公开(公告)号：US20090169020A1

公开(公告)日：2009-07-02

申请号：US12317945

申请日：2008-12-30

Applicant: Palsamy Sakthikumar ,  Vincent J. Zimmer

Inventor： Palsamy Sakthikumar ,  Vincent J. Zimmer

IPC: H04L9/08

CPC classification number: H04L41/00 ,  G06F11/203 ,  G06F21/57 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0827 ,  H04L9/0877 ,  H04L41/28 ,  H04L63/061

Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.

Abstract translation: 一种具有指令的方法，系统和计算机可读存储介质，用于在刀片服务器之间迁移全盘加密的虚拟存储。 获得用于在第一刀片服务器上执行操作的键。 密钥是从虚拟安全硬件实例获得的，并通过安全的带外通信信道提供给第一个刀片服务器。 密钥从第一个刀片服务器迁移到第二个刀片服务器。 该密钥用于对存储在第一个刀片服务器上的数据执行硬件加密。 将数据迁移到第二个刀片服务器，而不会在第一个刀片服务器上解密数据，而第二个刀片服务器使用密钥来访问数据。 描述和要求保护其他实施例。

公开(公告)号：US09384367B2

公开(公告)日：2016-07-05

申请号：US13602449

申请日：2012-09-04

Applicant: Robert C. Swanson ,  Palsamy Sakthikumar ,  Mallik Bulusu ,  Robert Bruce Bahnsen

Inventor： Robert C. Swanson ,  Palsamy Sakthikumar ,  Mallik Bulusu ,  Robert Bruce Bahnsen

IPC: G06F21/57 ,  G06F21/72 ,  G06F21/76

CPC classification number: G06F21/72 ,  G06F21/57 ,  G06F21/575

Abstract: In accordance with some embodiments, a single trusted platform module per platform may be used to handle conventional trusted platform tasks as well as those that would arise prior to the existence of a primary trusted platform module in conventional systems. Thus one single trusted platform module may handle measurements of all aspects of the platform including the baseboard management controller. In some embodiments, a management engine image is validated using a read only memory embedded in a chipset such as a platform controller hub, as the root of trust. Before the baseboard management controller (BMC) is allowed to boot, it must validate the integrity of its flash memory. But the BMC image may be stored in a memory coupled to a platform controller hub (PCH) in a way that it can be validated by the PCH.

Abstract translation: 根据一些实施例，可以使用每个平台的单个可信平台模块来处理常规可信任平台任务以及在传统系统中存在主要可信平台模块之前出现的那些任务。 因此，单个可信平台模块可以处理包括基板管理控制器的平台的所有方面的测量。 在一些实施例中，使用嵌入在诸如平台控制器集线器的芯片组中的只读存储器作为信任根来验证管理引擎映像。 在允许引导基板管理控制器（BMC）之前，必须验证其闪存的完整性。 但是，BMC图像可以存储在耦合到平台控制器集线器（PCH）的存储器中，其可以由PCH验证。

公开(公告)号：US08650414B2

公开(公告)日：2014-02-11

申请号：US12890222

申请日：2010-09-24

Applicant: Sarathy Jayakumar ,  Gopal R. Mundada ,  Palsamy Sakthikumar

Inventor： Sarathy Jayakumar ,  Gopal R. Mundada ,  Palsamy Sakthikumar

IPC: G06F1/00 ,  G06F13/00 ,  G06F3/00 ,  G06F11/00

CPC classification number: G06F11/3062 ,  G06F11/3031 ,  G06F11/3037 ,  G06F11/327

Abstract: Memory reconfiguration during system run-time is described. In one example, a system includes a memory slot to carry a memory board and to connect the memory board to a memory controller for read and write operations, a logic device having a plurality of status registers to record the status of the memory slot and a plurality of control registers to control the operation of the memory slot, and a bus interface coupled through direct signal lines to the memory slot to communicate status and control signals with the memory slot and coupled through a serial bus to the logic device to communicate status and control signals with the logic device.

Abstract translation: 描述系统运行时的内存重新配置。 在一个示例中，系统包括用于承载存储器板并且将存储器板连接到存储器控制器用于读取和写入操作的存储器插槽，具有多个状态寄存器以记录存储器槽的状态的逻辑设备和 多个控制寄存器来控制存储器插槽的操作，以及总线接口，通过直接信号线耦合到存储器插槽，以与存储器槽通信状态和控制信号，并通过串行总线耦合到逻辑器件以传送状态和 控制信号与逻辑器件。

公开(公告)号：US20130340081A1

公开(公告)日：2013-12-19

申请号：US13992009

申请日：2012-03-30

Applicant: Palsamy Sakthikumar ,  Vincent Zimmer ,  Robert C. Swanson

Inventor： Palsamy Sakthikumar ,  Vincent Zimmer ,  Robert C. Swanson

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/566

Abstract: An apparatus includes a memory that is accessible by an operating system; and a basic input/output system (BIOS) handler. The BIOS handler, in response to detected malicious software activity, stores data in the memory to report the activity to the operating system.

