-
公开(公告)号:US07483423B2
公开(公告)日:2009-01-27
申请号:US11096843
申请日:2005-03-30
申请人: Karanvir Grewal , David M. Durham
发明人: Karanvir Grewal , David M. Durham
IPC分类号: H04L12/56
CPC分类号: H04L63/123
摘要: Provided are a techniques for storing information in a packet. A data integrity operation is performed over one portion of the packet to calculate an integrity check value using a secret key. The data transformation operation is performed over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet.Other embodiments are described and claimed.
摘要翻译: 提供了用于在信息包中存储信息的技术。 在分组的一部分上执行数据完整性操作,以使用密钥来计算完整性校验值。 在分组的另一可选部分上执行数据变换操作,以将完整性校验值存储在分组的其他部分中,而不增加分组的大小。 描述和要求保护其他实施例。
-
公开(公告)号:US20080022124A1
公开(公告)日:2008-01-24
申请号:US11425897
申请日:2006-06-22
IPC分类号: G06F12/14
CPC分类号: G06F21/602 , G06F21/72
摘要: Methods and apparatus to off-load cryptographic processes are disclosed. An example method includes receiving a request to perform a cryptographic process at a first component of a processor system, transmitting the request over a data bus to a second component of a processor system, receiving the request at the second component, and performing the cryptographic process on the second component. For example, the first component may be a processor and the second component may be a management agent. Other embodiments are described and claimed.
摘要翻译: 公开了卸载加密过程的方法和装置。 一种示例性方法包括接收在处理器系统的第一组件处执行密码处理的请求,通过数据总线将请求发送到处理器系统的第二组件,在第二组件处接收请求,以及执行密码处理 在第二个组件上。 例如,第一组件可以是处理器,第二组件可以是管理代理。 描述和要求保护其他实施例。
-
公开(公告)号:US20060227773A1
公开(公告)日:2006-10-12
申请号:US11096843
申请日:2005-03-30
申请人: Karanvir Grewal , David Durham
发明人: Karanvir Grewal , David Durham
CPC分类号: H04L63/123
摘要: Provided are a techniques for storing information in a packet. A data integrity operation is performed over one portion of the packet to calculate an integrity check value using a secret key. The data transformation operation is performed over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet. Other embodiments are described and claimed.
-
14.发明授权Techniques for authenticated posture reporting and associated enforcement of network access 有权用于认证状态报告和网络访问相关实施的技术公开(公告)号:US08671439B2
公开(公告)日:2014-03-11
申请号:US12460736
申请日:2009-07-23
申请人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号: G06F21/00
CPC分类号: H04L63/10 , G06F2221/2141 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L63/0209 , H04L63/08 , H04L63/20
摘要: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
摘要翻译: 允许固件代理在主机平台上作为防篡改代理操作的体系结构和技术,可在主机平台上用作受信任的策略执行点(PEP),即使主机操作系统受到威胁也可执行策略。 PEP可用于在主机平台上打开访问控制和/或修复通道。 固件代理还可以根据授权的企业PDP实体在主机平台上作为本地策略决策点(PDP),通过在主机信任代理不响应时提供策略,并且当主机信任时可以用作被动代理 代理功能。
-
15.发明授权公开(公告)号:US08584204B2
公开(公告)日:2013-11-12
申请号:US12460736
申请日:2009-07-23
申请人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
发明人: David Durham , Ravi Sahita , Karanvir Grewal , Ned Smith , Kapil Sood
IPC分类号: G06F21/00
摘要: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.
