公开(公告)号：US20080244758A1

公开(公告)日：2008-10-02

申请号：US11694548

申请日：2007-03-30

申请人： Ravi Sahita ,  Hormuzd M. Khosravi ,  Uday Savagaonkar ,  David M. Durham

发明人： Ravi Sahita ,  Hormuzd M. Khosravi ,  Uday Savagaonkar ,  David M. Durham

IPC分类号： G06F1/26 ,  G06F9/26

CPC分类号： G06F21/6218 ,  G06F21/57 ,  G06F21/70

摘要： An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.

摘要翻译： 本文描述了保护一个或多个硬件设备免受未经授权的软件访问的装置，并且在一个实施例中包括虚拟机管理器，存储器保护模块和完整性测量管理器。 在另一实施例中，提供对一个或多个硬件设备的安全访问的方法可以包括：修改页表，验证设备驱动程序的完整性，以及如果设备驱动程序被验证，则向设备驱动程序提供存储器保护。

公开(公告)号：US07428219B2

公开(公告)日：2008-09-23

申请号：US10789402

申请日：2004-02-27

申请人： Hormuzd M. Khosravi

发明人： Hormuzd M. Khosravi

IPC分类号： H04L12/28

CPC分类号： H04L69/163 ,  H04L69/16 ,  H04L69/168 ,  H04L69/24

摘要： A network element comprises a control element (CE), a plurality of forwarding element (FEs) and an interconnect in communication with said CE and at least one of said FEs. Communication across the interconnect between the CE and the plurality of FEs is done in accordance with a protocol that includes a binding phase used to provide a data channel between the CE and a first one of the FEs. The binding phase is further used to provide a control channel between the CE and the first one of the FEs, the control channel used to transport control and configuration messages. The control channel is separate from the data channel. The protocol also includes a capability discovery phase, a configuration operation phase and an unbind phase executed between the CE and the FE.

摘要翻译： 网络元件包括控制元件（CE），多个转发元件（FE）和与所述CE和所述FE中的至少一个通信的互连。 通过CE和多个FE之间的互连的通信根据包括用于在CE和第一个FE之间提供数据信道的绑定阶段的协议完成。 绑定阶段进一步用于提供CE与第一个FE之间的控制信道，用于传输控制和配置消息的控制信道。 控制通道与数据通道分开。 该协议还包括在CE和FE之间执行的能力发现阶段，配置操作阶段和解除绑定阶段。

公开(公告)号：US20080083030A1

公开(公告)日：2008-04-03

申请号：US11540373

申请日：2006-09-29

申请人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

发明人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

IPC分类号： G06F12/14

CPC分类号： G06F8/656

摘要： Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.

摘要翻译： 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中，包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁，并且不会暂停程序的执行。

公开(公告)号：US09887838B2

公开(公告)日：2018-02-06

申请号：US13997412

申请日：2011-12-15

申请人： Hormuzd M. Khosravi ,  Edward C. Epp ,  Farhana Kabir

发明人： Hormuzd M. Khosravi ,  Edward C. Epp ,  Farhana Kabir

IPC分类号： H04L9/08 ,  H04L29/06

CPC分类号： H04L9/0838 ,  H04L9/0841 ,  H04L9/0861 ,  H04L63/061

摘要： A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.

公开(公告)号：US20170094510A1

公开(公告)日：2017-03-30

申请号：US14866903

申请日：2015-09-26

申请人： Hormuzd M. Khosravi ,  David A. Bronleewe ,  Khaled Almahallawy ,  Ned M. Smith

发明人： Hormuzd M. Khosravi ,  David A. Bronleewe ,  Khaled Almahallawy ,  Ned M. Smith

IPC分类号： H04W12/06 ,  H04L29/06 ,  G06F21/32

CPC分类号： H04W12/06 ,  G06F21/32 ,  G06F21/72 ,  G06F21/78 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/0861 ,  H04L2463/082 ,  H04W12/0608

摘要： Technologies for authenticating a user and a mobile computing device of the user at an authentication computing device include generating, at the authentication computing device, a multi-factor authentication credential that includes a text-based credential and a plurality of biometric authentication factors corresponding to the user. The mobile computing device is configured to detect whether the authentication computing device is within proximity of the mobile computing device and establish a secure communication channel therebetween. The mobile computing device is further configured to securely store the multi-factor authentication credential received from the authentication computing device. The authentication computing device is configured to receive the multi-factor authentication credential from the mobile computing device and analyze the received multi-factor authentication credential to determine whether the user is an authorized user of the authentication computing device and take an action based on a result of the analysis. Other embodiments are described and claimed.

公开(公告)号：US09419976B2

公开(公告)日：2016-08-16

申请号：US13976255

申请日：2011-12-22

申请人： Manish Gilani ,  Paritosh Saxena ,  Nicholas D. Triantafillou ,  Azam Barkatullah ,  Hormuzd M. Khosravi

发明人： Manish Gilani ,  Paritosh Saxena ,  Nicholas D. Triantafillou ,  Azam Barkatullah ,  Hormuzd M. Khosravi

IPC分类号： G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  G06F21/82 ,  G06F21/10

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06F21/82

摘要： Embodiments of systems, apparatuses, and methods to securely download digital rights managed content with a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an agent of the client and a storage system of the client. Furthermore, the system securely downloads the digital rights managed content to the storage system via the secure tunnel and securely provides the digital rights managed content from the storage system to a display.