Abstract translation: 一种装置包括可由操作系统访问的存储器; 和基本的输入/输出系统（BIOS）处理程序。 BIOS处理程序响应于检测到的恶意软件活动，将数据存储在内存中以向操作系统报告活动。

公开(公告)号：US08566613B2

公开(公告)日：2013-10-22

申请号：US12814246

申请日：2010-06-11

Applicant: Palsamy Sakthikumar ,  Robert C. Swanson ,  Vincent J. Zimmer ,  Michael A. Rothman ,  Mallik Bulusu

Inventor： Palsamy Sakthikumar ,  Robert C. Swanson ,  Vincent J. Zimmer ,  Michael A. Rothman ,  Mallik Bulusu

IPC: G06F11/30

CPC classification number: G06F21/572 ,  G06F2221/2141

Abstract: A method, apparatus, system, and computer program product for multi-owner deployment of firmware images. The method includes obtaining a signed firmware image that comprises a first code module signed by a first code owner and a second code module signed by a second code owner. The method further includes obtaining an updated first code module comprising updated code for the first code module, verifying that the updated first code module is signed by the first code owner, and updating the signed firmware image with the updated first code module in response to verifying that the updated first code module is signed by the first code owner. The signed firmware image may further comprise an access control list that authorizes updates to the first code module by the first code owner and updates to the second code module by the second code owner.

Abstract translation: 一种用于多所有者部署固件映像的方法，设备，系统和计算机程序产品。 该方法包括获得包括由第一代码所有者签名的第一代码模块和由第二代码所有者签名的第二代码模块的签名固件映像。 该方法还包括获得包括用于第一代码模块的更新的代码的更新的第一代码模块，验证更新的第一代码模块是否被第一代码所有者签名，以及响应于验证更新带有更新的第一代码模块的签名固件图像 更新的第一代码模块由第一代码所有者签名。 签名的固件图像还可以包括访问控制列表，其授权第一代码所有者更新第一代码模块，并由第二代码所有者更新第二代码模块。

公开(公告)号：US20130210483A1

公开(公告)日：2013-08-15

申请号：US13758918

申请日：2013-02-04

Applicant: Vincent J. Zimmer ,  Michael A. Rothman ,  Palsamy Sakthikumar ,  Mallik Bulusu ,  Robert C. Swanson

Inventor： Vincent J. Zimmer ,  Michael A. Rothman ,  Palsamy Sakthikumar ,  Mallik Bulusu ,  Robert C. Swanson

IPC: H04W88/06

CPC classification number: H04W88/06 ,  G06F9/5077

Abstract: A software-defined radio (SDR) capability may be provided in a general purpose, many core processing system by sequestering one or more partitions running on one or more cores and instantiating a communications capability by having discrete SDR functions performed by the sequestered partitions. Each SDR module embodied in a sequestered partition may be independently upgraded without modifying the hardware of the underlying processing system. By executing SDR modules in cores not accessible by application programs and/or an operating system (OS), a better Quality of Service (QoS) may be provided for wireless communications on the general purpose, multi-core processing system. An embodiment comprises isolating a core of a many core processing system as a sequestered partition, loading a software-defined radio module onto the core, and executing the software-defined module to implement wireless communications.

Abstract translation: 可以在通用目的的许多核心处理系统中通过隔离在一个或多个核上运行的一个或多个分区并通过具有由隔离分区执行的离散SDR功能来实例化通信能力来提供软件定义无线电（SDR）能力。 实施在隔离分区中的每个SDR模块可以独立升级，而无需修改底层处理系统的硬件。 通过在应用程序和/或操作系统（OS）不可访问的核心中执行SDR模块，可以为通用多核处理系统上的无线通信提供更好的服务质量（QoS）。 一个实施例包括将许多核心处理系统的核心隔离为隔离分区，将软件定义的无线电模块加载到核心上，以及执行软件定义模块以实现无线通信。

公开(公告)号：US08499141B2

公开(公告)日：2013-07-30

申请号：US12848654

申请日：2010-08-02

Applicant: Robert C. Swanson ,  Vincent J. Zimmer ,  Mallik Bulusu ,  Michael A. Rothman ,  Palsamy Sakthikumar

Inventor： Robert C. Swanson ,  Vincent J. Zimmer ,  Mallik Bulusu ,  Michael A. Rothman ,  Palsamy Sakthikumar

IPC: G06F15/177 ,  G06F9/00 ,  H04Q5/22

CPC classification number: H04L45/02 ,  H04W4/80 ,  H04W84/18

Abstract: Radio frequency identification (RFID) tags embedded in processors within a computing system provide a separate communication path to other components of the computing system during initialization processing, apart from the system interconnect. Upon powering up, each processor causes its RFID tag to broadcast data regarding the processor's interconnect location and initialization status. A RFID receiver senses the RFID tags in the Platform Control Hub (PCH), and each processor's interconnect location and initialization status data is stored in registers within the PCH. During system initialization processing, the BIOS accesses these PCH registers to obtain the processor's data. The interconnect location and initialization status data is used by the BIOS to select the optimal routing table and configure the virtual network within the computing system based on the optimal routing table and the RFID tag data, without interrogating each processor individually over the system interconnect.