-
公开(公告)号:US08555348B2
公开(公告)日:2013-10-08
申请号:US12714979
申请日:2010-03-01
申请人: Hormuzd Khosravi , David Durham , Karanvir Grewal
发明人: Hormuzd Khosravi , David Durham , Karanvir Grewal
IPC分类号: G06F17/30
CPC分类号: H04L63/0227
摘要: A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
摘要翻译: 一种方法,其包括从耦合到网络的平台上的访问请求者发起网络访问请求,所述网络访问请求发送到网络的策略决策点。 该方法还包括在策略决策点和平台上的策略执行点之间的通信链路上建立安全通信信道。 通过另一个通信链路建立另一个安全通信信道。 另一个通信链路至少在平台上驻留的策略执行点和可管理引擎之间。 可管理性引擎经由另一个安全通信信道转发与访问请求者相关联的姿势信息。 然后,姿势信息经由策略执行点和策略决策点之间的安全通信信道被转发到策略决策点。 策略决策点基于姿势信息与一个或多个网络管理策略的比较来指示访问请求者可以获得哪些访问到网络。
-
公开(公告)号:US08375430B2
公开(公告)日:2013-02-12
申请号:US11475751
申请日:2006-06-27
CPC分类号: H04L9/3234 , H04L9/3271 , H04L63/162 , H04W12/06
摘要: Secure re-authentication of host devices roaming between different connection and/or access points within a network controlled by the same administrative domain is described. Platform overhead associated with exchanging information for authentication and/or validation on each new connection during mobility is reduced by enabling prior authenticated network access to influence subsequent network access.
摘要翻译: 描述在由相同管理域控制的网络内的不同连接和/或接入点之间漫游的主机设备的安全重新认证。 通过使先前的经过身份验证的网络访问来影响后续网络访问,减少了在移动性期间在每个新连接上交换用于认证和/或验证的信息的平台开销。
-
18.发明授权Methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control 有权用于动态评估和授权网络访问控制的方法,设备和系统公开(公告)号:US07827593B2
公开(公告)日:2010-11-02
申请号:US11171593
申请日:2005-06-29
申请人: Ned M. Smith , Howard C. Herbert , Karanvir Grewal
发明人: Ned M. Smith , Howard C. Herbert , Karanvir Grewal
CPC分类号: H04L63/20 , H04L63/105 , H04L63/1408
摘要: Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be capable of dynamically switching among a number of network access control modes responsive to an instruction received from the network connection.
摘要翻译: 本发明的实施例一般涉及用于动态评估和授权网络访问控制的方法,装置和系统。 在一个实施例中,平台包括用于控制网络连接的开关和与开关耦合的端点执行引擎。 端点执行引擎可以响应于从网络连接接收的指令而能够在多个网络访问控制模式之间动态切换。
-
19.发明申请Method and apparatus for multiple inclusion offsets for security protocols 审中-公开用于安全协议的多重包含偏移的方法和装置公开(公告)号:US20080022388A1
公开(公告)日:2008-01-24
申请号:US11478986
申请日:2006-06-30
申请人: Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人: Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号: G06F15/16
CPC分类号: H04L63/105
摘要: A method and apparatus to define multiple zones in a data packet for inclusion in processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations to which the zone is subjected. In another embodiment, the list of security operations for a zone includes parameters to be passed when performing the security operations on the zone.
摘要翻译: 一种在数据分组中定义多个区域以包括在安全协议的安全操作的处理中的方法和装置。 在一个实施例中,每个定义的区域具有该区域经受的安全操作的关联列表。 在另一个实施例中,区域的安全操作的列表包括在区域上执行安全操作时要传递的参数。
-
公开(公告)号:US20080022354A1
公开(公告)日:2008-01-24
申请号:US11475751
申请日:2006-06-27
IPC分类号: H04L9/00
CPC分类号: H04L9/3234 , H04L9/3271 , H04L63/162 , H04W12/06
摘要: Secure re-authentication of host devices roaming between different connection and/or access points within a network controlled by the same administrative domain is described. Platform overhead associated with exchanging information for authentication and/or validation on each new connection during mobility is reduced by enabling prior authenticated network access to influence subsequent network access.
摘要翻译: 描述在由相同管理域控制的网络内的不同连接和/或接入点之间漫游的主机设备的安全重新认证。 通过使先前的经过身份验证的网络访问来影响后续网络访问,减少了在移动性期间在每个新连接上交换用于认证和/或验证的信息的平台开销。
-
-
-
-
-
-
-
-
-
搜索结果
43 条记录 (耗时 0.023 秒)
