公开(公告)号：US20120084552A1

公开(公告)日：2012-04-05

申请号：US12894876

申请日：2010-09-30

Applicant: Palsamy Sakthikumar ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Mallik Bulusu

Inventor： Palsamy Sakthikumar ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Mallik Bulusu

IPC: G06F9/00

CPC classification number: G06F13/105 ,  G06F9/4812 ,  G06F21/572 ,  G06F2221/2105

Abstract: A method, apparatus, system, and computer program product for secure server system management. A payload containing system software and/or firmware updates is distributed in an on-demand, secure I/O operation. The I/O operation is performed via a secured communication channel inaccessible by the server operating system to an emulated USB drive. The secure communication channel can be established for the I/O operation only after authenticating the recipient of the payload, and the payload can be protected from access by a potentially-infected server operating system. Furthermore, the payload can be delivered on demand rather than relying on a BIOS update schedule, and the payload can be delivered at speeds of a write operation to a USB drive.

Abstract translation: 一种用于安全服务器系统管理的方法，设备，系统和计算机程序产品。 包含系统软件和/或固件更新的有效载荷以按需安全I / O操作分发。 I / O操作通过服务器操作系统无法访问到模拟USB驱动器的安全通信通道执行。 只有在验证有效负载的收件人之后，才能为I / O操作建立安全通信通道，并且可以保护有效负载免受潜在感染的服务器操作系统的访问。 此外，有效载荷可以按需传送，而不是依赖于BIOS更新计划，并且有效载荷可以以写入操作的速度传送到USB驱动器。

公开(公告)号：US09075751B2

公开(公告)日：2015-07-07

申请号：US13570315

申请日：2012-08-09

Applicant: Palsamy Sakthikumar ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Eswaramoorthi Nallusamy

Inventor： Palsamy Sakthikumar ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Eswaramoorthi Nallusamy

IPC: G06F12/00 ,  G06F13/00 ,  G06F12/14

CPC classification number: G06F12/1416 ,  G06F12/1425

Abstract: Generally, this disclosure provides methods and systems for secure data protection with improved read-only memory locking during system pre-boot including protection of Advanced Configuration and Power Interface (ACPI) tables. The methods may include selecting a region of system memory to be protected, the selection occurring in response to a system reset state and performed by a trusted control block (TCB) comprising a trusted basic input/output system (BIOS); programming an address decoder circuit to configure the selected region as read-write; moving data to be secured to the selected region; programming the address decoder circuit to configure the selected region as read-only; and locking the read-only configuration in the address decoder circuit.

Abstract translation: 通常，本公开提供用于在系统预引导期间具有改进的只读存储器锁定的安全数据保护的方法和系统，包括高级配置和电源接口（ACPI）表的保护。 所述方法可以包括选择要保护的系统存储器的区域，响应于系统复位状态而发生的选择并且由包括可信赖的基本输入/输出系统（BIOS）的信任控制块（TCB）执行的选择; 编程地址解码器电路以将所选择的区域配置为读写; 将数据移动到所选区域; 编程地址解码器电路将所选区域配置为只读; 并将只读配置锁定在地址解码器电路中。

公开(公告)号：US09047468B2

公开(公告)日：2015-06-02

申请号：US12317945

申请日：2008-12-30

Applicant: Palsamy Sakthikumar ,  Vincent J. Zimmer

Inventor： Palsamy Sakthikumar ,  Vincent J. Zimmer

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/80 ,  H04L9/08 ,  G06F11/20

CPC classification number: H04L41/00 ,  G06F11/203 ,  G06F21/57 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0827 ,  H04L9/0877 ,  H04L41/28 ,  H04L63/061

Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.

公开(公告)号：US20140189197A1

公开(公告)日：2014-07-03

申请号：US13728608

申请日：2012-12-27

Applicant: RAMAMURTHY KRITHIVAS ,  PALSAMY SAKTHIKUMAR

Inventor： RAMAMURTHY KRITHIVAS ,  PALSAMY SAKTHIKUMAR

IPC: G06F12/02

CPC classification number: G06F12/0246 ,  G06F2212/7201 ,  Y02D10/13

Abstract: Methods and apparatus related to sharing Serial Peripheral Interface (SPI) flash memory in a multi-node server SoC (System on Chip) platform environment are described. In one embodiment, multi-port non-volatile memory is shared by a plurality of System on Chip (SoC) devices. Each of the plurality of SoC devices comprises controller logic to control access to the multi-port non-volatile memory and/or to translate a host referenced address of a memory access request to a linear address space and a physical address space of the multi-port non-volatile memory. Other embodiments are also disclosed and claimed.

