计算设备的网络接口控制器。 网络接口控制器可以检测到与接入点的安全连接已经被断开,并且可以在不唤醒计算设备的情况下重新连接到接入点。 网络接口控制器可以支持在接入点之间漫游而不唤醒计算设备。 网络接口控制器还可以支持在计算设备处于睡眠状态时建立,重新建立和维护与另一计算设备的安全会话。
-
100.发明授权Method and system for dynamic service negotiation with a uniform security control plane in a wireless network 失效无线网络中统一的安全控制平面进行动态服务协商的方法和系统公开(公告)号:US08438389B2
公开(公告)日:2013-05-07
申请号:US12542244
申请日:2009-08-17
申请人: Zongming Sinbada Yao , Kapil Sood
发明人: Zongming Sinbada Yao , Kapil Sood
IPC分类号: H04L29/06
CPC分类号: H04W12/06 , H04L65/105 , H04L65/1053 , H04W4/00 , H04W8/26 , H04W28/06 , H04W48/16 , H04W88/08
摘要: A method and system to facilitate dynamic service negotiation with a uniform and persistent security control plane in a wireless network. In one embodiment of the invention, a node in the wireless network determines each capability provided by each of one or more virtual nodes that it supports and transmits a frame that has information of each capability provided by each of the one or more virtual nodes. By combining all the information of each capability provided by each of the one or more virtual nodes into one frame, the node reduces the volume of management traffic required and increases the available usable channel bandwidth in one embodiment of the invention.
摘要翻译: 一种促进与无线网络中统一且持久的安全控制平面进行动态服务协商的方法和系统。 在本发明的一个实施例中,无线网络中的节点确定由其支持的一个或多个虚拟节点中的每一个提供的每个能力,并且发送具有由一个或多个虚拟节点中的每个虚拟节点提供的每个能力的信息的帧。 通过将由一个或多个虚拟节点中的每一个提供的每个能力的所有信息组合成一个帧,节点在本发明的一个实施例中减少了所需的管理业务量并增加了可用的可用信道带宽。
-
-
-
-
-
-
-
-
-
搜索结果
130 条记录 (耗时 0.035 秒)