Abstract translation: 除了系统互连之外，嵌入在计算系统内的处理器中的射频识别（RFID）标签在初始化处理期间提供到计算系统的其他组件的单独的通信路径。 上电时，每个处理器使其RFID标签广播关于处理器的互连位置和初始化状态的数据。 RFID接收器感测平台控制中心（PCH）中的RFID标签，并且每个处理器的互连位置和初始化状态数据存储在PCH内的寄存器中。 在系统初始化处理期间，BIOS访问这些PCH寄存器以获得处理器的数据。 BIOS使用互连位置和初始化状态数据，选择最优路由表，并根据最佳路由表和RFID标签数据配置计算系统内的虚拟网络，而不会在系统互连单独询问每个处理器。

公开(公告)号：US08479017B2

公开(公告)日：2013-07-02

申请号：US12819933

申请日：2010-06-21

Applicant: Vincent J. Zimmer ,  Michael A. Rothman ,  Robert C. Swanson ,  Palsamy Sakthikumar ,  Mallik Bulusu

Inventor： Vincent J. Zimmer ,  Michael A. Rothman ,  Robert C. Swanson ,  Palsamy Sakthikumar ,  Mallik Bulusu

IPC: G06F21/00

CPC classification number: G06F21/57 ,  G06F2221/2111 ,  G06F2221/2151

Abstract: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.

Abstract translation: 可以通过将一个或多个附加属性（诸如地理位置，可信时间，硬件供应商串和一个或多个环境因素）包括在用于机器模式的访问控制空间中来实现计算系统的安全协处理器模块中的局部性 计算系统的测量。

公开(公告)号：US08391913B2

公开(公告)日：2013-03-05

申请号：US11779803

申请日：2007-07-18

Applicant: Vincent J. Zimmer ,  Michael A. Rothman ,  Palsamy Sakthikumar ,  Mallik Bulusu ,  Robert C. Swanson

Inventor： Vincent J. Zimmer ,  Michael A. Rothman ,  Palsamy Sakthikumar ,  Mallik Bulusu ,  Robert C. Swanson

IPC: H04B1/26

CPC classification number: H04W88/06 ,  G06F9/5077

Abstract: A software-defined radio (SDR) capability may be provided in a general purpose, many core processing system by sequestering one or more partitions running on one or more cores and instantiating a communications capability by having discrete SDR functions performed by the sequestered partitions. Each SDR module embodied in a sequestered partition may be independently upgraded without modifying the hardware of the underlying processing system. By executing SDR modules in cores not accessible by application programs and/or an operating system (OS), a better Quality of Service (QoS) may be provided for wireless communications on the general purpose, multi-core processing system. An embodiment comprises isolating a core of a many core processing system as a sequestered partition, loading a software-defined radio module onto the core, and executing the software-defined module to implement wireless communications.

Abstract translation: 可以在通用目的的许多核心处理系统中通过隔离在一个或多个核上运行的一个或多个分区并通过具有由隔离分区执行的离散SDR功能来实例化通信能力来提供软件定义无线电（SDR）能力。 实施在隔离分区中的每个SDR模块可以独立升级，而无需修改底层处理系统的硬件。 通过在应用程序和/或操作系统（OS）不可访问的核心中执行SDR模块，可以为通用多核处理系统上的无线通信提供更好的服务质量（QoS）。 一个实施例包括将许多核心处理系统的核心隔离为隔离分区，将软件定义的无线电模块加载到核心上，以及执行软件定义模块以实现无线通信。

公开(公告)号：US08370667B2

公开(公告)日：2013-02-05

申请号：US12976514

申请日：2010-12-22

Applicant: Michael A. Rothman ,  Palsamy Sakthikumar ,  Vincent J. Zimmer ,  Mallik Bulusu ,  Robert C. Swanson

Inventor： Michael A. Rothman ,  Palsamy Sakthikumar ,  Vincent J. Zimmer ,  Mallik Bulusu ,  Robert C. Swanson

IPC: G06F1/32

CPC classification number: G06F9/4418

Abstract: A method and apparatus for improving the resume time of a platform. In one embodiment of the invention, the context of the platform is saved prior to entering an inactive state of the platform. When the platform is switched back to an active state, it reads the saved context and restores the platform to its original state prior to entering the inactive state. In one embodiment of the invention, the platform determines whether it should compress the saved context before storing it in a non-volatile memory based on the operating condition of the platform. This allows the platform to select the optimum method to allow faster resume time of the platform.

Abstract translation: 一种用于提高平台恢复时间的方法和装置。 在本发明的一个实施例中，平台的上下文在进入平台的不活动状态之前被保存。 当平台切换回活动状态时，它读取保存的上下文，并在进入非活动状态之前将平台恢复到原始状态。 在本发明的一个实施例中，平台基于平台的操作条件来确定在将保存的上下文存储在非易失性存储器中之前是否应该压缩保存的上下文。 这允许平台选择最佳方法以允许更快的平台恢复时间。