-
公开(公告)号:US20180121656A1
公开(公告)日:2018-05-03
申请号:US15338723
申请日:2016-10-31
Applicant: Hewlett Packard Enterprise Development LP
Inventor: William N. Scherer, III , Shiva R. Dasari
CPC classification number: G06F21/572 , G06F8/654 , G06F11/14 , G06F21/575
Abstract: Various examples described herein provide for firmware verification on a peripheral device that can couple to a computing device. Before operating firmware is executed on the peripheral device, boot firmware can execute on the peripheral device and cause the peripheral device to generate a hash of the operating firmware. The peripheral device can transmit the hash to a validator external to the peripheral device, such as a management processor. The peripheral device can receive, from the validator, a validation decision based on the transmitted hash. In response to the validation decision indicating invalidity of the operating firmware, the peripheral device can execute recovery firmware to cause the peripheral device to retrieve replacement firmware. Depending on the example, the retrieved replacement firmware may replace the operating firmware or the operating firmware may be updated based on the retrieved replacement firmware.
-
公开(公告)号:US12204628B2
公开(公告)日:2025-01-21
申请号:US17660437
申请日:2022-04-25
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Dilip Kumar Ramakrishna Reddy , Kenneth J. Geer , Shiva R. Dasari
Abstract: A process includes accessing by a management controller of a computer platform, a platform certificate that is stored in a secure memory. The platform certificate includes data representing a reference inventory for the computer platform. The platform certificate includes data representing information designated to bind the platform certificate to a security processor. The security processor is accessible by the management controller. The security processor is inaccessible by an operating system of the computer platform. The process includes verifying the platform certificate. Verifying the platform certificate includes validating, by the management controller, a signature of the platform certificate; and validating, by the management controller, the information designated to bind the platform certificate to the security processor. Verifying the platform certificate includes comparing, by the management controller, a second inventory of the computer platform to the reference inventory.
-
公开(公告)号:US11601473B2
公开(公告)日:2023-03-07
申请号:US16860262
申请日:2020-04-28
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Suhas Shivanna , Sridhar Bandi , Yelaka Surya Prakash , Shiva R. Dasari
IPC: H04L9/40
Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.
-
公开(公告)号:US11544382B2
公开(公告)日:2023-01-03
申请号:US17084092
申请日:2020-10-29
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Terry Ping-Chung Lee , Kenneth J. Geer , Shiva R. Dasari
Abstract: A technique includes detecting a presence of a hardware security module in a computer. The hardware security module performs trusted computing base measurements in response to the boot of the computer. The technique includes detecting an intention to change firmware of the computer and regulating providing a message warning about an impact of the change based on the determination. The regulation includes determining whether an operating system of the computer binds operations to the trusted computing base measurements and allowing communication of the message based on the determination.
-
公开(公告)号:US20220138324A1
公开(公告)日:2022-05-05
申请号:US17084092
申请日:2020-10-29
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Terry Ping-Chung Lee , Kenneth J. Geer , Shiva R. Dasari
Abstract: A technique includes detecting a presence of a hardware security module in a computer. The hardware security module performs trusted computing base measurements in response to the boot of the computer. The technique includes detecting an intention to change firmware of the computer and regulating providing a message warning about an impact of the change based on the determination. The regulation includes determining whether an operating system of the computer binds operations to the trusted computing base measurements and allowing communication of the message based on the determination.
-
Patent Agency Ranking
公开(公告)号:US20250045398A1
公开(公告)日:2025-02-06
申请号:US18362151
申请日:2023-07-31
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Dilip Kumar Ramakrishna Reddy , Kenneth J. Geer , Stephen B. Lyle , Shiva R. Dasari
Abstract: In some examples, a security processor receives, from a first management device, measurement data of one or more second management devices. The measurement data is computed at the one or more second management devices based on information in the one or more second management devices and sent from the one or more second management devices to the first management device. The security processor stores the measurement data in a secure storage of the security processor, and provides a representation of the measurement data to validate an integrity of the information in the one or more second management devices.
-
公开(公告)号:US20240364720A1
公开(公告)日:2024-10-31
申请号:US18307379
申请日:2023-04-26
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Thomas Golway , Nigel J. Edwards , Shiva R. Dasari
IPC: H04L9/40 , H04L41/142
CPC classification number: H04L63/1425 , H04L41/142
Abstract: A process includes aggregating a time sequence of samples. Each sample has a plurality of dimensions that correspond to respective metrics that are associated with a microservice. Each sample includes, for each dimension, a measurement of the metric that corresponds to the dimension. The process includes identifying a given sample of the time sequence of samples based on measurements of first samples of the time sequence of samples and determining a sensitivity dependency of the metrics based on the measurements of the given sample. The process includes determining whether the microservice has been subjected to a security attack based on the sensitive dependency.
-
公开(公告)号:US11455396B2
公开(公告)日:2022-09-27
申请号:US15593546
申请日:2017-05-12
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Suhas Shivanna , Shiva R. Dasari
IPC: G06F9/00 , G06F15/177 , G06F21/57 , G06F9/4401 , H04L9/32 , H04L9/08 , G06F8/61
Abstract: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.
-
19.发明授权公开(公告)号:US11226908B2
公开(公告)日:2022-01-18
申请号:US16528559
申请日:2019-07-31
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Dwight D. Riley , Shiva R. Dasari
IPC: G06F12/14 , G06F3/06 , G06F12/1081
Abstract: In exemplary aspects described herein, system memory is secured using protected memory regions. Portions of a system memory are assigned to endpoint devices, such as peripheral component interconnect express (PCIe) compliant devices. The portions of the system memory can include protected memory regions. The protected memory regions of the system memory assigned to each of the endpoint devices are configured to control access thereto using device identifiers and/or process identifiers, such as a process address space ID (PASID). When a transaction request is received by a device, the memory included in that request is used to determine whether it corresponds to a protected memory region. If so, the transaction request is executed if the identifiers in the request match the identifiers for which access is allowed to that protected memory region.
-
公开(公告)号:US20210336992A1
公开(公告)日:2021-10-28
申请号:US16860262
申请日:2020-04-28
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Suhas Shivanna , Sridhar Bandi , Yelaka Surya Prakash , Shiva R. Dasari
IPC: H04L29/06
Abstract: In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.027 seconds)
