公开(公告)号：US20120017011A1

公开(公告)日：2012-01-19

申请号：US12836341

申请日：2010-07-14

申请人： David A. Edwards ,  Eng Hun Ooi ,  Venkat R. Gokulrangan ,  Hormuzd M. Khosravi ,  Chai Huat Gan

发明人： David A. Edwards ,  Eng Hun Ooi ,  Venkat R. Gokulrangan ,  Hormuzd M. Khosravi ,  Chai Huat Gan

IPC分类号： G06F3/00

CPC分类号： G06F3/0604 ,  G06F3/0617 ,  G06F3/0659 ,  G06F3/067

摘要： A method, apparatus, system, and computer program product for enabling out-of-band access to storage devices through port-sharing hardware. Providing out-of-band access to storage devices enables system management functions to be performed when an operating system is non-functional as well as when the operating system is active. Storage commands originating with a management service can be interleaved with storage commands issued by the host operating system. The host operating system maintains ownership and control over its storage devices, but management activities can be performed while the host operating system is operational.

摘要翻译： 一种用于通过端口共享硬件对存储设备进行带外访问的方法，装置，系统和计算机程序产品。 提供对存储设备的带外访问可使系统管理功能在操作系统不起作用以及操作系统处于活动状态时执行。 源自管理服务的存储命令可以与主机操作系统发出的存储命令交错。 主机操作系统维护对其存储设备的所有权和控制权，但是可以在主机操作系统运行时执行管理活动。

公开(公告)号：US20110078791A1

公开(公告)日：2011-03-31

申请号：US12586705

申请日：2009-09-25

申请人： Gyan Prakash ,  Saurabh Dadu ,  Hormuzd M. Khosravi ,  Mousumi M. Hazra

发明人： Gyan Prakash ,  Saurabh Dadu ,  Hormuzd M. Khosravi ,  Mousumi M. Hazra

IPC分类号： G06F21/00 ,  G06F17/30

CPC分类号： G06F17/30265 ,  G06F21/55 ,  G06F21/56 ,  G06F21/565 ,  G06F21/567 ,  G06F2221/2105

摘要： A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system.

摘要翻译： 用于主机软件篡改检测和保护服务的方法，系统和计算机程序产品。 与主机系统的芯片组的固件实现的与主机系统的主机操作系统隔离的安全分区从主机系统获取文件元数据，并使用该文件元数据来识别第一文件以便检查 篡改。 安全分区获取第一文件的数据块，经由带外通信信道与服务通信，并使用从服务和数据块获得的信息来确定第一文件是否已被破坏。 安全分区在不调用主机系统的操作系统或文件系统的情况下获得文件元数据和第一文件的数据块。

公开(公告)号：US07865683B2

公开(公告)日：2011-01-04

申请号：US12824074

申请日：2010-06-25

申请人： David Durham ,  Ravi Sahita ,  Uday R. Savagaonkar ,  Priya Rajagopal ,  Hormuzd M. Khosravi

发明人： David Durham ,  Ravi Sahita ,  Uday R. Savagaonkar ,  Priya Rajagopal ,  Hormuzd M. Khosravi

IPC分类号： G06F12/00 ,  G06F13/00 ,  G06F13/28

CPC分类号： G06F12/1491

摘要： Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.

摘要翻译： 这里通常描述用于将标识符与用于控制存储器访问的存储器位置相关联的装置，物品，方法和系统的实施例。 可以描述和要求保护其他实施例。

公开(公告)号：US20080244758A1

公开(公告)日：2008-10-02

申请号：US11694548

申请日：2007-03-30

申请人： Ravi Sahita ,  Hormuzd M. Khosravi ,  Uday Savagaonkar ,  David M. Durham

发明人： Ravi Sahita ,  Hormuzd M. Khosravi ,  Uday Savagaonkar ,  David M. Durham

IPC分类号： G06F1/26 ,  G06F9/26

CPC分类号： G06F21/6218 ,  G06F21/57 ,  G06F21/70

摘要： An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified.

