-
公开(公告)号:US20110145558A1
公开(公告)日:2011-06-16
申请号:US12636884
申请日:2009-12-14
申请人: Hormuzd M. Khosravi , Ajith K. Illendula , Ned M. Smith , Yasser Rasheed , Tracie L. Zenti , Bryan K. Jorgensen
发明人: Hormuzd M. Khosravi , Ajith K. Illendula , Ned M. Smith , Yasser Rasheed , Tracie L. Zenti , Bryan K. Jorgensen
IPC分类号: G06F15/177 , G06F13/00
CPC分类号: G06F9/4416 , G06F13/105 , G06F13/4027
摘要: A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.
摘要翻译: 管理引擎可用于在引导过程期间以及其后响应于操作系统枚举来捕获配置周期。 结果,可以创建虚拟总线设备。 总线设备可用于将软件提供给平台,即使操作系统损坏或不起作用。
-
公开(公告)号:US20110138166A1
公开(公告)日:2011-06-09
申请号:US12974244
申请日:2010-12-21
IPC分类号: G06F9/24
CPC分类号: G06F21/575
摘要: In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种从配置有全盘加密(FDE)的非易失性存储器获得预引导认证(PBA)图像并将PBA图像存储在存储器中的方法。 然后,可以在执行在芯片组的引擎上的加载器和提供PBA图像以确认PBA图像的完整性的第三方的完整性检查器之间执行回调协议,如果确认完整性则执行PBA图像;以及 否则删除。 描述和要求保护其他实施例。
-
公开(公告)号:US20230119552A1
公开(公告)日:2023-04-20
申请号:US18084746
申请日:2022-12-20
申请人: Kshitij Arun Doshi , Hassnaa Moustafa , Francesc Guim Bernat , Christian Maciocco , Srikathyayani Srikanteswara , Vesh Raj Sharma Banjade , S M Iftekharul Alam , Satish Chandra Jha , Ned M. Smith
发明人: Kshitij Arun Doshi , Hassnaa Moustafa , Francesc Guim Bernat , Christian Maciocco , Srikathyayani Srikanteswara , Vesh Raj Sharma Banjade , S M Iftekharul Alam , Satish Chandra Jha , Ned M. Smith
IPC分类号: H04L47/783
摘要: Systems and methods for managing distributed compute resources are described herein. A system is configured to receive, from an agent operating at a first compute domain of a plurality of compute domains, a request for compute resources; broadcast the request for compute resources to respective agents at the plurality of compute domains; receive a plurality of offers for available compute resources from at least a portion of the plurality of compute domains; transmit, to a selected agent at a selected compute domain of the plurality of compute domains, a commit message to reserve compute resources of the selected compute domain associated with a selected offer of the plurality of offers; and transmit an indication of the commit message to the agent at the first compute domain, wherein the first compute domain is to use the compute resources reserved at the selected compute domain for workloads of the first compute domain.
-
公开(公告)号:US20230010406A1
公开(公告)日:2023-01-12
申请号:US17711933
申请日:2022-04-01
IPC分类号: H04L9/40
摘要: The subject matter described herein provides technical solutions for technical problems facing computing network security. Technical solutions described herein include adaptive sniffing of networking traffic, such as using a brokered network traffic sniffing framework. A brokered sniffing framework may be used to provide dynamic adjustment of network access points and network traffic sampling queries, such as by providing dynamic adjustment in response to changes to the network topology or network traffic. The brokered sniffing framework may provide improved statistical sampling of network traffic using improved network traffic telemetry, such as by modifying a statistical profile of network traffic contents that are collected. The network traffic telemetry may be used to identify various changes in network traffic, such as by identifying statistically significant changes in latencies, bandwidths, or other data center performance metrics.
-
公开(公告)号:US20220225227A1
公开(公告)日:2022-07-14
申请号:US17711579
申请日:2022-04-01
申请人: Satish Chandra Jha , S M Iftekharul Alam , Vesh Raj Sharma Banjade , Ned M. Smith , Arvind Merwaday , Kshitij Arun Doshi , Francesc Guim Bernat , Liuyang Lily Yang , Kuilin Clark Chen , Christian Maciocco , Marcio Rogerio Juliato , Maruti Gupta Hyde , Manoj R. Sastry
发明人: Satish Chandra Jha , S M Iftekharul Alam , Vesh Raj Sharma Banjade , Ned M. Smith , Arvind Merwaday , Kshitij Arun Doshi , Francesc Guim Bernat , Liuyang Lily Yang , Kuilin Clark Chen , Christian Maciocco , Marcio Rogerio Juliato , Maruti Gupta Hyde , Manoj R. Sastry
摘要: System and techniques for network slice resiliency are described herein. An indication of a fault-attack-failure-outage (FAFO) event for a network slice may be received. Here, the network slice is one of multiple network slices. A capacity in a slice segment may be estimated to determine whether there is enough capacity to meet a service level agreement (SLA) of the multiple network slices based on the FAFO event. In this case, the slice segment is a set of physical resources shared by the multiple network slices. Operation of the slice segment may then be modified based on results from estimating the capacity in the slice segment to address impacts from the FAFO event.