Abstract translation: 描述了在多节点服务器SoC（片上系统）平台环境中共享串行外设接口（SPI）闪存的方法和装置。 在一个实施例中，多端口非易失性存储器被多个片上系统（SoC）器件共享。 多个SoC设备中的每一个包括控制器逻辑，用于控制对多端口非易失性存储器的访问和/或将存储器访问请求的主机参考地址转换为多址端口非易失性存储器的线性地址空间和物理地址空间， 端口非易失性存储器。 还公开并要求保护其他实施例。

公开(公告)号：US20140006764A1

公开(公告)日：2014-01-02

申请号：US13536449

申请日：2012-06-28

Applicant: Robert Swanson ,  Mallik Bulusu ,  Palsamy Sakthikumar ,  Ramamurthy Krithivas ,  James Steven Burns

Inventor： Robert Swanson ,  Mallik Bulusu ,  Palsamy Sakthikumar ,  Ramamurthy Krithivas ,  James Steven Burns

IPC: G06F9/00

CPC classification number: G06F9/4406 ,  G06F9/4401

Abstract: Methods and apparatus are disclosed to improve system boot speed. A disclosed example method includes associating a first serial peripheral interface (SPI) with a baseboard management controller (BMC), copying an image from the first SPI to a volatile memory in response to receiving power at the BMC, and in response to receiving an access request associated with the first SPI, providing access to the image stored in the volatile memory.

Abstract translation: 公开了提高系统引导速度的方法和装置。 所公开的示例性方法包括将第一串行外设接口（SPI）与基板管理控制器（BMC）相关联，响应于BMC处的接收功率将图像从第一SPI复制到易失性存储器，以及响应于接收到访问 请求与第一SPI相关联，提供对存储在易失性存储器中的图像的访问。

公开(公告)号：US08583908B2

公开(公告)日：2013-11-12

申请号：US11968032

申请日：2007-12-31

Applicant: Vincent J. Zimmer ,  Palsamy Sakthikumar ,  Mallik Bulusu

Inventor： Vincent J. Zimmer ,  Palsamy Sakthikumar ,  Mallik Bulusu

IPC: G06F15/177 ,  G06F7/04

CPC classification number: G06F9/4401

Abstract: Techniques and architectures to provide high assurance image invocation in a pre-boot environment. These techniques may augment implementations of the Unified Extensible Firmware Interface (UEFI) to invoke UEFI images using Trusted Execution Technology (TXT). This can operate to combine pre-boot secure flows, such as UEFI image invocation, with the secure launch instruction set extensions of TXT. This may entail combination of the UEFI StartImage instruction with the SMX leaf SENTER instruction. This may operate to allow original equipment manufacturer (OEM) firmware as a guard and that uses UEFI and TXT access control logic at the same instance to pass control to the operating system (OS).

Abstract translation: 技术和架构，可在预引导环境中提供高度保证的图像调用。 这些技术可以增加统一可扩展固件接口（UEFI）的实现，以使用可信执行技术（TXT）来调用UEFI图像。 这可以将预引导安全流（例如UEFI映像调用）与TXT的安全启动指令集扩展相结合。 这可能需要UEFI StartImage指令与SMX叶SENTER指令的组合。 这可能会使原始设备制造商（OEM）固件成为防护装置，并且在同一实例中使用UEFI和TXT访问控制逻辑将控制权传给操作系统（OS）。

公开(公告)号：US20130218551A1

公开(公告)日：2013-08-22

申请号：US13848133

申请日：2013-03-21

Applicant: Palsamy Sakthikumar ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Mallik Bulusu

Inventor： Palsamy Sakthikumar ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Mallik Bulusu

IPC: G06F13/10

CPC classification number: G06F13/105 ,  G06F9/4812 ,  G06F21/572 ,  G06F2221/2105

Abstract: A method, apparatus, system, and computer program product for secure server system management. A payload containing system software and/or firmware updates is distributed in an on-demand, secure I/O operation. The I/O operation is performed via a secured communication channel inaccessible by the server operating system to an emulated USB drive. The secure communication channel can be established for the I/O operation only after authenticating the recipient of the payload, and the payload can be protected from access by a potentially-infected server operating system. Furthermore, the payload can be delivered on demand rather than relying on a BIOS update schedule, and the payload can be delivered at speeds of a write operation to a USB drive.