摘要翻译： 本文描述了保护一个或多个硬件设备免受未经授权的软件访问的装置，并且在一个实施例中包括虚拟机管理器，存储器保护模块和完整性测量管理器。 在另一实施例中，提供对一个或多个硬件设备的安全访问的方法可以包括：修改页表，验证设备驱动程序的完整性，以及如果设备驱动程序被验证，则向设备驱动程序提供存储器保护。

公开(公告)号：US07428219B2

公开(公告)日：2008-09-23

申请号：US10789402

申请日：2004-02-27

申请人： Hormuzd M. Khosravi

发明人： Hormuzd M. Khosravi

IPC分类号： H04L12/28

CPC分类号： H04L69/163 ,  H04L69/16 ,  H04L69/168 ,  H04L69/24

摘要： A network element comprises a control element (CE), a plurality of forwarding element (FEs) and an interconnect in communication with said CE and at least one of said FEs. Communication across the interconnect between the CE and the plurality of FEs is done in accordance with a protocol that includes a binding phase used to provide a data channel between the CE and a first one of the FEs. The binding phase is further used to provide a control channel between the CE and the first one of the FEs, the control channel used to transport control and configuration messages. The control channel is separate from the data channel. The protocol also includes a capability discovery phase, a configuration operation phase and an unbind phase executed between the CE and the FE.

摘要翻译： 网络元件包括控制元件（CE），多个转发元件（FE）和与所述CE和所述FE中的至少一个通信的互连。 通过CE和多个FE之间的互连的通信根据包括用于在CE和第一个FE之间提供数据信道的绑定阶段的协议完成。 绑定阶段进一步用于提供CE与第一个FE之间的控制信道，用于传输控制和配置消息的控制信道。 控制通道与数据通道分开。 该协议还包括在CE和FE之间执行的能力发现阶段，配置操作阶段和解除绑定阶段。

公开(公告)号：US20080083030A1

公开(公告)日：2008-04-03

申请号：US11540373

申请日：2006-09-29

申请人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

发明人： David M. Durham ,  Hormuzd M. Khosravi ,  Travis Schluessler ,  Ravi Sahita ,  Uday R. Savagaonkar

IPC分类号： G06F12/14

CPC分类号： G06F8/656

摘要： Methods and apparatuses enable in-memory patching of a program loaded in volatile memory. A service processor identifies a program to be patched and an associated patch for the program. The patch is loaded into memory, including applying relocation fix-ups to the patch. The service processor directs the program to the patch in place of the segment of the program to be patched. The program implements the patch while maintaining program state, and without suspending execution of the program.

摘要翻译： 方法和装置使得能够在加载在易失性存储器中的程序的内存中修补。 服务处理器识别要修补的程序和程序的相关修补程序。 修补程序加载到内存中，包括将修补程序应用于修补程序。 服务处理器将程序引导到补丁代替要修补的程序的段。 该程序在维护程序状态的同时实现补丁，并且不会暂停程序的执行。

公开(公告)号：US09887838B2

公开(公告)日：2018-02-06

申请号：US13997412

申请日：2011-12-15

申请人： Hormuzd M. Khosravi ,  Edward C. Epp ,  Farhana Kabir

发明人： Hormuzd M. Khosravi ,  Edward C. Epp ,  Farhana Kabir

IPC分类号： H04L9/08 ,  H04L29/06

CPC分类号： H04L9/0838 ,  H04L9/0841 ,  H04L9/0861 ,  H04L63/061

摘要： A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.

公开(公告)号：US09419976B2

公开(公告)日：2016-08-16

申请号：US13976255

申请日：2011-12-22

申请人： Manish Gilani ,  Paritosh Saxena ,  Nicholas D. Triantafillou ,  Azam Barkatullah ,  Hormuzd M. Khosravi

发明人： Manish Gilani ,  Paritosh Saxena ,  Nicholas D. Triantafillou ,  Azam Barkatullah ,  Hormuzd M. Khosravi

IPC分类号： G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  G06F21/82 ,  G06F21/10

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06F21/82

摘要： Embodiments of systems, apparatuses, and methods to securely download digital rights managed content with a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an agent of the client and a storage system of the client. Furthermore, the system securely downloads the digital rights managed content to the storage system via the secure tunnel and securely provides the digital rights managed content from the storage system to a display.