摘要翻译： 描述了使用客户端安全地下载数字版权管理的内容的系统，装置和方法的实施例。 在一些实施例中，系统为客户端建立安全的信任根。 此外，该系统在客户端的代理和客户端的存储系统之间建立安全通道。 此外，系统通过安全隧道将数字权限管理的内容安全地下载到存储系统，并将数字权限管理的内容从存储系统安全地提供给显示器。

公开(公告)号：US20140281468A1

公开(公告)日：2014-09-18

申请号：US14272584

申请日：2014-05-08

申请人： Hormuzd M. Khosravi ,  Ajith K. Illendula ,  Ned M. Smith ,  Yasser Rasheed ,  Tracy L. Zenti ,  Bryan K. Jorgensen

发明人： Hormuzd M. Khosravi ,  Ajith K. Illendula ,  Ned M. Smith ,  Yasser Rasheed ,  Tracy L. Zenti ,  Bryan K. Jorgensen

IPC分类号： G06F9/44

CPC分类号： G06F9/4416 ,  G06F13/105 ,  G06F13/4027

摘要： A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.

摘要翻译： 管理引擎可用于在引导过程期间以及其后响应于操作系统枚举来捕获配置周期。 结果，可以创建虚拟总线设备。 总线设备可用于将软件提供给平台，即使操作系统损坏或不起作用。

公开(公告)号：US20140129827A1

公开(公告)日：2014-05-08

申请号：US13694221

申请日：2012-11-08

申请人： Hormuzd M. Khosravi ,  David A. Lee ,  Raji Srinivasa Raghavan

发明人： Hormuzd M. Khosravi ,  David A. Lee ,  Raji Srinivasa Raghavan

IPC分类号： H04L9/32 ,  H04W12/06 ,  H04L29/06

CPC分类号： H04L9/0825 ,  G06F21/123 ,  G06F21/44 ,  G06F2221/2111 ,  H04L63/0428 ,  H04L63/0485 ,  H04L63/0823 ,  H04L2463/101 ,  H04N21/2347 ,  H04N21/266 ,  H04N21/43637 ,  H04N21/4405 ,  H04N21/4623 ,  H04W4/80 ,  H04W12/02 ,  H04W12/06

摘要： A content processing integrated circuit includes a system-on-a-chip (SoC) that further includes a processor to receive an authentication request from an external device for authenticating if the SoC is permitted to receive encrypted content from the external device, and to receive the encrypted content once the SoC is authenticated. An authentication processor is provided and coupled to the processor to authenticate the SoC to the external device when the processor receives the authentication request, and to generate a decryption key for decrypting the encrypted content. A decryption processor is provided and coupled to the processor and the authentication processor to receive the decryption key from the authentication processor and to decrypt the encrypted content with the decryption key. A wireless display system with such SoC is also described. A method of implementing a secure and robust content protection in a SoC is also described.

摘要翻译： 内容处理集成电路包括芯片系统芯片（SoC），其还包括处理器，用于从外部设备接收认证请求，用于认证是否允许SoC从外部设备接收加密的内容，并且接收 一旦SoC被认证，加密的内容。 当处理器接收到认证请求时，提供认证处理器并将其耦合到处理器以对外部设备进行认证，并产生用于解密加密内容的解密密钥。 提供解密处理器并将其耦合到处理器和认证处理器以从认证处理器接收解密密钥，并用解密密钥解密加密的内容。 还描述了具有这种SoC的无线显示系统。 还描述了在SoC中实现安全和鲁棒的内容保护的方法。

公开(公告)号：US08589302B2

公开(公告)日：2013-11-19

申请号：US12592605

申请日：2009-11-30

申请人： Gyan Prakash ,  Saurabh Dadu ,  Selim Aissi ,  Hormuzd M. Khosravi ,  Duncan Glendinning ,  Cris Rhodes

发明人： Gyan Prakash ,  Saurabh Dadu ,  Selim Aissi ,  Hormuzd M. Khosravi ,  Duncan Glendinning ,  Cris Rhodes

IPC分类号： G06Q99/00

CPC分类号： G06F8/65 ,  G06F9/24 ,  G06F21/572 ,  G06Q10/00

摘要： A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

摘要翻译： 一种用于自动化模块化和安全启动固件更新的方法，设备，系统和计算机程序产品。 在系统的安全分区中接收更新的引导固件代码模块，该更新的引导固件代码模块用于替换系统的一个原始引导固件代码模块。 只有一个原始引导固件代码模块将自动替换为更新的引导固件代码模块。 当系统下次启动时，更新的引导固件代码模块将自动执行与系统的多个引导固件代码模块，而无需用户干预。 可以将更新的引导固件代码模块写入固件卷的更新分区，其中当系统引导时，固件卷的更新分区与包含多个引导固件代码模块的固件卷的另一个分区一起读取。

公开(公告)号：US20130283383A1

公开(公告)日：2013-10-24

申请号：US13919609

申请日：2013-06-17

申请人： Hormuzd M. Khosravi ,  Venkat R. Gokulrangan ,  Yasser Rasheed ,  Men Long

发明人： Hormuzd M. Khosravi ,  Venkat R. Gokulrangan ,  Yasser Rasheed ,  Men Long

IPC分类号： G06F21/56

CPC分类号： G06F21/561 ,  G06F21/51 ,  G06F21/56 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/034 ,  G06F2221/2101 ,  G06F2221/2105

摘要： A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.

摘要翻译： 支持验证输入输出设备内容的平台。 该平台包括可以验证I / O设备内容的平台硬件。 即使在I / O设备的内容暴露于由主机支持的操作系统之前，平台硬件也可以包括用于验证I / O设备的内容的诸如可管理性引擎和验证引擎的组件。 如果验证过程指示I / O设备的内容包括感染部分，则平台组件可以删除I / O设备的内容的被感染部分。