Abstract translation: 一种用于安全服务器系统管理的方法，设备，系统和计算机程序产品。 包含系统软件和/或固件更新的有效载荷以按需安全I / O操作分发。 I / O操作通过服务器操作系统无法访问到模拟USB驱动器的安全通信通道执行。 只有在验证有效负载的收件人之后，才能为I / O操作建立安全通信通道，并且可以保护有效负载免受潜在感染的服务器操作系统的访问。 此外，有效载荷可以按需传送，而不是依赖于BIOS更新计划，并且有效载荷可以以写入操作的速度传送到USB驱动器。

公开(公告)号：US08428929B2

公开(公告)日：2013-04-23

申请号：US12894876

申请日：2010-09-30

Applicant: Palsamy Sakthikumar ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Mallik Bulusu

Inventor： Palsamy Sakthikumar ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Mallik Bulusu

IPC: G06F9/455

CPC classification number: G06F13/105 ,  G06F9/4812 ,  G06F21/572 ,  G06F2221/2105

Abstract: A method, apparatus, system, and computer program product for secure server system management. A payload containing system software and/or firmware updates is distributed in an on-demand, secure I/O operation. The I/O operation is performed via a secured communication channel inaccessible by the server operating system to an emulated USB drive. The secure communication channel can be established for the I/O operation only after authenticating the recipient of the payload, and the payload can be protected from access by a potentially-infected server operating system. Furthermore, the payload can be delivered on demand rather than relying on a BIOS update schedule, and the payload can be delivered at speeds of a write operation to a USB drive.

公开(公告)号：US20120159136A1

公开(公告)日：2012-06-21

申请号：US12969655

申请日：2010-12-16

Applicant: Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Palsamy Sakthikumar ,  Mallik Bulusu

Inventor： Michael A. Rothman ,  Vincent J. Zimmer ,  Robert C. Swanson ,  Palsamy Sakthikumar ,  Mallik Bulusu

IPC: G06F9/00

CPC classification number: G06F9/4401

Abstract: Methods, systems and computer program products are disclosed for enhanced system boot processing that is faster to launch the OS because it does not interrogate I/O devices for possible interruption, but that also may be modified to interrogate such devices based on a user selection mechanism. The user selection mechanism may be, for at least one embodiment, a software mechanism such as a control panel module. For other embodiments, the user selection mechanism may be a hardware mechanism, such as a power button or other hardware button or switch. Other embodiments are described and claimed.

Abstract translation: 公开了用于增强的系统引导处理的方法，系统和计算机程序产品，其更快地启动操作系统，因为它不询问I / O设备以便可能的中断，但是也可以修改为基于用户选择机制来询问这样的设备 。 对于至少一个实施例，用户选择机构可以是诸如控制面板模块的软件机构。 对于其他实施例，用户选择机制可以是诸如电源按钮或其他硬件按钮或开关的硬件机构。 描述和要求保护其他实施例。

公开(公告)号：US20090271601A1

公开(公告)日：2009-10-29

申请号：US12109387

申请日：2008-04-25

Applicant: Vincent J. ZIMMER ,  Palsamy Sakthikumar

Inventor： Vincent J. ZIMMER ,  Palsamy Sakthikumar

IPC: G06F15/177

CPC classification number: G06F9/4405

Abstract: A cache-as-RAM (CAR) system of a multi-processor system that includes a plurality of processors may be initialized. The CAR system may assign a physical data address range for each of the plurality of processors such that the physical data address ranges allocated to all of the plurality of processors overlap with each other. A boot code stream may be executed with the CAR appearing to the executing boot stream as a memory store for executing the boot code stream. Other embodiments are described and claimed.

Abstract translation: 可以初始化包括多个处理器的多处理器系统的缓存即RAM（CAR）系统。 CAR系统可以为多个处理器中的每一个分配物理数据地址范围，使得分配给所有多个处理器的物理数据地址范围彼此重叠。 可以执行引导代码流，其中CAR作为执行引导代码流的存储器存储器执行引导流。 描述和要求保护其他实施例。