公开(公告)号：US10650169B2

公开(公告)日：2020-05-12

申请号：US15573081

申请日：2015-09-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Liqun Chen ,  Chris I. Dalton ,  Fraser Dickin ,  Mark Lillibridge ,  Simon Kai Ying Shiu

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/79 ,  H04L9/08 ,  G06F21/60

Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.

公开(公告)号：US10528752B2

公开(公告)日：2020-01-07

申请号：US15502661

申请日：2014-08-13

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Dejan S. Milojicic ,  Chris I. Dalton ,  Zhikui Wang ,  Chandrasekar Venkatraman ,  Adrian Shaw

IPC: G06F12/16 ,  G06F21/62 ,  G06F21/57 ,  G06F8/65 ,  G06F12/14 ,  H04L9/30

Abstract: Example implementations relate to non-volatile storage of management data. In example implementations, a system is disclosed, the system including a plurality of computing devices, a management device, and a non-volatile memory including a plurality of management spaces corresponding to the plurality of computing devices. In example implementations, at least one of the plurality of management spaces is to be accessible by the management device and by the corresponding computing device, be inaccessible by computing devices other than the corresponding computing device, and store management data associated with the corresponding computing device.

公开(公告)号：US10425282B2

公开(公告)日：2019-09-24

申请号：US15500919

申请日：2014-11-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Adrian Shaw ,  Chris I. Dalton

IPC: H04L12/24 ,  H04L12/26

Abstract: A computing device having instructions that when executed by a processor may: receive, from a verifier, a request for attestation of a current network configuration of the computing device; identify network configuration rules, each network configuration rule specifying an action to be taken by the computing device in response to receiving a particular type of network traffic; generate, for each network configuration rule, a rule abstraction that represents the network configuration rule; provide data representing each rule abstraction to a trusted component; receive, from the trusted component, response data comprising i) data representing each rule abstraction, and ii) a digital signature; and provide the response data to the verifier as attestation proof of the current network configuration of the computing device.

公开(公告)号：US20180204024A1

公开(公告)日：2018-07-19

申请号：US15746494

申请日：2015-07-29

Applicant: Hewlett Packard Enterprise Development Lp

Inventor： Mark Lillibridge ,  Paolo Faraboschi ,  Chris I. Dalton

IPC: G06F21/70 ,  G06F3/06 ,  G06F21/53 ,  G06F21/74

CPC classification number: G06F21/70 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/0673 ,  G06F21/53 ,  G06F21/74

Abstract: Techniques for a firewall to determine access to a portion of memory are provided. In one aspect, an access request to access a portion of memory within a pool of shared memory may be received at a firewall. The firewall may determine whether the access request to access the portion of memory is allowed. The access request may be allowed to proceed based on the determination. The operation of the firewall may not utilize address translation.

公开(公告)号：US20180165479A1

公开(公告)日：2018-06-14

申请号：US15573081

申请日：2015-09-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Liqun Chen ,  Chris I. Dalton ,  Fraser Dickin ,  Mark Lillibridge ,  Simon Kai Ying Shiu

IPC: G06F21/79 ,  G06F12/14 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F21/79 ,  G06F12/1408 ,  G06F21/602 ,  H04L9/0819 ,  H04L9/0836 ,  H04L9/0894

Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.

公开(公告)号：US20180114011A1

公开(公告)日：2018-04-26

申请号：US15298494

申请日：2016-10-20

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Chris I. Dalton ,  Dejan S. Milojicic

IPC: G06F21/44 ,  G06F12/14

CPC classification number: G06F21/44 ,  G06F12/1408 ,  G06F21/6218 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2221/2141 ,  H04W12/08

Abstract: Example implementations relate to encrypted capabilities stored in global memory. For example, in an implementation, a capability protection system may store an encrypted capability into global memory, where the encrypted capability is encrypted based on a condition. The capability protection system may receive, from a node in communication with the global memory, a request to access the encrypted capability stored in the global memory. The capability protection system may provide to the node a decrypted form of the encrypted capability upon satisfaction of the condition by the node.

公开(公告)号：US20170228555A1

公开(公告)日：2017-08-10

申请号：US15502661

申请日：2014-08-13

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Dejan S. Milojicic ,  Chris I. Dalton ,  Zhikui Wang ,  Chandrasekar Venkatraman ,  Adrian Shaw

IPC: G06F21/62 ,  G06F12/14 ,  H04L9/30 ,  G06F21/57 ,  G06F9/445

CPC classification number: G06F21/6218 ,  G06F8/65 ,  G06F12/1408 ,  G06F21/552 ,  G06F21/575 ,  G06F2212/402 ,  H04L9/30

Abstract: Example implementations relate to non-volatile storage of management data. In example implementations, a system is disclosed, the system including a plurality of computing devices, a management device, and a non-volatile memory including a plurality of management spaces corresponding to the plurality of computing devices. In example implementations, at least one of the plurality of management spaces is to be accessible by the management device and by the corresponding computing device, be inaccessible by computing devices other than the corresponding computing device, and store management data associated with the corresponding computing device.

公开(公告)号：US11200345B2

公开(公告)日：2021-12-14

申请号：US15746494

申请日：2015-07-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Mark Lillibridge ,  Paolo Faraboschi ,  Chris I. Dalton

IPC: G06F21/00 ,  G06F21/70 ,  G06F21/53 ,  G06F3/06 ,  G06F21/74

Abstract: Techniques for a firewall to determine access to a portion of memory are provided. In one aspect, an access request to access a portion of memory within a pool of shared memory may be received at a firewall. The firewall may determine whether the access request to access the portion of memory is allowed. The access request may be allowed to proceed based on the determination. The operation of the firewall may not utilize address translation.

公开(公告)号：US10592437B2

公开(公告)日：2020-03-17

申请号：US15664101

申请日：2017-07-31

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Dejan S. Milojicic ,  Paolo Faraboschi ,  Chris I. Dalton

IPC: G06F12/00 ,  G06F12/14

Abstract: Memory blocks are associated with each memory level of a hierarchy of memory levels. Each memory block has a matching key capability (MaKC). The MaKC of a memory block governs access to the memory block, in accordance with permissions specified by the MaKC. The MaKC of a memory block can uniquely identify the memory block across the hierarchy of memory levels, and can be globally unique across the memory blocks. An MaKC of a memory block includes a block protection key (BPK) stored with the memory block, and an execution protection key (EPK). If a provided EPK for a memory block matches the memory block's BPK upon comparison, access to the memory block is allowed according to the permissions specified by the MaKC.

公开(公告)号：US10372897B2

公开(公告)日：2019-08-06

申请号：US15298494

申请日：2016-10-20

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Chris I. Dalton ,  Dejan S. Milojicic

IPC: G06F21/44 ,  G06F12/14 ,  G06F21/62 ,  H04W12/08

Abstract: Example implementations relate to encrypted capabilities stored in global memory. For example, in an implementation, a capability protection system may store an encrypted capability into global memory, where the encrypted capability is encrypted based on a condition. The capability protection system may receive, from a node in communication with the global memory, a request to access the encrypted capability stored in the global memory. The capability protection system may provide to the node a decrypted form of the encrypted capability upon satisfaction of the condition by the node.