公开(公告)号：US07483423B2

公开(公告)日：2009-01-27

申请号：US11096843

申请日：2005-03-30

申请人： Karanvir Grewal ,  David M. Durham

发明人： Karanvir Grewal ,  David M. Durham

IPC分类号： H04L12/56

CPC分类号： H04L63/123

摘要： Provided are a techniques for storing information in a packet. A data integrity operation is performed over one portion of the packet to calculate an integrity check value using a secret key. The data transformation operation is performed over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet.Other embodiments are described and claimed.

摘要翻译： 提供了用于在信息包中存储信息的技术。 在分组的一部分上执行数据完整性操作，以使用密钥来计算完整性校验值。 在分组的另一可选部分上执行数据变换操作，以将完整性校验值存储在分组的其他部分中，而不增加分组的大小。 描述和要求保护其他实施例。

公开(公告)号：US07463638B2

公开(公告)日：2008-12-09

申请号：US10795791

申请日：2004-03-08

申请人： David M. Durham ,  Russell J. Fenger

发明人： David M. Durham ,  Russell J. Fenger

IPC分类号： H04L12/28 ,  G06F15/16

CPC分类号： H04L45/02 ,  H04L45/48

摘要： A network route tracing system traces a path through a network and identifiesnetwork components and communications links affected by the path. According to one embodiment of the present invention, a route is traced between two hosts in a network. The network is represented as a logical tree having a plurality of nodes. Each one of the nodes corresponds to a component in the network and each non-root node has a parent node. Two nodes are identified in the logical tree. A first node corresponds to a first host and a second node corresponding to a second host. If one of the two nodes exists at a lower level of the logical tree, then a first path is traced from the first node at the lower level to the parent node at a higher level until the parent node is at a same level of the logical tree as the second node. The first path is further traced up the logical tree from the parent node and a second path is traced up the logical tree from the second node until the first path and the second path meet at a same node.

摘要翻译： 网络路由跟踪系统通过网络跟踪路径，并识别受路径影响的网络组件和通信链路。 根据本发明的一个实施例，在网络中的两个主机之间追踪路由。 网络被表示为具有多个节点的逻辑树。 每个节点对应于网络中的一个组件，每个非根节点都有一个父节点。 在逻辑树中标识两个节点。 第一节点对应于第一主机和对应于第二主机的第二节点。 如果两个节点中的一个存在于逻辑树的较低层，则将第一路径从较低级别的第一节点追溯到较高级别的父节点，直到父节点处于逻辑层的相同级别 树作为第二个节点。 第一条路径从父节点进一步跟踪逻辑树，第二条路径从第二个节点追溯到逻辑树，直到第一条路径和第二条路径在同一个节点相交。

公开(公告)号：US07254133B2

公开(公告)日：2007-08-07

申请号：US10196541

申请日：2002-07-15

申请人： Priya Govindarajan ,  David M. Durham

发明人： Priya Govindarajan ,  David M. Durham

IPC分类号： H04L12/28

CPC分类号： H04L63/1458 ,  H04L29/06 ,  H04L69/16 ,  H04L69/163

摘要： Denial of service type attacks are attacks where the nature of a system used to establish communication sessions is exploited to prevent the establishment of sessions. For example, to establish a Transmission Control Protocol (TCP)/Internet Protocol (IP) communication session, a three-way handshake is performed between communication endpoints. When a connection request is received, resources are allocated towards establishing the communication session. Malicious entities can attack the handshake by repeatedly only partially completing the handshake, causing the receiving endpoint to run out of resources for allocating towards establishing sessions, thus preventing legitimate connections. Illustrated embodiments overcome such attacks by delaying allocating resources until after the three-way handshake is successfully completed.

摘要翻译： 拒绝服务类型攻击是攻击，其中用于建立通信会话的系统的性质被利用来阻止建立会话。 例如，为了建立传输控制协议（TCP）/因特网协议（IP）通信会话，在通信端点之间执行三次握手。 当接收到连接请求时，分配资源来建立通信会话。 恶意实体可以通过重复仅部分完成握手来攻击握手，导致接收端点用尽资源以分配建立会话，从而防止合法连接。 示例性实施例通过延迟分配资源来克服这种攻击，直到三次握手成功完成。