-
公开(公告)号:US20220116445A1
公开(公告)日:2022-04-14
申请号:US17559968
申请日:2021-12-22
申请人: Miltiadis Filippou , Dario Sabella , Kishen Maloor , Ned M. Smith
发明人: Miltiadis Filippou , Dario Sabella , Kishen Maloor , Ned M. Smith
IPC分类号: H04L67/10 , H04L67/12 , H04L67/568 , H04L41/0803
摘要: A machine-readable storage medium includes instructions stored thereupon, which when executed by processing circuitry of a computing node operable to implement a service mesh control plane (SMCP) in a MEC network, cause the processing circuitry to decode an attestation request received from a sidecar proxy of a deployable instance. The sidecar proxy is instantiated on a MEC host. Evidence information is collected from the deployable instance responsive to the attestation request, the evidence information comprising at least one security configuration of the deployable instance. An attestation of the evidence information is performed using a verified configuration of the deployable instance to generate an integrity report. An attestation token is generated based on the integrity report and is encoded for transmission to the MEC host. The attestation token authorizes the sidecar proxy to obtain configuration to facilitate a data exchange between the deployable instance and at least another deployable instance.
-
公开(公告)号:US20220114251A1
公开(公告)日:2022-04-14
申请号:US17561134
申请日:2021-12-23
申请人: Francesc Guim Bernat , Kshitij Arun Doshi , Adrian Hoban , Thijs Metsch , Dario Nicolas Oliver , Marcos E. Carranza , Mats Gustav Agerstam , Bin Li , Patrick Koeberl , Susanne M. Balle , John J. Browne , Cesar Martinez-Spessot , Ned M. Smith
发明人: Francesc Guim Bernat , Kshitij Arun Doshi , Adrian Hoban , Thijs Metsch , Dario Nicolas Oliver , Marcos E. Carranza , Mats Gustav Agerstam , Bin Li , Patrick Koeberl , Susanne M. Balle , John J. Browne , Cesar Martinez-Spessot , Ned M. Smith
IPC分类号: G06F21/51 , G06F21/57 , H04L43/0823 , H04L41/5009
摘要: Various systems and methods for implementing reputation management and intent-based security mechanisms are described herein. A system for implementing intent-driven security mechanisms, configured to: determine, based on a risk tolerance intent related to execution of an application on a compute node, whether execution of a software-implemented operator requires a trust evaluation; and in response to determining that the software-implemented operator requires the trust evaluation: obtain a reputation score of the software-implemented operator; determine a minimum reputation score from the risk tolerance intent; compare the reputation score of the software-implemented operator to the minimum reputation score; and reject or permit execution of the software-implemented operator based on the comparison
-
公开(公告)号:US20220113914A1
公开(公告)日:2022-04-14
申请号:US17560945
申请日:2021-12-23
IPC分类号: G06F3/06 , G06F12/02 , G06F12/0888
摘要: Systems and techniques for storage-class memory device including a network interface are described herein. A write for a network communication is received by the host interface of the memory device. Here, the network communication includes a header. The header is written to a non-volatile storage array managed by a memory controller. A network command is detected by the memory device. Here, the network command includes a pointer to the header in the non-volatile storage array. The header is retrieved from the non-volatile storage array and a packet based on the header is transmitted via a network interface of the memory controller.
-
公开(公告)号:US20210314365A1
公开(公告)日:2021-10-07
申请号:US17351004
申请日:2021-06-17
申请人: Ned M. Smith , Jose Benchimol , Andrew Draper
发明人: Ned M. Smith , Jose Benchimol , Andrew Draper
摘要: Various examples of device and system implementations and methods for performing end-to-end attestation operations for multi-layer hardware devices are disclosed. In an example, attestation operations are performed by a verifier, including: obtaining layered attestation evidence regarding a state of a compute device, with the layered attestation evidence including attesting evidence provided from a second hardware layer of the compute device, such that the attesting evidence provided from the second hardware layer is generated from attesting evidence provided from a first hardware layer of the compute device to the second hardware layer of the compute device; obtaining endorsement information relating to the layered attestation evidence for the state of the compute device; determining an appraisal policy for performing attestation of the compute device from the layered attestation evidence; and applying the appraisal policy and the endorsement information to the layered attestation evidence, to perform attestation of the compute device.
-
公开(公告)号:US20210152543A1
公开(公告)日:2021-05-20
申请号:US17127852
申请日:2020-12-18
摘要: Systems and techniques for automatic escalation of trust credentials are described herein. Requestor data may be received that describes workloads of a requestor. A set of trust credentials may be determined by using an escalation prediction model to evaluate the requestor data. The multi-access token may be assembled from the set of trust credentials. The multi-access token may be transmitted to an information provider to fulfill a request of a requestor.
-
-
-
-
-
-
-
-
-
搜索结果
200 条记录 (耗时 0.043 秒)