公开(公告)号：US20170163427A1

公开(公告)日：2017-06-08

申请号：US15323705

申请日：2014-10-23

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Michael R. Krause

IPC: H04L9/32 ,  H04L12/721 ,  H04L29/06 ,  H04L9/14 ,  H04L9/30

CPC classification number: H04L9/3263 ,  G06F21/6209 ,  G06F2221/2141 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3271 ,  H04L45/72 ,  H04L63/0281 ,  H04L63/0823 ,  H04L2209/56

Abstract: A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.

公开(公告)号：US11886593B2

公开(公告)日：2024-01-30

申请号：US18168430

申请日：2023-02-13

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

CPC classification number: G06F21/572 ,  H04L9/0643 ,  G06F2221/033

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US11604881B2

公开(公告)日：2023-03-14

申请号：US17242904

申请日：2021-04-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US11481520B2

公开(公告)日：2022-10-25

申请号：US17122406

申请日：2020-12-15

Applicant: Hewlett Packard Enterprise Development LP

Inventor： David A. Moore ,  Nigel Edwards ,  Jonathon Hughes

IPC: G06F21/73 ,  G06F21/44 ,  H04L9/32

Abstract: Examples described herein relate to a printed circuit assembly (PCA). The PCA includes a printed circuit board (PCB). The PCA further includes an identification device embedded within the PCB. The identification device stores identity information that uniquely identifies identification device and the PCB. Moreover, a PCB identifier defined using the identity information is also stored in a platform attestation file hosted locally within the PCA, on a remote server, or both locally within the PCA and on the remote server. Additionally, the PCA includes an authentication device disposed on the PCB, wherein the platform attestation file is cryptographically bound to the authentication device.

公开(公告)号：US11017080B2

公开(公告)日：2021-05-25

申请号：US16007683

申请日：2018-06-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Theofrastos Koulouris ,  Nigel Edwards

IPC: G06F21/00 ,  G06F21/55

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.

公开(公告)号：US20210067520A1

公开(公告)日：2021-03-04

申请号：US16552357

申请日：2019-08-27

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yongqi Wang ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/56

Abstract: A method includes providing, by a first electronic device, a first request to a second electronic device for the second electronic device to provide data to the first electronic device representing content that is stored in a security component of the second electronic device. The first electronic device receives the response from the second electronic device to the first request and, in response thereto, the first electronic device stores data in the first electronic device representing content that is stored in a security component of the second electronic device. The method includes performing cross-attestation. Performing the cross-attestation includes, in response to an attestation request that is provided by a verifier to the first electronic device, the first electronic device providing to the verifier data representing content that is stored in the security component of the first electronic device and data representing the content stored in the security component of the second electronic device.

公开(公告)号：US20200293652A1

公开(公告)日：2020-09-17

申请号：US16299258

申请日：2019-03-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yongqi Wang ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/55

Abstract: Systems and methods for multi-dimensional attestation are provided. One method for multi-dimensional attestation includes upon occurrence of a triggering event, taking triggered measurements of a platform, the platform including a security co-processor and a volatile memory; extending a platform configuration register of the volatile memory to include the triggered measurements; taking snapshots of the platform configuration register over time; storing the snapshots in a snapshot memory; and upon request, sending the triggered measurements and the snapshots to a verifier for detection of potential attacks.

公开(公告)号：US20190278913A1

公开(公告)日：2019-09-12

申请号：US15915381

申请日：2018-03-08

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/57 ,  G06F21/44 ,  H04L9/08 ,  H04L9/32

Abstract: A method comprising: launching, by a pre-boot environment, a pre-boot launch enclave (LE); creating, by the pre-boot LE, a launch token for a pre-boot quoting enclave (QE); authenticating, by the pre-boot LE, the launch token; launching, by the pre-boot environment with the launch token in response to the authentication, the pre-boot QE; generating, by the pre-boot QE, a public provisioning key, a private provisioning key, and an attestation key; verifying, by the pre-boot QE with a public key, authenticity of a device; securing, by the pre-boot QE with the public provisioning key, private provisioning key, and the public key, a communication channel with the device; encrypting, by the pre-boot QE with a system specific seal key, the public provisioning key, the private provisioning key, and the attestation key; and storing, by the pre-boot QE, the encrypted public provisioning key, the encrypted private provisioning key, and the encrypted attestation key in the device.

公开(公告)号：US10089498B2

公开(公告)日：2018-10-02

申请号：US15021022

申请日：2013-10-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Chris I. Dalton ,  Paolo Faraboschi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/52 ,  G06F21/56 ,  G06F21/79 ,  G06F12/14 ,  G06F21/62

Abstract: According to an example, memory integrity checking may include receiving computer program code, and using a loader to load the computer program code in memory. Memory integrity checking may further include verifying the integrity of the computer program code by selectively implementing synchronous verification and/or asynchronous verification. The synchronous verification may be based on loader security features associated with the loading of the computer program code. Further, the asynchronous verification may be based on a media controller associated with the memory containing the computer program code.

公开(公告)号：US20180157605A1

公开(公告)日：2018-06-07

申请号：US15577895

申请日：2015-11-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Chris I. Dalton ,  Keith Mathew McAuliffe

IPC: G06F13/16 ,  G06F21/79 ,  G06F21/57

CPC classification number: G06F13/1668 ,  G06F13/16 ,  G06F21/577 ,  G06F21/79 ,  G06F2201/84

Abstract: Examples include configuration of a memory controller for copy-on-write. Some examples include, in response to a determination to take a snapshot of memory accessible to a first component, a management subsystem configuring a memory controller to treat location IDs, mapped to initial memory locations of the accessible memory, as copy-on-write for the first component and not for a second component.