公开(公告)号：US07194556B2

公开(公告)日：2007-03-20

申请号：US09823070

申请日：2001-03-30

申请人： Priya Rajagopal ,  David M. Durham

发明人： Priya Rajagopal ,  David M. Durham

IPC分类号： G06F15/16

CPC分类号： G06F1/12

摘要： A method and apparatus are provided that allow processing engines to be synchronized to each other with high accuracy. In one embodiment, the invention includes obtaining a processor tick counter value from a first processing engine, comparing the obtained processor tick counter value to a processor tick counter value from a second processing engine and determining a timing offset for synchronizing the first processing engine and the second processing engine using the comparison. The invention may further include obtaining a processor tick counter value by sending a request message from the second processing engine to the first processing engine, and receiving a reply from the first processing engine at the second processing engine. The processor tick counter value at the second processing engine can be determined by recording the time at which the request message is sent and by recording the time at which the reply is received. The invention can further include obtaining a processor frequency from the first processing engine, obtaining a processor frequency from the second processing engine and correcting the timing offset for any difference between the first processing engine frequency and the second processing engine frequency.

摘要翻译： 提供了一种方法和装置，其允许处理引擎以高精度彼此同步。 在一个实施例中，本发明包括从第一处理引擎获得处理器刻度计数器值，将得到的处理器刻度计数值与来自第二处理引擎的处理器刻度计数器值进行比较，并确定用于使第一处理引擎和 第二处理引擎使用比较。 本发明还可以包括通过从第二处理引擎向第一处理引擎发送请求消息并且在第二处理引擎处接收来自第一处理引擎的回复来获得处理器计数值。 可以通过记录发送请求消息的时间并记录回复的时间来确定第二处理引擎处理器计数器值。 本发明还可以包括从第一处理引擎获得处理器频率，从第二处理引擎获得处理器频率，并且校正第一处理引擎频率和第二处理引擎频率之间的差异的定时偏移。

公开(公告)号：US20220014356A1

公开(公告)日：2022-01-13

申请号：US17485146

申请日：2021-09-24

申请人： David M. Durham ,  Siddhartha Chhabra

发明人： David M. Durham ,  Siddhartha Chhabra

IPC分类号： H04L9/08 ,  G06F9/455

摘要： In one embodiment, an apparatus includes a processor comprising at least one core to execute instructions of a plurality of virtual machines (VMs) and a virtual machine monitor (VMM), and a cryptographic engine to protect data associated with the plurality of VMs through use of a plurality of private keys and a trusted transformer key, where each of the plurality of private keys are to protect program instructions and data of a respective VM and the trusted transformer key is to protect management structure data for the plurality of VMs. The processor is further to provide, to the VMM, read and write access to the management structure data through an untrusted transformer key

公开(公告)号：US20190095350A1

公开(公告)日：2019-03-28

申请号：US15714217

申请日：2017-09-25

申请人： David M. Durham ,  Siddhartha Chhabra ,  Amy L. Santoni ,  Gilbert Neiger ,  Barry E. Huntley ,  Hormuzd M. Khosravi ,  Baiju V. Patel ,  Ravi L. Sahita ,  Gideon Gerzon ,  Ido Ouziel ,  Ioannis T. Schoinas ,  Rajesh M. Sankaran

发明人： David M. Durham ,  Siddhartha Chhabra ,  Amy L. Santoni ,  Gilbert Neiger ,  Barry E. Huntley ,  Hormuzd M. Khosravi ,  Baiju V. Patel ,  Ravi L. Sahita ,  Gideon Gerzon ,  Ido Ouziel ,  Ioannis T. Schoinas ,  Rajesh M. Sankaran

IPC分类号： G06F12/14 ,  G06F21/60 ,  G06F21/82 ,  G06F3/06

摘要： In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.

公开(公告)号：US20170185529A1

公开(公告)日：2017-06-29

申请号：US14998323

申请日：2015-12-24

申请人： Siddhartha Chhabra ,  David M. Durham

发明人： Siddhartha Chhabra ,  David M. Durham

IPC分类号： G06F12/14 ,  G06F12/08 ,  G06F3/06

CPC分类号： G06F3/0685 ,  G06F3/0623 ,  G06F3/0661 ,  G06F12/023 ,  G06F12/1408 ,  G06F12/145 ,  G06F21/602 ,  G06F21/82 ,  G06F2212/1052 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2212/60

摘要： Various embodiments are generally directed to techniques for encrypting stored data. An apparatus includes a processor component comprising a cache that comprises a cache line to store a first block of data corresponding to a second block of encrypted data stored within a storage; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store metadata associated with generation of the second block of encrypted data from the first block in response to eviction of the first block from the cache line; and an encrypter to encrypt the compressed data within the first block to generate the encrypted data within the second block and to store encryption metadata associated with encrypting the compressed data within the second block as a portion of the metadata associated with the generation of the second block.