摘要翻译： 描述了使用客户端安全地下载数字版权管理的内容的系统，装置和方法的实施例。 在一些实施例中，系统为客户端建立安全的信任根。 此外，该系统在客户端的代理和客户端的存储系统之间建立安全通道。 此外，系统通过安全隧道将数字权限管理的内容安全地下载到存储系统，并将数字权限管理的内容从存储系统安全地提供给显示器。

公开(公告)号：US20150195301A1

公开(公告)日：2015-07-09

申请号：US14359969

申请日：2013-11-19

申请人： Abhilasha Bhargav-Spantzel ,  John B. Vicente ,  Mohammad R. Haghighat ,  Oliver W. Chen ,  Hormuzd M. Khosravi ,  Uri Kahana

发明人： Abhilasha Bhargav-Spantzel ,  John B. Vicente ,  Mohammad R. Haghighat ,  Oliver W. Chen ,  Hormuzd M. Khosravi ,  Uri Kahana

IPC分类号： H04L29/06 ,  G06F17/30 ,  G06F3/0484

CPC分类号： H04L63/1441 ,  G06F3/0484 ,  G06F17/30864 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2105

摘要： This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.

摘要翻译： 本公开涉及上下文感知主动威胁管理系统。 通常，设备可以使用内部活动数据以及关于外部活动的数据（例如由远程资源提供）来进行威胁评估和缓解。 设备可以包括例如恶意环境检测（HED）模块来协调威胁评估和缓解。 HED模块可以从远程资源累积内部活动数据（例如，来自设备中的安全服务）和关于系统环境和/或物理环境的外部活动数据。 然后，HED模块可以基于活动数据来评估威胁，并且确定自动和/或手动缓解操作以应对威胁。 在一个实施例中，可视化特征也可以用于例如可视化对用户的威胁，可视化自动/手动缓解操作，请求关于手动缓解操作的执行的用户确认等。

公开(公告)号：US20140129827A1

公开(公告)日：2014-05-08

申请号：US13694221

申请日：2012-11-08

申请人： Hormuzd M. Khosravi ,  David A. Lee ,  Raji Srinivasa Raghavan

发明人： Hormuzd M. Khosravi ,  David A. Lee ,  Raji Srinivasa Raghavan

IPC分类号： H04L9/32 ,  H04W12/06 ,  H04L29/06

CPC分类号： H04L9/0825 ,  G06F21/123 ,  G06F21/44 ,  G06F2221/2111 ,  H04L63/0428 ,  H04L63/0485 ,  H04L63/0823 ,  H04L2463/101 ,  H04N21/2347 ,  H04N21/266 ,  H04N21/43637 ,  H04N21/4405 ,  H04N21/4623 ,  H04W4/80 ,  H04W12/02 ,  H04W12/06

摘要： A content processing integrated circuit includes a system-on-a-chip (SoC) that further includes a processor to receive an authentication request from an external device for authenticating if the SoC is permitted to receive encrypted content from the external device, and to receive the encrypted content once the SoC is authenticated. An authentication processor is provided and coupled to the processor to authenticate the SoC to the external device when the processor receives the authentication request, and to generate a decryption key for decrypting the encrypted content. A decryption processor is provided and coupled to the processor and the authentication processor to receive the decryption key from the authentication processor and to decrypt the encrypted content with the decryption key. A wireless display system with such SoC is also described. A method of implementing a secure and robust content protection in a SoC is also described.

摘要翻译： 内容处理集成电路包括芯片系统芯片（SoC），其还包括处理器，用于从外部设备接收认证请求，用于认证是否允许SoC从外部设备接收加密的内容，并且接收 一旦SoC被认证，加密的内容。 当处理器接收到认证请求时，提供认证处理器并将其耦合到处理器以对外部设备进行认证，并产生用于解密加密内容的解密密钥。 提供解密处理器并将其耦合到处理器和认证处理器以从认证处理器接收解密密钥，并用解密密钥解密加密的内容。 还描述了具有这种SoC的无线显示系统。 还描述了在SoC中实现安全和鲁棒的内容保护的方法。