公开(公告)号：US20160378687A1

公开(公告)日：2016-12-29

申请号：US14750664

申请日：2015-06-25

申请人： David M. Durham ,  Siddhartha Chhabra ,  Men Long ,  Eugene M. Kishinevsky

发明人： David M. Durham ,  Siddhartha Chhabra ,  Men Long ,  Eugene M. Kishinevsky

IPC分类号： G06F12/14 ,  H04L9/32 ,  G06F12/08

CPC分类号： G06F12/1408 ,  G06F12/0864 ,  G06F12/0875 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2212/60 ,  H04L9/0637 ,  H04L9/0643 ,  H04L9/3242 ,  H04L9/3247

摘要： Technologies for memory encryption include a computing device to generate a keyed hash of a data line based on a statistical counter value and a memory address to which to write the data line and to store the keyed hash to a cache line. The statistical counter value has a reference probability of incrementing at each write operation. The cache line includes a plurality of keyed hashes and each of the keyed hashes corresponds with a different data line. The computing device further encrypts the data line based on the keyed hash, the memory address, and the statistical counter value.

摘要翻译： 用于存储器加密的技术包括计算设备，用于基于统计计数​​器值和存储器地址生成数据线的密钥哈希，用于写入数据线并将密钥散列存储到高速缓存行。 统计计数器值在每次写入操作时具有递增的参考概率。 高速缓存线包括多个键控哈希，并且每个键控哈希对应于不同的数据线。 计算设备还基于密钥哈希，存储器地址和统计计数器值对数据线进行加密。

公开(公告)号：US09390031B2

公开(公告)日：2016-07-12

申请号：US11323446

申请日：2005-12-30

申请人： David M. Durham ,  Ravi L. Sahita ,  Dylan C. Larson ,  Rajendra S. Yavatkar

发明人： David M. Durham ,  Ravi L. Sahita ,  Dylan C. Larson ,  Rajendra S. Yavatkar

IPC分类号： G06F12/14 ,  G06F21/74 ,  G06F21/79

CPC分类号： G06F12/1475 ,  G06F12/1491 ,  G06F21/74 ,  G06F21/79

摘要： Apparatuses and methods for page coloring to associate memory pages with programs are disclosed. In one embodiment, an apparatus includes a paging unit and an interface to access a memory. The paging unit includes translation logic and comparison logic. The translation logic is to translate a first address to a second address. The first address is to be provided by an instruction stored in a first page in the memory. The translation is based on an entry in a data structure, and the entry is to include a base address of a second page in the memory including the second address. The comparison logic is to compare the color of the first page to the color of the second page. The color of the first page is to indicate association of the first page with a first program including the first instruction. The data structure entry is also to include the color of the second page to indicate association of the second page with the first program or a second program.

摘要翻译： 公开了用于将内存页与程序相关联的页着色的装置和方法。 在一个实施例中，一种装置包括寻呼单元和用于访问存储器的接口。 寻呼单元包括翻译逻辑和比较逻辑。 翻译逻辑是将第一个地址转换为第二个地址。 第一个地址由存储在第一页的指令提供。 翻译是基于数据结构中的条目，并且该条目是在包括第二地址的存储器中包括第二页的基地址。 比较逻辑是将第一页的颜色与第二页的颜色进行比较。 第一页的颜色是指示第一页与包括第一指令的第一程序的关联。 数据结构条目还包括第二页的颜色以指示第二页与第一程序或第二程序的关联。

公开(公告)号：US20160094552A1

公开(公告)日：2016-03-31

申请号：US14498521

申请日：2014-09-26

申请人： David M. Durham ,  Baiju V. Patel

发明人： David M. Durham ,  Baiju V. Patel

IPC分类号： H04L29/06

CPC分类号： G06F21/00 ,  G06F21/52

摘要： A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.

摘要翻译： 计算设备包括用于保护由处理器使用以控制程序的执行流程的返回地址的技术。 计算设备使用加密算法以将返回地址绑定到堆栈中的位置的方式为返回地址提供安全性。